On 18/04/2024 11:18, Sebastian Arcus via Exim-users wrote:
> I was recently digging around the Exim logs searching for a particular connection attempt. I stumbled over the line below which I can't quite make sense of:
>
>
> 2024-04-14 10:38:27 [217.175.192.143] SSL verify error (during S-verify for [45.86.117.1]): certificate name mismatch: DN="/C=AT/ST=Vienna/L=Vienna/O=Emarsys/OU=systec/CN=smtp.emarsys.net" H="return1.emarsys.net"
>
> I understand that names in certificates have to match the hostname of the incoming connection, but I'm not sure why there are two IP addresses there. Does the above mean Exim is contacting [217.175.192.143] to verify the certificate for [45.86.117.1]? Technically SSL certificates are not issued to IP addresses, but hostnames - so I'm a bit stumped. I searched in Google for "Exim S-verify" - but so far couldn't find anything that makes sense in the context.
>
> Any hints appreciated
You were doing a sender-verify callout, for a mail being received from [45.86.117.1].
The callout was being done to [217.175.192.143], and Exim noted a problem with the
certificate that the responding system at that IP offered during TLS startup for
the callout connection. "Name mismatch" means that none of the SANs, nor the CN,
on the certificate matches the DNS name of that system.
--
Cheers,
Jeremy
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
