Re: [exim-dev] [Bug 2594] New: CNAME handing can break TLS certificate verification

Mon, 08 Jun 2020 07:30:21 -0700 


On Mon, 8 Jun 2020, admin--- via Exim-dev wrote:


https://bugs.exim.org/show_bug.cgi?id=2594

           Bug ID: 2594
          Summary: CNAME handing can break TLS certificate verification



        Component: TLS
         Assignee: [email protected]
         Reporter: [email protected]
               CC: [email protected]

                ...             ...             ...

Here is the smtp transport debug output:

smarthost_smtp transport entered
 [email protected]
hostlist:
 'mail.edesix.local' IP 192.168.1.6 port -1
checking status of mail.edesix.local
locking /var/spool/exim/db/retry.lockfile
locked  /var/spool/exim/db/retry.lockfile
EXIM_DBOPEN: file </var/spool/exim/db/retry> dir </var/spool/exim/db>
flags=O_RDONLY
returned from EXIM_DBOPEN: 0x5635b371d370
opened hints database /var/spool/exim/db/retry: flags=O_RDONLY
dbfn_read: key=T:mail.edesix.local:192.168.1.6
dbfn_read: key=T:mail.edesix.local:192.168.1.6:1jiFk5-0006UE-9S
EXIM_DBCLOSE(0x5635b371d370)
closed hints database and lockfile
no message retry record
mail.edesix.local [192.168.1.6] retry-status = usable
192.168.1.6 in serialize_hosts? no (option unset)
delivering 1jiFk5-0006UE-9S to mail.edesix.local [192.168.1.6]
([email protected])
set_process_info: 25033 delivering 1jiFk5-0006UE-9S to mail.edesix.local
[192.168.1.6] ([email protected])
192.168.1.6 in hosts_require_dane? no (option unset)
Connecting to mail.edesix.local [192.168.1.6]:25 ... 192.168.1.6 in
hosts_try_fastopen? yes (matched "*")
TFO mode sendto, no data: EINPROGRESS
connected
read response data: size=72
 SMTP<< 220 aulus.edesix.com ESMTP Exim 4.80.1 Mon, 08 Jun 2020 13:31:02 +0100
192.168.1.6 in hosts_avoid_esmtp? no (option unset)
 SMTP>> EHLO juno.edesix.local
cmd buf flush 24 bytes
read response data: size=134
 SMTP<< 250-aulus.edesix.com Hello juno.edesix.local [192.168.1.10]
        250-SIZE 52428800
        250-8BITMIME
        250-PIPELINING
        250-STARTTLS
        250 HELP
192.168.1.6 in hosts_avoid_tls? no (option unset)
 SMTP>> STARTTLS
cmd buf flush 10 bytes
read response data: size=18
 SMTP<< 220 TLS go ahead
192.168.1.6 in hosts_require_ocsp? no (option unset)
192.168.1.6 in hosts_request_ocsp? yes (matched "*")


Is 192.168.1.6 in hosts_require_ocsp? Is this a red herring ?

--
Andrew C. Aitchison                                     Kendal, UK
                        [email protected]

--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##























					Reply via email to