Hi. This error is occurring with 4.50-8sarge2 on Sarge too. Judging by my munin graphs on both sending and receiving side, there's no entropy on the sending side. I noticed this error yesterday when there was testing on a client's site that resulted in a couple of hundred emails being sent to us in rapid succession. The first few were sent on a TLS connection, the remainder had this logged on the sending side:
[EMAIL PROTECTED]:~$ grep 1GZ8x3-0000Ix-Iv /var/log/exim4/mainlog.1 2006-10-15 17:35:01 1GZ8x3-0000Ix-Iv <= [EMAIL PROTECTED] H=mainoffice.theclub.chelseaartsclub.com (mainoffice) [172.17.0.189] P=esmtp S=612 [EMAIL PROTECTED] 2006-10-15 17:42:36 1GZ8x3-0000Ix-Iv TLS error on connection to mail.amazing-internet.net [172.16.1.20] (gnutls_handshake): A record packet with illegal version was received. 2006-10-15 17:42:36 1GZ8x3-0000Ix-Iv TLS session failure: delivering unencrypted to mail.amazing-internet.net [172.16.1.20] (not in hosts_require_tls) 2006-10-15 17:42:39 1GZ8x3-0000Ix-Iv => [EMAIL PROTECTED] R=dnslookup T=remote_smtp H=mail.amazing-internet.net [172.16.1.20] 2006-10-15 17:42:39 1GZ8x3-0000Ix-Iv Completed This on the receiving side: 2006-10-15 17:42:39 1GZ94O-0003t2-T3 <= [EMAIL PROTECTED] H=monolith.theclub.chelseaartsclub.com [172.17.0.16] P=esmtp S=822 [EMAIL PROTECTED] 2006-10-15 17:42:39 1GZ94O-0003t2-T3 => /dev/null <[EMAIL PROTECTED]> R=ldap_aliases T=**bypassed** 2006-10-15 17:42:39 1GZ94O-0003t2-T3 Completed Plus lots of these logged on the receiving side: 2006-10-15 17:39:59 TLS error on connection from monolith.theclub.chelseaartsclub.com [172.17.0.16] (gnutls_handshake): timed out So it looks like entropy again is the problem. A quick google brings up a thread [1] that suggest use of /dev/urandom would not be a big deal is some cases. Not sure whether that it feasible from within exim though and I suspect not. [1] http://www.mail-archive.com/help-gnutls@gnu.org/msg00323.html Is the problem with how greedy gnutls is for random data or in how exim uses gnutls? Ronny -- Ronny Adsetts Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com
signature.asc
Description: OpenPGP digital signature