Howdy,
I have my personal Email (merlins.org) forwarded to gmail (merlin@???) and
have had that for over 10 years for an IP that never changed (209.81.13.136)
Starting a few days ago all my Emails got rejected by gmail, with "TLS error on
connection (recv): Resource temporarily unavailable, try again."
I've been using exim4 forever, I'm reasonably sure nothing changed on my
side in the last 2-3 days that this started happening.
Any idea what this could be, and whether the problem could be on my side?
I temporarily fixed it with 'hostsavoidtls=*' which indeed turned off
TLS and allowed Email to flow again.
Is my cipher list unsuitable? cipher: TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256
Details:
Connecting to alt1.gmail-smtp-in.l.google.com [2607:f8b0:4001:c15::1a]:25 ... failed: Network is unreachable
LOG: MAIN
H=alt1.gmail-smtp-in.l.google.com [2607:f8b0:4001:c15::1a] Network is unreachable
Connecting to alt1.gmail-smtp-in.l.google.com [74.125.129.27]:25 ... connected
SMTP<< 220 mx.google.com ESMTP e22si2221532iog.49 - gsmtp
SMTP>> EHLO mail1.merlins.org
SMTP<< 250-mx.google.com at your service, [209.81.13.136]
250-SIZE 157286400
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
SMTP>> STARTTLS
SMTP<< 220 2.0.0 Ready to start TLS
SMTP>> EHLO mail1.merlins.org
LOG: MAIN
H=alt1.gmail-smtp-in.l.google.com [74.125.129.27] TLS error on connection (recv): Resource temporarily unavailable, try again.
LOG: MAIN
H=alt1.gmail-smtp-in.l.google.com [74.125.129.27]: Remote host closed connection in response to EHLO mail1.merlins.org
With more debug logs enabled, I see
14:32:02 5341 74.125.141.26 in hosts_avoid_tls? no (end of list)
14:32:02 5341 SMTP>> STARTTLS
14:32:02 5341 read response data: size=30
14:32:02 5341 SMTP<< 220 2.0.0 Ready to start TLS
14:32:02 5341 74.125.141.26 in hosts_require_ocsp? no (option unset)
14:32:02 5341 74.125.141.26 in hosts_request_ocsp? yes (matched "*")
14:32:02 5341 initialising GnuTLS as a client on fd 9
14:32:02 5341 GnuTLS global init required.
14:32:02 5341 initialising GnuTLS client session
14:32:02 5341 Expanding various TLS configuration options for session credentials.
14:32:02 5341 TLS: no client certificate specified; okay
14:32:02 5341 Added 99 certificate authorities.
14:32:02 5341 GnuTLS using default session cipher/priority "NORMAL"
14:32:02 5341 Setting D-H prime minimum acceptable bits to 1024
14:32:02 5341 74.125.141.26 in tls_verify_hosts? no (option unset)
14:32:02 5341 74.125.141.26 in tls_try_verify_hosts? yes (matched "*")
14:32:02 5341 74.125.141.26 in tls_verify_cert_hostnames? yes (matched "*")
14:32:02 5341 TLS: server cert verification includes hostname: "alt4.gmail-smtp-in.l.google.com".
14:32:02 5341 TLS: server certificate verification optional.
14:32:02 5341 TLS: will request OCSP stapling
14:32:02 5341 about to gnutls_handshake
14:32:03 5341 gnutls_handshake was successful
14:32:03 5341 TLS certificate verification failed (certificate invalid): peerdn="C=US,ST=California,L=Mountain View,O=Google LLC,CN=mx.google.com"
14:32:03 5341 TLS verify failure overridden (host in tls_try_verify_hosts)
14:32:03 5341 cipher: TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256
14:32:03 5341 Have channel bindings cached for possible auth usage.
14:32:03 5341 SMTP>> EHLO mail1.merlins.org
14:32:03 5341 tls_do_write(0xbfd5f57c, 24)
14:32:03 5341 gnutls_record_send(SSL, 0xbfd5f57c, 24)
14:32:03 5341 outbytes=24
14:32:03 5341 Calling gnutls_record_recv(0xb830fa40, 0xbfd5e57c, 4096)
14:32:03 5341 LOG: MAIN
14:32:03 5341 H=alt4.gmail-smtp-in.l.google.com [74.125.141.26] TLS error on connection (recv): Resource temporarily unavailable, try again.
14:32:03 5341 ok=0 send_quit=0 send_rset=1 continue_more=0 yield=1 first_address is not NULL
14:32:03 5341 tls_close(): shutting down TLS
14:32:03 5341 LOG: MAIN
14:32:03 5341 H=alt4.gmail-smtp-in.l.google.com [74.125.141.26]: Remote host closed connection in response to EHLO mail1.merlins.org
I do see the verification failure, but it shouldn't matter due to "TLS
verify failure overridden (host in tls_try_verify_hosts)"
Thanks,
Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | PGP 7F55D5F27AAF9D08