The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mail delayed about 40 minutes for only 3 domains, SSL error

Discussion in 'E-mail Discussions' started by iperich, Jul 16, 2016.

  1. iperich

    iperich Member

    Joined:
    Jul 16, 2016
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chile
    cPanel Access Level:
    Root Administrator
    Hi, I have an eerie problem, I'm working in a CENTOS 6.8 x86_64 with WHM 56.0, and I'm receiving some mails with huge delay, about 40 minutes, but only for 3 or so domains. I've checked the exim log and I noted that every delayed message has this 2 errors:

    Code:
    SSL verify error: depth=0 error=self signed certificate cert=/C=US/O=McAfee, Inc./OU=EmailGateway/CN=the.sender.domain/emailAddress=support@mcafee.com
    
    SSL verify error: certificate name mismatch: "/C=US/O=McAfee, Inc./OU=EmailGateway/CN=the.sender.domain/emailAddress=support@mcafee.com"
    (yes, support@macaffee.com is always there)
    
    
    In the log all the delayed mails appear twice: in the first one (in time) it has these 2 errors, and in the second one (40 minutes later) it has no errors (and it seems that in this second moment is when the mail is actually delivered).

    This is causing a lot of problem in the business for this is a cab service, so answer with 40 minutes delay is really a problem.

    Any thoughts?

    Thanks in advice.
     
    #1 iperich, Jul 16, 2016
    Last edited by a moderator: Jul 16, 2016
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hello :),

    Are individual SSL certificates installed for the accounts, with the "Mail SNI" functionality enablead?
     
  3. iperich

    iperich Member

    Joined:
    Jul 16, 2016
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chile
    cPanel Access Level:
    Root Administrator
    where do i check that? I'm looking in Home »Service Configuration »Manage Service SSL Certificates (in exim - certificate details i can see a warning about the certificate is self-signed), but I don't see "Mail SNI" anywhere....
     
    #3 iperich, Jul 17, 2016
    Last edited: Jul 17, 2016
  4. ssfred

    ssfred Well-Known Member

    Joined:
    Jan 6, 2012
    Messages:
    62
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello

    The option is available in cPanel -> SSL/TLS Manager -> Manage SSL Hosts . The check box "Enable SNI for Mail Services:" is present in the last line of the page just above the button "Install Certificate".
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  6. iperich

    iperich Member

    Joined:
    Jul 16, 2016
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chile
    cPanel Access Level:
    Root Administrator
    Yes, indeed, is checked, but to "uncheck" it I have to "install certificate"? There is no way to "save" ?

    Greylisting is Disabled, I checked.
     
    #6 iperich, Jul 22, 2016
    Last edited by a moderator: Jul 22, 2016
  7. iperich

    iperich Member

    Joined:
    Jul 16, 2016
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chile
    cPanel Access Level:
    Root Administrator
    It seems to be that exim has problems with the sender's certificates... can I tell exim not to check that? at least for those domains....
     
  8. iperich

    iperich Member

    Joined:
    Jul 16, 2016
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chile
    cPanel Access Level:
    Root Administrator
    what if in cPanel i configure a global mail filter "Stop Processing Rules" for the domains ? Stop Processing Rules means "do not filter, just deliver the mail"?
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    The SSL error messages in /var/log/exim_mainlog should not result in a 40-minute delay. The messages indicate a self-signed certificate was provided by the remote SMTP server. You will notice this with Exim 4.86 based on the following changes:

    Code:
    JH/04 Certificate name checking on server certificates, when exim is a client,
      is now done by default.  The transport option tls_verify_cert_hostnames
      can be used to disable this per-host.  The build option
      EXPERIMENTAL_CERTNAMES is withdrawn.
    
    JH/06 Verification of the server certificate for a TLS connection is now tried
      (but not required) by default.  The verification status is now logged by
      default, for both outbound TLS and client-certificate supplying inbound
      TLS connections
    Note that while you see the warning messages in /var/log/exim_mainlog, it should not result in any issues with mail delivery by default. Thus, it's likely the delay stems from another issue. Do you experience the issue with other remote mail servers, or is the issue isolated to this particular remote mail server?

    Thank you.
     
  10. iperich

    iperich Member

    Joined:
    Jul 16, 2016
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chile
    cPanel Access Level:
    Root Administrator
    The problem happens with "some" (I don't see any pattern) domains, I've identified 4 of them. But I see the SSL error on all of them.
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page