TLS problem
Sergio Rabellino
rabellino at di.unito.it
Fri Mar 2 10:37:51 GMT 2012
Did you do an hashing of the certs into the CERT_DIR/CA ?
It seems that your're not verifying the client certs against the their CA.
On 02/03/2012 11:14, Meurlin Robert wrote:
>
> Hi,
>
> We have 3 mailgw's who has exactly the same config with
> sendmail,MailScanner, spamassassin, clamav, TLS.
>
> We have 1 customer who have forced TLS with this config:
>
> Access.db
>
> TLS_Clt:customer.se VERIFY
>
> TLS_Srv:customer.se VERIFY
>
> ------------
>
> sendmail.mc
>
> define(`CERT_DIR', `/etc/mailcerts')
>
> define(`confSERVER_CERT', `CERT_DIR/host.cert')
>
> define(`confSERVER_KEY', `CERT_DIR/host.key')
>
> define(`confCLIENT_CERT', `CERT_DIR/host.cert')
>
> define(`confCLIENT_KEY', `CERT_DIR/host.key')
>
> define(`confCACERT', `CERT_DIR/cacert.pem')
>
> define(`confCACERT_PATH', `CERT_DIR/CA')
>
> ----------
>
> This is the TLS error on one of the mailgw's:
>
> Running /var/spool/mqueue/q1SHjcxb027590 (sequence 1 of 1)
>
> <x.x at x.se>... Connecting to x.x.se. via esmtp...
>
> 220 x.x.se ESMTP
>
> >>> EHLO fujitsugw
>
> 250-x.x.se
>
> 250-PIPELINING
>
> 250-SIZE 102400000
>
> 250-ETRN
>
> 250-STARTTLS
>
> 250-ENHANCEDSTATUSCODES
>
> 250-8BITMIME
>
> 250 DSN
>
> >>> STARTTLS
>
> 220 2.0.0 Ready to start TLS
>
> >>> QUIT
>
> 221 2.0.0 Bye
>
> <x.x at x.se>... Connecting to x2.x.se. via esmtp...
>
> <x.x at x.se>... Closing connection to x.x.se.
>
> 220 x2.x.se ESMTP
>
> >>> EHLO fujitsugw
>
> 250-x.x.se
>
> 250-PIPELINING
>
> 250-SIZE 102400000
>
> 250-ETRN
>
> 250-STARTTLS
>
> 250-ENHANCEDSTATUSCODES
>
> 250-8BITMIME
>
> 250 DSN
>
> >>> STARTTLS
>
> 220 2.0.0 Ready to start TLS
>
> >>> QUIT
>
> 221 2.0.0 Bye
>
> <x.x at x.se>... Connecting to x.x.se. via esmtp...
>
> <x.x at x.se>... Closing connection to x2.x.se.
>
> 220 x.x2.se ESMTP
>
> >>> EHLO fujitsugw
>
> 250-x.x.se
>
> 250-PIPELINING
>
> 250-SIZE 102400000
>
> 250-ETRN
>
> 250-STARTTLS
>
> 250-ENHANCEDSTATUSCODES
>
> 250-8BITMIME
>
> 250 DSN
>
> >>> STARTTLS
>
> 220 2.0.0 Ready to start TLS
>
> >>> QUIT
>
> 221 2.0.0 Bye
>
> <x.x at x.se>... Connecting to x.x.se. via esmtp...
>
> <x.x at x.se>... Closing connection to x.x.se.
>
> 220 x.x.se ESMTP
>
> >>> EHLO fujitsugw
>
> 250-x3.seb.se
>
> 250-PIPELINING
>
> 250-SIZE 102400000
>
> 250-ETRN
>
> 250-STARTTLS
>
> 250-ENHANCEDSTATUSCODES
>
> 250-8BITMIME
>
> 250 DSN
>
> >>> STARTTLS
>
> 220 2.0.0 Ready to start TLS
>
> >>> QUIT
>
> 221 2.0.0 Bye
>
> <x.x at x.se>... *Deferred: 403 4.7.0 authentication failed*
>
> Closing connection to x.x.se.
>
> When we route through the other 2 mailgw's it is no problem but on
> this TLS doesn't work, normal mail (not TLS) works good on this, I
> have looked at certs and everything looks good does anyone have a clue?
>
> Thanks!
>
>
>
--
Ing. Sergio Rabellino
Università degli Studi di Torino
Dipartimento di Informatica
ICT Services Director
Tel +39-0116706701 Fax +39-011751603
C.so Svizzera , 185 - 10149 - Torino
<http://www.di.unito.it>
-------------- next part --------------
Skipped content of type multipart/related
More information about the MailScanner
mailing list