Am 25.02.2020 16:12, schrieb Heiko Schlittermann via Exim-users:
Hi Heiko,
> Can you tell us the IP of your server? Or at least the *complete*
> response you get using openssl.
Well, here is it:
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA
Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA
Limited, CN = COMODO RSA Domain Validation Secure Server CA
verify return:1
depth=0 OU = Domain Control Validated, CN = *.queo-group.com
verify return:1
CONNECTED(00000003)
---
Certificate chain
0 s:/OU=Domain Control Validated/CN=*.queo-group.com
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO
RSA Domain Validation Secure Server CA
1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO
RSA Domain Validation Secure Server CA
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO
RSA Certification Authority
2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO
RSA Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust
External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHvDCCBqSgAwIBAgIQddBkDOuM8c+REXKIGtgFtTANBgkqhkiG9w0BAQsFADCB
kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV
BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
QTAeFw0xODEyMTQwMDAwMDBaFw0yMTAzMTMyMzU5NTlaMD4xITAfBgNVBAsTGERv
bWFpbiBDb250cm9sIFZhbGlkYXRlZDEZMBcGA1UEAwwQKi5xdWVvLWdyb3VwLmNv
bTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANNX3JjJKD45kfjhqmfb
KZqri2am/aFRJkf3/70lqNEy3QnXMDrV1wX6Qrtm1/i6JJYe6ZHsqi0MlpU6NEJ1
ZE1hcGvhe5PaQ1de58UVBHpuHsd4zzUHOYiDIayxir/kxnuBCv0wF5jCtuGhY2dR
7w0RG+AEA6jM9nboD6AcSHwQqPC79Sj6sQ0YQ3XFzMrRc5Lpd+v4P2P1iieqgH5m
4WmyrwNadQ2mnZJzkiNWOxFpylgyQWTh8FlNG9D+ioAFpoUin2CWqe4MVtxL8cmC
Cv9NX4EfvdaIeJPZZ5eqbIFqodH7X7meqmPUjGOHLe7fxzGvUA4f5g71A0rvMLWx
mqro36PBGXH/ER2GdDjA0k1tkibpo8Wh6D4W41j0964nJfH1n2cIfetQs+QZWSIp
zTrwwgPdUeAovNFjme+YJM9oeA12mdi8gyUxI81rcE+UrENeu32pLMtrcb2c2A66
/vBvoQSLd9ZZzIIl6ZeJ/b8dJDIFdOVYIOTpcBVilq8es7gPGoiv8O5Xj9CZIeSr
H4EsiU2qghU/TzoQf6ivhbtFFPRpXxt7RBtEugN5wKXnp9DSSREp9JPP5SgrpFmC
qJCPe/yhINATY1Q2BtkufJ2WpChoZJogQguAz/xhlhn7Z1/+9GZ+YyHOBUVqipCQ
/VwaiImhkBwdFb/JoA5iiIzJAgMBAAGjggNhMIIDXTAfBgNVHSMEGDAWgBSQr2o6
lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQUEDvldewn+Zzd8GwHGwdqS49veaAw
DgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYBBAGyMQECAgcwKzApBggrBgEF
BQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMwCAYGZ4EMAQIBMFQG
A1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1JT
QURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYUGCCsGAQUFBwEB
BHkwdzBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RP
UlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAkBggrBgEFBQcw
AYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMCsGA1UdEQQkMCKCECoucXVlby1n
cm91cC5jb22CDnF1ZW8tZ3JvdXAuY29tMIIBgAYKKwYBBAHWeQIEAgSCAXAEggFs
AWoAdwC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWetA2WZAAAE
AwBIMEYCIQCgMEL3IHZ0yfxBn1Iovottkv1u6+flbaSWDEmrfqchwgIhAJWra6lh
ZTdzayHr8G5NrFG/jZg2qYCF3sigCu87rUvfAHYARJRlLrDuzq/EQAfYqP4owNrm
gr7YyzG1P9MzlrW2gagAAAFnrQNn+QAABAMARzBFAiAu2nxhN6EKGm9AWmF86PTs
BlLxHRJEMYpXHk6ggeTa+gIhAOSNzAlOjEwsLS4lB295FylRsJYS3nkKbQp9ungx
dqrhAHcAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFnrQNnugAA
BAMASDBGAiEA9iQ+3OUgBOwl9p0dTPigtZrxEb0qltti6LkHlKjitgACIQDPyVh5
8NDW26QkbV7RsH0HXFW7nTFRtkF0JyItWnLo2DANBgkqhkiG9w0BAQsFAAOCAQEA
PE74ws+MYPI0qvvQOsvwenf0b4qBLxBQ2m7TCthrlVAufQ0M7d1CKS7a7E598fK+
4xa+q9DFqu5yjTXfA2IBEo6EGmDfhk8N+zjG+uKwyonoAxJ4VhTbMFBY0zqeJpev
z2R3jU02c/pzNagdcY+E4avp4nUCqzxu9/EpDeWNhPKaElvffXE14daVGNEMUgye
fYc652kyMwqR8a79JErCBVvhYPVgVpAI7EZcontWpRSttLfh1wENJQHb5OVjglxF
qXAFTiva4GRgXpqxy9WT+I7u8mUQfU0jTYABToA/Hl/41fPKKJStpBBL9Gyka4x0
ZLC0r5Us3+XlHmK/CKgaHQ==
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/CN=*.queo-group.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA
Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5703 bytes and written 302 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID:
1D94F1555F56147A027A0FC77811F6D72AD0E262BCFFD83454A0343FBE59D612
Session-ID-ctx:
Master-Key:
ED97A9A46E4FBE00A24C534FE6CFBEC1B410D9B6375A316C27A6F734C979013979D5FFE22ACE7DFAA4DF5488A6AFE604
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1582644190
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
220-mail.queo-group.com ESMTP Exim 4.89 Tue, 25 Feb 2020 16:23:10 +0100.
220 Spammers are NOT welcome here, and will be beaten showing no mercy
quit
221 mail.queo-group.com closing connection
closed
> If I check your mail.lucabert.de, I see a multiline response already
> *before* your server has any idea, if the client would understand it.
I have the problem with lucabert.de, too, but it is now not interesting,
since it is my private server and no one use iPhone, here...
> I wouldn't expect all mailclients understanding and handling this well.
And I really don't understand what you mean... :(
Thanks
Luca Bertoncello
(lucabert@???)
