I applied the 9.210-20 update last evening so I could update the TLS certificate (previous bug fixed with this version). The previous cert was expired, but somehow had not been affecting any incoming email. I'm guessing because the firewall just forwards email on to our on-premise exchange server (?). In testing today, I'm noticing no incoming email from google (and several other providers) but plenty from others. Looking the at the SMTP log, I see the following:
2014:12:05-02:25:37 rhythm exim-in[9951]: 2014-12-05 02:25:37 TLS error on connection from mail-ie0-f182.google.com [209.85.223.182]:59201 (SSL_accept): error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
2014:12:05-02:25:37 rhythm exim-in[9951]: 2014-12-05 02:25:37 TLS client disconnected cleanly (rejected our certificate?)
2014:12:05-02:25:37 rhythm exim-in[9951]: 2014-12-05 02:25:37 SMTP connection from mail-ie0-f182.google.com [209.85.223.182]:59201 closed by EOF
The certificate is an Exchange UCC from digicert. I exported from our Exchange server to a pfx, imported it into the UTM, and selected that cert under SMPT->Advanced->TLS. I have the intermediate installed on the firewall and it all appears to be installed correctly. Is there a problem with how these certs are installed or is there a problem with this new version of firmware?
Note that I submitted this a case to support and did not get very far.
This thread was automatically locked due to age.
