LINUX.ORG.RU
решено ФорумGeneral

Помогите разобраться с Exim + TLS

 ,


0

2

Приветствую всех форумчан!

Настроил TLS в Exim по мануалам, вроде как работает и не работает.

Exim version 4.86_2 #1 built 05-Jan-2017 13:29:10 Copyright (c) University of Cambridge, 1995 - 2015 (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2015 Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013) Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DKIM Old_Demime DNSSEC PRDR OCSP Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp

Почта отправляется и принимается. Но при анализе обмена почтовых серверов все время ошибка Encrypted Alert. Вот что показывает tshark : 

Content type:Alert (21) Version: TLS 1.2 (0x303) Length: 26 Alert Message: Encrypted Alert


Если я правильно понял, код 21:decryption_failed. Подскажите плиз, откуда начинать искать причину

вот лог с gmail
  1 0.000000000 64.45.my-host-ip -> 66.102.1.26  TCP 74 49686 → 25 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=82971841 TSecr=0 WS=512
  2 0.017056461  66.102.1.26 -> 64.45.my-host-ip TCP 74 25 → 49686 [SYN, ACK] Seq=0 Ack=1 Win=42408 Len=0 MSS=1380 SACK_PERM=1 TSval=2493808122 TSecr=82971841 WS=128
  3 0.017176498 64.45.my-host-ip -> 66.102.1.26  TCP 66 49686 → 25 [ACK] Seq=1 Ack=1 Win=29696 Len=0 TSval=82971845 TSecr=2493808122
  4 0.037502145  66.102.1.26 -> 64.45.my-host-ip SMTP 120 S: 220 mx.google.com ESMTP j20si16074112wrb.275 - gsmtp
  5 0.037575069 64.45.my-host-ip -> 66.102.1.26  TCP 66 49686 → 25 [ACK] Seq=1 Ack=55 Win=29696 Len=0 TSval=82971850 TSecr=2493808143
  6 0.037648561 64.45.my-host-ip -> 66.102.1.26  SMTP 86 C: EHLO my.smtp_host
  7 0.054262296  66.102.1.26 -> 64.45.my-host-ip TCP 66 25 → 49686 [ACK] Seq=55 Ack=21 Win=42496 Len=0 TSval=2493808159 TSecr=82971850
  8 0.057839826  66.102.1.26 -> 64.45.my-host-ip SMTP 234 S: 250 mx.google.com at your service, [64.45.my-host-ip] | 250 SIZE 157286400 | 250 8BITMIME | 250 STARTTLS | 250 ENHANCEDSTATUSCODES | 250 PIPELINING | 250 CHUNKING | 250 SMTPUTF8
  9 0.058006117 64.45.my-host-ip -> 66.102.1.26  SMTP 76 C: STARTTLS
 10 0.075068791  66.102.1.26 -> 64.45.my-host-ip SMTP 96 S: 220 2.0.0 Ready to start TLS
 11 0.098206668 64.45.my-host-ip -> 66.102.1.26  SSL 298 Client Hello
 12 0.116518386  66.102.1.26 -> 64.45.my-host-ip SSL 2694 [TCP Previous segment not captured] Continuation Data
 13 0.116980804  66.102.1.26 -> 64.45.my-host-ip TCP 1484 [TCP Out-Of-Order] 25 → 49686 [ACK] Seq=253 Ack=263 Win=43520 Len=1418 TSval=2493808221 TSecr=82971865
 14 0.117039648 64.45.my-host-ip -> 66.102.1.26  TCP 78 [TCP Window Update] 49686 → 25 [ACK] Seq=263 Ack=253 Win=35840 Len=0 TSval=82971870 TSecr=2493808180 SLE=1671 SRE=4299
 15 0.117069041 64.45.my-host-ip -> 66.102.1.26  TCP 66 49686 → 25 [ACK] Seq=263 Ack=4299 Win=38912 Len=0 TSval=82971870 TSecr=2493808221
 16 0.121388280 64.45.my-host-ip -> 66.102.1.26  TLSv1.2 192 Client Key Exchange, Change Cipher Spec, Hello Request, Hello Request
 17 0.138193012  66.102.1.26 -> 64.45.my-host-ip TLSv1.2 296 New Session Ticket, Change Cipher Spec, Hello Request, Hello Request
 18 0.142411698 64.45.my-host-ip -> 66.102.1.26  TLSv1.2 115 Application Data
 19 0.159474201  66.102.1.26 -> 64.45.my-host-ip TLSv1.2 249 Application Data
 20 0.159681085 64.45.my-host-ip -> 66.102.1.26  TLSv1.2 170 Application Data
 21 0.177026079  66.102.1.26 -> 64.45.my-host-ip TLSv1.2 138 Application Data
 22 0.214739983 64.45.my-host-ip -> 66.102.1.26  TCP 66 49686 → 25 [ACK] Seq=542 Ack=4784 Win=44544 Len=0 TSval=82971895 TSecr=2493808282
 23 0.411797338  66.102.1.26 -> 64.45.my-host-ip TLSv1.2 138 Application Data
 24 0.411889380 64.45.my-host-ip -> 66.102.1.26  TCP 66 49686 → 25 [ACK] Seq=542 Ack=4856 Win=44544 Len=0 TSval=82971944 TSecr=2493808517
 25 0.411906307  66.102.1.26 -> 64.45.my-host-ip TLSv1.2 139 Application Data
 26 0.411937408 64.45.my-host-ip -> 66.102.1.26  TCP 66 49686 → 25 [ACK] Seq=542 Ack=4929 Win=44544 Len=0 TSval=82971944 TSecr=2493808517
 27 0.418619753 64.45.my-host-ip -> 66.102.1.26  TLSv1.2 697 Application Data
 28 0.418706108 64.45.my-host-ip -> 66.102.1.26  TLSv1.2 767 Application Data
 29 0.435395116  66.102.1.26 -> 64.45.my-host-ip TCP 66 25 → 49686 [ACK] Seq=4929 Ack=1874 Win=46208 Len=0 TSval=2493808541 TSecr=82971945
 30 0.640660103  66.102.1.26 -> 64.45.my-host-ip TLSv1.2 149 Application Data
 31 0.678742705 64.45.my-host-ip -> 66.102.1.26  TCP 66 49686 → 25 [ACK] Seq=1874 Ack=5012 Win=44544 Len=0 TSval=82972011 TSecr=2493808746
 32 0.727571716 64.45.my-host-ip -> 66.102.1.26  TLSv1.2 101 Application Data
 33 0.727614377 64.45.my-host-ip -> 66.102.1.26  TLSv1.2 97 Encrypted Alert
 34 0.727645878 64.45.my-host-ip -> 66.102.1.26  TCP 66 49686 → 25 [FIN, ACK] Seq=1940 Ack=5012 Win=44544 Len=0 TSval=82972023 TSecr=2493808746
 35 0.744264435  66.102.1.26 -> 64.45.my-host-ip TCP 66 25 → 49686 [ACK] Seq=5012 Ack=1941 Win=46208 Len=0 TSval=2493808849 TSecr=82972023
 36 0.744929088  66.102.1.26 -> 64.45.my-host-ip TCP 66 25 → 49686 [FIN, ACK] Seq=5012 Ack=1941 Win=46208 Len=0 TSval=2493808850 TSecr=82972023
 37 0.744978857 64.45.my-host-ip -> 66.102.1.26  TCP 66 49686 → 25 [ACK] Seq=1941 Ack=5013 Win=44544 Len=0 TSval=82972027 TSecr=2493808850


Последнее исправление: alexbalkan (всего исправлений: 3)

Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.