Bug#467136: Bug#348046: TLS error occurs on Sarge too
On Sat, Feb 23, 2008 at 11:39:28AM +, Ronny Adsetts wrote: > In that case, unless you receive contrary info, I'd suggest marking as > fixed in the Etch version of exim. I'll wait for your findings for a few days and will then close for 4.63-17. Thanks for trying again. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#467136: Bug#348046: TLS error occurs on Sarge too
Marc Haber said at 23/02/2008 11:12: On Sat, Feb 23, 2008 at 11:10:27AM +, Ronny Adsetts wrote: Marc Haber said at 23/02/2008 10:18: On Mon, Oct 16, 2006 at 10:32:26AM +0100, Ronny Adsetts wrote: This error is occurring with 4.50-8sarge2 on Sarge too. Judging by my munin graphs on both sending and receiving side, there's no entropy on the sending side. I noticed this error yesterday when there was testing on a client's site that resulted in a couple of hundred emails being sent to us in rapid succession. Do you still see this on etch or lenny? I've not yet upgraded the two mail servers in question to etch, It would be a good idea to do so, I won't do any more debugging on sarge. Understood. At least one of the boxes will get upgraded this weekend. /var/log/exim4/mainlog.8.gz:2008-02-15 17:00:43 1JQ24M-0005wR-EX TLS error on connection to mailgate.mylor.com [80.176.71.10] (gnutls_handshake): The Diffie Hellman prime sent by the server is not acceptable (not long enough). That looks like an issue on the remote side. It does indeed. Whilst the error message above is not exactly the same as in my original report, it's close enough that it *may* be the same error with a more specific error message. nack. In that case, unless you receive contrary info, I'd suggest marking as fixed in the Etch version of exim. I'll try to test by firing of a few hundred emails from one box to the other once I have two exim servers on Etch and reopen if the problem shows up again. Thanks. Ronny -- Ronny Adsetts Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com Registered office: UK House, 82 Heath Road, Twickenham TW1 4BW Registered in England. Company No. 4042957 signature.asc Description: OpenPGP digital signature
Bug#467136: Bug#348046: TLS error occurs on Sarge too
On Sat, Feb 23, 2008 at 11:10:27AM +, Ronny Adsetts wrote: > Marc Haber said at 23/02/2008 10:18: > >On Mon, Oct 16, 2006 at 10:32:26AM +0100, Ronny Adsetts wrote: > >>This error is occurring with 4.50-8sarge2 on Sarge too. Judging by my > >>munin graphs on both sending and receiving side, there's no entropy on > >>the sending side. I noticed this error yesterday when there was > >>testing on a client's site that resulted in a couple of hundred emails > >>being sent to us in rapid succession. > > > >Do you still see this on etch or lenny? > > I've not yet upgraded the two mail servers in question to etch, It would be a good idea to do so, I won't do any more debugging on sarge. > /var/log/exim4/mainlog.8.gz:2008-02-15 17:00:43 1JQ24M-0005wR-EX TLS error > on connection to mailgate.mylor.com [80.176.71.10] (gnutls_handshake): The > Diffie Hellman prime sent by the server is not acceptable (not long enough). That looks like an issue on the remote side. > Whilst the error message above is not exactly the same as in my original > report, it's close enough that it *may* be the same error with a more > specific error message. nack. > Thanks for your continued hard work on the exim package. :-). You're welcome. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#467136: Bug#348046: TLS error occurs on Sarge too
