Upgraded squeeze-lts server to wheezy -- client exim4 connections over tls give segfault
Hi,
I've been running squeeze-lts VM on a squeeze-lts Xen server.
Updated the VM to wheezy and it mostly works okay, but but mail
connections fail with a segfault.
# swaks -4 -s mail.affinityvision.com.au -tlsc -p 465 --ehlo
affintiyvision.com.au -au andrewm -ap -t
andrew.mcglashan@affinityvision.com.au -f
andrew.mcglashan@affinityvision.com.au
Password: **********************
=== Trying mail.affinityvision.com.au:465...
=== Connected to mail.affinityvision.com.au.
Segmentation fault
If I connect to a different machine running (even from the /faulty/ VM),
it works fine.
Other server:
# swaks -4 -s mail.otherdomain.com -tlsc -p 465 --ehlo
otherdomain.com -au andrewm -ap -t
andrew.mcglashan@affinityvision.com.au -f andrewm@otherdomain.com
Password: ********************************
=== Trying mail.otherdomain.com:465...
=== Connected to mail.otherdomain.com.
=== TLS started w/ cipher DHE-RSA-AES256-SHA256
=== TLS peer subject DN="/CN=mail.otherdomaincom"
<~ 220 mail.otherdomain.com.au ESMTP Exim 4.80 Mon, 22 Feb 2016 00:24:03
+1100
~> EHLO otherdomain.com
<~ 250-mail.otherdomain.com.au Hello ns2.affinityvision.com.au
[220.233.38.77]
<~ 250-SIZE 41943040
<~ 250-8BITMIME
<~ 250-PIPELINING
<~ 250-AUTH LOGIN
<~ 250 HELP
~> AUTH LOGIN
...
<~ 235 Authentication succeeded
~> MAIL FROM:<andrewm@otherdomain.com>
<~ 250 OK
~> RCPT TO:<andrew.mcglashan@affinityvision.com.au>
<~ 250 Accepted
~> DATA
<~ 354 Enter message, ending with "." on a line by itself
~> Date: Mon, 22 Feb 2016 00:23:57 +1100
~> To: andrew.mcglashan@affinityvision.com.au
~> From: andrewm@otherdomain.com
~> Subject: test Mon, 22 Feb 2016 00:23:57 +1100
~> X-Mailer: swaks v20120320.0 jetmore.org/john/code/swaks/
~>
~> This is a test mailing
~>
~> .
<~ 250 OK id=1aXTzX-0008WV-GF
~> QUIT
<~ 221 mail.otherdomain.com.au closing connection
=== Connection closed with remote host.
The server that is failing has these installed packages:
# egrep -i '(exim|dovecot|sasl|linux-image|openssl|gnutls)'
/root/dpkg.wrk/dpkg-query-l-20160222-00.37.51
ii dovecot-common 1:2.1.7-7+deb7u1
all Transitional package for dovecot
ii dovecot-core 1:2.1.7-7+deb7u1
amd64 secure mail server that supports mbox, maildir, dbox and
mdbox mailboxes
ii dovecot-imapd 1:2.1.7-7+deb7u1
amd64 secure IMAP server that supports mbox, maildir, dbox and
mdbox mailboxes
ii dovecot-pop3d 1:2.1.7-7+deb7u1
amd64 secure POP3 server that supports mbox, maildir, dbox and
mdbox mailboxes
ii exim4 4.80-7+deb7u1
all metapackage to ease Exim MTA (v4) installation
ii exim4-base 4.80-7+deb7u1
amd64 support files for all Exim MTA (v4) packages
ii exim4-config 4.80-7+deb7u1
all configuration for the Exim MTA (v4)
ii exim4-daemon-heavy 4.80-7+deb7u1
amd64 Exim MTA (v4) daemon with extended features, including
exiscan-acl
ii exim4-doc-html 4.80-2
all documentation for the Exim MTA (v4) in html format
ii gnutls-bin 3.0.22-3+really2.12.20-8+deb7u5
amd64 GNU TLS library - commandline utilities
ii greylistd 0.8.8
all Greylisting daemon for use with Exim 4
ii libcurl3:amd64 7.26.0-1+wheezy13
amd64 easy-to-use client-side URL transfer library (OpenSSL
flavour)
ii libcurl3-gnutls:amd64 7.26.0-1+wheezy13
amd64 easy-to-use client-side URL transfer library (GnuTLS flavour)
