Good news! We just found the issue: it was coming from Norton Antivirus
which had an outgoing email scanning feature enabled... grrr!
Thanks all for the help!
Best regards,
Jerome
> -----Message d'origine-----
> De : Jerome Louvel
> Envoyé : mardi 15 avril 2008 16:48
> À : exim-users@???
> Cc : Heiko Schlittermann
> Objet : RE: [exim] Weird client TLS problem
>
>
> Hi Heiko,
>
> Thanks for the test idea.
>
> From my machine:
> ----------------
> 220 ssl.schlittermann.de ESMTP Exim 4.68 Tue, 15 Apr 2008
> 16:35:13 +0200
> EHLO colorado
> 250-ssl.schlittermann.de Hello m215.net81-67-81.noos.fr [81.67.81.215]
> 250-SIZE 52428800
> 250-PIPELINING
> 250-AUTH PLAIN LOGIN
> 250-STARTTLS
> 250 HELP
> STARTTLS
> 220 TLS go ahead
>
> From the other machine:
> -----------------------
> 220 ssl.schlittermann.de ESMTP Exim 4.68 Tue, 15 Apr 2008
> 16:36:54 +0200
> EHLO Labouelle
> 250-ssl.schlittermann.de Hello m215.net81-67-81.noos.fr [81.67.81.215]
> 250-SIZE 52428800
> 250-PIPELINING
> 250-AUTH PLAIN LOGIN
> 250-STARTTLS
> 250 HELP
> STARTTLS
> 454 TLS temporairement indisponible
>
>
> So the problem doesn't seems to come from our Exim machine.
> We did a test on Google's SMTP server:
>
> From my machine:
> ----------------
> 220 smtp.google.com ESMTP
> EHLO colorado
> 250-smtp.google.com Hello m215.net81-67-81.noos.fr
> [81.67.81.215], pleased to meet you
> 250-ENHANCEDSTATUSCODES
> 250-PIPELINING
> 250-8BITMIME
> 250-SIZE 20000000
> 250-STARTTLS
> 250-DELIVERBY
> 250 HELP
> STARTTLS
> 220 2.0.0 Ready to start TLS
>
> From the other machine:
> -----------------------
> 220 smtp.google.com ESMTP
> EHLO Labouelle
> 250-smtp.google.com Hello m215.net81-67-81.noos.fr
> [81.67.81.215], pleased to meet you
> 250-ENHANCEDSTATUSCODES
> 250-PIPELINING
> 250-8BITMIME
> 250-SIZE 20000000
> 250-STARTTLS
> 250-DELIVERBY
> 250 HELP
> STARTTLS
> 454 TLS temporairement indisponible
>
> So we have the same issue! So it is not an Exim issue but
> probably an issue with the client machine...
>
> Any idea? Please help! :)
>
> Best regards,
> Jerome
>
> > -----Message d'origine-----
> > De : exim-users-bounces@???
> > [mailto:exim-users-bounces@exim.org] De la part de Heiko
> Schlittermann
> > Envoyé : jeudi 10 avril 2008 21:16
> > À : exim-users@???
> > Objet : Re: [exim] Weird client TLS problem
> >
> > Jerome Louvel <contact@???> (Do 10 Apr 2008 18:13:49 CEST):
> > >
> > >
> > > I'm not sure I want to go that far yet as I'm still not
> > sure about the
> > > actual cause. Is a '0' entropy an issue in all cases, or is
> > it just an issue
> > > for Exim/TLS?
> >
> > Missing entropy should be a problem for all applications using
> > /dev/random.
> > > > 'not enought entropy' message, I think, it came from some
> > > > other service,
> > > > exim just waited for entropy (so I'm not 100% sure for your
> > > > case, since
> > > > for us exim just waited.... but could be that this
> > behaviour changed.)
> > >
> > > I checked mainlog again and nothing related to the failing
> > connection
> > > appears.
> >
> > Did you check it against other servers. You might use our
> > (ssl.schlittermann.de). Of course, I won't let you relay, but
> > you should
> > get a meaningful error message.
> >
> > Maybe you could start exim in debug mode on some other port
> and watch
> > the output
> >
> > exim -d-all+tls -bd -C <testconfig>
> >
> > --
> > Heiko
> >