LQ Newbie
Registered: Jul 2010
Posts: 6
Rep:
|
Sendmail certificate question
I recently moved from an older fedora installation to CentOS 6 for my mail server. Everything seems to work well, but I cannot send mail to a particular site. I self sign my certificates, and they seem to work elsewhere. Here's the maillog for the site that doesn't work, with the recipient name changed to "recipient@recipient.com"
My site is "billoblog.com"
********************************
Aug 23 14:33:00 hope sendmail[2006]: r7NJX0rY002004: SMTP outgoing connect on hope.billoblog.com
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, init=1
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, start=ok
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, info: fds=11/10, err=2
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS: x509 cert verify: depth=1 /C=US/O=Google Inc/CN=Google Internet Authority, state=0, reason=unable to get local issuer certificate
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS: TLS cert verify: depth=1 /C=US/O=Google Inc/CN=Google Internet Authority, state=0, reason=unable to get local issuer certificate
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, info: fds=11/10, err=2
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, get_verify: 20 get_peer: 0x2136f10
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, relay=recipient.com.s8a1.psmtp.com., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, cert-subject=/C=US/ST=California/L=Mountain+20View/O=Google+20Inc/CN=*.psmtp.com, cert-issuer=/C=US/O=Google+20Inc/CN=Google+20Internet+20Authority, verifymsg=unable to get local issuer certificate
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:01 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:01 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:01 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:02 hope sendmail[2006]: r7NJX0rY002004: to=<recipient@recipient.com>, ctladdr=<consults@hope.billoblog.com> (505/505), delay=00:00:02, xdelay=00:00:02, mailer=esmtp, pri=120495, relay=recipient.com.s8a1.psmtp.com. [64.18.7.10], dsn=2.0.0, stat=Sent (Thanks)
Aug 23 14:33:02 hope sendmail[2006]: r7NJX0rY002004: done; delay=00:00:02, ntries=1
Aug 23 14:33:02 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:02 hope sendmail[2006]: STARTTLS=client, SSL_shutdown failed: -1
**************************************
In contrast, this mail, to my work email address, gets delivered:
******************************************
Aug 23 14:11:29 hope sendmail[1798]: r7NJBSnc001796: SMTP outgoing connect on hope.billoblog.com
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, init=1
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, start=ok
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS: x509 cert verify: depth=0 /C=US/ST=North Carolina/L=Greenville/O=East Carolina University/OU=ecu.edu/CN=mail1.ecu.edu/emailAddress=postmaster@ecu.edu, state=0, reason=self signed certificate
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS: TLS cert verify: depth=0 /C=US/ST=North Carolina/L=Greenville/O=East Carolina University/OU=ecu.edu/CN=mail1.ecu.edu/emailAddress=postmaster@ecu.edu, state=0, reason=self signed certificate
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, get_verify: 18 get_peer: 0x2023998
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, relay=mail1.ecu.edu., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, cert-subject=/C=US/ST=North+20Carolina/L=Greenville/O=East+20Carolina+20University/OU=ecu.edu/CN=mail1.ecu.edu/emailAddress=postmaster@ecu.edu, cert-issuer=/C=US/ST=North+20Carolina/L=Greenville/O=East+20Carolina+20University/OU=ecu.edu/CN=mail1.ecu.edu/emailAddress=postmaster@ecu.edu, verifymsg=self signed certificate
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: r7NJBSnc001796: to=<oliverw@ecu.edu>, ctladdr=<consults@hope.billoblog.com> (505/505), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=120322, relay=mail1.ecu.edu. [150.216.17.111], dsn=2.0.0, stat=Sent (ok: Message 296403614 accepted)
Aug 23 14:11:30 hope sendmail[1798]: r7NJBSnc001796: done; delay=00:00:01, ntries=1
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, SSL_shutdown failed: -1
*****************************************************
What does this mean. Is it a problem with recipient.com, or with me? Any pointers?
Thanks
billo
|