exim4 is showing a TLS error on connection... (gnutls_handshake)
My exim server is showing the following error: TLS error on connection from xxxx.xxxx.xxxx. ([127.0.0.1]) [xxx.xxx.xxx.xxx] (gnutls_handshake): A TLS fatal alert has been received.
I'm using the plain authentication and my settings are :
plain_server:
driver = plaintext
public_name = PLAIN
server_condition = "${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
server_set_id = $auth2
server_prompts = :
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif
Looking forward to any help or pointers
thanks in advance
If you are running an exim installation, the reason was GnuTLS here. Solution found at http://blog.josefsson.org/2009/04/16/cacert-and-gnutls/.
Type following commands
-
apt-get install gnutls-binto havegnutls-cliavailable. -
gnutls-cli -s -p 25 YOURSMTPHOST(starts a session with your mailserver) ehlo foostarttls- Press CTRL+d (
^d)
Then you see something like
- The hostname in the certificate does NOT match 'example.org'
Then the subject of your certificate does not match your server YOURSMTPHOST.
In my case, I connected to flupp.de, but the CN of the certificate was *.flupp.de. I changed flupp.de to mail.flupp.de and everyhting worked fine again.
Let me guess: you've compiled against GnuTLS, the mailserver you're talking to is GMX.de or web.de, and the problem started a few weeks ago? Both these providers turned on TLS in response to the NSA issue, but they didn't quite get it right.
As a workaround, you can compile exim against OpenSSL which is more tolerant, but do note that the problem is with GMX and web.de.