[[+content_image]]

Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vadim Rybalko2015-02-10 20:01:42
Exim
Vadim Rybalko, 2015-02-10 20:01:42

Exim does not deliver mail via esmtps. Why?

It seems like it arose after the next update, when exactly - I don’t understand already.
Listing of an attempt to forward a frozen message:

[[email protected] ~]# exim -d -M 1YL6fx-000BCp-Q0
...skipped
--------> [email protected] <--------
search_tidyup called
set_process_info: 67155 delivering 1YL6fx-000BCp-Q0: waiting for a remote delivery subprocess to finish
selecting on subprocess pipes
changed uid/gid: remote delivery to [email protected] with transport=remote_smtp
  uid=2525 gid=6 pid=67157
  auxiliary group list: 6
set_process_info: 67157 delivering 1YL6fx-000BCp-Q0 using remote_smtp
remote_smtp transport entered
  [email protected]
checking status of skunk.infortech.ru
locking /var/spool/exim/db/retry.lockfile
locked /var/spool/exim/db/retry.lockfile
EXIM_DBOPEN(/var/spool/exim/db/retry)
returned from EXIM_DBOPEN
opened hints database /var/spool/exim/db/retry: flags=O_RDONLY
dbfn_read: key=T:skunk.infortech.ru:217.23.140.125
dbfn_read: key=T:skunk.infortech.ru:217.23.140.125:1YL6fx-000BCp-Q0
no host retry record
no message retry record
skunk.infortech.ru [217.23.140.125] status = usable
217.23.140.125 in serialize_hosts? no (option unset)
delivering 1YL6fx-000BCp-Q0 to skunk.infortech.ru [217.23.140.125] ([email protected])
set_process_info: 67157 delivering 1YL6fx-000BCp-Q0 to skunk.infortech.ru [217.23.140.125] ([email protected])
Connecting to skunk.infortech.ru [217.23.140.125]:25 ... connected
waiting for data on socket
read response data: size=72
  SMTP<< 220 skunk.infortech.ru ESMTP Exim 4.71 Tue, 10 Feb 2015 20:33:22 +0400
217.23.140.125 in hosts_avoid_esmtp? no (option unset)
  SMTP>> EHLO mail.our.net
waiting for data on socket
read response data: size=145
  SMTP<< 250-skunk.infortech.ru Hello mail.our.net [1.2.3.4]
         250-SIZE 52428800
         250-PIPELINING
         250-AUTH LOGIN PLAIN
         250-STARTTLS
         250 HELP
217.23.140.125 in hosts_avoid_tls? no (option unset)
  SMTP>> STARTTLS
waiting for data on socket
read response data: size=18
  SMTP<< 220 TLS go ahead
217.23.140.125 in hosts_require_ocsp? no (option unset)
217.23.140.125 in hosts_request_ocsp? yes (matched "*")
setting SSL CTX options: 0x1000000
Diffie-Hellman initialized from default with 2048-bit prime
Initialized TLS
Calling SSL_connect
SSL info: before/connect initialization
SSL info: before/connect initialization
SSL info: SSLv2/v3 write client hello A
Received TLS status response (OCSP stapling): null
SSL info: SSLv3 read server hello A
SSL info: SSLv3 read server certificate A
SSL info: SSLv3 read server done A
SSL info: SSLv3 write client key exchange A
SSL info: SSLv3 write change cipher spec A
reading pipe for subprocess 67157 (not ended)
read() yielded 0
selecting on subprocess pipes
reading pipe for subprocess 67157 (not ended)
read() yielded 0
...over 9000
selecting on subprocess pipes
reading pipe for subprocess 67157 (not ended)
read() yielded 0
selecting on subprocess pipes
reading pipe for subprocess 67157 (not ended)
read() yielded 0
remote delivery process 67157 ended: status=000b
set_process_info: 67155 delivering 1YL6fx-000BCp-Q0
post-process [email protected] (1)
LOG: MAIN
  == [email protected] R=dnslookup T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x000b: terminated by signal 11
...skipped

Clear issue with TLS/SSL handshake
[[email protected] ~]# exim --version
Exim version 4.85 #1 (FreeBSD 10.0) built 10-Feb-2015 19:19:20
Copyright (c) University of Cambridge, 1995 - 2014
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2014
Probably Berkeley DB version 1.8x (native mode)
Support for: crypteq iconv() IPv6 use_setclassresources PAM Perl Expand_dlfunc OpenSSL Content_Scanning DKIM Old_Demime PRDR OCSP Experimental_SPF Experimental_SRS
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch mysql passwd
Authenticators: cram_md5 dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /usr/local/etc/exim/configure

[[email protected] ~]# /usr/local/bin/openssl version
OpenSSL 1.0.1l 15 Jan 2015

[[email protected] ~]# cat /usr/local/etc/exim/configure | grep tls
tls_advertise_hosts = *
tls_on_connect_ports = 465
tls_certificate = /usr/local/etc/exim/ssl/mailserver.crt
tls_privatekey = /usr/local/etc/exim/ssl/mailserver.key

People decide by adding hosts_avoid_tls to transports, but this disables esmtps altogether, leaving only esmtp, which does not solve the problem. I would like to understand why this occurs.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

[[+comments_count]] answer(s)
Report
S
swapp, 2015-03-11
@swapp

If Exim is compiled with openssl, it helps to disable compression in it, for example:
openssl_options = +no_compression
or immediately with SSLv3 disabled:
openssl_options = +no_sslv3 +no_compression

Similar questions
S
SwVZFSf4fLt8NSZNfV872014-07-19 23:25:36
How to send exim mail via gmail to specific users? 0Reply
K
Konstantin Khairov2019-01-12 04:45:33
Why are letters not sent, but the reception works? 1Reply
A
Archiba2014-07-23 10:11:54
How to configure the Exim system filter in conjunction with Spamassassin? 2Reply
N
Nikolai Savelyev2016-08-18 11:08:56
Why doesn't Exim accept letters? 1Reply
O
Oleg Svirchev2014-08-06 12:57:17
How to prevent exim from sending emails to yahoo, hotmail, etc.? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question