On Mittwoch, 29. Oktober 2014, 10:27:35 Cyborg wrote: > Am 29.10.2014 um 07:48 schrieb Elrippo: > > Hy Phil, > > actually the Android device runs on CyanogenMod M11 with Android 4.4.4 and > > K9 5.001. > > The latest release notes from K9 stated the support for TLS and with Exim4 > > from Ubuntu 12.04 the connections were made with TLS, as i could see in the > > logs. > > Since yesterdays upgrade to Ubuntu 14.04 with Exim 4.82 I can't connect > > with this specific client. > > > > Changing chipers to NORMAL or NONE didn't help. > > NONE would imply, that none are used, thats the oppusite of what you > wanted ( i assume ) : ALL . > > Marius > > > Hy guys,
i had some time for testing, and i am sorry to tell you that this is affected from Exim4.82 on Ubuntu 14.04 with gnutls installed. I did some testing with the cipher priority strings, and i find it absoloutely horrifying what is going on! I tryed different cipher suites, and then tested with swaks. 1.) Attempt tls_require_ciphers = NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0:-CIPHER-ALL:+ARCFOUR-128 swaks -a -tls -q HELO -s elrippoisland.net -au elrippo -ap '<>' === Trying elrippoisland.net:25... === Connected to elrippoisland.net. <- 220 server500gb.chello.at ESMTP Exim 4.82 Ubuntu Wed, 29 Oct 2014 18:22:57 +0100 -> EHLO zwergal-HP-Pavilion-g6-Notebook-PC <- 250-server500gb.chello.at Hello workstation.elrippoisland.net [192.168.2.35] <- 250-SIZE 52428800 <- 250-8BITMIME <- 250-PIPELINING <- 250-STARTTLS <- 250 HELP -> STARTTLS <- 220 TLS go ahead === TLS started with cipher SSLv3:RC4-SHA:128 === TLS no local certificate set === TLS peer DN="/CN=elrippoisland.net" ~> EHLO zwergal-HP-Pavilion-g6-Notebook-PC <~ 250-server500gb.chello.at Hello workstation.elrippoisland.net [192.168.2.35] <~ 250-SIZE 52428800 <~ 250-8BITMIME <~ 250-PIPELINING <~ 250-AUTH PLAIN LOGIN <~ 250 HELP ~> QUIT <~ 221 server500gb.chello.at closing connection === Connection closed with remote host. swaks -a -tls -q AUTH -s elrippoisland.net -au elrippo Password: xxxxxxxxxxxxxx === Trying elrippoisland.net:25... === Connected to elrippoisland.net. <- 220 server500gb.chello.at ESMTP Exim 4.82 Ubuntu Wed, 29 Oct 2014 18:23:14 +0100 -> EHLO zwergal-HP-Pavilion-g6-Notebook-PC <- 250-server500gb.chello.at Hello workstation.elrippoisland.net [192.168.2.35] <- 250-SIZE 52428800 <- 250-8BITMIME <- 250-PIPELINING <- 250-STARTTLS <- 250 HELP -> STARTTLS <- 220 TLS go ahead === TLS started with cipher SSLv3:RC4-SHA:128 === TLS no local certificate set === TLS peer DN="/CN=elrippoisland.net" ~> EHLO zwergal-HP-Pavilion-g6-Notebook-PC <~ 250-server500gb.chello.at Hello workstation.elrippoisland.net [192.168.2.35] <~ 250-SIZE 52428800 <~ 250-8BITMIME <~ 250-PIPELINING <~ 250-AUTH PLAIN LOGIN <~ 250 HELP ~> AUTH LOGIN <~ 334 VXNlcm5hbWU6 ~> ZWxyaXBwbw== <~ 334 UGFzc3dvcmQ6 ~> RGVyX01hbm5fb2huZV9TY2hhdHRlbg== <~ 235 Authentication succeeded ~> QUIT <~ 221 server500gb.chello.at closing connection === Connection closed with remote host. 2.) Attempt tls_require_ciphers = NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0 swaks -a -tls -q AUTH -s elrippoisland.net -au elrippo Password: xxxxxxxxxxxxxx === Trying elrippoisland.net:25... === Connected to elrippoisland.net. <- 220 server500gb.chello.at ESMTP Exim 4.82 Ubuntu Wed, 29 Oct 2014 18:31:05 +0100 -> EHLO zwergal-HP-Pavilion-g6-Notebook-PC <- 250-server500gb.chello.at Hello workstation.elrippoisland.net [192.168.2.35] <- 250-SIZE 52428800 <- 250-8BITMIME <- 250-PIPELINING <- 250-STARTTLS <- 250 HELP -> STARTTLS <- 220 TLS go ahead === TLS started