Bug#482012: exim4: TLS incoming connections problems
Diego Guella
diego.guella at sircomtech.com
Wed May 21 13:25:22 UTC 2008
OK. Got it.
The package who messed up my TLS setup with OE was:
ca-certificates
which was automatically installed when I installed:
fetchmail
What I did to resolve the problem:
1. remove ca-certificates with aptitude
2. rm /etc/ssl/certs/ca-certificates.crt
This is a brutal solution, but I don't need ca-certificates for now.
In addition, I can see this with Ethereal:
Common-part of the connection:
-----
S> 220 servername\r\n
C< EHLO clientname\r\n
S> 250-servername Hello clientname [ip]\r\n
S> 250-SIZE 52428800\r\n
S> 250-PIPELINING\r\n
S> 250-STARTTLS\r\n
S> 250 HELP\r\n
C< STARTTLS\r\n
S> 220 TLS go ahead\r\n
C< (156 bytes on wire)
S> (133 bytes on wire)
S> (774 bytes on wire, I can recognize some parts of my self-certificate here)
-----
Then, when ca-certificates is not installed:
-----
S> (77 bytes on wire)
S> (60 bytes on wire)
S> (91 bytes on wire)
C< (87 bytes on wire)
S> (206 bytes on wire)
.... and all goes well
-----
When ca-certificates is installed:
-----
S> (1514 bytes on wire, I can see parts of other CA strings there)
S> (1514 bytes on wire, I can see parts of other CA strings there)
S> (1514 bytes on wire, I can see parts of other CA strings there)
S> (1514 bytes on wire, I can see parts of other CA strings there)
S> (1514 bytes on wire, I can see parts of other CA strings there)
S> (1514 bytes on wire, I can see parts of other CA strings there)
S> (1514 bytes on wire, I can see parts of other CA strings there)
S> (1514 bytes on wire, I can see parts of other CA strings there)
S> (1514 bytes on wire, I can see parts of other CA strings there)
S> (1514 bytes on wire, I can see parts of other CA strings there)
S> (1514 bytes on wire, I can see parts of other CA strings there)
S> (383 bytes on wire, I can see parts of other CA strings there)
S> (1514 bytes on wire, I can see parts of other CA strings there)
C< [FIN, ACK]
C< [SYN]
S> [SYN, ACK]
C< [ACK]
C< EHLO clientname
S> (1364 bytes on wire, keeps sending other CA strings)
S> (63 bytes on wire)
C< [RST, ACK]
S> [ACK]
S> [SYN]
C< [RST, ACK]
S> 554 SMTP synchronization error\r\n
C< HELO clientname\r\n
S> [ACK]
S> [RST, ACK]
-----
Hope this helps identifying the problem.
Regards,
Diego
More information about the Pkg-exim4-maintainers
mailing list