Haines Brown
2007-Dec-26 12:39 UTC
[Pkg-exim4-users] flawed configuration causes mail server errors
I''ve been fiddling with exim4 and sa-exim, under Debian etch, and
believe I''ve retreated to my original (monolithic)
configuration. However, an artifact of that experiment are periodic
error messages coming back from my ISP''s mail server. For perhaps one
out of three fetchmail reports I get, for example:
fetchmail: Server CommonName mismatch: localhost
!= pop.hartford-hwp.com
fetchmail: Server certificate verification error: self signed
certificate
2 messages for brownh at hartford-hwp.com at pop.hartford-hwp.com
(109887 octets).
reading message
brownh at hartford-hwp.com@mymail.myregisteredsite.com:1 of 2
(89896 octets)................... flushed
reading message
brownh at hartford-hwp.com@mymail.myregisteredsite.com:2 of 2
(19991 octets)................... flushed
As this fetchmail message indicates, the two mail messages were
actually downloaded successfully despite the verification problem.
It seems that the error message says that it does not find that
pop.hartford-hwp.com is an alias for localhost. My local hostname is
"teufel". My /etc/hosts file has:
127.0.0.1 localhost.localdomain localhost
192.168.1.1 teufel.hartford-hwp.com teufel
...
I''m not running SSL, but I believe my ISP may be using it. Other than
a possible connection with SSL, I''ve no idea what the fetchmail
message means.
In /etc/exim4/email-addresses I put:
user: brownh at hartford-hwp.com
In /etc/exim4/passwd.client I have (I obfuscated the PW here):
*:brownh at hartford-hwp.com:NNNN
In /etc/exim4/updat-exim4.conf.conf I have (registeredsite is my ISP):
dc_eximconfig_configtype=''smarthost''
dc_other_hostnames=''hartford-hwp.com''
dc_local_interfaces=''''
dc_readhost=''hartford-hwp.com''
dc_smarthost=''mymail.myregisteredsite.com''
--
Haines Brown, KB1GRM
Florian Weimer
2007-Dec-26 17:31 UTC
[Pkg-exim4-users] flawed configuration causes mail server errors
* Haines Brown:> I''ve been fiddling with exim4 and sa-exim, under Debian etch, and > believe I''ve retreated to my original (monolithic) > configuration. However, an artifact of that experiment are periodic > error messages coming back from my ISP''s mail server. For perhaps one > out of three fetchmail reports I get, for example: > > fetchmail: Server CommonName mismatch: localhost > != pop.hartford-hwp.comIs pop.hartford-hwp.com one of your hosts?
Haines Brown
2007-Dec-26 18:49 UTC
[Pkg-exim4-users] flawed configuration causes mail server errors
> * Haines Brown: > > > I''ve been fiddling with exim4 and sa-exim, under Debian etch, and > > believe I''ve retreated to my original (monolithic) > > configuration. However, an artifact of that experiment are periodic > > error messages coming back from my ISP''s mail server. For perhaps one > > out of three fetchmail reports I get, for example: > > > > fetchmail: Server CommonName mismatch: localhost > > != pop.hartford-hwp.com > > Is pop.hartford-hwp.com one of your hosts?I assume that my hosts are the names listed in /etc/hosts, and these are: 127.0.0.1 localhost.localdomain localhost 192.168.1.1 teufel.hartford-hwp.com teufel The "pop.hartford-hwp.com" is, I assume, the address of the POP server on my ISP''s mail server. Surely the mail server isn''t complaining that pop.hartford-hwp.com isn''t the name of the host. This address comes up only in connection with fetchmail''s poll command: poll pop.hartford-hwp.com It sounds like my ISP''s mail server does not see that "pop.hartford-hwp.com" is a legitimate name for my POP account. Haines Brown
Florian Weimer
2007-Dec-26 19:03 UTC
[Pkg-exim4-users] flawed configuration causes mail server errors
* Haines Brown:> The "pop.hartford-hwp.com" is, I assume, the address of the POP server > on my ISP''s mail server. Surely the mail server isn''t complaining that > pop.hartford-hwp.com isn''t the name of the host.But I think fetchmail does. Look at the output you posted.
