Re: [exim] TLS error in incoming emails from *.outlook.com

Top Page
Delete this message
Reply to this message
Author: Andreas Bauer
Date:  
To: exim-users@exim.org
Subject: Re: [exim] TLS error in incoming emails from *.outlook.com
First, thanks to everyone contributing and sorry I did not have time to more deeply troubleshoot the SSL issue.



My previous assesment was wrong: even when exim was compiled with OpenSSL instead of GnuTLS the error did occur, albeit with a different error message. Because it is a production system and I have 12 hour workdays at the moment, my next solution was this:



MAIN_TLS_ADVERTISE_HOSTS = !40.80.0.0/12 : !40.124.0.0/16 : !40.125.0.0/17 : !40.74.0.0/15 : !40.120.0.0/14 : !40.96.0.0/12 : !40.76.0.0/14: !40.112.0.0/13 : *
tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS

It is certainly not nice to exclude a whole network from using TLS, but it did not work anyway.

Now it gets even stranger, after exim stopped advertising TLS the new error message is this:

2018-02-13 01:42:49 SMTP connection from mail-oln040092066105.outbound.protection.outlook.com (EUR01-VE1-obe.outbound.protection.outlook.com) [40.92.66.105] lost while reading message data
2018-02-13 01:43:51 SMTP connection from mail-oln040092070087.outbound.protection.outlook.com (EUR03-AM5-obe.outbound.protection.outlook.com) [40.92.70.87] lost while reading message data
[..]
 Lost while reading message data? Yes, sometimes it appears Microsoft is lost. LOL. But I disgress...

I fired up Wireshark to see what is going over the wire, and this is one of the TCP streams:

    504 540.259940     40.92.67.82           <EXIM4_IP>          TCP      66     45792 → 25 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
    505 540.259967     <EXIM4_IP>          40.92.67.82           TCP      66     25 → 45792 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=128
    506 540.269276     40.92.67.82           <EXIM4_IP>          TCP      60     45792 → 25 [ACK] Seq=1 Ack=1 Win=65536 Len=0
    507 540.551809     <EXIM4_IP>          40.92.67.82           TCP      121    25 → 45792 [PSH, ACK] Seq=1 Ack=1 Win=29312 Len=67
    508 540.560990     40.92.67.82           <EXIM4_IP>          TCP      106    45792 → 25 [PSH, ACK] Seq=1 Ack=68 Win=65536 Len=52
    509 540.561051     <EXIM4_IP>          40.92.67.82           TCP      215    25 → 45792 [PSH, ACK] Seq=68 Ack=53 Win=29312 Len=161
    510 540.603311     40.92.67.82           <EXIM4_IP>          TCP      134    45792 → 25 [PSH, ACK] Seq=53 Ack=229 Win=65280 Len=80
    511 540.646120     <EXIM4_IP>          40.92.67.82           TCP      54     25 → 45792 [ACK] Seq=229 Ack=133 Win=29312 Len=0
    512 540.668212     <EXIM4_IP>          40.92.67.82           TCP      76     25 → 45792 [PSH, ACK] Seq=229 Ack=133 Win=29312 Len=22
    513 540.725995     40.92.67.82           <EXIM4_IP>          TCP      60     45792 → 25 [ACK] Seq=133 Ack=251 Win=65280 Len=0
    514 540.762082     40.92.67.82           <EXIM4_IP>          TCP      60     45792 → 25 [PSH, ACK] Seq=133 Ack=251 Win=65280 Len=6
    515 540.762147     <EXIM4_IP>          40.92.67.82           TCP      54     25 → 45792 [ACK] Seq=251 Ack=139 Win=29312 Len=0
    516 540.762225     <EXIM4_IP>          40.92.67.82           TCP      110    25 → 45792 [PSH, ACK] Seq=251 Ack=139 Win=29312 Len=56
    517 540.819641     40.92.67.82           <EXIM4_IP>          TCP      60     45792 → 25 [ACK] Seq=139 Ack=307 Win=65280 Len=0
    518 540.839177     40.92.67.82           <EXIM4_IP>          TCP      2974   45792 → 25 [ACK] Seq=139 Ack=307 Win=65280 Len=2920
    519 540.839183     40.92.67.82           <EXIM4_IP>          TCP      2974   45792 → 25 [ACK] Seq=3059 Ack=307 Win=65280 Len=2920
    520 540.839198     <EXIM4_IP>          40.92.67.82           TCP      54     25 → 45792 [ACK] Seq=307 Ack=3059 Win=35072 Len=0
    521 540.839205     <EXIM4_IP>          40.92.67.82           TCP      54     25 → 45792 [ACK] Seq=307 Ack=5979 Win=40960 Len=0
    530 541.132235     40.92.67.82           <EXIM4_IP>          TCP      1514   [TCP Spurious Retransmission] 45792 → 25 [ACK] Seq=139 Ack=307 Win=65280 Len=1460
    531 541.132256     <EXIM4_IP>          40.92.67.82           TCP      66     [TCP Dup ACK 521#1] 25 → 45792 [ACK] Seq=307 Ack=5979 Win=40960 Len=0 SLE=139 SRE=1599
    532 541.141807     40.92.67.82           <EXIM4_IP>          TCP      4434   45792 → 25 [ACK] Seq=5979 Ack=307 Win=65280 Len=4380
    533 541.141814     40.92.67.82           <EXIM4_IP>          TCP      2974   45792 → 25 [PSH, ACK] Seq=10359 Ack=307 Win=65280 Len=2920
    534 541.141828     <EXIM4_IP>          40.92.67.82           TCP      54     25 → 45792 [ACK] Seq=307 Ack=10359 Win=49664 Len=0
    535 541.141845     <EXIM4_IP>          40.92.67.82           TCP      54     25 → 45792 [ACK] Seq=307 Ack=13279 Win=55552 Len=0
    536 542.054064     40.92.67.82           <EXIM4_IP>          TCP      1514   [TCP Spurious Retransmission] 45792 → 25 [ACK] Seq=5979 Ack=307 Win=65280 Len=1460
    537 542.054137     <EXIM4_IP>          40.92.67.82           TCP      66     [TCP Dup ACK 535#1] 25 → 45792 [ACK] Seq=307 Ack=13279 Win=55552 Len=0 SLE=5979 SRE=7439
    538 542.063382     40.92.67.82           <EXIM4_IP>          TCP      7354   45792 → 25 [ACK] Seq=13279 Ack=307 Win=65280 Len=7300
    539 542.063419     <EXIM4_IP>          40.92.67.82           TCP      54     25 → 45792 [ACK] Seq=307 Ack=20579 Win=70144 Len=0
    540 544.772896     40.92.67.82           <EXIM4_IP>          TCP      1514   [TCP Spurious Retransmission] 45792 → 25 [ACK] Seq=13279 Ack=307 Win=65280 Len=1460
    541 544.772932     <EXIM4_IP>          40.92.67.82           TCP      66     [TCP Dup ACK 539#1] 25 → 45792 [ACK] Seq=307 Ack=20579 Win=70144 Len=0 SLE=13279 SRE=14739
    542 544.782341     40.92.67.82           <EXIM4_IP>          TCP      1514   45792 → 25 [ACK] Seq=20579 Ack=307 Win=65280 Len=1460
    543 544.782360     <EXIM4_IP>          40.92.67.82           TCP      54     25 → 45792 [ACK] Seq=307 Ack=22039 Win=73088 Len=0
