Hi Nikolaus,
Nikolaus Rath <Nikolaus@???> (Sa 31 Aug 2013 05:10:17 CEST):
> Hello,
>
> Since a few weeks, my mail server can apparently no longer talk to the
> servers of web.de's freemail service.
>
> Unfortunately, even with -d+tls, I don't seem to be able to get anything
> useful about what's going wrong:
>
> 2013-08-31 03:00:38 exim 4.71 daemon started: pid=12553, -q30m, listening for SMTP on port 25 (IPv6 and IPv4) port 587 (IPv6 and IPv4) port 2025 (IPv6 and IPv4)
It seems to be an older version of Exim.
Long time ago we had problems with GnuTLS. But I think, it happened,
when when Exim was the client. The remote side offered more then xx (xx
was about 100) known CAs, to give us (the Exim on the client side) the
chance, to select a cert the remote side can verify. -- At least this is
my explanation, it might be wrong. Not wrong is the fact, that reducing
the number of known CAs on the remote side cured the problem. But
upgrading the cliend side cured this as well.
Or - it's something related to problems we have since Aug, 16th, sending
mails to smtpin.rzone.de: gnutls complains about the DH prime being to
short (1024 bit are offered, but older GNUTLS seems to insist on more
bits). (Having exim 4.76. Newer Exims do not expose this behaviour, they
probably use 1024 bit as default (Debian) and additionally it's configurable.)
I do not know if this is valid for the opposite direction too.
As always, everything can be wrong.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: 7CBF764A -
gnupg fingerprint: 9288 F17D BBF9 9625 5ABC 285C 26A9 687E 7CBF 764A -
(gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B)-