[Eisfair] mail 1.17.2 - nach update -> keine locale mails mehr
Helmut Pohl
helmut_pohl at arcor.de
Di Feb 10 15:33:01 CET 2026
Hallo,
nach dem letzten Update auf mail 1.17.2 funktioniert die verschlüsselte
Übertragung zum Mailprovider. Prima!
Allerdings habe ich bemerkt, dass keine Statusmail's mehr von einigen
internen VM's mehr ankommen. Dies funktionierte aber in der Vorversion
von mail noch.
Hier mal meine Konfiguration des ssmtp von der Mail-Sender-VM:
START_SSMTP='yes' # activate configuration: yes or no
SSMTP_FORWARD_TO='postmaster at xen-eismail.gallien'
# receiver of all mails send via
ssmtp
SSMTP_MAILHUB='xen-eismail.gallien' # host to send mail to
SSMTP_MAILHUB_PORT='465'
SSMTP_USE_AUTH='yes' # activate authentication: yes or no
SSMTP_AUTH_USER='helmut' # user name used for authentication
SSMTP_AUTH_PASS='xxxxxx' # password used for authentication
SSMTP_AUTH_METHOD='cram-md5' # athentication method: plain or
cram-md5
SSMTP_USE_TLS='tls' # secure connection: no, tls or
starttls
SSMTP_USE_TLS_CERT='yes' # use cert to authenticate: yes or no
SSMTP_OUTGOING_N='1' # number of outgoing alias
definitions
SSMTP_OUTGOING_1_USER='root' # local username
SSMTP_OUTGOING_1_EMAIL='root at xen-eisfile2.gallien'
Hier die Fehlermeldung von ssmtp:
│Feb 10 14:21:52 xen-eisfile2 sSMTP[17632]: Set
Root="postmaster at xen-eismail.gallien"
│Feb 10 14:21:52 xen-eisfile2 sSMTP[17632]: Set
MailHub="xen-eismail.gallien"
│Feb 10 14:21:52 xen-eisfile2 sSMTP[17632]: Set RemotePort="465"
│Feb 10 14:21:52 xen-eisfile2 sSMTP[17632]: Set
HostName="xen-eisfile2.gallien"
│Feb 10 14:21:52 xen-eisfile2 sSMTP[17632]: Set FromLineOverride="True"
│Feb 10 14:21:52 xen-eisfile2 sSMTP[17632]: Set AuthUser="helmut"
│Feb 10 14:21:52 xen-eisfile2 sSMTP[17632]: Set AuthPass="xxxxxx"
│Feb 10 14:21:52 xen-eisfile2 sSMTP[17632]: Set AuthMethod="cram-md5"
│Feb 10 14:21:52 xen-eisfile2 sSMTP[17632]: Set UseTLS="True"
│Feb 10 14:21:52 xen-eisfile2 sSMTP[17632]: Set UseTLSCert="True"
│Feb 10 14:21:52 xen-eisfile2 sSMTP[17632]: Set
TLSCert="/usr/local/ssl/certs/ssmtp.pem"
│Feb 10 14:21:52 xen-eisfile2 sSMTP[17632]: Creating SSL connection to
host
│Feb 10 14:21:53 xen-eisfile2 sSMTP[17632]: SSL connection using
TLS_AES_256_GCM_SHA384
│Feb 10 14:21:53 xen-eisfile2 sSMTP[17632]:
│Feb 10 14:21:53 xen-eisfile2 sSMTP[17632]: Invalid response SMTP server
Die smtp-Konfiguration von mail:
START_SMTP='yes' # start SMTP server: yes or no
SMTP_QUALIFY_DOMAIN='gallien' # domain to be added to all
unqualified
# addresses
SMTP_HOSTNAME='xen-eismail.gallien' # canonical hostname of eisfair
server
SMTP_QUEUE_INTERVAL='20' # queueing interval in minutes,
usually 30
SMTP_QUEUE_OUTBOUND_MAIL='no' # set to yes if you are using a
dialup ISP
# and you want to queue outbound
mail until
# next queue run which must be
initiated
# manually or cron-job
SMTP_QUEUE_ACCEPT_PER_CONNECTION='100' # msg number to accept in one
smtp session
SMTP_LISTEN_PORT='' # port(s) on which Exim is
listening for
# inbound traffic, default is
'smtp' and
# 'submission'
SMTP_MAIL_TO_UNKNOWN_USERS='bounce' # how to handle mail to unknown
mail users:
# bounce, copy or forward
# default is 'bounce'
SMTP_ALLOW_EXIM_FILTERS='no' # allow exim filters in .forward
file: yes or no
SMTP_CHECK_RECIPIENTS='' # check that not more than the
given number of
# recipients per mail are
addressed at once.
# Default is being set to 100
SMTP_CHECK_SPOOL_SPACE='' # check if enough disk space for
spool directory
# is available. Default is being
set to 10Mb
SMTP_CHECK_SPOOL_INODES='' # check if enough inodes for
spool directory
# are available. Default is
being set to 100
SMTP_CHECK_LINE_LENGTH='no'
SMTP_LIMIT='' # mail size limit. Default is
being set to 50Mb
SMTP_REMOVE_RECEIPT_REQUEST='yes' # remove external receipt
request: yes or no
SMTP_SERVER_TRANSPORT='both' # transport to use: default, tls
or both
SMTP_IDENT_CALLBACKS='no' # enable ident callbacks: yes or no
SMTP_SERVER_TLS_ADVERTISE_HOSTS='*gallien'
# advertise STARTLS to these
hosts, to disable
# this feature set to ''
(required for tls!)
SMTP_SERVER_TLS_VERIFY_HOSTS='*gallien'
# verify tls certs of these
hosts, to diasble
# this feature set to ''
SMTP_SERVER_TLS_TRY_VERIFY_HOSTS='*gallien'
# try to verify tls certs of
these hosts, to
# disable this feature set to ''
SMTP_SERVER_SSMTP='yes' # start SSMTP server: yes or no
SMTP_SERVER_SSMTP_LISTEN_PORT='' # port on which Exim is listening for
# inbound traffic, default is
'ssmtp'
und die Fehlermeldung von mail:
2026-02-10 14:21:53 [192.168.1.121] SSL verify error: depth=0
error=unable to get certificate CRL cert=xxxxxx
2026-02-10 14:21:53 TLS error on connection from xen-eisfile2.gallien
[192.168.1.121] (SSL_accept): error:0A000086:SSL routines::certificate
verify failed
2026-02-10 14:29:57 Error reading OCSP response from
"/usr/local/ssl/crl/xen-eismail.gallien.ocsp": NULL
Es scheint so, als wenn das Zertifikat nicht geprüft werden kann, weil
es nicht übertragen wird. Aber warum?
Die Zertifikate ssmtp.pem und xen-eisfile2.gallien.pem
sind unter /var/certs/ssl/certs/ vorhanden und beim Mailhub
/var/certs/ssl/certs/xen-eismail.pem und /var/certs/ssl/certs/exim.pem
Haben sich die Zertifikatsverzeichnisse geändert?
Wie kann ich den Fehler beheben?
Gruß,
Helmut
Mehr Informationen über die Mailingliste Eisfair