Bug#338319: exim4: TLS does not work any more after upgrade

Franz G. Koehler fgkoehler at openunix.de
Wed Nov 9 13:23:41 UTC 2005 

Package: exim4
Version: 4.50-8
Severity: important

Hello,

since applying the latest security updates exim4 does not initialize nor
accept successfully TLS connections.

>From the remote side:


2005-11-09 08:38:41 1EZkSZ-0003Kc-Pn SMTP timeout while connected to hermes.frankfurt.de.velia.net [85.195.64.15] after STARTTLS: Connection timed out
2005-11-09 08:38:41 1EZkSZ-0003Kc-Pn == xxxx at xxxxx.xxx R=xxxxxxxxxxxxxx T=remote_smtp defer (110): Connection timed out: SMTP timeout while connected to hermes.frankfurt.de.velia.net [85.195.64.15] after STARTTLS
2005-11-09 09:02:46 1EZkpt-0003Wf-Hh SMTP timeout while connected to hermes.frankfurt.de.velia.net [85.195.64.15] after STARTTLS: Connection timed out
2005-11-09 09:02:46 1EZkpt-0003Wf-Hh SMTP timeout while connected to hermes.frankfurt.de.velia.net [85.195.64.15] after STARTTLS: Connection timed out

On the local side, there is no notification in the logfile, until the
exim processes are killed manually, they simply do not respond:

2005-11-09 09:28:31 SMTP connection from proteus.wiesbaden.de.velia.net [151.189.12.60] closed after SIGTERM
2005-11-09 09:28:31 SMTP connection from proteus.wiesbaden.de.velia.net [151.189.12.60] closed after SIGTERM
2005-11-09 09:28:31 SMTP connection from proteus.wiesbaden.de.velia.net [151.189.12.60] closed after SIGTERM
2005-11-09 09:28:31 SMTP connection from proteus.wiesbaden.de.velia.net [151.189.12.60] closed after SIGTERM
2005-11-09 09:37:47 SMTP connection from proteus.wiesbaden.de.velia.net [151.189.12.60] closed after SIGTERM
2005-11-09 09:37:47 SMTP connection from proteus.wiesbaden.de.velia.net [151.189.12.60] closed after SIGTERM
2005-11-09 09:37:47 SMTP connection from proteus.wiesbaden.de.velia.net [151.189.12.60] closed after SIGTERM


Workaround:
Disable TLS in the cofiguration (tls_advertise_hosts = !*)(hosts_avoid_tls=*)


This bug might be openssl-related since it was included in recent
updates.




-- Package-specific info:
Exim version 4.50 #1 built 27-May-2005 08:10:05
Copyright (c) University of Cambridge 2004
Berkeley DB: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
Support for: iconv() IPv6 PAM Perl GnuTLS Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql
Authenticators: cram_md5 cyrus_sasl plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Configuration file is /etc/exim4/exim4.conf
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'

dc_eximconfig_configtype='internet'
dc_other_hostnames='hermes.frankfurt.de.velia.net'
dc_local_interfaces=''
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
mailname:hermes.frankfurt.de.velia.net

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.14
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages exim4 depends on:
ii  exim4-base                    4.50-8     support files for all exim MTA (v4
ii  exim4-daemon-heavy            4.50-8     exim MTA (v4) daemon with extended

-- no debconf information

More information about the Pkg-exim4-maintainers mailing list