Re: [exim] TLS interaction problem with Communigate Pro 4.1.…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Phil Pennock
Datum:  
To: Florian Weimer
CC: exim-users
Betreff: Re: [exim] TLS interaction problem with Communigate Pro 4.1.6
On 2008-04-15 at 09:37 +0200, Florian Weimer wrote:
> Communigate Pro (at least in some versions) does not cope very well
> with TLS advertisements. If this server software tries to submit a
> message to one of our hosts (which advertises STARTTLS during EHLO),
> it aborts the delivery attempt during the TLS handshake. The nasty
> part: it immediately retries, at the same MX, leading to the same
> failure, probably until the message has expired from the queue.


Can you get any debugging information about what exactly fails?

> Is there some sort of configuration hack that could help to address
> this problem? I don't want to fall back to SSL 3.0 globally (hich
> would solve this particular problem), and sender-specific
> configuration is only a last resort.


Use ratelimit checks in an acl_smtp_starttls ACL ?

Otherwise, parse the logs for the relevant error message occuring more
than N times in a given period (look at the shipped ratelimit.pl script
for help if needed) and update a file of forbidden STARTTLS senders and
use that in combination with tls_advertise_hosts.

-Phil