[opendmarc-users] ssl fails ?
Steven M Jones
smj+opendmarc at crash.com
Mon Sep 17 13:47:10 PDT 2012
On 09/17/2012 01:44, Benny Pedersen wrote:
> Received: from home.junc.org (home.junc.org [2.104.223.10])
> by medusa.blackops.org (8.14.5/8.14.5) with ESMTP id q8H8bIHD007326
> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL)
> for <opendmarc-users at trusteddomain.org>;
> Mon, 17 Sep 2012 01:37:21 -0700 (PDT) (envelope-from me at junc.org)
>
> why verify=FAIL ?
You seem to know that this Received: header indicates that TLS was used
in the hop between medusa.blackops.org and home.junc.org. The
"verify=fail" tag/value indicates that home.junc.org was not able to
verify the certificate used by medusa.blackops.org to initiate the TLS
session.
This is not unusual, many sites do not spend money on TLS certificates
for email from recognized certificate authorities. Just as many sites do
not configure their MTAs with CA certificates that could validate those
issued certs anyway...
Why did you expect something different?
--Steve.
More information about the opendmarc-users
mailing list