Mailing List Archive: tls error - mail from *outlook

tls error - mail from *outlook

exim-users at exim

Jan 18, 2021, 7:31 AM

Post #1 of 6 (847 views)

Hi everyone;

I installed exim4 on a Debian Buster, and I'm able to send and receive
emails from every domain.

But I've an error very similar to this
<https://lists.exim.org/lurker/message/20180207.150204.600285a6.en.html>

This is an example of an error I see when I receive an email from outook
domains:

TLS error on connection from
mail-vi1eur05on2059.outbound.protection.outlook.com
(EUR05-VI1-obe.outbound.protection.outlook.com) [40.107.21.59] (send):
The TLS connection was non-properly terminated

I receive the email, but I see this error on exim logs.

I tried to build exim against openssl, like they suggested, but It
didn't work.

Could you give me please some hints in order to debug or fix this?

thanks

Ale

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: tls error - mail from *outlook [ In reply to ]

exim-users at exim

Jan 18, 2021, 7:49 AM

Post #2 of 6 (847 views)

On 18/01/2021 15:31, Ale via Exim-users wrote:
> Could you give me please some hints in order to debug

Run your exim daemon with debug enabled, or enable debug
using ACL (which lets you target a subset of connections).

--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: tls error - mail from *outlook [ In reply to ]

exim-users at exim

Jan 18, 2021, 8:52 AM

Post #3 of 6 (846 views)

Thanks

I tried, among the debug output I see this

https://pad.riseup.net/p/cxR_DZlHJxX21xm2HxdO

Honestly I don't understand the cause.

I'm gonna disable starttls for *outlook until I don't understand what's
the problem.

Cheers

Ale

Il 18/01/21 16:49, Jeremy Harris via Exim-users ha scritto:
> On 18/01/2021 15:31, Ale via Exim-users wrote:
>> Could you give me please some hints in order to debug
>
> Run your exim daemon with debug enabled, or enable debug
> using ACL (which lets you target a subset of connections).
>

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: tls error - mail from *outlook [ In reply to ]

exim-users at exim

Jan 18, 2021, 9:14 AM

Post #4 of 6 (847 views)

Thanks

I tried, among the debug output I see this

https://pad.riseup.net/p/cxR_DZlHJxX21xm2HxdO

Honestly I don't understand the cause.

I'm gonna disable starttls for *outlook until I don't understand what's
the problem.

Cheers

Ale

Il 18/01/21 16:49, Jeremy Harris via Exim-users ha scritto:
> On 18/01/2021 15:31, Ale via Exim-users wrote:
>> Could you give me please some hints in order to debug
>
> Run your exim daemon with debug enabled, or enable debug
> using ACL (which lets you target a subset of connections).
>

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: tls error - mail from *outlook [ In reply to ]

exim-users at exim

Jan 18, 2021, 9:35 AM

Post #5 of 6 (847 views)

On 18/01/2021 17:14, Ale via Exim-users wrote:
> I tried, among the debug output I see this
>
> https://pad.riseup.net/p/cxR_DZlHJxX21xm2HxdO
>
> Honestly I don't understand the cause.

20212 SMTP<< QUIT

They sent a QUIT command

20212 SMTP>> 221 mx1.mydomain.com closing connection

We (are about to try to) send them the response to
that command, saying it was accepted

20212 tls_write(0x55cfb17b27f0, 43)
20212 gnutls_record_send(SSL, 0x55cfb17b27f0, 43)
20212 GnuTLS<2>: WRITE: -1 returned from 0x6, errno: 104
20212 GnuTLS<3>: ASSERT: ../../lib/buffers.c[_gnutls_io_write_flush]:722
20212 GnuTLS<3>: ASSERT: ../../lib/record.c[_gnutls_send_tlen_int]:574
20212 outbytes=-110
20212 tls_write: gnutls_record_send err

... to do which, we called the GnuTLS "send" routine. It returned an error
code saying that the TCP connection had already been closed.

20212 LOG: MAIN
20212 TLS error on connection from mail-eopbgr70088.outbound.protection.outlook.com (EUR04-HE1-obe.outbound.protection.outlook.com) [40.107.7.88] (send): The TLS connection was non-properly terminated.

We logged that error.

Basically, Outlook fires off the QUIT command and rudely terminates the TCP connection without
waiting for an SMTP-level response, or even doing a TLS-level shutdown.

There is zero chance of getting Microsoft to fix that, being an 800lb gorilla.
All we can do is point and laugh... and implement a workaround. It's in 4.94 (from
commit f1e494e002).
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: tls error - mail from *outlook [ In reply to ]

exim-users at exim

Jan 18, 2021, 9:54 AM

Post #6 of 6 (847 views)

LOL

Thanks. I just wanted to be sure that It wasn't a configuration error of my server or that there wasn't a security flaw somewhere.

Thanks again
Ale

Il 18 gennaio 2021 18:35:16 CET, Jeremy Harris via Exim-users <exim-users@exim.org> ha scritto:
>On 18/01/2021 17:14, Ale via Exim-users wrote:
>> I tried, among the debug output I see this
>>
>> https://pad.riseup.net/p/cxR_DZlHJxX21xm2HxdO
>>
>> Honestly I don't understand the cause.
>
>20212 SMTP<< QUIT
>
>They sent a QUIT command
>
>20212 SMTP>> 221 mx1.mydomain.com closing connection
>
>We (are about to try to) send them the response to
>that command, saying it was accepted
>
>20212 tls_write(0x55cfb17b27f0, 43)
>20212 gnutls_record_send(SSL, 0x55cfb17b27f0, 43)
>20212 GnuTLS<2>: WRITE: -1 returned from 0x6, errno: 104
>20212 GnuTLS<3>: ASSERT: ../../lib/buffers.c[_gnutls_io_write_flush]:722
>20212 GnuTLS<3>: ASSERT: ../../lib/record.c[_gnutls_send_tlen_int]:574
>20212 outbytes=-110
>20212 tls_write: gnutls_record_send err
>
>... to do which, we called the GnuTLS "send" routine. It returned an error
>code saying that the TCP connection had already been closed.
>
>20212 LOG: MAIN
>20212 TLS error on connection from mail-eopbgr70088.outbound.protection.outlook.com (EUR04-HE1-obe.outbound.protection.outlook.com) [40.107.7.88] (send): The TLS connection was non-properly terminated.
>
>We logged that error.
>
>
>
>Basically, Outlook fires off the QUIT command and rudely terminates the TCP connection without
>waiting for an SMTP-level response, or even doing a TLS-level shutdown.
>
>There is zero chance of getting Microsoft to fix that, being an 800lb gorilla.
>All we can do is point and laugh... and implement a workaround. It's in 4.94 (from
>commit f1e494e002).
>--
>Cheers,
> Jeremy
>
>--
>## List details at https://lists.exim.org/mailman/listinfo/exim-users
>## Exim details at http://www.exim.org/
>## Please use the Wiki with this list - http://wiki.exim.org/

--
Inviato dal mio dispositivo Android con K-9 Mail. Perdonate la brevità.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/