mail delayed about 40 minutes for only 3 domains, SSL error
Hi, I have an eerie problem, I'm working in a CENTOS 6.8 x86_64 with WHM 56.0, and I'm receiving some mails with huge delay, about 40 minutes, but only for 3 or so domains. I've checked the exim log and I noted that every delayed message has this 2 errors:
In the log all the delayed mails appear twice: in the first one (in time) it has these 2 errors, and in the second one (40 minutes later) it has no errors (and it seems that in this second moment is when the mail is actually delivered). This is causing a lot of problem in the business for this is a cab service, so answer with 40 minutes delay is really a problem. Any thoughts? Thanks in advice.
SSL verify error: depth=0 error=self signed certificate cert=/C=US/O=McAfee, Inc./OU=EmailGateway/CN=the.sender.domain/emailAddress=support@mcafee.com
SSL verify error: certificate name mismatch: "/C=US/O=McAfee, Inc./OU=EmailGateway/CN=the.sender.domain/emailAddress=support@mcafee.com"
(yes, support@macaffee.com is always there)
In the log all the delayed mails appear twice: in the first one (in time) it has these 2 errors, and in the second one (40 minutes later) it has no errors (and it seems that in this second moment is when the mail is actually delivered). This is causing a lot of problem in the business for this is a cab service, so answer with 40 minutes delay is really a problem. Any thoughts? Thanks in advice.
-
Hello :), Are individual SSL certificates installed for the accounts, with the "Mail SNI" functionality enablead? 0 -
where do i check that? I'm looking in Home "Service Configuration "Manage Service SSL Certificates (in exim - certificate details i can see a warning about the certificate is self-signed), but I don't see "Mail SNI" anywhere.... 0 -
Hello The option is available in cPanel -> SSL/TLS Manager -> Manage SSL Hosts . The check box "Enable SNI for Mail Services:" is present in the last line of the page just above the button "Install Certificate". 0 -
Hello, Could you verify if Greylisting is enabled on this server? It's possible that's where the delay you are seeing is coming from. The feature is documented at: Greylisting - Documentation - cPanel Documentation Thank you. 0 -
Hello The option is available in cPanel -> SSL/TLS Manager -> Manage SSL Hosts . The check box "Enable SNI for Mail Services:" is present in the last line of the page just above the button "Install Certificate".
Yes, indeed, is checked, but to "uncheck" it I have to "install certificate"? There is no way to "save" ?Hello, Could you verify if Greylisting is enabled on this server? It's possible that's where the delay you are seeing is coming from. The feature is documented at:
0 -
It seems to be that exim has problems with the sender's certificates... can I tell exim not to check that? at least for those domains.... 0 -
what if in cPanel i configure a global mail filter "Stop Processing Rules" for the domains ? Stop Processing Rules means "do not filter, just deliver the mail"? 0 -
Hello, The SSL error messages in /var/log/exim_mainlog should not result in a 40-minute delay. The messages indicate a self-signed certificate was provided by the remote SMTP server. You will notice this with Exim 4.86 based on the following changes: JH/04 Certificate name checking on server certificates, when exim is a client, is now done by default. The transport option tls_verify_cert_hostnames can be used to disable this per-host. The build option EXPERIMENTAL_CERTNAMES is withdrawn. JH/06 Verification of the server certificate for a TLS connection is now tried (but not required) by default. The verification status is now logged by default, for both outbound TLS and client-certificate supplying inbound TLS connections
Note that while you see the warning messages in /var/log/exim_mainlog, it should not result in any issues with mail delivery by default. Thus, it's likely the delay stems from another issue. Do you experience the issue with other remote mail servers, or is the issue isolated to this particular remote mail server? Thank you.0 -
Do you experience the issue with other remote mail servers, or is the issue isolated to this particular remote mail server?
The problem happens with "some" (I don't see any pattern) domains, I've identified 4 of them. But I see the SSL error on all of them.0 -
Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome. Thank you. 0
Please sign in to leave a comment.
Comments
10 comments