Autor: Jeremy Harris Data: A: exim-users Assumpte: Re: [exim] TLS error on connection (gnutls_handshake): timed out
On 26/07/17 13:08, Christian Balzer wrote: > 2017-07-26 17:47:11 1daHyG-0006wE-On <= somebodyredacted.com U=mail P=spam-scanned S=8615 id=PS1PR0302MB2521EA6D93330DC628D6B68A8DB90@???
> 2017-07-26 17:47:12 1daHyG-0006wE-On => redacted@??? <redacted> R=dnslookup T=remote_smtp S=8727 H=mb11.dentaku.gol.com [203.216.5.41] I=[203.216.5.87] C="250 OK id=1daHyK-000PFY-JI"
> 2017-07-26 19:58:42 1daHyG-0006wE-On H=redacted-com.mail.protection.outlook.com [23.103.139.138] TLS error on connection (gnutls_handshake): timed out
> 2017-07-26 19:58:42 1daHyG-0006wE-On TLS session failure: delivering unencrypted to redacted-com.mail.protection.outlook.com [23.103.139.138] (not in hosts_require_tls)
> 2017-07-26 19:58:43 1daHyG-0006wE-On => warmbodyu@??? <redacted> R=dnslookup T=remote_smtp S=8727 H=redacted-com.mail.protection.outlook.com [23.103.139.138] I=[203.216.5.87] C="250 2.6.0 <PS1PR0302MB2521EA6D93330DC628D6B68A8DB90@???> [InternalId=50470160698992, Hostname=KL1PR0301MB2056.apcprd03.prod.outlook.com] 19008 bytes in 0.213, 87.128 KB/sec Queued mail for delivery"
> 2017-07-26 19:58:43 1daHyG-0006wE-On Completed QT=2h11m35s
> ---
>
> 2nd line is an instant local delivery, then should be the forward to the
> outsourced hell domain, but nothing for 2 hours.
Hmm. We'd need a debug trace to be certain. There's an alarm set,
smtp_receive_timeout (default 5 minutes) during the tls-connect;
the only way I can see that not firing is if GnuTLS subverts it
or your config sets it to zero to disable it.
"exim -bP smtp_receive_timeout" would show the latter.
Background questions:
- How often do you run the queue?
- Is the offending IP always the same, and does it always offend?
- What GnuTLS version (from "exim -d-all+tls -bV") ?