[exim] TLS problems with 4.95 under arch linux

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Torsten Luettgert
Fecha:  
A: exim-users
Asunto: [exim] TLS problems with 4.95 under arch linux
Dear all,

when trying to update to exim 4.95 (self compiled), I'm getting errors
when connecting with TLS.

My MUA (evolution) cries "TLS connection closed unexpectedly",
and the exim process prints "free(): invalid pointer".

The mainlog only contains something like

2021-10-05 13:35:17.930 [482186] SMTP connection from
[78.55.104.185]:55590 I=[172.31.1.100]:26 (TCP/IP connection count = 1)

It does not matter if I use STARTTLS on a previously-unencrypted
connection or SMTPS on a dedicated TLS port.

Once (cannot reproduce it now) I got this message:

2021-10-01 15:06:16 TLS error on connection from dynamic-089-014-180-
255.89.14.pool.telefonica.de (zehause) [89.14.180.255] (SSL_accept):
NULL (TLSv1.3)

Anyone got an idea what could be wrong?

Regards,
Torsten

P.S.: more information:

exim -bV
========
Exim version 4.95 #2 built 05-Oct-2021 11:29:46
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007
- 2020
Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013)
Support for: crypteq iconv() IPv6 PAM OpenSSL TLS_resume DANE DKIM
DNSSEC Event I18N OCSP PIPE_CONNECT PRDR Experimental_Queue_Ramp SPF
TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm
dbmjz dbmnz dnsdb dsearch
Authenticators: cram_md5 plaintext spa tls
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir autoreply pipe smtp
Fixed never_users: 0:1:2
Configure owner: 0:0
Size of off_t: 8
Configuration file is /etc/exim/exim.conf

System
======
Arch linux with all updates till 2021-10-05
openssl = 1.1.1.l
glibc = 2.33

exim config (relevant parts)
============================
exim_user = 0
tls_advertise_hosts = *
tls_certificate, tls_privatekey, tls_dhparam are set
tls_remember_esmtp = true
tls_require_ciphers = ${if =={$received_port}{25} {DEFAULT}
{HIGH:!MD5:!SHA1:!SHA2}}
openssl_options = +all +no_sslv2 +no_sslv3 +no_compression
+cipher_server_preference

Local/EDITME
============
USE_OPENSSL=yes
USE_OPENSSL_PC=openssl

pkgconf
=======
libs: -lssl -lcrypto
cflags: (none)