Re: [exim] Please check for SSL transport errors

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: The Doctor
CC: exim-users
Subject: Re: [exim] Please check for SSL transport errors
On 2017-02-11 at 17:50 -0700, The Doctor wrote:
> All right, I will test when RC4 comes out.


It's out.

> All right please review what was sent.
>
> NS1 is using openssl 1.0.2
>
> and ns2 is using openssl 1.1.0
>
> IS there an issue that you saw in the files I sent?


I saw debug logs of the sending side showing that the connection was
abruptly dropped out from under it, or showing the remote side
successfully deferring your mail for local policy reasons (the mail not
sent to your own server).

At this point, you need debug logs from the receiving MTA showing it
crashing or why it abruptly dropped the connection. You can run Exim on
a non-standard port and route mail for that host to that port on the
first server, or you can put a rule in a connect-time ACL to use
"control=debug" for connections from the first box (see ACL
documentation for how) or you can just temporarily run that server in
debug mode.


Is anyone else using Exim with OpenSSL 1.1.x and seeing crashes on
receiving email?

-Phil