[Pkg-exim4-users] tracking - TLS error on connection from host [x.x.x.x] (gnutls_handshake): timed out

Simon Josefsson simon at josefsson.org
Thu Aug 6 14:14:58 UTC 2009

"Marco Kammerer" <marco.kammerer at uibk.ac.at> writes:

> Hello
> I am running debian etch with the normal exim (i know lenny is out an
> i should upgrade)
> The server acts as mx, for checking emails for spam and forwarding
> them to different mailservers.
> Since 1 week i read the following in /var/log/exim4/maillog
> that the TLS handshake failed
> http://de.pastebin.ca/1520372


Are you sure these aren't just normal timeouts from hosts that don't
want to complete the TLS handshake?  Could be hosts probing your

> gnutls-bin is installed on the mashine
> i yesterday exchanged the certificate - i tought this could be a reason
> i made some trackings
> openssl s_client -connect localhost:666
> http://de.pastebin.ca/1520365

Looks fine to me?

> exim4 -bd -d+tls -oX -tls-on-connect
> http://de.pastebin.ca/1520369

This looks you are talking TLS-over-TCP against a server that sends a
SMTP header, so the error is expected.

> here everything works good out.
> if i check via
> swaks -a -tls -q AUTH -s mx4-au xxx
> http://de.pastebin.ca/1520382

Seems correct to me as well.

> any hint is appreciated.
> i have now deactivate tls via
> so that no advertise is done, but that is not the ideal way ....

I think I need some more information on what you believe the error is to
be able to debug further.


More information about the Pkg-exim4-users mailing list