Lindsay Haisley writes:
Just recently, as in the past few days, I'm seeing failures from Courier's outbound SMTP which report in the mail logs as:May 3 15:00:40 mitra courieresmtp:id=0000000000150472.0000000053654AE0.00007045,from=<[email protected]>,addr=<[email protected]>: 500 couriertls: ionnect: error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected messageWhen I use swaks to test ESMTP with STARTTLS I get a segmentation fault and the dialog is terminated. A little checking indicates that OpenSSL is crashing on the client side and the segfault message is generated locally by OpenSSL, not being sent back through the SMTP connection. This _seems_ to be a known bug, and is apparently related to fixes for the heartbleed bug in OpenSSL. I'm using Ubuntu 12.04 LTS with Courier 0.66.1 (the version distributed with this Ubuntu release). Setting ESMTP_USE_STARTTLS=0 in /etc/courier/courierd solves the problem in Courier, at the expense of email security. Does anyone have any insight on this problem?
I can connect to your mail server and negotiate TLS just fine:TLS_VERIFYPEER=NONE couriertls -host=mitra.fmp.com -port=25 -protocol=smtp - printx509=2
220 mitra.fmp.com ESMTP EHLO shorty.email-scan.com 250-mitra.fmp.com Ok. 250-AUTH LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256 250-STARTTLS 250-XVERP=Courier 250-XEXDATA 250-XSECURITY=NONE,STARTTLS 250-PIPELINING 250-8BITMIME 250-SIZE 250 DSN STARTTLS 220 Ok Subject: C=US ST=TX L=Leander O=Courier Mail Server at FMP Computer Services OU=Automatically-generated ESMTP STARTTLS key CN=mitra.fmp.com [email protected] Not-Before: 2013-04-02 22:01:50 Not-After: 2014-04-02 22:01:50 Version: TLSv1/SSLv3 Bits: 256 Cipher: AES256-SHA Your server is not crashing. What's crashing is xxx.xxx's server. I can also connect to my MX and negotiate TLS too.
pgpb3gN41rcV5.pgp
Description: PGP signature
------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
