Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. users
TLS error on connection (recv): The TLS connection was non-properly terminated.
exim-users at lists
Sep 12, 2023, 4:59 AM
Post #1 of 5 (129 views)
Permalink
Hi,

I've set up exim4 on a new Ubuntu 22.04 server. Sending and receiving
of mail works. But when sending a mail, I can see in the log that for
the first 30 seconds or more, exim stalls and does nothing. Then there
is an error about 'TLS error on connection (recv)', and after the error
is printed, the email is delivered immediately. That seems strange?

Here is an example from the logs:

2023-09-12 13:49:27 1qg1tV-00022N-0Q <= memmenlauer@biodataanalysis.de H=port-213-160-25-97.static.as20676.net ([192.168.33.110]) [213.160.25.97] P=esmtpsa
X=TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_128_GCM:128 CV=no A=plain_server:memmenlauer S=1273 id=8a03346e-e407-f3eb-1579-06887a9093b3@biodataanalysis.de
2023-09-12 13:51:38 1qg1tV-00022N-0Q H=gmail-smtp-in.l.google.com [2a00:1450:400c:c09::1b]: SMTP timeout after initial connection: Connection timed out
2023-09-12 13:51:38 1qg1tV-00022N-0Q H=gmail-smtp-in.l.google.com [64.233.166.27] TLS error on connection (recv): The TLS connection was non-properly terminated.
2023-09-12 13:51:39 1qg1tV-00022N-0Q => emmenlau@gmail.com R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [64.233.166.27] TFO
X=TLS1.3:ECDHE_X25519__ECDSA_SECP256R1_SHA256__AES_256_GCM:256 CV=yes DN="CN=mx.google.com" K C="250 2.0.0 OK
f7-20020a0560001b0700b00317f73eb3c5si1441824wrz.435 - gsmtp"

Does that mean anything to anyone? Attached my config (from Ubuntu
auto-generated from split configs).

Best regards,

Mario


--
Mario Emmenlauer Tel: +49-176-23463809
Balanstr. 43 mailto: mario * emmenlauer.de
81669 Muenchen http://www.emmenlauer.de

Attached Files:

Re: TLS error on connection (recv): The TLS connection was non-properly terminated. [ In reply to ]
exim-users at lists
Sep 13, 2023, 1:33 AM
Post #2 of 5 (129 views)
Permalink
On 12/09/2023 12:59, Mario Emmenlauer via Exim-users wrote:
> I've set up exim4 on a new Ubuntu 22.04 server. Sending and receiving
> of mail works. But when sending a mail, I can see in the log that for
> the first 30 seconds or more, exim stalls and does nothing. Then there
> is an error about 'TLS error on connection (recv)', and after the error
> is printed, the email is delivered immediately. That seems strange?

"non-properly terminated" means the far end didn't do a proper TLS close
sequence. It's unfortunately common. However, combined with the 30s stall,
worth checking on. Get a delivery run with debug; look for the "SMTP"
lines - these are the SMTP commands and responses - and you'll be able
to tell where it is in the protocol conversation.
--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: TLS error on connection (recv): The TLS connection was non-properly terminated. [ In reply to ]
exim-users at lists
Sep 13, 2023, 8:31 AM
Post #3 of 5 (126 views)
Permalink
On Wed, Sep 13, 2023 at 09:33:36AM +0100, Jeremy Harris via Exim-users wrote:

> "non-properly terminated" means the far end didn't do a proper TLS close
> sequence. It's unfortunately common. However, combined with the 30s stall,
> worth checking on. Get a delivery run with debug; look for the "SMTP"
> lines - these are the SMTP commands and responses - and you'll be able
> to tell where it is in the protocol conversation.

So long as the delivery completed, the lost "close_notify" and TCP FIN
are harmless, though do delay local end process cleanup. Since Exim is
the client, it could skip waiting for the QUIT response, just send
QUIT<CRLF>, perform an SSL_shutdown(), and close the socket without
waiting for a response. Postfix has taken this approach successfully
for almost 20 years:

http://www.postfix.org/postconf.5.html#smtp_skip_quit_response

--
Viktor.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: TLS error on connection (recv): The TLS connection was non-properly terminated. [ In reply to ]
exim-users at lists
Sep 13, 2023, 8:43 AM
Post #4 of 5 (126 views)
Permalink
On 13/09/2023 16:31, Viktor Dukhovni via Exim-users wrote:
> So long as the delivery completed,

That's not relevant here. It does... eventually.
--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: TLS error on connection (recv): The TLS connection was non-properly terminated. [ In reply to ]
exim-users at lists
Sep 13, 2023, 9:21 AM
Post #5 of 5 (126 views)
Permalink
On Wed, Sep 13, 2023 at 04:43:46PM +0100, Jeremy Harris via Exim-users wrote:
> On 13/09/2023 16:31, Viktor Dukhovni via Exim-users wrote:
> > So long as the delivery completed,
>
> That's not relevant here. It does... eventually.

FWIW, I meant the *specific* delivery that reported the premature TLS session
termination.

--
Viktor.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal