Bug#348046: exim4-daemon-heavy: TLS delivery attempts fail with: (gnutls_handshake): A TLS packet with unexpected length was received.

[Andrew McGlashan]

Hi Marc,

Marc Haber wrote:
> On Sat, Oct 27, 2007 at 03:29:47PM +1000, Andrew McGlashan wrote:
>> I have just discovered this bug and it appears to be rather long
>> term..... any progress?
>
> This will most probably not be fixed in etch.

:(

> What is Incredimail? An MTA, or a Mail service?

Incredimail is an email client [MUA], much like Outlook Express, but it is 
heavily used in the Windows world.

FWIW, I don't like Incredimail, however, I have a client whom does like it 
and I want to host his email -- the problem is the TLS handling as I enforce 
SMTP Auth usage and only with port 465 with SSL.

>>   And if so, is there any way that the Exim4 can work with both
>>   OpenSSL and GNUTLS?
>
> You can recompile the packages with OpenSSL.

I prefer to stick with standard packages as supplied by apt package 
management.... I am not interested in doing any re-compiles and moving too 
far away from the standards that are currently in place.  However, if a 
special package was made available in the normal way, then I would be happy 
to install it -- so long as it is maintained as a 'normal' package would be.

>> Would it be safe and advisable to provide the output from the
>> gnutls-cli-debug program here?
>>    gnutls-cli-debug --port 465 -v localhost -d 3
>
> Probably not since we know that a gnutls client will work nicely with
> exim.

I am guessing that if OpenSSL is used by an MUA, then it too might fail 
similarly.

> I kind of fail to understand what you intend to do and what works and
> what not.

I want to be able to support the use of Incredimail against my mail server 
without departing from my strict policy of using SMTP Auth over port 465 
with SSL security.

Kind Regards
AndrewM