You are not logged in.
Pages: 1
I am testing 2 servers. Using the same script on each server, one sends an email the other does not. The one that sends includes the Gmail TLS session ticket etc. The one that doesn't send shows the following.
Using stored SMTP server info...
Found conf/smtpsrvs file...
2018-03-22T20:50:11| Opening port 587 for SMTPout-587 service...
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1521751835
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
Firewall rule SMTPout-587 closed.
Backup finished
Both servers are in the same network, different vlans, and both can reach smtp.gmail.com. Anyone have any ideas.
Thanks
Offline
You have a definitive message
[b]no peer certificate available[/b]
Have you assigned a hostname?
does it make sense in terms of being resolvable?
OpenSSL is not presenting a certificate, maybe it can't for some reason.
[url]https://stackoverflow.com/questions/24457408/openssl-command-to-check-if-a-server-is-presenting-a-certificate[/url]
Offline
The esxi machine has a hostname. If I open the port and run
openssl s_client -connect smtp.gmail.com:587 -servername smtp.gmail.com
it responds the same way, so I assume is on my side. I just don't know what is wrong and how to solve it. I do believe you are correct that openssl isn't presenting a certificate but which certificate. The contents of the /etc/vmware/ssl directories show the same content so I don't think there is anything missing, but one of them could be broken.
Offline
Follow the white rabbit called [b]no peer certificate available[/b], use a different e-mail server, use your own local SMTP without authentication, use a different e-mail server without SSL, reinstall ESXi...
You have multiple possible ways to fix or work your problem around.
Offline
I have been going through those things. Just wondered if someone had seen the issue and found the answer. Since the same script works with one ESXi host and not the other and both use the same firewall rules, there is most likely a difference at the ESXi level. I will post back when I solved it.
Offline
Just to update this post for future reference. In the end, it was just the SMTP port. I had created the scripts and copied the scripts and config files to both servers. This is my home lab and some time elapsed between deploying the script on the first server and the second. I am used to using port 587 rather than the less common 465. I had obviously changed the SMTP port on the first server. Since so much time had elapsed, I didn't think about the port change. Anyway, Gmail port 465 a must.
Offline
Pages: 1