Am Donnerstag, 30. Oktober 2014, 06:58:19 schrieben Sie: > On Wed, Oct 29, 2014 at 9:32 PM, elrippo <[email protected]> wrote: > > > > When i use the same desktop with a client software like kmail or > > thunderbird, i get a x=TLSv1.0 connection to exim4 > > On the other hand some other mail servers fall back to esmtp due to a > > lacking cipher suite, almost only googles mail server connects with TLSv1.2 > > I went through almost all possible priority_strings from gnutls, and NORMAL > > isn't working at all, only SECURE128:!VERS-SSL3.0 and > > SECURE256:!VERS-SSL3.0 are producing succesfull connections. > > This is all rather confusing to me..... > > > > I filed a report on K9-mail's site, i am not the only one :) > > > > Thank you for your assistance guys!!! > > > > Kind regards, > > elrippo. > > Tangent: I have not disabled SSLv3 on my mail systems, all of which > are based on OpenSSL (which is why it's only a tangent of your GnuTLS > issue). Recall that in general, the prevailing theory is that when > you disable SSLv3, you prevent a certain number of hosts who are old > and unupdated (think wireless carriers who don't release firmware > upgrades for their Android phones) from being able to use encryption > at all. > > When I looked at SMTP Auth submissions for my systems, these are the counts: > > 2 weeks ago: > TLSv1 => 10409 > SSLv3 => 1 > > Last week: > TLSv1 => 13114 > SSLv3 => 0 > > So far this week: > TLSv1 => 6628 > SSLv3 => 1 > > I'm fortunate to have a customer base that generally seems to have new > enough phones and not using Windows XP. Not everybody may be so > lucky. > > As far as outbound mail, I'm seeing: > > Last week: > Top 10 TLSv1 traffic domains: > 1. google.com 74838 > 2. yahoodns.net 41362 > 3. hotmail.com 25461 > 4. aol.com 13948 > 5. outlook.com 8787 > 6. comcast.net 7544 > 7. att.net 3423 > 8. verizon.net 3059 > 9. icloud.com 2376 > 10. psmtp.com 2064 > Top 10 SSLv3 traffic domains: > 1. websitesource.net 7 > 2. spamsentinel.org 6 > 3. oandc.com 2 > 4. crescentprocessing.com 2 > 5. zte.com.cn 2 > 6. landrumstaffing.com 1 > 7. bradfordhealth.net 1 > 8. twofalls.com 1 > > So far this week: > Top 10 TLSv1 traffic domains: > 1. google.com 43635 > 2. yahoodns.net 21061 > 3. hotmail.com 12218 > 4. aol.com 6574 > 5. outlook.com 5043 > 6. comcast.net 3716 > 7. verizon.net 2913 > 8. att.net 1271 > 9. icloud.com 1256 > 10. psmtp.com 1203 > Top 10 SSLv3 traffic domains: > 1. spamsentinel.org 2 > 2. areasmail.com 1 > 3. bradfordhealth.net 1 > > For what it's worth, you can also infer that there are some > organizations who are unable to enable encryption on their systems: > > Top 10 none traffic domains: > 1. secureserver.net 2595 > 2. rr.com 2394 > 3. verizon.net 2102 > 4. hinet.net 1648 > 5. earthlink.net 1580 > 6. cox.net 1218 > 7. optonline.net 579 > 8. untd.com 559 > 9. charter.net 472 > 10. synacor.com 426 > > ...Todd >
Hy Todd, i am tweaking and rocking at the moment :-) No it's getting interesting. I advised exim4 to use these ciphers, because nothing else is working, either writing mails nore recieving mails from other mail servers. tls_require_ciphers = NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0 I sent a mail using my desktop client and my domain to google. Incomming exim4 used SSL outgoing TLS?!?! 2014-11-01 10:07:45 1XkUee-0001XI-6c <= [email protected] H=([10.0.0.7]) [95.85.37.181] P=esmtpsa X=SSL3.0:DHE_RSA_AES_256_CBC_SHA1:256 A=plain_saslauthd_server:user S=9737 [email protected] 2014-11-01 10:07:46 1XkUee-0001XI-6c gmail-smtp-in.l.google.com [2a00:1450:4013:c01::1b] Network is unreachable 2014-11-01 10:07:47 1XkUee-0001XI-6c => [email protected] R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [173.194.65.26] X=TLS1.2:RSA_ARCFOUR_SHA1:128 DN="C=US,ST=California,L=Mountain View,O=Google Inc,CN=mx.google.com" C="250 2.0.0 OK 1414832866 fd5si1297096wib.95 - gsmtp" 2014-11-01 10:07:47 1XkUee-0001XI-6c Completed So the gnutls errors have to come in some configuration for incomming mails..... I am searching and i will report further! Kind regards, elrippo. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
