Re: R: [exim] TLS error on connection

Top Page
Delete this message
Reply to this message
Author: Dave Lugo
Date:  
To: exim-users
Subject: Re: R: [exim] TLS error on connection
On Tue, 11 Apr 2006, Dave Lugo wrote:
>
> Not yet, but thanks for the suggestion! I'll work on it again
> today (and will report back so the solution gets archived)
>



Not much more progress, sadly. uThe sender site claims they don't care if
the cert is self-signed, but I did notice that the cert I had been using
was expired, so I created a new one.

relevant config entries are:

tls_advertise_hosts = 66.187.240.0/20
tls_certificate = CFG_DIR/.DEFAULT/mail.etherboy.com.cert
tls_privatekey = CFG_DIR/.DEFAULT/mail.etherboy.com.cert
tls_try_verify_hosts = *
tls_verify_certificates = /etc/certs

from exim -bd -d :

2741 LOG: MAIN
2741 helo:"hawk.sc1.ummail.com"
2741 accept: condition test succeeded
2741 host in pipelining_advertise_hosts? yes (matched "*")
2741 host in auth_advertise_hosts? no (end of list)
2741 host in tls_advertise_hosts? yes (matched "66.187.240.0/20")
2741 SMTP>> 250-spot.etherboy.com Hello hawk.ummail.com [66.187.250.49]
2741 250-SIZE 52428800
2741 250-PIPELINING
2741 250-STARTTLS
2741 250 HELP
2741 SMTP<< STARTTLS
2741 tls_certificate file
/var/exim/userprefs/.DEFAULT/mail.etherboy.com.cert
2741 tls_privatekey file
/var/exim/userprefs/.DEFAULT/mail.etherboy.com.cert
2741 Initialized TLS
2741 host in tls_verify_hosts? no (option unset)
2741 host in tls_try_verify_hosts? yes (matched "*")
2741 SMTP>> 220 TLS go ahead
2741 Calling SSL_accept
2741 SSL info: before/accept initialization
2741 SSL info: before/accept initialization
2741 SSL info: SSLv2 read client hello A
2741 SSL info: SSLv2 write server hello A
2741 SSL info: SSLv2 read client master key A
2741 LOG: MAIN
2741 TLS error on connection from hawk.ummail.com (hawk.sc1.ummail.com)
[66.187.250.49]:52181 (SSL_accept): error:00000000:lib(0):func(0):rea
son(0)
2741 TLS failed to start
2741 LOG: smtp_connection MAIN
2741 SMTP connection from hawk.ummail.com (hawk.sc1.ummail.com)
[66.187.250.49]:52181 closed by EOF


Any suggestions of what to check next?

Thanks,

Dave

-- 
--------------------------------------------------------
Dave Lugo   dlugo@???    LC Unit #260   TINLC
Have you hugged your firewall today?   No spam, thanks.
--------------------------------------------------------
Are you the police?  . . . .  No ma'am, we're sysadmins.