3

I configured exim mail server on centos. It is working with no encryption type. But not with SSL and TLS. I din't get correct solution for this type of error. Can anyone tell solution and why this error message in exim main.log file?

The error message is like below in the exim main.log file.

2015-03-17 10:34:16 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=acp-node [10.7.2.137] input="\026\003\001"

Kousalya Kanikannan
  • 71
  • 2
  • 2
  • 8

2 Answers2

9

(input sent without waiting for greeting) ... input="\026\003\001"

In short: You are trying to use implicit TLS on a port where explicit TLS is needed.

In detail: There are two ways to use TLS with SMTP:

  • implicit TLS, that is TLS from start. This is used on port 465 (smtps). This mode is in some SMTP stacks simply called "SSL".
  • explicit TLS, that is start with plain SMTP and upgrade to TLS with the STARTTLS command. This is used on ports 25 (smtp) and 587 (submission). This mode is in some SMTP stacks simply called "TLS".

If you look around at the questions regarding use of SMTP with TLS you will find lots of confusion about how to use these modes with the various setups. And you will find lots of bad code which tries to use implicit TLS where explicit TLS is needed.

What you see is the result of the client trying to use implicit TLS on a port not suitable for this. \026\003\001 (or hex 16 03 01) is the start of a TLS 1.0 handshake and input sent without waiting for greeting refers to the fact, that the client is sending data first without waiting for the server to send the (plain text) SMTP greeting.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
0

Judging from the error log entry, your mail client 10.7.2.137 is trying to establish a secure (TLS) connection but your Exim server is not expecting it.

Most probably, TLS is not configured properly in your Exim configuration file. You can refer to http://www.exim.org/exim-html-current/doc/html/spec_html/ch-encrypted_smtp_connections_using_tlsssl.html for tutorial.

The solution is, therefore, to edit your Exim configuration file, making sure TLS certificates are defined and tls_advertise_hosts is set; and then restart Exim.

Denis Mysenko
  • 6,366
  • 1
  • 24
  • 33
  • Thank you so much for the clarification. I will try and let you know. – Kousalya Kanikannan Mar 17 '15 at 05:56
  • While saving th e Email settings in UI it shows error like "NOTE: SSL/TLS connections use the system certificate store. Use the link below to edit the certificate details" So, I changed the configuration in exim.conf file like, Before it was tls_certificate = /etc/pki/tls/certs/exim.pem tls_privatekey = /etc/pki/tls/private/exim.pem now tls_certificate = /opt/ssl/exim.crt tls_privatekey = /opt/ssl/exim.crt But still I'm not able to use SSL and TLS. How to configure this? – Kousalya Kanikannan Mar 17 '15 at 06:08