Hi,
my mail server, running Exim 4.34 on Debian, sometimes receives a reject
when trying to set up a TLS connection. Most of the time there's no
problem and Exim gets an encrypted connection, but one specific
destination MX (running Sendmail 8.12.11) always returns:
551 5.0.0 Fix your SSL problems first!
Delivery to my home server (Exim 3.36) usually works, but occasionally
(~1/100) results in:
sender:
TLS error on connection to mail.reactor.de [217.227.68.211]
(gnutls_handshake): A TLS fatal alert has been received.
== cpunk@??? R=dnslookup_relay_to_domains T=remote_smtp defer
(-37): failure while setting up TLS session
receiver:
TLS error on connection from teralink.net [82.165.25.23] (SSL_accept):
error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad
record mac
A successful transmission between the same hosts looks like this:
sender:
=> cpunk@??? R=dnslookup_relay_to_domains T=remote_smtp
H=mail.reactor.de [217.227.68.211] X=TLS-1.0:RSA_ARCFOUR_SHA:16
DN="C=DE,ST=Niedersachsen,L=Wedemark,O=reactor network,OU=mail
services,CN=*.reactor.de,EMAIL=postmaster@???"
Completed
receiver:
<= vdr-bounce@??? H=teralink.net [82.165.25.23] P=esmtp
X=TLSv1:RC4-SHA:128 S=3003 id=4178FCE7.EAE276E@???
The certificate uses 4096 bit RSA encryption and is signed by my own CA
(which uses a self signed cert).
What's wrong here? I have no idea and this X509/TLS stuff is not one of my
strengths (yet). ,) Replacing the cert with a new one didn't make any
difference.
Please let me know if you need any more information.
Regards,
--
Steffen Beyer <sbeyer@???>
GnuPG key fingerprint: CA00 1611 242B 89D4 E643 E235 05F3 7689 DD3E EB26
Public key available upon request or at
http://wwwkeys.de.pgp.net
