[opendmarc-users] ssl fails ?

Steven M Jones smj+opendmarc at crash.com
Mon Sep 17 13:47:10 PDT 2012


On 09/17/2012 01:44, Benny Pedersen wrote:
> Received: from home.junc.org (home.junc.org [2.104.223.10])
>     by medusa.blackops.org (8.14.5/8.14.5) with ESMTP id q8H8bIHD007326
>     (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL)
>     for <opendmarc-users at trusteddomain.org>;
>     Mon, 17 Sep 2012 01:37:21 -0700 (PDT) (envelope-from me at junc.org)
>
> why verify=FAIL ?

You seem to know that this Received: header indicates that TLS was used 
in the hop between medusa.blackops.org and home.junc.org. The 
"verify=fail" tag/value indicates that home.junc.org was not able to 
verify the certificate used by medusa.blackops.org to initiate the TLS 
session.

This is not unusual, many sites do not spend money on TLS certificates 
for email from recognized certificate authorities. Just as many sites do 
not configure their MTAs with CA certificates that could validate those 
issued certs anyway...

Why did you expect something different?

--Steve.



More information about the opendmarc-users mailing list