Re: Enforce strict certificate validation

Question asked by Hemen Shah - 6/9/2025 at 4:30 AM

Unanswered

Hi,

Any one using and enabled both Enforce strict certificate validation along with Relaxed certificate name validation !

If above are enabled we are seeing some delivery issues to email ids even when their SSL is perfect validated and active. one of the domain is rediffmail - rediffmailpro

Thanks

4 Replies

Reply to Thread

Douglas Foster Replied

6/9/2025 at 11:53 AM

Looks like things are working as intended. Using OPENSSL to test,

mx.rediffmail.rdiff.com = no encryption

mx.pro.rediff.akadns.net = self-signed certificate included as third cert in the chain

Hemen Shah Replied

6/9/2025 at 12:20 PM

Yes, noticed that.

But somehow, enabling this option is turning into false positive and complaints from customer perspective and hence have disabled this options as of now.

Thanks

Hemen Shah Replied

6/10/2025 at 7:02 AM

My both options are disabled now in Protocols but still i am seeing some user with delivery issue and waiting to deliver with below error

Error: 602 Attempted to send the message to the following IPs: 127.0.0.1

Is it required SM service to be restarted ! or reboot once above enable/disable changes are done.

Thanks

Douglas Foster Replied

6/10/2025 at 7:39 AM

If the message was queued before the change was made, it may be tagged for mandatory encryption, in which case it may never get delivered. I am extrapolating from my experience with a different product. You should open a support ticket to see if they can get the messages unstuck.

Back to Community Threads

Please leave this box unchecked

Reply to Thread

Enter the verification text

4 Replies

Reply to Thread

Tags

Related Knowledge Base Articles