TLS problem

Meurlin Robert Robert.Meurlin at se.fujitsu.com
Fri Mar 2 10:14:56 GMT 2012 

Hi,
We have 3 mailgw's who has exactly the same config with sendmail,MailScanner, spamassassin, clamav, TLS.

We have 1 customer who have forced TLS with this config:

Access.db
TLS_Clt:customer.se   VERIFY
TLS_Srv:customer.se   VERIFY
------------
sendmail.mc
define(`CERT_DIR', `/etc/mailcerts')
define(`confSERVER_CERT', `CERT_DIR/host.cert')
define(`confSERVER_KEY', `CERT_DIR/host.key')
define(`confCLIENT_CERT', `CERT_DIR/host.cert')
define(`confCLIENT_KEY', `CERT_DIR/host.key')
define(`confCACERT', `CERT_DIR/cacert.pem')
define(`confCACERT_PATH', `CERT_DIR/CA')
----------

This is the TLS error on one of the mailgw's:


Running /var/spool/mqueue/q1SHjcxb027590 (sequence 1 of 1)

<x.x at x.se>... Connecting to x.x.se. via esmtp...

220 x.x.se ESMTP

>>> EHLO fujitsugw

250-x.x.se

250-PIPELINING

250-SIZE 102400000

250-ETRN

250-STARTTLS

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

>>> STARTTLS

220 2.0.0 Ready to start TLS

>>> QUIT

221 2.0.0 Bye

<x.x at x.se>... Connecting to x2.x.se. via esmtp...

<x.x at x.se>... Closing connection to x.x.se.

220 x2.x.se ESMTP

>>> EHLO fujitsugw

250-x.x.se

250-PIPELINING

250-SIZE 102400000

250-ETRN

250-STARTTLS

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

>>> STARTTLS

220 2.0.0 Ready to start TLS

>>> QUIT

221 2.0.0 Bye

<x.x at x.se>... Connecting to x.x.se. via esmtp...

<x.x at x.se>... Closing connection to x2.x.se.

220 x.x2.se ESMTP

>>> EHLO fujitsugw

250-x.x.se

250-PIPELINING

250-SIZE 102400000

250-ETRN

250-STARTTLS

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

>>> STARTTLS

220 2.0.0 Ready to start TLS

>>> QUIT

221 2.0.0 Bye

<x.x at x.se>... Connecting to x.x.se. via esmtp...

<x.x at x.se>... Closing connection to x.x.se.

220 x.x.se ESMTP

>>> EHLO fujitsugw

250-x3.seb.se

250-PIPELINING

250-SIZE 102400000

250-ETRN

250-STARTTLS

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

>>> STARTTLS

220 2.0.0 Ready to start TLS

>>> QUIT

221 2.0.0 Bye

<x.x at x.se>... Deferred: 403 4.7.0 authentication failed

Closing connection to x.x.se.

When we route through the other 2 mailgw's it is no problem but on this TLS doesn't work, normal mail (not TLS) works good on this, I have looked at certs and everything looks good does anyone have a clue?

Thanks!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20120302/179679d3/attachment.html

More information about the MailScanner mailing list