[exim] Issues with (gnu)tls

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MPhil Pennock at ->
Delete this message
Reply to this message
Author: Nuno Sucena Almeida
Date:  
To: exim-users
Subject: [exim] Issues with (gnu)tls
Hi,
    Depending on the cipher algorithm, when a remote smtp connection is 
using TLS, the spamassassin score gives the correct score or something 
likes this:
    X-Spam-Score: -nan
    X-Spam-Score_int: -2147483648.


    The same email sent using swaks without tls gives a correct 
spamassassin score.
    The weird thing is that looking at /var/log/spamd.log I see the correct 
scoring for all the cases, but it's not being "propagated" to the 
calling exim.


    Is this somehow related to
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=3364 ?


    I have this happening in two systems with similar configuration (ubuntu 
12.04 , exim 4.76, gnutls 2.12.14, spamassassin 3.3.2).

    
    I started exim in debug mode:


server:~# exim -d -bd -oX 5555 2>&1 |tee exim-openssl.log

and connected remotely using:

remote:~$ openssl s_client -connect server:5555 -starttls smtp -crlf \
-cipher AES256-SHA

remote:~$ openssl s_client -connect gw:5555 -starttls smtp -crlf \
-cipher RC4-SHA

The former gives:
1819 accept: condition test succeeded
1819 >>Headers added by DATA ACL:
1819 X-Spam-Score: nan
1819 X-Spam-Score_int: -2147483648
1819 X-Spam-Bar: -

and the latter:
1846 accept: condition test succeeded
1846 >>Headers added by DATA ACL:
1846 X-Spam-Score: -1.0
1846 X-Spam-Score_int: -9
1846 X-Spam-Bar: - 


My relevant exim configuration:
   # add the spam score to all messages.
   warn    message = X-Spam-Score: $spam_score\n\
                     X-Spam-Score_int: $spam_score_int\n\
                     X-Spam-Bar: $spam_bar
                 spam = Debian-exim:true




A grep -A 1 gnutls exim-openssl-AES256-SHA.log gives:

1819 gnutls_handshake was successful
1819 cipher: TLS1.0:RSA_AES_256_CBC_SHA1:32
--
1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
1819 SMTP<< ehlo example.org
--
1819 gnutls_record_send(SSL, 21f877d0, 117)
1819 outbytes=117
--
1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
1819 SMTP<< mail from: me@???
--
1819 gnutls_record_send(SSL, 21f7a998, 8)
1819 outbytes=8
1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
1819 SMTP<< rcpt to: tests@???
--
1819 gnutls_record_send(SSL, 21f7a998, 14)
1819 outbytes=14
1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
1819 SMTP<< data
--
1819 gnutls_record_send(SSL, 21f7a998, 56)
1819 outbytes=56
--
1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
1819 host in ignore_fromline_hosts? no (option unset)
1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
PDKIM >> Hashed body data, canonicalized >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
--
1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
1819 Data file written for message 1SRTuz-0000TL-Bj
--
1819 gnutls_record_send(SSL, 21f7a998, 28)
1819 outbytes=28
--
1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
1826 exec /usr/sbin/exim4 -d=0xfbbd5cfd -Mc 1SRTuz-0000TL-Bj
--
1819 gnutls_record_send(SSL, 21f7a998, 40)
1819 outbytes=40





and grep -A 1 gnutls exim-openssl-RC4-SHA.log:

1846 gnutls_handshake was successful
1846 cipher: TLS1.0:RSA_ARCFOUR_SHA1:16
--
1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
1846 SMTP<< EHLO example.org
--
1846 gnutls_record_send(SSL, 222617d0, 117)
1846 outbytes=117
--
1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
1846 SMTP<< mail from: me@???
--
1846 gnutls_record_send(SSL, 22254998, 8)
1846 outbytes=8
1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
1846 SMTP<< rcpt to: tests@???
--
1846 gnutls_record_send(SSL, 22254998, 14)
1846 outbytes=14
1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
1846 SMTP<< data
--
1846 gnutls_record_send(SSL, 22254998, 56)
1846 outbytes=56
--
1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
1846 host in ignore_fromline_hosts? no (option unset)
1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
PDKIM >> Hashed body data, canonicalized >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
--
1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
1846 Data file written for message 1SRTwa-0000Tm-O1
--
1846 gnutls_record_send(SSL, 22254998, 28)
1846 outbytes=28
--
1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
1855 Exim version 4.76 uid=105 gid=113 pid=1855 D=fbbd5cfd
--
1846 gnutls_record_send(SSL, 22254998, 40)
1846 outbytes=40 



    Any thoughts?
            Nuno



--
http://aeminium.org/nuno/

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Continuing development of Exim[exim] Using Exim to SMTP check Google Apps users?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)