Upgraded squeeze-lts server to wheezy -- client exim4 connections over tls give segfault

To: debian-user@lists.debian.org
Subject: Upgraded squeeze-lts server to wheezy -- client exim4 connections over tls give segfault
From: "Andrew McGlashan" <andrew.mcglashan@affinityvision.com.au>
Date: Mon, 22 Feb 2016 00:50:14 +1100
Message-id: <[🔎] d7cbe584f9291e856cc31f085844cc8f.squirrel@affinityvision.com.au>

Hi,

I've been running squeeze-lts VM on a squeeze-lts Xen server.

Updated the VM to wheezy and it mostly works okay, but but mail
connections fail with a segfault.

#  swaks -4 -s mail.affinityvision.com.au -tlsc -p 465 --ehlo
affintiyvision.com.au -au andrewm -ap  -t
andrew.mcglashan@affinityvision.com.au -f
andrew.mcglashan@affinityvision.com.au
Password: **********************
=== Trying mail.affinityvision.com.au:465...
=== Connected to mail.affinityvision.com.au.
Segmentation fault


If I connect to a different machine running  (even from the /faulty/ VM),
it works fine.

Other server:

#    swaks -4 -s mail.otherdomain.com         -tlsc -p 465 --ehlo
otherdomain.com         -au andrewm -ap  -t
andrew.mcglashan@affinityvision.com.au -f andrewm@otherdomain.com
Password: ********************************
=== Trying mail.otherdomain.com:465...
=== Connected to mail.otherdomain.com.
=== TLS started w/ cipher DHE-RSA-AES256-SHA256
=== TLS peer subject DN="/CN=mail.otherdomaincom"
<~  220 mail.otherdomain.com.au ESMTP Exim 4.80 Mon, 22 Feb 2016 00:24:03
+1100
 ~> EHLO otherdomain.com
<~  250-mail.otherdomain.com.au Hello ns2.affinityvision.com.au
[220.233.38.77]
<~  250-SIZE 41943040
<~  250-8BITMIME
<~  250-PIPELINING
<~  250-AUTH LOGIN
<~  250 HELP
 ~> AUTH LOGIN

...

<~  235 Authentication succeeded
 ~> MAIL FROM:<andrewm@otherdomain.com>
<~  250 OK
 ~> RCPT TO:<andrew.mcglashan@affinityvision.com.au>
<~  250 Accepted
 ~> DATA
<~  354 Enter message, ending with "." on a line by itself
 ~> Date: Mon, 22 Feb 2016 00:23:57 +1100
 ~> To: andrew.mcglashan@affinityvision.com.au
 ~> From: andrewm@otherdomain.com
 ~> Subject: test Mon, 22 Feb 2016 00:23:57 +1100
 ~> X-Mailer: swaks v20120320.0 jetmore.org/john/code/swaks/
 ~>
 ~> This is a test mailing
 ~>
 ~> .
<~  250 OK id=1aXTzX-0008WV-GF
 ~> QUIT
<~  221 mail.otherdomain.com.au closing connection
=== Connection closed with remote host.



The server that is failing has these installed packages:

# egrep -i '(exim|dovecot|sasl|linux-image|openssl|gnutls)'
/root/dpkg.wrk/dpkg-query-l-20160222-00.37.51
ii  dovecot-common                     1:2.1.7-7+deb7u1                 
all          Transitional package for dovecot
ii  dovecot-core                       1:2.1.7-7+deb7u1                 
amd64        secure mail server that supports mbox, maildir, dbox and
mdbox mailboxes
ii  dovecot-imapd                      1:2.1.7-7+deb7u1                 
amd64        secure IMAP server that supports mbox, maildir, dbox and
mdbox mailboxes
ii  dovecot-pop3d                      1:2.1.7-7+deb7u1                 
amd64        secure POP3 server that supports mbox, maildir, dbox and
mdbox mailboxes
ii  exim4                              4.80-7+deb7u1                    
all          metapackage to ease Exim MTA (v4) installation
ii  exim4-base                         4.80-7+deb7u1                    
amd64        support files for all Exim MTA (v4) packages
ii  exim4-config                       4.80-7+deb7u1                    
all          configuration for the Exim MTA (v4)
ii  exim4-daemon-heavy                 4.80-7+deb7u1                    
amd64        Exim MTA (v4) daemon with extended features, including
exiscan-acl
ii  exim4-doc-html                     4.80-2                           
all          documentation for the Exim MTA (v4) in html format
ii  gnutls-bin                         3.0.22-3+really2.12.20-8+deb7u5  
amd64        GNU TLS library - commandline utilities
ii  greylistd                          0.8.8                            
all          Greylisting daemon for use with Exim 4
ii  libcurl3:amd64                     7.26.0-1+wheezy13                
amd64        easy-to-use client-side URL transfer library (OpenSSL
flavour)
ii  libcurl3-gnutls:amd64              7.26.0-1+wheezy13                
amd64        easy-to-use client-side URL transfer library (GnuTLS flavour)
ii  libgnutls26:amd64                  2.12.20-8+deb7u5                 
amd64        GNU TLS library - runtime library
ii  libneon27-gnutls                   0.29.6-3                         
amd64        HTTP and WebDAV client library (GnuTLS enabled)
ii  libsasl2-2:amd64                   2.1.25.dfsg1-6+deb7u1            
amd64        Cyrus SASL - authentication abstraction library
ii  libsasl2-modules:amd64             2.1.25.dfsg1-6+deb7u1            
amd64        Cyrus SASL - pluggable authentication modules
ii  linux-image-2.6.32-5-xen-amd64     2.6.32-48squeeze19               
amd64        Linux 2.6.32 for 64-bit PCs, Xen dom0 support
ii  openssl                            1.0.1e-2+deb7u19                 
amd64        Secure Socket Layer (SSL) binary and related cryptographic
tools
ii  openssl-blacklist                  0.5-3                            
all          Blacklists for  OpenSSL RSA keys and tools
ii  openssl-blacklist-extra            0.5-3                            
all          Non-default blacklists of OpenSSL RSA keys
ii  sa-exim                            4.2.1-14                         
amd64        SpamAssassin filter for Exim
ii  sasl2-bin                          2.1.25.dfsg1-6+deb7u1            
amd64        Cyrus SASL - administration programs for SASL users database
ii  ssl-cert                           1.0.32+deb7u1                    
all          simple debconf wrapper for OpenSSL


