[mailop] sslv3 alert bad certificate and the fix.

Sat, 05 Apr 2025 10:29:21 -0700

I run my own personal mail server and was a corporate email server admin. Plus I ran my own hosting and email service for small business and non-profit for 20 plus years.  This was always done on servers I built and maintained.
But COVID, pricing from Microsoft for non-profits killed the hosting business, but I wanted to keep my own personal email services intact.  To make that work, I built a smart host on a low cost hosting platform and just relayed traffic to my real mail server still at home.  Works great. 


Fast forward, the smart host had an old Linux distro on it and it was 
hard to keep it up to date for external stuff like ClamAV.  It was 
easier for me to build a new hosted server, rebuild my smart host there 
and kill off the old smart host, once everything was working.



The new smart host defaulted to a self signed SSL certificate and I did 
not see a real reason to change that.  All was good for about 3 weeks 
into the new smart host and then I stopped getting some forwarded emails 
from a mail list service.  Checked the logs and the sending host was 
trying to setup a TLS connection with my new smart host and failing with 
the error:


sslv3 alert bad certificate

No other details in my logs.


I contacted the support at the mail list and the authors of the smart 
host software.  The smart host authors did not have any clear answers 
and there were no other logs that might lead to telling us what was 
wrong. But they did question the self signed ssl certificate.



After a day or two, I started getting the missing messages from the mail 
list service and they responded, 'We fixed it.'.   That's a big help...



But in the mean time the logs started showing a few more services 
failing to send to my smart host, like SendGrid and another mass mailing 
outfit(no big loss but concerning).  So I bit the bullet and bought a 
very cheap(< $12/year ssl cert) and installed it.



Now, it's been 3 days and no further 'sslv3 alert bad certificate' 
errors.  So my best guess that has fixed the issue for good. I will 
however monitor this going forward for a while.


Hope this information helps someone else.

Lyle Giese

_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop






















					Reply via email to