[Pkg-exim4-users] How to get around "Must issue a STARTTLS command first"
Norbert Preining
preining at logic.at
Mon Aug 2 01:41:24 UTC 2010
Hi Marc,
On Sa, 31 Jul 2010, Marc Haber wrote:
> Please don't obfuscate. It is not security relevant which server
Sorry smtp.jaist.ac.jp::587
> Try
> echo foo | exim -d mh+pkg-exim4-users at zugschlus.de
> and send the output to the list. Exim will asterisk out the password,
> so there is no private data in the debug output.
(First of all, good that I checked, it did *NOT*!!!! asterix out the
password. *I* did change the real passwd to ******* below:
file lookup required for smtp.jaist.ac.jp
in /etc/exim4/passwd.client
smtp.jaist.ac.jp in "alpha.logic.tuwien.ac.at"? no (end of list)
smtp.jaist.ac.jp in "smtp.jaist.ac.jp"? yes (matched "smtp.jaist.ac.jp")
lookup yielded: preining:********
150.65.19.12 in hosts_try_auth? yes (matched "150.65.19.12")
)
Thanks for the hint, the problem is here, I guess I don't have to
send the full log:
initialized certificate stuff
initialized GnuTLS session
LOG: MAIN
TLS error on connection to smtp.jaist.ac.jp [150.65.19.12] (gnutls_handshake): A TLS packet with unexpected length was received.
ok=0 send_quit=0 send_rset=1 continue_more=0 yield=1 first_address is not NULL
150.65.19.12 in hosts_require_tls? no (option unset)
LOG: MAIN
Then it continues with un-protected delivery (I don't have it
in hosts_requrire_tls fo rnow, will add it later), and
breaks down with the known problem.
Looking up the debian BTS I see a bug related to that, so
I tried swaks and that worked:
=== Trying smtp.jaist.ac.jp:587...
=== Connected to smtp.jaist.ac.jp.
<- 220 jaist.ac.jp ESMTP mail service ready
-> EHLO mithrandir
<- 250-mailrelayi.jaist.ac.jp
<- 250-8BITMIME
<- 250-SIZE 104857600
<- 250-AUTH PLAIN LOGIN
<- 250-STARTTLS
<- 250 AUTH=PLAIN LOGIN
-> STARTTLS
<- 220 Go ahead
=== TLS started w/ cipher AES256-SHA
=== TLS peer subject DN="/C=JP/ST=Ishikawa/L=Nomi/OU=Center for Information Science/O=JAPAN ADVANCED INSTITUTE OF SCIENCE AND TECHNOLOGY/CN=smtp.jaist.ac.jp"
~> EHLO mithrandir
<~ 250-mailrelayi.jaist.ac.jp
<~ 250-8BITMIME
<~ 250-SIZE 104857600
<~ 250-AUTH PLAIN LOGIN
<~ 250 AUTH=PLAIN LOGIN
~> MAIL FROM:<root at mithrandir>
<~* 530 Authentication required
~> QUIT
<~ 221 mailrelayi.jaist.ac.jp
=== Connection closed with remote host.
but it seems that swaks uses OPenSSL (at least you
wrote that in bug 467137).
Then I tried to connect with gnutls-cli but didn't manage:
$ gnutls-cli -s -p 587 smtp.jaist.ac.jp
Resolving 'smtp.jaist.ac.jp'...
Connecting to '150.65.19.12:587'...
- Simple Client Mode:
220 jaist.ac.jp ESMTP mail service ready
EHLO mithrandir
- Peer has closed the GNUTLS connection
$
So now I don't know where to go from here ...
Best wishes
Norbert
------------------------------------------------------------------------
Norbert Preining preining@{jaist.ac.jp, logic.at, debian.org}
JAIST, Japan TeX Live & Debian Developer
DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094
------------------------------------------------------------------------
PAPPLE (vb.)
To do what babies do to soup with their spoons.
--- Douglas Adams, The Meaning of Liff
More information about the Pkg-exim4-users
mailing list