On Wed, Oct 19, 2011 at 04:20:08PM +0200, Kamil Raczyński wrote: > On 2011-10-19 16:03, eu...@mail2.infochem.de wrote: > > For some strange reason the party on the other end suddenly > > no longer can send mail to us (delivery *from* us succeeds), > > claims that cert chain is in the wrong order. > > > > How can I verify this, for StartTLS? The server is this > > one (mail2.infochem.de). > > Hi, > > you can check SMTP over TLS certificate using openssl: > `openssl s_client -connect mail2.infochem.de:25 -starttls smtp`
Ah, I missed the -starttls smtp options when trying. Works now. > In this case certificate is not signed by Thawte, but it's > self-signed. Check if smtpd_tls_cert_file and smtpd_tls_key_file > options are pointing to the correct certificate/key. Thanks, Kamil, that was indeed the culprit -- these did point to stock Debian snake oil certs. Should be fixed now.
