[imapfilter-devel] ATTENTION: SSL/TLS certificate fingerprint mismatch
Spam
spam at emeidi.com
Tue Jun 7 15:37:31 EEST 2011
Hello,
Our IT department recently migrated the e-mail infrastructure to Microsoft Exchange 2010.
Ever since, I have troubles with imapfilter 2.2.2-1 on Debian GNU/Linux filtering incoming mails to different subfolders. imapfilter exits with error code 5 ("imapfilter: certificate mismatch in non-interactive mode").
I was able to narrow down the problem to server key fingerprints constantly switching between two values:
1) CD:10:34:E9:6D:1D:07:09:3D:9E:53:FC:B5:94:B0:10
2) 6D:D9:E8:FF:A3:70:2A:D8:44:10:0C:7D:0E:94:65:FC
The first fingerprint is received when imapfilter is run interactively. I accept the certificate permanently to be able to run imapfilter with a cron job:
- --
Server certificate subject: /1.3.6.1.4.1.311.60.2.1.3=CH/
1.3.6.1.4.1.311.60.2.1.2=Bern/businessCategory=Government Entity/
serialNumber=1834-03-14/C=CH/ST=Bern/L=Bern/O=Universitaet Bern/
OU=Informatikdienste - SYS/CN=mail.campus.unibe.ch
Server certificate issuer: /C=BM/O=QuoVadis
Limited/OU=http://www.quovadisglobal.com/CN=QuoVadis
Global SSL ICA
Server key fingerprint: CD:10:34:E9:6D:1D:07:09:3D:9E:53:FC:B5:94:B0:10
(R)eject, accept (t)emporarily or accept (p)ermanently? p
- --
The certificate then somehow changes:
- --
Server certificate subject: /1.3.6.1.4.1.311.60.2.1.3=CH/
1.3.6.1.4.1.311.60.2.1.2=Bern/businessCategory=Government Entity/
serialNumber=1834-03-14/C=CH/ST=Bern/L=Bern/O=Universitaet Bern/
OU=Informatikdienste - SYS/CN=mail.campus.unibe.ch
Server certificate issuer: /C=BM/O=QuoVadis
Limited/OU=http://www.quovadisglobal.com/CN=QuoVadis
Global SSL ICA
Server key fingerprint: 6D:D9:E8:FF:A3:70:2A:D8:44:10:0C:7D:0E:94:65:FC
ATTENTION: SSL/TLS certificate fingerprint mismatch.
Proceed with the connection (y/n)? y
- --
I talked to the server guys. Their response:
1) We whether know nor support a tool called "imapfilter"
2) Our servers are load balanced, but they are adhering to RFCs
Any suggestions how to avoid those troubles on my side?
Thank you & regards,
Mario
More information about the Imapfilter-devel
mailing list