The r15 added the following in the /var/qmail/control/con-smtpd
QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} fixcrio"

When this is enabled, qmail smtpd does accept mail that otherwise would be
rejected (bare linefeed emails). However, this is causing mail to be rejected
with a "status 256" being returned by tcpserver, if the other mta is trying to
use TLS. A sample, which I recorded using
QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} recordio"
follows

@400000004294a2981937e114 tcpserver: status: 1/40
@400000004294a298193ebafc tcpserver: pid 24242 from 206.106.137.9
@400000004294a29829aaf824 tcpserver: ok 24242 :::ffff:192.168.133.1:25
:::ffff:206.106.137.9::61473
 400000004294a29837e5a394 24242 > 220 icalyx.com ESMTP
 400000004294a2983a45b78c 24242 < EHLO mx1.interactivebrokers.com
 400000004294a2983a49e1f4 24242 > 250-icalyx.com
 400000004294a2983a49edac 24242 > 250-STARTTLS
 400000004294a2983a49f57c 24242 > 250-SIZE 0
 400000004294a2983a49fd4c 24242 > 250-PIPELINING
 400000004294a2983a4a051c 24242 > 250 8BITMIME
 400000004294a29901a7aafc 24242 < STARTTLS
 400000004294a29901ddca74 24242 > 220 ready for tls
@400000004294a29904d294bc 24242 < jQ
@400000004294a29904d2b014 24242 < Àedcba`       ªç;ø#i¸«ö¿Ârð;+
@400000004294a29904f3632c 24242 > [EOF]
@400000004294a29904f3826c tcpserver: end 24242 status 256

However, if recordio or fixcrio is removed from QMAIL_SMTP_PRE, this email is
accepted just fine. For the purpose of this bug (mail via TLS being rejected),
addition of either fixcrio or recordio shows exactly the same behavior.

See the following link for some more information :
http://groups-beta.google.com/group/alt.comp.mail.qmail/browse_frm/thread/4da1037febe81207/c7fe177f33d7d012?hl=en#c7fe177f33d7d012


Reproducible: Always
Steps to Reproduce:
I can not reproduce this for you, as I am not able to get a hold of any other
server that would send mail to me using TLS. This is happening when my broker,
interactivebrokers.com sends me email. I am assuming this is a problem
reproducible when you use any server that would want to send email using TLS
while talking to a gentoo qmail-1.03 r15 smtpd, that is using fixcrio
Actual Results:  
with fixcrio enabled in QMAIL_SMTP_PRE, mail is rejected with a status 256

Expected Results:  
should have received the email (status 0)

this may not be a qmail problem. Maybe fixcrio breaks a TLS session? If so,
fixcrio should be removed and alternatives explored.

Comment 2 Michael Hanselmann (hansmi) (RETIRED) 2005-05-25 15:38:38 UTC

If you want to use TLS (USE=ssl), don't use fixcrio. Please so see also here:
http://iain.cx/ssl/?qmailtls

(In reply to comment #1)
> If you want to use TLS (USE=ssl), don't use fixcrio. Please so see also here:
> http://iain.cx/ssl/?qmailtls

Great. Then let's fix the bug in the ebuild. It installs with TLS patch enabled
(it's not some thing the user sets - it's there) and it sets up a conf-smtpd
with fixcrio enabled (again, set up by default) and it's mutually incompatible.
One must go. Granted, I can disable fixcrio in conf-smtpd, but I had to find out
the hard way, and that would be true for anyone that installs 1.03-r15 ebuild.
Thanks.

This is NOT the default in -r15 this is invalid please do not open it again.
fixcrio is commented out by default if it was uncommented you uncommented it
yourself and did not realize it.