Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error)
Thank you Lukáš! The following worked for me as well, with no change required to Qmail. I just made the two changes to ASSP. It seems, something is going wrong with the [TLS-IN] and [TLS-OUT]. With the changes to ASSP configuration, I only see [TLS-IN] now, and those emails arrive, where they were timing out before with the -IN/-OUT. For whatever that is worth. I also need to update to the latest ASSP release, but I am unsure if that alone would have resolve the matter. The configuration changes were likely necessary as well. On Tue, 17 Aug 2021 11:10:08 +0200 Ing. Lukáš Pečínka wrote: > Hello, > > I think that I solved issue with timeouts between assp and postfix > (postfix/smtpd) > > assp - set IO-Engine from poll to select > > assp - set noTLSIP to 127.0.0.1 > > postfix - disabled tls_random_source > > It is wierd but it works. -- William L. Thomson Jr. ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error)
Hello, I think that I solved issue with timeouts between assp and postfix (postfix/smtpd) assp - set IO-Engine from poll to select assp - set noTLSIP to 127.0.0.1 postfix - disabled tls_random_source It is wierd but it works. Dne 06. 08. 21 v 9:24 Thomas Eckardt napsal(a): your log shows: Aug-03-21 12:19:30 Worker_3 ... ... <--- until here every thing is fine read from client = EHLO mail-pl1-x647.google.com <--- assp has read the helo from google Aug-03-21 12:19:30 server IO::Socket::SSL=GLOB(0x7fde3c853968) poll (writable) from main sub main::sendque 24 <--- assp has queued the EHLO in the outqueue to your MTA and has set the writeable FLAG to signal that assp will actively poll the socket (to your MTA) to become writeable the socket to your MTA does not signal, that it can write Aug-03-21 12:22:42 client Timeout after 180 secs <--- google is waiting for the "250 OK" , assp is waiting for the socket to become writeable ---> assp detects the timeout I would monitor the actions at your MTA for such a connection. If this will not show anything, I would try: - switch the assp IO-Engine from 'poll' to 'select' - disable SSL to your MTA (use plain sockets) - assp will not use STARTTLS Thomas Von: "William L. Thomson Jr." An: Datum: 05.08.2021 23:10 Betreff: Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error) On Tue, 3 Aug 2021 12:51:59 -0400 "William L. Thomson Jr." wrote: > On Tue, 3 Aug 2021 17:55:31 +0200 > Thomas Eckardt wrote: > > > ConTimeoutDebug > > > > generates the contxt files in the debug folder. These files > > show, what was going on in the connection until the timeout was > > reached. > > I set that one, but it is not providing much useful information. Here > is the end from one with Google, nothing above stands out, but seems > this is where it falls off. > > Aug-03-21 12:19:30 client IO::Socket::SSL=GLOB(0x7fde3dc429e8) unpoll > (writable) from main sub main::unpoll 7 read from client = EHLO > mail-pl1-x647.google.com Aug-03-21 12:19:30 server > IO::Socket::SSL=GLOB(0x7fde3c853968) poll (writable) from main sub > main::sendque 24 Aug-03-21 12:22:42 client Timeout after 180 secs > Aug-03-21 12:22:42 client was readable Aug-03-21 12:22:42 client was > not writable > > Full output (good for 1yr) > https://dpaste.com/HSFFBGNKW <https://dpaste.com/HSFFBGNKW> > > > for the records: > > > > after reseting all STATS a week ago on my prod windows system, I got > > no timeouts - even not a single one from the big mailers. > > SMTP SSL-Port-Connections Timeout: 0 0 > > SMTP STARTTLS-Connections Timeout: 0 0 > > > > perl modules in use: > > > > IO::Poll 1.45 > > IO::Select 1.45 > > IO::Socket::INET6 not installed > > IO::Socket::SSL 2.071 > > > > Net::SSLeay 1.90 > > OpenSSL 1.1.1i > > OpenSSL-lib 1.1.1i 8 Dec 2020 > > IO::Poll 1.41 > IO::Select 1.42 > IO::Socket::INET6 2.72 > IO::Socket::SSL 2.066 > Net::SSLeay 1.88 > OpenSSL 1.1.1k 1.1.1k Updated all the above, except the two that were current already IO::Poll 1.46 IO::Select 1.46 IO::Socket::INET6 2.72 IO::Socket::SSL 2.071 Net::SSLeay 1.90 OpenSSL 1.1.1k 1.1.1k No change, still suck at read from client = EHLO mail-pl1-x647.google.com client Timeout after 180 secs client was readable client was not writable Per above logs. Increasing debugging on SSL and setting ConTimeoutDebug did not provide any further output. I also tested Qmail directly and TLS works fine there, so something is amiss with ASSP. I am at a loss, but still looking. No [TLS-in] [TLS-out] works, only [SSL-in] [TLS-out]. -- William L. Thomson Jr. ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user <https://lists.sourceforge.net/lists/listinfo/assp-user> DISCLAIMER: *** This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *** ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user -- S pozdravem a přáním pěkného dne | Best regards Ing. Lukáš Pečínka System administrator, Postmaster, IdP administrator Students mail, Antispam, Mail delivery system Cent
Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error)
your log shows: Aug-03-21 12:19:30 Worker_3 ... ... <--- until here every thing is fine read from client = EHLO mail-pl1-x647.google.com <--- assp has read the helo from google Aug-03-21 12:19:30 server IO::Socket::SSL=GLOB(0x7fde3c853968) poll (writable) from main sub main::sendque 24 <--- assp has queued the EHLO in the outqueue to your MTA and has set the writeable FLAG to signal that assp will actively poll the socket (to your MTA) to become writeable the socket to your MTA does not signal, that it can write Aug-03-21 12:22:42 client Timeout after 180 secs <--- google is waiting for the "250 OK" , assp is waiting for the socket to become writeable ---> assp detects the timeout I would monitor the actions at your MTA for such a connection. If this will not show anything, I would try: - switch the assp IO-Engine from 'poll' to 'select' - disable SSL to your MTA (use plain sockets) - assp will not use STARTTLS Thomas Von:"William L. Thomson Jr." An: Datum: 05.08.2021 23:10 Betreff:Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error) On Tue, 3 Aug 2021 12:51:59 -0400 "William L. Thomson Jr." wrote: > On Tue, 3 Aug 2021 17:55:31 +0200 > Thomas Eckardt wrote: > > > ConTimeoutDebug > > > > generates the contxt files in the debug folder. These files > > show, what was going on in the connection until the timeout was > > reached. > > I set that one, but it is not providing much useful information. Here > is the end from one with Google, nothing above stands out, but seems > this is where it falls off. > > Aug-03-21 12:19:30 client IO::Socket::SSL=GLOB(0x7fde3dc429e8) unpoll > (writable) from main sub main::unpoll 7 read from client = EHLO > mail-pl1-x647.google.com Aug-03-21 12:19:30 server > IO::Socket::SSL=GLOB(0x7fde3c853968) poll (writable) from main sub > main::sendque 24 Aug-03-21 12:22:42 client Timeout after 180 secs > Aug-03-21 12:22:42 client was readable Aug-03-21 12:22:42 client was > not writable > > Full output (good for 1yr) > https://dpaste.com/HSFFBGNKW > > > for the records: > > > > after reseting all STATS a week ago on my prod windows system, I got > > no timeouts - even not a single one from the big mailers. > > SMTP SSL-Port-Connections Timeout: 0 0 > > SMTP STARTTLS-Connections Timeout: 0 0 > > > > perl modules in use: > > > > IO::Poll1.45 > > IO::Select 1.45 > > IO::Socket::INET6 not installed > > IO::Socket::SSL 2.071 > > > > Net::SSLeay 1.90 > > OpenSSL 1.1.1i > > OpenSSL-lib 1.1.1i 8 Dec 2020 > > IO::Poll 1.41 > IO::Select 1.42 > IO::Socket::INET6 2.72 > IO::Socket::SSL2.066 > Net::SSLeay1.88 > OpenSSL 1.1.1k 1.1.1k Updated all the above, except the two that were current already IO::Poll 1.46 IO::Select 1.46 IO::Socket::INET62.72 IO::Socket::SSL 2.071 Net::SSLeay 1.90 OpenSSL 1.1.1k 1.1.1k No change, still suck at read from client = EHLO mail-pl1-x647.google.com client Timeout after 180 secs client was readable client was not writable Per above logs. Increasing debugging on SSL and setting ConTimeoutDebug did not provide any further output. I also tested Qmail directly and TLS works fine there, so something is amiss with ASSP. I am at a loss, but still looking. No [TLS-in] [TLS-out] works, only [SSL-in] [TLS-out]. -- William L. Thomson Jr. ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user DISCLAIMER: *** This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *** ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error)
