Thank you Victor, your detailed analysis of the TCP dump made me look into the
right direction.
Virtualisation (KVM) is also used here, but that was not the reason for the
behaviour. It also wasnt TCP offloading, although used.
The culprit was a firewall. I am a bit limited as to what I can
On 2018-02-12 20:57, Ian Zimmerman via Exim-users wrote:
> Ok, it was on, I disabled it. We'll see soon enough if your
> hypothesis is right :-)
No change :-(
But in my case, all the messages actually make it through. Also, I
checked my old logfiles, and this was the case even with GnuTLS.
Ri
> On Feb 12, 2018, at 11:57 PM, Ian Zimmerman via Exim-users
> wrote:
>
> I am slightly surprised I could do that; I'd have expected only root on
> the host machine to have that power.
I would also expect that typically the changes need to happen on the host,
though some configurations may su
On 2018-02-12 22:50, Viktor Dukhovni via Exim-users wrote:
> > My server runs in a KVM. Doesn't that rule out hardware TCP
> > offloading as the culprit?
>
> No, it rather makes the problem more likely. Virtual machines are
> often behind NAT, which can be incompatible with TCP offload, and
> t
> On Feb 12, 2018, at 10:19 PM, Ian Zimmerman via Exim-users
> wrote:
>
>> My previous assesment was wrong: even when exim was compiled with
>> OpenSSL instead of GnuTLS the error did occur, albeit with a different
>> error message.
>
> Same here. The new error message is:
>
> SSL_write: (f
On 2018-02-13 02:21, Andreas Bauer via Exim-users wrote:
> First, thanks to everyone contributing and sorry I did not have time
> to more deeply troubleshoot the SSL issue.
> My previous assesment was wrong: even when exim was compiled with
> OpenSSL instead of GnuTLS the error did occur, albeit
> On Feb 12, 2018, at 8:21 PM, Andreas Bauer via Exim-users
> wrote:
>
> 504 540.259940 40.92.67.82 TCP 66
>45792 → 25 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
> 505 540.259967 40.92.67.82 TCP 66
First, thanks to everyone contributing and sorry I did not have time to more
deeply troubleshoot the SSL issue.
My previous assesment was wrong: even when exim was compiled with OpenSSL
instead of GnuTLS the error did occur, albeit with a different error message.
Because it is a production sy
On 07/02/18 18:25, Ian Zimmerman wrote:
>> 2017-11-27 13:22:55
>> TLS error on connection from
>> mail-oln040092070016.outbound.protection.outlook.com
>> (EUR03-AM5-obe.outbound.protection.outlook.com) [40.92.70.16] (send): The
>> specified session has been invalidated for some reason.
>> 2017-
> 2017-11-27 13:22:55
> TLS error on connection from
> mail-oln040092070016.outbound.protection.outlook.com
> (EUR03-AM5-obe.outbound.protection.outlook.com) [40.92.70.16] (send): The
> specified session has been invalidated for some reason.
> 2017-11-27 13:23:46
> 1eJILV-0001Gg-K3 TLS error o
Hello,
replying to myself, this problem is indeed related to GnuTLS in the Debian
strech compile of Exim4. Once I did this:
sudo apt-get update
sudo apt-get upgrade
sudo apt-get build-dep exim4
sudo apt-get install --no-install-recommends devscripts fakeroot
apt-get source exim4
perl -i -pe
On 27/11/17 20:43, Kirill Miazine via Exim-users wrote:
> I'm having another issue with *.outlook.com, please see below. I don't
> mean to hijack the thread, but maybe report will help tracking down the
> issue.
> Nov 25 18:03:17 puffy exim[17107]: SSL_write: (from
> mail-oln040092005061.outbound
I'm having another issue with *.outlook.com, please see below. I don't
mean to hijack the thread, but maybe report will help tracking down the
issue.
* Andreas Bauer via Exim-users [2017-11-27 13:30]:
> Hello all,
>
> we have a well configured mail server with exi 4.89 on Debian 9, and
> use a L
On 27/11/17 17:42, Viktor Dukhovni wrote:
>> On Nov 27, 2017, at 12:24 PM, Jeremy Harris wrote:
>>
>> b)
>> Fire up wireshark, grab from the interface corresponding to the expected
>> inbound, filtering by that IP (for either src or dest).
>
> Definitely warrants a PCAP capture. Can Exim do [mor
> On Nov 27, 2017, at 12:24 PM, Jeremy Harris wrote:
>
> b)
> Fire up wireshark, grab from the interface corresponding to the expected
> inbound, filtering by that IP (for either src or dest).
Definitely warrants a PCAP capture. Can Exim do [more] verbose logging
based on the peer's IP addres
On 27/11/17 12:30, Andreas Bauer via Exim-users wrote:
> 2017-11-27 13:22:55
> TLS error on connection from
> mail-oln040092070016.outbound.protection.outlook.com
> (EUR03-AM5-obe.outbound.protection.outlook.com) [40.92.70.16] (send): The
> specified session has been invalidated for some reason
Hello all,
we have a well configured mail server with exi 4.89 on Debian 9, and use a
LetsEncrypt certificate for SMTP with STARTTLS on port 25 as well as SMTPS on
port 465.
Everything works well, except:
2017-11-27 13:22:55
TLS error on connection from
mail-oln040092070016.outbound.protect
17 matches
Mail list logo