Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. users
TLS connection with Microsoft server stalls
exim-users at exim
Sep 25, 2020, 2:26 AM
Post #1 of 13 (1700 views)
Permalink
Hi there,

sadly I didn’t make progress with my GMX problem. But during my tests I
came across another problem.
I’ve sent mails from @outlook.de to my server but the TLS encrypted
communication just stops at one point after some progress through EHLO,
MAIL FROM, RCPT TO (exim -bd -d+all):

10:04:45 15402 SMTP>> 250 Accepted
10:04:45 15402 tls_write(0x558a49151ac0, 14)
10:04:45 15402 gnutls_record_send(SSL, 0x558a49151ac0, 14)
10:04:45 15402 outbytes=14
10:04:45 15402 DSN: orcpt: NULL flags: 0
10:04:45 15402 Calling gnutls_record_recv(0x558a4920e660,
0x558a494e9000, 4096)

Then after 300 seconds the connection is closed.

This is with Exim 4.92, GnuTLS 3.6.7 from Debian Buster.
I already stripped away every config change I did for TLS ciphers or DH
params.

I know it worked in the past. And it still works without TLS. Maybe it’s
a problem of GnuTLS or maybe on Microsoft side, supposedly in some edge
scenario. But how can I debug it further?

Regards,
Christian

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: TLS connection with Microsoft server stalls [ In reply to ]
exim-users at exim
Sep 25, 2020, 3:21 AM
Post #2 of 13 (1700 views)
Permalink
On 25/09/2020 10:26, Christian Eyrich via Exim-users wrote:
> I’ve sent mails from @outlook.de to my server but the TLS encrypted
> communication just stops at one point after some progress through EHLO,
> MAIL FROM, RCPT TO (exim -bd -d+all):
>
> 10:04:45 15402 SMTP>> 250 Accepted
> 10:04:45 15402 tls_write(0x558a49151ac0, 14)
> 10:04:45 15402 gnutls_record_send(SSL, 0x558a49151ac0, 14)
> 10:04:45 15402 outbytes=14
> 10:04:45 15402 DSN: orcpt: NULL  flags: 0
> 10:04:45 15402 Calling gnutls_record_recv(0x558a4920e660,
> 0x558a494e9000, 4096)
>
> Then after 300 seconds the connection is closed.
>
> This is with Exim 4.92, GnuTLS 3.6.7 from Debian Buster.
> I already stripped away every config change I did for TLS ciphers or DH
> params.
>
> I know it worked in the past. And it still works without TLS. Maybe it’s
> a problem of GnuTLS or maybe on Microsoft side, supposedly in some edge
> scenario. But how can I debug it further?

There may be a bit of debug output earlier on, during the TLS handshake,
talking about the session secrets. If so, fire up wireshark.

If not, compile yourself a current Exim from git, first.

What we're looking for is the encrypted version of that write going
out on the wire - and whether there is any response of any kind, on
the wire.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: TLS connection with Microsoft server stalls [ In reply to ]
exim-users at exim
Sep 25, 2020, 4:50 AM
Post #3 of 13 (1700 views)
Permalink
Christian Eyrich via Exim-users <exim-users@exim.org> (Fr 25 Sep 2020 11:26:09 CEST):
> Hi there,
>
> sadly I didn’t make progress with my GMX problem. But during my tests I came
> across another problem.
> I’ve sent mails from @outlook.de to my server but the TLS encrypted
> communication just stops at one point after some progress through EHLO, MAIL
> FROM, RCPT TO (exim -bd -d+all):
>
> 10:04:45 15402 SMTP>> 250 Accepted
> 10:04:45 15402 tls_write(0x558a49151ac0, 14)
> 10:04:45 15402 gnutls_record_send(SSL, 0x558a49151ac0, 14)
> 10:04:45 15402 outbytes=14
> 10:04:45 15402 DSN: orcpt: NULL flags: 0
> 10:04:45 15402 Calling gnutls_record_recv(0x558a4920e660, 0x558a494e9000,
> 4096)
>
> Then after 300 seconds the connection is closed.

Isn't that the "cork" issue that was fixed around
8f9adfd36222d4e9e730734e00dffe874073e5b4,
which is not part of 4.92. I do not remember the pre-conditions to
trigger this bug, I believe, it was related to pipelining, wasn't it?

