HI All,
Has anyone noticed a problem with exim-4.80.01+OpenSSL 1.0.1e
(installed from FreeBSD ports) and it delivering to remote hosts using
TLS?
Some remote hosts do work. Debugging shows that SSL negotiation
finished successfully but straight after that it is logged that the
remote closed the connection in response to MAIL FROM:<>
Disabling TLS fixes the problem or reverting to OpenSSL 0.9.8q (part
of base in FreeBSD 8.2) fixes the problem.
Anyone have suggestions on the best way to debug this to determine if
its a OpenSSL or a Exim problem ?
Below is an example of one remote host with a non-working and a working version:
14:28:57 95534 Connecting to maile.printspots.com [216.16.225.134]:25
... connected
14:28:58 95534 expanding: $primary_hostname
14:28:58 95534 result: mx1.percol8.co.za
14:28:58 95534 waiting for data on socket
14:28:58 95534 read response data: size=121
14:28:58 95534 SMTP<< 220 at-5000.VFPRINT.NET Microsoft ESMTP MAIL
Service, Version: 6.0.3790.4675 ready at Fri, 22 Feb 2013 07:28:58
-0500
14:28:58 95534 216.16.225.134 in hosts_avoid_esmtp? no (option unset)
14:28:58 95534 SMTP>> EHLO mx1.percol8.co.za
14:28:58 95534 waiting for data on socket
14:28:58 95534 read response data: size=334
14:28:58 95534 SMTP<< 250-at-5000.VFPRINT.NET Hello [41.79.180.20]
14:28:58 95534 250-TURN
14:28:58 95534 250-SIZE
14:28:58 95534 250-ETRN
14:28:58 95534 250-PIPELINING
14:28:58 95534 250-DSN
14:28:58 95534 250-ENHANCEDSTATUSCODES
14:28:58 95534 250-8bitmime
14:28:58 95534 250-BINARYMIME
14:28:58 95534 250-CHUNKING
14:28:58 95534 250-VRFY
14:28:58 95534 250-TLS
14:28:58 95534 250-STARTTLS
14:28:58 95534 250-X-EXPS GSSAPI NTLM LOGIN
14:28:58 95534 250-X-EXPS=LOGIN
14:28:58 95534 250-AUTH GSSAPI NTLM LOGIN
14:28:58 95534 250-AUTH=LOGIN
14:28:58 95534 250-X-LINK2STATE
14:28:58 95534 250-XEXCH50
14:28:58 95534 250 OK
14:28:58 95534 216.16.225.134 in hosts_avoid_tls? no (option unset)
14:28:58 95534 SMTP>> STARTTLS
14:28:58 95534 waiting for data on socket
14:28:59 95534 read response data: size=29
14:28:59 95534 SMTP<< 220 2.0.0 SMTP server ready
14:28:59 95534 setting SSL CTX options: 0x1000000
14:28:59 95534 Diffie-Hellman initialized from default with 2048-bit prime
14:28:59 95534 Initialized TLS
14:28:59 95534 Calling SSL_connect
14:28:59 95534 SSL info: before/connect initialization
14:28:59 95534 SSL info: before/connect initialization
14:28:59 95534 SSL info: SSLv2/v3 write client hello A
14:28:59 95534 SSL info: SSLv3 read server hello A
14:28:59 95534 SSL info: SSLv3 read server certificate A
14:28:59 95534 SSL info: SSLv3 read server done A
14:28:59 95534 SSL info: SSLv3 write client key exchange A
14:28:59 95534 SSL info: SSLv3 write change cipher spec A
14:28:59 95534 SSL info: SSLv3 write finished A
14:28:59 95534 SSL info: SSLv3 flush data
14:28:59 95534 SSL info: SSLv3 read finished A
14:28:59 95534 SSL info: SSL negotiation finished successfully
14:28:59 95534 SSL info: SSL negotiation finished successfully
14:28:59 95534 SSL_connect succeeded
14:28:59 95534 Cipher: TLSv1:DES-CBC3-SHA:168
14:28:59 95534 SMTP>> EHLO mx1.percol8.co.za
14:28:59 95534 tls_do_write(0x7fffffffca80, 24)
14:28:59 95534 SSL_write(SSL, 0x7fffffffca80, 24)
14:28:59 95534 outbytes=24 error=0
14:28:59 95534 waiting for data on socket
14:28:59 95534 Calling SSL_read(0x801c0e800, 0x7fffffffaa80, 4096)
14:28:59 95534 read response data: size=311
14:28:59 95534 SMTP<< 250-at-5000.VFPRINT.NET Hello [41.79.180.20]
14:28:59 95534 250-TURN
14:28:59 95534 250-SIZE
14:28:59 95534 250-ETRN
14:28:59 95534 250-PIPELINING
14:28:59 95534 250-DSN
14:28:59 95534 250-ENHANCEDSTATUSCODES
