Huh? smtp: ssl bad peer certificate
Another company sends us mail using mandatory TLS.
We always accept TLS offers.
Up until Sunday we have been able to receive mail from them just fine, then it stopped coming.
They see something like this in their mail server logs (they have Lotus Notes)
06/24/2009 08:43:29 AM [1164:0006-1188] SMTPClient: SSL handshake error: 1C7Bh
06/24/2009 08:43:29 AM Router: No messages transferred to XXXXXXX.COM (host mail2a.XXXXXXX.COM) via SMTP: SSL bad peer certificate. Connection refused.
06/24/2009 08:43:30 AM [1164:000B-11A4] SMTPClient: SSL handshake error: 1C7Bh
06/24/2009 08:43:30 AM Router: No messages transferred to XXXXXX.COM (host mail4a.XXXXXXX.COM) via SMTP: SSL bad peer certificate. Connection refused.
They think that the problem is on our side. But we haven't changed anything except we upgraded our BMGs from v7 to v8 on Saturday.
I think this is something on their side, but I am not able to prove anything.
Has anyone seen anything like this before?
Comments
MTA logs on Brightmail Gateway
I think you probably want to capture debugged MTA logs on the Brightmail Gateway to correspond with the customers logs.
One change that I think took place in version 8 is that I believe we now only allow SSLv3 level (high and medium) ciphers.
I wonder if your partner is using SSLv2, weak or anonymous cyphers... If that's the case it could be the issue here. SSLv2 is over 10 years old, has been cracked, and is unreliable.
Kevin
Would you like to reply?
Login or Register to post your comment.