[Pkg-exim4-users] tracking - TLS error on connection from host [x.x.x.x] (gnutls_handshake): timed out
Simon Josefsson
simon at josefsson.org
Thu Aug 6 14:14:58 UTC 2009
"Marco Kammerer" <marco.kammerer at uibk.ac.at> writes:
> Hello
>
> I am running debian etch with the normal exim (i know lenny is out an
> i should upgrade)
>
> The server acts as mx, for checking emails for spam and forwarding
> them to different mailservers.
>
> Since 1 week i read the following in /var/log/exim4/maillog
> that the TLS handshake failed
>
> http://de.pastebin.ca/1520372
Hi.
Are you sure these aren't just normal timeouts from hosts that don't
want to complete the TLS handshake? Could be hosts probing your
machine.
> gnutls-bin is installed on the mashine
>
> i yesterday exchanged the certificate - i tought this could be a reason
>
> i made some trackings
>
> openssl s_client -connect localhost:666
> http://de.pastebin.ca/1520365
Looks fine to me?
> exim4 -bd -d+tls -oX 0.0.0.0.666 -tls-on-connect
> http://de.pastebin.ca/1520369
This looks you are talking TLS-over-TCP against a server that sends a
SMTP header, so the error is expected.
> here everything works good out.
>
> if i check via
> swaks -a -tls -q AUTH -s mx4-au xxx
> http://de.pastebin.ca/1520382
Seems correct to me as well.
> any hint is appreciated.
>
> i have now deactivate tls via
> MAIN_TLS_ADVERTISE_HOSTS=1.1.1.1
> so that no advertise is done, but that is not the ideal way ....
I think I need some more information on what you believe the error is to
be able to debug further.
/Simon
More information about the Pkg-exim4-users
mailing list