Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: exim: users

how to debug a TLS connection

  

 
exim users RSS feed   Index | Next | Previous | View Threaded


cyborg2 at benderirc

Jul 12, 2012, 3:53 AM

Post #1 of 5 (512 views)
Permalink
how to debug a TLS connection
Hi,

is there an option to activate a SMTP log to see what a client sends to
the server if TLS is active?

normally i just use tcpdump to capture the protocol, but with tls thats
not an option.

Any ideas?

best regards,
Marius Schwarz

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


A.C.Aitchison at dpmms

Jul 12, 2012, 5:01 AM

Post #2 of 5 (511 views)
Permalink
Re: how to debug a TLS connection [In reply to]
On Thu, 12 Jul 2012, Cyborg wrote:

> is there an option to activate a SMTP log to see what a client sends to the
> server if TLS is active?
>
> normally i just use tcpdump to capture the protocol, but with tls thats not
> an option.
>
> Any ideas?

Is the client under your control ?
If so you could try pointing it at a dummy server built with
openssl s_server
- that assumes that the problem isn't too deep inside the smtp
session.

--
Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge
A.C.Aitchison [at] dpmms http://www.dpmms.cam.ac.uk/~werdna

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


dlugo at etherboy

Jul 12, 2012, 5:21 AM

Post #3 of 5 (511 views)
Permalink
Re: how to debug a TLS connection [In reply to]
On Thu, 12 Jul 2012, Cyborg wrote:
>
> Hi,
>
> is there an option to activate a SMTP log to see what a client sends to the
> server if TLS is active?
>
> normally i just use tcpdump to capture the protocol, but with tls thats not
> an option.
>
> Any ideas?
>

While I have not tried it, recent versions of wireshark can
decode ssl.


--
--------------------------------------------------------
Dave Lugo dlugo [at] etherboy No spam, thanks.
Are you the police? . . . No ma'am, we're sysadmins.
--------------------------------------------------------

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


cyborg2 at benderirc

Jul 12, 2012, 5:28 AM

Post #4 of 5 (531 views)
Permalink
Re: how to debug a TLS connection [In reply to]
Am 12.07.2012 14:01, schrieb Dr Andrew C Aitchison:
> On Thu, 12 Jul 2012, Cyborg wrote:
>
>> is there an option to activate a SMTP log to see what a client sends
>> to the server if TLS is active?
>>
>> normally i just use tcpdump to capture the protocol, but with tls
>> thats not an option.
>>
>> Any ideas?
>
> Is the client under your control ?
> If so you could try pointing it at a dummy server built with
> openssl s_server
> - that assumes that the problem isn't too deep inside the smtp
> session.
>
No , let assume it's an external MTA you do not know anything about and
the admin there does not support you in any way

I stumpled about it as i saw this:

2012-07-12 11:07:53 SMTP call from
ths-186-209-0-14.v4.thsprovider.com.br [186.209.0.14] dropped: too many
syntax or protocol errors (last command was "AUTH LOGIN")
2012-07-12 11:08:02 SMTP call from
ths-186-209-0-14.v4.thsprovider.com.br [186.209.0.14] dropped: too many
syntax or protocol errors (last command was "AUTH LOGIN")
2012-07-12 11:08:10 SMTP call from
ths-186-209-0-14.v4.thsprovider.com.br [186.209.0.14] dropped: too many
syntax or protocol errors (last command was "AUTH LOGIN")
2012-07-12 11:08:18 SMTP call from
ths-186-209-0-14.v4.thsprovider.com.br [186.209.0.14] dropped: too many
syntax or protocol errors (last command was "AUTH LOGIN")
2012-07-12 11:08:27 SMTP call from
ths-186-209-0-14.v4.thsprovider.com.br [186.209.0.14] dropped: too many
syntax or protocol errors (last command was "AUTH LOGIN")
2012-07-12 11:08:35 SMTP call from
ths-186-209-0-14.v4.thsprovider.com.br [186.209.0.14] dropped: too many
syntax or protocol errors (last command was "AUTH LOGIN")
2012-07-12 11:08:43 SMTP call from
ths-186-209-0-14.v4.thsprovider.com.br [186.209.0.14] dropped: too many
syntax or protocol errors (last command was "AUTH LOGIN")
2012-07-12 11:08:52 SMTP call from
ths-186-209-0-14.v4.thsprovider.com.br [186.209.0.14] dropped: too many
syntax or protocol errors (last command was "AUTH LOGIN")
2012-07-12 11:09:00 SMTP call from
ths-186-209-0-14.v4.thsprovider.com.br [186.209.0.14] dropped: too many
syntax or protocol errors (last command was "AUTH LOGIN")
2012-07-12 11:09:08 SMTP call from
ths-186-209-0-14.v4.thsprovider.com.br [186.209.0.14] dropped: too many
syntax or protocol errors (last command was "AUTH LOGIN")
2012-07-12 11:09:17 SMTP call from
ths-186-209-0-14.v4.thsprovider.com.br [186.209.0.14] dropped: too many
syntax or protocol errors (last command was "AUTH LOGIN")
2012-07-12 11:09:25 SMTP call from
ths-186-209-0-14.v4.thsprovider.com.br [186.209.0.14] dropped: too many
syntax or protocol errors (last command was "AUTH LOGIN")

It's a spammer, i know, but it would be cool to have a debug option to
see what he does, or what a regular sender wanted to do.


best regards,
Marius Schwarz

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


exim-users at spodhuis

Jul 12, 2012, 11:15 AM

Post #5 of 5 (511 views)
Permalink
Re: how to debug a TLS connection [In reply to]
On 2012-07-12 at 12:53 +0200, Cyborg wrote:
> is there an option to activate a SMTP log to see what a client sends to
> the server if TLS is active?

Assuming that you're on at least Exim 4.73, then you can turn on the
debug log in an ACL.

Define an ACL which turns on debugging and set the name of that ACL as
the value of acl_smtp_starttls in the main config section.

Per NewStuff:

----------------------------8< cut here >8------------------------------
6. There is a new ACL control called "debug", to enable debug logging.
This allows selective logging of certain incoming transactions within
production environments, with some care. It takes two options, "tag"
and "opts"; "tag" is included in the filename of the log and "opts"
is used as per the -d<options> command-line option. Examples, which
don't all make sense in all contexts:

control = debug
control = debug/tag=.$sender_host_address
control = debug/opts=+expand+acl
control = debug/tag=.$message_exim_id/opts=+expand
----------------------------8< cut here >8------------------------------

-Phil

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.