[exim] missing logline, as if the delivery crashed

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Cyborg
Datum:  
To: exim-users
Betreff: [exim] missing logline, as if the delivery crashed

Exim:      4.94.2   Fedora 33
Openssl: 1.1.1k-1

Hi,

Problem 1:

since an os upgrade of fedora, where the security policy changed, this
happens to some connections:

2021-06-02 07:02:58 1loJ1s-006Qmo-BG <= user@???
H=nx222.node01.secure-mailgate.com [89.22.108.222] P=esmtps
X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no K S=19127
id=504f250e-1b94-40f6-3d26-2011d5f54bca@???
2021-06-02 07:02:58 1loJ1s-006Qmo-BG Completed

You will notice, that the delivery line is missing.

There is no error, no warning, no nothing that explains what happens.

As this server has run this exact exim version of fedora 33 packages due
to 21Nails before the os update without such problems, those packages
actually did not not update at all, I think,  the os security policy of
fedora 33 is causing this, but i can't profe it.

As i can't reproduce it with any of our other exims as source, how can
we find out what happened to this mails?
What log option is to enable to get more infos here?

Problem 2:

This may be strong evidence for the policy change: TLS session:
(SSL_connect): error:141A318A:SSL routines:tls_process_ske_dhe:dh key
too small

It also happens since the os upgrade. It is an indicator, that the
remote smtp server does not have it's setup straight ( dh key size = 0
according to debian).

I checked it by lowering the policy back to Fedora 32 and now the server
can send mails to the before erroring servers again.