-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 20.08.2013 12:12, schrieb Sebastian Wiesinger:
> * Heiko Wundram <modeln...@modelnine.org> [2013-08-20 12:09]:
>> Still delivers fine for me (and my mail-server) running Postfix
>> 2.10.1:
>>
>> Received: from mout.web.de (mout.web.de [212.227.15.3]) (using
>> TLSv1.2 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No
>> client certificate requested) by mail.modelnine.org (Postfix)
>> with ESMTPS id 8854E3640A for <modeln...@modelnine.org>; Tue, 20
>> Aug 2013 08:35:39 +0200 (CEST)
>
> what kind of certificate do you have? Official, selfsigned? I have
> one from CACert and I wonder if that is the problem...
Official certificate by StartSSL on this host, but I'm also getting
inbound mail from web.de without problems on other systems that have
self-singled certificates and do offer STARTTLS.
I'd rather take a guess that your SSL library doesn't advertise a
cipher spec that's accepted by the web.de servers (although I wouldn't
know about restrictions they impose) - you might also simply want to
try and test whether openssl s_client has anything to say about your
exposed configuration.
Anyway, testing mx.karotte.org from mail.modelnine.org seems to show
that the connection should work in principle (I'm getting the same
results as to SSL session negotiation as when I'm connecting to my MX):
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
except for the fact that my key is 2048 bits, and yours is 1024 bits.
- --
- --- Heiko.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJSE0PuAAoJEDMqpHf921/SoWoIAJo5Vz2AJv7d2NJr4C6g88se
8Y/ItWFynoYmWuHmYgKYgmtHnLW7WQFq08k0TDrL1SsNJvc2al0T3cNvqEUTnENZ
UoTsye0rfg6Zp9TIdj85DmmyBkKjKtMBgaEu+aeXB29CR6g5P1FcWIpNbpu1U+Cg
f0pngeVVWGpMZdiCC0cctbROllarFaMQBtX9Cuxw74m92mRkMArDzErsFtB/dc6Z
TSJtbb2BmH0uCduAGcBzrzMHHcP6eULIZgubp6gxGSNddlT+jEMPDTj/N2PPj7pi
gcWk/Eh5eU/QcyeE7Q2kaZmVf5C7AZ70xD2nPFyDU80XUstKTCYXZM9ylFWMQTE=
=PZ2s
-----END PGP SIGNATURE-----
