Bug#482012: exim4: TLS incoming connections problems

Marc Haber mh+debian-packages at zugschlus.de
Tue May 20 07:19:24 UTC 2008 

On Tue, May 20, 2008 at 08:53:44AM +0200, Diego Guella wrote:
> I was using TLS with an Outlook Express client fine with version 4.69-2.
> Yesterday, 4.69-5 went into lenny, I upgraded, and now i have these errors:
> 
> ----- (from /var/log/exim4/mainlog)
> TLS error on connection from (hostname) [ipaddress] (gnutls_handshake): Error in the push function.
> -----
> 
> This blocks here, then Outlook Express have a timeout and closes the connection:
> 
> ----- (from /var/log/exim4/mainlog)
> unexpected disconnection while reading SMTP command from (hostname) [ipaddress] (error: connection reset by peer)
> -----
> 
> Then, I try again sending the message, but I get:
> 
> ----- (from /var/log/exim4/mainlog)
> TLS error on connection from (hostname) [ipaddress] (gnutls_handshake): A TLS packet with unexpected length was received.
> -----
> 
> And again blocks here, then Outlook Express times out, and the story
> begins again from the start...

When I last looked, OE was not able to do STARTTLS and required
special configuration to allow smtp-over-tls on Port 465. Exim
requires special configuration to support this. How did you enable
smtp-over-tls?

> Since yesterday many packages went into lenny, I'm not sure if Exim is
> the real cause of this problem, maybe it could be gnutls, or something
> other.
> 
> Where can I get exim 4.69-2 to test it again and see if it works?

You can try pulling an older package from snapshot.debian.net.

I would suggest a different debugging path though:

(1) verify whether your OE does STARTTLS or smtp-over-ssl
(2) try with a command line client (swaks, gnutls-cli, openssl s_client)
    whether your exim actually does what your OE expects it to do
(3) try with a command line server (gnutls-serv, openssl s_server)
    whether your OE is able to connect to the server. This might be a
    challenge to do with STARTTLS.

Disabling the client certificate request in exim configuration may be
worth a try, too.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

More information about the Pkg-exim4-maintainers mailing list