I have Debian wheezy and setup Exim to listen to port 587, where users can authenticate using TLS. I'm testing it with Thunderbird 31.1.2. When I try to send a message, Thunderbird displays this:
Sending of message failed. The message could not be sent because the connection to SMTP server smtp.gaspatchmodels.com was lost in the middle of the transaction. Try again or contact your network administrator.
Exim shows this in the mainlog:
2014-09-29 18:03:22 TLS error on connection from ppp-94-68-63-22.home.otenet.gr ([192.168.1. 68]) [94.68.63.22] (gnutls_handshake): The request is invalid.
If I sniff the traffic, I see the client saying "STARTTLS", the server responding "220 TLS go ahead", and then the client sending binary data, after which the connection seems to be dropped.
If I run exim with -d, this is what I get:
15332 SMTP<< STARTTLS
15332 initialising GnuTLS as a server
15332 GnuTLS global init required.
15332 initialising GnuTLS server session
15332 Expanding various TLS configuration options for session credentials.
15332 certificate file = /etc/exim4/exim.crt
15332 key file = /etc/exim4/exim.key
15332 TLS: cert/key registered
15332 verify certificates = /etc/ssl/certs/ca-certificates.crt size=245341
15332 Added 159 certificate authorities.
15332 Initialising GnuTLS server params.
15332 Loading default hard-coded DH params
15332 Loaded fixed standard D-H parameters
15332 GnuTLS using default session cipher/priority "NORMAL"
15332 host in tls_verify_hosts? no (option unset)
15332 host in tls_try_verify_hosts? no (option unset)
15332 TLS: a client certificate will not be requested.
15332 SMTP>> 220 TLS go ahead
15332 Received TLS SNI "[my domain name]" (unused for certificate selection)
15332 LOG: MAIN
15332 TLS error on connection from ppp-94-68-63-22.home.otenet.gr ([192.168.1.68]) [94.68.63.22] (gnutls_handshake): The request is invalid.
15332 TLS failed to start
To me the message "The request is invalid" conveys the meaning that Thunderbird is at fault; however I can't believe this is the case, because it is working neither on my Thunderbird nor on my customer's Thunderbird, and because it was working two days ago (I then updated from squeeze, deleted the configuration, and re-created it with ansible). I don't see anything relevant in the configuration besides
MAIN_TLS_ENABLE = true
in /etc/exim4/conf.d/main/000_localmacros.
Can I get more debugging information from gnutls? Such as why it considers the request to be invalid?
