exim4 TLS errors

To: debian-user@lists.debian.org
Subject: exim4 TLS errors
From: Joe Pfeiffer <pfeiffer@cs.nmsu.edu>
Date: Wed, 07 Mar 2012 09:29:15 -0700
Message-id: <[🔎] 1bfwdk5q90.fsf@pfeifferfamily.net>

Monday my exim4 server began reporting errors trying to deliver email to
a number of sites, as follows:

2012-03-07 09:04:42 1S5JM2-0001iQ-Rz <= joseph@pfeifferfamily.net U=pfeiffer P=local S=398
2012-03-07 09:04:44 1S5JM2-0001iQ-Rz TLS error on connection to creepinglunacy.com [199.85.212.11] (recv): A TLS packet with unexpected length was received.
2012-03-07 09:04:44 1S5JM2-0001iQ-Rz TLS error on connection to creepinglunacy.com [199.85.212.11] (send): The specified session has been invalidated for some reason.
2012-03-07 09:04:44 1S5JM2-0001iQ-Rz ** mgap@creepinglunacy.com R=dnslookup T=remote_smtp: SMTP error from remote mail server after MAIL FROM:<joseph@pfeifferfamily.net> SIZE=1432: host creepinglunacy.com [199.85.212.11]: 550 Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
2012-03-07 09:04:45 1S5JM5-0001iV-0U <= <> R=1S5JM2-0001iQ-Rz U=Debian-exim P=local S=1392
2012-03-07 09:04:45 1S5JM2-0001iQ-Rz Completed
2012-03-07 09:05:37 1S5JM5-0001iV-0U => pfeiffer <joseph@pfeifferfamily.net> R=procmail T=procmail_pipe
2012-03-07 09:05:37 1S5JM5-0001iV-0U Completed

I don't believe this is happening with every TLS-enabled server I try to
send email to, since I also have entries like:

2012-03-07 08:00:04 1S5ILU-0000Xu-3Q <= board-bounces@lcctnm.org H=localhost (babs.wb.pfeifferfamily.net) [127.0.0.1] P=esmtp S=1355 id=mailman.0.1331132402.2099.board@lcctnm.org
2012-03-07 08:00:06 1S5ILU-0000Xu-3Q => board-owner@lcctnm.org R=dnslookup T=remote_smtp H=mx.lcctnm.org [66.96.142.50] X=TLS1.0:RSA_AES_256_CBC_SHA1:32 DN="C=US,O=RTFM\, Inc.,OU=Widgets Division,CN=localhost"
2012-03-07 08:00:06 1S5ILU-0000Xu-3Q Completed

(I'm assuming the X=TLS etc in the second line of this example means TLS
is being used on this connection)

Other people are successfully sending email to several of the sites
giving me trouble.

I've tried:

Updating the various exim4 and libgnutils related packages to the newest
versions in the testing repository (of course)

Backing off to the oldest exim4 and libgnutils versions I could find

Backing off my ca-certificates package to the oldest one in the
repositories (which seems to date to 2009), since I found a couple of
old bugs related to too many entries in ca-certificates.

Installing rng-utils using /dev/urandom as an entropy source, since I
came across one thread suggesting insufficient entropy could be the
cause (when it didn't make any difference, I took it out again).

Switching from exim4-daemon-light (which I'd been using before) to
exim4-daemon-heavy.

None of this seems to have made the slightest difference.  Does anybody
have any other suggestions for something to try?

Reply to:

Follow-Ups:
- Re: exim4 TLS errors
  - From: Camaleón <noelamac+gmane@gmail.com>

Prev by Date: [andreimpopescu@gmail.com: Re: General unstability on wheezy (unstable repository)]
Next by Date: Re: Latest update borks
Previous by thread: Re: [andreimpopescu@gmail.com: Re: General unstability on wheezy (unstable repository)]
Next by thread: Re: exim4 TLS errors
Index(es):
- Date
- Thread