Haines Brown
2007-Dec-26 20:53 UTC
[Pkg-exim4-users] flawed configuration causes mail server errors
> From: Florian Weimer <fw at deneb.enyo.de> > Cc: pkg-exim4-users at lists.alioth.debian.org > Date: Wed, 26 Dec 2007 20:03:33 +0100 > MIME-Version: 1.0 > Content-Type: text/plain; charset=us-ascii > > * Haines Brown: > > > The "pop.hartford-hwp.com" is, I assume, the address of the POP server > > on my ISP''s mail server. Surely the mail server isn''t complaining that > > pop.hartford-hwp.com isn''t the name of the host. > > But I think fetchmail does. Look at the output you posted.So fetchmail is generating the error rather than merely reporting it? The error message is: fetchmail: Server CommonName mismatch: localhost != pop.hartford-hwp.com fetchmail: Server certificate verification error: self signed certificate Does the first mean that fetchmail is not finding any name association between local hostname and pop.hartford-hwp.com. The latter seems the name of the POP account on the mail server, but why should it be associated with hostname on the mail server? As for the second, all I can find out is that it has to do with SSL. I''m not running SSL. -- Haines Brown, KB1GRM
Florian Weimer
2007-Dec-26 21:08 UTC
[Pkg-exim4-users] flawed configuration causes mail server errors
* Haines Brown:> The error message is: > > fetchmail: Server CommonName mismatch: localhost > != pop.hartford-hwp.com > fetchmail: Server certificate verification error: self signed > certificate > > Does the first mean that fetchmail is not finding any name association > between local hostname and pop.hartford-hwp.com.No, the issue is that the certificate has been issued to "localhost" (literally): - Certificate[0] info: # The hostname in the certificate does NOT match ''pop.hartford-hwp.com''. # valid since: Tue Nov 20 16:43:09 CET 2007 # expires at: Wed Nov 19 16:43:09 CET 2008 # fingerprint: 44:B3:8D:19:D1:83:C1:06:95:CB:22:69:73:CE:08:61 # Subject''s DN: C=US,ST=NY,L=New York,O=Courier Mail Server,OU=Automatically-generated POP3 SSL key,CN=localhost,EMAIL=postmaster at example.com # Issuer''s DN: C=US,ST=NY,L=New York,O=Courier Mail Server,OU=Automatically-generated POP3 SSL key,CN=localhost,EMAIL=postmaster at example.com So the error message issued by fetchmail is correct because the certificate''s common name should be "pop.hartford-hwp.com".
Haines Brown
2007-Dec-26 21:47 UTC
[Pkg-exim4-users] flawed configuration causes mail server errors
Sorry to follow up on my own message, but I disover this:
$ swaks
To: pop.hartford-hwp.com at registeredsite.com
=== Trying mailhub.registeredsite.com:25...
=== Connected to mailhub.registeredsite.com.
<- 220 mailhub2.registeredsite.com ESMTP SMTP Service (NO SPAM/UCE)
-> EHLO teufel.hartford-hwp.com
<- 250-mail3.atl.registeredsite.com Hello 208.172.252.64.snet.net
[64.252.172.208] (may be forged), pleased to meet you
<- 250-ENHANCEDSTATUSCODES
<- 250-PIPELINING
<- 250-8BITMIME
<- 250-SIZE 26214400
<- 250-DSN
<- 250-ETRN
<- 250-AUTH GSSAPI
<- 250-DELIVERBY
<- 250 HELP
-> MAIL FROM:<brownh at teufel.hartford-hwp.com>
<** 553 5.1.8 <brownh at teufel.hartford-hwp.com>... Domain of sender
address
brownh at teufel.hartford-hwp.com does not exist
-> QUIT
<- 221 2.0.0 mail3.atl.registeredsite.com closing connection
=== Connection closed with remote host.
Sounds like my FQDN is being rejected because it is not a known
domain.
In my /etc/exim4/email-addresses (a link to itself?) I have:
user: brownh at hartford-hwp.com
In exim4 configuration dialog, I''m asked for the system mail name. It
says it should be the FQDN, and so I dutifully entered
teufel.hartford-hwp.com .
--
Haines Brown, KB1GRM