[Eisfair] Mail TLS/SSL für smtp Mailversand 'innen'

Jens Kluge jk2020 at web.de
Sa Feb 1 14:05:55 CET 2014 

komme hier irgendwie nicht weiter:
habe mal debug für ssmtp ausgegeben wie folgt und bin dankbar für einen 
Hinweis, wo ich den Fehler suchen muss:

eis # /etc/init.d/mail -debug restart exim
SSMTP server is not running
shutting down SMTP server ...
Do you want to debug the (1) SMTP daemon, (2) SSMTP deamon or (d)isable 
debugging (1,2,d)? 2
starting SMTP server ...
starting SSMTP server in DEBUG mode ...
Exim version 4.82 uid=0 gid=0 pid=5188 D=fbb95cfd
Berkeley DB: Berkeley DB 5.3.21: (May 11, 2012)
Support for: crypteq iconv() PAM OpenSSL move_frozen_messages 
Content_Scanning DKIM Experimental_DCC
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm dbmjz 
dbmnz dnsdb
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/mbx autoreply pipe smtp
Size of off_t: 8
Compiler: GCC [4.2.5 20090330 (prerelease)]
Library version: OpenSSL: Compile: OpenSSL 1.0.1e-fips 11 Feb 2013
                           Runtime: OpenSSL 1.0.1f-fips 6 Jan 2014
Library version: PCRE: Compile: 8.33
                        Runtime: 8.33 2013-05-28
Total 8 lookups
WHITELIST_D_MACROS unset
TRUSTED_CONFIG_LIST unset
changed uid/gid: forcing real = effective
   uid=0 gid=0 pid=5188
   auxiliary group list: <none>
seeking password data for user "root": cache not available
getpwnam() succeeded uid=0 gid=0
seeking password data for user "exim": cache not available
getpwnam() succeeded uid=42 gid=42
changed uid/gid: calling tls_validate_require_cipher
   uid=0 gid=42 pid=5189
   auxiliary group list: <none>
tls_validate_require_cipher child 5189 ended: status=0x0
openssl option, adding from 1000000: 80000bff (all)
openssl option, adding from 81000bff: 1000000 (no_sslv2)
openssl option, adding from 81000bff: 20000 (no_compression)
openssl option, adding from 81020bff: 400000 (cipher_server_preference)
configuration file is /var/spool/exim/configure
log selectors = 00000ffc 00f32001
cwd=/var/spool/exim/log 8 args: /usr/local/exim/bin/exim -d -bd -oX 
ssmtp -tls-on-connect -oP /var/spool/exim/exim-ssmtp-daemon.pid
trusted user
admin user
seeking password data for user "imapshared": cache not available
getpwnam() succeeded uid=2026 gid=100
seeking password data for user "imappublic": cache not available
getpwnam() succeeded uid=2027 gid=100
originator: uid=0 gid=0 login=root name=root
  5188 daemon_smtp_port overridden by -oX:
  5188   <: ssmtp
  5188 listening on all interfaces (IPv4) port 465
  5188 pid written to /var/spool/exim/exim-ssmtp-daemon.pid
  5188 changed uid/gid: running as a daemon
  5188   uid=0 gid=42 pid=5188
  5188   auxiliary group list: 0 42
  5188 LOG: MAIN
  5188   exim 4.82 daemon started: pid=5188, no queue runs, listening 
for SMTPS on port 465 (IPv4)
  5188 set_process_info:  5188 daemon: no queue runs, listening for 
SMTPS on port 465 (IPv4)
  5188 daemon running with uid=0 gid=42 euid=0 egid=42
  5188 Listening...
  5188 Connection request from 192.168.2.1 port 56564
  5188 search_tidyup called
  5243 host in rfc1413_hosts? no (matched "192.168.2.0/24" in 
/etc/exim-relayfromhosts)
  5243 sender_fullhost = [192.168.2.1]
  5243 sender_rcvhost = [192.168.2.1]
  5243 Process 5243 is handling incoming connection from [192.168.2.1]
  5243 checking for IP options
  5243 no IP options found
  5243 host in host_lookup? yes (matched "*")
  5243 looking up host name for 192.168.2.1
  5188 1 SMTP accept process running
  5188 Listening...
  5243 DNS lookup of 1.2.168.192.in-addr.arpa (PTR) succeeded
  5243 Reverse DNS security status: unverified
  5243 IP address lookup yielded fli4l.mein.lan
  5243 gethostbyname looked up these IP addresses:
  5243   name=fli4l.mein.lan address=192.168.2.1
  5243 checking addresses for fli4l.mein.lan
  5243   192.168.2.1 OK
  5243 sender_fullhost = fli4l.mein.lan [192.168.2.1]
  5243 sender_rcvhost = fli4l.main.lan ([192.168.2.1])
  5243 set_process_info:  5243 handling incoming connection from 
fli4l.mein.lan [192.168.2.1]
  5243 openssl option, adding from 1000000: 80000bff (all)
  5243 openssl option, adding from 81000bff: 1000000 (no_sslv2)
  5243 openssl option, adding from 81000bff: 20000 (no_compression)
  5243 openssl option, adding from 81020bff: 400000 
(cipher_server_preference)
  5243 setting SSL CTX options: 0x81420bff
  5243 Diffie-Hellman initialized from /usr/local/ssl/certs/exim.pem 
with 1024-bit prime
  5243 tls_certificate file /usr/local/ssl/certs/exim.pem
  5243 tls_privatekey file /usr/local/ssl/certs/exim.pem
  5243 Initialized TLS
  5243 host in tls_verify_hosts? yes (matched "*")
  5243 SSL CRL value is a directory /usr/local/ssl/crl
  5243 Calling SSL_accept
  5243 SSL info: before/accept initialization
  5243 SSL info: before/accept initialization
  5243 Received TLS SNI "meinlan.dyndns.org" (unused for certificate 
selection)
  5243 SSL info: SSLv3 read client hello A
  5243 SSL info: SSLv3 write server hello A
  5243 SSL info: SSLv3 write certificate A
  5243 SSL info: SSLv3 write key exchange A
  5243 SSL info: SSLv3 write certificate request A
  5243 SSL info: SSLv3 flush data
  5243 SSL info: SSLv3 read client certificate B
  5243 SSL info: SSLv3 read client certificate B
  5243 SSL info: SSLv3 read client certificate B
  5243 LOG: MAIN
  5243   TLS error on connection from fli4l.mein.lan [192.168.2.1] 
(SSL_accept): error:140890C7:SSL 
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
  5243 LOG: MAIN
  5243   TLS client disconnected cleanly (rejected our certificate?)
  5243 search_tidyup called
  5188 child 5243 ended: status=0x0
  5188   normal exit, 0
  5188 0 SMTP accept processes now running
  5188 Listening...

Mehr Informationen über die Mailingliste Eisfair