ii libgnutls26:amd64 2.12.20-8+deb7u5
amd64 GNU TLS library - runtime library
ii libneon27-gnutls 0.29.6-3
amd64 HTTP and WebDAV client library (GnuTLS enabled)
ii libsasl2-2:amd64 2.1.25.dfsg1-6+deb7u1
amd64 Cyrus SASL - authentication abstraction library
ii libsasl2-modules:amd64 2.1.25.dfsg1-6+deb7u1
amd64 Cyrus SASL - pluggable authentication modules
ii linux-image-2.6.32-5-xen-amd64 2.6.32-48squeeze19
amd64 Linux 2.6.32 for 64-bit PCs, Xen dom0 support
ii openssl 1.0.1e-2+deb7u19
amd64 Secure Socket Layer (SSL) binary and related cryptographic
tools
ii openssl-blacklist 0.5-3
all Blacklists for OpenSSL RSA keys and tools
ii openssl-blacklist-extra 0.5-3
all Non-default blacklists of OpenSSL RSA keys
ii sa-exim 4.2.1-14
amd64 SpamAssassin filter for Exim
ii sasl2-bin 2.1.25.dfsg1-6+deb7u1
amd64 Cyrus SASL - administration programs for SASL users database
ii ssl-cert 1.0.32+deb7u1
all simple debconf wrapper for OpenSSL
The other server that doesn't fail has these installed packages:
# egrep -i '(exim|dovecot|sasl|linux-image|openssl|gnutls)'
/root/dpkg.wrk/dpkg-query-l-20160222-00.35.30
ii dovecot-common 1:2.1.7-7+deb7u1
all Transitional package for dovecot
ii dovecot-core 1:2.1.7-7+deb7u1
amd64 secure mail server that supports mbox, maildir, dbox and
mdbox mailboxes
ii dovecot-imapd 1:2.1.7-7+deb7u1
amd64 secure IMAP server that supports mbox, maildir, dbox and
mdbox mailboxes
ii dovecot-pop3d 1:2.1.7-7+deb7u1
amd64 secure POP3 server that supports mbox, maildir, dbox and
mdbox mailboxes
ii exim4 4.80-7+deb7u1
all metapackage to ease Exim MTA (v4) installation
ii exim4-base 4.80-7+deb7u1
amd64 support files for all Exim MTA (v4) packages
ii exim4-config 4.80-7+deb7u1
all configuration for the Exim MTA (v4)
ii exim4-daemon-heavy 4.80-7+deb7u1
amd64 Exim MTA (v4) daemon with extended features, including
exiscan-acl
ii exim4-doc-html 4.80-2
all documentation for the Exim MTA (v4) in html format
ii gnutls-bin 3.0.22-3+really2.12.20-8+deb7u5
amd64 GNU TLS library - commandline utilities
ii greylistd 0.8.8
all Greylisting daemon for use with Exim 4
ii libcurl3:amd64 7.26.0-1+wheezy13
amd64 easy-to-use client-side URL transfer library (OpenSSL
flavour)
ii libgnutls26:amd64 2.12.20-8+deb7u5
amd64 GNU TLS library - runtime library
ii libneon27-gnutls 0.29.6-3
amd64 HTTP and WebDAV client library (GnuTLS enabled)
ii libsasl2-2:amd64 2.1.25.dfsg1-6+deb7u1
amd64 Cyrus SASL - authentication abstraction library
ii libsasl2-modules:amd64 2.1.25.dfsg1-6+deb7u1
amd64 Cyrus SASL - pluggable authentication modules
ii linux-image-3.2.0-4-amd64 3.2.73-2+deb7u2
amd64 Linux 3.2 for 64-bit PCs
ii linux-image-amd64 3.2+46
amd64 Linux for 64-bit PCs (meta-package)
ii openssl 1.0.1e-2+deb7u19
amd64 Secure Socket Layer (SSL) binary and related cryptographic
tools
ii sa-exim 4.2.1-14
amd64 SpamAssassin filter for Exim
ii sasl2-bin 2.1.25.dfsg1-6+deb7u1
amd64 Cyrus SASL - administration programs for SASL users database
ii ssl-cert 1.0.32+deb7u1
all simple debconf wrapper for OpenSSL
I can't find anything that seems to be significant except for the linux
kernel version.
NB: A simpler VM on the same Xen server has been running Wheezy for quite
a while, but it isn't a mail server.
Any ideas, futher tests?
Thanks
AndrewM
Reply to: