Email send failure

[freddie]

I have seen this message repeated a number of times today on the error page:

Code: Select all

2024-12-07 15:29:51 - SendEmail: Error - The remote certificate was rejected by the provided RemoteCertificateValidationCallback.

The remote certificate is used to send a reasonable volume of email and no other senders/recipients (including this forum) report this error.

Is there something in my config I need to check?

[mcrossley]

It's worth checking the log for any additional information. But is sounds like the server cert check is failing for some reason.

I recall there was an issue a while back with an expired/invalidated (I forget which) root certificate being included in some linux distro's (I'd have to search the forum), I remember it affected me and I had to remove the offending cert manually. Maybe this has happened again?

If all else fails, there is an option in the email settings (in Internet settings) to ignore certificate errors.

[freddie]

Additional from the log:

Code: Select all

2024-12-07 15:29:51.657 SendEmail: Error
2024-12-07 15:29:51.660 SendEmail: Error -
Exception Type: MailKit.Security.SslHandshakeException
Message: An error occurred while attempting to establish an SSL or TLS connection.

The server's SSL certificate could not be validated for the following reasons:
• The server certificate has the following errors:
  • unable to get certificate CRL
  • unable to get certificate CRL

Source: MailKit
Stack Trace:    at MailKit.Net.Smtp.SmtpClient.PostConnectAsync(Stream stream, String host, Int32 port, SecureSocketOptions options, Boolean starttls, CancellationToken cancellationToken)
   at MailKit.Net.Smtp.SmtpClient.ConnectAsync(String host, Int32 port, SecureSocketOptions options, CancellationToken cancellationToken)
   at CumulusMX.EmailSender.SendEmail(String[] to, String from, String subject, String message, Boolean isHTML, Boolean useBcc)
Inner Exception...

Exception Type: System.Security.Authentication.AuthenticationException
Message: The remote certificate was rejected by the provided RemoteCertificateValidationCallback.
Source: System.Private.CoreLib
Stack Trace:    at System.Net.Security.SslStream.SendAuthResetSignal(ReadOnlySpan`1 alert, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
   at MailKit.Net.Smtp.SmtpClient.SslHandshakeAsync(SslStream ssl, String host, CancellationToken cancellationToken)
   at MailKit.Net.Smtp.SmtpClient.PostConnectAsync(Stream stream, String host, Int32 port, SecureSocketOptions options, Boolean starttls, CancellationToken cancellationToken)

Puzzling, as this is a multi-domain email server that sends out and receives plenty of email without issue. I'll have a look in the email server log too.

[freddie]

All I see in the server log is this:

Code: Select all

2024-12-07T15:29:51.657207+00:00 mailserver postfix/submission/smtpd[207194]: lost connection after STARTTLS from weather.hosiene.co.uk[2a0f:cd40:20:100::9]
2024-12-07T15:29:51.657385+00:00 mailserver postfix/submission/smtpd[207194]: disconnect from weather.hosiene.co.uk[2a0f:cd40:20:100::9] ehlo=1 starttls=1 commands=2

which fits in with the client not liking the server's certificate.

[mcrossley]

Can you look at the certificate details, the code is is complaining that it cannot get the revocation list for the certificate. The CRL distibution point(s) should be part of the cert details.