The domain subse.eu has two MX hosts:
$ dig +short -t mx subse.eu | sort -n
10 mail.subse.eu.
30 mail2.subse.eu.
Both appear to run Exim, the first seemingly 4.84 and the second
seemingly 4.80. The first MX host does not complete TLS handshakes
aborting mid-way. Is there a known issue of this sort in either
OpenSSL or GnuTLS builds of Exim 4.84, or is this some firewall
messing up?
$ dig +short -t mx subse.eu |
sort -n |
sed -e 's/\.$//' |
while read pref mx
do
printf -- '\n-> %s\n' "$mx"
posttls-finger -Lsummary,ssl-debug -lmay "[$mx]"
done
-> mail.subse.eu
posttls-finger: Connected to mail.subse.eu[212.47.226.52]:25
posttls-finger: < 220 mail1.gondor.com ESMTP Exim 4.84 Fri, 06 Nov 2015 15:29:48 +0100
posttls-finger: > EHLO mournblade.imrryr.org
posttls-finger: < 250-mail1.gondor.com Hello mournblade.imrryr.org [38.117.134.19]
posttls-finger: < 250-SIZE 52428800
posttls-finger: < 250-8BITMIME
posttls-finger: < 250-PIPELINING
posttls-finger: < 250-STARTTLS
posttls-finger: < 250 HELP
posttls-finger: > STARTTLS
posttls-finger: < 220 TLS go ahead
posttls-finger: SSL_connect:before/connect initialization
posttls-finger: SSL_connect:SSLv2/v3 write client hello A
posttls-finger: SSL_connect:SSLv3 read server hello A
posttls-finger: SSL_connect:SSLv3 read server certificate A
posttls-finger: SSL_connect:SSLv3 read server key exchange A
posttls-finger: SSL_connect:SSLv3 read server done A
posttls-finger: SSL_connect:SSLv3 write client key exchange A
posttls-finger: SSL_connect:SSLv3 write change cipher spec A
posttls-finger: SSL_connect:SSLv3 write finished A
posttls-finger: SSL_connect:SSLv3 flush data
posttls-finger: SSL_connect:failed in SSLv3 read finished A
posttls-finger: SSL_connect error to mail.subse.eu[212.47.226.52]:25: lost connection
-> mail2.subse.eu
posttls-finger: Connected to mail2.subse.eu[85.214.127.203]:25
posttls-finger: < 220 h1319675.stratoserver.net ESMTP Exim 4.80 Fri, 06 Nov 2015 15:29:49 +0100
posttls-finger: > EHLO mournblade.imrryr.org
posttls-finger: < 250-h1319675.stratoserver.net Hello mournblade.imrryr.org [38.117.134.19]
posttls-finger: < 250-SIZE 52428800
posttls-finger: < 250-8BITMIME
posttls-finger: < 250-PIPELINING
posttls-finger: < 250-STARTTLS
posttls-finger: < 250 HELP
posttls-finger: > STARTTLS
posttls-finger: < 220 TLS go ahead
posttls-finger: SSL_connect:before/connect initialization
posttls-finger: SSL_connect:SSLv2/v3 write client hello A
posttls-finger: SSL_connect:SSLv3 read server hello A
posttls-finger: SSL_connect:SSLv3 read server certificate A
posttls-finger: SSL_connect:SSLv3 read server key exchange A
posttls-finger: SSL_connect:SSLv3 read server done A
posttls-finger: SSL_connect:SSLv3 write client key exchange A
posttls-finger: SSL_connect:SSLv3 write change cipher spec A
posttls-finger: SSL_connect:SSLv3 write finished A
posttls-finger: SSL_connect:SSLv3 flush data
posttls-finger: SSL_connect:SSLv3 read finished A
posttls-finger: Untrusted TLS connection established to mail2.subse.eu[85.214.127.203]:25: TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits)
posttls-finger: > EHLO mournblade.imrryr.org
posttls-finger: < 250-h1319675.stratoserver.net Hello mournblade.imrryr.org [38.117.134.19]
posttls-finger: < 250-SIZE 52428800
posttls-finger: < 250-8BITMIME
posttls-finger: < 250-PIPELINING
posttls-finger: < 250 HELP
posttls-finger: > QUIT
posttls-finger: < 221 h1319675.stratoserver.net closing connection
--
Viktor.
