On Thu, Jun 22, 2017 at 11:46:44PM +0100, Jeremy Harris wrote:
> > Now, receiving from a yahoo user (from a mobile device, I think) results
> > always in this:
> >
> > 2017-06-21 22:23:56 SMTP connection from [66.163.186.85]:34461 (TCP/IP connection count = 1)
> > 2017-06-21 22:23:59 TLS error on connection from
> > sonic318-23.consmr.mail.ne1.yahoo.com [66.163.186.85]:34461 (gnutls_handshake):\
> > A TLS fatal alert has been received.
That particular set of Yahoo MTAs have brain-dead implementations
of opportunistic TLS. They refuse to do TLS when the certificate
fails to verify (want "more" security???) and so abort the TLS
handshake only to retry in cleartext (get no security).
> We can't tell from that info why the first connection had a problem
> except tat it was TLS-related.
See above. Typically there's also a TLS "alert" from the client
telling the server that the certificate is not good enough. Don't
know whether Exim+GnuTLS logs TLS alerts. This issue has been
posted a few times on the "postfix-users" list.
--
Viktor.
