Tls error on connection recv the tls connection was non properly terminated

Moderator: Project members

Модератор: xM

apt-get install --reinstall ca-certificates

dpkg-reconfigure ca-certificates
update-ca-certificates -f
c_rehash /etc/ssl/certs

openssl s_client -connect mta.medlife.perm.ru:465 -tls1 -servername mta.medlife.perm.ru

swaks -a -tls -q HELO -s mta.medlife.perm.ru -au test -ap '<>'

# Проверка существования адреса отправителя
warn
        hosts           = !+relay_from_hosts
        !verify         = sender/callout=3m,defer_ok
        logwrite        = [WARN][ACCC] Sender callout verify is invalid 
                          H=$sender_helo_name[$sender_host_address] F=$sender_address T:$local_part@$domain
        set acl_c_spamscore     = ${eval:$acl_c_spamscore+20}
        set acl_c_spamlog       = $acl_c_spamlog Callout error;

Exim TLS Error when trying to send mail

I have exim installed on my server and I would like to send mails for a website hosted with apache with php’s mail() function.
When I try to send an e-mail, I have no error, but the e-mail never arrives. I’ve checked the exim ‘s logs and I’ve got this :

Each try to send an e-mail produces errors like these. I’ve searched what may cause this. I found that similar errors may occur when a server is blacklisted but there is no reason my server would be (and I’ve checked with mxtoolbox and there is no problem).

The error posted here shows an hotmail receiver address, but I get likely errors for other target domains like so :

I’ve been also told to always une -f option with sendmail to provide a sender address however it only changes the sender address shown in the error log and the error is the same.

What should I do ?

2 Answers 2

Here’s an explanation of the errors you had encountered:

1. 2015-12-28 15:51:37 1aDZ96-00052a-5y TLS error on connection to mx2.hotmail.com [65.54.188.72] (send): The specified session has been invalidated for some reason.

This means that you are trying to use a self-signed SSL-certificate for your server, they shouldn’t be used anywhere outside test environment, since most servers on the internet will refuse to connect.

To use SSL you need to get a properly signed certificate (for example you can get it for free from StartSSL or WoSign.)

1. 2015-12-28 15:51:37 1aDZ96-00052a-5y ** xxxxxxx@hotmail.com R=dnslookup T=remote_smtp X=TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256 DN=»CN=*.hotmail.com»: SMTP error from remote mail server after MAIL FROM: SIZE=1526: host mx2.hotmail.com [65.54.188.72]: 550 SC-002 (BAY004-MC1F20) Unfortunately, messages from xxx.xxx.xxx.xxx weren’t sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors

This means that you’re trying to run a mail server on a home ISP or otherwise compromised network. Most of major mail servers won’t accept mail originating from home IPs. You’d have to follow their rules if you want your mail delivered — asking your ISP to go to http://mail.live.com/mail/troubleshooting.aspx#errors and do what Microsoft asks might be the only way to fix it. But first you should contact live.com support yourself and ask what they need to white-list your host.

Prepare to contact and have lengthy correspondence with every major mail service to get your mail flowing.

Источник

FTP — «GnuTLS error -110: The TLS connection was non-properly terminated.»

Spencer Skinner

Contributor

Yet again i have more issues with FTP this time im getting this error code chugged out by FileZilla

Here is what comes up in the freenas console

I had FTP working fine just earlier on in the day and now all of a sudden its broke again

Router — ASUS RT-AC66u
Modem — TP-Link TD8817

I have already got the FTP ports set up for Passive and they work, its just TLS Seems to be failing for an unknown reason.

Any help is appreciated

EDIT — Ok right now this is getting wierd, i just tried it again with the exact same settings as when it was chucking out errors and it worked absolutely fine, Eh? What is this? Bloody magic? Any insight as to what the actual hell freenas is doing would be great

dlavigne

Guest

Spencer Skinner

Contributor

I haven’t found anything of any great help online, just a long forum conversation on the filezilla forums about how it’s to do with updates but this forum post was in 2008 so I can’t imagine it’s the same issue anymore. Moreover I get the same issue on online FTP testers so it must be proftpd causing the issue not filezilla. That’s about as far as I have gotten.

Sent from my ONEPLUS A3003 using Tapatalk

Spencer Skinner

Contributor

I the tried without TLS

So TLS isnt causing this, i assume.

