On 2017-02-04 at 10:26 -0700, The Doctor wrote:
> Looks as if there is an issue sending mail between the server
> using SSL that I had to revert back to Exim 4.88
>
> Using FreeBSD 11.
As bug-reports go, this one is somewhat lacking. I ask you to put
yourself in my shoes: what could I reasonably do to proceed, based upon
what you've said here?
Please read:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
The mailhub for spodhuis.org is FreeBSD 10.3 and running Exim 4.89RC2.
When I send mail out as pdp@??? it flows to the exim.org mailhub,
authenticating the TLS certificate using DANE (DNSSEC in use with TLSA)
and authenticating (SMTP AUTH with CRAM-MD5) within that session, before
sending the message using CHUNKING. spodhuis.org mailhub is within a
Jail environment with IPv4/IPv6 dualstack connectivity, choosing IPv6 to
reach the exim.org mailhub.
TLS fields from mainlog for such a delivery:
X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=dane DN="/CN=mx.exim.org"
Exim 4.89's -d -bV library linkage information:
Library version: OpenSSL: Compile: OpenSSL 1.0.2k 26 Jan 2017
Runtime: OpenSSL 1.0.2k 26 Jan 2017
: built on: reproducible build, date unspecified
Relevant lines from Local/Makefile:
SUPPORT_TLS=yes
USE_OPENSSL_PC=openssl
So Exim on FreeBSD 10.3 with OpenSSL supplied by Ports
(openssl-1.0.2k,1; local Poudriere build), things work fine.
How was your Exim 4.89RC2 built? What was the library linkage (ldd
output? "exim -d-all+tls --version") What was the error seen?
------------8< Success Report: FreeBSD 10.3 Exim 4.89RC2 >8-------------
# exim -d-all+tls --version
Exim version 4.89 #2 built 05-Feb-2017 03:20:00
Copyright (c) University of Cambridge, 1995 - 2017
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2017
Probably Berkeley DB version 1.8x (native mode)
Support for: crypteq iconv() IPv6 use_setclassresources OpenSSL Content_Scanning DKIM DNSSEC Event OCSP TCP_Fast_Open Experimental_QUEUEFILE Experimental_DANE
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb passwd sqlite
Authenticators: cram_md5 dovecot heimdal_gssapi plaintext tls
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir autoreply lmtp pipe queuefile smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Compiler: CLang [3.4.1 (tags/RELEASE_34/dot1-final 208032)]
Library version: OpenSSL: Compile: OpenSSL 1.0.2k 26 Jan 2017
Runtime: OpenSSL 1.0.2k 26 Jan 2017
: built on: reproducible build, date unspecified
Library version: Heimdal: Runtime: Heimdal 7.1.0
Build Info: @(#)$Version: Heimdal 7.1.0 by root on builds.spodhuis.org (amd64-portbld-freebsd10.3) Fri Jan 6 04:34:17 UTC 2017 $
Library version: PCRE: Compile: 8.40
Runtime: 8.40 2017-01-11
Library version: SQLite: Compile: 3.16.2
Runtime: 3.16.2
WHITELIST_D_MACROS unset
TRUSTED_CONFIG_LIST: "/etc/exim/trusted_configs"
Exim version 4.89 uid=0 gid=0 pid=61133 D=8000000
tls_require_ciphers expands to "ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!RC4:!aNULL:!ADH:!DES:!EXP:!NULL:!aNULL:!eNULL"
tls_validate_require_cipher child 61134 ended: status=0x0
openssl option, adding from 1100000: 1000000 (no_sslv2 +no_sslv3)
openssl option, adding from 1100000: 2000000 (no_sslv3)
configuration file is /etc/exim/exim.conf
log selectors = 0000fffe 1ebf6faa
cwd=/root 3 args: exim -d-all+tls --version
trusted user
admin user
Configuration file is /etc/exim/exim.conf
------------8< Success Report: FreeBSD 10.3 Exim 4.89RC2 >8-------------
