[exim] Re: exim don't speak to google any more!

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Jan Ingvoldstad
Data:  
Para: exim-users, Viktor Dukhovni
Asunto: [exim] Re: exim don't speak to google any more!
First, I would like to say that I appreciate Viktor's contributions here.
Comparisons with and information about how Postfix handles various issues
are, IMNSHO, highly relevant.

On Tue, Jul 30, 2024 at 2:38 PM Viktor Dukhovni via Exim-users <
exim-users@???> wrote:

>
>
> FWIW, my take is that SSL_OP_IGNORE_UNEXPECTED_EOF makes most sense
> as unconditional behaviour. Just supress the overly pedantic (for SMTP)
> error reporting that was added in OpenSSL 3.0, restoring the quieter
> reasonably (again for SMTP) behaviour of OpenSSL 1.x.
>
> If there is similar TLS truncation detection to silence in GnuTLS, feel
> free to apply similar logic, and I'd again recommend making it silent
> unconditionally, no need for build variants.



I tend to agree.

I'm managing a submission Exim server (4.95 on Ubuntu, GnuTLS 3.7.3) with
some traffic, and I have just had a quick look at errors with the text "The
TLS connection was non-properly terminated".

Outgoing connections are 39% of the errors, of which Google generate less
than one third (12% of the total failing connections).

In other words, the vast majority of such errors come from client
connections, and Google. On the other hand, Google's share is
disproportionately large, as they only receive 14% of the messages.

As far as I can tell 36% of all TLS connections generate such errors.
--
Jan

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/