On 18/04/2024 11:18, Sebastian Arcus via Exim-users wrote:
I was recently digging around the Exim logs searching for a particular
connection attempt. I stumbled over the line below which I can't quite make
sense of:
2024-04-14 10:38:27 [217.175.192.143] SSL verify error (during S-verify for [45.86.117.1]):
certificate name mismatch:
DN="/C=AT/ST=Vienna/L=Vienna/O=Emarsys/OU=systec/CN=smtp.emarsys.net"
H="return1.emarsys.net"
I understand that names in certificates have to match the hostname of the incoming
connection, but I'm not sure why there are two IP addresses there. Does the above mean
Exim is contacting [217.175.192.143] to verify the certificate for [45.86.117.1]?
Technically SSL certificates are not issued to IP addresses, but hostnames - so I'm a bit
stumped. I searched in Google for "Exim S-verify" - but so far couldn't find
anything that makes sense in the context.
Any hints appreciated
You were doing a sender-verify callout, for a mail being received from
[45.86.117.1].
The callout was being done to [217.175.192.143], and Exim noted a problem with
the
certificate that the responding system at that IP offered during TLS startup for
the callout connection. "Name mismatch" means that none of the SANs, nor the
CN,
on the certificate matches the DNS name of that system.
--
Cheers,
Jeremy
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
