[opendmarc-users] ssl fails ?
Benny Pedersen
me at junc.org
Tue Sep 18 04:34:25 PDT 2012
Den 2012-09-17 22:47, Steven M Jones skrev:
> On 09/17/2012 01:44, Benny Pedersen wrote:
>> Received: from home.junc.org (home.junc.org [2.104.223.10])
>> by medusa.blackops.org (8.14.5/8.14.5) with ESMTP id
>> q8H8bIHD007326
>> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256
>> verify=FAIL)
>> for <opendmarc-users at trusteddomain.org>;
>> Mon, 17 Sep 2012 01:37:21 -0700 (PDT) (envelope-from
>> me at junc.org)
>>
>> why verify=FAIL ?
>
> You seem to know that this Received: header indicates that TLS was
> used in the hop between medusa.blackops.org and home.junc.org. The
> "verify=fail" tag/value indicates that home.junc.org was not able to
> verify the certificate used by medusa.blackops.org to initiate the
> TLS
> session.
>
> This is not unusual, many sites do not spend money on TLS
> certificates for email from recognized certificate authorities. Just
> as many sites do not configure their MTAs with CA certificates that
> could validate those issued certs anyway...
>
> Why did you expect something different?
i exspect sendmail works as good as postfix, when it comes to ssl in
generic, the above is to me a config problem in the way sendmail does
not have all valid root CA, but still try to verify :(
thanks btw i know its not my fault now
was there domain name something about trust ?
More information about the opendmarc-users
mailing list