[exim-dev] [Bug 2104] New: TLS wrong version number on conne…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2104] New: TLS wrong version number on connection reuse
https://bugs.exim.org/show_bug.cgi?id=2104

            Bug ID: 2104
           Summary: TLS wrong version number on connection reuse
           Product: Exim
           Version: 4.89
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: TLS
          Assignee: jgh146exb@???
          Reporter: wbreyha@???
                CC: exim-dev@???


I have one central relay for external delivery. If my other hosts try to send
their mail to this relay they often reuse connections to send multiple mails.

Recently I recognized that at least since 4.89 (CHUNKING is active and used) I
often see these errors:
Apr 22 18:39:28 grace exim[16765]: TLS error (SSL_read): error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number

One of these full session show eg.:
Apr 22 18:38:59 grace exim[16424]: 1d1y3l-0004Gu-Nw <=
xxxxxxxxxletter-bounces@??? H=joan.univie.ac.at
(joan.univie.ac.at) [131.130.3.110] P=esmtps
X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no K S=4590696 M8S=0
id=mailman.8140.1492866787.996.xxxxxxxxxletter@???
Apr 22 18:39:03 grace exim[16424]: 1d1y3r-0004Gu-2w <=
xxxxxxxxxletter-bounces@??? H=joan.univie.ac.at
(joan.univie.ac.at) [131.130.3.110] P=esmtps
X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no K S=4590691 M8S=0
id=mailman.8140.1492866787.996.xxxxxxxxxletter@???
Apr 22 18:39:03 grace exim[16424]: TLS error (SSL_read): error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number

I checked several and almost all error out after the second message like above.
Some error out after the third.

I ran one delivery on the source with "exim -d -M .....". The essential part
....
.....
already connected to zidrelay.univie.ac.at [131.130.3.115]
.....
zidrelay.univie.ac.at [131.130.3.115] status = usable
delivering xxxxxx-0002lM-xx to zidrelay.univie.ac.at [131.130.3.115]
(xxxxxx@???)
set_process_info: 4219 delivering ...
131.130.3.115 in hosts_require_dane? no (option unset)
131.130.3.115 in hosts_avoid_tls? no (option unset)
SMTP>> STARTTLS

cmd buf flush 10 bytes
read response data: size=31
read response data: size=75
SMTP(closed)<<
SMTP(close)>>
LOG: MAIN
H=zidrelay.univie.ac.at [131.130.3.115]: Remote host closed connection in
response to STARTTLS

Any idea what's going wrong here? Exim is built with OpenSSL 1.0.2j.

This situation gets worse as more mail accumulate in the sources queues since
more reuse attempts are done and retry database fills with failed attempts.

It seems that especially emails with many recipients (>20) trigger this.
eg.: many recipients with our local domain which have forwards. This triggers
multiple transmissions to my relay here since I set a "X-Resent-For"-header.
And I have a feeling that maybe size matters as well, since I had no troubles
until today with a 4.5MB newsletter *sigh*.

I can provide full debug output as well, but would prefer not to put it here in
bugzilla.

--
You are receiving this mail because:
You are on the CC list for the bug.