On Tue, 3 Aug 2021 12:51:59 -0400 "William L. Thomson Jr." wrote: > On Tue, 3 Aug 2021 17:55:31 +0200 > Thomas Eckardt wrote: > > > ConTimeoutDebug > > > > generates the contxt files in the debug folder. These files > > show, what was going on in the connection until the timeout was > > reached. > > I set that one, but it is not providing much useful information. Here > is the end from one with Google, nothing above stands out, but seems > this is where it falls off. > > Aug-03-21 12:19:30 client IO::Socket::SSL=GLOB(0x7fde3dc429e8) unpoll > (writable) from main sub main::unpoll 7 read from client = EHLO > mail-pl1-x647.google.com Aug-03-21 12:19:30 server > IO::Socket::SSL=GLOB(0x7fde3c853968) poll (writable) from main sub > main::sendque 24 Aug-03-21 12:22:42 client Timeout after 180 secs > Aug-03-21 12:22:42 client was readable Aug-03-21 12:22:42 client was > not writable > > Full output (good for 1yr) > https://dpaste.com/HSFFBGNKW > > > for the records: > > > > after reseting all STATS a week ago on my prod windows system, I got > > no timeouts - even not a single one from the big mailers. > > SMTP SSL-Port-Connections Timeout: 0 0 > > SMTP STARTTLS-Connections Timeout: 0 0 > > > > perl modules in use: > > > > IO::Poll1.45 > > IO::Select 1.45 > > IO::Socket::INET6 not installed > > IO::Socket::SSL 2.071 > > > > Net::SSLeay 1.90 > > OpenSSL 1.1.1i > > OpenSSL-lib 1.1.1i 8 Dec 2020 > > IO::Poll 1.41 > IO::Select1.42 > IO::Socket::INET6 2.72 > IO::Socket::SSL 2.066 > Net::SSLeay 1.88 > OpenSSL 1.1.1k1.1.1k Updated all the above, except the two that were current already IO::Poll1.46 IO::Select 1.46 IO::Socket::INET6 2.72 IO::Socket::SSL 2.071 Net::SSLeay 1.90 OpenSSL 1.1.1k 1.1.1k No change, still suck at read from client = EHLO mail-pl1-x647.google.com client Timeout after 180 secs client was readable client was not writable Per above logs. Increasing debugging on SSL and setting ConTimeoutDebug did not provide any further output. I also tested Qmail directly and TLS works fine there, so something is amiss with ASSP. I am at a loss, but still looking. No [TLS-in] [TLS-out] works, only [SSL-in] [TLS-out]. -- William L. Thomson Jr. ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error)
On Wed, 4 Aug 2021 09:26:05 -0400 (EDT) Doug Lytle wrote: > >>> I will look into increasing that, but I am unsure it is SSL > >>> related, maybe more TLS. > > I just ran into this myself today. > > Building a new VM based on Devuan 3 and testing with our work email > (Office 365), I've gotten timeouts. Other's came in just fine. I've > moved back to the original Devuan 1 setup and will need to > investigate further. Not sure if it is the case for others but some emails from like Google and Outlook do eventually come through. One sent yesterday at 3:05PM EST arrived at 6:30PM EST. The OTP from Amazon would arrive ~12+ hours after they were sent, and I am unsure all arrived, might have been just some. -- William L. Thomson Jr. ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error)
>>> I will look into increasing that, but I am unsure it is SSL related, >>> maybe more TLS. I just ran into this myself today. Building a new VM based on Devuan 3 and testing with our work email (Office 365), I've gotten timeouts. Other's came in just fine. I've moved back to the original Devuan 1 setup and will need to investigate further. Doug ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error)
