Re: [exim] missing logline, as if the delivery crashed

Pàgina inicial
Delete this message
Reply to this message
Autor: Heiko Schlittermann
Data:  
A: exim-users
Assumptes nous: [exim] ** SOLVED ** Re: missing logline, as if the delivery crashed
Assumpte: Re: [exim] missing logline, as if the delivery crashed
Hi,

Cyborg via Exim-users <exim-users@???> (Mi 02 Jun 2021 08:49:21 CEST):
>
> Exim:      4.94.2   Fedora 33
> Openssl: 1.1.1k-1
>
> Hi,
>
> Problem 1:
>
> since an os upgrade of fedora, where the security policy changed, this
> happens to some connections:
>
> 2021-06-02 07:02:58 1loJ1s-006Qmo-BG <= user@???
> H=nx222.node01.secure-mailgate.com [89.22.108.222] P=esmtps
> X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no K S=19127
> id=504f250e-1b94-40f6-3d26-2011d5f54bca@???
> 2021-06-02 07:02:58 1loJ1s-006Qmo-BG Completed


- What's your log_file_path?
- Can you extract all lines containing the Message-ID?
- An early version of the "taintwarn" patches had issues with lost log
lines (for local deliveries, though), maybe we've a re-incarnation of
this bug?

> You will notice, that the delivery line is missing.


If I remember well, it is the delivery process which is accessing the
log, and this process isn't privileged, it runs as the Exim runtime user.
For writing to the log no extra privilege is needed, but who knows…

> There is no error, no warning, no nothing that explains what happens.


Try adding syslog to your logfile path, if the line you're missing
appears there.

> As i can't reproduce it with any of our other exims as source, how can we
> find out what happened to this mails?
> What log option is to enable to get more infos here?


So you *can* reproduce it on F33 with the Exim package F provides?

> Problem 2:
>
> This may be strong evidence for the policy change: TLS session:
> (SSL_connect): error:141A318A:SSL routines:tls_process_ske_dhe:dh key too
> small


I think, this isn't related to Exim directly, as we do not require
special key sizes in the default configuration. So maybe library
defaults changed?

Again: I'm not an expert at all, so all my assumptions are only this:
assumptions.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -