Bug#343085: exim4: Exim SMTP_AUTH hangs since today...

Wed Oct 31 21:20:25 UTC 2007

Marc Haber wrote:
> On Mon, Jan 30, 2006 at 10:16:57PM +0100, Sven Hartge wrote:
>> Here is what I did:
>>
>> 1) Downgraded exim4, exim4-base, exim4-config and exim4-daemon-heavy to 
>>    the version from Sarge (4.50-8).
>>
>> 2) Waited for the gnutls-params file to reappear.
>>
>> 3) (in another ssh session)
>>    while true; do cat /proc/sys/kernel/random/entropy_avail; sleep 0.2; 
>>      done
>>
>> 4) waited until the entropy pool refilled itself
>>
>> 5) used an external server to send an encrypted mail to me:
>>
>> 3368
>> 3372
>> 129
>> 140
>> 140
> 
> I can still reproduce this on current sid and have filed bug #448775
> against libgnutls13.
> 
> However, this does _not_ block exim, I was able to send ten more
> messages while entropy stayed firmly below 150. I suspect that current
> gnutls has some safety measure that makes it use lesser quality
> entropy after taking all of the good stuff.

Right. Right now am not able to make exim4 block after entropy
exhaustion. (But for other reasons [extremely poor handling of
/etc/ssl/certs by gnutls, especially if there are many certificates
located in there.] I switched to recompiled exim4s with OpenSSL support
for all my machines.)

As far as my fuzzy memory recalls there has been a fixup to exim4 to not
use a special cipher/encryption method/foobar which caused it to use
/dev/random instead of /dev/urandom.

And if I really remember correctly, it was Florian who analyzed the code
back then and proposed this fix.

S°

-- 
Sven Hartge -- professioneller Unix-Geek
Meine Gedanken im Netz: http://www.svenhartge.de/