Hi all,

I've just been doing some work on verifying SSL certs presented when 
delivering mail using STARTTLS. The servers that run this mailing list 
do a STARTTLS - but seem to present an invalid cert:

Jan 31 02:49:24 mail postfix/smtpd[3084]: connect from 
mail03v-smtp01.fnal.gov[131.225.199.28]
Jan 31 02:49:25 mail postfix/smtpd[3084]: setting up TLS connection from 
mail03v-smtp01.fnal.gov[131.225.199.28]
Jan 31 02:49:26 mail postfix/smtpd[3084]: certificate verification 
failed for mail03v-smtp01.fnal.gov[131.225.199.28]: untrusted issuer 
/C=US/ST=IL/L=Batavia/O=Fermilab/OU=Research/CN=mail03v-smtp01.fnal.gov
Jan 31 02:49:26 mail postfix/smtpd[3084]: 
mail03v-smtp01.fnal.gov[131.225.199.28]: Untrusted: 
subject_CN=mail03v-smtp01.fnal.gov, issuer=mail03v-smtp01.fnal.gov, 
fingerprint=45:43:48:94:B1:C4:F8:AC:00:C2:EC:93:9E:35:05:BF
Jan 31 02:49:26 mail postfix/smtpd[3084]: Untrusted TLS connection 
established from mail03v-smtp01.fnal.gov[131.225.199.28]:TLSv1 with 
cipher AES128-SHA (128/128 bits)

Does anyone know what CA is being used here? None of this really seems 
as it should to me...

-- 
Steven Haigh

Email: [log in to unmask]
Web: https://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
Fax: (03) 8338 0299