Autor: Andreas BauerData: 2018-02-13 01:19 UTC A: exim-users@exim.orgAssumpte: Re: [exim] TLS error in incoming emails from *.outlook.com
First, thanks to everyone contributing and sorry I did not have time to more deeply troubleshoot the SSL issue.
My previous assesment was wrong: even when exim was compiled with OpenSSL instead of GnuTLS the error did occur, albeit with a different error message. Because it is a production system and I have 12 hour workdays at the moment, my next solution was this:
MAIN_TLS_ADVERTISE_HOSTS = !40.80.0.0/12 : !40.124.0.0/16 : !40.125.0.0/17 : !40.74.0.0/15 : !40.120.0.0/14 : !40.96.0.0/12 : !40.76.0.0/14: !40.112.0.0/13 : *
tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS
It is certainly not nice to exclude a whole network from using TLS, but it did not work anyway.
Now it gets even stranger, after exim stopped advertising TLS the new error message is this:
2018-02-13 01:42:49 SMTP connection from mail-oln040092066105.outbound.protection.outlook.com (EUR01-VE1-obe.outbound.protection.outlook.com) [40.92.66.105] lost while reading message data
2018-02-13 01:43:51 SMTP connection from mail-oln040092070087.outbound.protection.outlook.com (EUR03-AM5-obe.outbound.protection.outlook.com) [40.92.70.87] lost while reading message data
[..]
Lost while reading message data? Yes, sometimes it appears Microsoft is lost. LOL. But I disgress...
I fired up Wireshark to see what is going over the wire, and this is one of the TCP streams:
504 540.259940 40.92.67.82 <EXIM4_IP> TCP 66 45792 → 25 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
505 540.259967 <EXIM4_IP> 40.92.67.82 TCP 66 25 → 45792 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=128
506 540.269276 40.92.67.82 <EXIM4_IP> TCP 60 45792 → 25 [ACK] Seq=1 Ack=1 Win=65536 Len=0
507 540.551809 <EXIM4_IP> 40.92.67.82 TCP 121 25 → 45792 [PSH, ACK] Seq=1 Ack=1 Win=29312 Len=67
508 540.560990 40.92.67.82 <EXIM4_IP> TCP 106 45792 → 25 [PSH, ACK] Seq=1 Ack=68 Win=65536 Len=52
509 540.561051 <EXIM4_IP> 40.92.67.82 TCP 215 25 → 45792 [PSH, ACK] Seq=68 Ack=53 Win=29312 Len=161
510 540.603311 40.92.67.82 <EXIM4_IP> TCP 134 45792 → 25 [PSH, ACK] Seq=53 Ack=229 Win=65280 Len=80
511 540.646120 <EXIM4_IP> 40.92.67.82 TCP 54 25 → 45792 [ACK] Seq=229 Ack=133 Win=29312 Len=0
512 540.668212 <EXIM4_IP> 40.92.67.82 TCP 76 25 → 45792 [PSH, ACK] Seq=229 Ack=133 Win=29312 Len=22
513 540.725995 40.92.67.82 <EXIM4_IP> TCP 60 45792 → 25 [ACK] Seq=133 Ack=251 Win=65280 Len=0
514 540.762082 40.92.67.82 <EXIM4_IP> TCP 60 45792 → 25 [PSH, ACK] Seq=133 Ack=251 Win=65280 Len=6
515 540.762147 <EXIM4_IP> 40.92.67.82 TCP 54 25 → 45792 [ACK] Seq=251 Ack=139 Win=29312 Len=0
516 540.762225 <EXIM4_IP> 40.92.67.82 TCP 110 25 → 45792 [PSH, ACK] Seq=251 Ack=139 Win=29312 Len=56