Thank you Thomas! On Tue, 3 Aug 2021 17:55:31 +0200 Thomas Eckardt wrote: > SSLDEBUG at the highest level will show something like that in > maillog.txt I will look into increasing that, but I am unsure it is SSL related, maybe more TLS. > ConTimeoutDebug > > generates the contxt files in the debug folder. These files show, > what was going on in the connection until the timeout was reached. I set that one, but it is not providing much useful information. Here is the end from one with Google, nothing above stands out, but seems this is where it falls off. Aug-03-21 12:19:30 client IO::Socket::SSL=GLOB(0x7fde3dc429e8) unpoll (writable) from main sub main::unpoll 7 read from client = EHLO mail-pl1-x647.google.com Aug-03-21 12:19:30 server IO::Socket::SSL=GLOB(0x7fde3c853968) poll (writable) from main sub main::sendque 24 Aug-03-21 12:22:42 client Timeout after 180 secs Aug-03-21 12:22:42 client was readable Aug-03-21 12:22:42 client was not writable Full output (good for 1yr) https://dpaste.com/HSFFBGNKW > Exclude these IP's from SSL-failed-Cache* (noBanFailedSSLIP) - may > help (there is no need to restart assp !) > > the SSL-failed cache can be cleared or manipulated using the left > menu in the GUI -> below 'internal Caches' (scroll to the bottom) I think that was just ssl-tools website doing that, I do not believe any of my timeout issues are ban failed ssl cache related. > gentoo: > > One of the systems I maintain is running a gentoo (what a horror > OS!). ASSP autoupdates to the latest public available dev version. > This system runs without a single manual intervention for months now. > Assp does a service autorestart ones in a week. > How ever, system components, perl and perl modules are still > untouched for over 18 months. If you update that system, there are major perl changes, new version of perl and many things shipped within perl and various modules. Gentoo has gone downhill for sometime. I am a former Gentoo dev and trustee, infamous, banned for years from any communication. I still maintain a split up ASSP, which I know is frowned upon, but its worked for a very long time. Pretty sure, this issue is not related to that, but always the potential. https://github.com/Obsidian-StudiosInc/os-xtoo/tree/master/mail-filter/assp I am thinking maybe more a Qmail issue (that I hope is not the issue), or something in between, perl module, etc. > for the records: > > after reseting all STATS a week ago on my prod windows system, I got > no timeouts - even not a single one from the big mailers. > SMTP SSL-Port-Connections Timeout: 0 0 > SMTP STARTTLS-Connections Timeout: 0 0 > > perl modules in use: > > IO::Poll1.45 > IO::Select 1.45 > IO::Socket::INET6 not installed > IO::Socket::SSL 2.071 > > Net::SSLeay 1.90 > OpenSSL 1.1.1i > OpenSSL-lib 1.1.1i 8 Dec 2020 IO::Poll1.41 IO::Select 1.42 IO::Socket::INET6 2.72 IO::Socket::SSL 2.066 Net::SSLeay 1.88 OpenSSL 1.1.1k 1.1.1k Looks like I am behind on all but OpenSSL. I will work on updating those, it very well could be a perl module issue. Running on This is perl 5, version 32, subversion 1 (v5.32.1) built for x86_64-linux-thread-multi > system info: > > ASSP Version: (dev) 2.6.6 build 21202 Hmm, I am on 2.6.5 build 21074, which I believe is the latest/current release. I am envious over 2.6.6 :) -- William L. Thomson Jr. ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error)
SSLDEBUG at the highest level will show something like that in maillog.txt Aug-3-21 16:53:15 [Worker_1] Worker_1 wakes up Aug-3-21 16:53:15 [Worker_1] Info: Worker_1 got connection from MainThread Aug-3-21 16:53:15 [Worker_1] Connected: session:114507858 a.b.c.d:52084 > e.f.g.h:25 > 127.0.0.1:325 Aug-3-21 16:53:16 [Worker_1] a.b.c.d [SMTP Reply] 220 mail.thockar.com is ready - using ASSP 2.6.6(21202) Aug-3-21 16:53:16 [Worker_1] a.b.c.d [SMTP Reply] 250 HELP Aug-3-21 16:53:16 [Worker_1] a.b.c.d info: got STARTTLS request from a.b.c.d Aug-3-21 16:53:16 [Worker_1] a.b.c.d [SMTP Reply] 220 Ready to start TLS - go on Aug-3-21 16:53:16 [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:1620: start handshake Aug-3-21 16:53:16 [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:1177: global error: Undefined SSL object Aug-3-21 16:53:16 [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:1061: starting sslifying Aug-3-21 16:53:16 [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:1109: Net::SSLeay::accept -> -1 Aug-3-21 16:53:16 [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:1109: Net::SSLeay::accept -> -1 Aug-3-21 16:53:16 [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:1109: Net::SSLeay::accept -> 1 Aug-3-21 16:53:16 [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:1157: