|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Gerard (postfix.user
yahoo.com)
Date: Tue Sep 08 2009 - 10:37:56 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I have 'tls' working fine, except for on site. While the mail is still
sent correctly, I am wondering why I have this warning message in the
logs:
<snip>
Sep 8 11:27:00 scorpio postfix/smtp[88433]: initializing the client-side TLS engine
Sep 8 11:27:02 scorpio postfix/smtp[88433]: setting up TLS connection to smtp.cesmail.net[64.88.168.93]:25
Sep 8 11:27:02 scorpio postfix/smtp[88433]: smtp.cesmail.net[64.88.168.93]:25: TLS cipher list "ALL:+RC4:STRENGTH"
Sep 8 11:27:02 scorpio postfix/smtp[88433]: looking for session smtp:64.88.168.93:25:smtprelay1.cesmail.net&p=1&c=ALL:+RC4:STRENGTH in smtp cache
Sep 8 11:27:02 scorpio postfix/smtp[88433]: SSL_connect:before/connect initialization
Sep 8 11:27:02 scorpio postfix/smtp[88433]: SSL_connect:SSLv2/v3 write client hello A
Sep 8 11:27:02 scorpio postfix/smtp[88433]: SSL_connect:SSLv3 read server hello A
Sep 8 11:27:02 scorpio postfix/smtp[88433]: SSL_connect:SSLv3 read server key exchange A
Sep 8 11:27:02 scorpio postfix/smtp[88433]: SSL_connect:SSLv3 read server done A
Sep 8 11:27:02 scorpio postfix/smtp[88433]: SSL_connect:SSLv3 write client key exchange A
Sep 8 11:27:02 scorpio postfix/smtp[88433]: SSL_connect:SSLv3 write change cipher spec A
Sep 8 11:27:02 scorpio postfix/smtp[88433]: SSL_connect:SSLv3 write finished A
Sep 8 11:27:02 scorpio postfix/smtp[88433]: SSL_connect:SSLv3 flush data
Sep 8 11:27:06 scorpio postfix/smtp[88433]: SSL_connect:SSLv3 read finished A
Sep 8 11:27:06 scorpio postfix/smtp[88433]: save session smtp:64.88.168.93:25:smtprelay1.cesmail.net&p=1&c=ALL:+RC4:STRENGTH to smtp cache
Sep 8 11:27:06 scorpio postfix/smtp[88433]: Untrusted TLS connection established to smtp.cesmail.net[64.88.168.93]:25: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
<end snip>
This is the only site that produces the "Untrusted" warning. The output
of openssl s_client -connect pop.cesmail.net:995 -showcerts
$ openssl s_client -connect pop.cesmail.net:995 -showcerts
CONNECTED(00000003)
depth=3 /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=infovalicert.com
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/O=pop.spamcop.net/OU=Domain Control Validated/CN=pop.spamcop.net
i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
-----BEGIN CERTIFICATE-----
MIIE9jCCA96gAwIBAgIDQT34MA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJV
UzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UE
ChMRR29EYWRkeS5jb20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0
ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2Vj
dXJlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzAe
Fw0wNzA5MjgyMDA0MDhaFw0xMDA5MjgyMDA0MDhaMFcxGDAWBgNVBAoTD3BvcC5z
cGFtY29wLm5ldDEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRgw
FgYDVQQDEw9wb3Auc3BhbWNvcC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAL60cVewFa2FS7fKOJwQosD2J5KxWGhVKMqkMhWnIkr1XDuOKOXnl6XqCrG9
EifamolUr0+xrUpNsFV0YV9LBDQft4kIW7GqV0Yr71oGjBNUqG+hqi/1Vq1mH6zs
B41X7UpLbfqdw+ujYSnIgatOLLFkm7qaIcAJFwG3Lgjy4CvzAgMBAAGjggHZMIIB
1TAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NlcnRpZmljYXRlcy5n
b2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dvZGFkZHlleHRlbmRlZGlzc3VpbmcuY3Js
MFIGA1UdIARLMEkwRwYLYIZIAYb9bQEHFwEwODA2BggrBgEFBQcCARYqaHR0cDov
L2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5MH8GCCsGAQUFBwEB
BHMwcTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wSgYIKwYB
BQUHMAKGPmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9y
eS9nZF9pbnRlcm1lZGlhdGUuY3J0MB0GA1UdDgQWBBT/9Vt49EnPcB+ovJ9ZrkIz
oc6w9DAfBgNVHSMEGDAWgBT9rGEyk2xF1uLuhV+auud2mWjM5zAvBgNVHREEKDAm
gg9wb3Auc3BhbWNvcC5uZXSCE3d3dy5wb3Auc3BhbWNvcC5uZXQwDQYJKoZIhvcN
AQEFBQADggEBAHHZNlm7NdZ8hHefQUuFTHJM5Txot7i7t/Rf92xXs25HooIP8tx6
R1xj1Oz1z57fO2kxgPm6lnUeo7ZFXwgiBsVO/J+Ebh82+9ymueizDeVeM8QMKDm3
swUgUjQSr7TxceGaD+BwKGUfOFE2Crw9ygZa8B0UYcX2yCGAfYM223bByE0pEXKq
CIQIio2JsVAevcwDrfQe13OS+3deyyhI/JIRrpcE9s2u9Y1NCaprAc+FFqgkJdJ7
LGfVmnVRzbPoGc2SXknTBOmwJZpTAqFX/BxK+dCxogVK3IlXG4aknjSYp++HWsFU
9FLATUmIHymOAqdaK0iwoagLWam6MhT0J64=
-----END CERTIFICATE-----
1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
-----BEGIN CERTIFICATE-----
MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx
ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g
RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw
MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH
QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j
b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j
b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3H
KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm
VZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR
SgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRT
cDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ
6qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEu
MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS
kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEB
BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f
BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv
c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH
AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO
BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IG
OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU
A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o
0yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX
RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH
qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV
U+4=
-----END CERTIFICATE-----
2 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=infovalicert.com
-----BEGIN CERTIFICATE-----
MIIE+zCCBGSgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1Zh
bGlDZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu
Yy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24g
QXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAe
BgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTA0MDYyOTE3MDYyMFoX
DTI0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBE
YWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgC
ggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv
2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+q
N1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiO
r18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lN
f4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEH
U1jPEX44dMX4/7VpkI+EdOqXG68CAQOjggHhMIIB3TAdBgNVHQ4EFgQU0sSw0pHU
TBFxs2HLPaH+3ahq1OMwgdIGA1UdIwSByjCBx6GBwaSBvjCBuzEkMCIGA1UEBxMb
VmFsaUNlcnQgVmFsaWRhdGlvbiBOZXR3b3JrMRcwFQYDVQQKEw5WYWxpQ2VydCwg
SW5jLjE1MDMGA1UECxMsVmFsaUNlcnQgQ2xhc3MgMiBQb2xpY3kgVmFsaWRhdGlv
biBBdXRob3JpdHkxITAfBgNVBAMTGGh0dHA6Ly93d3cudmFsaWNlcnQuY29tLzEg
MB4GCSqGSIb3DQEJARYRaW5mb0B2YWxpY2VydC5jb22CAQEwDwYDVR0TAQH/BAUw
AwEB/zAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmdv
ZGFkZHkuY29tMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jZXJ0aWZpY2F0ZXMu
Z29kYWRkeS5jb20vcmVwb3NpdG9yeS9yb290LmNybDBLBgNVHSAERDBCMEAGBFUd
IAAwODA2BggrBgEFBQcCARYqaHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNv
bS9yZXBvc2l0b3J5MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOBgQC1
QPmnHfbq/qQaQlpE9xXUhUaJwL6e4+PrxeNYiY+Sn1eocSxI0YGyeR+sBjUZsE4O
WBsUs5iB0QQeyAfJg594RAoYC5jcdnplDQ1tgMQLARzLrUc+cb53S8wGd9D0Vmsf
SxOaFIqII6hR8INMqzW/Rn453HWkrugp++85j09VZw==
-----END CERTIFICATE-----
3 s:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=infovalicert.com
i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=infovalicert.com
-----BEGIN CERTIFICATE-----
MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy
NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY
dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9
WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS
v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v
UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu
IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC
W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd
-----END CERTIFICATE-----
---
Server certificate
subject=/O=pop.spamcop.net/OU=Domain Control Validated/CN=pop.spamcop.net
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
---
No client certificate CA names sent
---
SSL handshake has read 4721 bytes and written 340 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: 32A037327BD0C2999DEDF230D5FAC7F75EE114AF22542C66061139E66A1D024C
Session-ID-ctx:
Master-Key: 0C6A6D9AB009F8EAF08D3E7F35A0A775A5CA20AB41534FFD56DE2D352C540A89A5AA8ED2001F1690EDDF51947539EC62
Key-Arg : None
Start Time: 1252423908
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
+OK Hello there.
quit
Would the problem be because of the:
Verify return code: 19 (self signed certificate in certificate chain)
--
Gerard
postfix.useryahoo.com
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
"Just saying "no" prevents teenage pregnancy the way "Have a nice day" cures chronic depression."
Faye Wattleton
http://en.wikipedia.org/wiki/Faye_Wattleton
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]