[exim] TLS session is required, but an attempt to start TLS failed

Tue, 18 Oct 2022 06:13:18 -0700

I've recently started receiving the following message in my log files when sending to one host:
2022-10-18 07:12:45 H=example.com [###.###.###.199]: a TLS session is required, but an attempt to start TLS failed 2022-10-18 07:12:45 H=example.com [###.###.###.196]: a TLS session is required, but an attempt to start TLS failed 2022-10-18 07:12:45 H=example.com [###.###.###.198]: a TLS session is required, but an attempt to start TLS failed 2022-10-18 07:12:46 H=example.com [###.###.###.197]: a TLS session is required, but an attempt to start TLS failed 2022-10-18 07:12:46 H=example.com [###.###.###.194]: a TLS session is required, but an attempt to start TLS failed 2022-10-18 07:12:46 someu...@example.com R=dnslookup T=remote_smtp defer (-38) H=example.com [###.###.###.194]: a TLS session is required, but an attempt to start TLS failed 


The error is causing email addressed to this host to hang in my queue 
and then fail to be delivered after the time out period.  My exim.config 
is setup with the following options enabled:


tls_advertise_hosts = *
tls_certificate = /usr/local/ssl/apache-selfsigned.crt
tls_privatekey = /usr/local/ssl/apache-selfsigned.key

The output from openssl s_client -connect example.com:25 -starttls smtp is:

CONNECTED(00000003)

depth=0 C = US, ST = State, L = My City, O = "My ORG", OU = IT, CN = 
mail.example.com, emailAddress = myaddr...@example.com

verify error:num=18:self signed certificate
verify return:1

depth=0 C = US, ST = State, L = My City, O = "My ORG", OU = IT, CN = 
mail.example.com, emailAddress = myaddr...@example.com

verify return:1
---
Certificate chain

 0 s:/C=US/ST=State/L=My City/O=My 
ORG/OU=IT/CN=mail.example.com/emailAddress=myaddr...@example.com
   i:/C=US/ST=State/L=My City/O=My 
ORG/OU=IT/CN=mail.example.com/emailAddress=myaddr...@example.com

---
Server certificate
-----BEGIN CERTIFICATE-----
MY CERT DATA
-----END CERTIFICATE-----

subject=/C=US/ST=State/L=My City/O=My 
ORG/OU=IT/CN=mail.example.com/emailAddress=myaddr...@example.com
issuer=/C=US/ST=State/L=My City/O=My 
ORG/OU=IT/CN=mail.example.com/emailAddress=myaddr...@example.com

---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1783 bytes and written 450 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No StatePN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384

    Session-ID: 
63CF1FE61EED74FBDBA1A3D8672533D0B9FB72737A05D24D59A5D22ECEFF71CD

    Session-ID-ctx:
    Master-Key: KEY#######
    Key-Arg   : None
    Krb5 PrincipState: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1666097362
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
250 HELP


I can send mail to all other hosts except this host without receiving 
the error and can receive from this host and all others without issue.  
My question is if there is a way to reconfigure the TLS on my Exim 
server to get around this type of error on the receiving server?


Thanks for the help,

Patrick



--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/






















					Reply via email to