[SOLVED] Re: TLS aus Debian-sendmail entfernen
Hallo,
hat sich alles erledigt.
Das Problem hat nicht mein Server, sondern der entfernte (in diesem Fall
webmail.hansenet.de) gehabt. Ein HHLUG'ler hat sich des Problems
angenommen und folgendes heraus gefunden:
dieter@rubin:~> openssl s_client -connect 213.191.73.2:25 -starttls smtp
CONNECTED(00000003)
depth=0 /O=webmail.hansenet.de/OU=Domain Validated/OU=Go to
https://www.thawte.com/repository/index.html/OU=Thawte SSL123
certificate/CN=webmail.hansenet.de
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /O=webmail.hansenet.de/OU=Domain Validated/OU=Go to
https://www.thawte.com/repository/index.html/OU=Thawte SSL123
certificate/CN=webmail.hansenet.de
verify error:num=27:certificate not trusted
verify return:1
depth=0 /O=webmail.hansenet.de/OU=Domain Validated/OU=Go to
https://www.thawte.com/repository/index.html/OU=Thawte SSL123
certificate/CN=webmail.hansenet.de
verify error:num=21:unable to verify the first certificate
verify return:1
quit
Im Gegensatz zu
dieter@rubin:~> openssl s_client -connect mail.gmx.net:25 -starttls smtp
CONNECTED(00000003)
depth=0 /C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=mail.gmx.net
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=mail.gmx.net
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=mail.gmx.net
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=mail.gmx.net
i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Server
CA/emailAddress=server-certs@thawte.com
---
Server certificate
-----BEGIN CERTIFICATE-----
[ der Code der Zertifikates ]
-----END CERTIFICATE-----
subject=/C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=mail.gmx.net
issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Server
CA/emailAddress=server-certs@thawte.com
---
No client certificate CA names sent
---
SSL handshake has read 1464 bytes and written 350 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID:
82761154B0B758F3E5566E961D6649CB815CE23C91317CE665A191863A6B7FF3
Session-ID-ctx:
Master-Key:
ED479576316591322B137C97CA64358A98F0B5C911C6D58916E4EA345E1E3A1DD352DFD53FC5DE6B965B3832E143FA37
Key-Arg : None
Start Time: 1111422749
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
220 {mp025} GMX Mailservices ESMTP
quit
221 2.0.0 {mp025} GMX Mailservices
read:errno=0
webmail.hansenet.de präsentiert sein Zertifikat nicht, sondern nur den
Header, daher kann auch keine verschlüsselte Session gestartet werden.
bis dahin / kind regards
Martin Mewes
--
http://webmin.mamemu.de/
Reply to: