On 31.05.2021 23:29, Viktor Dukhovni via Exim-users wrote:
I see, the version of OpenSSL may be relevant here.
Is the server in question "mail.fuze.pl"? On port 25 for that server I
This is not the server but It uses the same configuration and same
FreeBSD/openssl version - but as I tested
On Mon, May 31, 2021 at 11:19:23PM +0200, Marcin Gryszkalis via Exim-users
wrote:
> On 31.05.2021 22:59, Viktor Dukhovni via Exim-users wrote:
> >> I checked on exim built on FreeBSD 12 (with openssl 1.1) and it works fine
> >> - but fails on other installation with openssl 1.0.
> >
> > So
On 31.05.2021 22:59, Viktor Dukhovni via Exim-users wrote:
I checked on exim built on FreeBSD 12 (with openssl 1.1) and it works fine -
but fails on other installation with openssl 1.0.
So what version of FreeBSD and OpenSSL are on the system with the
reported issue? Support for negotiated
On Mon, May 31, 2021 at 11:08:22PM +0300, Evgeniy Berdnikov via Exim-users
wrote:
> > SSL-Session:
> > Protocol : TLSv1.2
> > Cipher: ECDHE-ECDSA-AES256-GCM-SHA384
> > Session-ID: ...
> > Session-ID-ctx:
> > Master-Key: ...
> > Key-Arg : None
> > PSK identity:
On Mon, May 31, 2021 at 04:42:55PM +0200, Marcin Gryszkalis via Exim-users
wrote:
> openssl s_client -connect 127.0.0.1:465 -tls1_2 -cipher
> ECDHE-ECDSA-AES256-GCM-SHA384
> But - I tried to specify the curve and it failed
>
> openssl s_client -connect 127.0.0.1:465 -tls1_2 -cipher
>
On Mon, May 31, 2021 at 04:42:55PM +0200, Marcin Gryszkalis via Exim-users
wrote:
> openssl s_client -connect 127.0.0.1:465 -tls1_2 -cipher
> ECDHE-ECDSA-AES256-GCM-SHA384
>
> SSL-Session:
> Protocol : TLSv1.2
> Cipher: ECDHE-ECDSA-AES256-GCM-SHA384
> Session-ID: ...
>
On 31/05/2021 13:27, Viktor Dukhovni via Exim-users wrote:
40884 SSL_accept: error in error
40884 SSL_accept: error in error
I haven't seen that one much. Perhaps an issue in the Exim OpenSSL glue
code.
Best guess is that is from an info callback into Exim from OpenSSL
( registered via
On 31/05/2021 12:44, Marcin Gryszkalis via Exim-users wrote:
extended_master_secret is not supported by exim
Exim supports it if the OpenSSL version (both compile-time
and run-time) supports it.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
##
>> To rephrase it:
>
> - Exim 4.95 will contain "taintwarn"
> - It is meant as support for upgrading your config, w/o breaking your
> setup instantly.
> - With a future¹ release of Exim we will drop the "taintwarn" support.
> - If you failed to upgrade your config, your setup will be broken with
On 31.05.2021 14:42, Cyborg via Exim-users wrote:
The client did not offer a cipher you have allowed.
But it's not true (see details in my reponse to Viktor's mail).
You can do various tests to find out with openssl's s_client:
with s_client I always succeed - eg. when I use first cipher
On 31.05.2021 14:27, Viktor Dukhovni via Exim-users wrote:
On Mon, May 31, 2021 at 01:44:39PM +0200, Marcin Gryszkalis via Exim-users
wrote:
exim's cipher list is wide
ALL:!EXPORT:!DES:!RC2:!RC4:!MD5:!PSK:!aNULL:!eNULL:!EXP:!SRP:!DSS:!DHE:!3DES
What is the reason for disabling DHE ciphers?
On Mon, May 31, 2021 at 01:44:39PM +0200, Marcin Gryszkalis via Exim-users
wrote:
> exim's cipher list is wide
> ALL:!EXPORT:!DES:!RC2:!RC4:!MD5:!PSK:!aNULL:!eNULL:!EXP:!SRP:!DSS:!DHE:!3DES
What is the reason for disabling DHE ciphers? And though in modern
OpenSSL releases there are no longer
Am 31.05.21 um 13:44 schrieb Marcin Gryszkalis via Exim-users:
Hi, I have problem with one server connecting to my exim.
Just after Client Hello server sends "Handshake Failure" and closes
connection.
exim's cipher list is wide
Am 26.05.21 um 11:46 schrieb Cyborg via Exim-users:
Am 26.05.21 um 10:55 schrieb Jeremy Harris via Exim-users:
Hi All,
We have used Freenode for an IRC channel (#exim) for many years.
Recent developments are making me consider a move, possibly
to irc.libera.chat (port 6697 for SSL; #exim).
Hi, I have problem with one server connecting to my exim.
Just after Client Hello server sends "Handshake Failure" and closes
connection.
exim's cipher list is wide
ALL:!EXPORT:!DES:!RC2:!RC4:!MD5:!PSK:!aNULL:!eNULL:!EXP:!SRP:!DSS:!DHE:!3DES
and contains ciphers that are mentioned by client,
Evgeniy Berdnikov via Exim-users wrote:
> On Mon, May 31, 2021 at 03:59:57PM +0700, Victor Sudakov via Exim-users wrote:
> > PS in olden times, I think I could write something like
> >
> > acl_not_smtp:
> > accept condition =
> >
Jeremy Harris via Exim-users wrote:
> On 31/05/2021 08:46, Victor Sudakov via Exim-users wrote:
> > root@http1:~ # exim -C /usr/local/etc/exim/configure.nolocalmail -be
> > '${lookup{r...@http1.hiddendomain.com}lsearch{/etc/mail/whitelist.local}}'
> >
> > root@http1:~ # grep
On 31/05/2021 08:46, Victor Sudakov via Exim-users wrote:
root@http1:~ # exim -C /usr/local/etc/exim/configure.nolocalmail -be
'${lookup{r...@http1.hiddendomain.com}lsearch{/etc/mail/whitelist.local}}'
root@http1:~ # grep r...@http1.hiddendomain.com /etc/mail/whitelist.local
On Mon, May 31, 2021 at 03:59:57PM +0700, Victor Sudakov via Exim-users wrote:
> PS in olden times, I think I could write something like
>
> acl_not_smtp:
> accept condition =
> ${lookup{$authenticated_sender}lsearch{/etc/mail/whitelist.local}}
> discard message
>
> and it
Evgeniy Berdnikov via Exim-users wrote:
> On Mon, May 31, 2021 at 02:46:40PM +0700, Victor Sudakov via Exim-users wrote:
> > Evgeniy Berdnikov via Exim-users wrote:
> > > On Mon, May 31, 2021 at 01:57:26PM +0700, Victor Sudakov via Exim-users
> > > wrote:
> > > > Here is -d+lookup:
On Mon, May 31, 2021 at 02:46:40PM +0700, Victor Sudakov via Exim-users wrote:
> Evgeniy Berdnikov via Exim-users wrote:
> > On Mon, May 31, 2021 at 01:57:26PM +0700, Victor Sudakov via Exim-users
> > wrote:
> > > Here is -d+lookup: https://termbin.com/08fv
> >
> > Lookup failed. Have you
Cyborg via Exim-users wrote:
> Am 31.05.21 um 09:25 schrieb Evgeniy Berdnikov via Exim-users:
> > On Mon, May 31, 2021 at 01:57:26PM +0700, Victor Sudakov via Exim-users
> > wrote:
> > > Here is -d+lookup: https://termbin.com/08fv
> > Lookup failed. Have you string "r...@http1.hiddendomain.com"
Am 31.05.21 um 09:25 schrieb Evgeniy Berdnikov via Exim-users:
On Mon, May 31, 2021 at 01:57:26PM +0700, Victor Sudakov via Exim-users wrote:
Here is -d+lookup: https://termbin.com/08fv
Lookup failed. Have you string "r...@http1.hiddendomain.com" in this file?
Check it by hands: exim -be
Evgeniy Berdnikov via Exim-users wrote:
> On Mon, May 31, 2021 at 01:57:26PM +0700, Victor Sudakov via Exim-users wrote:
> > Here is -d+lookup: https://termbin.com/08fv
>
> Lookup failed. Have you string "r...@http1.hiddendomain.com" in this file?
> Check it by hands: exim -be '${lookup
On Mon, May 31, 2021 at 01:57:26PM +0700, Victor Sudakov via Exim-users wrote:
> Here is -d+lookup: https://termbin.com/08fv
Lookup failed. Have you string "r...@http1.hiddendomain.com" in this file?
Check it by hands: exim -be '${lookup {r...@http1.hiddendomain.com} ...}'.
--
Eugene
Evgeniy Berdnikov via Exim-users wrote:
> On Mon, May 31, 2021 at 12:50:56PM +0700, Victor Sudakov via Exim-users wrote:
> > Here is the debug:
> > https://termbin.com/kavi (the real domain is hidden as "hiddendomain").
>
> You run debug without proper selectors. Try at least -d+lookup.
I
On Mon, May 31, 2021 at 12:50:56PM +0700, Victor Sudakov via Exim-users wrote:
> Here is the debug:
> https://termbin.com/kavi (the real domain is hidden as "hiddendomain").
You run debug without proper selectors. Try at least -d+lookup.
--
Eugene Berdnikov
--
## List details at
Dear Colleagues,
I'm trying to discard mails from all local users (shared hosting) other
than from root and maybe a few others. I've configured
acl_not_smtp = acl_not_smtp
begin acl
acl_not_smtp:
accept condition = ${if
28 matches
Mail list logo
