[imapfilter-devel] ATTENTION: SSL/TLS certificate fingerprint mismatch

Spam spam at emeidi.com
Tue Jun 7 15:37:31 EEST 2011


Hello,

Our IT department recently migrated the e-mail infrastructure to Microsoft Exchange 2010.

Ever since, I have troubles with imapfilter 2.2.2-1 on Debian GNU/Linux filtering incoming mails to different subfolders. imapfilter exits with error code 5 ("imapfilter: certificate mismatch in non-interactive mode").

I was able to narrow down the problem to server key fingerprints constantly switching between two values:

1) CD:10:34:E9:6D:1D:07:09:3D:9E:53:FC:B5:94:B0:10
2) 6D:D9:E8:FF:A3:70:2A:D8:44:10:0C:7D:0E:94:65:FC

The first fingerprint is received when imapfilter is run interactively. I accept the certificate permanently to be able to run imapfilter with a cron job:

- --
Server certificate subject: /1.3.6.1.4.1.311.60.2.1.3=CH/ 
1.3.6.1.4.1.311.60.2.1.2=Bern/businessCategory=Government Entity/ 
serialNumber=1834-03-14/C=CH/ST=Bern/L=Bern/O=Universitaet Bern/ 
OU=Informatikdienste - SYS/CN=mail.campus.unibe.ch
Server certificate issuer: /C=BM/O=QuoVadis
Limited/OU=http://www.quovadisglobal.com/CN=QuoVadis 
  Global SSL ICA
Server key fingerprint: CD:10:34:E9:6D:1D:07:09:3D:9E:53:FC:B5:94:B0:10
(R)eject, accept (t)emporarily or accept (p)ermanently? p
- --

The certificate then somehow changes:

- --
Server certificate subject: /1.3.6.1.4.1.311.60.2.1.3=CH/ 
1.3.6.1.4.1.311.60.2.1.2=Bern/businessCategory=Government Entity/ 
serialNumber=1834-03-14/C=CH/ST=Bern/L=Bern/O=Universitaet Bern/ 
OU=Informatikdienste - SYS/CN=mail.campus.unibe.ch
Server certificate issuer: /C=BM/O=QuoVadis
Limited/OU=http://www.quovadisglobal.com/CN=QuoVadis 
  Global SSL ICA
Server key fingerprint: 6D:D9:E8:FF:A3:70:2A:D8:44:10:0C:7D:0E:94:65:FC
ATTENTION: SSL/TLS certificate fingerprint mismatch.
Proceed with the connection (y/n)? y
- --

I talked to the server guys. Their response:

1) We whether know nor support a tool called "imapfilter"
2) Our servers are load balanced, but they are adhering to RFCs

Any suggestions how to avoid those troubles on my side?

Thank you & regards,
Mario


More information about the Imapfilter-devel mailing list