On 12/28/2023 08:59:51, Carlos E. R. wrote:
On 2023-12-28 06:16, David C. Rankin wrote:
On 12/27/23 13:12, Carlos E. R. wrote:
I am seeing these in the mail log, after a recent update (the machine is using Leap 15.4, but I have seen them in a 15.5 machine too (did not study those)):
<2.6> 2023-12-27T19:48:49.449784+01:00 Telcontar dovecot - - - imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 (no auth attempts in 0 secs): user=<>, rip=192.168.2.19, lip=192.168.1.14, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=<7qHpP4INzunAqAIT> <2.6> 2023-12-27T19:48:49.459538+01:00 Telcontar dovecot - - - imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 (no auth attempts in 0 secs): user=<>, rip=192.168.2.19, lip=192.168.1.14, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=<aqPpP4INwunAqAIT>
And Thunderbird can not open some folders.
Very, very long-running problem, e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=1671736
Claims it is resolved -- it isn't and never has been. There is something botched in tbirds acceptance of a changed self-signed cert. I was hit with this just about every year as the cert expired until I finally just went to using Let's Encrypt real certificates (you can use the same cert for web and mail servers)
I'd load certbot and just get the free cert for your domain, set up your web and mail servers to use them and be done with it.
I refuse to use external certificates.
Do you care to express a reason for this?
Also, I use a faked domain, I don't have a true domain.
So, this setup does not communicate with the "outside world" at all? Only internal? If so, why bother with certificates at all? Who is going to "sniff" your comms?