The other server that doesn't fail has these installed packages:

# egrep -i '(exim|dovecot|sasl|linux-image|openssl|gnutls)'
/root/dpkg.wrk/dpkg-query-l-20160222-00.35.30
ii  dovecot-common                     1:2.1.7-7+deb7u1                 
all          Transitional package for dovecot
ii  dovecot-core                       1:2.1.7-7+deb7u1                 
amd64        secure mail server that supports mbox, maildir, dbox and
mdbox mailboxes
ii  dovecot-imapd                      1:2.1.7-7+deb7u1                 
amd64        secure IMAP server that supports mbox, maildir, dbox and
mdbox mailboxes
ii  dovecot-pop3d                      1:2.1.7-7+deb7u1                 
amd64        secure POP3 server that supports mbox, maildir, dbox and
mdbox mailboxes
ii  exim4                              4.80-7+deb7u1                    
all          metapackage to ease Exim MTA (v4) installation
ii  exim4-base                         4.80-7+deb7u1                    
amd64        support files for all Exim MTA (v4) packages
ii  exim4-config                       4.80-7+deb7u1                    
all          configuration for the Exim MTA (v4)
ii  exim4-daemon-heavy                 4.80-7+deb7u1                    
amd64        Exim MTA (v4) daemon with extended features, including
exiscan-acl
ii  exim4-doc-html                     4.80-2                           
all          documentation for the Exim MTA (v4) in html format
ii  gnutls-bin                         3.0.22-3+really2.12.20-8+deb7u5  
amd64        GNU TLS library - commandline utilities
ii  greylistd                          0.8.8                            
all          Greylisting daemon for use with Exim 4
ii  libcurl3:amd64                     7.26.0-1+wheezy13                
amd64        easy-to-use client-side URL transfer library (OpenSSL
flavour)
ii  libgnutls26:amd64                  2.12.20-8+deb7u5                 
amd64        GNU TLS library - runtime library
ii  libneon27-gnutls                   0.29.6-3                         
amd64        HTTP and WebDAV client library (GnuTLS enabled)
ii  libsasl2-2:amd64                   2.1.25.dfsg1-6+deb7u1            
amd64        Cyrus SASL - authentication abstraction library
ii  libsasl2-modules:amd64             2.1.25.dfsg1-6+deb7u1            
amd64        Cyrus SASL - pluggable authentication modules
ii  linux-image-3.2.0-4-amd64          3.2.73-2+deb7u2                  
amd64        Linux 3.2 for 64-bit PCs
ii  linux-image-amd64                  3.2+46                           
amd64        Linux for 64-bit PCs (meta-package)
ii  openssl                            1.0.1e-2+deb7u19                 
amd64        Secure Socket Layer (SSL) binary and related cryptographic
tools
ii  sa-exim                            4.2.1-14                         
amd64        SpamAssassin filter for Exim
ii  sasl2-bin                          2.1.25.dfsg1-6+deb7u1            
amd64        Cyrus SASL - administration programs for SASL users database
ii  ssl-cert                           1.0.32+deb7u1                    
all          simple debconf wrapper for OpenSSL

I can't find anything that seems to be significant except for the linux
kernel version.

NB: A simpler VM on the same Xen server has been running Wheezy for quite
a while, but it isn't a mail server.

Any ideas, futher tests?

Thanks
AndrewM

Reply to:

Follow-Ups:
- Re: Upgraded squeeze-lts server to wheezy -- client exim4 connections over tls give segfault
  - From: deloptes <deloptes@gmail.com>

Prev by Date: Upgraded squeeze-lts server to wheezy -- client exim4 connections over tls give segfault
Next by Date: Re: Components non-free and contrib are not enabled after installing to virtualbox virtual machine.
Previous by thread: Upgraded squeeze-lts server to wheezy -- client exim4 connections over tls give segfault
Next by thread: Re: Upgraded squeeze-lts server to wheezy -- client exim4 connections over tls give segfault
Index(es):
- Date
- Thread