Chad Osmond writes: > Can anyone translate? > > Your message to the following recipients cannot be delivered: > > <[EMAIL PROTECTED]>: > toronto.mail.tucows.com [207.136.98.42]: >>>> STARTTLS > <<< 500 starttls: accept: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
It appears that toronto.mail.tucows.com's SSL certificate is not signed by a trusted CA. TLS_TRUSTCERTS=/usr/lib/courier/share/rootcerts export TLS_TRUSTCERTS TLS_VERIFYPEER=PEER export TLS_VERIFYPEER # couriertls -host=mail.sourceforge.net -port=25 -protocol=smtp -printx509=1 220 usw-sf-list1.sourceforge.net ESMTP Exim 3.31-VA-mm2 #1 Wed, 15 May 2002 14:03:44 -0700 - SF usw-list mm5 STARTTLS 220 OpenSSL/0.9.6beta go ahead Subject: C=US ST=California L=Fremont O=VA Linux Systems OU=SourceForge.net CN=*.sourceforge.net Cipher: DES-CBC3-SHA Version: TLSv1/SSLv3 Bits: 168 fcntl: Bad file descriptor So far so good... # couriertls -host=toronto.mail.tucows.com -port=25 -protocol=smtp -printx509=1 220 toronto.mail.tucows.com ESMTP Exim 3.36 #2 Wed, 15 May 2002 17:04:54 -0400 STARTTLS 220 OpenSSL/0.9.6beta go ahead starttls: accept: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Let's disable certificate checking, for a moment: TLS_VERIFYPEER=NONE export TLS_VERIFYPEER # couriertls -host=toronto.mail.tucows.com -port=25 -protocol=smtp -printx509=1 220 toronto.mail.tucows.com ESMTP Exim 3.36 #2 Wed, 15 May 2002 17:06:02 -0400 STARTTLS 220 OpenSSL/0.9.6beta go ahead Subject: C=CA ST=ON L=Toronto O=Tucows Inc. OU=OPS CN=toronto.mail.tucows.com [EMAIL PROTECTED] Cipher: DES-CBC3-SHA Version: TLSv1/SSLv3 Bits: 168 fcntl: Bad file descriptor There you go. I don't have the tools - at the moment - to pick apart their cert to determine if it's self-signed, or signed by a CA that I do not have. You can temporarily disable SSL for tucows.com via the esmtproutes config file, or turn off certificate checking globally via the esmtp configuration file. -- Sam _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users