Author: Adam D. Barratt Date: To: exim-users Subject: Re: [exim] exim.org still incorrectly configured
On Sat, 2021-10-16 at 18:44 +0200, Heiko Schlittermann via Exim-users
wrote: > Adam D. Barratt via Exim-users <exim-users@???> (Sa 16 Okt 2021
> 17:43:57 CEST):
> > > This hh.schlittermann.de runs the latest Exim, and probaby sends
> > > you
> > > an SNI your server for some reason doesn't accept?
> >
> > FWIW, I've also seen two of these, at 23:53:41UTC yesterday and
> > 11:08:41UTC today. The server in question is running Debian's 4.92-
> > 8+deb10u6 exim4-daemon-heavy package and has "tls_sni" set in the
> > log
> > selector.
> >
> > The log entries for the second failed connection are:
> >
> > 2021-10-16 11:08:40 SMTP connection from [213.128.132.49] (TCP/IP
> > connection count = 1)
> > 2021-10-16 11:08:41 TLS error on connection from
> > hh.schlittermann.de [213.128.132.49] (gnutls_handshake): A
> > disallowed SNI server name has been received.
> > 2021-10-16 11:08:41 SMTP connection from hh.schlittermann.de
> > [213.128.132.49] closed by EOF
> > 2021-10-16 11:08:41 no MAIL in SMTP connection from
> > hh.schlittermann.de [213.128.132.49] D=0s C=EHLO,STARTTLS
> >
> > The same server has received 21 successful connections from
> > hh.schlittermann.de in the past couple of days.
>
> Interesting. Can you tell *what* SNI the server hh sent?
Unfortunately the above appears to be all that's logged.
> That's what the hh server uses as the transport:
> [...] > So, it sends you *your* hostname as an SNI.
That's indeed what I see for successful connections.
I've hopefully enabled TLS debug logging for connections from hh, so
we'll see if that provides any useful information if it happens again.