Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 63 replies
  • Subscribers 2 subscribers
  • Views 104063 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL TLS on SMTP

RufusToofus
Our MAIL Relay worked fine until the NEW SSL Bug fix was applied, any suggestions ??

We have upgraded to 9.210-20, we now are getting serious EMAIL rejection problems EXIM Log:

SMTP command timeout on connection from (iPhone) [85.255.233.181]:23650
2014:12:04-18:54:38 fw1 exim-in[15966]: 2014-12-04 18:54:38 SMTP command timeout on connection from ([10.4.96.113]) [212.183.132.60]:53489
2014:12:04-18:55:00 fw1 exim-out[16233]: 2014-12-04 18:55:00 Start queue run: pid=16233
2014:12:04-18:55:00 fw1 exim-out[16233]: 2014-12-04 18:55:00 End queue run: pid=16233
2014:12:04-18:55:33 fw1 exim-in[16038]: 2014-12-04 18:55:33 SMTP command timeout on connection from (iPhone) [85.255.233.181]:19775
2014:12:04-18:55:40 fw1 exim-in[16043]: 2014-12-04 18:55:40 TLS error on connection from [85.255.233.181]:43614 (SSL_accept): timed out
2014:12:04-18:55:40 fw1 exim-in[16043]: 2014-12-04 18:55:40 TLS client disconnected cleanly (rejected our certificate?)


This thread was automatically locked due to age.
Parents
  • 0
    i'll chime in:
    9.210-20 version, had the gmail problem.

    my line 247 WAS: 
     tls_require_ciphers = HIGH:!RC4:!MD5:!ADH:!SSLv2:!SSLv3


    i REMOVED the ":!SSLv3"

    hen in line 297 added: 
     openssl_options = +no_sslv3


    as per Balfsson pot https://community.sophos.com/products/unified-threat-management/astaroorg/f/52/t/29725  (which needs some edit as Bob forgot to fix the grep output comparson and still lists TLS which leads to confusion).

    now mails are going in, but i have no idea if SSL v3 is indeed fixed or not, the connect line from gmail es:
    " H=mail-lb0-f178.google.com [209.85.217.178]:34846 P=esmtps X=TLSv1:AES128-SHA:128 S=1813"
Reply
  • 0
    i'll chime in:
    9.210-20 version, had the gmail problem.

    my line 247 WAS: 
     tls_require_ciphers = HIGH:!RC4:!MD5:!ADH:!SSLv2:!SSLv3


    i REMOVED the ":!SSLv3"

    hen in line 297 added: 
     openssl_options = +no_sslv3


    as per Balfsson pot https://community.sophos.com/products/unified-threat-management/astaroorg/f/52/t/29725  (which needs some edit as Bob forgot to fix the grep output comparson and still lists TLS which leads to confusion).

    now mails are going in, but i have no idea if SSL v3 is indeed fixed or not, the connect line from gmail es:
    " H=mail-lb0-f178.google.com [209.85.217.178]:34846 P=esmtps X=TLSv1:AES128-SHA:128 S=1813"
Children