triligon.to, on 203.194.153.83 has a mirror-image copy of the
Exim install on conducive.org, 203.194.153.81
*including the same TLS certs*, but is not a secondary MX in the
conventional sense.
Rather, it is a 'hot standby'.
'normally' it simply sits idle, sending out the daily cron-job
status reports (above).
IF/AS/WHEN the primary MX goes offline, this one does an IP
takeover, and 'becomes' the primary MX. Hence the rational for
identical SMTP and IMAP certs (and everything else - DB,
rsynced mail storage, etc.)
I believe(d) that the above error was because the cert(s)
offered are:
A) identical at both ends
B) reflect the IP of the 'on duty' box at both ends, not
triligon.to's 'standby' IP.
- but, oddly, swapping in a different cert with the 'current'
IP, and restarting Exim (even after a 'killall') did not change
the above error.
SSL/SSH rev and OS rev (FreeBSD 6.1 AMD-64) are the same at both
ends, as is hardware. The only difference is Maxtor drives (hot)
on one and Western Digital (barely warm) on the other.
A 'grep' finds a few - but *very* few - 'outsiders' getting the
same error, i.e. only 3 such in 7 months: My own laptop via
cable broadband, a friend's Mailman server, and one 'stranger'
with different return codes and a smidgen of extra info:
=================================================================
2006-06-01 04:11:37 TLS error on connection from
[202.64.125.135]:34069 (SSL_accept): error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