handshake done, socket ready and for web connections for example Aug-3-21 16:59:23 [Main_Thread] Info: SSLCertVerify - SSLWEBCertVerifyCB: callback returned: 1 Aug-3-21 16:59:23 [Main_Thread] Info: SSLCertVerify - SSLWEBCertVerifyCB: callback returned: 1 Aug-3-21 16:59:23 [Main_Thread] Info: (1) person 'Thomas Eckardt' located in 'DE//', email address '', logged in as 'root' Aug-3-21 16:59:23 [Main_Thread] Info: SSLCertVerify - SSLWEBCertVerifyCB: callback returned: 1 Aug-3-21 16:59:23 [Main_Thread] Adminuser root authenticated for admin connection for page / using a valid certificate owned by Thomas Eckardt , Aug-3-21 16:59:23 [Main_Thread] Admin connection from user root on host a.b.c.d:53757; page:/; session-ID:3c791f4f2ab58119fc9d109ed978f6e1; ConTimeoutDebug generates the contxt files in the debug folder. These files show, what was going on in the connection until the timeout was reached. Exclude these IP's from SSL-failed-Cache* (noBanFailedSSLIP) - may help (there is no need to restart assp !) the SSL-failed cache can be cleared or manipulated using the left menu in the GUI -> below 'internal Caches' (scroll to the bottom) gentoo: One of the systems I maintain is running a gentoo (what a horror OS!). ASSP autoupdates to the latest public available dev version. This system runs without a single manual intervention for months now. Assp does a service autorestart ones in a week. How ever, system components, perl and perl modules are still untouched for over 18 months. for the records: after reseting all STATS a week ago on my prod windows system, I got no timeouts - even not a single one from the big mailers. SMTP SSL-Port-Connections Timeout: 0 0 SMTP STARTTLS-Connections Timeout: 0 0 perl modules in use: IO::Poll1.45 IO::Select 1.45 IO::Socket::INET6 not installed IO::Socket::SSL 2.071 Net::SSLeay 1.90 OpenSSL 1.1.1i OpenSSL-lib 1.1.1i 8 Dec 2020 system info: Server OS: Windows Server 2016 Perl Version: 5.032001 physical-memory:20479 MB free physical-memory: 8781 MB total virtual-memory: 24319 MB free virtual-memory:8528 MB assp-process-memory:current: 3690 MBmin: 999 MB max: 6967 MB Number of CPU's:6 ASSP Version: (dev) 2.6.6 build 21202 Thomas Von:"William L. Thomson Jr." An: "For Users of ASSP" Datum: 03.08.2021 16:42 Betreff: Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error) On Tue, 3 Aug 2021 12:53:29 +0200 Thomas Eckardt wrote: > > This will not help. ASSP uses standard libs for SSL/TLS > (IO::Socket::SSL -> Net::SSLeay -> openssl-lib ! Would newer versions of that cause issue? Or maybe other perl related stuff. I have updated perl but not much else, and perl atm is a total mess in Gentoo. Sadly, main perl guy passed away, and the others are trying to step in, but its not a good situation. However, it does not seem to affect any other aspects of ASSP, so would be pretty odd to just affect a few sometimes, with those few being big emailers. I cannot track down this issue relating to any specific update or period of time for updates. > >It is not good situation at production server. > > If openssl was upgraded, I recommend to read the release notes. If > postfix was upgraded, .. the same. Such readings and upgrade planing > are done by an IT-department before system upgrades are done! > If you have any doubt about upcoming problems, all upgrades needs to > be tested in a test environment BEFORE they are going in to > production mode. I have run ASSP for several decades, never seen any issues like th
Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error)
Just for the record, the following emails are unrelated to the other issue of connections with Amazon, Google, Microsoft, Ebay, etc. The tests from ssl-tools mail servers works when ASSP is restarted because the SSL cache is cleared out. Once it connects, and fails to properly establish a SSL connection, it ends up being blocked. Referring to "STARTTLS is not allowed for" messages. On Mon, 2 Aug 2021 14:58:12 -0400 "William L. Thomson Jr." wrote: > This issue remains in 2.6.3.20002 as well as 2.6.5.21074, it seems > sporadic, but the other issue is consistent. > > Using this site to test, that triggers the STARTTLS is not allowed, > sometimes, on rare occasion it works, but most times it does not. > > https://ssl-tools.net/mailservers/ > > On Mon, 2 Aug 2021 14:51:50 -0400 > "William L. Thomson Jr." wrote: > > > The "STARTTLS is not allowed for" is only in 2.6.5.21074, I reverted > > to 2.6.3.20002 and that issue goes away, but the first issue > > remains. I can try reverting to another version prior to that. > > > > > > > > Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] 185.55.116.145 > > > info: got STARTTLS request from 185.55.116.145 > > > Aug 2 13:23:00 mail assp.pl[21426]: > > > [Worker_4] 185.55.116.145 info: STARTTLS is not allowed for > > > 185.55.116.145 > > > Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] 185.55.116.145 > > > [SMTP Error] 502 command not implemented or not allowed to be > > > used by 185.55.116.145 > > > Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] IPv4/IPv6 > > > disconnected: session:7F3EBC83AC78 185.55.116.145 - processing > > > time 0 seconds > > -- William L. Thomson Jr. ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error)
On Tue, 3 Aug 2021 12:53:29 +0200 Thomas Eckardt wrote: > > This will not help. ASSP uses standard libs for SSL/TLS > (IO::Socket::SSL -> Net::SSLeay -> openssl-lib ! Would newer versions of that cause issue? Or maybe other perl related stuff. I have updated perl but not much else, and perl atm is a total mess in Gentoo. Sadly, main perl guy passed away, and the others are trying to step in, but its not a good situation. However, it does not seem to affect any other aspects of ASSP, so would be pretty odd to just affect a few sometimes, with those few being big emailers. I cannot track down this issue relating to any specific update or period of time for updates. > >It is not good situation at production server. > > If openssl was upgraded, I recommend to read the release notes. If > postfix was upgraded, .. the same. Such readings and upgrade planing > are done by an IT-department before system upgrades are done! > If you have any doubt about upcoming problems, all upgrades needs to > be tested in a test environment BEFORE they are going in to > production mode. I have run ASSP for several decades, never seen any issues like this, and seems semi sporadic as emails do come through at times, but the majority do not. I have done a lot of major upgrades on the systems ASSP runs on, gentoo being rolling. > IMHO - most of these problems are related to the usage of self signed > certificates, outdated certificates, unchained certificates, missing > intermediate certificates in chains, allowed weak cipher suites, > allowed weak SSL protocols, too weak RSA keys I do believe they are increasing things on the other end, at first I thought maybe TLS 1.3, so I patched and updated qmail. But I have two different setups going, patched qmail for TLS 1.3, and the older TLS patched qmail, and both exhibit the same, so I am not confident it is the MTA at all, seems like ASSP or some underlying perl/openssl issue maybe. > openssl as well as postfix (and many other products) are working hard > to secure their applications. Some or all of the above faults may > lead in to more and more problems with every new software release. > Most times there are temporary workarounds available (openssl.cnf , > master.cnf .), if the default security is increased in new > releases. Notice: peers using new software releases may reject > connection to or from older releases, because of the availability of > "unsecure" communication options! So, the workarounds may not solve > all your problems. It is possible, but seems odd that it would affect only some, and some of the time. It seems like there is something happening or not happening as part of the connection establishment. > > SSLDEBUG and ConTimeoutDebug may help to get some more information > from assp. What options will increase output here? I have increased SSLDebug but not changing these messages. This shows the issue, this is from Google/Gmail. Also seems to only affect TLS-in/TLS-out, but that does work from other providers. Aug 3 03:08:24 