I've been seeing some odd behavior today with some of the servers that respond to smtp.comcast.net on port 587. Some, but not all, of the servers are presenting self-signed certs, causing my own server to balk at making a connection. (The Organization is RTFM, Inc. -- it'd be funny if mail wasn't queueing up on my end). Sometimes I get a server with a legit cert, so I can slowly drain my queue by flushing it over and over and over... openssl s_client output below. I can send a libpcap trace on request. --Jeff ┌─(root@bookcase)(04:48:06) └─(~)-> openssl s_client -CApath /etc/ssl/certs/ -starttls smtp -connect smtp.comcast.net:587 CONNECTED(00000003) depth=1 /C=US/O=RTFM, Inc./OU=Widgets Division/CN=Test CA20010517 verify error:num=19:self signed certificate in certificate chain verify return:0 --- Certificate chain 0 s:/C=US/O=RTFM, Inc./OU=Widgets Division/CN=localhost i:/C=US/O=RTFM, Inc./OU=Widgets Division/CN=Test CA20010517 1 s:/C=US/O=RTFM, Inc./OU=Widgets Division/CN=Test CA20010517 i:/C=US/O=RTFM, Inc./OU=Widgets Division/CN=Test CA20010517 --- Server certificate -----BEGIN CERTIFICATE----- MIICGDCCAYECAgEBMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNVBAYTAlVTMRMwEQYD VQQKEwpSVEZNLCBJbmMuMRkwFwYDVQQLExBXaWRnZXRzIERpdmlzaW9uMRgwFgYD VQQDEw9UZXN0IENBMjAwMTA1MTcwHhcNMDEwNTE3MTYxMDU5WhcNMDQwMzA2MTYx MDU5WjBRMQswCQYDVQQGEwJVUzETMBEGA1UEChMKUlRGTSwgSW5jLjEZMBcGA1UE CxMQV2lkZ2V0cyBEaXZpc2lvbjESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqG SIb3DQEBAQUAA4GNADCBiQKBgQCiWhMjNOPlPLNW4DJFBiL2fFEIkHuRor0pKw25 J0ZYHW93lHQ4yxA6afQr99ayRjMY0D26pH41f0qjDgO4OXskBsaYOFzapSZtQMbT 97OCZ7aHtK8z0ZGNW/cslu+1oOLomgRxJomIFgW1RyUUkQP1n0hemtUdCLOLlO7Q CPqZLQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAIumUwl1OoWuyN2xfoBHYAs+lRLY KmFLoI5+iMcGxWIsksmA+b0FLRAN43wmhPnums8eXgYbDCrKLv2xWcvKDP3mps7m AMivwtu/eFpYz6J8Mo1fsV4Ys08A/uPXkT23jyKo2hMu8mywkqXCXYF2e+7pEeBr dsbmkWK5NgoMl8eM -----END CERTIFICATE----- subject=/C=US/O=RTFM, Inc./OU=Widgets Division/CN=localhost issuer=/C=US/O=RTFM, Inc./OU=Widgets Division/CN=Test CA20010517 --- No client certificate CA names sent --- SSL handshake has read 1965 bytes and written 375 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 8B976D67A76BBFEF5E46CA9D079C1C1208D037B8F5825049C45B57C05786A891 Session-ID-ctx: Master-Key: 4DC43D803056BF32082F3E35B2818539E33B7321455AD625D3AD124BAD719C12C5903C9F1889EAB7A5F313B9A54D74A6 Key-Arg : None Start Time: 1232081287 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- 250 OK