[exim] exim don't speak to google any more!

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Francois Sauterey
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: [exim] exim don't speak to google any more!
Hi,
My problem: I can no longer receive or send @gmail.com emails.

My Environment :
debian 12, exim 4.96-15+deb12u5, letsencrypt (certbot 2.1.0-4)

-------
Reception:
my correspondents receive the following message:
A temporary problem occurred when your message was delivered to
francois@???.
The reply was :
TLS Negotiation failed: FAILED_PRECONDITION: starttls error (71):
52894573174784:error:10000410:SSL
routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE:third_party/openssl/boringssl/src/ssl/tls_record.
cc:592:SSL alert number 40 ;52894573174784:error:1000009a:SSL
routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO:third_party/openssl/boringssl/src/ssl/handshake.cc:654:


This is beyond my skills on SSL/TLS

---------
Sending : an other problem

if I write to francois.sauterey@???, the message arrives, BUT in
the log, I get the following message:
H=gmail-smtp-in.l.google.com [142.251.16.26] TLS error on connection
(recv): The TLS connection was non-properly terminated.
cmdlog:
'220:EHLO:250-:STARTTLS:220:EHLO:250-:MAIL|:RCPT|:BDAT:QUIT:250:250:250:221'
LOG: MAIN
=> francois.sauterey@??? R=dnslookup T=remote_smtp
H=gmail-smtp-in.l.google.com [142.251.16.26] TFO X=TLS1.
3:ECDHE_X25519__ECDSA_SECP256R1_SHA256__AES_256_GCM:256 CV=yes
DN=“CN=mx.google.com” K C="250 2.0.0 OK
d75a77b69052e-44fe8411539si89330321cf.550 - gsmtp”
LOG: MAIN
Completed

---------
My configuration :
the TLS part of my configuration:
tls_advertise_hosts = *

# autorier startTLS
tls_on_connect_ports = 465
tls_dhparam = none
#tls_dhparam = /etc/exim4/ssl/dhparam.pem
tls_require_ciphers = "SECURE256"

tls_verify_hosts = *
tls_certificate = /etc/letsencrypt/live/i-mel.eu/fullchain.pem
tls_privatekey = /etc/letsencrypt/live/i-mel.eu/privkey.pem
# authoriser une connexion non cryptée
AUTH_SERVER_ALLOW_NOTLS_PASSWORDS = true

tls_verify_certificates = ${if exists{/etc/ssl/certs/ca-certificates.crt}\
{/etc/ssl/certs/ca-certificates.crt}\
{/dev/null}}

Help me please !

Regards,
Francois

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/