<p dir="ltr">Relay=<a href="http://smtpin.rzone.de">smtpin.rzone.de</a></p>
<p dir="ltr">Client CN is *.<a href="http://smtp.rzone.de">smtp.rzone.de</a></p>
<p dir="ltr">Maybe just a syntax error using smtpin instead of smtp?</p>
<div class="gmail_extra"><br><div class="gmail_quote">On Nov 23, 2016 2:06 AM, "teor" <<a href="mailto:teor2345@gmail.com">teor2345@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
> On 23 Nov. 2016, at 18:25, Berta Gieselbusch <<a href="mailto:berta@gieselbusch.de">berta@gieselbusch.de</a>> wrote:<br>
><br>
> Good morning,<br>
><br>
><br>
> I've setup my first relay. Until now everything seems to be working<br>
> fine, but I keep getting mails from logcheck I don't know how to deal with.<br>
><br>
> The reported errors are:<br>
><br>
> "sm-mta[15148]: STARTTLS=client, relay=<a href="http://smtpin.rzone.de" rel="noreferrer" target="_blank">smtpin.rzone.de</a>.,<br>
> version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-<wbr>SHA384,<br>
> bits=256/256".<br>
<br>
Hi Berta,<br>
<br>
This mail you just sent came from:<br>
<br>
Received: from <a href="http://mo6-p00-ob.smtp.rzone.de" rel="noreferrer" target="_blank">mo6-p00-ob.smtp.rzone.de</a> (<a href="http://mo6-p00-ob.smtp.rzone.de" rel="noreferrer" target="_blank">mo6-p00-ob.smtp.rzone.de</a><br>
 [IPv6:2a01:238:20a:202:5300::<wbr>8])<br>
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))<br>
 (Client CN "*.<a href="http://smtp.rzone.de" rel="noreferrer" target="_blank">smtp.rzone.de</a>", Issuer "TeleSec ServerPass DE-2" (not verified))<br>
<br>
Do you forward mail from your relay to an account on the same email<br>
provider? (Do you forward to the same email address you sent this<br>
mail from?)<br>
<br>
If so, then it looks like your email provider has its TLS misconfigured.<br>
(It looks to me like they don't return any certificates at all.)<br>
<br>
Here are the certificates in question:<br>
<a href="https://www.telesec.de/en/serverpass-en/support/download-area/category/74-telesec-serverpass-de-2" rel="noreferrer" target="_blank">https://www.telesec.de/en/<wbr>serverpass-en/support/<wbr>download-area/category/74-<wbr>telesec-serverpass-de-2</a><br>
<br>
It appears that compatibility with sendmail is not a priority:<br>
<a href="https://www.telesec.de/en/serverpass-en/support/root-compatibility" rel="noreferrer" target="_blank">https://www.telesec.de/en/<wbr>serverpass-en/support/root-<wbr>compatibility</a><br>
<br>
Or perhaps TLS is misconfigured on your sendmail instance.<br>
<br>
Or there's some kind of certificate chain error, where your server does<br>
not believe the root certificate that signed the <a href="http://smtp.rzone.de" rel="noreferrer" target="_blank">smtp.rzone.de</a><br>
certificate.<br>
<br>
In any case, it's nothing to do with Tor.<br>
<br>
T<br>
<br>
--<br>
Tim Wilson-Brown (teor)<br>
<br>
teor2345 at gmail dot com<br>
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B<br>
ricochet:ekmygaiu4rzgsk6n<br>
xmpp: teor at torproject dot org<br>
------------------------------<wbr>------------------------------<wbr>------------<br>
<br>
<br>
<br>
______________________________<wbr>_________________<br>
tor-relays mailing list<br>
<a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.<wbr>org</a><br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" rel="noreferrer" target="_blank">https://lists.torproject.org/<wbr>cgi-bin/mailman/listinfo/tor-<wbr>relays</a><br>
</blockquote></div></div>