Re: [exim] Weird client TLS problem

Góra strony
Delete this message
Reply to this message
Autor: Jerome Louvel
Data:  
Dla: exim-users
Temat: Re: [exim] Weird client TLS problem

Hi Heiko,

Thanks for the test idea.

From my machine:
----------------
220 ssl.schlittermann.de ESMTP Exim 4.68 Tue, 15 Apr 2008 16:35:13 +0200
EHLO colorado
250-ssl.schlittermann.de Hello m215.net81-67-81.noos.fr [81.67.81.215]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
STARTTLS
220 TLS go ahead

From the other machine:
-----------------------
220 ssl.schlittermann.de ESMTP Exim 4.68 Tue, 15 Apr 2008 16:36:54 +0200
EHLO Labouelle
250-ssl.schlittermann.de Hello m215.net81-67-81.noos.fr [81.67.81.215]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
STARTTLS
454 TLS temporairement indisponible


So the problem doesn't seems to come from our Exim machine. We did a test on
Google's SMTP server:

From my machine:
----------------
220 smtp.google.com ESMTP
EHLO colorado
250-smtp.google.com Hello m215.net81-67-81.noos.fr [81.67.81.215], pleased
to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 20000000
250-STARTTLS
250-DELIVERBY
250 HELP
STARTTLS
220 2.0.0 Ready to start TLS

From the other machine:
-----------------------
220 smtp.google.com ESMTP
EHLO Labouelle
250-smtp.google.com Hello m215.net81-67-81.noos.fr [81.67.81.215], pleased
to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 20000000
250-STARTTLS
250-DELIVERBY
250 HELP
STARTTLS
454 TLS temporairement indisponible

So we have the same issue! So it is not an Exim issue but probably an issue
with the client machine...

Any idea? Please help! :)

Best regards,
Jerome

> -----Message d'origine-----
> De : exim-users-bounces@???
> [mailto:exim-users-bounces@exim.org] De la part de Heiko Schlittermann
> Envoyé : jeudi 10 avril 2008 21:16
> À : exim-users@???
> Objet : Re: [exim] Weird client TLS problem
>
> Jerome Louvel <contact@???> (Do 10 Apr 2008 18:13:49 CEST):
> >
> >
> > I'm not sure I want to go that far yet as I'm still not
> sure about the
> > actual cause. Is a '0' entropy an issue in all cases, or is
> it just an issue
> > for Exim/TLS?
>
> Missing entropy should be a problem for all applications using
> /dev/random.
> > > 'not enought entropy' message, I think, it came from some
> > > other service,
> > > exim just waited for entropy (so I'm not 100% sure for your
> > > case, since
> > > for us exim just waited.... but could be that this
> behaviour changed.)
> >
> > I checked mainlog again and nothing related to the failing
> connection
> > appears.
>
> Did you check it against other servers. You might use our
> (ssl.schlittermann.de). Of course, I won't let you relay, but
> you should
> get a meaningful error message.
>
> Maybe you could start exim in debug mode on some other port and watch
> the output
>
>     exim -d-all+tls -bd -C <testconfig>

>
> --
> Heiko
>