Am 09.12.22 um 18:22 schrieb Viktor Dukhovni via Exim-users:
Are there any destination domains or MX hostnames you're willing and able to share which exhibit this issue? If this is reproducible also with e.g. Postfix and other MTAs, then there's nothing here for Exim to do. The remote server does not have an interoperable STARTTLS implementation: something is broken on the Internet...
Guys, it was just a FYI without the FYI mark. I will add it next time :)There is nothing exim can do or should do. It's 100% caused by outdated legacy servers, ignoring the year 2009 CVE.
The issue is reproduceable with openssl s_client directly: openssl s_client -connect 82.218.176.66:25 -starttls smtpfor that host, you need to downgrade to " -tls1 ", as that candidate is extremly old :D
All you should have in mind: if you switch to openssl3, this will haben with a small minority of foreign mailservers. You are not the cause for this.
Best regards, Marius
OpenPGP_0x048770A738345DD3.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
