[exim] Problems with inbound connections from outlook.com

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MHeiko Schlittermann at ->
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: [exim] Problems with inbound connections from outlook.com
Hi,

we're operating a legacy system with Exim 4.80 (the Debian build). It
uses GnuTLS 2.12.20. We do *not* use the Debian configuration scheme but
an own one.

On outlook.com I tried to connect the account for outgoing mails with an
account on the machine running Exim.

It seems that outlook.com tries to verify the connection and fails. The
error message on outlook.com indicates: TLS error 0x… (not reproducable
just now, depends on the way I setup the 'connected account').

From the mainlog:
2017-02-23 07:23:28 TLS error on connection from [40.96.35.133] (recv): A TLS packet with unexpected length was received.
2017-02-23 07:23:28 TLS error on connection from [40.96.35.133] (send): The specified session has been invalidated for some reason.

I know, this doesn't imply a TLS problem, and better yet, I'm not even
sure, if this issue *is* TLS related. Because, from the following log
it *seems* as if the TLS connection gets established.

Here is a log I got using `exim -d+all -bdf', parts that *I* consider as
unrelated are removed.

Any hint is highly appreciated. 


00:35:08 24960 Exim version 4.80 uid=0 gid=0 pid=24960 D=fffdffff
…
Compiler: GCC [4.7.2]
Library version: GnuTLS: Compile: 2.12.20
                         Runtime: 2.12.20
…
00:35:08 24961 changed uid/gid: calling tls_validate_require_cipher
00:35:08 24961   uid=107 gid=107 pid=24961
00:35:08 24961   auxiliary group list: <none>
00:35:08 24960 tls_validate_require_cipher child 24961 ended: status=0x0
00:35:08 24960 configuration file is /etc/exim4/exim4.conf
00:35:08 24960 log selectors = 00000efc 002b2205
00:35:08 24960 cwd=/root 3 args: exim -d+all -bdf
…
00:35:19 24998 expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
00:35:19 24998    result: lion.totocom.de ESMTP Exim 4.80 Thu, 23 Feb 2017 00:35:19 +0100
00:35:19 24998 SMTP>> 220 lion.totocom.de ESMTP Exim 4.80 Thu, 23 Feb 2017 00:35:19 +0100
00:35:19 24998 Process 24998 is ready for new message
00:35:19 24998 smtp_setup_msg entered
00:35:19 24998 SMTP<< EHLO VI1PR08MB0976.eurprd08.prod.outlook.com
00:35:19 24998 VI1PR08MB0976.eurprd08.prod.outlook.com in helo_lookup_domains? no (end of list)
…
00:35:19 24998 set_process_info: 24998 handling incoming connection from (VI1PR08MB0976.eurprd08.prod.outlook.com) [40.96.35.133]
00:35:19 24998 host in tls_advertise_hosts? yes (matched "*")
00:35:19 24998 SMTP>> 250-lion.totocom.de Hello VI1PR08MB0976.eurprd08.prod.outlook.com [40.96.35.133]
00:35:19 24998 250-SIZE 68157440
…
00:35:19 24998 250-STARTTLS
00:35:19 24998 250 HELP
00:35:19 24998 SMTP<< STARTTLS
00:35:19 24998 initialising GnuTLS as a server
00:35:19 24998 GnuTLS global init required.
00:35:19 24998 initialising GnuTLS server session
00:35:19 24998 Expanding various TLS configuration options for session credentials.
00:35:19 24998 certificate file = /etc/ssl/certs/mail.totocom.de-bundle.pem
00:35:19 24998 key file = /etc/ssl/private/mail.totocom.de-key.pem
00:35:19 24998 TLS: cert/key registered
00:35:19 24998 TLS: tls_verify_certificates not set or empty, ignoring
00:35:19 24998 Initialising GnuTLS server params.
00:35:19 24998 Loading default hard-coded DH params
00:35:19 24998 Loaded fixed standard D-H parameters
00:35:19 24998 GnuTLS using default session cipher/priority "NORMAL"
00:35:19 24998 host in tls_verify_hosts? no (option unset)
00:35:19 24998 host in tls_try_verify_hosts? no (option unset)
00:35:19 24998 TLS: a client certificate will not be requested.
00:35:19 24998 SMTP>> 220 TLS go ahead
00:35:19 24998 Received TLS SNI "MSExchangeTransport" (unused for certificate selection)
00:35:19 24998 gnutls_handshake was successful
00:35:19 24998 TLS: no certificate from peer ((nil) & 0)
00:35:19 24998 cipher: TLS1.2:RSA_AES_256_CBC_SHA256:256
00:35:19 24998 Have channel bindings cached for possible auth usage.
00:35:19 24998 sender_fullhost = [40.96.35.133]
00:35:19 24998 sender_rcvhost = [40.96.35.133]
00:35:19 24998 set_process_info: 24998 handling incoming TLS connection from [40.96.35.133]
00:35:19 24998 TLS active
00:35:19 24998 Calling gnutls_record_recv(0xb7da8528, 0xb7dadaf8, 4096)
00:35:19 24998 LOG: MAIN
00:35:19 24998   TLS error on connection from [40.96.35.133] (recv): A TLS packet with unexpected length was received.
00:35:19 24998 SMTP>> 421 lion.totocom.de lost input connection
00:35:19 24998 tls_do_write(0xb7d88a18, 43)
00:35:19 24998 gnutls_record_send(SSL, 0xb7d88a18, 43)
00:35:19 24998 outbytes=-10
00:35:19 24998 LOG: MAIN
00:35:19 24998   TLS error on connection from [40.96.35.133] (send): The specified session has been invalidated for some reason.
00:35:19 24998 LOG: smtp_connection MAIN
00:35:19 24998   SMTP connection from [40.96.35.133] lost
00:35:19 24998 search_tidyup called
00:35:19 24960 child 24998 ended: status=0x100
00:35:19 24960   normal exit, 1
00:35:19 24960 0 SMTP accept processes now running
00:35:19 24960 Listening...


    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Exim 4.88(9): failed to read pipe from transport[exim] [SOLVED partially] Problems with inbound connections from outlook.com->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)