--
Heiko

Attached Files:

Re: TLS connection with Microsoft server stalls [ In reply to ]
exim-users at exim
Sep 25, 2020, 5:00 AM
Post #4 of 13 (1700 views)
Permalink
Am 25.09.20 um 11:26 schrieb Christian Eyrich via Exim-users:
> Hi there,
>
> sadly I didn’t make progress with my GMX problem. But during my tests
> I came across another problem.
> I’ve sent mails from @outlook.de to my server but the TLS encrypted
> communication just stops at one point after some progress through
> EHLO, MAIL FROM, RCPT TO (exim -bd -d+all):
>
> This is with Exim 4.92, GnuTLS 3.6.7 from Debian Buster.
> I already stripped away every config change I did for TLS ciphers or
> DH params.
>
>

As a referenz: Fedora with openssl-1.1.1g and exim 4.94  can mail
encrypted to outlook.de without any problems. No special setup is need.
The only thing i can see, is that M$ still use TLS 1.2 and does not
support TLS 1.3 per default. 

best regards,
Marius


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: TLS connection with Microsoft server stalls [ In reply to ]
exim-users at exim
Sep 25, 2020, 5:12 AM
Post #5 of 13 (1700 views)
Permalink
On 25/09/2020 12:50, Heiko Schlittermann via Exim-users wrote:
> Isn't that the "cork" issue that was fixed around
> 8f9adfd36222d4e9e730734e00dffe874073e5b4,
> which is not part of 4.92. I do not remember the pre-conditions to
> trigger this bug, I believe, it was related to pipelining, wasn't it?

Certainly pipelining is one obvious user of corking. Worth trying
disabling it for the outlook senders' it's an easy test.

Debian Sid has a 4.94-related looking package version for Exim;
I don't know if the 4.92-based one in Buster picks up this
sort of change from the project.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: TLS connection with Microsoft server stalls [ In reply to ]
exim-users at exim
Sep 25, 2020, 6:21 AM
Post #6 of 13 (1699 views)
Permalink
Jeremy Harris via Exim-users <exim-users@exim.org> (Fr 25 Sep 2020 14:12:31 CEST):
> Debian Sid has a 4.94-related looking package version for Exim;
> I don't know if the 4.92-based one in Buster picks up this
> sort of change from the project.

I believe we offered support for backporting the Cork patch, but I
didn't see any response (doesn't mean that there is no response).

--
Heiko

Attached Files:

Re: TLS connection with Microsoft server stalls [ In reply to ]
exim-users at exim
Sep 25, 2020, 9:12 AM
Post #7 of 13 (1697 views)
Permalink
Am 25.09.2020 um 13:50 schrieb Heiko Schlittermann via Exim-users:
> Christian Eyrich via Exim-users <exim-users@exim.org> (Fr 25 Sep 2020 11:26:09 CEST):
>> Hi there,
>>
>> sadly I didn?t make progress with my GMX problem. But during my tests I came
>> across another problem.
>> I?ve sent mails from @outlook.de to my server but the TLS encrypted
>> communication just stops at one point after some progress through EHLO, MAIL
>> FROM, RCPT TO (exim -bd -d+all):
>>
>> 10:04:45 15402 SMTP>> 250 Accepted
>> 10:04:45 15402 tls_write(0x558a49151ac0, 14)
>> 10:04:45 15402 gnutls_record_send(SSL, 0x558a49151ac0, 14)
>> 10:04:45 15402 outbytes=14
>> 10:04:45 15402 DSN: orcpt: NULL flags: 0
>> 10:04:45 15402 Calling gnutls_record_recv(0x558a4920e660, 0x558a494e9000,
>> 4096)
>>
>> Then after 300 seconds the connection is closed.
>
> Isn't that the "cork" issue that was fixed around
> 8f9adfd36222d4e9e730734e00dffe874073e5b4,
> which is not part of 4.92. I do not remember the pre-conditions to
> trigger this bug, I believe, it was related to pipelining, wasn't it?

Hit and sunk. Disabling pipelining helped.
Thank you. I?ll see if I'll leave it disabled or just to that for the MS
servers.

Regards,
Christian

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: TLS connection with Microsoft server stalls [ In reply to ]
exim-users at exim
Sep 25, 2020, 9:31 AM
Post #8 of 13 (1697 views)
Permalink
Am 25.09.2020 um 14:12 schrieb Jeremy Harris via Exim-users:
> On 25/09/2020 12:50, Heiko Schlittermann via Exim-users wrote:
>> Isn't that the "cork" issue that was fixed around
>> 8f9adfd36222d4e9e730734e00dffe874073e5b4,
>> which is not part of 4.92. I do not remember the pre-conditions to
>> trigger this bug, I believe, it was related to pipelining, wasn't it?
>
> Certainly pipelining is one obvious user of corking. Worth trying
> disabling it for the outlook senders' it's an easy test.
>
> Debian Sid has a 4.94-related looking package version for Exim;
> I don't know if the 4.92-based one in Buster picks up this
> sort of change from the project.

There’s a 4.94 in buster-backports which makes MS servers work again
with TLS.

