Re: [exim] TLS error on connection

Page principale
Ce message fait partie du fil suivant :
MArborescence complète du fil triée par date
M-\Gary Stainburn à <-
M\MGary Stainburn à ->
Supprimer ce message
Répondre à ce message
Auteur: Viktor Dukhovni
Date:  
À: exim-users
Sujet: Re: [exim] TLS error on connection
On Thu, Aug 27, 2015 at 03:23:37PM +0100, Gary Stainburn wrote:

> I did have a number of delay statements in my config as suggested in various
> anti-SPAM pages over many years. I have reduced them signigicantly but that
> also hasn't made any difference.

I just tried: 

    $ posttls-finger ringways.co.uk
    posttls-finger: Connected to mail.ringways.co.uk[88.211.105.31]:25
    posttls-finger: < 220 mail.ringways.co.uk ESMTP Exim 4.84 Thu, 27 Aug 2015 15:36:49 +0100
    posttls-finger: > EHLO mournblade.imrryr.org
    posttls-finger: < 250-mail.ringways.co.uk Hello mournblade.imrryr.org [38.117.134.19]
    posttls-finger: < 250-SIZE 104857600
    posttls-finger: < 250-8BITMIME
    posttls-finger: < 250-PIPELINING
    posttls-finger: < 250-STARTTLS
    posttls-finger: < 250 HELP
    posttls-finger: > STARTTLS
    posttls-finger: < 220 TLS go ahead
    posttls-finger: SSL_connect error to mail.ringways.co.uk[88.211.105.31]:25: Connection timed out


Are you using /dev/random, rather than /dev/urandom for entropy?

There was a long pause after "220 TLS go ahead" and then a timeout.

Turning on "debug" logging shows that the timeout is right after
the TLS client HELLO. 

    $ posttls-finger -Ldebug ringways.co.uk
    posttls-finger: initializing the client-side TLS engine
    posttls-finger: Connected to mail.ringways.co.uk[88.211.105.31]:25
    posttls-finger: < 220 mail.ringways.co.uk ESMTP Exim 4.84 Thu, 27 Aug 2015 15:39:27 +0100
    posttls-finger: > EHLO mournblade.imrryr.org
    posttls-finger: < 250-mail.ringways.co.uk Hello mournblade.imrryr.org [38.117.134.19]
    posttls-finger: < 250-SIZE 104857600
    posttls-finger: < 250-8BITMIME
    posttls-finger: < 250-PIPELINING
    posttls-finger: < 250-STARTTLS
    posttls-finger: < 250 HELP
    posttls-finger: > STARTTLS
    posttls-finger: < 220 TLS go ahead
    posttls-finger: setting up TLS connection to mail.ringways.co.uk[88.211.105.31]:25
    posttls-finger: SSL_connect:before/connect initialization
    posttls-finger: SSL_connect:SSLv2/v3 write client hello A
    ... delay ...
    posttls-finger: SSL_connect error to mail.ringways.co.uk[88.211.105.31]:25: Connection timed out


So either you have MTU or other network issues with sending the
server TLS HELLO etc. or your server is not producing "entopy"
quickly enough, because you're using /dev/random instead of
/dev/urandom as your randomness source for seeding TLS. 

-- 
    Viktor.


Ce message a été envoyé sur les listes de diffusion suivantes :
Exim-users
Informations sur la liste de diffusion | Messages voisins		<-Re: [exim] wanna turn off ipv6 when sending to gmailRe: [exim] TLS error on connection->
Tahini and Hummus and Cumin Development Archives administré par cumin AdminsLurker (version 2.3)