517 540.819641 40.92.67.82 <EXIM4_IP> TCP 60 45792 → 25 [ACK] Seq=139 Ack=307 Win=65280 Len=0
518 540.839177 40.92.67.82 <EXIM4_IP> TCP 2974 45792 → 25 [ACK] Seq=139 Ack=307 Win=65280 Len=2920
519 540.839183 40.92.67.82 <EXIM4_IP> TCP 2974 45792 → 25 [ACK] Seq=3059 Ack=307 Win=65280 Len=2920
520 540.839198 <EXIM4_IP> 40.92.67.82 TCP 54 25 → 45792 [ACK] Seq=307 Ack=3059 Win=35072 Len=0
521 540.839205 <EXIM4_IP> 40.92.67.82 TCP 54 25 → 45792 [ACK] Seq=307 Ack=5979 Win=40960 Len=0
530 541.132235 40.92.67.82 <EXIM4_IP> TCP 1514 [TCP Spurious Retransmission] 45792 → 25 [ACK] Seq=139 Ack=307 Win=65280 Len=1460
531 541.132256 <EXIM4_IP> 40.92.67.82 TCP 66 [TCP Dup ACK 521#1] 25 → 45792 [ACK] Seq=307 Ack=5979 Win=40960 Len=0 SLE=139 SRE=1599
532 541.141807 40.92.67.82 <EXIM4_IP> TCP 4434 45792 → 25 [ACK] Seq=5979 Ack=307 Win=65280 Len=4380
533 541.141814 40.92.67.82 <EXIM4_IP> TCP 2974 45792 → 25 [PSH, ACK] Seq=10359 Ack=307 Win=65280 Len=2920
534 541.141828 <EXIM4_IP> 40.92.67.82 TCP 54 25 → 45792 [ACK] Seq=307 Ack=10359 Win=49664 Len=0
535 541.141845 <EXIM4_IP> 40.92.67.82 TCP 54 25 → 45792 [ACK] Seq=307 Ack=13279 Win=55552 Len=0
536 542.054064 40.92.67.82 <EXIM4_IP> TCP 1514 [TCP Spurious Retransmission] 45792 → 25 [ACK] Seq=5979 Ack=307 Win=65280 Len=1460
537 542.054137 <EXIM4_IP> 40.92.67.82 TCP 66 [TCP Dup ACK 535#1] 25 → 45792 [ACK] Seq=307 Ack=13279 Win=55552 Len=0 SLE=5979 SRE=7439
538 542.063382 40.92.67.82 <EXIM4_IP> TCP 7354 45792 → 25 [ACK] Seq=13279 Ack=307 Win=65280 Len=7300
539 542.063419 <EXIM4_IP> 40.92.67.82 TCP 54 25 → 45792 [ACK] Seq=307 Ack=20579 Win=70144 Len=0
540 544.772896 40.92.67.82 <EXIM4_IP> TCP 1514 [TCP Spurious Retransmission] 45792 → 25 [ACK] Seq=13279 Ack=307 Win=65280 Len=1460
541 544.772932 <EXIM4_IP> 40.92.67.82 TCP 66 [TCP Dup ACK 539#1] 25 → 45792 [ACK] Seq=307 Ack=20579 Win=70144 Len=0 SLE=13279 SRE=14739
542 544.782341 40.92.67.82 <EXIM4_IP> TCP 1514 45792 → 25 [ACK] Seq=20579 Ack=307 Win=65280 Len=1460
543 544.782360 <EXIM4_IP> 40.92.67.82 TCP 54 25 → 45792 [ACK] Seq=307 Ack=22039 Win=73088 Len=0
544 544.782442 40.92.67.82 <EXIM4_IP> TCP 1514 45792 → 25 [ACK] Seq=22039 Ack=307 Win=65280 Len=1460
545 544.782447 <EXIM4_IP> 40.92.67.82 TCP 54 25 → 45792 [ACK] Seq=307 Ack=23499 Win=76032 Len=0
546 544.782493 40.92.67.82 <EXIM4_IP> TCP 4434 45792 → 25 [PSH, ACK] Seq=23499 Ack=307 Win=65280 Len=4380
547 544.782495 <EXIM4_IP> 40.92.67.82 TCP 54 25 → 45792 [ACK] Seq=307 Ack=27879 Win=84736 Len=0
548 552.885956 40.92.67.82 <EXIM4_IP> TCP 1514 [TCP Spurious Retransmission] 45792 → 25 [ACK] Seq=20579 Ack=307 Win=65280 Len=1460
549 552.885989 <EXIM4_IP> 40.92.67.82 TCP 66 [TCP Dup ACK 547#1] 25 → 45792 [ACK] Seq=307 Ack=27879 Win=84736 Len=0 SLE=20579 SRE=22039
