Monday my exim4 server began reporting errors trying to deliver email to a number of sites, as follows:
2012-03-07 09:04:42 1S5JM2-0001iQ-Rz <= [email protected] U=pfeiffer P=local S=398 2012-03-07 09:04:44 1S5JM2-0001iQ-Rz TLS error on connection to creepinglunacy.com [199.85.212.11] (recv): A TLS packet with unexpected length was received. 2012-03-07 09:04:44 1S5JM2-0001iQ-Rz TLS error on connection to creepinglunacy.com [199.85.212.11] (send): The specified session has been invalidated for some reason. 2012-03-07 09:04:44 1S5JM2-0001iQ-Rz ** [email protected] R=dnslookup T=remote_smtp: SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=1432: host creepinglunacy.com [199.85.212.11]: 550 Access denied - Invalid HELO name (See RFC2821 4.1.1.1) 2012-03-07 09:04:45 1S5JM5-0001iV-0U <= <> R=1S5JM2-0001iQ-Rz U=Debian-exim P=local S=1392 2012-03-07 09:04:45 1S5JM2-0001iQ-Rz Completed 2012-03-07 09:05:37 1S5JM5-0001iV-0U => pfeiffer <[email protected]> R=procmail T=procmail_pipe 2012-03-07 09:05:37 1S5JM5-0001iV-0U Completed I don't believe this is happening with every TLS-enabled server I try to send email to, since I also have entries like: 2012-03-07 08:00:04 1S5ILU-0000Xu-3Q <= [email protected] H=localhost (babs.wb.pfeifferfamily.net) [127.0.0.1] P=esmtp S=1355 [email protected] 2012-03-07 08:00:06 1S5ILU-0000Xu-3Q => [email protected] R=dnslookup T=remote_smtp H=mx.lcctnm.org [66.96.142.50] X=TLS1.0:RSA_AES_256_CBC_SHA1:32 DN="C=US,O=RTFM\, Inc.,OU=Widgets Division,CN=localhost" 2012-03-07 08:00:06 1S5ILU-0000Xu-3Q Completed (I'm assuming the X=TLS etc in the second line of this example means TLS is being used on this connection) Other people are successfully sending email to several of the sites giving me trouble. I've tried: Updating the various exim4 and libgnutils related packages to the newest versions in the testing repository (of course) Backing off to the oldest exim4 and libgnutils versions I could find Backing off my ca-certificates package to the oldest one in the repositories (which seems to date to 2009), since I found a couple of old bugs related to too many entries in ca-certificates. Installing rng-utils using /dev/urandom as an entropy source, since I came across one thread suggesting insufficient entropy could be the cause (when it didn't make any difference, I took it out again). Switching from exim4-daemon-light (which I'd been using before) to exim4-daemon-heavy. None of this seems to have made the slightest difference. Does anybody have any other suggestions for something to try? -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
