[exim] My self signed cert seems to fail with american expre…

Top Page
This message is part of the following thread:
M--+\the complete thread tree sorted by date
M-\MM 
M\MMJeremy Harris at ->
Delete this message
Reply to this message
Author: Marc MERLIN
Date:  
To: exim-users
Subject: [exim] My self signed cert seems to fail with american express
Two issues.

With exim 4.80 on mail1.merlins.org, I have TLS Email working pretty much all the time (as
far as I can tell), but I just noticed that I was not getting some Emails from american express.

Unfortunately, my logs show very little that's useful:
2014-02-20 08:59:08 SMTP connection from [148.173.96.86]:8414 I=[209.81.13.136]:25 (TCP/IP connection count = 1)
2014-02-20 08:59:09 SMTP connection from extmta1-new.aexp.com [148.173.96.86]:8414 I=[209.81.13.136]:25 closed by QUIT

I had to get them to send me an Email while I was on the phone and run tshark to get better output.
1) would it be possible for exim to log details that something went wrong with TLS, and if possible
what, as opposed to logging absolutely nothing useful?

2) It may not be very easy for me to run exim in debug mode while waiting for their next encrypted Email,
but if it's the only way, I can try.
In the meantime, see this tshark output, namely:
TLSv1 72 Change Cipher Spec
TLSv1 295 Encrypted Handshake Message
TLSv1 103 Application Data
TLSv1 103 Encrypted Alert
TLSv1 343 Application Data
TLSv1 247 Encrypted Alert

Can I get better debug output without running with -d+all for all incoming Email?

You are welcome to spam my Email directly to see what cert and encryption
you get out of it, although I kind of know it already works with exim,
gmail, and more, so the problem must be less obvious than that.

Thanks,
Marc


148.173.96.86 -> 209.81.13.136 TCP 74 8414 > smtp [SYN] Seq=0 Win=5840 Len=0 MSS=1436 SACK_PERM=1 TSval=4219181399 TSecr=0 WS=128
209.81.13.136 -> 148.173.96.86 TCP 74 smtp > 8414 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSval=1061314171 TSecr=4219181399 WS=512
148.173.96.86 -> 209.81.13.136 TCP 66 8414 > smtp [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSval=4219181475 TSecr=1061314171
209.81.13.136 -> 148.173.96.86 SMTP 146 S: 220 mail1.merlins.org ESMTP Exim 4.80 #2 Thu, 20 Feb 2014 08:59:08 -0800 - mm9
1 148.173.96.86 -> 209.81.13.136 TCP 66 8414 > smtp [ACK] Seq=1 Ack=81 Win=5888 Len=0 TSval=4219181777 TSecr=1061314201
148.173.96.86 -> 209.81.13.136 SMTP 89 C: EHLO welcome.aexp.com
209.81.13.136 -> 148.173.96.86 TCP 66 smtp > 8414 [ACK] Seq=81 Ack=24 Win=14848 Len=0 TSval=1061314208 TSecr=4219181777
209.81.13.136 -> 148.173.96.86 SMTP 237 S: 250 mail1.merlins.org Hello extmta1-new.aexp.com [148.173.96.86] | 250 SIZE 26214400 | 250 8BITMIME | 250 EXPN | 250 PIPELINING | 250 AUTH PLAIN LOGIN | 250 STARTTLS | 250 HELP
148.173.96.86 -> 209.81.13.136 SMTP 76 C: STARTTLS
209.81.13.136 -> 148.173.96.86 TCP 66 smtp > 8414 [ACK] Seq=252 Ack=34 Win=14848 Len=0 TSval=1061314222 TSecr=4219181874
209.81.13.136 -> 148.173.96.86 SMTP 84 S: 220 TLS go ahead
01 148.173.96.86 -> 209.81.13.136 SSLv2 171 Client Hello
209.81.13.136 -> 148.173.96.86 TCP 66 smtp > 8414 [ACK] Seq=270 Ack=139 Win=14848 Len=0 TSval=1061314268 TSecr=4219182376
209.81.13.136 -> 148.173.96.86 TLSv1 1490 Server Hello, Certificate
32 209.81.13.136 -> 148.173.96.86 TLSv1 835 Server Key Exchange
148.173.96.86 -> 209.81.13.136 TCP 66 8414 > smtp [ACK] Seq=139 Ack=2463 Win=4736 Len=0 TSval=4219182960 TSecr=1061314319
148.173.96.86 -> 209.81.13.136 TLSv1 392 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
209.81.13.136 -> 148.173.96.86 TCP 66 smtp > 8414 [ACK] Seq=2463 Ack=465 Win=15872 Len=0 TSval=1061314336 TSecr=4219183049
209.81.13.136 -> 148.173.96.86 TLSv1 72 Change Cipher Spec
209.81.13.136 -> 148.173.96.86 TLSv1 295 Encrypted Handshake Message
148.173.96.86 -> 209.81.13.136 TCP 66 8414 > smtp [ACK] Seq=465 Ack=2698 Win=4736 Len=0 TSval=4219183324 TSecr=1061314355
148.173.96.86 -> 209.81.13.136 TLSv1 103 Application Data
148.173.96.86 -> 209.81.13.136 TLSv1 103 Encrypted Alert
209.81.13.136 -> 148.173.96.86 TCP 66 smtp > 8414 [ACK] Seq=2698 Ack=502 Win=15872 Len=0 TSval=1061314363 TSecr=4219183325
209.81.13.136 -> 148.173.96.86 TLSv1 343 Application Data
209.81.13.136 -> 148.173.96.86 TLSv1 247 Encrypted Alert
209.81.13.136 -> 148.173.96.86 TCP 66 smtp > 8414 [RST, ACK] Seq=3156 Ack=540 Win=15872 Len=0 TSval=1061314363 TSecr=4219183325
148.173.96.86 -> 209.81.13.136 TCP 60 8414 > smtp [RST] Seq=540 Win=0 Len=0 


-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Filter separatorRe: [exim] My self signed cert seems to fail with american express->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)