mail assp.pl[1373]: [Worker_3] [TLS-in] [TLS-out] 2607:f8b0:4864:20::73d TLS-Connection idle for 180 secs - timeout Aug 3 03:08:24 mail assp.pl[1373]: [Worker_3] [TLS-in] [TLS-out] 2607:f8b0:4864:20::73d [SMTP Status] 451 Connection timeout, try later Aug 3 03:08:24 mail assp.pl[1373]: [Worker_3] [TLS-in] [TLS-out] 2607:f8b0:4864:20::73d disconnected: session:7FDE3DC448A0 2607:f8b0:4864:20::73d - processing time > btw.: I use certificates from letsencrypt and I never had any SSL/TLS > problems. I update the perl modules at least once a week from CPAN. > openssl is upgraded once in a year (together with the new perl > version). I use every time the (my) latest assp development version > on my production system. I also use letsencrypt, I have for a few years, certs are auto renewed monthly. This issue started about 3-4 months back. First with Amazon and Google, and then others, eBay, Microsoft/Outlook, and others. I think ~25% or more of the email is not arriving in general, and from those providers, more like 80% or more is not arriving. I really hope this can be resolved someway. I would hate to not run ASSP, I have not lived that way for a very very long time. No clue what an alternative to ASSP might be, or the potential issues, etc. ASSP replaced a horrendous Spamassassin+ other stuff back in the day that used a ridiculous amount of memory and CPU per email. ASSP has been a godsend! Thanks for keeping it going Thomas!!! -- William L. Thomson Jr. ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error)
>What to do now? Downgrade assp? This will not help. ASSP uses standard libs for SSL/TLS (IO::Socket::SSL -> Net::SSLeay -> openssl-lib ! >It is not good situation at production server. If openssl was upgraded, I recommend to read the release notes. If postfix was upgraded, .. the same. Such readings and upgrade planing are done by an IT-department before system upgrades are done! If you have any doubt about upcoming problems, all upgrades needs to be tested in a test environment BEFORE they are going in to production mode. IMHO - most of these problems are related to the usage of self signed certificates, outdated certificates, unchained certificates, missing intermediate certificates in chains, allowed weak cipher suites, allowed weak SSL protocols, too weak RSA keys openssl as well as postfix (and many other products) are working hard to secure their applications. Some or all of the above faults may lead in to more and more problems with every new software release. Most times there are temporary workarounds available (openssl.cnf , master.cnf .), if the default security is increased in new releases. Notice: peers using new software releases may reject connection to or from older releases, because of the availability of "unsecure" communication options! So, the workarounds may not solve all your problems. SSLDEBUG and ConTimeoutDebug may help to get some more information from assp. btw.: I use certificates from letsencrypt and I never had any SSL/TLS problems. I update the perl modules at least once a week from CPAN. openssl is upgraded once in a year (together with the new perl version). I use every time the (my) latest assp development version on my production system. Thomas Von:"Ing. Lukáš Pečínka" An: assp-user@lists.sourceforge.net Datum: 03.08.2021 10:12 Betreff: Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error) What to do now? Downgrade assp? Change some values in postfix? Last postfix changelog said that some values was changed (default values) and i reverted it...Nothing changed. It is not good situation at production server. Dne 02. 08. 