On 2023-09-11 at 17:05:00 UTC-0400 (Mon, 11 Sep 2023 23:05:00 +0200)
Camille - Clean Mailbox via mailop <cont...@clean-mailbox.com>
is rumored to have said:
Dear co-listers,
I'm seeing an increase of SSL/TLS errors for incoming emails to our
service over the last few weeks.
Example from Mailjet, which is (I suppose) able to send email in TLS
1.2 or 1.3 instead of SSLv3:
2023-09-11T21:19:31.079142+02:00 mx4 postfix/smtpd[633448]: SSL_accept
error from o176.p8.mailjet.com[87.253.233.176]: -1
2023-09-11T21:19:31.079696+02:00 mx4 postfix/smtpd[633448]: warning:
TLS library problem: error:0A000412:SSL routines::sslv3 alert bad
certificate:../ssl/record/rec_layer_s3.c:1586:SSL alert number 42:
That's an indication that the client does not like your certificate.
As for why, see
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
TL;DR: you need to fix the chain of trust for your certificate. You
should remove any reference to the 'DST Root CA X3' certificate. You may
also need to change how you maintain your certificate.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