I am also finding that proftpd doesnt close properly, i turn off the service and it just hangs, same with changing settings it just hangs. Then im unable to start the service again for a few minutes while it thinks its still on

Interestingly when i just disabled Masquerade address and kept TLS enabled it seemed to work, maybe this is the root of the issue?

Context — I had my masquerade address set to my DDNS IP xxxx.ddns.net, in the hopes that would avoid NAT issues.

EDIT — Just did some more tests, I added the Masquerade back in and its still working, none of this makes sense.

EDIT 2 — Woke up this morning and tried it again with the masquerade enabled and it didnt work, chucked the same error, i removed the address then it worked fine no problem, then i re-added the address after it hadnt worked and its fine again. Once again i have no idea?

Here are my settings (Minus the masqerade address)

Sorry for the way ive put the settings, i know some people just give the config files contents but i have f*** all clue how to do that ahahah. Hope you can make something of what i have here so far

Источник

Why is our Filezilla FTP client receiving GnuTLS error -110 when listing directory on z/OS FTP server?

Question & Answer

Question

We have FTPS configured on port 21 (security ALLOWED) and on port 990 (Security REQUIRED/Implicit). Filezilla connects successfully to the z/OS FTP server by using TLS to secure the control connection. But Filezilla cannot list the contents of a directory by using a TLS protected data connection.

The screen shot shows these Filezilla client messages:

We verified that there is no firewall between the client and the mainframe. We also verified that the customer can connect to port 21 in the clear but receives an error on the same client if they try to use SSL/TLS (active FTP).

Answer

In this situation it was found that the FTP server was configured (defaulted) to the draft level of the FTP/TLS RFCs. One effect of this is that the session is simply closed instead of first sending an SSL Close Alert message first.

If your TLSRFCLEVEL is configured as DRAFT, change it to TLSRFCLEVEL RFC4217. If it defaulted to DRAFT, add a TLSRFCLEVEL RFC4217 statement to the server’s FTP.DATA input to change this behavior.

Specification of the TLSRFCLEVEL does not affect the initial SSL handshake or encryption of traffic; it changes the behavior when a session (or at least, SSL) ends. Specifically, configuring TLSRFCLEVEL RFC4217 will cause an SSL Close alert packet to be sent before actually closing the TCP connection (sending the FIN). Apparently the GnuTLS code used by FileZilla is strictly enforcing receipt of the alert, and errors out when a FIN arrives without the alert. So adding that configuration statement should resolve the problem with FileZilla not getting the LIST output.

Источник

Русские Блоги

Некоторые решения для сообщения об ошибках git [Каждый элемент тестируется лично, не наступайте на дыру]

оглавление

Недавно я перешел от svn к git в своей работе. У меня возникли некоторые проблемы. Я запишу проблемы, с которыми здесь сталкиваюсь. Я надеюсь быть полезными для всех. Каждая проблема и решение проверены лично и практичны. Добро пожаловать на обсуждение.

error: RPC failed; curl 56 GnuTLS recv error (-110): The TLS connection was non-properly terminated.

Эта проблема бросала меня в течение долгого времени. Я видел много решений в Интернете, но более 90% из них — ямы. Это бесполезно. Это может быть бесполезно для меня. Наконец, я нашел надежное решение. , Pro тест доступен, надеюсь, что уменьшить всех наступающих на яму.

1. Сначала установите необходимую среду и зависимости

Если вы хотите скрыть каталог и не хотите видеть его в / home, вы также можете изменить имя каталога на .git-rectify

3. Введите путь и получите исходный файл git

4. Установите зависимости

5. Установите зависимые от libcurl файлы

6. Войдите в каталог (в исходной ссылке есть ошибка, декомпрессия не требуется)

2. * за именем пути указан номер версии, вам нужно посмотреть свою версию

7. Измените содержимое файла, вам нужно изменить два файла

8. Скомпилируйте и соберите установочный пакет

9. Вернитесь в предыдущий каталог и установите скомпилированный установочный пакет.

Выполните вышеупомянутые шаги для устранения ошибки: сбой RPC; curl 56 GnuTLS recv error (-110): Соединение TLS было разорвано неправильно.

server certificate verification failed

Сначала вставьте ссылку, чтобы найти решение

При использовании git для клонирования появляется сообщение «Ошибка проверки сервера», введите в командной строке:

Это нормально, но каждый раз, когда вы запускаете оболочку, она не будет работать. Она не является постоянной. Если вы хотите сделать ее постоянной, вы можете добавить команду в bashrc:

Эта статья будет постоянно обновляться, и по-прежнему будут добавляться решения для различных проблем. Если вы заинтересованы, вы можете воспользоваться общедоступной учетной записью WeChat или номером заголовка ниже. Спасибо за вашу поддержку, вы можете перейти по ссылке, чтобы просмотреть подробное введениекликните сюда

Источник

FTP — «GnuTLS error -110: The TLS connection was non-properly terminated.»

Spencer Skinner

Contributor

Yet again i have more issues with FTP this time im getting this error code chugged out by FileZilla

Here is what comes up in the freenas console

I had FTP working fine just earlier on in the day and now all of a sudden its broke again

Router — ASUS RT-AC66u
Modem — TP-Link TD8817

I have already got the FTP ports set up for Passive and they work, its just TLS Seems to be failing for an unknown reason.

Any help is appreciated

EDIT — Ok right now this is getting wierd, i just tried it again with the exact same settings as when it was chucking out errors and it worked absolutely fine, Eh? What is this? Bloody magic? Any insight as to what the actual hell freenas is doing would be great

dlavigne

Guest

Spencer Skinner

Contributor

I haven’t found anything of any great help online, just a long forum conversation on the filezilla forums about how it’s to do with updates but this forum post was in 2008 so I can’t imagine it’s the same issue anymore. Moreover I get the same issue on online FTP testers so it must be proftpd causing the issue not filezilla. That’s about as far as I have gotten.

Sent from my ONEPLUS A3003 using Tapatalk

Spencer Skinner

Contributor

I the tried without TLS

So TLS isnt causing this, i assume.

I am also finding that proftpd doesnt close properly, i turn off the service and it just hangs, same with changing settings it just hangs. Then im unable to start the service again for a few minutes while it thinks its still on

Interestingly when i just disabled Masquerade address and kept TLS enabled it seemed to work, maybe this is the root of the issue?

Context — I had my masquerade address set to my DDNS IP xxxx.ddns.net, in the hopes that would avoid NAT issues.

EDIT — Just did some more tests, I added the Masquerade back in and its still working, none of this makes sense.

EDIT 2 — Woke up this morning and tried it again with the masquerade enabled and it didnt work, chucked the same error, i removed the address then it worked fine no problem, then i re-added the address after it hadnt worked and its fine again. Once again i have no idea?

Here are my settings (Minus the masqerade address)

Sorry for the way ive put the settings, i know some people just give the config files contents but i have f*** all clue how to do that ahahah. Hope you can make something of what i have here so far

Источник

I have exim installed on my server and I would like to send mails for a website hosted with apache with php’s mail() function.
When I try to send an e-mail, I have no error, but the e-mail never arrives.
I’ve checked the exim‘s logs and I’ve got this :

2015-12-28 15:51:36 1aDZ96-00052a-5y <= noreply@xxxxx.xxx U=www-data P=local S=490
2015-12-28 15:51:37 1aDZ96-00052a-5y TLS error on connection to mx2.hotmail.com [65.54.188.72] (recv): The TLS connection was non-properly terminated.
2015-12-28 15:51:37 1aDZ96-00052a-5y TLS error on connection to mx2.hotmail.com [65.54.188.72] (send): The specified session has been invalidated for some reason.
2015-12-28 15:51:37 1aDZ96-00052a-5y ** xxxxxxx@hotmail.com R=dnslookup T=remote_smtp X=TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256 DN="CN=*.hotmail.com": SMTP error from remote mail server after MAIL FROM:<noreply@xxxxx.xxx> SIZE=1526: host mx2.hotmail.com [65.54.188.72]: 550 SC-002 (BAY004-MC1F20) Unfortunately, messages from xxx.xxx.xxx.xxx weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors.
2015-12-28 15:51:38 1aDZ97-00052f-Uc <= <> R=1aDZ96-00052a-5y U=Debian-exim P=local S=1747
2015-12-28 15:51:38 1aDZ96-00052a-5y Completed

Each try to send an e-mail produces errors like these.
I’ve searched what may cause this. I found that similar errors may occur when a server is blacklisted but there is no reason my server would be (and I’ve checked with mxtoolbox and there is no problem).

The error posted here shows an hotmail receiver address, but I get likely errors for other target domains like so :

SMTP error from remote mail server after MAIL FROM:<www-data@xxxxxx.xxx> SIZE=1898: host smtp-in.orange.fr [193.252.22.65]: 501 5.1.0 Emetteur invalide. Invalid Sender. O

I’ve been also told to always une -f option with sendmail to provide a sender address however it only changes the sender address shown in the error log and the error is the same.

What should I do ?

Thank you for the tip, @fubar-coder. I tried to make an implemetation of ISslStreamWrapperFactory that makes use of the GnuSslStream class from the GnuSslStream NuGet package. See below:

using System.IO;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.Threading;
using System.Threading.Tasks;
using FubarDev.FtpServer.Authentication;

namespace Criterion.Ftp
{
    public class CustomSslStreamWrapperFactory : ISslStreamWrapperFactory
    {
        public async Task<Stream> WrapStreamAsync(
            Stream unencryptedStream,
            bool keepOpen,
            X509Certificate certificate,
            CancellationToken cancellationToken)
        {
            var sslStream = new GnuSslStream(unencryptedStream, keepOpen);
            try
            {
                await sslStream.AuthenticateAsServerAsync(certificate)
                    .ConfigureAwait(false);
            }
            catch
            {
                sslStream.Dispose();
                throw;
            }

            return sslStream;
        }

        public Task CloseStreamAsync(Stream sslStream, CancellationToken cancellationToken)
        {
            if (sslStream is GnuSslStream s)
            {
                s.Close();
            }

            return Task.CompletedTask;
        }
    }
}

Here is my Program.cs where I register my implementation in DI:

using System;
using System.Net;
using System.Security.Cryptography.X509Certificates;
using System.Threading;
using Criterion.Ftp.FileSystem.Gcs;
using FubarDev.FtpServer;
using FubarDev.FtpServer.AccountManagement;
using FubarDev.FtpServer.Authentication;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using NLog.Extensions.Logging;

namespace Criterion.Ftp
{
    class Program
    {
        static void Main(string[] args)
        {
            var services = new ServiceCollection().AddLogging(config => config.SetMinimumLevel(LogLevel.Trace));

#if !DEBUG
            var disableTls = Environment.GetEnvironmentVariable("DISABLE_TLS") ?? "False";
            if (bool.TryParse(disableTls, out var disable))
            {
                if (!disable)
                {
                    var cert = new X509Certificate2("ftp.pfx", Environment.GetEnvironmentVariable("PFX_PASSWORD"));
                    services.Configure<AuthTlsOptions>(cfg => cfg.ServerCertificate = cert);
                }
            }
#endif

            services.Configure<FtpConnectionOptions>(options => options.DefaultEncoding = System.Text.Encoding.UTF8);
            services.Configure<SimplePasvOptions>(options =>
            {
                options.PasvMinPort = 10000;
                options.PasvMaxPort = 10009;
                options.PublicAddress = IPAddress.Parse(Environment.GetEnvironmentVariable("PUBLIC_IP") ?? "127.0.0.1");
            });
            
            services.AddFtpServer(builder =>
            {
                builder.Services.AddSingleton<IMembershipProvider, CustomMembershipProvider>();
                builder.UseGcsFileSystem();
            });

            services.AddSingleton<ISslStreamWrapperFactory, CustomSslStreamWrapperFactory>();

            // Build the service provider
            using (var serviceProvider = services.BuildServiceProvider())
            {
                var loggerFactory = serviceProvider.GetRequiredService<ILoggerFactory>();
                loggerFactory.AddNLog(new NLogProviderOptions { CaptureMessageTemplates = true, CaptureMessageProperties = true });
                NLog.LogManager.LoadConfiguration("NLog.config");

                try
                {
                    // Initialize the FTP server
                    var ftpServerHost = serviceProvider.GetRequiredService<IFtpServerHost>();

                    // Start the FTP server
                    ftpServerHost.StartAsync(CancellationToken.None).ConfigureAwait(false);

                    Console.WriteLine("The FTP server is running. Press any key to kill the server...");
                    Console.ReadLine();

                    // Stop the FTP server
                    ftpServerHost.StopAsync(CancellationToken.None).ConfigureAwait(false);
                }
                catch (Exception ex)
                {
                    Console.Error.WriteLine(ex);
                }
            }
        }
    }
}

However, I still get an error in FileZilla. See below:

Status:	Resolving address of ftp.criterion.ai
Status:	Connecting to 35.210.105.126:21...
Status:	Connection established, waiting for welcome message...
Status:	Initializing TLS...
Status:	Verifying certificate...
Status:	TLS connection established.
Status:	Logged in
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/"
Command:	TYPE I
Response:	200 Binary transfer mode active.
Command:	PASV
Response:	227 Entering Passive Mode (35,210,105,126,39,20).
Command:	MLSD
Response:	150 Opening data connection.
Error:	GnuTLS error -110 in gnutls_record_recv: The TLS connection was non-properly terminated.
Status:	Server did not properly shut down TLS connection
Error:	Could not read from transfer socket: ECONNABORTED - Connection aborted
Response:	226 Closing data connection.
Error:	Failed to retrieve directory listing

In other clients (such as Cyberduck and WinSCP), I have no issues at all, even with the new implementation.

I took a look at the implementation of GnuSslStream (see the link below) and it looks like the only difference between that class and the native SslStream is that the SslDirectCall.CloseNotify method is being called when closing the connection. However, even though I am running on Windows, it seems as if that call isn’t working correctly. At least, there does not seem to be any difference between using SslStream and GnuSslStream.

https://github.com/UlyssesWu/UniFTP/blob/0a1e75c1b6363fa1cd624202b659b8a25a52042c/GnuSslStream/GnuSslStream.cs#L59

I even tried to remove my reference to the GnuSslStream NuGet package and download the files from the package (GnuSslStream.cs, NativeApi.cs, ReflectUtil.cs and SslDirectCall.cs) instead. I then modified the Close method to make a call to SslDirectCall.CloseNotify even when running on Linux (which the original implementation did not allow for). See below. I then ran my FTP server on a Linux box instead of Windows but that, unfortunately, did not make any difference. I could still connect from Cyberduck, Free FTP and WinSCP but not from FileZilla.

public override void Close()
{
	try
	{
		SslDirectCall.CloseNotify(this);
	}
	finally
	{
		base.Close();
	}
}

So, basically, after having tried a bunch of different things, I still haven’t gotten much further. Is there something I did wrong or is there anything I can do to help identifying the root cause of this issue?

I’m a beginner ubuntu user, and probably removed something I should have not to.
Now when I want to open in either Chrome, Chromium or Firefox some web pages:

1. I cannot upload photos/any file, the page is running but nothing happens;
2. Sometimes the page just says, «connection failed’,
3. some pages do not even load…

With a friend we tried to localize the problem, used the curl in Terminal and the following message we got, after several tryings as well:

$ curl
https://secure-web.cisco.com/1UjZvaFXylKMUS8eSdCfbbKAk1o8eOwyUbZWinGVDbO4PZJi_lCx_9W6A5aCGm7Y7TRyMZ9_2YzAGA9SkPEyJuqBo34wXEZWLbqh8nXHPIommnz_s1Iw2seS9DjGgyTDpIIy3NAusf6W7DKPkLqvsPQFn2Av26cx0AdfmOFNpkSJkTxCFk0airlZWOZBBFUE-S3dsLqHkm68A_7iq3BwPp6pp95WKQuTu5diERcS-apjarsnggk-Gq3IM4TTJI1Cgu43o8VPFqAi180o8sqS-c7xgALeBIJUg0YIeaj8qoz0zyhBIaIm7PbichXA0mp1pyCT2ELfMPQob1EihfFDMQkF_bl8NLkAzFmL9WLYH6JVYHYiuhkVrQ8NA08fgZ7ukcwJF_MGZufAoEVyWox1RW0jzMyCE7Xac7xWWY_Jt9DAdtUXNYKY3WhOeN9w9pLM2vY1fMkXoTly_9LigF5e9OQ/https%3A%2F%2Fget.adobe.com%2Fflashplayer%2F
*   Trying 193.104.215.66...
* Connected to get.adobe.com (193.104.215.66) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 704 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: get.adobe.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: C=US,ST=California,L=San Jose,O=Adobe Systems Incorporated,CN=get.adobe.com
* start date: Fri, 23 Sep 2016 00:00:00 GMT
* expire date: Fri, 27 Sep 2019 12:00:00 GMT
* issuer: C=US,O=DigiCert Inc,CN=DigiCert SHA2 Secure Server CA
* compression: NULL
* ALPN, server did not agree to a protocol

> GET /flashplayer/ HTTP/1.1
> Host: get.adobe.com
> User-Agent: curl/7.47.0
> Accept: */*
> 
< HTTP/1.1 302 Moved Temporarily
< Date: Sun, 11 Jun 2017 15:35:48 GMT
< Server: JRun Web Server
< location: /flashplayer/otherversions/
< Cache-Control: private, no-store, no-cache
< Content-Language: en-US
< Content-Language: en-US
< Content-Type: text/html; charset=UTF-8
< Set-Cookie: SETTINGS.LOCALE=en%5Fus; HttpOnly;domain=.adobe.com;expires=Tue, 04-Jun-2047 14:35:48 GMT;path=/cfusion/
< Connection: close
< Vary: Accept-Encoding
< 
* GnuTLS recv error (-110): The TLS connection was non-properly terminated.
* Closing connection 0
curl: (56) GnuTLS recv error (-110): The TLS connection was non-properly terminated.

Probably the problem is with the TLS connection, but we could not figure out what exactly and how to fix. I upgraded my 15.10 Ubuntu to 16.04 LTS. This did not solve the problem, but rather deepened it (problems with more web pages).

   Response:   125 List started OK 
   Error:      GnuTLS error -110 in gnu_tls_record_recv: The TLS 
               Connection was non-properly terminated. 
   Status:     Server did not properly shut down TLS connection 
   Error:      Could not read from transfer socket: ECONNABORTED - 
               Connection aborted 
   Response:   250 List completed successfully. 
   Error:      Failed to retrieve directory listing 

[{«Business Unit»:{«code»:»BU054″,»label»:»Systems w/TPS»},»Product»:{«code»:»SSSN3L»,»label»:»z/OS Communications Server»},»Platform»:[{«code»:»PF035″,»label»:»z/OS»}],»Component»:»»,»Version»:»»,»Line of Business»:{«code»:»LOB35″,»label»:»Mainframe SW»}}]

I’m using Debian stretch (9.4).

I have an office365 account.

Using Evolution, I can successfully download mail via POP3, and also send mail using the Evolution «Sending E-mail» preferences:

Server: smtp.office365.com
Port: 587
Server requires authentication TICKED
Encryption method: STARTTLS after connecting
Authentication: Login
Username: <myid@mydomain>

and Evolution prompted me for my office365 password the first time I used it, and it’s been fine since.

So that’s great. However:

I also have some crontab scripts which occasionally send email programmatically via sendmail -t as described here. The exim4-config package was configured for «mail sent by smarthost; no local mail» and the outgoing smarthost to smtp.office365.com::587. I also have /etc/exim4/passwd.client containing a smtp.office365.com:<myid@mydomain>:<mypassword> line.

Until around a month ago (I think they stopped working sometime in the first week of June), those scripts were sending email via smtp.office365.com absolutely fine. However, since then, for each email attempted to be sent /var/log/exim4/mainlog now shows a bunch of error messages along the lines of:

2018-06-12 22:04:37 XXXXXX-XXXXXX-XX <= <> R=XXXXXX-XXXXXX-XX U=Debian-exim P=local S=2270
2018-06-12 22:04:42 XXXXXX-XXXXXX-XX H=outlook.ms-acdc.office.com [40.100.174.194] TLS error on connection (recv): The TLS connection was non-properly terminated.
2018-06-12 22:04:42 XXXXXX-XXXXXX-XX H=outlook.ms-acdc.office.com [40.100.174.194] TLS error on connection (send): The specified session has been invalidated for some reason.
2018-06-12 22:04:42 XXXXXX-XXXXXX-XX ** <myid@mydomain> R=hub_user_smarthost T=remote_smtp_smarthost H=outlook.ms-acdc.office.com [40.100.174.194] X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=no DN="C=US,ST=Washington,L=Redmond,O=Microsoft Corporation,CN=outlook.com": SMTP error from remote mail server after pipelined MAIL FROM:<> SIZE=3347: 530 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM [LO2P265CA0067.GBRP265.PROD.OUTLOOK.COM]
2018-06-12 22:04:42 XXXXXX-XXXXXX-XX Frozen (delivery error message)

It’s not clear to me whether something has changed at microsoft’s end or my end (my machine is vanilla Debian stable amd64; I can’t remember if there were any relevant security updates might have been applied around the time things stopped working). I suspect Microsoft might have tightened up authentication in some way, and I need to change something in the exim4 configuration to deal with it (I’ll reiterate that Evolution has been sending mail through the same smtp.office365.com:587 channel without issue the whole time). I’m puzzled and grateful for any suggestions how to get the sendmail -t method working again.