[Pkg-exim4-users] a tls fatal alert has been received
Chad Plantenberg
mauurgp at gmail.com
Tue Apr 7 04:49:39 UTC 2015
marc;
thank you for the reply.
the short answer is that it is seamonkey.
openssl s_client showed exim to be working fine. installed evolution
mail client on another computer and, after working through an ipv4/v6
issue, was able to successfully send an email out.
tried to follow the instructions in spec.text 41.14 self-signed certs
and the linked to ospkibook.sourceforge. took me a while to realize i
was forgetting debian version uses gnutls, but finally followed
similar set of instructions for gnutls; but im still getting 'ca
unknown' errors. at least i know exim is fine.
now time to go start a thread on the mozilla forums.
thanks all;
chad
On 3/30/15, Marc Haber <mh+pkg-exim4-users at zugschlus.de> wrote:
> On Fri, Mar 27, 2015 at 05:12:13PM -0700, Chad Plantenberg wrote:
>> new to the list and to exim in general:
>>
>> checked all the suggested locations first.
>>
>> heres the error in the log:
>> ...tls error on connection from [remote ip address] (recv): a tls
>> fatal alert has been received.: ca is unknown
>> tls error on connection from [remote ip address] (send): the specified
>> session has been invalidated for some reason.
>>
>> self-signed cert where you would expect /etc/exim4/
>> running exim -bP displays the correct path to the file
>> exim points to ca list in /etc/ssl/certs/ correctly
>> using dovecot for authentication, nothing shows up in dovecot logs, so
>> its not getting to auth because its failing at tls
>> using swaks on the machine the are no problems with tls
>> the client is attempting to connect using seamonkey.
>>
>> i thought the log message was an exim error, but im starting to think
>> now that exim is stating that this is the error it received from
>> seamonkey: seamonkey doesnt like exims self-signed cert? but its
>> fine with dovecots (have not had same problem with imap using ssl).
>
> Try talking to exim with openssl s_client or gnutls-client and see
> whether this works. Then try having Seamonkey talk to an openssl
> s_server or a gnutls-serv equipped with your exim's certificate.
>
> See whether an exim listener (maybe on a different port so that it
> doesn't interfere with your normal e-mail business) started
> in foreground with more debugging enabled will give more insight.
>
> Greetings
> Marc
>
> --
> -----------------------------------------------------------------------------
> Marc Haber | "I don't trust Computers. They | Mailadresse im Header
> Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
> Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
>
> _______________________________________________
> Pkg-exim4-users mailing list
> Pkg-exim4-users at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-exim4-users
>
More information about the Pkg-exim4-users
mailing list