Bug#348046: exim4-daemon-heavy: TLS delivery attempts fail with: (gnutls_handshake): A TLS packet with unexpected length was received.
Marc Haber
mh+debian-packages at zugschlus.de
Sat Jan 5 11:57:22 UTC 2008
On Sat, Jan 05, 2008 at 09:31:40PM +1100, Andrew McGlashan wrote:
> Marc Haber wrote:
> >So you only have ssl_on_connect_port=465 in your exim configuration
> >and no other port number? And you get a clear text banner when you
> >connect to tcp/25 or tcp/587? And you get a banner when you use
> >gnutls-cli -p 465 _without_ the -s option?
>
> www:/tmp# grep ssl_on_connect_port /var/lib/exim4/config.autogenerated
>
> - so no ssl_on_connect_port entry in my config...
yes, it is ports. Typo.
> But I do have the following:
>
> www:/tmp# grep 587 /var/lib/exim4/config.autogenerated
> tls_on_connect_ports=465:587
So you are not using ESMTP STARTTLS on tcp/587, which might be a
reason why your clients don't work. I am not aware of any software
that is broken _that_ badly to use SMTP over SSL on tcp/587.
> www:/tmp# gnutls-cli -p 465 127.0.0.1
> Resolving '127.0.0.1'...
> Connecting to '127.0.0.1:465'...
> - Successfully sent 0 certificate(s) to server.
> - Certificate type: X.509
> - Got a certificate list of 1 certificates.
>
> - Certificate[0] info:
> # The hostname in the certificate does NOT match '127.0.0.1'.
> # valid since: Thu Oct 25 21:11:06 EST 2007
> # expires at: Sun Oct 22 22:11:06 EST 2017
> # fingerprint: F6:9D:DB:E5:BC:EA:59:CC:F4:81:0A:D1:56:81:11:1E
> # Subject's DN: CN=mail.affinityvision.com.au
> # Issuer's DN: CN=Affinity Vision Australia Pty Ltd
>
>
> - Peer's certificate issuer is unknown
> - Peer's certificate is NOT trusted
> - Version: TLS 1.0
> - Key Exchange: DHE RSA
> - Cipher: AES 256 CBC
> - MAC: SHA
> - Compression: NULL
> - Handshake was completed
>
> - Simple Client Mode:
>
> 220 mail.affinityvision.com.au ESMTP Exim 4.63 Sat, 05 Jan 2008 21:23:56
> +1100
That looks as properly configured as SMTP over SSL on tcp/465 can be.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190
More information about the Pkg-exim4-maintainers
mailing list