Hello everyone.
After upgrading FreeBSD 9.1 to 10.3 with appropriate upgrading of
packages a mysterious error started to show. (exim-4.87 was builded and
installed from ports, because prebuilt package doesn't include LDAP,
which is used in our system). Every night FreeBSD send output from
periodic scripts to root@, and all root@ mail (by aliases file) are
going to my @gmail.com account.
And sometimes (not always) in the morning i see in my @gmail.com account
mail from mailer-daemon@???, today example: "Warning: message
1bPLy3-000C8V-O5 delayed 24 hours".
On server i see this:
# mailq
26h 6.5M 1bPLy3-000C8V-O5 <root@???>
root@???
And then, if i try to force exim to deliver message, it shows this:
# exim -v -M 1bPLy3-000C8V-O5
...skip...
Connecting to gmail-smtp-in.l.google.com [108.177.14.26]:25 ... connected
SMTP<< 220 mx.google.com ESMTP 77si558883lfu.292 - gsmtp
SMTP>> EHLO startsnto.ru
SMTP<< 250-mx.google.com at your service, [81.200.243.105]
250-SIZE 157286400
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
SMTP>> STARTTLS
SMTP<< 220 2.0.0 Ready to start TLS
SMTP>> EHLO startsnto.ru
SMTP<< 250-mx.google.com at your service, [81.200.243.105]
250-SIZE 157286400
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
SMTP>> MAIL FROM:<root@???> SIZE=6894623
SMTP>> RCPT TO:<myaccountongmail@???>
SMTP>> DATA
SMTP<< 250 2.1.0 OK 77si558883lfu.292 - gsmtp
SMTP<< 250 2.1.5 OK 77si558883lfu.292 - gsmtp
SMTP<< 354 Go ahead 77si558883lfu.292 - gsmtp
SMTP>> writing message and terminating "."
LOG: MAIN
SSL_write: (from <unknown>) syscall: Permission denied
LOG: MAIN
H=gmail-smtp-in.l.google.com [108.177.14.26]:
gmail-smtp-in.l.google.com [108.177.14.26]: Permission denied
...skip...
But if I try to send mail from root@ to @gmail.com from command line
(and also from lan@ via thunderbird), it will be sent right away:
2016-07-20 08:34:40 1bPk9Y-000NP6-6u <= root@??? U=root P=local
S=695
2016-07-20 08:34:41 1bPk9Y-000NP6-6u => myaccountongmail@???
R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [64.233.163.26]
X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=yes C="250 2.0.0 OK
1468992881 m4si562022lfd.328 - gsmtp"
2016-07-20 08:34:41 1bPk9Y-000NP6-6u Completed
But if i try to send night mail from queue, it is always SSL_write: error.
I've already tried to rebuild exim, to remove old spool dir, to use
gnutls instead of openssl with no avail - night mail from queue is not
sended, SSL_write error, but i can send mail via exim right now.
exim is:
# exim -d
Exim version 4.87 (FreeBSD 10.3) uid=0 gid=0 pid=90040 D=fbb95cfd
Probably Berkeley DB version 1.8x (native mode)
Support for: crypteq iconv() IPv6 use_setclassresources PAM Perl
Expand_dlfunc OpenSSL Content_Scanning Old_Demime DKIM DNSSEC PRDR
Experimental_SPF
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm
dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm passwd
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Compiler: CLang [3.4.1 (tags/RELEASE_34/dot1-final 208032)]
Library version: OpenSSL: Compile: OpenSSL 1.0.2h 3 May 2016
Runtime: OpenSSL 1.0.2h 3 May 2016
: built on: reproducible build, date
unspecified
Library version: Cyrus SASL: Compile: 2.1.26
Runtime: 2.1.26 [Cyrus SASL]
Library version: PCRE: Compile: 8.39
Runtime: 8.39 2016-06-14
Total 15 lookups
WHITELIST_D_MACROS unset
TRUSTED_CONFIG_LIST unset
changed uid/gid: forcing real = effective
uid=0 gid=0 pid=90040
auxiliary group list: 0
seeking password data for user "mailnull": using cached result
getpwnam() succeeded uid=26 gid=26
seeking password data for user "root": cache not available
getpwnam() succeeded uid=0 gid=0
changed uid/gid: calling tls_validate_require_cipher
uid=26 gid=6 pid=90041
auxiliary group list: 6
tls_validate_require_cipher child 90041 ended: status=0x0
openssl option, adding from 1100000: 1000000 (no_sslv2 +no_sslv3)
openssl option, adding from 1100000: 2000000 (no_sslv3)
LOG: MAIN
Warning: purging the environment.
