On Thu, Apr 12, 2012 at 02:59:05PM +0200, Ralf Hildebrandt wrote:
> * Wietse Venema <wie...@porcupine.org>:
> > "openssl s_client" sessions fail identically with 77.43.17.211
> > and 81.252.237.162.
> >
> > % openssl s_client -starttls smtp -connect 77.43.17.211:25
> > ...
> > 250 OK
> > ehlo spike.porcupine.org
> >
My results are different, perhaps they've already fixed something ...
$ /usr/sbin/sendmail -f post...@dukhovni.org -bv postmaster@[82.135.27.153]
Apr 12 13:48:22 amnesiac postfix/smtp[19732]: setting up TLS connection to
82.135.27.153[82.135.27.153]:25
Apr 12 13:48:22 amnesiac postfix/smtp[19732]: certificate verification failed
for 82.135.27.153[82.135.27.153]:25: untrusted issuer
/DC=de/DC=bavarian-nordic/CN=BNM-BES
Apr 12 13:48:22 amnesiac postfix/smtp[19732]: Untrusted TLS connection
established to 82.135.27.153[82.135.27.153]:25: unknown with cipher RC4-MD5
(128/128 bits)
Apr 12 13:48:22 amnesiac postfix/smtp[19732]: AE7F42AB2AE:
to=<postmaster@[82.135.27.153]>, relay=82.135.27.153[82.135.27.153]:25,
delay=1.2, delays=0.01/0.04/0.75/0.38, dsn=5.7.1, status=undeliverable (host
82.135.27.153[82.135.27.153] said: 550 5.7.1 Unable to relay for
postmaster@[82.135.27.153] (in reply to RCPT TO command))
Note that the cipher is RC4-MD5 (more typical of Windows), not 3DES
(which had a history of issues on older Windows systems, perhaps
never addressed). I don't know why the system in question would have
in Ralf's case agreed to 3DES, rather than RC4-MD5.
--
Viktor.
