Your message dated Wed, 11 Sep 2013 22:18:18 -0400
with message-id <[email protected]>
and subject line Closing the report, now that it is fixed.
has caused the Debian Bug report #707049,
regarding bugs.debian.org: tls cert on bugs-master.debian.org for a different
hostname
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
707049: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707049
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: bugs.debian.org
Severity: normal
Dear Maintainer,
When sending a bug, the mail gets sent to the mx bugs-master.debian.org. The
exim
handling port 25 on that box has a tls cert with CN=buxtehude.debian.org.
AFAICT there also is no subAltName extension for bugs-master.debian.org.
This prevents the use of TLS with at least some MTAs (I use postfix):
:; egrep /smtp'\[' /var/log/mail.log
May 7 06:23:18 localhost postfix/smtp[19450]: SSL_connect error to
bugs-master.debian.org[140.211.166.26]:25: Connection reset by peer
May 7 06:23:18 localhost postfix/smtp[19450]: 252371001CE: Cannot start TLS:
handshake failure
May 7 06:23:18 localhost postfix/smtp[19450]: Host offered STARTTLS:
[bugs-master.debian.org]
May 7 06:23:19 localhost postfix/smtp[19450]: 252371001CE:
to=<[email protected]>, relay=bugs-master.debian.org[140.211.166.26]:25,
delay=454, delays=453/0.04/0.95/0.45, dsn=2.0.0, status=sent (250 OK
id=1UZbJQ-00005W-5M)
As you can see, the mail got sent, but without tls.
If you want the MX for bugs.d.o to be bugs-master.d.o, then that
SHOULD be the mailname of the box bugs-master.d.o A resolves to
and the TLS cert SHOULD have that name either in CN or subAltName.
Or, the actual mailname and CN should be specified in the MX RR.
Try running:
:; gnutls-cli -p 25 --starttls bugs-master.debian.org
to see why the tls handshake failed above.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---
(I forgot to add -done@ when I sent the update earlier tonight.)
Thanks.
-JimC
--
James Cloos <[email protected]> OpenPGP: 1024D/ED7DAEA6
--- End Message ---
