Вроде как возникло после очередного обновления, когда именно - не понять уже.
Листинг попытки форварднуть замороженное сообщение:
[root@mail.our.net ~]# exim -d -M 1YL6fx-000BCp-Q0
...skipped
--------> recipient@runao.ru <--------
search_tidyup called
set_process_info: 67155 delivering 1YL6fx-000BCp-Q0: waiting for a remote delivery subprocess to finish
selecting on subprocess pipes
changed uid/gid: remote delivery to recipient@runao.ru with transport=remote_smtp
uid=2525 gid=6 pid=67157
auxiliary group list: 6
set_process_info: 67157 delivering 1YL6fx-000BCp-Q0 using remote_smtp
remote_smtp transport entered
recipient@runao.ru
checking status of skunk.infortech.ru
locking /var/spool/exim/db/retry.lockfile
locked /var/spool/exim/db/retry.lockfile
EXIM_DBOPEN(/var/spool/exim/db/retry)
returned from EXIM_DBOPEN
opened hints database /var/spool/exim/db/retry: flags=O_RDONLY
dbfn_read: key=T:skunk.infortech.ru:217.23.140.125
dbfn_read: key=T:skunk.infortech.ru:217.23.140.125:1YL6fx-000BCp-Q0
no host retry record
no message retry record
skunk.infortech.ru [217.23.140.125] status = usable
217.23.140.125 in serialize_hosts? no (option unset)
delivering 1YL6fx-000BCp-Q0 to skunk.infortech.ru [217.23.140.125] (recipient@runao.ru)
set_process_info: 67157 delivering 1YL6fx-000BCp-Q0 to skunk.infortech.ru [217.23.140.125] (recipient@runao.ru)
Connecting to skunk.infortech.ru [217.23.140.125]:25 ... connected
waiting for data on socket
read response data: size=72
SMTP<< 220 skunk.infortech.ru ESMTP Exim 4.71 Tue, 10 Feb 2015 20:33:22 +0400
217.23.140.125 in hosts_avoid_esmtp? no (option unset)
SMTP>> EHLO mail.our.net
waiting for data on socket
read response data: size=145
SMTP<< 250-skunk.infortech.ru Hello mail.our.net [1.2.3.4]
250-SIZE 52428800
250-PIPELINING
250-AUTH LOGIN PLAIN
250-STARTTLS
250 HELP
217.23.140.125 in hosts_avoid_tls? no (option unset)
SMTP>> STARTTLS
waiting for data on socket
read response data: size=18
SMTP<< 220 TLS go ahead
217.23.140.125 in hosts_require_ocsp? no (option unset)
217.23.140.125 in hosts_request_ocsp? yes (matched "*")
setting SSL CTX options: 0x1000000
Diffie-Hellman initialized from default with 2048-bit prime
Initialized TLS
Calling SSL_connect
SSL info: before/connect initialization
SSL info: before/connect initialization
SSL info: SSLv2/v3 write client hello A
Received TLS status response (OCSP stapling): null
SSL info: SSLv3 read server hello A
SSL info: SSLv3 read server certificate A
SSL info: SSLv3 read server done A
SSL info: SSLv3 write client key exchange A
SSL info: SSLv3 write change cipher spec A
reading pipe for subprocess 67157 (not ended)
read() yielded 0
selecting on subprocess pipes
reading pipe for subprocess 67157 (not ended)
read() yielded 0
...over 9000
selecting on subprocess pipes
reading pipe for subprocess 67157 (not ended)
read() yielded 0
selecting on subprocess pipes
reading pipe for subprocess 67157 (not ended)
read() yielded 0
remote delivery process 67157 ended: status=000b
set_process_info: 67155 delivering 1YL6fx-000BCp-Q0
post-process recipient@runao.ru (1)
LOG: MAIN
== recipient@runao.ru R=dnslookup T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x000b: terminated by signal 11
...skipped
Явная проблема с TLS/SSL handshake
[root@mail.our.net ~]# exim --version
Exim version 4.85 #1 (FreeBSD 10.0) built 10-Feb-2015 19:19:20
Copyright (c) University of Cambridge, 1995 - 2014
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2014
Probably Berkeley DB version 1.8x (native mode)
Support for: crypteq iconv() IPv6 use_setclassresources PAM Perl Expand_dlfunc OpenSSL Content_Scanning DKIM Old_Demime PRDR OCSP Experimental_SPF Experimental_SRS
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch mysql passwd
Authenticators: cram_md5 dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /usr/local/etc/exim/configure
[root@mail.our.net ~]# /usr/local/bin/openssl version
OpenSSL 1.0.1l 15 Jan 2015
[root@mail.our.net ~]# cat /usr/local/etc/exim/configure | grep tls
tls_advertise_hosts = *
tls_on_connect_ports = 465
tls_certificate = /usr/local/etc/exim/ssl/mailserver.crt
tls_privatekey = /usr/local/etc/exim/ssl/mailserver.key
Народ решает добавлением hosts_avoid_tls в транспорты, но это отключает вообще esmtps, оставляя только esmtp, что не решает проблемы. Хочется понять, почему такое возникает.