on Wed, Nov 20, 2019 at 10:15:20AM +0100, Claus Assmann via mailop wrote: > seemingly because it does not like my (self-signed) cert.
We recently ran into this as well, via a longtime list member whose company decided to switch to mimecast. I just grudgingly disabled TLS altogether until I can investigate what ridiculous hoops I need to jump through these days to get a "trusted" CA to issue me a cert (this after oh, ten years or so of using a self-signed cert) that others will trust as well. The only other place I'd run into this is with a server at prolocation in the Netherlands, which is ironic because they actually host an rbldns server mirror for enemieslist and have for years. :-/ Of course, the idea that self-signed certs are somehow less valid is absolutely idiotic on the face of it; encryption doesn't guarantee a person or entity on the other end is "valid" in any way, regardless of whether you've filled out some paperwork, and should not be treated as anything but a way to shill paid services. But there we are. As for free CAs, they suffer from the same problem as self-signed, maybe because that's what all certs are at the bottom. I'm not sure if there are any who would actually work with mimecast, or how a mail server is supposed to dynamically import a root cert exactly. I'd love to know how this is resolved, however, if it can be done without paying and renewing a completely unnecessary cert over and over again for no good reason. Steve -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/ Internet security and antispam hostname intelligence: http://enemieslist.com/ _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop