{"id":278,"date":"2011-02-04T07:23:58","date_gmt":"2011-02-03T20:23:58","guid":{"rendered":"http:\/\/howden.net.au\/thowden\/?p=278"},"modified":"2011-02-04T07:23:58","modified_gmt":"2011-02-03T20:23:58","slug":"sendmail-starttls-tlsv1sslv3-verifyfail","status":"publish","type":"post","link":"https:\/\/howden.net.au\/thowden\/2011\/02\/sendmail-starttls-tlsv1sslv3-verifyfail\/","title":{"rendered":"sendmail STARTTLS TLSv1\/SSLv3 verify=FAIL"},"content":{"rendered":"<p>I have logwatch running on a number of servers and have had a message within the sendmail section on one server for some time but as everything was working I figured it could wait. I finally took the time to check it out this morning and I was correct in my assumption.<\/p>\n<p>[php]&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212; sendmail Begin &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212; <\/p>\n<p>**Unmatched Entries**<br \/>\n   STARTTLS=client, relay=mysmarthost.exchange.2007.server., version=TLSv1\/SSLv3, verify=FAIL, cipher=AES128-SHA, bits=128\/128: 9 Time(s)<\/p>\n<p> &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;- sendmail End &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-<br \/>\n[\/php]<\/p>\n<p>The server is configured to send all mail from the linux server to our internal MS exchange server.<\/p>\n<p>This message with the verify=FAIL is just saying that the CA authority for the certificate being used could not be verified. This is normal with self-issued certificates and is just a note.<\/p>\n<p>From my perspective the main thing is that the count of X time(s) is higher than 9 on a normal day as it is our <a href=\"http:\/\/www.kayako.com\/\">Kayako HelpDesk<\/a> server and typically it is 300+ emails \/ ticket actions. So a low count indicates a problem.<\/p>\n<p>Thanks to <a href=\"http:\/\/forum.nginx.org\/read.php?24,132379\">Alexander in the nginx forums<\/a> for the pointer and link to the <a href=\"http:\/\/www.sendmail.org\/m4\/starttls.html\">relevant sendmail details on starttls.<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I have logwatch running on a number of servers and have had a message within the sendmail section on one server for some time but as everything was working I figured it could wait. I finally took the time to check it out this morning and I was correct in my assumption. [php]&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212; sendmail Begin [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-278","post","type-post","status-publish","format-standard","hentry","category-linux-servers-and-software"],"_links":{"self":[{"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/posts\/278","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/comments?post=278"}],"version-history":[{"count":0,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/posts\/278\/revisions"}],"wp:attachment":[{"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/media?parent=278"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/categories?post=278"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/tags?post=278"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}