J G Miller
2014-03-27 13:29:36 UTC
I have exim4 configured to do ESMTPA between exim4 mailers on different machines in a LAN.
This has been working fine for several years and I am just in the process of adding a new
machine (armv7l) and setting that up with exim4 to do ESMTPA to the other hosts.
As you should well be aware, there was a recently discovered major bug in gnutls for
which security fixes were recently applied.
Now upon testing the new machine and trying to send e-mail between the other machines,
I am getting the same error message even for mail between machines which was previously working.
TLS error on connection to hostA [192.168.11.11] (gnutls_handshake):
The handshake data size is too large (DoS?), check gnutls_handshake_set_max_packet_length().
1WTA2e-0002l6-1e == ***@hostA R=dnslookup_relay_to_domains T=remote_tls defer (-37): failure while setting up TLS session
Has anybody else encountered this issue since the gnutls security fix?
It seems to be very much a recurrence of
<https://bugs.debian.ORG/cgi-bin/bugreport.cgi?bug=648638>
which was never officially fixed and later gnutls versions appeared to fix.
Not a problem perhaps that Exim4 maintainers can fix since it is coming from gnutls
but it again raises the question should Exim4 be using gnutls in the first place,
especially as others consider gnutls to be fundamentally broken.
Even as far back as 2008 - <http://www.openldap.ORG/lists/openldap-devel/200802/msg00072.html>
QUOTE
benihana : The irony of what's happening here, that dogmatism about a belief is causing an inferior solution to be used
UNQUOTE
and more recently
<http://www.zdnet.COM/gnutls-big-internal-bugs-few-real-world-problems-7000027041/>
This has been working fine for several years and I am just in the process of adding a new
machine (armv7l) and setting that up with exim4 to do ESMTPA to the other hosts.
As you should well be aware, there was a recently discovered major bug in gnutls for
which security fixes were recently applied.
Now upon testing the new machine and trying to send e-mail between the other machines,
I am getting the same error message even for mail between machines which was previously working.
TLS error on connection to hostA [192.168.11.11] (gnutls_handshake):
The handshake data size is too large (DoS?), check gnutls_handshake_set_max_packet_length().
1WTA2e-0002l6-1e == ***@hostA R=dnslookup_relay_to_domains T=remote_tls defer (-37): failure while setting up TLS session
Has anybody else encountered this issue since the gnutls security fix?
It seems to be very much a recurrence of
<https://bugs.debian.ORG/cgi-bin/bugreport.cgi?bug=648638>
which was never officially fixed and later gnutls versions appeared to fix.
Not a problem perhaps that Exim4 maintainers can fix since it is coming from gnutls
but it again raises the question should Exim4 be using gnutls in the first place,
especially as others consider gnutls to be fundamentally broken.
Even as far back as 2008 - <http://www.openldap.ORG/lists/openldap-devel/200802/msg00072.html>
QUOTE
benihana : The irony of what's happening here, that dogmatism about a belief is causing an inferior solution to be used
UNQUOTE
and more recently
<http://www.zdnet.COM/gnutls-big-internal-bugs-few-real-world-problems-7000027041/>