In my continuing effort to run my mail server the way I always have* I added SNI to my mail server, which wasn't very hard, and generated about a hundred certs.
The good news is that it mostly works -- I sent myself a message from my gmail account, I can see that google does SNI, my system sends it the cert, and it works fine. The bad news is that it's really flaky. When I send myself mail from my Comcast account, same SNI, same cert, and kaboom. I don't know whether it's gnutls or what. Any helpful suggestions? R's, John (Those hex numbers are djb timestamps, but don't panic, this is mailfront, not qmail-smtpd.) @400000005c3c0fa223836c4c tcpserver: ok 78670 mail1.iecc.com:2001:470:1f07:1126:33:5370:616d:6d31:25 :2001:558:fe16:19:96:114:154:171::36062 @400000005c3c0fa31eddb9cc mailfront[78670]: Starting TLS handshake @400000005c3c0fa322a0865c mailfront[78670]: SNI value: mx1.taugh.com @400000005c3c0fa3231479f4 mailfront[78670]: Using SNI cert file for mx1.taugh.com @400000005c3c0fa32d79b364 mailfront[78670]: TLS handshake failed: A TLS fatal alert has been received. @400000005c3c0fa32d79bf1c mailfront[78670]: bytes in: 0 bytes out: 0 * - cue Frank Sinatra singing "My Way" _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
