Re: [exim] TLS issue with Exim 4.84?

Top Page
Delete this message
Reply to this message
Author: Biju Abraham N.
Date:  
To: 'Joachim Boerner'
CC: exim-users
Subject: Re: [exim] TLS issue with Exim 4.84?
Dear Joachim,

Where do I set the PRIMARY_HOST_NAME to the FQDN and how? I could not find
this variable in any of the configuration files of Exim4.

About the MX, when I do the 'dig' in my mailserver, it is getting proper
map:
++++++++++++++++++ Start Log ++++++++++++++++++++++++++++
mail:~# dig mx rajagiritech.ac.in

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> mx rajagiritech.ac.in
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23653
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;rajagiritech.ac.in.            IN      MX


;; ANSWER SECTION:
rajagiritech.ac.in.     3558    IN      MX      10
mailback.rajagiritech.ac.in.
rajagiritech.ac.in.     3558    IN      MX      0 mail.rajagiritech.ac.in.


;; AUTHORITY SECTION:
rajagiritech.ac.in.     86358   IN      NS      ns1.asianetindia.com.
rajagiritech.ac.in.     86358   IN      NS      ns3.vodafone.ind.in.
rajagiritech.ac.in.     86358   IN      NS      ns2.vodafone.ind.in.
rajagiritech.ac.in.     86358   IN      NS      ns4.vodafone.ind.in.


;; ADDITIONAL SECTION:
ns1.asianetindia.com.   15532   IN      A       202.88.238.2
ns2.vodafone.ind.in.    44337   IN      A       182.19.95.35
ns3.vodafone.ind.in.    44337   IN      A       182.19.95.99
ns4.vodafone.ind.in.    44337   IN      A       182.19.95.67


;; Query time: 30 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Jul 23 08:35:50 IST 2016
;; MSG SIZE rcvd: 258

mail:~# dig a mail.rajagiritech.ac.in

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> a mail.rajagiritech.ac.in
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39811
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mail.rajagiritech.ac.in.       IN      A


;; ANSWER SECTION:
mail.rajagiritech.ac.in. 900    IN      A       122.15.77.196


;; AUTHORITY SECTION:
rajagiritech.ac.in.     86342   IN      NS      ns1.asianetindia.com.
rajagiritech.ac.in.     86342   IN      NS      ns3.vodafone.ind.in.
rajagiritech.ac.in.     86342   IN      NS      ns4.vodafone.ind.in.
rajagiritech.ac.in.     86342   IN      NS      ns2.vodafone.ind.in.


;; ADDITIONAL SECTION:
ns1.asianetindia.com.   15516   IN      A       202.88.238.2
ns2.vodafone.ind.in.    44321   IN      A       182.19.95.35
++++++++++++++++++ Start End ++++++++++++++++++++++++++++
So, is it not configured?


And where do I run the checktls perl script for testing SSL? On my mail
server itself?

I am sorry, I am not able to understand some of this terminology.

Regards,
Biju.
-----Original Message-----
From: Joachim Boerner [mailto:debian@boerner.info]
Sent: 22 July 2016 19:37
To: bijuan@???
Cc: exim-users@???; Exim-users
<exim-users-bounces+debian=boerner.info@???>
Subject: Re: [exim] TLS issue with Exim 4.84?

You can use services like http://checktls.com/perl/TestSender.pl to test
your SSL settings. This error:
550 Access denied - Invalid HELO name
indicates that you haven't set the PRIMARY_HOST_NAME to your actual fully
qualified host name mail.rajagiritech.ac.in. And your domain name
rajagiritech.ac.in doesn't have a mx-entry.

On 2016-07-22 15:35, bijuan@??? wrote:
> Dear All,
>
> I am running Exim4 4.84.2-1 on Debian Jessie. I was getting error
> while sending mails to certain domains, but mails were going to
> domains like gmail, yahoo etc. Then I installed a self certified
> certificate and a SSL certificate and enabled TLS, assuming issue was
> with TLS. Still the following errors are appearing when sending mails
> to certain domains.
>
> ++++++++++++ Log Start ++++++++++++++++++++++++++
> 2016-07-22 08:01:25 1bQQEs-0003xA-1d TLS error on connection to
> xx.xxx.com [148.251.254.194] (recv): The TLS connection was
> non-properly terminated.
> 2016-07-22 08:01:25 1bQQEs-0003xA-1d TLS error on connection to
> xx.xxx.com [148.251.254.194] (send): The specified session has been
> invalidated for some reason.
> 2016-07-22 08:01:25 1bQQEs-0003xA-1d ** xx@??? R=dnslookup
> T=remote_smtp X=TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128
> DN="CN=xx.xxx.com,EMAIL=x@???": SMTP error from remote mail
> server after MAIL FROM:<bijuan@???> SIZE=8160: host
> xx.xxx.com
> [x.y.z.194]: 550 Access denied - Invalid HELO name (See RFC2821
> 4.1.1.1)
> ++++++++++++ Log End ++++++++++++++++++++++++++
>
> I also have this log:
> ++++++++++++ Log Start ++++++++++++++++++++++++++
> mail:/etc/exim4# swaks -a -tls -q HELO -s mail.rajagiritech.ac.in -au
> bijuan -ap '<>'
> === Trying mail.rajagiritech.ac.in:25...
> === Connected to mail.rajagiritech.ac.in.
> <- 220 mail ESMTP Exim 4.84_2 Fri, 22 Jul 2016 19:03:35 +0530 ->
> EHLO mail.rajagiritech.ac.in
> <- 250-mail Hello mail.rajagiritech.ac.in [192.168.0.241]
> <- 250-SIZE 52428800
> <- 250-8BITMIME
> <- 250-PIPELINING
> <- 250-STARTTLS
> <- 250 HELP
> -> STARTTLS
> <- 220 TLS go ahead
> === TLS started with cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
> === TLS no local certificate set
> === TLS peer DN="/C=IN/O=rset/CN=mail.rajagiritech.ac.in"
> ~> EHLO mail.rajagiritech.ac.in
> <~ 250-mail Hello mail.rajagiritech.ac.in [192.168.0.241] <~
> 250-SIZE 52428800 <~ 250-8BITMIME <~ 250-PIPELINING <~ 250 HELP ~>
> QUIT <~ 221 mail closing connection === Connection closed with remote
> host.
> ++++++++++++ Log End ++++++++++++++++++++++++++
>
> Because of this, mails are not going to certain domains.
>
> Can anyone tell me what is the issue and how to solve this?
>
> Regards,
> Biju.