Thank to you all.

Bye,
Christian


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: TLS connection with Microsoft server stalls [ In reply to ]
exim-users at exim
Sep 25, 2020, 10:02 PM
Post #9 of 13 (1690 views)
Permalink
On 2020-09-25 Heiko Schlittermann via Exim-users <exim-users@exim.org> wrote:
> Jeremy Harris via Exim-users <exim-users@exim.org> (Fr 25 Sep 2020 14:12:31 CEST):
> > Debian Sid has a 4.94-related looking package version for Exim;
> > I don't know if the 4.92-based one in Buster picks up this
> > sort of change from the project.

> I believe we offered support for backporting the Cork patch, but I
> didn't see any response (doesn't mean that there is no response).

Hello,

I probably missed it. Is this d8d7e3a4162b52382daf8319f221c085c76c5b8f +
8f9adfd36222d4e9e730734e00dffe874073e5b4 ?

cu Andreas

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: TLS connection with Microsoft server stalls [ In reply to ]
exim-users at exim
Sep 26, 2020, 5:17 AM
Post #10 of 13 (1689 views)
Permalink
On 26/09/2020 06:02, Andreas Metzler via Exim-users wrote:
> On 2020-09-25 Heiko Schlittermann via Exim-users <exim-users@exim.org> wrote:
>> Jeremy Harris via Exim-users <exim-users@exim.org> (Fr 25 Sep 2020 14:12:31 CEST):
>>> Debian Sid has a 4.94-related looking package version for Exim;
>>> I don't know if the 4.92-based one in Buster picks up this
>>> sort of change from the project.
>
>> I believe we offered support for backporting the Cork patch, but I
>> didn't see any response (doesn't mean that there is no response).
>
> Hello,
>
> I probably missed it. Is this d8d7e3a4162b52382daf8319f221c085c76c5b8f +
> 8f9adfd36222d4e9e730734e00dffe874073e5b4 ?

Certainly the latter, probably both would be good to grab.
Unfortunately they do not directly apply; a backport effort
would be required.

The regression testcase for it in HEAD is 1101... but it got there
via being 2040 (added at 9555de77d7, modified by
94d91e8719, 14e2dbbf0ec4, effbc122dd.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: TLS connection with Microsoft server stalls [ In reply to ]
exim-users at exim
Sep 26, 2020, 5:44 AM
Post #11 of 13 (1689 views)
Permalink
Jeremy Harris via Exim-users <exim-users@exim.org> (Sa 26 Sep 2020 14:17:45 CEST):
> > 8f9adfd36222d4e9e730734e00dffe874073e5b4 ?
>
> Certainly the latter, probably both would be good to grab.
> Unfortunately they do not directly apply; a backport effort
> would be required.
>
> The regression testcase for it in HEAD is 1101... but it got there
> via being 2040 (added at 9555de77d7, modified by
> 94d91e8719, 14e2dbbf0ec4, effbc122dd.

I'm Working on a backport right now.
--
Heiko

Attached Files:

Re: TLS connection with Microsoft server stalls [ In reply to ]
exim-users at exim
Sep 26, 2020, 9:34 AM
Post #12 of 13 (1689 views)
Permalink
Heiko Schlittermann via Exim-users <exim-users@exim.org> (Sa 26 Sep 2020 14:44:56 CEST):
> Jeremy Harris via Exim-users <exim-users@exim.org> (Sa 26 Sep 2020 14:17:45 CEST):
> I'm Working on a backport right now.

Please check

https://git.exim.org/users/heiko/exim.git

I pushed my backport to the branch "hs12/backport-cork-patch-to-4.92"
Please review. I can squash it, and push to our official repo in case
there are no objections.

--
Heiko

Attached Files:

Re: TLS connection with Microsoft server stalls [ In reply to ]
exim-users at exim
Nov 1, 2020, 4:30 AM
Post #13 of 13 (1637 views)
Permalink
On 2020-09-26 Heiko Schlittermann via Exim-users <exim-users@exim.org> wrote:
> Heiko Schlittermann via Exim-users <exim-users@exim.org> (Sa 26 Sep 2020 14:44:56 CEST):
>> Jeremy Harris via Exim-users <exim-users@exim.org> (Sa 26 Sep 2020 14:17:45 CEST):
>> I'm Working on a backport right now.

> Please check

> https://git.exim.org/users/heiko/exim.git

> I pushed my backport to the branch "hs12/backport-cork-patch-to-4.92"
> Please review. I can squash it, and push to our official repo in case
> there are no objections.
[...]

Hello,

FWIW this looks looks sane, afaict gnutls*cork() usage in the backport is
identical to 4.94+fixes.

cu Andreas


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal