Author: Jeremy Harris Date: To: exim-users Subject: Re: [exim] Yahoo again: now receiving with Exim 4.89 and gnutls
On 22/06/17 21:48, Ian Zimmerman wrote: > I had some major changes to my setup due to the stack whale.
The what?
> Now, receiving from a yahoo user (from a mobile device, I think) results
> always in this:
>
> 2017-06-21 22:23:56 SMTP connection from [66.163.186.85]:34461 (TCP/IP connection count = 1)
> 2017-06-21 22:23:59 TLS error on connection from
> sonic318-23.consmr.mail.ne1.yahoo.com [66.163.186.85]:34461 (gnutls_handshake):\
> A TLS fatal alert has been received.
> 2017-06-21 22:23:59 Connection from [66.163.186.85]:33111 refused: too many connections from that IP address
> 2017-06-21 22:24:00 SMTP connection from sonic318-23.consmr.mail.ne1.yahoo.com [66.163.186.85]:34461 closed by EOF
>
> There is always the 2nd simultaneous connection from the same host. I have
>
> smtp_accept_max_per_host = 1
>
> I _think_ that is not relevant, but just in case.
It's relevant to the second connection you logged being refused (note
the port number difference).
We can't tell from that info why the first connection had a problem
except tat it was TLS-related. Consider cipher-list mismatches,
or certificate-verification issues. Run in debug mode and see
if you can get more detailed info (problem is, it's the peer
cancelling the TLS connection; it may be we don't have any
reason at our end). Try using cmdline tools to investigate.
>
> This is exim 4.89 as shipped with debian stretch, and so linked with
> gnutls. Does it seem worthwhile to keep on investigating, or should I
> already build my own exim and link it with openssl?
No certainty of a better outcome; only a different one :-/
--
Cheers,
Jeremy
