Hi, Francois Sauterey <[email protected]> (Do 22 Aug 2013 16:16:01 CEST): > debian squeeze > exim4 : 4.72-6+squeeze3 > server: manny.fsu.fr > > I can't send mail from the website server (manny), to me (i.e; > [email protected]) [ the mail server is an old gentoo with qmail :-( ] > > Here is the dialog: > > Connecting to mx1.fsu.fr [91.121.120.209]:25 ... connected > > SMTP<< 220 ns2014523.ovh.net ESMTP > > SMTP>> EHLO manny.fsu.fr > > SMTP<< 250-ns2014523.ovh.net > > 250-PIPELINING > > 250-STARTTLS > > 250-8BITMIME > > 250 SIZE 0 > > SMTP>> STARTTLS > > SMTP<< 220 ready for tls > > SMTP>> EHLO manny.fsu.fr > > SMTP<< 250-ns2014523.ovh.net > > 250-PIPELINING > > 250-8BITMIME > > 250 SIZE 0 > > SMTP>> MAIL FROM:<[email protected]> SIZE=1555 > > SMTP>> RCPT TO:<[email protected]> > > SMTP>> DATA > > LOG: MAIN > > TLS error on connection to mx1.fsu.fr [91.121.120.209] (recv): A TLS > > packet with unexpected length was received. > > LOG: MAIN > > Remote host mx1.fsu.fr [91.121.120.209] closed connection in response to > > MAIL FROM:<[email protected]> SIZE=1555 > > LOG: MAIN > > == [email protected] R=dnslookup T=remote_smtp defer (-18): Remote host > > mx1.fsu.fr [91.121.120.209] closed connection in response to MAIL > > FROM:<[email protected]> SIZE=1555 > > It's seem a TLS pb, but I don't understand why ! ( the CN certficate is > manny.fsu.fr (OK)) > > So two questions: > 1) in urgency: how to tell the exim4 website to not use TLS (problems > appair whit the STARTTLS) [some google reference talk about debian > package pb...] > > 2) in futur) how to do TLS works ?
The remote server uses uses an inacceptable (to GnuTLS) signature
algorithm:
- subject `C=AU,ST=Some-State,O=Internet Widgits Pty Ltd', issuer
`C=AU,ST=Some-State,O=Internet Widgits Pty Ltd', RSA key 1024 bits, signed
using RSA-MD5 (broken!), activated `2006-06-07 09:06:04 UTC', expires
`2007-06-08 09:06:04 UTC',
RSA-MD5 is outdated and GnuTLS won't accept it anymore.
- You may link your Exim with OpenSSL, it's not as picky as GnuTLS.
- You may avoid using TLS for this host.
- You may generate a new certificate using RSA-SHA1 for the
signature. (Newer "openssl req …" does this per default.)
But as always, I might be completly wrong.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: 7CBF764A -
gnupg fingerprint: 9288 F17D BBF9 9625 5ABC 285C 26A9 687E 7CBF 764A -
(gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B)-
signature.asc
Description: Digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
