On Sat, 2021-10-16 at 18:44 +0200, Heiko Schlittermann via Exim-users wrote: > Adam D. Barratt via Exim-users <[email protected]> (Sa 16 Okt 2021 > 17:43:57 CEST): > > > This hh.schlittermann.de runs the latest Exim, and probaby sends > > > you > > > an SNI your server for some reason doesn't accept? > > > > FWIW, I've also seen two of these, at 23:53:41UTC yesterday and > > 11:08:41UTC today. The server in question is running Debian's 4.92- > > 8+deb10u6 exim4-daemon-heavy package and has "tls_sni" set in the > > log > > selector. > > > > The log entries for the second failed connection are: > > > > 2021-10-16 11:08:40 SMTP connection from [213.128.132.49] (TCP/IP > > connection count = 1) > > 2021-10-16 11:08:41 TLS error on connection from > > hh.schlittermann.de [213.128.132.49] (gnutls_handshake): A > > disallowed SNI server name has been received. > > 2021-10-16 11:08:41 SMTP connection from hh.schlittermann.de > > [213.128.132.49] closed by EOF > > 2021-10-16 11:08:41 no MAIL in SMTP connection from > > hh.schlittermann.de [213.128.132.49] D=0s C=EHLO,STARTTLS > > > > The same server has received 21 successful connections from > > hh.schlittermann.de in the past couple of days. > > Interesting. Can you tell *what* SNI the server hh sent?
Unfortunately the above appears to be all that's logged. > That's what the hh server uses as the transport: > [...] > So, it sends you *your* hostname as an SNI. That's indeed what I see for successful connections. I've hopefully enabled TLS debug logging for connections from hh, so we'll see if that provides any useful information if it happens again. Regards, Adam -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
