Boo @ designing something so that "FAIL is really nothing is to be concerned with."
It's the kind of thing deliverability people will now be spending the rest of their lives explaining to clients that this big ole FAIL is to be ignored. -- Al Iverson www.aliverson.com (312)725-0130 On Wed, Apr 13, 2016 at 5:33 PM, Steve Freegard <steve.freeg...@fsl.com> wrote: > Hi Robert, > > I'm one of the developers of Haraka. > > verify=FAIL simply means that the TLS certificate presented by the peer host > could not be verified as trusted by a CA. > In the case of an MUA (which this appears to be), it would be normal as an > MUA does not usually present client TLS certificates, so this would always > be expected to fail verification because we have no certificate to verify > against, so I changed this in the latest alpha say verify=NO meaning we > couldn't verify the certificate as one wasn't presented. > > Your logs will provide more information e.g.: > > haraka[1124]: [INFO] [E11963C4-DB93-4F29-BC81-E066E3D3D369] [defendermx/tls] > secured: cipher=ECDHE-RSA-AES256-SHA38 > 4 version=TLSv1/SSLv3 verified=false error="Error: unable to get issuer > certificate" > > haraka[12586]: [INFO] [60ACFC0C-7DD8-4A3C-85F7-ED21F673E23F] > [defendermx/tls] secured: cipher=ECDHE-RSA-AES128-GCM-SHA256 > version=TLSv1/SSLv3 verified=true cn="smtp.gmail.com" organization="Google > Inc" issuer="Google Inc" expires="Oct 12 00:00:00 2016 GMT" > fingerprint=41:D4:85:E1:FC:1B:1D:3A:2D:60:E3:51:AB:E6:4A:A4:52:D8:CF:00 > > In short - it's really nothing to be concerned with. > > Kind regards, > Steve. > > > > On 13/04/16 22:56, Robert Guthrie via mailop.org wrote: > > Hello List, > > I wonder if someone could tell me about the verify=FAIL messages I'm seeing > in email headers sent from my SMTP's. > > Received: from loomio.io (errbit.loomio.org [45.55.128.240]) > by smtp.loomio.io (Haraka/2.8.0-alpha.7) with ESMTPSA id > 632790F7-CF56-4481-ACBA-2CBACE7EB8BB.1 > envelope-from <err...@loomio.io> (authenticated bits=0) > (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 verify=FAIL); > Wed, 13 Apr 2016 21:05:59 +0000 > > If I'm seeing this, is there something I can or should do to resolve this? > Sometimes I see verify=NO also. > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
