On Thu, Jan 15, 2015 at 01:00:48PM +0300, Mohammed Ejaz wrote:
> We have some problem with one of the sender whose using Exchange 2010 with
> TLS option Enabled, whenever he is sending an email with pdf attachments it
> keeps get corrupted. up on checking postfix logs it says delivered without
> any problem. but our Mail application (Communigate) complain as follows.
No the attachment is not getting corrupted, you're seeing a TLS
interoperability problem with large messages. This problem is not
new, and is almost certainly a CommuniGate bug unrelated to Postfix
in any way:
http://mx.demos.su/lists/cgp-russian/2004_06/5848.html
got connection on [xxx.xxx.xxx.xxx:25]
rsp: 220 mail.otherdomain.kz ESMTP CommuniGate Pro 4.1.8
cmd: EHLO my.domain.kz
rsp: 250-mail.otherdomain.kz is pleased to meet
you\r\n250-HELP\r\n250-PIPELINING\r\n250-ETRN\r\n250-DSN\r\n250-TURN\r\n250-ATRN\r\n250-SIZE
3145728\r\n250-START
cmd: STARTTLS
rsp: 220 please start a TLS connection
SSLv2 client hello as TLSv1: cipher=10
TLS handshake: sending 'server_hello'
TLS handshake: sending the certificate
TLS handshake: sending 'hello_done'
TLS client key exchange processed
security initiated
TLS 'change cipher' processed
TLS 'change cipher' sending
TLS 'finish handshake' processed
TLS handshake: sending 'finished'
secure connection accepted
cmd: EHLO my.domain.kz
rsp: 250-mail.domain.kz is pleased to meet
you\r\n250-HELP\r\n250-PIPELINING\r\n250-ETRN\r\n250-DSN\r\n250-TURN\r\n250-ATRN\r\n250-SIZE
3145728\r\n250-AUTH=
cmd: MAIL FROM:<bla...@domain.kz> SIZE=175101
rsp: 250 bla...@domain.kz sender accepted
cmd: RCPT TO:<bla...@otherdomain.kz>
rsp: 250 bla...@otherdomain.kz will leave the Internet
cmd: DATA
rsp: 354 Enter mail, end with "." on a line by itself
read failed. Error Code=TLS block signature is incorrect
failed to receive message body (60954 bytes). Error Code=TLS block
signature is incorrect
TLS connection is closing
closing connection
releasing stream
That thread contains no resolution, but the OP does say that the problem
is seen with large messages and not with small ones. Perhaps there is
any issue with reassembly of large TLS-layer messages from smaller TCP
layer messages, or some other bug triggered by larger message payloads.
Surely the message is not delivered at all, rather than delivered
"corrupted"!
> The same sender sending same email with a pdf attachment to yahoo, Hotmail
> and Gmail etc. it went through well without any problem.
Yahoo, Gmail, ... don't use CommuniGate.
> Therefore, anyone can give us any clue what would be the problem
This is not the right list. And you need to capture the transmission
with a packet sniffer, and look for obvious anomalies.
> Backend:
>
> CommuniGate (mail application) where the actual mailboxes are existed.
The CommuniGate TLS code does not interoperate with the OpenSSL TLS code.
> Note: if we eliminate the mail scanner and postfix (front end mail server),
> then everything goes well.
Exchange 2010 may use different buffer sizes or data may arrive at
a different rate from a remote sender (leading to a different
pattern of TCP message sizes returned to CommuniGate, ...). Broken
code can be sensitive to environmental details.
Open a support case with the vendor (CommuniGate).
--
Viktor.
