Discussion:
[Pkg-exim4-users] a tls fatal alert has been received
Chad Plantenberg
2015-03-28 00:12:13 UTC
Permalink
hello;
new to the list and to exim in general:

checked all the suggested locations first.

heres the error in the log:
...tls error on connection from [remote ip address] (recv): a tls
fatal alert has been received.: ca is unknown
tls error on connection from [remote ip address] (send): the specified
session has been invalidated for some reason.

self-signed cert where you would expect /etc/exim4/
running exim -bP displays the correct path to the file
exim points to ca list in /etc/ssl/certs/ correctly
using dovecot for authentication, nothing shows up in dovecot logs, so
its not getting to auth because its failing at tls
using swaks on the machine the are no problems with tls
the client is attempting to connect using seamonkey.

i thought the log message was an exim error, but im starting to think
now that exim is stating that this is the error it received from
seamonkey: seamonkey doesnt like exims self-signed cert? but its
fine with dovecots (have not had same problem with imap using ssl).

thanks for any help/pointers anyone can provide;
chad
Chad Plantenberg
2015-04-07 04:49:39 UTC
Permalink
marc;
thank you for the reply.
the short answer is that it is seamonkey.
openssl s_client showed exim to be working fine. installed evolution
mail client on another computer and, after working through an ipv4/v6
issue, was able to successfully send an email out.
tried to follow the instructions in spec.text 41.14 self-signed certs
and the linked to ospkibook.sourceforge. took me a while to realize i
was forgetting debian version uses gnutls, but finally followed
similar set of instructions for gnutls; but im still getting 'ca
unknown' errors. at least i know exim is fine.

now time to go start a thread on the mozilla forums.
thanks all;
chad
Post by Chad Plantenberg
checked all the suggested locations first.
...tls error on connection from [remote ip address] (recv): a tls
fatal alert has been received.: ca is unknown
tls error on connection from [remote ip address] (send): the specified
session has been invalidated for some reason.
self-signed cert where you would expect /etc/exim4/
running exim -bP displays the correct path to the file
exim points to ca list in /etc/ssl/certs/ correctly
using dovecot for authentication, nothing shows up in dovecot logs, so
its not getting to auth because its failing at tls
using swaks on the machine the are no problems with tls
the client is attempting to connect using seamonkey.
i thought the log message was an exim error, but im starting to think
now that exim is stating that this is the error it received from
seamonkey: seamonkey doesnt like exims self-signed cert? but its
fine with dovecots (have not had same problem with imap using ssl).
Try talking to exim with openssl s_client or gnutls-client and see
whether this works. Then try having Seamonkey talk to an openssl
s_server or a gnutls-serv equipped with your exim's certificate.
See whether an exim listener (maybe on a different port so that it
doesn't interfere with your normal e-mail business) started
in foreground with more debugging enabled will give more insight.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
_______________________________________________
Pkg-exim4-users mailing list
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-exim4-users
Loading...