[tor-relays] Problem with sendmail on relay

teor teor2345 at gmail.com
Wed Nov 23 21:00:49 UTC 2016 

> On 24 Nov. 2016, at 02:18, Tristan <supersluether at gmail.com> wrote:
> 
> Relay=smtpin.rzone.de
> 
> Client CN is *.smtp.rzone.de
> 
> Maybe just a syntax error using smtpin instead of smtp?

No, smtpin.rzone.de is the correct MX for gieselbusch.de, it's exactly
what sendmail should be using to forward to any address at that
domain:

$ dig MX gieselbusch.de

; <<>> DiG 9.8.3-P1 <<>> MX gieselbusch.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5602
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;gieselbusch.de.			IN	MX

;; ANSWER SECTION:
gieselbusch.de.		150	IN	MX	5 smtpin.rzone.de.

;; ADDITIONAL SECTION:
smtpin.rzone.de.	1724	IN	A	81.169.145.97

Tim

> 
> 
> On Nov 23, 2016 2:06 AM, "teor" <teor2345 at gmail.com> wrote:
> 
> > On 23 Nov. 2016, at 18:25, Berta Gieselbusch <berta at gieselbusch.de> wrote:
> >
> > Good morning,
> >
> >
> > I've setup my first relay. Until now everything seems to be working
> > fine, but I keep getting mails from logcheck I don't know how to deal with.
> >
> > The reported errors are:
> >
> > "sm-mta[15148]: STARTTLS=client, relay=smtpin.rzone.de.,
> > version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384,
> > bits=256/256".
> 
> Hi Berta,
> 
> This mail you just sent came from:
> 
> Received: from mo6-p00-ob.smtp.rzone.de (mo6-p00-ob.smtp.rzone.de
>  [IPv6:2a01:238:20a:202:5300::8])
>  (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
>  (Client CN "*.smtp.rzone.de", Issuer "TeleSec ServerPass DE-2" (not verified))
> 
> Do you forward mail from your relay to an account on the same email
> provider? (Do you forward to the same email address you sent this
> mail from?)
> 
> If so, then it looks like your email provider has its TLS misconfigured.
> (It looks to me like they don't return any certificates at all.)
> 
> Here are the certificates in question:
> https://www.telesec.de/en/serverpass-en/support/download-area/category/74-telesec-serverpass-de-2
> 
> It appears that compatibility with sendmail is not a priority:
> https://www.telesec.de/en/serverpass-en/support/root-compatibility
> 
> Or perhaps TLS is misconfigured on your sendmail instance.
> 
> Or there's some kind of certificate chain error, where your server does
> not believe the root certificate that signed the smtp.rzone.de
> certificate.
> 
> In any case, it's nothing to do with Tor.
> 
> T
> 
> --
> Tim Wilson-Brown (teor)
> 
> teor2345 at gmail dot com
> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> ricochet:ekmygaiu4rzgsk6n
> xmpp: teor at torproject dot org
> ------------------------------------------------------------------------
> 
> 
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

T

-- 
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------

More information about the tor-relays mailing list