Bug#674990: exim breaks (again?) with TLS packet with unexpected length
Marc Haber
mh+debian-packages at zugschlus.de
Tue May 29 09:58:12 UTC 2012
On Tue, May 29, 2012 at 06:45:52PM +0900, Norbert Preining wrote:
> On Di, 29 Mai 2012, Marc Haber wrote:
> > > I have found various suggestions, like adding the Debian-exim user
> > > to the group shadow,
> >
> > Where is this dangerous suggestion written?
>
> http://vk6hgr.echidna.id.au/blog/?p=184
The author of this blog entry has not read the documentation. Adding
Debian-exim to the shadow group is the most insecure way to get
authentication (as a server) to work. It has nothing to do with TLS at
all. You might want to revert that change on your system as you are
exposing all your password hashes to an attacker.
> * openssl
> $ openssl s_client -connect smtp.jaist.ac.jp:587CONNECTED(00000003)
That will not work. You need to use STARTTLS, -starttls smtp
> $ gnutls-cli -s -p 587 smtp.jaist.ac.jp
> Processed 0 CA certificate(s).
> Resolving 'smtp.jaist.ac.jp'...
> Connecting to '150.65.19.12:587'...
>
> - Simple Client Mode:
>
> 220 jaist.ac.jp ESMTP mail service ready
> EHLO mithrandir
> (nothing ... pressing Ctrl-D)
The server stalls at this point before even switching to TLS. This is
a problem of the remote side that I can see from here as well. You
should report this to the operators of the server, it is broken.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062
More information about the Pkg-exim4-maintainers
mailing list