Re: [exim] Exim + (GNU)TLS + Outlook + tls_try_verify_hosts

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Phil Pennock
Date:  
À: exim-users
Sujet: Re: [exim] Exim + (GNU)TLS + Outlook + tls_try_verify_hosts
On 2009-06-19 at 16:00 +0200, Heiko Schlittermann wrote:
>         14450 LOG: MAIN
>         14450   TLS error on connection from p54b3640b.dip.t-dialin.net (hopperxp) [84.179.100.11] (SSL_accept): error:00000000:lib(0):func(0):reason(0)


I've a vague recollection that this means there wasn't an SSL problem,
the connection just went away with a clean SSL shutdown; I'm not more
than 60% sure of this though.

I suspect that the client is just ending when it's asked for a client
cert.

> * Now the client seems to start a new session, proably w/o TLS, but this fails
> * on some sync issue:


Yes, the client doesn't speak SMTP well enough to even wait for a
banner. In a lockstep protocol, that doesn't happen with clients
following protocol -- normally it's a sign of malware but it might also
be someone trying to "game" performance figures by not waiting around at
start-up. So you're left picking up the pieces.

You can work around this either with smtp_enforce_sync in the main
config or in an ACL with "control = no_enforce_sync".

-Phil