I'm in the process of converting an existing mail server to support encrypted SMTP for our clients, but I've run into this brick wall with very little useful log data to help me forward. Everything works fine when using regular unencrypted SMTP; it's only when trying to use encrypted SMTP that things go pear-shaped.
My exim config file contains the following:
# Allow any client to use TLS
tls_advertise_hosts = *
# Specify the location of the Exim server's TLS certificate and private key.
tls_certificate = /etc/exim/exim.crt
tls_privatekey = /etc/exim/exim.key
Initially, Exim appears to be working as expected, I am able to securely connect to the mail server and authenticate myself, but just after I enter the recipient section in the SMTP session, the connection is dropped. This problem does not occur when using an unencrypted connection.
To test secure SMTP I use the following command:
openssl s_client -starttls smtp -crlf -connect localhost:25
And this is the output I get:
CONNECTED(00000003)
depth=0 C = ZA, etc, etc
verify error:num=18:self signed certificate
verify return:1
depth=0 C = ZA, etc, etc
verify return:1
---
Certificate chain
0 s:/C=ZA/etc,etc
i:/C=ZA/etc,etc
---
Server certificate
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXX==
-----END CERTIFICATE-----
subject=/C=ZA/etc,etc
---
No client certificate CA names sent
---
SSL handshake has read 1275 bytes and written 444 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Session-ID-ctx:
Master-Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Key-Arg : None
PSK identity: None
PSK identity hint: None
TLS session ticket:
0000 - d0 cd ff b6 0c a2 fb 6c-f6 69 dc 0b a7 aa f3 1a .......l.i......
0010 - 10 76 75 05 15 d8 8c 21-cb eb b8 ae ec 34 7d b3 .vu....!.....4}.
0020 - 7a bf f0 d6 7d df 26 27-41 1e d1 2a 35 bf 2f 0c z...}.&'A..*5./.
0030 - 25 6a 32 15 6e 53 d2 30-31 1b d9 60 e6 11 20 73 %j2.nS.01..`.. s
0040 - 57 e3 76 96 e7 7e dc da-98 f2 cc a7 e5 58 62 b2 W.v..~.......Xb.
0050 - ec db 58 91 16 14 18 ff-15 64 d6 66 1f 75 92 96 ..X......d.f.u..
0060 - 65 43 f8 2c 4a 42 81 41-0c 2f 46 84 38 0c c5 e0 eC.,JB.A./F.8...
0070 - 8d 7b d7 7e 12 0e 28 ca-f0 f9 b5 d0 b2 a6 ab 66 .{.~..(........f
0080 - f8 c5 33 e3 cb 16 f5 76-8f e7 49 0c 49 69 31 43 ..3....v..I.Ii1C
0090 - 05 25 dc 75 3a 07 13 91-63 ff 13 fd b0 2c 9f 8b .%.u:...c....,..
Compression: 1 (zlib compression)
Start Time: 1315250595
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
250 HELP
HELO localhost
250 OK
MAIL FROM:[email protected]
250 OK
RCPT TO:[email protected]
RENEGOTIATING
depth=0 C = ZA, etc, etc
verify error:num=18:self signed certificate
verify return:1
depth=0 C = ZA, etc, etc
verify return:1
421 lost input connection
read:errno=0
I've replaced the email addresses and organisation tree with garbage data in the above output, since it is irrelevant as I do not have this same issue when using regular SMTP. The above transaction occurs regardless of whether I attempt the connection from localhost or from an external source. I should also note that I am using a self-signed certificate generated using OpenSSL. Also, in the above example there is no authentication data since I am performing the test from localhost, which allows all mail without authentication required.
As you can see in the above output, Exim seems to break during/after issuing the string "RENEGOTIATING".
Since the output I receive during the SMTP session is not much help, I've also tried running Exim in debug +all mode. For the sake of brevity, I won't post the complete SMTP transaction since the entire session is quite normal, up until the point where I specify the recipient address. This is the exact snippet of Exim debug data that I get once I've typed in the recipient address and pressed enter:
21:42:10 7425 SSL info: before accept initialization
21:42:10 7425 SSL info: before accept initialization
21:42:10 7425 SSL info: SSLv3 read client hello A
21:42:10 7425 SSL info: SSLv3 write server hello A
21:42:10 7425 SSL info: SSLv3 write certificate A
21:42:10 7425 SSL info: SSLv3 write server done A
21:42:10 7425 SSL info: SSLv3 flush data
21:42:10 7425 SSL info: SSLv3 read client key exchange A
21:42:10 7425 SSL info: SSLv3 read finished A
21:42:10 7425 SSL info: SSLv3 write session ticket A
21:42:10 7425 SSL info: SSLv3 write change cipher spec A
21:42:10 7425 SSL info: SSLv3 write finished A
21:42:10 7425 SSL info: SSLv3 flush data
21:42:10 7425 SSL info: SSL negotiation finished successfully
21:42:10 7425 SSL info: SSL negotiation finished successfully
21:42:10 7425 Got SSL error 2
21:42:10 7425 SMTP>> 421 lost input connection
21:42:10 7425 tls_do_write(1db4020, 48)
21:42:10 7425 SSL_write(SSL, 1db4020, 48)
21:42:10 7425 outbytes=48 error=0
21:42:10 7425 LOG: lost_incoming_connection MAIN
21:42:10 7425 unexpected disconnection while reading SMTP command from (localhost) [127.0.0.1]
21:42:10 7425 search_tidyup called
21:42:10 7194 child 7425 ended: status=0x100
21:42:10 7194 0 SMTP accept processes now running
21:42:10 7194 Listening...
I found this in 30 seconds by Googling "openssl s_client RENEGOTIATING": s_client's R "feature"
In summary - pressing "R" in an s_client session causes openssl to renegotiate. Try entering "rcpt to:" instead of "RCPT TO".
You might also try tools that are more suited to SMTP-specific testing, such as Tony Finch's smtpc or swaks.
To require encryption for authentication in
exim
I set in/etc/exim/exim.conf
:auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
I also force
tls 1.2
:openssl_options = +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1
Between 2 identical
exim
servers I noticed one usingAES-GCM
& the other usingChaCha20-Poly1305
for encryption & did not know why. The encryption scheme used depends on whether thehost
hasAES
hardware acceleration in the `cpu.