Hello,
my ASG 8.311 is configured to perform a forced TLS negotiation with an external provider. I have configured the 'Mail Security > SMTP > Advanced > TLS Settings' fields on my Astaro.
I have included his 4 publicly defined MX servers in the "Require TLS negotiation hosts/net" field, and added "*@otherdomain.com" to the "Require TLS negotiation sender domains".
When he tries to send to me, the following error occurs:
2014:01:20-07:13:20 mail2 exim-in[6631]: 2014-01-20 07:13:20 SMTP connection from [74.125.245.78]:45183 (TCP/IP connection count = 1)
2014:01:20-07:13:20 mail2 exim-in[27465]: 2014-01-20 07:13:20 TLS error on connection from na3sys010aog105.obsmtp.com [74.125.245.78]:45183 (SSL_accept): error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
2014:01:20-07:13:20 mail2 exim-in[27465]: 2014-01-20 07:13:20 TLS client disconnected cleanly (rejected our certificate?)
2014:01:20-07:13:20 mail2 exim-in[27465]: 2014-01-20 07:13:20 SMTP connection from na3sys010aog105.obsmtp.com [74.125.245.78]:45183 closed by EOF
It appears they are rejecting my TLS certificate? The one I am using in the "TLS certificate" field is the "WebAdmin certificate for {InternalIP}". Do I need to create or purchase a 3rd-party certificate? I think not, but am at a loss.
-stoomaroo
This thread was automatically locked due to age.
