[Pkg-exim4-users] TLS error on connection

ael witwall3 at disroot.org
Sat Mar 4 18:30:03 GMT 2023 

I have Exim4 now working with OAUTH2 sending to a ms outlook.office356
SMTP server (which I am forced to use).

I am using a somewhat adapted exim.conf.template using debian testing.

While testing, I have encountered two apparently benign error messages:

1) H=outlook.xx.office365.com [xx.xx.xxx.xxx] TLS error on connection (recv):
Error in the pull function.

That was after a succesful delivery using XOAUTH2 to the ms SMTP server.
At first I thought that it might be some quirk of the MS XAUTH
implementation.
But the I discovered something similar report with delivery to an "ordinary",
but disreputatble smarthost:

2) H=mail.xx.xxinternet.com [xxx.xxx.xx.x] TLS error on connection (recv): The TLS connection was non-properly terminated.

--------------------------------------------------------

I am using the debian light binary:
# exim -bV
Exim version 4.96 #2 built 04-Feb-2023 12:33:50
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007
- 2022
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 GnuTLS TLS_resume move_frozen_messages
DANE DKIM DNSSEC Event I18N OCSP PIPECONNECT PRDR Queue_Ramp SOCKS SRS
TCP_Fast_Open
[..smtp..]

So it is using GNuTLS and what duck-duck-Going I have done seems to
suggest that these error messages may be coming from the gnutls
library rather from the remote SMTP servers.
Perhaps I have simply made a mistake in the configuration, but I have no
such problems with at least 2 other smarthosts, such as disroot,org
through which I am sending this email.

I am using driver=smtp for the transports.

-------------------------------------------------------------------
Below is a part of an exim -v test to the ms XOAUTH2 server somewhat
redacted. The error is in the penultimate line.:

Connecting to outlook.xx.office365.com [xx.xx.xxx.xxx]:587 ...  TFO mode sendto, no data: EINPROGRESS
 connected
  SMTP<< 220 xxxxxxxxxxxx.outlook.office365.com Microsoft ESMTP MAIL Service ready at Sat, 4 Mar 2023 11:14:06 +0000
  SMTP>> EHLO me.here
  SMTP<< 250-LO4P123CA0173.outlook.office365.com Hello [myip]
         250-SIZE 157286400
         250-PIPELINING
         250-DSN
         250-ENHANCEDSTATUSCODES
         250-STARTTLS
         250-8BITMIME
         250-BINARYMIME
         250-CHUNKING
         250 SMTPUTF8
  SMTP>> STARTTLS
  SMTP<< 220 2.0.0 SMTP server ready
  SMTP>> EHLO me.here
SMTP<< 250-LO4P123CA0173.outlook.office365.com Hello [myip]
        250-SIZE 157286400
         250-PIPELINING
         250-DSN
         250-ENHANCEDSTATUSCODES
         250-AUTH LOGIN XOAUTH2
         250-8BITMIME
         250-BINARYMIME
         250-CHUNKING
         250 SMTPUTF8
SMTP>> AUTH XOAUTH2 ************
[.. snip..]
  SMTP<< 235 2.7.0 Authentication successful
  SMTP|> MAIL FROM:<myemail at somewhere> SIZE=1378 AUTH=ael at me.here
  SMTP|> RCPT TO:<witwall3 at disroot.org>
         will write message using CHUNKING
  SMTP+> BDAT 369 LAST
  SMTP>> QUIT
SMTP<< 250 2.1.0 Sender OK
  SMTP<< 250 2.1.5 Recipient OK
  SMTP<< 250 2.0.0 OK <E1pYPpI-0002cc-2b at me.here> [Hostname=redacted.PROD.OUTLOOK.COM]
  SMTP<< 221 2.0.0 Service closing transmission channel
LOG: MAIN
  H=outlook.xx.office365.com [ipaddres] TLS error on connection (recv):
Error in the pull function. 
SMTP(close)>>

===========================================================================

I need to look at the exim spec again, I suppose. And I am no expert on
TLS, so I would appreciate any help. Maybe I need to look at the source
of the gnutls library and grep for those error messages...

Thanks in advance,

ael

More information about the Pkg-exim4-users mailing list