[exim] Issues with (gnu)tls

Nuno Sucena Almeida Mon, 07 May 2012 19:43:01 -0700

Hi,

Depending on the cipher algorithm, when a remote smtp connection isusing TLS, the spamassassin score gives the correct score or somethinglikes this:

        X-Spam-Score: -nan
        X-Spam-Score_int: -2147483648.

The same email sent using swaks without tls gives a correctspamassassin score.The weird thing is that looking at /var/log/spamd.log I see the correctscoring for all the cases, but it's not being "propagated" to thecalling exim.


        Is this somehow related to
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=3364 ?

I have this happening in two systems with similar configuration (ubuntu12.04 , exim 4.76, gnutls 2.12.14, spamassassin 3.3.2).

        
        I started exim in debug mode:

server:~# exim -d -bd -oX 5555 2>&1 |tee exim-openssl.log

and connected remotely using:

remote:~$ openssl s_client -connect server:5555 -starttls smtp -crlf \
-cipher AES256-SHA

remote:~$ openssl s_client -connect gw:5555 -starttls smtp -crlf \-cipher RC4-SHA


The former gives:
 1819 accept: condition test succeeded
 1819 >>Headers added by DATA ACL:
 1819   X-Spam-Score: nan
 1819   X-Spam-Score_int: -2147483648
 1819   X-Spam-Bar: -

and the latter:
 1846 accept: condition test succeeded
 1846 >>Headers added by DATA ACL:
 1846   X-Spam-Score: -1.0
 1846   X-Spam-Score_int: -9
 1846   X-Spam-Bar: -


My relevant exim configuration:
  # add the spam score to all messages.
  warn    message = X-Spam-Score: $spam_score\n\
                    X-Spam-Score_int: $spam_score_int\n\
                    X-Spam-Bar: $spam_bar
                spam = Debian-exim:true



A grep -A 1 gnutls exim-openssl-AES256-SHA.log gives:

 1819 gnutls_handshake was successful
 1819 cipher: TLS1.0:RSA_AES_256_CBC_SHA1:32
--
 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
 1819 SMTP<< ehlo example.org
--
 1819 gnutls_record_send(SSL, 21f877d0, 117)
 1819 outbytes=117
--
 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
 1819 SMTP<< mail from: [email protected]
--
 1819 gnutls_record_send(SSL, 21f7a998, 8)
 1819 outbytes=8
 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
 1819 SMTP<< rcpt to: [email protected]
--
 1819 gnutls_record_send(SSL, 21f7a998, 14)
 1819 outbytes=14
 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
 1819 SMTP<< data
--
 1819 gnutls_record_send(SSL, 21f7a998, 56)
 1819 outbytes=56
--
 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
 1819 host in ignore_fromline_hosts? no (option unset)
 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
PDKIM >> Hashed body data, canonicalized >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
--
 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
 1819 Data file written for message 1SRTuz-0000TL-Bj
--
 1819 gnutls_record_send(SSL, 21f7a998, 28)
 1819 outbytes=28
--
 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096)
 1826 exec /usr/sbin/exim4 -d=0xfbbd5cfd -Mc 1SRTuz-0000TL-Bj
--
 1819 gnutls_record_send(SSL, 21f7a998, 40)
 1819 outbytes=40





and grep -A 1 gnutls exim-openssl-RC4-SHA.log:

 1846 gnutls_handshake was successful
 1846 cipher: TLS1.0:RSA_ARCFOUR_SHA1:16
--
 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
 1846 SMTP<< EHLO example.org
--
 1846 gnutls_record_send(SSL, 222617d0, 117)
 1846 outbytes=117
--
 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
 1846 SMTP<< mail from: [email protected]
--
 1846 gnutls_record_send(SSL, 22254998, 8)
 1846 outbytes=8
 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
 1846 SMTP<< rcpt to: [email protected]
--
 1846 gnutls_record_send(SSL, 22254998, 14)
 1846 outbytes=14
 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
 1846 SMTP<< data
--
 1846 gnutls_record_send(SSL, 22254998, 56)
 1846 outbytes=56
--
 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
 1846 host in ignore_fromline_hosts? no (option unset)
 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
PDKIM >> Hashed body data, canonicalized >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
--
 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
 1846 Data file written for message 1SRTwa-0000Tm-O1
--
 1846 gnutls_record_send(SSL, 22254998, 28)
 1846 outbytes=28
--
 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096)
 1855 Exim version 4.76 uid=105 gid=113 pid=1855 D=fbbd5cfd
--
 1846 gnutls_record_send(SSL, 22254998, 40)
 1846 outbytes=40



        Any thoughts?
                        Nuno


--
http://aeminium.org/nuno/

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[exim] Issues with (gnu)tls

Reply via email to