Bug#459323: SOLVED: Bug#459323: exim4: Incredimail problem sending email using Exim4 SMTP over SSL / TLS error on connection from [ip.ad.dr.ess] (gnutls_handshake): A TLS packet with unexpected length was received.

[Marc Haber]

tags #459323 moreinfo
thanks

On Sun, Jan 06, 2008 at 07:04:03PM +0100, Simon Josefsson wrote:
> Thanks.  Great.  I suspect the problem is the same as for TheBat, i.e.,
> that GnuTLS sends a certificate request and IM can't handle it.

Bingo.

>   Can you try to add --disable-client-cert to:

I tried this on sid (because gnutls-serv on etch doesn't support
--disable-client-cert) with success.

Once the issue has been identified, the fix is easy: just set
"MAIN_TLS_TRY_VERIFY_HOSTS=" in exim configuration.

Please note that a single incredimail client makes it impossible to
use client certificates with other clients at all since incredimail
chokes on the mere certificate request.

Additionally, incredimail negotiates RC4-MD5, which is not the very
best cipher.

One more caveat that cost me additional five minutes: Incredimail can
only do AUTH LOGIN and silently terminates the SMTP connection if the
server does only advertise AUTH PLAIN without giving any error message
to the client.

This issue being solved, I'dlike Andrew to try the suggested fix so
that this issue can be closed.

And finally, I'd like to strongly suggest to the incredimail makers
that they invest at least a tenth part of work time they put into
Interface Candy[tm] into the networking code. I have never seen an
e-mail client this bad in networking, security, supported standards
and error messages. Sucks badly.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835