Re: [exim] A TLS fatal alert has been received.: Insufficien…

Pàgina inicial
Delete this message
Reply to this message
Autor: Thomas Krichel
Data:  
A: Jeremy Harris
CC: Exim users list
Assumpte: Re: [exim] A TLS fatal alert has been received.: Insufficient security
Jeremy Harris via Exim-users writes
> On 11/06/2019 05:12, Thomas Krichel via Exim-users wrote:
> > I have an issue that has a similar feel to it. It's with a host of
> > Germanic providers gmx.de, gmx.at, web.de, mailbox.org ...
> >
> > 2019-03-25 09:00:08 1h8LSh-0001oy-Uy DANE attempt failed; TLS connection
> > to mx-ha03.web.de [212.227.15.17]: (certificate verification failed): TLSA
> > record problem: There was error initializing the DNS query.
>
> It'd be useful to know whether this DNS access is being done by
> Exim of by the GnuTLS library. Would it be possible to get debug
> output for a sample?


If I knew how to make this, sure. I'm trying with

cat /home/ernad/test.mail | /usr/sbin/exim4 -t -d tls > /tmp/debug_tls.out 2> /tmp/debug_tls.err

I'm posting it at

http://openlib.org/home/krichel/tls.txt

> What about a packet capture, for the same sample?


It turns out that now gmail are not taking my mail anymore since
Sunday. I become aware of this this morning. It maybe the earlier
failure is related to the current one.

One thing pretty much for sure, I have aonther server,
amorp.openlib.org, the one I am writing now from, where I have the
same exim.key and exim.crt files, same owners, same permissions,
same exim version, and I don't have a problem there.

Now I'm supposed to head out to the beach for a barbecue
when I'd rather stay in and debug this further ;-(

--

Cheers,

  Thomas Krichel                  http://openlib.org/home/krichel
                                              skype:thomaskrichel