Bug#297174: exim4-daemon-heavy: confirmation

tom schorpp schorpp at schorpp.dyndns.dk
Sat Aug 13 13:32:45 UTC 2005 

Package: exim4-daemon-heavy
Version: 4.50-8
Followup-For: Bug #297174


all exim >4.50 libgnutls11 >=stable gnutls-bin >= stable

tls broken on incoming connection from some clients:

220 tom3.schorpp.dyndns.dk ESMTPS Exim Sat, 13 Aug 2005 13:00:49 +0000
ehlo local
250-tom3.schorpp.dyndns.dk Hello localhost.schorpp.dyndns.dk [127.0.0.1]
250-SIZE 52428800
250-PIPELINING
250-STARTTLS
250 HELP
starttls
220 TLS go ahead
*** Starting TLS handshake
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed

ok here:

tom3:~# gnutls-cli -p 25 -s harmanbecker.com.s6a1.psmtp.com
Resolving 'harmanbecker.com.s6a1.psmtp.com'...
Connecting to '64.18.5.10:25'...

- Simple Client Mode:

220 Postini ESMTP 35 r6_3_2c0 ready.  CA Business and Professions Code Section 
17538.45 forbids use of this system for unsolicited electronic mail advertisements.
ehlo tom3.schorpp.dyndns.dk
250-Postini says hello back
250-STARTTLS
250-8BITMIME
250 HELP
starttls
220 Go ahead
*** Starting TLS handshake
- Certificate type: X.509
 - Got a certificate list of 1 certificates.

 - Certificate[0] info:
 # The hostname in the certificate does NOT match 'harmanbecker.com.s6a1.psmtp.com'.
 # valid since: Thu Nov 25 00:00:00 UTC 2004
 # expires at: Fri Nov 25 23:59:00 UTC 2005
 # serial number: 0e 16 43 13 21 f7 05 4b 04 e8 6d 52 4b bc 38 3d
 # fingerprint: 7a 7d d2 53 5b 46 6d 55 1f e4 5f da 1b cc eb 77
 # version: #3
 # public key algorithm: RSA
 #   Modulus: 1024 bits
 # Subject's DN: C=US,ST=California,L=Redwood City,O=Postini\, 
Inc.,OU=PSMTP,CN=*.psmtp.com
 # Issuer's DN: C=US,O=RSA Data Security\, Inc.,OU=Secure Server Certification 
Authority


- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS 1.0
- Key Exchange: RSA
- Cipher: AES 256 CBC
- MAC: SHA
- Compression: NULL



-- Package-specific info:
Exim version 4.50 #1 built 27-May-2005 08:10:05
Copyright (c) University of Cambridge 2004
Berkeley DB: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
Support for: iconv() IPv6 PAM Perl GnuTLS Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql
Authenticators: cram_md5 cyrus_sasl plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Configuration file is /var/lib/exim4/config.autogenerated

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (800, 'testing'), (700, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.12-1-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages exim4-daemon-heavy depends on:
ii  exim4-base                   4.50-8      support files for all exim MTA (v4
ii  libc6                        2.3.5-3     GNU C Library: Shared libraries an
ii  libdb4.2                     4.2.52-17   Berkeley v4.2 Database Libraries [
ii  libgnutls11                  1.0.16-13.1 GNU TLS library - runtime library
ii  libldap2                     2.1.30-3    OpenLDAP libraries
ii  libmysqlclient12             4.0.23-3    mysql database client library
ii  libpam0g                     0.76-22     Pluggable Authentication Modules l
ii  libpcre3                     4.5-1.1     Perl 5 Compatible Regular Expressi
ii  libperl5.8                   5.8.7-3     Shared Perl library
ii  libpq3                       7.4.6-7     PostgreSQL C client library
ii  libsasl2                     2.1.19-1.5  Authentication abstraction library

-- no debconf information

More information about the Pkg-exim4-maintainers mailing list