[opendmarc-users] ssl fails ?

Benny Pedersen me at junc.org
Tue Sep 18 04:34:25 PDT 2012


Den 2012-09-17 22:47, Steven M Jones skrev:
> On 09/17/2012 01:44, Benny Pedersen wrote:
>> Received: from home.junc.org (home.junc.org [2.104.223.10])
>>     by medusa.blackops.org (8.14.5/8.14.5) with ESMTP id 
>> q8H8bIHD007326
>>     (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 
>> verify=FAIL)
>>     for <opendmarc-users at trusteddomain.org>;
>>     Mon, 17 Sep 2012 01:37:21 -0700 (PDT) (envelope-from 
>> me at junc.org)
>>
>> why verify=FAIL ?
>
> You seem to know that this Received: header indicates that TLS was
> used in the hop between medusa.blackops.org and home.junc.org. The
> "verify=fail" tag/value indicates that home.junc.org was not able to
> verify the certificate used by medusa.blackops.org to initiate the 
> TLS
> session.
>
> This is not unusual, many sites do not spend money on TLS
> certificates for email from recognized certificate authorities. Just
> as many sites do not configure their MTAs with CA certificates that
> could validate those issued certs anyway...
>
> Why did you expect something different?

i exspect sendmail works as good as postfix, when it comes to ssl in 
generic, the above is to me a config problem in the way sendmail does 
not have all valid root CA, but still try to verify :(

thanks btw i know its not my fault now

was there domain name something about trust ?





More information about the opendmarc-users mailing list