[exim] Re: exim don't speak to google any more!

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Andrew C Aitchison
Date:  
À: Bernard Quatermass
Sujet: [exim] Re: exim don't speak to google any more!
On Mon, 29 Jul 2024, Bernard Quatermass via Exim-users wrote:

> On 29/07/2024 03:18, Viktor Dukhovni via Exim-users wrote:
>> On Sun, Jul 28, 2024 at 05:56:33PM +0100, Jeremy Harris via Exim-users
>> wrote:
>>
>>>> BUT in the log, I get the following message:
>>>>
>>>>    H=gmail-smtp-in.l.google.com [142.251.16.26] TLS error on
>>>>    connection (recv): The TLS connection was non-properly terminated.

>>>
>>> Google is violating standards, according to the OpenSSL library.
>>
>> No, rather the Google MTA is not wasting valuable resources doing
>> unnecessary TLS-layer framing to avoid truncation attacks that
>> don't apply to SMTP, which does application-layer framing.

     ...

> Given this early disconnect is a strict violation of the TLS standard it is
> not difficult to conclude where the problem is.
>
>> Exim really should be updated to ignore OpenSSL's truncation detection,


*If* I extended the config to allow admins to set the OpenSSL option
SSL_OP_IGNORE_UNEXPECTED_EOF (and an equivalent gnutls option if I can
find one) which ignores this detection, would you accept it into the
exim code base ?

I realise that giving admins more options to fiddle gives them more
rope to hang themselves, so this would be a build-time option.

I also understand that the only real issue is that a warning is
logged, but some people hate warnings they cannot fix.

-- 
Andrew C. Aitchison                      Kendal, UK
                    andrew@???


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/