Exim: 4.94.2 Fedora 33
Openssl: 1.1.1k-1
Hi,
Problem 1:
since an os upgrade of fedora, where the security policy changed, this
happens to some connections:
2021-06-02 07:02:58 1loJ1s-006Qmo-BG <= [email protected]
H=nx222.node01.secure-mailgate.com [89.22.108.222] P=esmtps
X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no K S=19127
[email protected]
2021-06-02 07:02:58 1loJ1s-006Qmo-BG Completed
You will notice, that the delivery line is missing.
There is no error, no warning, no nothing that explains what happens.
As this server has run this exact exim version of fedora 33 packages due
to 21Nails before the os update without such problems, those packages
actually did not not update at all, I think, the os security policy of
fedora 33 is causing this, but i can't profe it.
As i can't reproduce it with any of our other exims as source, how can
we find out what happened to this mails?
What log option is to enable to get more infos here?
Problem 2:
This may be strong evidence for the policy change: TLS session:
(SSL_connect): error:141A318A:SSL routines:tls_process_ske_dhe:dh key
too small
It also happens since the os upgrade. It is an indicator, that the
remote smtp server does not have it's setup straight ( dh key size = 0
according to debian).
I checked it by lowering the policy back to Fedora 32 and now the server
can send mails to the before erroring servers again.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
