On 23 Nov. 2016, at 18:25, Berta Gieselbusch berta@gieselbusch.de wrote:
Good morning,
I've setup my first relay. Until now everything seems to be working fine, but I keep getting mails from logcheck I don't know how to deal with.
The reported errors are:
"sm-mta[15148]: STARTTLS=client, relay=smtpin.rzone.de., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256".
Hi Berta,
This mail you just sent came from:
Received: from mo6-p00-ob.smtp.rzone.de (mo6-p00-ob.smtp.rzone.de [IPv6:2a01:238:20a:202:5300::8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.smtp.rzone.de", Issuer "TeleSec ServerPass DE-2" (not verified))
Do you forward mail from your relay to an account on the same email provider? (Do you forward to the same email address you sent this mail from?)
If so, then it looks like your email provider has its TLS misconfigured. (It looks to me like they don't return any certificates at all.)
Here are the certificates in question: https://www.telesec.de/en/serverpass-en/support/download-area/category/74-te...
It appears that compatibility with sendmail is not a priority: https://www.telesec.de/en/serverpass-en/support/root-compatibility
Or perhaps TLS is misconfigured on your sendmail instance.
Or there's some kind of certificate chain error, where your server does not believe the root certificate that signed the smtp.rzone.de certificate.
In any case, it's nothing to do with Tor.
T