Мониторю спул сендмейла на предмет «проблемные серверы»
Смотрю, что не доставить письмо через mx1.fss.ru на @sed.sfr.gov.ru из-за tls
Проверяем, что же там за зверь?
$ openssl s_client -starttls smtp -crlf -connect mx1.fss.ru:25
CONNECTED(00000003)
depth=0 C = US, ST = California, L = San Bruno, O = "IronPort Systems, Inc.", CN = IronPort Appliance Demo Certificate
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = California, L = San Bruno, O = "IronPort Systems, Inc.", CN = IronPort Appliance Demo Certificate
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 C = US, ST = California, L = San Bruno, O = "IronPort Systems, Inc.", CN = IronPort Appliance Demo Certificate
verify error:num=10:certificate has expired
notAfter=May 1 22:57:58 2016 GMT
verify return:1
depth=0 C = US, ST = California, L = San Bruno, O = "IronPort Systems, Inc.", CN = IronPort Appliance Demo Certificate
notAfter=May 1 22:57:58 2016 GMT
verify return:1
---
No client certificate CA names sent
Peer signing digest: MD5-SHA1
Peer signature type: RSA
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 1755 bytes and written 545 bytes
Verification error: certificate has expired
---
New, SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Откуда такие берутся?