Re: [Exim] Help decoding TLS error log

Top Pagina
Delete this message
Reply to this message
Auteur: Marc MERLIN
Datum:  
Aan: Patrice Fournier
CC: exim-users
Onderwerp: Re: [Exim] Help decoding TLS error log
On Wed, Jan 23, 2002 at 06:36:26PM -0500, Patrice Fournier wrote:
>
> Seems another message (16TUla-00065p-00) is waiting for that host,
> starting a new Exim process...


Ah, that would explain it. I do have a few messages queued for that host.
They have have had the STARTTLS broken, and subsequently fixed, but now exim
is having issues flushing the queue to them.

> > SMTP<<
> > LOG: 0 MAIN
> > Malformed SMTP response from mail.epost.de [64.39.38.43] after
> > STARTTLS: \025\003\001
>
> Of course, the server is already in encrypted mode and doesn't understand
> a thing about what it just got, neither does Exim understands the server's
> encrypted response...


Aaah, yeah, of course.
So, I could flush the queue message by message, but there is apparently
indeed a problem in the exim code (at least in 3.31), so I'll leave it alone
in case I can provide more debugging info.

> to one per connection) Does Exim as a server close TLS after it has
> successfully received one message? I do suppose sf mailing lists do TLS
> with many Exim boxes... and this error would have triggered the same
> problem very often, ...


Yep.
Something must be different here, we do TLS with *many* hosts, and it would
have broken long ago if it were such a simple bug.
We've also had many hosts like charter.net with that stupid CommuniGate Pro
which defaults to advertising STARTTLS even if it's not configured to do it,
and when the said hosts fixed their stuff, the exim queue flushed fine.

Mmhhh, what could it be this time...

Marc
--
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking


Home page: http://marc.merlins.org/ | Finger marc_f@??? for PGP key