Marc Haber said at 23/02/2008 10:18: On Mon, Oct 16, 2006 at 10:32:26AM +0100, Ronny Adsetts wrote: This error is occurring with 4.50-8sarge2 on Sarge too. Judging by my munin graphs on both sending and receiving side, there's no entropy on the sending side. I noticed this error yesterday when there was testing on a client's site that resulted in a couple of hundred emails being sent to us in rapid succession. Do you still see this on etch or lenny? Hi Marc, I've not yet upgraded the two mail servers in question to etch, however looking in the one mail server we do have on etch shows the following single log entry for the default exim log period (10 days or so): /var/log/exim4/mainlog.8.gz:2008-02-15 17:00:43 1JQ24M-0005wR-EX TLS error on connection to mailgate.mylor.com [80.176.71.10] (gnutls_handshake): The Diffie Hellman prime sent by the server is not acceptable (not long enough). /var/log/exim4/mainlog.8.gz:2008-02-15 17:00:43 1JQ24M-0005wR-EX TLS session failure: delivering unencrypted to mailgate.mylor.com [80.176.71.10] (not in hosts_require_tls) /var/log/exim4/mainlog.8.gz:2008-02-15 17:00:52 1JQ24M-0005wR-EX => [EMAIL PROTECTED] R=dnslookup T=remote_smtp H=mailgate.mylor.com [80.176.71.10] Whilst the error message above is not exactly the same as in my original report, it's close enough that it *may* be the same error with a more specific error message. Let me know if there's anything else I can do. Thanks for your continued hard work on the exim package. :-). Ronny -- Ronny Adsetts Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com Registered office: UK House, 82 Heath Road, Twickenham TW1 4BW Registered in England. Company No. 4042957 signature.asc Description: OpenPGP digital signature
Bug#467136: Bug#348046: TLS error occurs on Sarge too
On Mon, Oct 16, 2006 at 10:32:26AM +0100, Ronny Adsetts wrote: > This error is occurring with 4.50-8sarge2 on Sarge too. Judging by my > munin graphs on both sending and receiving side, there's no entropy on > the sending side. I noticed this error yesterday when there was > testing on a client's site that resulted in a couple of hundred emails > being sent to us in rapid succession. Do you still see this on etch or lenny? Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#348046: TLS error occurs on Sarge too
Hi. This error is occurring with 4.50-8sarge2 on Sarge too. Judging by my munin graphs on both sending and receiving side, there's no entropy on the sending side. I noticed this error yesterday when there was testing on a client's site that resulted in a couple of hundred emails being sent to us in rapid succession. The first few were sent on a TLS connection, the remainder had this logged on the sending side: [EMAIL PROTECTED]:~$ grep 1GZ8x3-Ix-Iv /var/log/exim4/mainlog.1 2006-10-15 17:35:01 1GZ8x3-Ix-Iv <= [EMAIL PROTECTED] H=mainoffice.theclub.chelseaartsclub.com (mainoffice) [172.17.0.189] P=esmtp S=612 [EMAIL PROTECTED] 2006-10-15 17:42:36 1GZ8x3-Ix-Iv TLS error on connection to mail.amazing-internet.net [172.16.1.20] (gnutls_handshake): A record packet with illegal version was received. 2006-10-15 17:42:36 1GZ8x3-Ix-Iv TLS session failure: delivering unencrypted to mail.amazing-internet.net [172.16.1.20] (not in hosts_require_tls) 2006-10-15 17:42:39 1GZ8x3-Ix-Iv => [EMAIL PROTECTED] R=dnslookup T=remote_smtp H=mail.amazing-internet.net [172.16.1.20] 2006-10-15 17:42:39 1GZ8x3-Ix-Iv Completed This on the receiving side: 2006-10-15 17:42:39 1GZ94O-0003t2-T3 <= [EMAIL PROTECTED] H=monolith.theclub.chelseaartsclub.com [172.17.0.16] P=esmtp S=822 [EMAIL PROTECTED] 2006-10-15 17:42:39 1GZ94O-0003t2-T3 => /dev/null <[EMAIL PROTECTED]> R=ldap_aliases T=**bypassed** 2006-10-15 17:42:39 1GZ94O-0003t2-T3 Completed Plus lots of these logged on the receiving side: 2006-10-15 17:39:59 TLS error on connection from monolith.theclub.chelseaartsclub.com [172.17.0.16] (gnutls_handshake): timed out So it looks like entropy again is the problem. A quick google brings up a thread [1] that suggest use of /dev/urandom would not be a big deal is some cases. Not sure whether that it feasible from within exim though and I suspect not. [1] http://www.mail-archive.com/help-gnutls@gnu.org/msg00323.html Is the problem with how greedy gnutls is for random data or in how exim uses gnutls? Ronny -- Ronny Adsetts Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com signature.asc Description: OpenPGP digital signature
