HI All, Has anyone noticed a problem with exim-4.80.01+OpenSSL 1.0.1e (installed from FreeBSD ports) and it delivering to remote hosts using TLS? Some remote hosts do work. Debugging shows that SSL negotiation finished successfully but straight after that it is logged that the remote closed the connection in response to MAIL FROM:<> Disabling TLS fixes the problem or reverting to OpenSSL 0.9.8q (part of base in FreeBSD 8.2) fixes the problem.
Anyone have suggestions on the best way to debug this to determine if its a OpenSSL or a Exim problem ? Below is an example of one remote host with a non-working and a working version: 14:28:57 95534 Connecting to maile.printspots.com [216.16.225.134]:25 ... connected 14:28:58 95534 expanding: $primary_hostname 14:28:58 95534 result: mx1.percol8.co.za 14:28:58 95534 waiting for data on socket 14:28:58 95534 read response data: size=121 14:28:58 95534 SMTP<< 220 at-5000.VFPRINT.NET Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Fri, 22 Feb 2013 07:28:58 -0500 14:28:58 95534 216.16.225.134 in hosts_avoid_esmtp? no (option unset) 14:28:58 95534 SMTP>> EHLO mx1.percol8.co.za 14:28:58 95534 waiting for data on socket 14:28:58 95534 read response data: size=334 14:28:58 95534 SMTP<< 250-at-5000.VFPRINT.NET Hello [41.79.180.20] 14:28:58 95534 250-TURN 14:28:58 95534 250-SIZE 14:28:58 95534 250-ETRN 14:28:58 95534 250-PIPELINING 14:28:58 95534 250-DSN 14:28:58 95534 250-ENHANCEDSTATUSCODES 14:28:58 95534 250-8bitmime 14:28:58 95534 250-BINARYMIME 14:28:58 95534 250-CHUNKING 14:28:58 95534 250-VRFY 14:28:58 95534 250-TLS 14:28:58 95534 250-STARTTLS 14:28:58 95534 250-X-EXPS GSSAPI NTLM LOGIN 14:28:58 95534 250-X-EXPS=LOGIN 14:28:58 95534 250-AUTH GSSAPI NTLM LOGIN 14:28:58 95534 250-AUTH=LOGIN 14:28:58 95534 250-X-LINK2STATE 14:28:58 95534 250-XEXCH50 14:28:58 95534 250 OK 14:28:58 95534 216.16.225.134 in hosts_avoid_tls? no (option unset) 14:28:58 95534 SMTP>> STARTTLS 14:28:58 95534 waiting for data on socket 14:28:59 95534 read response data: size=29 14:28:59 95534 SMTP<< 220 2.0.0 SMTP server ready 14:28:59 95534 setting SSL CTX options: 0x1000000 14:28:59 95534 Diffie-Hellman initialized from default with 2048-bit prime 14:28:59 95534 Initialized TLS 14:28:59 95534 Calling SSL_connect 14:28:59 95534 SSL info: before/connect initialization 14:28:59 95534 SSL info: before/connect initialization 14:28:59 95534 SSL info: SSLv2/v3 write client hello A 14:28:59 95534 SSL info: SSLv3 read server hello A 14:28:59 95534 SSL info: SSLv3 read server certificate A 14:28:59 95534 SSL info: SSLv3 read server done A 14:28:59 95534 SSL info: SSLv3 write client key exchange A 14:28:59 95534 SSL info: SSLv3 write change cipher spec A 14:28:59 95534 SSL info: SSLv3 write finished A 14:28:59 95534 SSL info: SSLv3 flush data 14:28:59 95534 SSL info: SSLv3 read finished A 14:28:59 95534 SSL info: SSL negotiation finished successfully 14:28:59 95534 SSL info: SSL negotiation finished successfully 14:28:59 95534 SSL_connect succeeded 14:28:59 95534 Cipher: TLSv1:DES-CBC3-SHA:168 14:28:59 95534 SMTP>> EHLO mx1.percol8.co.za 14:28:59 95534 tls_do_write(0x7fffffffca80, 24) 14:28:59 95534 SSL_write(SSL, 0x7fffffffca80, 24) 14:28:59 95534 outbytes=24 error=0 14:28:59 95534 waiting for data on socket 14:28:59 95534 Calling SSL_read(0x801c0e800, 0x7fffffffaa80, 4096) 14:28:59 95534 read response data: size=311 14:28:59 95534 SMTP<< 250-at-5000.VFPRINT.NET Hello [41.79.180.20] 14:28:59 95534 250-TURN 14:28:59 95534 250-SIZE 14:28:59 95534 250-ETRN 14:28:59 95534 250-PIPELINING 14:28:59 95534 250-DSN 14:28:59 95534 250-ENHANCEDSTATUSCODES 14:28:59 95534 250-8bitmime 14:28:59 95534 250-BINARYMIME 14:28:59 95534 250-CHUNKING 14:28:59 95534 250-VRFY 14:28:59 95534 250-X-EXPS GSSAPI NTLM LOGIN 14:28:59 95534 250-X-EXPS=LOGIN 14:28:59 