thr3ads.net - Pkg exim4 users - [Pkg-exim4-users] tracking - TLS error on connection from host [x.x.x.x] (gnutls

If this information is useful, please help other people find it:
Share via:

Marco Kammerer

2009-Aug-06 11:36 UTC

[Pkg-exim4-users] tracking - TLS error on connection from host [x.x.x.x] (gnutls_handshake): timed out

Hello

I am running debian etch with the normal exim (i know lenny is out an i 
should upgrade)

The server acts as mx, for checking emails for spam and forwarding them to 
different mailservers.

Since 1 week i read the following in /var/log/exim4/maillog
that the TLS handshake failed

http://de.pastebin.ca/1520372

gnutls-bin is installed on the mashine

i yesterday exchanged the certificate - i tought this could be a reason

i made some trackings

openssl s_client -connect localhost:666
http://de.pastebin.ca/1520365

exim4 -bd -d+tls -oX 0.0.0.0.666 -tls-on-connect
http://de.pastebin.ca/1520369

here everything works good out.

if i check via
swaks -a -tls -q AUTH -s mx4-au xxx
http://de.pastebin.ca/1520382

any hint is appreciated.

i have now deactivate tls via
MAIN_TLS_ADVERTISE_HOSTS=1.1.1.1
so that no advertise is done, but that is not the ideal way ....

Marco

Simon Josefsson

2009-Aug-06 14:14 UTC

head link

[Pkg-exim4-users] tracking - TLS error on connection from host [x.x.x.x] (gnutls_handshake): timed out

"Marco Kammerer" <marco.kammerer at uibk.ac.at> writes:
> Hello
>
> I am running debian etch with the normal exim (i know lenny is out an
> i should upgrade)
>
> The server acts as mx, for checking emails for spam and forwarding
> them to different mailservers.
>
> Since 1 week i read the following in /var/log/exim4/maillog
> that the TLS handshake failed
>
> http://de.pastebin.ca/1520372
Hi.

Are you sure these aren''t just normal timeouts from hosts that
don''t
want to complete the TLS handshake?  Could be hosts probing your
machine.
> gnutls-bin is installed on the mashine
>
> i yesterday exchanged the certificate - i tought this could be a reason
>
> i made some trackings
>
> openssl s_client -connect localhost:666
> http://de.pastebin.ca/1520365
Looks fine to me?
> exim4 -bd -d+tls -oX 0.0.0.0.666 -tls-on-connect
> http://de.pastebin.ca/1520369
This looks you are talking TLS-over-TCP against a server that sends a
SMTP header, so the error is expected.
> here everything works good out.
>
> if i check via
> swaks -a -tls -q AUTH -s mx4-au xxx
> http://de.pastebin.ca/1520382
Seems correct to me as well.
> any hint is appreciated.
>
> i have now deactivate tls via
> MAIN_TLS_ADVERTISE_HOSTS=1.1.1.1
> so that no advertise is done, but that is not the ideal way ....
I think I need some more information on what you believe the error is to
be able to debug further.

/Simon

Pkg exim4 users - Aug 2009 - tracking - TLS error on connection from host [x.x.x.x] (gnutls_handshake): timed out

[Pkg-exim4-users] tracking - TLS error on connection from host [x.x.x.x] (gnutls_handshake): timed out

[Pkg-exim4-users] tracking - TLS error on connection from host [x.x.x.x] (gnutls_handshake): timed out