550 552.895246 40.92.67.82 <EXIM4_IP> TCP 4434 45792 → 25 [ACK] Seq=27879 Ack=307 Win=65280 Len=4380
551 552.895260 40.92.67.82 <EXIM4_IP> TCP 2974 45792 → 25 [ACK] Seq=32259 Ack=307 Win=65280 Len=2920
552 552.895287 <EXIM4_IP> 40.92.67.82 TCP 54 25 → 45792 [ACK] Seq=307 Ack=32259 Win=93440 Len=0
553 552.895302 <EXIM4_IP> 40.92.67.82 TCP 54 25 → 45792 [ACK] Seq=307 Ack=35179 Win=99328 Len=0
562 577.194304 40.92.67.82 <EXIM4_IP> TCP 1514 [TCP Spurious Retransmission] 45792 → 25 [ACK] Seq=27879 Ack=307 Win=65280 Len=1460
563 577.194332 <EXIM4_IP> 40.92.67.82 TCP 66 [TCP Dup ACK 553#1] 25 → 45792 [ACK] Seq=307 Ack=35179 Win=99328 Len=0 SLE=27879 SRE=29339
564 577.203593 40.92.67.82 <EXIM4_IP> TCP 7354 45792 → 25 [PSH, ACK] Seq=35179 Ack=307 Win=65280 Len=7300
565 577.203632 <EXIM4_IP> 40.92.67.82 TCP 54 25 → 45792 [ACK] Seq=307 Ack=42479 Win=113920 Len=0
637 637.203637 40.92.67.82 <EXIM4_IP> TCP 1514 [TCP Spurious Retransmission] 45792 → 25 [ACK] Seq=35179 Ack=307 Win=65280 Len=1460
638 637.203684 <EXIM4_IP> 40.92.67.82 TCP 66 [TCP Dup ACK 565#1] 25 → 45792 [ACK] Seq=307 Ack=42479 Win=113920 Len=0 SLE=35179 SRE=36639
639 637.213022 40.92.67.82 <EXIM4_IP> TCP 5894 45792 → 25 [ACK] Seq=42479 Ack=307 Win=65280 Len=5840
640 637.213028 40.92.67.82 <EXIM4_IP> TCP 1514 45792 → 25 [PSH, ACK] Seq=48319 Ack=307 Win=65280 Len=1460
641 637.213044 <EXIM4_IP> 40.92.67.82 TCP 54 25 → 45792 [ACK] Seq=307 Ack=48319 Win=125568 Len=0
642 637.213053 <EXIM4_IP> 40.92.67.82 TCP 54 25 → 45792 [ACK] Seq=307 Ack=49779 Win=128512 Len=0
745 697.216708 40.92.67.82 <EXIM4_IP> TCP 1514 [TCP Spurious Retransmission] 45792 → 25 [ACK] Seq=42479 Ack=307 Win=65280 Len=1460
746 697.216740 <EXIM4_IP> 40.92.67.82 TCP 66 [TCP Dup ACK 642#1] 25 → 45792 [ACK] Seq=307 Ack=49779 Win=128512 Len=0 SLE=42479 SRE=43939
747 697.225872 40.92.67.82 <EXIM4_IP> TCP 1514 45792 → 25 [ACK] Seq=49779 Ack=307 Win=65280 Len=1460
748 697.225889 40.92.67.82 <EXIM4_IP> TCP 4434 45792 → 25 [ACK] Seq=51239 Ack=307 Win=65280 Len=4380
749 697.225900 <EXIM4_IP> 40.92.67.82 TCP 54 25 → 45792 [ACK] Seq=307 Ack=51239 Win=131456 Len=0
750 697.225910 <EXIM4_IP> 40.92.67.82 TCP 54 25 → 45792 [ACK] Seq=307 Ack=55619 Win=140160 Len=0
751 697.225925 40.92.67.82 <EXIM4_IP> TCP 1514 45792 → 25 [ACK] Seq=55619 Ack=307 Win=65280 Len=1460
752 697.225929 <EXIM4_IP> 40.92.67.82 TCP 54 25 → 45792 [ACK] Seq=307 Ack=57079 Win=143104 Len=0
I have no clue what is happening there. One can see a correct SMTP dialog, and then a message follows with a base64 attachment. Somewhere in that transmission, it just stops. Also interesting, the timeline.
It seems that somehow this Microsoft server is really misconfigured. If the problem was a network issue on my side, why does it only happen with the outlook.com servers?
Hm?
Andreas