Bug#315651: exim4-daemon-heavy: TLS error (gnutls_handshake) - 4.51-1; was OK in 4.50-8

Calum Mackay Calum Mackay <calum.mackay@cdmnet.org>, 315651@bugs.debian.org
Fri, 24 Jun 2005 12:34:04 +0100 

Package: exim4-daemon-heavy
Version: 4.51-1
Severity: important

The problem here is some, but not all, incoming TLS emails getting
deferred:

2005-06-24 11:55:01 TLS error on connection from
host81-136-150-217.in-addr.btopenworld.com (thegerhards.com)
[81.136.150.217]:30228 (gnutls_handshake): A TLS fatal alert has been
received.

This coincided with (a few hours after) upgrading from 4.50-8 to 4.51-1.
I can reliably reproduce the problem on 4.51-1, within an hour or two.
With the previous 4.50-8 I have never seen the problem. Switching back and
forth between the versions reliably reproduces the problem (on 4.51-1).

For this reason, I believe this bug may be different than the two
existing, older, bugs #285371 & #297174, which affected previous releases
(where I never saw a problem).

I would note that not all incoming TLS traffic seems to be affected.
Somes sites' TLS traffic is deferred, others accepted. Outgoing TLS
traffic seems to be fine.

Running -d+all didn't provide any further information, unfortunately.

One other data point: 4.50-8 seems to reliably recreate the gnutls-params
file if it is removed, whereas I've noted that with 4.51-1 the file is
never created. Of course, this may just be a symptom of the problem.

Please let me know if I can provide more information.

cheers,
calum.




-- Package-specific info:
Exim version 4.51 #1 built 10-Jun-2005 19:02:02
Copyright (c) University of Cambridge 2005
Berkeley DB: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
Support for: iconv() IPv6 PAM Perl GnuTLS Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql
Authenticators: cram_md5 cyrus_sasl plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'

dc_eximconfig_configtype='internet'
# Our primary hostname is in /etc/mailname
dc_other_hostnames='diz : cdmnet.org.uk : cdmnet.info : cdm.homelinux.org : dialachef.co.uk:cdmnet.org'
dc_local_interfaces=''
dc_readhost=''
dc_relay_domains='CONFDIR/relay.domains'
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''

CFILEMODE='644'
dc_use_split_config='true'
dc_hide_mailname=''
dc_mailname_in_oh='true'
mailname:cdmnet.org

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.10
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)

Versions of packages exim4-daemon-heavy depends on:
hi  exim4-base                  4.51-1       support files for all exim MTA (v4
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  libdb4.2                    4.2.52-19    Berkeley v4.2 Database Libraries [
ii  libgnutls11                 1.0.16-13.1  GNU TLS library - runtime library
ii  libldap2                    2.1.30-10    OpenLDAP libraries
ii  libmysqlclient12            4.0.24-10    mysql database client library
ii  libpam0g                    0.76-22      Pluggable Authentication Modules l
ii  libpcre3                    5.0-1.1      Perl 5 Compatible Regular Expressi
ii  libperl5.8                  5.8.7-3      Shared Perl library
ii  libpq4                      8.0.3-6      PostgreSQL C client library
ii  libsasl2                    2.1.19-1.5   Authentication abstraction library

exim4-daemon-heavy recommends no packages.

-- no debconf information