Re: [exim] TLS with gmail started failing

Top Page
Delete this message
Reply to this message
Author: Marc MERLIN
Date:  
To: Jeremy Harris, exim-users
Subject: Re: [exim] TLS with gmail started failing
On Fri, Jun 07, 2019 at 10:26:50AM -0700, Marc MERLIN via Exim-users wrote:
> On Fri, Jun 07, 2019 at 10:09:40AM -0700, Marc MERLIN via Exim-users wrote:
> > Sorry, I totally failed to give a required bit of info, which exim I have.
> > debian exim4 4.87-3+b1
>
> And yes, I did also read that I should upgrade for security reasons.
> Working on that ATM.


Mmmh, not what I expected quite, but upgrading exim4 seems to have fixed
the issue. Relevant updates:
Unpacking libnet-ssleay-perl (1.85-2+b1) over (1.77-1+b1) ...
Unpacking libssl1.1:i386 (1.1.1b-2) over (1.1.0f-4) ...
Unpacking libgnutls30:i386 (3.6.7-3) over (3.6.6-2) ...
Unpacking libgnutls-dane0:i386 (3.6.7-3) ...
Unpacking libsasl2-modules-db:i386 (2.1.27+dfsg-1) ...
Unpacking libsasl2-2:i386 (2.1.27+dfsg-1) over (2.1.25.dfsg1-2) ...
Unpacking exim4-daemon-heavy (4.92-7) over (4.87-3+b1) ...

And now things work again.
It's as if gmail detected that I had a vulnerable version of exim and just
started rejecting Email from it (good) but without a useful message as to why (bad).

That said, I could be totally off base, and it could be a totally different issue
that unexplainably started a few days ago and got fixed by an exim upgrade.

Connecting to gmail-smtp-in.l.google.com [74.125.199.27]:25 ... connected
SMTP<< 220 mx.google.com ESMTP 25si2556555pgw.171 - gsmtp
SMTP>> EHLO mail1.merlins.org

  SMTP<< 250-mx.google.com at your service, [209.81.13.136]
         250-SIZE 157286400
         250-8BITMIME
         250-STARTTLS
         250-ENHANCEDSTATUSCODES
         250-PIPELINING
         250-CHUNKING
         250 SMTPUTF8

SMTP>> STARTTLS

SMTP<< 220 2.0.0 Ready to start TLS
SMTP>> EHLO mail1.merlins.org

  SMTP<< 250-mx.google.com at your service, [209.81.13.136]
         250-SIZE 157286400
         250-8BITMIME
         250-ENHANCEDSTATUSCODES
         250-PIPELINING
         250-CHUNKING
         250 SMTPUTF8

SMTP>> MAIL FROM:<root@???> SIZE=1552
SMTP>> RCPT TO:<merlin@???>

         will write message using CHUNKING

SMTP>> BDAT 437 LAST

SMTP<< 250 2.1.0 OK 25si2556555pgw.171 - gsmtp
SMTP<< 250 2.1.5 OK 25si2556555pgw.171 - gsmtp
SMTP<< 250 2.0.0 OK 25si2556555pgw.171 - gsmtp
SMTP>> QUIT

SMTP(close)>>
LOG: MAIN
=> merlin@??? F=<root@???> R=dnslookup T=remote_smtp S=437 H=gmail-smtp-in.l.google.com [74.125.199.27] I=[209.81.13.136] X=TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=no DN="C=US,ST=California,L=Mountain View,O=Google LLC,CN=mx.google.com" K C="250 2.0.0 OK 25si2556555pgw.171 - gsmtp"


Thanks for the help and answers.
Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/