TLS Error on any smtp connection

bartlebi · October 10, 2022, 9:16am

Hi all.
Installed hestia and setted up a mail server. I got let’s encrypt certificates and everything works.
However, in the logs constantly almost on every connection, I see an error
TLS error on connection from (xeno.mail.yandex.net) [5.45.218.102] (recv): The TLS connection was non-properly terminated.
Searched the forums, found this way to find the reason:

apt-get install gnutls-bin to have gnutls-cli available.
gnutls-cli -s -p 25 YOURSMTPHOST (starts a session with your mailserver)
ehlo foo
starttls
Press CTRL+d (^d)


- Status: The certificate is NOT trusted. The name in the certificate does not match the expected.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed

And now I see that the domain name in the certificate leads to the domain name of the server itself, and not to the mail domain.
How can i change it just for exim? To return mail.domain.com except of isp.domain.com?

eris · October 10, 2022, 9:27am

v-add-letsencrypt-host and make sure dns records are working correctly

bartlebi · October 10, 2022, 10:15am

Thank you for your answer.
I ran the command without error. However there are still errors in the logs

TLS error on connection (recv): The TLS connection was non-properly terminated.
TLS error on connection (recv): The specified session has been invalidated for some reason.

At the same time, mail is sent and received without problems, but I would like to understand the reason and eliminate it.