[Eisfair] SSL Mail Telekom

Carsten Weisky cwy at weisky.lan
Mi Apr 9 14:21:03 CEST 2014 

Und weiter gehts:


Fetchmail event report per mail:
..
..
fingerprint update startet


Nochmal per mail:
Start request of pop/imap certificates
securepop.t-online.de:995 in progress
securepop.t-online.de:995 Using port 995
securepop.t-online.de:995 pop/imap certificate download error, port 
correct? Fingerprint update not possible
securepop.t-online.de:995 in progress
securepop.t-online.de:995 Using port 995
securepop.t-online.de:995 pop/imap certificate download error, port 
correct? Fingerprint update not possible
securepop.t-online.de:995 in progress
securepop.t-online.de:995 Using port 995
securepop.t-online.de:995 pop/imap certificate downloaded
securepop.t-online.de:995 No fingerprint update needed
Finished request of pop/imap certificates
Rehashing certificates


2. Fetchmail event report per mail:
..
..
fingerprint update startet

dann mail mit:

Start request of pop/imap certificates
securepop.t-online.de:995 in progress
securepop.t-online.de:995 Using port 995
securepop.t-online.de:995 pop/imap certificate downloaded
securepop.t-online.de:995 Updating all appearances of fingerprint
securepop.t-online.de:995 93:3E:E9:1A:02:0B:6F:49:7E:C5:3B:A4:04:8F:8B:EE to
securepop.t-online.de:995 3A:AF:21:D2:CB:14:32:A7:9C:C2:91:AA:3E:AF:D1:30
Rehashing certificates
Activating new mail configuration

Aber Emails gehen immer noch nicht raus!


Im Main
2014-04-09 13:44:49 1WXqN2-0008Gg-2c SSL verify error: depth=0 
error=unable to get certificate CRL cert=/C=DE/O=Deutsche Telekom 
AG/OU=P&I AM/DCS/ST=Hessen/L=▒
│2014-04-09 13:44:49 1WXqN2-0008Gg-2c TLS error on connection to 
sfwdallmx.t-online.de [194.25.134.46] (SSL_connect): error:14090086:SSL 
routines:SSL3_GET_SERV▒
│2014-04-09 13:44:49 1WXqN2-0008Gg-2c SSL verify error: depth=0 
error=unable to get certificate CRL cert=/C=DE/O=Deutsche Telekom 
AG/OU=P&I AM/DCS/ST=Hessen/L=▒
│2014-04-09 13:44:49 1WXqN2-0008Gg-2c TLS error on connection to 
sfwdallmx.t-online.de [194.25.134.110] (SSL_connect): error:14090086:SSL 
routines:SSL3_GET_SER▒
│2014-04-09 13:44:49 1WXqN2-0008Gg-2c == xxx.xxx at googlemail.com
R=smart_route T=remote_smtp defer (-37): failure while setting up TLS 
session           #
│

fetchmail:
fetchmail: awakened at Wed, 09 Apr 2014 13:00:04 (CEST) 
 

│fetchmail: securepop.t-online.de fingerprints do not match! 
 

│fetchmail: OpenSSL reported: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 
                                       ▒
│fetchmail: SSL connection failed. 
 

│fetchmail: socket error while fetching from 
xxx at xxx.de@securepop.t-online.de 

│fetchmail: Query status=2 (SOCKET) 
 



Beim Start von Mail bekomme ich die Warnung:
   Warning: Secure SMTP couldn't be used because 
"SMTP_SERVER_TLS_ADVERTISE_HOSTS"     : has not been set!    (betrifft 
aber nur die internen Mails, glaub ich)



Läuft alles wieder nach update der Revocation-List,aber
Start_certs = Yes
CERTS_CRL_CRON = yes
CERTS_CRL_CRON_SCHEDULE =  11 2 * * 2
und
START_ATD = YES

was muss alles noch eingestellt werden, dass es auf Dauer läuft.

Mehr Informationen über die Mailingliste Eisfair