On 2016-05-29 20:35, Carlos E. R. wrote:
On 2016-05-29 20:12, Daniel Bauer wrote:
The SMTP server uses "Untrusted TLS" according to postfix. Some time ago I looked and they were using a private certificate, using the example certificate form of the software, not even filling their own data. I haven't looked recently:
To verify the certificate I have to increase log verbosity.
Well, they changed that: <2.6> 2016-05-29 20:35:12 Telcontar postfix 16816 - - smtp.telefonica.net[86.109.99.70]:25: certificate verification depth=0 verify=0 subject=/C=ES/ST=MADRID/L=MADRID/O=Movistar/OU=Sistemas de Informacion/CN=smtp.movistar.es <2.6> 2016-05-29 20:35:12 Telcontar postfix 16816 - - message repeated 2 times: [ smtp.telefonica.net[86.109.99.70]:25: certificate verification depth=0 verify=0 subject=/C=ES/ST=MADRID/L=MADRID/O=Movistar/OU=Sistemas de Informacion/CN=smtp.movistar.es] ... <2.6> 2016-05-29 20:35:12 Telcontar postfix 16816 - - smtp.telefonica.net[86.109.99.70]:25: subject_CN=smtp.movistar.es, issuer_CN=Symantec Class 3 Secure Server CA - G4, fingerprint 22:6F:23:53:3E:7E:4B:E8:DF:4D:7C:9A:B7:0A:95:54, pkey_fingerprint=31:4F:CA:EB:09:5A:B1:AC:D7:D5:3E:02:3B:52:1E:A1 <2.6> 2016-05-29 20:35:12 Telcontar postfix 16816 - - Untrusted TLS connection established to smtp.telefonica.net[86.109.99.70]:25: TLSv1 with cipher RC4-SHA (128/128 bits) It appears to be a certificate from Symantec, dunno why untrusted. This is what they had some time ago: <2.6> 2012-06-18 00:48:17 Telcontar postfix 21900 - - certificate verification failed for smtp.telefonica.net[213.4.149.228]:25: untrusted issuer /C=US/O =RTFM, Inc./OU=Widgets Division/CN=Test CA20010517 <2.6> 2012-06-18 00:48:17 Telcontar postfix 21900 - - Untrusted TLS connection established to smtp.telefonica.net[213.4.149.228]:25: TLSv1 with cipher DH E-RSA-AES256-SHA (256/256 bits) Do you see the "RTFM" in there? LOL. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)