Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Sven Hartge
sven at svenhartge.de
Mon Jan 30 00:36:18 UTC 2006
Florian Weimer wrote:
> Marc Haber:
>>> On my server the entropy ist only "168" could this be the cause of a
>>> GNUTLS problem?
>> Yes. exim will wait (and block) until there is enough entropy available
>> to initialize the TLS session.
> According to my tests, it doesn't. After some discussion with the GNU
> TLS developers, I think it does the right thing and reads from
> /dev/urandom only.
Are you sure?
When the exim on my server blocked due to lack of entropy, I had about 100
processes trying to access /dev/random (at least lsof said so).
As a side note: With GNU TLS, every _single_ encrypted mail transmission
_totally_ depletes my entropy pool (going from ~3500 to ~150), but after
recompiling Exim4 with OpenSSL, only about 200 bits (the number is
difficult to measure, but it is way less than with GNU TLS) are used.
To be able to use Exim on this server, I had to patch the kernel to use
the network card as additional entropy source and after this didn't work
out to well, I also had to symlink /dev/random to /dev/urandom, which of
course is only my last resort to keep the things running.
Grüße,
S
--
Sven Hartge -- professioneller Unix-Geek
Meine Gedanken im Netz: http://www.svenhartge.de/
Achtung, neue Mail-Adresse: sven at svenhartge.de
More information about the Pkg-exim4-maintainers
mailing list