>Hi everyone. > >I have been using sendmail on my open BSD server for some time now. I >am using smtpvilter with clamwin and spam assassin. I am using TLS >with a self-signed certificate. > >I haven't had an issue for 2 years... then suddenly I get this: >sm-mta[23903]: STARTTLS=client, relay=smtp.ins.dell.com., >version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, >bits=256/256 >Jan 28 17:58:29 mx1 imapd[21971]: > >I am getting this when our dell rep is trying to send me a quote. I >receive all of his other email just fine -- but when he sends a quote >I get the error above. > >I do not understand why TLS even comes into play here, because he is >not relaying off of my server (at least, he shouldn't be). Is this a >misconfiguration on their end -- or mine? I've been good for 2 years, >so I can't beleive it is something I did or did not do... > >Can someone help? > >Thanks.
There is nothing wrong with your configuration. That particular Dell mail server is talking to your mail server in that particular way (TLS/SSL) with a self-signed certificate. It simply means that the conversation is encrypted by that the verification of the communication partner cannot be validated with a certificate authority. You are mis-reading the log message. http://www.sendmail.org/~ca/email/starttls.html Here is an outbound email from one of my servers... Jan 28 08:46:47 chromatic sm-mta[18018]: STARTTLS=client, relay=meleagros.siemens.com., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 And one inbound... Jan 28 09:36:21 chromatic sm-mta[18298]: STARTTLS=server, relay=tdwems06x08.thindata.net [64.34.54.224], version=TLSv1/SSLv3, verify=NO, cipher=DHE-DSS-AES256-SHA, bits=256/256 The relay is simply the the partner in the transaction.
