Re: [exim] TLS client disconnected cleanly (rejected ourcer…

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] TLS client disconnected cleanly (rejected ourcertificate?) - intermediate ssl certificate problem?
W B Hacker wrote:

Disregard last - Brain Fart - tested his posting address.

Here is a run at postmaster@???

No cert complaint not even one mentioned, but blocked for lack of smtp auth.

Bit unusual to require that of 'postmaster@', but I'll presume a bespoke
relay-only box, or simply still under construction?

====

2011-05-27 08:50:36 [10781] 1QPskZ-0004aY-Rn **
postmaster@??? F=<wbh@???> P=<wbh@???>
R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT
TO:<postmaster@???>: host smtp.arm.beep.pl [193.239.44.82]:
550 SMTP AUTH is required here / Autoryzacja SMTP jest wymagana

2011-05-27 08:50:36 [5340] 1QPske-0001O8-UY <= <> R=1QPskZ-0004aY-Rn
U=_exim P=local S=4277 T="Mail delivery failed: returning message to
sender" from <> for wbh@???

====


> Arkadiusz Miskiewicz wrote:
>> On Monday 23 of May 2011, Heiko Schlittermann wrote:
>>> Arkadiusz Miskiewicz<arekm@???> (Mon May 23 10:52:11 2011):
>>>> I've replaced rapidssl cert recently with new one. rapidssl started to
>>>> use intermediate certificate. Unfortunately I'm getting in smtp server
>>>> logs (exim 4.76):
>>>>
>>>> (SSL_accept): error:14094412:SSL routines:SSL3_READ_BYTES:sslv3
>>>> alert bad
>>>> certificate
>>>> 2011-05-23 10:42:57 TLS client disconnected cleanly (rejected our
>>>> certificate?)
>>>>
>>>> tls_certificate points to a file which contains 3 certificates:
>>>>
>>>> - cert for my domain issued by: Issuer: C=US, O=GeoTrust, Inc.,
>>>> CN=RapidSSL CA
>>>>
>>>> - intermediate cert:
>>>> Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
>>>> Subject: C=US, O=GeoTrust, Inc., CN=RapidSSL CA
>>>>
>>>> - third cert:
>>>> Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
>>>> Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
>>>>
>>>> in exactly that order.
>>>>
>>>> tls_privatekey points to a file with private key.
>>>>
>>>> The question is why "alert bad certificate" comes up if everything
>>>> looks
>>>> fine, all intermediate certs are provided etc?
>>
>>>
>>> May be you can tell us how to connect the server you're talking
>>> about, some
>>> of the problems can be detected from outside.
>>
>> It's smtp-arm.beep.pl
>>
>
> Arkadiusz,
>
> Just sent this post back with an extra line or so.
>
> Worked OK to *port 25* from Hong Kong, Exim 4.73 on OpenBSD 4.9 with log
> entry of:
>
> 2011-05-27 08:38:19 [16457] 1QPsYZ-0007YO-O5 => arekm@???
> F=<wbh@???> P=<wbh@???> R=dnslookup T=remote_smtp
> S=2172 H=mx01.agnat.pl [193.239.44.65]:25 X=TLSv1:DHE-RSA-AES256-SHA:256
> CV=no DN="/C=PL/O=*.agnat.eu/OU=GT03137972/OU=See
> www.rapidssl.com/resources/cps (c)07/OU=Domain Control Validated -
> RapidSSL(R)/CN=*.agnat.eu" C="250 OK id=1QPsYi-00087O-4A" QT=12s DT=10s
>
> Is the problem unique to your Exim - to what you are using to test the
> connection with - or to a different submssion port, and if the last -
> can you use simply the same cert that seems to work OK on port 25?
>
> HTH,
>
> Bill Hacker
>
>
>
>



--
韓家標