In message <571F44C2.10307@???>, Jeremy Harris <jgh@???>
writes
>On 26/04/16 11:24, Richard Clayton wrote:
>> In message <571F2B9A.9070205@???>, Jeremy Harris
>> <jgh@???> writes
>>
>>> So much for encouraging people to actually use security.
>>
>> There's a difference between "encouragement" and subtly breaking
>> existing configurations
>
>The logged error was too subtle?
If you mean
2016-04-25 03:01:00 Warning: No server certificate defined; TLS
connections will fail. Suggested action: either install a
certificate or change tls_advertise_hosts option
that's a warning, not an error :)
If you mean the error that is logged for the delivery failure: I
generally find that my logs a bit verbose for regular reading ... I just
look at them when things break, and when most email is turning up just
fine I tend to just ignore them.
When I did realise I had a problem I found the log said
2016-04-25 00:23:00 TLS error on connection from
mrout1-b.corp.bf1.yahoo.com [98.139.253.104]:26298 (SSL_accept):
error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
2016-04-25 00:23:00 TLS client disconnected cleanly (rejected our
certificate?)
and that is indeed subtly hinting that the cert (which in my case I have
not got) is at the root of the problem ... but it's not really recording
(ie: the subtlety continues) the actually relevant event (that a 4xx has
been presented to the remote machine) the cleanliness makes it all sound
better than it is :(
- --
richard Richard Clayton
Those who would give up essential Liberty, to purchase a Benjamin
little temporary Safety, deserve neither Liberty nor Safety. Franklin