95534 250-AUTH GSSAPI NTLM LOGIN 14:28:59 95534 250-AUTH=LOGIN 14:28:59 95534 250-X-LINK2STATE 14:28:59 95534 250-XEXCH50 14:28:59 95534 250 OK 14:28:59 95534 216.16.225.134 in hosts_avoid_pipelining? yes (matched "*") 14:28:59 95534 not using PIPELINING 14:28:59 95534 216.16.225.134 in hosts_require_auth? no (option unset) 14:28:59 95534 216.16.225.134 in hosts_try_auth? no (option unset) 14:28:59 95534 SMTP>> MAIL FROM:<[email protected]> SIZE=16250 14:28:59 95534 tls_do_write(0x7fffffffca80, 59) 14:28:59 95534 SSL_write(SSL, 0x7fffffffca80, 59) 14:28:59 95534 outbytes=59 error=0 14:28:59 95534 waiting for data on socket 14:28:59 95534 Calling SSL_read(0x801c0e800, 0x7fffffffaa80, 4096) 14:29:00 95534 SSL info: SSL negotiation finished successfully 14:29:00 95534 ok=0 send_quit=0 send_rset=1 continue_more=0 yield=1 first_address is not NULL 14:29:00 95534 tls_close(): shutting down SSL 14:29:00 95534 SSL info: SSL negotiation finished successfully 14:29:00 95534 LOG: MAIN 14:29:00 95534 Remote host maile.printspots.com [216.16.225.134] closed connection in response to MAIL FROM:<[email protected]> SIZE=16250 as opposed to the working version to the same remote host: Connecting to maile.printspots.com [216.16.225.134]:25 ... connected waiting for data on socket read response data: size=121 SMTP<< 220 at-5000.VFPRINT.NET Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Fri, 22 Feb 2013 08:01:14 -0500 216.16.225.134 in hosts_avoid_esmtp? no (option unset) SMTP>> EHLO mx1.percol8.co.za waiting for data on socket read response data: size=334 SMTP<< 250-at-5000.VFPRINT.NET Hello [41.79.180.20] 250-TURN 250-SIZE 250-ETRN 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-8bitmime 250-BINARYMIME 250-CHUNKING 250-VRFY 250-TLS 250-STARTTLS 250-X-EXPS GSSAPI NTLM LOGIN 250-X-EXPS=LOGIN 250-AUTH GSSAPI NTLM LOGIN 250-AUTH=LOGIN 250-X-LINK2STATE 250-XEXCH50 250 OK 216.16.225.134 in hosts_avoid_tls? no (option unset) SMTP>> STARTTLS waiting for data on socket read response data: size=29 SMTP<< 220 2.0.0 SMTP server ready setting SSL CTX options: 0x1000000 Diffie-Hellman initialized from default with 2048-bit prime Initialized TLS Calling SSL_connect SSL info: before/connect initialization SSL info: before/connect initialization SSL info: SSLv2/v3 write client hello A SSL info: SSLv3 read server hello A SSL info: SSLv3 read server certificate A SSL info: SSLv3 read server done A SSL info: SSLv3 write client key exchange A SSL info: SSLv3 write change cipher spec A SSL info: SSLv3 write finished A SSL info: SSLv3 flush data SSL info: SSLv3 read finished A SSL info: SSL negotiation finished successfully SSL info: SSL negotiation finished successfully SSL_connect succeeded Cipher: TLSv1:RC4-MD5:128 SMTP>> EHLO mx1.percol8.co.za tls_do_write(0x7fffffffc8c0, 24) SSL_write(SSL, 0x7fffffffc8c0, 24) outbytes=24 error=0 waiting for data on socket Calling SSL_read(0x801c84000, 0x7fffffffa8c0, 4096) read response data: size=311 SMTP<< 250-at-5000.VFPRINT.NET Hello [41.79.180.20] 250-TURN 250-SIZE 250-ETRN 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-8bitmime 250-BINARYMIME 250-CHUNKING 250-VRFY 250-X-EXPS GSSAPI NTLM LOGIN 250-X-EXPS=LOGIN 250-AUTH GSSAPI NTLM LOGIN 250-AUTH=LOGIN 250-X-LINK2STATE 250-XEXCH50 250 OK 216.16.225.134 in hosts_avoid_pipelining? yes (matched "*") not using PIPELINING 216.16.225.134 in hosts_require_auth? no (option unset) 216.16.225.134 in hosts_try_auth? no (option unset) SMTP>> MAIL FROM:<[email protected]> SIZE=16250 tls_do_write(0x7fffffffc8c0, 59) SSL_write(SSL, 0x7fffffffc8c0, 59) outbytes=59 error=0 waiting for data on socket Calling SSL_read(0x801c84000, 0x7fffffffa8c0, 4096) read response data: size=59 SMTP<< 250 2.1.0 [email protected] OK thanks -- .warren -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
