On Thu, Apr 12, 2012 at 10:13:16AM -0400, Wietse Venema wrote:
> > My results are different, perhaps they've already fixed something ...
> >
> > $ /usr/sbin/sendmail -f post...@dukhovni.org -bv postmaster@[82.135.27.153]
> ...
> > Note that the cipher is RC4-MD5 (more typical of Windows), not 3DES
> > (which had a history of issues on older Windows systems, perhaps
> > never addressed). I don't know why the system in question would have
> > in Ralf's case agreed to 3DES, rather than RC4-MD5.
>
> openssl s_client uses RC4-MD5 here, and still hangs after ehlo.
> This is "OpenSSL 0.9.8q 2 Dec 2010" on FreeBSD. I don't use SSL
> on this machine so I don't care if the implementation is old.
>
> Wietse
>
> % openssl s_client -starttls smtp -connect 77.43.17.211:25
> New, TLSv1/SSLv3, Cipher is RC4-MD5
> 250 OK
> EHLO spike.porcupine.org
This is RC4, and when using the Postfix smtp client, not s_client,
I get:
Apr 12 14:16:26 amnesiac postfix/smtp[22795]: setting up TLS connection to
77.43.17.211[77.43.17.211]:25
Apr 12 14:16:26 amnesiac postfix/smtp[22795]: certificate verification failed
for 77.43.17.211[77.43.17.211]:25: untrusted issuer /C=US/O=GeoTrust
Inc./CN=GeoTrust Global CA
Apr 12 14:16:26 amnesiac postfix/smtp[22795]: Untrusted TLS connection
established to 77.43.17.211[77.43.17.211]:25: unknown with cipher RC4-MD5
(128/128 bits)
Apr 12 14:16:32 amnesiac postfix/smtp[22795]: D75BF2AB2DD:
to=<postmaster@[77.43.17.211]>, relay=77.43.17.211[77.43.17.211]:25, delay=6.5,
delays=0.04/0.03/1.1/5.4, dsn=5.7.1, status=undeliverable (host
77.43.17.211[77.43.17.211] said: 550 5.7.1 Unable to relay for
postmaster@[77.43.17.211] (in reply to RCPT TO command))
Which is not a hang after EHLO. These systems may not support consecutive
EHLO commands, or may treat them as evidence of unwanted client behaviour.
You may need to proceed to "MAIL" after EHLO to see whether they are really
stuck.
--
Viktor.
