[exim] Re: exim don't speak to google any more!

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Viktor Dukhovni via Exim-users
Date:  
À: exim-users
Sujet: [exim] Re: exim don't speak to google any more!
On Mon, Jul 29, 2024 at 03:24:35AM +0000, Thomas Krichel via Exim-users wrote:

> > Exim really should be updated to ignore OpenSSL's truncation detection,
> > I don't recall whether that even already happened and the OP is running
> > an older version?
>
> root@tagol~# exim --version | head -1
> Exim version 4.98 #2 built 11-Jul-2024 05:41:31
>
> root@tagol~# grep -c 'The TLS connection was non-properly terminated' /var/log/exim4/mainlog.1
> 645


Perhaps, in that case, the work-around hasn't yet been adopted.

> I used to think the error may be on my side, because I use a self-signed
> certificate. I am fully aware that I don't know much about certificates.


The warning has nothing to do with certificates, it is purely about
two-sided TLS connection shutdown (or lack thereof). In the case of
SMTP there is no need for TLS to dot the i's and cross the t's at
the end of the connection, because the SMTP protocol takes care of
that. With ESMTP pipelining, the message content is followed by:

    C: .<CRLF>QUIT<CRLF>
    S: 250 ...<CRLF>221 ... <CRLF>
    C: closes connection (optional TLS close_notify)
    S: closes connection (optional TLS close_notify)


either may also send a TLS close_notify alert (TLS shutdown), but need
not wait to receive one from the peer. The server might well close the
connection first (on receipt of "QUIT").

-- 
    Viktor.


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/