with cipher SSLv3:DHE-RSA-AES256-SHA:256 === TLS no local certificate set === TLS peer DN="/CN=elrippoisland.net" ~> EHLO zwergal-HP-Pavilion-g6-Notebook-PC <~ 250-server500gb.chello.at Hello workstation.elrippoisland.net [192.168.2.35] <~ 250-SIZE 52428800 <~ 250-8BITMIME <~ 250-PIPELINING <~ 250-AUTH PLAIN LOGIN <~ 250 HELP ~> AUTH LOGIN <~ 334 VXNlcm5hbWU6 ~> ZWxyaXBwbw== <~ 334 UGFzc3dvcmQ6 ~> RGVyX01hbm5fb2huZV9TY2hhdHRlbg== <~ 235 Authentication succeeded ~> QUIT <~ 221 server500gb.chello.at closing connection === Connection closed with remote host. swaks -a -tls -q HELO -s elrippoisland.net -au elrippo -ap '<>' === Trying elrippoisland.net:25... === Connected to elrippoisland.net. <- 220 server500gb.chello.at ESMTP Exim 4.82 Ubuntu Wed, 29 Oct 2014 18:31:53 +0100 -> EHLO zwergal-HP-Pavilion-g6-Notebook-PC <- 250-server500gb.chello.at Hello workstation.elrippoisland.net [192.168.2.35] <- 250-SIZE 52428800 <- 250-8BITMIME <- 250-PIPELINING <- 250-STARTTLS <- 250 HELP -> STARTTLS <- 220 TLS go ahead === TLS started with cipher SSLv3:DHE-RSA-AES256-SHA:256 === TLS no local certificate set === TLS peer DN="/CN=elrippoisland.net" ~> EHLO zwergal-HP-Pavilion-g6-Notebook-PC <~ 250-server500gb.chello.at Hello workstation.elrippoisland.net [192.168.2.35] <~ 250-SIZE 52428800 <~ 250-8BITMIME <~ 250-PIPELINING <~ 250-AUTH PLAIN LOGIN <~ 250 HELP ~> QUIT <~ 221 server500gb.chello.at closing connection === Connection closed with remote host. With this setup my logs look like this [email protected] H=elrippos-sony-xperia-z1-compact.mywireless.elrippoisland.net [192.168.3.218] P=esmtpsa X=SSL3.0:DHE_RSA_AES_256_CBC_SHA1:256 A=plain_saslauthd_server:elrippo S=6075 [email protected] 3.) Attempt with defaultsetting, and without any tweaking EXIM4 reports -> TLS error on connection from workstation.elrippoisland.net (zwergal-HP-Pavilion-g6-Notebook-PC) [192.168.2.35] (gnutls_handshake): Could not negotiate a supported cipher suite swaks -a -tls -q AUTH -s elrippoisland.net -au elrippo Password: XXXXXXXXXXXXXXXXXXXXXXX === Trying elrippoisland.net:25... === Connected to elrippoisland.net. <- 220 server500gb.chello.at ESMTP Exim 4.82 Ubuntu Wed, 29 Oct 2014 18:42:45 +0100 -> EHLO zwergal-HP-Pavilion-g6-Notebook-PC <- 250-server500gb.chello.at Hello workstation.elrippoisland.net [192.168.2.35] <- 250-SIZE 52428800 <- 250-8BITMIME <- 250-PIPELINING <- 250-STARTTLS <- 250 HELP -> STARTTLS <- 220 TLS go ahead *** TLS startup failed (connect(): error:00000000:lib(0):func(0):reason(0)) *** STARTTLS attempted but failed :~$ swaks -a -tls -q HELO -s elrippoisland.net -au elrippo -ap '<>' === Trying elrippoisland.net:25... === Connected to elrippoisland.net. <- 220 server500gb.chello.at ESMTP Exim 4.82 Ubuntu Wed, 29 Oct 2014 18:42:51 +0100 -> EHLO zwergal-HP-Pavilion-g6-Notebook-PC <- 250-server500gb.chello.at Hello workstation.elrippoisland.net [192.168.2.35] <- 250-SIZE 52428800 <- 250-8BITMIME <- 250-PIPELINING <- 250-STARTTLS <- 250 HELP -> STARTTLS <- 220 TLS go ahead *** TLS startup failed (connect(): error:00000000:lib(0):func(0):reason(0)) *** STARTTLS attempted but failed Before upgrading Ubuntu 12.04 to 14.04 my logs locked like this [email protected] H=workstation.elrippoisland.net (zwergal-hp-pavilion-g6-notebook-pc.localnet) [192.168.2.35] P=esmtpsa X=TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256 A=login_saslauthd_server:elrippo S=13101 id=2139141.gh9cNJuBuK@zwergal-hp-pavilion-g6-notebook-pc So please tell me, we can fix this guys...... Kind regards, elrippo -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
