[exim] TLS fatal alert for connections from web.de

Hello,

Since a few weeks, my mail server can apparently no longer talk to the
servers of web.de's freemail service.

Unfortunately, even with -d+tls, I don't seem to be able to get anything
useful about what's going wrong:

2013-08-31 03:00:38 exim 4.71 daemon started: pid=12553, -q30m, listening for SMTP on port 25 (IPv6 and IPv4) port 587 (IPv6 and IPv4) port 2025 (IPv6 and IPv4)
12553 Connection request from 212.227.15.3 port 63615
12553 search_tidyup called
12553 1 SMTP accept process running
12553 Listening...
12566 host in rfc1413_hosts? yes (matched "*")
12566 doing ident callback
12566 ident connection to 212.227.15.3 failed: Connection timed out
12566 sender_fullhost = [212.227.15.3]
12566 sender_rcvhost = [212.227.15.3]
12566 Process 12566 is handling incoming connection from [212.227.15.3]
12566 host in host_lookup? yes (matched "*")
12566 looking up host name for 212.227.15.3
12566 DNS lookup of 3.15.227.212.in-addr.arpa (PTR) succeeded
12566 IP address lookup yielded mout.web.de
12566 gethostbyname2(af=inet6) returned 4 (NO_DATA)
12566 gethostbyname2 looked up these IP addresses:
12566 name=mout.web.de address=212.227.15.6
12566 name=mout.web.de address=212.227.15.5
12566 name=mout.web.de address=212.227.15.3
12566 name=mout.web.de address=212.227.17.11
12566 name=mout.web.de address=212.227.15.14
12566 name=mout.web.de address=212.227.17.12
12566 name=mout.web.de address=212.227.15.4
12566 checking addresses for mout.web.de
12566 212.227.15.6
12566 212.227.15.5
12566 212.227.15.3 OK
12566 sender_fullhost = mout.web.de [212.227.15.3]
12566 sender_rcvhost = mout.web.de ([212.227.15.3])
12566 set_process_info: 12566 handling incoming connection from mout.web.de [212.227.15.3]
12566 host in host_reject_connection? no (option unset)
12566 host in sender_unqualified_hosts? no (option unset)
12566 host in recipient_unqualified_hosts? no (option unset)
12566 host in helo_verify_hosts? no (option unset)
12566 host in helo_try_verify_hosts? no (option unset)
12566 host in helo_accept_junk_hosts? no (option unset)
12566 SMTP>> 220 ebox.rath.org ESMTP Exim 4.71 Sat, 31 Aug 2013 03:01:42 +0000
12566 Process 12566 is ready for new message
12566 smtp_setup_msg entered
12566 SMTP<< EHLO mout.web.de
12566 sender_fullhost = mout.web.de [212.227.15.3]
12566 sender_rcvhost = mout.web.de ([212.227.15.3])
12566 set_process_info: 12566 handling incoming connection from mout.web.de [212.227.15.3]
12566 host in pipelining_advertise_hosts? yes (matched "*")
12566 host in auth_advertise_hosts? yes (matched "*")
12566 host in tls_advertise_hosts? yes (matched "*")
12566 SMTP>> 250-ebox.rath.org Hello mout.web.de [212.227.15.3]
12566 250-SIZE 52428800
12566 250-PIPELINING
12566 250-AUTH CRAM-MD5
12566 250-STARTTLS
12566 250 HELP
12566 SMTP<< STARTTLS
12566 initializing GnuTLS as a server
12566 read D-H parameters from file
12566 initialized D-H parameters
12566 certificate file = /etc/exim4/exim.crt
12566 key file = /etc/exim4/exim.key
12566 verify certificates = /etc/ssl/certs/ca-certificates.crt size=220557
12566 initialized certificate stuff
12566 host in tls_verify_hosts? no (option unset)
12566 host in tls_try_verify_hosts? yes (matched "*")
12566 initialized GnuTLS session
12566 SMTP>> 220 TLS go ahead
12566 LOG: MAIN
12566 TLS error on connection from mout.web.de [212.227.15.3] (gnutls_handshake): A TLS fatal alert has been received.
12566 TLS failed to start
12566 LOG: smtp_connection MAIN
12566 SMTP connection from mout.web.de [212.227.15.3] closed by EOF
12566 search_tidyup called
12553 child 12566 ended: status=0x0


Does anyone have a suggestion what I can do to get more (helpful)
information about the actual problem?

Best,

-Nikolaus

--
»Time flies like an arrow, fruit flies like a Banana.«

PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C