Viele STARTTLS Fehler nach Tausch des Zertifikates
Frank Fiene
ffiene at veka.com
Fr Apr 29 20:19:11 CEST 2022
Moin!
Ich weiß nicht mehr weiter.
Wenn ich https://www.checktls.com/TestReceiver <https://www.checktls.com/TestReceiver> auf unserer Domain versuche, sieht alles gut aus.
[000.000] Trying TLS on smtp1.veka.com[185.254.60.2:25] (10) [000.091] Server answered [001.038] <‑‑ 220 smtp1.veka.com ESMTP Postfix (Ubuntu) [001.038] We are allowed to connect [001.038] ‑‑> EHLO www12-azure.checktls.com [001.134] <‑‑ 250-smtp1.veka.com
250-PIPELINING
250-SIZE 65536000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8 [001.134] We can use this server [001.134] TLS is an option on this server [001.135] ‑‑> STARTTLS [001.225] <‑‑ 220 2.0.0 Ready to start TLS [001.225] STARTTLS command works on this server [001.465] Connection converted to SSL SSLVersion in use: TLSv1_3 Cipher in use: TLS_AES_256_GCM_SHA384 Perfect Forward Secrecy: yes Session Algorithm in use: Curve X25519 DHE(253 bits) Certificate #1 of 3 (sent by MX): Cert VALIDATED: ok Cert Hostname VERIFIED (smtp1.veka.com = veka.com | DNS:veka.com | DNS:*.veka.com | DNS:*.veka.de | DNS:veka.de | DNS:veka.nl | DNS:www.veka.nl | DNS:www.architecten.vekakozijn.nl | DNS:architecten.vekakozijn.nl | DNS:www.veka.ch | DNS:veka.ch | DNS:www.veka.it | DNS:veka.it | DNS:www.veka.be | DNS:veka.be | DNS:www.veka.cz | DNS:veka.cz | DNS:www.veka-ut.de | DNS:veka-ut.de | DNS:www.veka.com.tr | DNS:veka.com.tr | DNS:www.extranet.veka.fr | DNS:extranet.veka.fr | DNS:www.extranet.veka.es | DNS:extranet.veka.es | DNS:www.veka.pt | DNS:veka.pt | DNS:www.extranet.veka.pt | DNS:extranet.veka.pt | DNS:www.vekats.com | DNS:vekats.com | DNS:www.veka.sk | DNS:veka.sk | DNS:astaro.de01.veka.com) Not Valid Before: Apr 28 00:00:00 2022 GMT Not Valid After: May 20 23:59:59 2023 GMT subject= /C=DE/ST=Nordrhein-Westfalen/L=Sendenhorst/O=Veka AG/CN=veka.com issuer= /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=GeoTrust TLS RSA CA G1 Certificate #2 of 3 (sent by MX): Cert VALIDATED: ok Not Valid Before: Nov 2 12:23:37 2017 GMT Not Valid After: Nov 2 12:23:37 2027 GMT subject= /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=GeoTrust TLS RSA CA G1 issuer= /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2 Certificate #3 of 3 (added from CA Root Store): Cert VALIDATED: ok Not Valid Before: Aug 1 12:00:00 2013 GMT Not Valid After: Jan 15 12:00:00 2038 GMT subject= /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2 issuer= /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2 [001.911] ~~> EHLO www12-azure.checktls.com [002.002] <~~ 250-smtp1.veka.com
250-PIPELINING
250-SIZE 65536000
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8 [002.003] TLS successfully started on this server [002.003] ~~> MAIL FROM:<test at checktls.com> [002.093] <~~ 250 2.1.0 Ok [002.094] Sender is OK [002.094] ~~> QUIT [002.185] <~~ 221 2.0.0 Bye
Es kommen aber diverse Mails nicht an, vor allem von Microsoft und web.de <http://web.de/>, gmx wahrscheinlich auch.