Suggested action: use keep_environment.
configuration file is /usr/local/etc/exim/configure
log selectors = 00000ffc 10332001
cwd=/root 2 args: exim -d
trusted user
admin user
changed uid/gid: privilege not needed
uid=26 gid=6 pid=90040
auxiliary group list: 6
seeking password data for user "mailnull": cache not available
getpwnam() succeeded uid=26 gid=26
DSN: dnslookup propagating DSN
DSN: system_aliases propagating DSN
DSN: adsi_check propagating DSN
DSN: local_adsi_user propagating DSN
DSN: localuser propagating DSN
seeking password data for user "cyrus": cache not available
getpwnam() succeeded uid=60 gid=60
originator: uid=0 gid=0 login=root name="startsnto.ru root"
sender address = root@???
Exim is a Mail Transfer Agent. It is normally called by Mail User Agents,
not directly from a shell command line. Options and/or arguments control
what it does when called. For a list of options, see the Exim documentation.
UPDATE:
Here's funny part: i couldn't send this email to exim-users list from
lan@???, because - SSL_write: Permission denied! :)
Here's log:
# exim -v -M 1bQCfQ-000Agq-Oz
LOG: MAIN
Warning: purging the environment.
Suggested action: use keep_environment.
delivering 1bQCfQ-000Agq-Oz
Connecting to hummus.csx.cam.ac.uk [2001:630:212:8::e:f0e]:25 ...
failed: No route to host
LOG: MAIN
H=hummus.csx.cam.ac.uk [2001:630:212:8::e:f0e] No route to host
Connecting to hummus.csx.cam.ac.uk [131.111.8.88]:25 ... connected
SMTP<< 220 hummus.csx.cam.ac.uk ESMTP Exim 4.85 Thu, 21 Jul 2016
13:10:02 +0100
SMTP>> EHLO startsnto.ru
SMTP<< 250-hummus.csx.cam.ac.uk Hello startsnto.ru [81.200.243.105]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH CRAM-MD5
250-STARTTLS
250 HELP
SMTP>> STARTTLS
SMTP<< 220 TLS go ahead
LOG: MAIN
[131.111.8.88] SSL verify error: depth=0 error=self signed
certificate cert=/C=GB/ST=Cambridge/L=University of Cambridge/O=Exim
Maintainers/CN=hummus.csx.cam.ac.uk
SMTP>> EHLO startsnto.ru
SMTP<< 250-hummus.csx.cam.ac.uk Hello startsnto.ru [81.200.243.105]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH CRAM-MD5
250 HELP
SMTP>> MAIL FROM:<lan@???> SIZE=7878
SMTP>> RCPT TO:<exim-users@???>
SMTP>> DATA
SMTP<< 250 OK
SMTP<< 250 Accepted
SMTP<< 354 Enter message, ending with "." on a line by itself
SMTP>> writing message and terminating "."
LOG: MAIN
SSL_write: (from ([192.168.75.50]) [192.168.75.50]) syscall:
Permission denied
LOG: MAIN
H=hummus.csx.cam.ac.uk [131.111.8.88]: hummus.csx.cam.ac.uk
[131.111.8.88]: Permission denied
Connecting to boom.graemef.net [2001:470:1f08:1362::2]:25 ... failed: No
route to host
LOG: MAIN
H=boom.graemef.net [2001:470:1f08:1362::2] No route to host
Connecting to boom.graemef.net [82.113.154.29]:25 ... connected
SMTP<< 220-boom.graemef.net ESMTP Thu, 21 Jul 2016 13:10:08 +0100,
220 please go ahead... don't spam though.
SMTP>> EHLO startsnto.ru
SMTP<< 250-boom.graemef.net Hello startsnto.ru [81.200.243.105]
250-SIZE 52428800
250-8BITMIME
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
SMTP>> STARTTLS
SMTP<< 220 TLS go ahead
LOG: MAIN
[82.113.154.29] SSL verify error: certificate name mismatch:
"/CN=webmail.graemef.net"
SMTP>> EHLO startsnto.ru
SMTP<< 250-boom.graemef.net Hello startsnto.ru [81.200.243.105]
250-SIZE 52428800
250-8BITMIME
250-AUTH PLAIN LOGIN
250 HELP
SMTP>> MAIL FROM:<lan@???> SIZE=7878
SMTP<< 250 OK - you're fine, we like you.
SMTP>> RCPT TO:<exim-users@???>
SMTP<< 250 Accepted
SMTP>> DATA
SMTP<< 354 Enter message, ending with "." on a line by itself
SMTP>> writing message and terminating "."
LOG: MAIN
SSL_write: (from ([192.168.75.50]) [192.168.75.50]) syscall:
Permission denied
LOG: MAIN
H=boom.graemef.net [82.113.154.29]: boom.graemef.net [82.113.154.29]:
Permission denied
LOG: MAIN
== exim-users@??? R=dnslookup T=remote_smtp defer (13):
Permission denied H=boom.graemef.net [82.113.154.29]: boom.graemef.net
[82.113.154.29]
--
best regards
