[exim] SMTPS connection errors with Apple Mac Mail

Top Page
Delete this message
Reply to this message
Author: Assaf Gordon
Date:  
To: exim-users
Subject: [exim] SMTPS connection errors with Apple Mac Mail
Hello,

I'm trying to configure exim-4.80 with SMTPS and experiencing connection problems from an Apple Mac Mail client (mac os x 10.9.5, mac mail 7.3).

Perhaps someone has dealt with similar issues and can advise?

My setup is:
  exim-4.80, self-signed certificates, with the following options:
    tls_on_connect_ports = 465
    daemon_smtp_ports = 25 : 465


Sadly I can't use port 587/25 with STARTTLS - I need to use the TLS-on-connection option.

I've tested the following which all work fine:
openssl s_client -connect myserver:465
swaks --tls-on-connect --auth --server myserver
thunderbird 31.5 on ubuntu
iPhone mail iOS 7

But the apple mail client does not work.
In the exim mainlog, I get:
TLS error on connection from [[IP]] (gnutls_handshake): A TLS packet with unexpected length was received.

I tried compiling from source with OpenSSL, and get this:
TLS error on connection from [[IP]] (SSL_accept): error:00000000:lib(0):func(0):reason(0)
TLS client disconnected cleanly (rejected our certificate?)

The certificate is self-signed, but I've installed it in the Mac manually and marked it as "always trust".

I also looked with wireshark (on the mac), and the connection starts on port 465 with TLSv1 (sending "Client hello" and receiving "Server Hello") - so I would think the configuration on the Mac Mail is correct (i.e. it doesn't start in plain text and tries STARTTLS).
But then - it just stops and doesn't continue.

Any advice or suggestions on how to even start debugging it will be appreciated.

Thanks!
- Assaf