Davon hab ich einiges im Log der MXe stehen:
Apr 29 19:55:54 smtp1 postfix/smtpd[20048]: lost connection after STARTTLS from smtpout15.sweb.ru[2a02:408:7722:1:77:222:41:79]
Apr 29 19:56:09 smtp1 postfix/smtpd[20045]: lost connection after STARTTLS from delivery.mailspamprotection.com[185.56.84.23]
Apr 29 19:56:46 smtp1 postfix/smtpd[22521]: lost connection after STARTTLS from e2i45.smtp2go.com[103.2.140.45]
Apr 29 19:58:50 smtp1 postfix/smtpd[23630]: lost connection after STARTTLS from server2.limesoft.com.br[67.23.255.130]
Apr 29 20:00:16 smtp1 postfix/smtpd[27009]: lost connection after STARTTLS from mout.gmx.net[212.227.15.15]
Apr 29 20:00:18 smtp1 postfix/smtpd[27006]: lost connection after STARTTLS from out3-76.antispamcloud.com[185.201.18.76]
Apr 29 20:03:25 smtp1 postfix/smtpd[27420]: lost connection after STARTTLS from molamola.ripe.net[2001:67c:2e8:11::c100:1371]
Apr 29 20:03:25 smtp1 postfix/smtpd[30976]: lost connection after STARTTLS from molamola.ripe.net[193.0.19.113]
Apr 29 20:04:06 smtp1 postfix/smtpd[30976]: lost connection after STARTTLS from 153207.onlinenow.com.ar[205.251.153.207]
Apr 29 20:04:40 smtp1 postfix/smtpd[32610]: lost connection after STARTTLS from smtpout13.sweb.ru[2a02:408:7722:1:77:222:41:57]
Apr 29 20:04:52 smtp1 postfix/smtpd[32596]: lost connection after STARTTLS from mout.web.de[212.227.17.12]
Apr 29 20:05:03 smtp1 postfix/smtpd[32595]: lost connection after STARTTLS from nx226.node02.secure-mailgate.com[192.162.87.226]
Apr 29 20:05:39 smtp1 postfix/smtpd[32599]: lost connection after STARTTLS from mout.gmx.net[212.227.17.22]
Apr 29 20:06:32 smtp1 postfix/smtpd[32598]: lost connection after STARTTLS from nx109.node02.secure-mailgate.com[192.162.87.109]
Apr 29 20:07:25 smtp1 postfix/smtpd[32595]: lost connection after STARTTLS from mail.ozokgroup.com[185.111.235.60]
Apr 29 20:09:14 smtp1 postfix/smtpd[32597]: lost connection after STARTTLS from resqmta-a1p-077438.sys.comcast.net[96.103.146.52]
Apr 29 20:11:08 smtp1 postfix/smtpd[6695]: lost connection after STARTTLS from delivery.mailspamprotection.com[185.56.85.145]
Apr 29 20:11:30 smtp1 postfix/smtpd[6695]: lost connection after STARTTLS from mout.web.de[212.227.17.11]
Apr 29 20:12:09 smtp1 postfix/smtpd[6537]: lost connection after STARTTLS from cp-nbg1-bgho.nethinks.com[212.218.193.253]
Komischerweise nichts von Microsoft.
Bin mal gespannt, ob die Mail hier wieder von der Mailingliste zu mir kommt.
Viele Grüße!
Frank
--
Frank Fiene
IT-Security Manager VEKA Group
Fon: +49 2526 29-6200
Fax: +49 2526 29-16-6200
mailto: ffiene at veka.com
http://www.veka.com
PGP-ID: 62112A51
PGP-Fingerprint: 7E12 D61B 40F0 212D 5A55 765D 2A3B B29B 6211 2A51
Threema: VZK5NDWW
VEKA AKTIENGESELLSCHAFT
Dieselstr. 8
48324 Sendenhorst
Deutschland/Germany
http://www.veka.com
Vorstand/Executive Board: Andreas Hartleif (Vorsitzender/CEO),
Pascal Heitmar, Josef L. Beckhoff, Elke Hartleif, Dr. Werner Schuler,
Vorsitzender des Aufsichtsrates/Chairman of Supervisory Board: Dr. Andreas W. Hillebrand
HRB 8282 AG Münster/District Court of Münster
-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20220429/c0edbc96/attachment-0001.htm>
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : signature.asc
Dateityp : application/pgp-signature
Dateigröße : 833 bytes
Beschreibung: Message signed with OpenPGP
URL : <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20220429/c0edbc96/attachment-0001.asc>
Mehr Informationen über die Mailingliste Postfixbuch-users