Re: [exim] TLS with gmail started failing

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Marc MERLIN
Date:  
À: Viktor Dukhovni via Exim-users
CC: Viktor Dukhovni
Sujet: Re: [exim] TLS with gmail started failing
On Fri, Jun 07, 2019 at 01:08:09PM -0400, Viktor Dukhovni via Exim-users wrote:
> The handshake succeeds, but reading the EHLO response fails with
> EGAIN. This suggests that the socket is non-blocking, but in that
> case one would expect the read to be retried. Someone more familiar
> with the code will have to explore that hypothesis further.


While I'm not sure how my older exim4 would be at fault if it worked for
so long and suddenly started failing 2 days ago, given the security
issue with it, I'm working on the upgrade now to see if somehow that
also fixes this issue at the same time.

> In the meantime, have you tried "swaks" to see whether STARTTLS to
> Google works outside of Exim? You can also try OpenSSL's s_client
> as follows:
>
>     $ openssl s_client -state -quiet -no_ign_eof -starttls smtp -connect alt4.gmail-smtp-in.l.google.com:25
>     <type QUIT after you see output (O:) with the tail of the EHLO response>
> O:  250 ...
> O:  SSL_connect:SSL negotiation finished successfully
> O:  SSL_connect:SSL negotiation finished successfully
> O:  SSL_connect:SSLv3/TLS read server session ticket
> I:  QUIT
> O:  221 2.0.0 Bye
> O:  SSL3 alert read:warning:close notify
> O:  SSL3 alert write:warning:close notify

>
> And also with gnutls-cli:
>
>     $ gnutls-cli --crlf --starttls --port 25 smtp.example.net alt4.gmail-smtp-in.l.google.com


Thanks for that suggestion.
That seems to work

magic:~# gnutls-cli --crlf --starttls --port 25 alt4.gmail-smtp-in.l.google.com
Processed 99 CA certificate(s).
Resolving 'alt4.gmail-smtp-in.l.google.com'...
Connecting to '173.194.217.26:25'...

- Simple Client Mode:

220 mx.google.com ESMTP 43si392782uam.102 - gsmtp
EHLO foo.bar
250-mx.google.com at your service, [209.81.13.136]
250-SIZE 157286400
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
quit
221 2.0.0 closing connection 43si392782uam.102 - gsmtp
- Peer has closed the GnuTLS connection

Thanks,
Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/                       | PGP 7F55D5F27AAF9D08