    544 544.782442     40.92.67.82           <EXIM4_IP>          TCP      1514   45792 → 25 [ACK] Seq=22039 Ack=307 Win=65280 Len=1460
    545 544.782447     <EXIM4_IP>          40.92.67.82           TCP      54     25 → 45792 [ACK] Seq=307 Ack=23499 Win=76032 Len=0
    546 544.782493     40.92.67.82           <EXIM4_IP>          TCP      4434   45792 → 25 [PSH, ACK] Seq=23499 Ack=307 Win=65280 Len=4380
    547 544.782495     <EXIM4_IP>          40.92.67.82           TCP      54     25 → 45792 [ACK] Seq=307 Ack=27879 Win=84736 Len=0
    548 552.885956     40.92.67.82           <EXIM4_IP>          TCP      1514   [TCP Spurious Retransmission] 45792 → 25 [ACK] Seq=20579 Ack=307 Win=65280 Len=1460
    549 552.885989     <EXIM4_IP>          40.92.67.82           TCP      66     [TCP Dup ACK 547#1] 25 → 45792 [ACK] Seq=307 Ack=27879 Win=84736 Len=0 SLE=20579 SRE=22039
    550 552.895246     40.92.67.82           <EXIM4_IP>          TCP      4434   45792 → 25 [ACK] Seq=27879 Ack=307 Win=65280 Len=4380
    551 552.895260     40.92.67.82           <EXIM4_IP>          TCP      2974   45792 → 25 [ACK] Seq=32259 Ack=307 Win=65280 Len=2920
    552 552.895287     <EXIM4_IP>          40.92.67.82           TCP      54     25 → 45792 [ACK] Seq=307 Ack=32259 Win=93440 Len=0
    553 552.895302     <EXIM4_IP>          40.92.67.82           TCP      54     25 → 45792 [ACK] Seq=307 Ack=35179 Win=99328 Len=0
    562 577.194304     40.92.67.82           <EXIM4_IP>          TCP      1514   [TCP Spurious Retransmission] 45792 → 25 [ACK] Seq=27879 Ack=307 Win=65280 Len=1460
    563 577.194332     <EXIM4_IP>          40.92.67.82           TCP      66     [TCP Dup ACK 553#1] 25 → 45792 [ACK] Seq=307 Ack=35179 Win=99328 Len=0 SLE=27879 SRE=29339
    564 577.203593     40.92.67.82           <EXIM4_IP>          TCP      7354   45792 → 25 [PSH, ACK] Seq=35179 Ack=307 Win=65280 Len=7300
    565 577.203632     <EXIM4_IP>          40.92.67.82           TCP      54     25 → 45792 [ACK] Seq=307 Ack=42479 Win=113920 Len=0
    637 637.203637     40.92.67.82           <EXIM4_IP>          TCP      1514   [TCP Spurious Retransmission] 45792 → 25 [ACK] Seq=35179 Ack=307 Win=65280 Len=1460
    638 637.203684     <EXIM4_IP>          40.92.67.82           TCP      66     [TCP Dup ACK 565#1] 25 → 45792 [ACK] Seq=307 Ack=42479 Win=113920 Len=0 SLE=35179 SRE=36639
    639 637.213022     40.92.67.82           <EXIM4_IP>          TCP      5894   45792 → 25 [ACK] Seq=42479 Ack=307 Win=65280 Len=5840
    640 637.213028     40.92.67.82           <EXIM4_IP>          TCP      1514   45792 → 25 [PSH, ACK] Seq=48319 Ack=307 Win=65280 Len=1460
    641 637.213044     <EXIM4_IP>          40.92.67.82           TCP      54     25 → 45792 [ACK] Seq=307 Ack=48319 Win=125568 Len=0
    642 637.213053     <EXIM4_IP>          40.92.67.82           TCP      54     25 → 45792 [ACK] Seq=307 Ack=49779 Win=128512 Len=0
    745 697.216708     40.92.67.82           <EXIM4_IP>          TCP      1514   [TCP Spurious Retransmission] 45792 → 25 [ACK] Seq=42479 Ack=307 Win=65280 Len=1460
    746 697.216740     <EXIM4_IP>          40.92.67.82           TCP      66     [TCP Dup ACK 642#1] 25 → 45792 [ACK] Seq=307 Ack=49779 Win=128512 Len=0 SLE=42479 SRE=43939
    747 697.225872     40.92.67.82           <EXIM4_IP>          TCP      1514   45792 → 25 [ACK] Seq=49779 Ack=307 Win=65280 Len=1460
    748 697.225889     40.92.67.82           <EXIM4_IP>          TCP      4434   45792 → 25 [ACK] Seq=51239 Ack=307 Win=65280 Len=4380
    749 697.225900     <EXIM4_IP>          40.92.67.82           TCP      54     25 → 45792 [ACK] Seq=307 Ack=51239 Win=131456 Len=0
    750 697.225910     <EXIM4_IP>          40.92.67.82           TCP      54     25 → 45792 [ACK] Seq=307 Ack=55619 Win=140160 Len=0
    751 697.225925     40.92.67.82           <EXIM4_IP>          TCP      1514   45792 → 25 [ACK] Seq=55619 Ack=307 Win=65280 Len=1460
    752 697.225929     <EXIM4_IP>          40.92.67.82           TCP      54     25 → 45792 [ACK] Seq=307 Ack=57079 Win=143104 Len=0


I have no clue what is happening there. One can see a correct SMTP dialog, and then a message follows with a base64 attachment. Somewhere in that transmission, it just stops. Also interesting, the timeline.


It seems that somehow this Microsoft server is really misconfigured. If the problem was a network issue on my side, why does it only happen with the outlook.com servers?



Hm?



Andreas