6

I'm in the process of converting an existing mail server to support encrypted SMTP for our clients, but I've run into this brick wall with very little useful log data to help me forward. Everything works fine when using regular unencrypted SMTP; it's only when trying to use encrypted SMTP that things go pear-shaped.


My exim config file contains the following:

# Allow any client to use TLS
tls_advertise_hosts                       =  *

# Specify the location of the Exim server's TLS certificate and private key.
tls_certificate                           =  /etc/exim/exim.crt
tls_privatekey                            =  /etc/exim/exim.key 


Initially, Exim appears to be working as expected, I am able to securely connect to the mail server and authenticate myself, but just after I enter the recipient section in the SMTP session, the connection is dropped. This problem does not occur when using an unencrypted connection.


To test secure SMTP I use the following command:

openssl s_client -starttls smtp -crlf -connect localhost:25


And this is the output I get:

CONNECTED(00000003)
depth=0 C = ZA, etc, etc
verify error:num=18:self signed certificate
verify return:1
depth=0 C = ZA, etc, etc
verify return:1
---
Certificate chain
 0 s:/C=ZA/etc,etc
   i:/C=ZA/etc,etc
---
Server certificate
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXX==
-----END CERTIFICATE-----
subject=/C=ZA/etc,etc
---
No client certificate CA names sent
---
SSL handshake has read 1275 bytes and written 444 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    Session-ID-ctx: 
    Master-Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket:
    0000 - d0 cd ff b6 0c a2 fb 6c-f6 69 dc 0b a7 aa f3 1a   .......l.i......
    0010 - 10 76 75 05 15 d8 8c 21-cb eb b8 ae ec 34 7d b3   .vu....!.....4}.
    0020 - 7a bf f0 d6 7d df 26 27-41 1e d1 2a 35 bf 2f 0c   z...}.&'A..*5./.
    0030 - 25 6a 32 15 6e 53 d2 30-31 1b d9 60 e6 11 20 73   %j2.nS.01..`.. s
    0040 - 57 e3 76 96 e7 7e dc da-98 f2 cc a7 e5 58 62 b2   W.v..~.......Xb.
    0050 - ec db 58 91 16 14 18 ff-15 64 d6 66 1f 75 92 96   ..X......d.f.u..
    0060 - 65 43 f8 2c 4a 42 81 41-0c 2f 46 84 38 0c c5 e0   eC.,JB.A./F.8...
    0070 - 8d 7b d7 7e 12 0e 28 ca-f0 f9 b5 d0 b2 a6 ab 66   .{.~..(........f
    0080 - f8 c5 33 e3 cb 16 f5 76-8f e7 49 0c 49 69 31 43   ..3....v..I.Ii1C
    0090 - 05 25 dc 75 3a 07 13 91-63 ff 13 fd b0 2c 9f 8b   .%.u:...c....,..

    Compression: 1 (zlib compression)
    Start Time: 1315250595
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
250 HELP
HELO localhost
250 OK
MAIL FROM:someone@somewhere.com
250 OK
RCPT TO:anyone@nowhere.com
RENEGOTIATING
depth=0 C = ZA, etc, etc
verify error:num=18:self signed certificate
verify return:1
depth=0 C = ZA, etc, etc
verify return:1
421 lost input connection
read:errno=0

I've replaced the email addresses and organisation tree with garbage data in the above output, since it is irrelevant as I do not have this same issue when using regular SMTP. The above transaction occurs regardless of whether I attempt the connection from localhost or from an external source. I should also note that I am using a self-signed certificate generated using OpenSSL. Also, in the above example there is no authentication data since I am performing the test from localhost, which allows all mail without authentication required.

As you can see in the above output, Exim seems to break during/after issuing the string "RENEGOTIATING".

Since the output I receive during the SMTP session is not much help, I've also tried running Exim in debug +all mode. For the sake of brevity, I won't post the complete SMTP transaction since the entire session is quite normal, up until the point where I specify the recipient address. This is the exact snippet of Exim debug data that I get once I've typed in the recipient address and pressed enter:

21:42:10  7425 SSL info: before accept initialization
21:42:10  7425 SSL info: before accept initialization
21:42:10  7425 SSL info: SSLv3 read client hello A
21:42:10  7425 SSL info: SSLv3 write server hello A
21:42:10  7425 SSL info: SSLv3 write certificate A
21:42:10  7425 SSL info: SSLv3 write server done A
21:42:10  7425 SSL info: SSLv3 flush data
21:42:10  7425 SSL info: SSLv3 read client key exchange A
21:42:10  7425 SSL info: SSLv3 read finished A
21:42:10  7425 SSL info: SSLv3 write session ticket A
21:42:10  7425 SSL info: SSLv3 write change cipher spec A
21:42:10  7425 SSL info: SSLv3 write finished A
21:42:10  7425 SSL info: SSLv3 flush data
21:42:10  7425 SSL info: SSL negotiation finished successfully
21:42:10  7425 SSL info: SSL negotiation finished successfully
21:42:10  7425 Got SSL error 2
21:42:10  7425 SMTP>> 421 lost input connection
21:42:10  7425 tls_do_write(1db4020, 48)
21:42:10  7425 SSL_write(SSL, 1db4020, 48)
21:42:10  7425 outbytes=48 error=0
21:42:10  7425 LOG: lost_incoming_connection MAIN
21:42:10  7425   unexpected disconnection while reading SMTP command from (localhost) [127.0.0.1]
21:42:10  7425 search_tidyup called
21:42:10  7194 child 7425 ended: status=0x100
21:42:10  7194 0 SMTP accept processes now running
21:42:10  7194 Listening...
Richard Keller
  • 2,270
  • 2
  • 18
  • 31

2 Answers2

6

I found this in 30 seconds by Googling "openssl s_client RENEGOTIATING": s_client's R "feature"

In summary - pressing "R" in an s_client session causes openssl to renegotiate. Try entering "rcpt to:" instead of "RCPT TO".

You might also try tools that are more suited to SMTP-specific testing, such as Tony Finch's smtpc or swaks.

jj33
  • 11,038
  • 1
  • 36
  • 50
0

To require encryption for authentication in exim I set in /etc/exim/exim.conf:

auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}

I also force tls 1.2:

openssl_options = +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1

Between 2 identical exim servers I noticed one using AES-GCM & the other using ChaCha20-Poly1305 for encryption & did not know why. The encryption scheme used depends on whether the host has AES hardware acceleration in the `cpu.

Stuart Cardall
  • 531
  • 4
  • 7