Package: bugs.debian.org Severity: important Tags: security When sending a bug, the mail gets sent to the mx bugs-master.debian.org. The handling port 25 on that box has a tls cert with CN=buxtehude.debian.org.
AFAICT there also is no subAltName extension for bugs-master.debian.org. It seems to be a problem to establish secure connections SMTP transfer. Nov 25 10:26:02 greedo sm-mta[17032]: STARTTLS=client, error: connect failed=-1, SSL_error=5, errno=104, retry=-1 Nov 25 10:26:02 greedo sm-mta[17032]: ruleset=tls_server, arg1=SOFTWARE, relay=buxtehude.debian.org, reject=403 4.7.0 TLS handshake failed. Nov 25 10:26:02 greedo sm-mta[17032]: sALEe9rf025810: to=<[email protected]>, delay=3+18:45:52, xdelay=00:00:10, mailer=esmtp, pri=49203754, relay=buxteh. Nov 25 10:26:09 greedo sm-mta[17055]: sAP9Q64s017055: [137.116.204.56] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA4-v4 libgnutls26 : 2.12.20-8+deb7u2 0 The only workaround (for sendmail) is to add a Tls disable specifically for buxtehude in the /etc/mail/access map : Try_TLS:buxtehude.debian.org NO But it is a workaround, as the main securit is not solved by disabling security… -- System Information: Debian Release: 7.5 Architecture: armhf (armv6l) Kernel: Linux 3.12.22+ (PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
