[tor-relays] Problem with sendmail on relay
Berta Gieselbusch
berta at gieselbusch.de
Thu Nov 24 09:16:04 UTC 2016
Hey,
exactly, it's the same address.
Thank you for your detailed answer.
Unfortunately I don't know how TLS should be setup, so I wouldn't be
able to find the mistake by my own.
On the other hand, I don't think it's (in my case) a really bad security
problem. So I can deal with it.
Unfortunately I've to consider to close the relay because it's a vserver
and numtcpsock is quit low (550). :-|
Have a nice day,
Berta
teor:
>> On 23 Nov. 2016, at 18:25, Berta Gieselbusch <berta at gieselbusch.de> wrote:
>>
>> Good morning,
>>
>>
>> I've setup my first relay. Until now everything seems to be working
>> fine, but I keep getting mails from logcheck I don't know how to deal with.
>>
>> The reported errors are:
>>
>> "sm-mta[15148]: STARTTLS=client, relay=smtpin.rzone.de.,
>> version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384,
>> bits=256/256".
> Hi Berta,
>
> This mail you just sent came from:
>
> Received: from mo6-p00-ob.smtp.rzone.de (mo6-p00-ob.smtp.rzone.de
> [IPv6:2a01:238:20a:202:5300::8])
> (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
> (Client CN "*.smtp.rzone.de", Issuer "TeleSec ServerPass DE-2" (not verified))
>
> Do you forward mail from your relay to an account on the same email
> provider? (Do you forward to the same email address you sent this
> mail from?)
>
> If so, then it looks like your email provider has its TLS misconfigured.
> (It looks to me like they don't return any certificates at all.)
>
> Here are the certificates in question:
> https://www.telesec.de/en/serverpass-en/support/download-area/category/74-telesec-serverpass-de-2
>
> It appears that compatibility with sendmail is not a priority:
> https://www.telesec.de/en/serverpass-en/support/root-compatibility
>
> Or perhaps TLS is misconfigured on your sendmail instance.
>
> Or there's some kind of certificate chain error, where your server does
> not believe the root certificate that signed the smtp.rzone.de
> certificate.
>
> In any case, it's nothing to do with Tor.
>
> T
>
More information about the tor-relays
mailing list