Login | Register For Free | Help	Search this list this category for: (Advanced)

Mailing List Archive: exim: users Issues with (gnu)tls   Index | Next | Previous | View Flat

nuno at aeminium May 7, 2012, 1:54 PM Views: 344 Permalink Issues with (gnu)tls Hi, Depending on the cipher algorithm, when a remote smtp connection is using TLS, the spamassassin score gives the correct score or something likes this: X-Spam-Score: -nan X-Spam-Score_int: -2147483648. The same email sent using swaks without tls gives a correct spamassassin score. The weird thing is that looking at /var/log/spamd.log I see the correct scoring for all the cases, but it's not being "propagated" to the calling exim. Is this somehow related to https://issues.apache.org/SpamAssassin/show_bug.cgi?id=3364 ? I have this happening in two systems with similar configuration (ubuntu 12.04 , exim 4.76, gnutls 2.12.14, spamassassin 3.3.2). I started exim in debug mode: server:~# exim -d -bd -oX 5555 2>&1 |tee exim-openssl.log and connected remotely using: remote:~$ openssl s_client -connect server:5555 -starttls smtp -crlf \ -cipher AES256-SHA remote:~$ openssl s_client -connect gw:5555 -starttls smtp -crlf \ -cipher RC4-SHA The former gives: 1819 accept: condition test succeeded 1819 >>Headers added by DATA ACL: 1819 X-Spam-Score: nan 1819 X-Spam-Score_int: -2147483648 1819 X-Spam-Bar: - and the latter: 1846 accept: condition test succeeded 1846 >>Headers added by DATA ACL: 1846 X-Spam-Score: -1.0 1846 X-Spam-Score_int: -9 1846 X-Spam-Bar: - My relevant exim configuration: # add the spam score to all messages. warn message = X-Spam-Score: $spam_score\n\ X-Spam-Score_int: $spam_score_int\n\ X-Spam-Bar: $spam_bar spam = Debian-exim:true A grep -A 1 gnutls exim-openssl-AES256-SHA.log gives: 1819 gnutls_handshake was successful 1819 cipher: TLS1.0:RSA_AES_256_CBC_SHA1:32 -- 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096) 1819 SMTP<< ehlo example.org -- 1819 gnutls_record_send(SSL, 21f877d0, 117) 1819 outbytes=117 -- 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096) 1819 SMTP<< mail from: me [at] example -- 1819 gnutls_record_send(SSL, 21f7a998, 8) 1819 outbytes=8 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096) 1819 SMTP<< rcpt to: tests [at] aeminium -- 1819 gnutls_record_send(SSL, 21f7a998, 14) 1819 outbytes=14 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096) 1819 SMTP<< data -- 1819 gnutls_record_send(SSL, 21f7a998, 56) 1819 outbytes=56 -- 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096) 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096) 1819 host in ignore_fromline_hosts? no (option unset) 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096) 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096) PDKIM >> Hashed body data, canonicalized >>>>>>>>>>>>>>>>>>>>>>>>>>>>> -- 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096) 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096) 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096) 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096) 1819 Data file written for message 1SRTuz-0000TL-Bj -- 1819 gnutls_record_send(SSL, 21f7a998, 28) 1819 outbytes=28 -- 1819 Calling gnutls_record_recv(22122400, 221274e0, 4096) 1826 exec /usr/sbin/exim4 -d=0xfbbd5cfd -Mc 1SRTuz-0000TL-Bj -- 1819 gnutls_record_send(SSL, 21f7a998, 40) 1819 outbytes=40 and grep -A 1 gnutls exim-openssl-RC4-SHA.log: 1846 gnutls_handshake was successful 1846 cipher: TLS1.0:RSA_ARCFOUR_SHA1:16 -- 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096) 1846 SMTP<< EHLO example.org -- 1846 gnutls_record_send(SSL, 222617d0, 117) 1846 outbytes=117 -- 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096) 1846 SMTP<< mail from: me [at] example -- 1846 gnutls_record_send(SSL, 22254998, 8) 1846 outbytes=8 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096) 1846 SMTP<< rcpt to: tests [at] aeminium -- 1846 gnutls_record_send(SSL, 22254998, 14) 1846 outbytes=14 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096) 1846 SMTP<< data -- 1846 gnutls_record_send(SSL, 22254998, 56) 1846 outbytes=56 -- 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096) 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096) 1846 host in ignore_fromline_hosts? no (option unset) 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096) 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096) PDKIM >> Hashed body data, canonicalized >>>>>>>>>>>>>>>>>>>>>>>>>>>>> -- 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096) 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096) 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096) 1846 Data file written for message 1SRTwa-0000Tm-O1 -- 1846 gnutls_record_send(SSL, 22254998, 28) 1846 outbytes=28 -- 1846 Calling gnutls_record_recv(223fc400, 224014e0, 4096) 1855 Exim version 4.76 uid=105 gid=113 pid=1855 D=fbbd5cfd -- 1846 gnutls_record_send(SSL, 22254998, 40) 1846 outbytes=40 Any thoughts? Nuno -- http://aeminium.org/nuno/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/

Subject User Time Issues with (gnu)tls nuno at aeminium May 7, 2012, 1:54 PM     Re: Issues with (gnu)tls exim-users at spodhuis May 8, 2012, 1:39 AM         Re: Issues with (gnu)tls nuno at aeminium May 8, 2012, 7:44 AM             Re: Issues with (gnu)tls nuno at aeminium May 15, 2012, 5:31 AM                 Re: Issues with (gnu)tls exim-users at spodhuis May 15, 2012, 6:12 AM                 Re: Issues with (gnu)tls wbh at conducive May 16, 2012, 9:09 PM                     Re: Issues with (gnu)tls snabb at epipe May 16, 2012, 11:33 PM                         Re: Issues with (gnu)tls wbh at conducive May 17, 2012, 12:26 AM                     Re: Issues with (gnu)tls nuno at aeminium May 17, 2012, 2:11 PM                         Re: Issues with (gnu)tls wbh at conducive May 17, 2012, 5:28 PM

Index | Next | Previous | View Flat   exim     announce     users     dev

Interested in having your list archived? Contact Gossamer Threads
 

Web Applications & Managed Hosting Powered by Gossamer Threads Inc.