Bug#348046: exim4-daemon-heavy: TLS delivery attempts fail with: (gnutls_handshake): A TLS packet with unexpected length was received.

Marc Haber mh+debian-packages at zugschlus.de
Sun Oct 28 13:36:01 UTC 2007 

On Sun, Oct 28, 2007 at 12:16:10AM +1000, Andrew McGlashan wrote:
> Marc Haber wrote:
> >You can recompile the packages with OpenSSL.
> 
> I prefer to stick with standard packages as supplied by apt package 
> management.... I am not interested in doing any re-compiles and moving too 
> far away from the standards that are currently in place.

Then you're out of luck.

>   However, if a special package was made available in the normal way,

I do not have time and resources to maintain two of them, and am not
sure about licensing issues.

> >>Would it be safe and advisable to provide the output from the
> >>gnutls-cli-debug program here?
> >>   gnutls-cli-debug --port 465 -v localhost -d 3
> >
> >Probably not since we know that a gnutls client will work nicely with
> >exim.
> 
> I am guessing that if OpenSSL is used by an MUA, then it too might fail 
> similarly.

No, you can connect to exim just fine with an openssl client. Just try
openssl s_client.

You might want to use gnutls-serv as a test target against your
incredimail client.

> >I kind of fail to understand what you intend to do and what works and
> >what not.
> 
> I want to be able to support the use of Incredimail against my mail server 
> without departing from my strict policy of using SMTP Auth over port 465 
> with SSL security.

Port 465 is an RFC violation anyway, it was never assigned for SMTP
over SSL in the first place. Microsoft is the only instance who
insists on using this non-standard.

The widely accepted standardized way to do secure SMTP is STARTTLS,
which is kind of SMTP-over-SSL-over-SMTP and can be run on the
standardized ports 25 (SMTP) and 587 (mail submission).

But you are likely to fall into the same trap with your incredimail
that way.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

More information about the Pkg-exim4-maintainers mailing list