Re: tlsa for smtp to @bugs.debian.org
It turned out that buxtehude's exim doesn't like the (cacert-signed,
wildcard) cert my box offers when sending mail.
Blocking that allowed the TLS negotiation to complete, resulting in:
Verified TLS connection established to
buxtehude.debian.org[140.211.166.26]:25:
TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits)
Most MXs, including the MX for @lists.deb, accept the cert and add a
header like:
Received: from ore.jhcloos.com (ore.jhcloos.com [IPv6:2604:2880::b24d:a297])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "*.jhcloos.com", Issuer "CA Cert Signing Authority" (not verified))
by bendel.debian.org (Postfix) with ESMTPS id 026175B
for <debian-devel@lists.debian.org>; Thu, 12 Sep 2013 00:15:39 +0000 (UTC)
Some verify it.
Buxtehude is the first so far to drop the socket as soon as it sees it.
-JimC
--
James Cloos <cloos@jhcloos.com> OpenPGP: 1024D/ED7DAEA6
Reply to: