> On 24 Nov. 2016, at 02:18, Tristan <[email protected]> wrote: > > Relay=smtpin.rzone.de > > Client CN is *.smtp.rzone.de > > Maybe just a syntax error using smtpin instead of smtp?
No, smtpin.rzone.de is the correct MX for gieselbusch.de, it's exactly what sendmail should be using to forward to any address at that domain: $ dig MX gieselbusch.de ; <<>> DiG 9.8.3-P1 <<>> MX gieselbusch.de ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5602 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;gieselbusch.de. IN MX ;; ANSWER SECTION: gieselbusch.de. 150 IN MX 5 smtpin.rzone.de. ;; ADDITIONAL SECTION: smtpin.rzone.de. 1724 IN A 81.169.145.97 Tim > > > On Nov 23, 2016 2:06 AM, "teor" <[email protected]> wrote: > > > On 23 Nov. 2016, at 18:25, Berta Gieselbusch <[email protected]> wrote: > > > > Good morning, > > > > > > I've setup my first relay. Until now everything seems to be working > > fine, but I keep getting mails from logcheck I don't know how to deal with. > > > > The reported errors are: > > > > "sm-mta[15148]: STARTTLS=client, relay=smtpin.rzone.de., > > version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, > > bits=256/256". > > Hi Berta, > > This mail you just sent came from: > > Received: from mo6-p00-ob.smtp.rzone.de (mo6-p00-ob.smtp.rzone.de > [IPv6:2a01:238:20a:202:5300::8]) > (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) > (Client CN "*.smtp.rzone.de", Issuer "TeleSec ServerPass DE-2" (not > verified)) > > Do you forward mail from your relay to an account on the same email > provider? (Do you forward to the same email address you sent this > mail from?) > > If so, then it looks like your email provider has its TLS misconfigured. > (It looks to me like they don't return any certificates at all.) > > Here are the certificates in question: > https://www.telesec.de/en/serverpass-en/support/download-area/category/74-telesec-serverpass-de-2 > > It appears that compatibility with sendmail is not a priority: > https://www.telesec.de/en/serverpass-en/support/root-compatibility > > Or perhaps TLS is misconfigured on your sendmail instance. > > Or there's some kind of certificate chain error, where your server does > not believe the root certificate that signed the smtp.rzone.de > certificate. > > In any case, it's nothing to do with Tor. > > T > > -- > Tim Wilson-Brown (teor) > > teor2345 at gmail dot com > PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B > ricochet:ekmygaiu4rzgsk6n > xmpp: teor at torproject dot org > ------------------------------------------------------------------------ > > > > _______________________________________________ > tor-relays mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > _______________________________________________ > tor-relays mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------ _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