14:28:59 95534 250-8bitmime
14:28:59 95534 250-BINARYMIME
14:28:59 95534 250-CHUNKING
14:28:59 95534 250-VRFY
14:28:59 95534 250-X-EXPS GSSAPI NTLM LOGIN
14:28:59 95534 250-X-EXPS=LOGIN
14:28:59 95534 250-AUTH GSSAPI NTLM LOGIN
14:28:59 95534 250-AUTH=LOGIN
14:28:59 95534 250-X-LINK2STATE
14:28:59 95534 250-XEXCH50
14:28:59 95534 250 OK
14:28:59 95534 216.16.225.134 in hosts_avoid_pipelining? yes (matched "*")
14:28:59 95534 not using PIPELINING
14:28:59 95534 216.16.225.134 in hosts_require_auth? no (option unset)
14:28:59 95534 216.16.225.134 in hosts_try_auth? no (option unset)
14:28:59 95534 SMTP>> MAIL FROM:<warren@???> SIZE=16250
14:28:59 95534 tls_do_write(0x7fffffffca80, 59)
14:28:59 95534 SSL_write(SSL, 0x7fffffffca80, 59)
14:28:59 95534 outbytes=59 error=0
14:28:59 95534 waiting for data on socket
14:28:59 95534 Calling SSL_read(0x801c0e800, 0x7fffffffaa80, 4096)
14:29:00 95534 SSL info: SSL negotiation finished successfully
14:29:00 95534 ok=0 send_quit=0 send_rset=1 continue_more=0 yield=1
first_address is not NULL
14:29:00 95534 tls_close(): shutting down SSL
14:29:00 95534 SSL info: SSL negotiation finished successfully
14:29:00 95534 LOG: MAIN
14:29:00 95534 Remote host maile.printspots.com [216.16.225.134]
closed connection in response to MAIL FROM:<warren@???>
SIZE=16250
as opposed to the working version to the same remote host:
Connecting to maile.printspots.com [216.16.225.134]:25 ... connected
waiting for data on socket
read response data: size=121
SMTP<< 220 at-5000.VFPRINT.NET Microsoft ESMTP MAIL Service,
Version: 6.0.3790.4675 ready at Fri, 22 Feb 2013 08:01:14 -0500
216.16.225.134 in hosts_avoid_esmtp? no (option unset)
SMTP>> EHLO mx1.percol8.co.za
waiting for data on socket
read response data: size=334
SMTP<< 250-at-5000.VFPRINT.NET Hello [41.79.180.20]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-TLS
250-STARTTLS
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK
216.16.225.134 in hosts_avoid_tls? no (option unset)
SMTP>> STARTTLS
waiting for data on socket
read response data: size=29
SMTP<< 220 2.0.0 SMTP server ready
setting SSL CTX options: 0x1000000
Diffie-Hellman initialized from default with 2048-bit prime
Initialized TLS
Calling SSL_connect
SSL info: before/connect initialization
SSL info: before/connect initialization
SSL info: SSLv2/v3 write client hello A
SSL info: SSLv3 read server hello A
SSL info: SSLv3 read server certificate A
SSL info: SSLv3 read server done A
SSL info: SSLv3 write client key exchange A
SSL info: SSLv3 write change cipher spec A
SSL info: SSLv3 write finished A
SSL info: SSLv3 flush data
SSL info: SSLv3 read finished A
SSL info: SSL negotiation finished successfully
SSL info: SSL negotiation finished successfully
SSL_connect succeeded
Cipher: TLSv1:RC4-MD5:128
SMTP>> EHLO mx1.percol8.co.za
tls_do_write(0x7fffffffc8c0, 24)
SSL_write(SSL, 0x7fffffffc8c0, 24)
outbytes=24 error=0
waiting for data on socket
Calling SSL_read(0x801c84000, 0x7fffffffa8c0, 4096)
read response data: size=311
SMTP<< 250-at-5000.VFPRINT.NET Hello [41.79.180.20]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK
216.16.225.134 in hosts_avoid_pipelining? yes (matched "*")
not using PIPELINING
216.16.225.134 in hosts_require_auth? no (option unset)
216.16.225.134 in hosts_try_auth? no (option unset)
SMTP>> MAIL FROM:<warren@???> SIZE=16250
tls_do_write(0x7fffffffc8c0, 59)
SSL_write(SSL, 0x7fffffffc8c0, 59)
outbytes=59 error=0
waiting for data on socket
Calling SSL_read(0x801c84000, 0x7fffffffa8c0, 4096)
read response data: size=59
SMTP<< 250 2.1.0 warren@???....Sender OK
thanks
--
.warren