Harald Dunkel <harald.dun...@aixigo.com> wrote: > On 2020-07-27 11:17, Sven Hartge wrote: >> Debian uses their own CA to sign this certificate, which is fine for >> SMTP, which normally only uses opportunistic encryption. >> >> But if the client SMTP-Server is set to *verify* the certificate, it >> will fail.
> Certificate verification is optional on my MTA. See the log file. > AFAICT it ignored the failed certificate check and continued with the > ssl handshake. *Then* it failed. Right. > It would be interesting to know whats written in the log files on > buxtehude. Are there other similar incidents? Does your MTA present a client certificate? Maybe buxtehude does not like that? When diagnosing SSL errors I also find it helpful to wireshark the connection to see which side exactly triggers the SSL Alert. That may help highlight the culprit here. Grüße, Sven. -- Sigmentation fault. Core dumped.
