Re: [exim] TLS fatal alert for connections from web.de

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMNikolaus Rath at <-
MNikolaus Rath at ->
Delete this message
Reply to this message
Author: Todd Lyons
Date:  
To: exim-users
Subject: Re: [exim] TLS fatal alert for connections from web.de
If you have the capability, downgrade gnutls. Or if you have the
ability, install openssl, rebuild exim, and link against openssl
instead. Neither option is easy. But it's likely that it's the
specific version of gnutls not interoperating with the remote side.

...Todd

On Fri, Aug 30, 2013 at 8:10 PM, Nikolaus Rath <Nikolaus@???> wrote:
> Hello,
>
> Since a few weeks, my mail server can apparently no longer talk to the
> servers of web.de's freemail service.
>
> Unfortunately, even with -d+tls, I don't seem to be able to get anything
> useful about what's going wrong:
>
> 2013-08-31 03:00:38 exim 4.71 daemon started: pid=12553, -q30m, listening for SMTP on port 25 (IPv6 and IPv4) port 587 (IPv6 and IPv4) port 2025 (IPv6 and IPv4)
> 12553 Connection request from 212.227.15.3 port 63615
> 12553 search_tidyup called
> 12553 1 SMTP accept process running
> 12553 Listening...
> 12566 host in rfc1413_hosts? yes (matched "*")
> 12566 doing ident callback
> 12566 ident connection to 212.227.15.3 failed: Connection timed out
> 12566 sender_fullhost = [212.227.15.3]
> 12566 sender_rcvhost = [212.227.15.3]
> 12566 Process 12566 is handling incoming connection from [212.227.15.3]
> 12566 host in host_lookup? yes (matched "*")
> 12566 looking up host name for 212.227.15.3
> 12566 DNS lookup of 3.15.227.212.in-addr.arpa (PTR) succeeded
> 12566 IP address lookup yielded mout.web.de
> 12566 gethostbyname2(af=inet6) returned 4 (NO_DATA)
> 12566 gethostbyname2 looked up these IP addresses:
> 12566 name=mout.web.de address=212.227.15.6
> 12566 name=mout.web.de address=212.227.15.5
> 12566 name=mout.web.de address=212.227.15.3
> 12566 name=mout.web.de address=212.227.17.11
> 12566 name=mout.web.de address=212.227.15.14
> 12566 name=mout.web.de address=212.227.17.12
> 12566 name=mout.web.de address=212.227.15.4
> 12566 checking addresses for mout.web.de
> 12566 212.227.15.6
> 12566 212.227.15.5
> 12566 212.227.15.3 OK
> 12566 sender_fullhost = mout.web.de [212.227.15.3]
> 12566 sender_rcvhost = mout.web.de ([212.227.15.3])
> 12566 set_process_info: 12566 handling incoming connection from mout.web.de [212.227.15.3]
> 12566 host in host_reject_connection? no (option unset)
> 12566 host in sender_unqualified_hosts? no (option unset)
> 12566 host in recipient_unqualified_hosts? no (option unset)
> 12566 host in helo_verify_hosts? no (option unset)
> 12566 host in helo_try_verify_hosts? no (option unset)
> 12566 host in helo_accept_junk_hosts? no (option unset)
> 12566 SMTP>> 220 ebox.rath.org ESMTP Exim 4.71 Sat, 31 Aug 2013 03:01:42 +0000
> 12566 Process 12566 is ready for new message
> 12566 smtp_setup_msg entered
> 12566 SMTP<< EHLO mout.web.de
> 12566 sender_fullhost = mout.web.de [212.227.15.3]
> 12566 sender_rcvhost = mout.web.de ([212.227.15.3])
> 12566 set_process_info: 12566 handling incoming connection from mout.web.de [212.227.15.3]
> 12566 host in pipelining_advertise_hosts? yes (matched "*")
> 12566 host in auth_advertise_hosts? yes (matched "*")
> 12566 host in tls_advertise_hosts? yes (matched "*")
> 12566 SMTP>> 250-ebox.rath.org Hello mout.web.de [212.227.15.3]
> 12566 250-SIZE 52428800
> 12566 250-PIPELINING
> 12566 250-AUTH CRAM-MD5
> 12566 250-STARTTLS
> 12566 250 HELP
> 12566 SMTP<< STARTTLS
> 12566 initializing GnuTLS as a server
> 12566 read D-H parameters from file
> 12566 initialized D-H parameters
> 12566 certificate file = /etc/exim4/exim.crt
> 12566 key file = /etc/exim4/exim.key
> 12566 verify certificates = /etc/ssl/certs/ca-certificates.crt size=220557
> 12566 initialized certificate stuff
> 12566 host in tls_verify_hosts? no (option unset)
> 12566 host in tls_try_verify_hosts? yes (matched "*")
> 12566 initialized GnuTLS session
> 12566 SMTP>> 220 TLS go ahead
> 12566 LOG: MAIN
> 12566 TLS error on connection from mout.web.de [212.227.15.3] (gnutls_handshake): A TLS fatal alert has been received.
> 12566 TLS failed to start
> 12566 LOG: smtp_connection MAIN
> 12566 SMTP connection from mout.web.de [212.227.15.3] closed by EOF
> 12566 search_tidyup called
> 12553 child 12566 ended: status=0x0
>
>
> Does anyone have a suggestion what I can do to get more (helpful)
> information about the actual problem?
>
> Best,
>
>    -Nikolaus

>
> --
> »Time flies like an arrow, fruit flies like a Banana.«
>
> PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/



--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] TLS fatal alert for connections from web.deRe: [exim] TLS fatal alert for connections from web.de->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)