21 v 20:58 William L. Thomson Jr. napsal(a): > This issue remains in 2.6.3.20002 as well as 2.6.5.21074, it seems > sporadic, but the other issue is consistent. > > Using this site to test, that triggers the STARTTLS is not allowed, > sometimes, on rare occasion it works, but most times it does not. > > https://ssl-tools.net/mailservers/ > > On Mon, 2 Aug 2021 14:51:50 -0400 > "William L. Thomson Jr." wrote: > >> The "STARTTLS is not allowed for" is only in 2.6.5.21074, I reverted >> to 2.6.3.20002 and that issue goes away, but the first issue remains. >> I can try reverting to another version prior to that. >> >>> Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] 185.55.116.145 info: >>> got STARTTLS request from 185.55.116.145 >>> Aug 2 13:23:00 mail assp.pl[21426]: >>> [Worker_4] 185.55.116.145 info: STARTTLS is not allowed for >>> 185.55.116.145 >>> Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] 185.55.116.145 [SMTP >>> Error] 502 command not implemented or not allowed to be used by >>> 185.55.116.145 >>> Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] IPv4/IPv6 >>> disconnected: session:7F3EBC83AC78 185.55.116.145 - processing time >>> 0 seconds > -- S pozdravem a přáním pěkného dne | Best regards Ing. Lukáš Pečínka System administrator, Postmaster, IdP administrator Students mail, Antispam, Mail delivery system Centre for information technology University of Ostrava Bráfova 5 701 03 Ostrava Czech Republic lukas.peci...@osu.cz m...@helpdesk.osu.cz ed...@helpdesk.osu.cz +420 597 09 1116 +420 731 639 635 ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user DISCLAIMER: *** This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *** ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error)
What to do now? Downgrade assp? Change some values in postfix? Last postfix changelog said that some values was changed (default values) and i reverted it...Nothing changed. It is not good situation at production server. Dne 02. 08. 21 v 20:58 William L. Thomson Jr. napsal(a): This issue remains in 2.6.3.20002 as well as 2.6.5.21074, it seems sporadic, but the other issue is consistent. Using this site to test, that triggers the STARTTLS is not allowed, sometimes, on rare occasion it works, but most times it does not. https://ssl-tools.net/mailservers/ On Mon, 2 Aug 2021 14:51:50 -0400 "William L. Thomson Jr." wrote: The "STARTTLS is not allowed for" is only in 2.6.5.21074, I reverted to 2.6.3.20002 and that issue goes away, but the first issue remains. I can try reverting to another version prior to that. Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] 185.55.116.145 info: got STARTTLS request from 185.55.116.145 Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] 185.55.116.145 info: STARTTLS is not allowed for 185.55.116.145 Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] 185.55.116.145 [SMTP Error] 502 command not implemented or not allowed to be used by 185.55.116.145 Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] IPv4/IPv6 disconnected: session:7F3EBC83AC78 185.55.116.145 - processing time 0 seconds -- S pozdravem a přáním pěkného dne | Best regards Ing. Lukáš Pečínka System administrator, Postmaster, IdP administrator Students mail, Antispam, Mail delivery system Centre for information technology University of Ostrava Bráfova 5 701 03 Ostrava Czech Republic lukas.peci...@osu.cz m...@helpdesk.osu.cz ed...@helpdesk.osu.cz +420 597 09 1116 +420 731 639 635 ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error)
This issue remains in 2.6.3.20002 as well as 2.6.5.21074, it seems sporadic, but the other issue is consistent. Using this site to test, that triggers the STARTTLS is not allowed, sometimes, on rare occasion it works, but most times it does not. https://ssl-tools.net/mailservers/ On Mon, 2 Aug 2021 14:51:50 -0400 "William L. Thomson Jr." wrote: > The "STARTTLS is not allowed for" is only in 2.6.5.21074, I reverted > to 2.6.3.20002 and that issue goes away, but the first issue remains. > I can try reverting to another version prior to that. > > > > > Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] 185.55.116.145 info: > > got STARTTLS request from 185.55.116.145 > > Aug 2 13:23:00 mail assp.pl[21426]: > > [Worker_4] 185.55.116.145 info: STARTTLS is not allowed for > > 185.55.116.145 > > Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] 185.55.116.145 [SMTP > > Error] 502 command not implemented or not allowed to be used by > > 185.55.116.145 > > Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] IPv4/IPv6 > > disconnected: session:7F3EBC83AC78 185.55.116.145 - processing time > > 0 seconds -- William L. Thomson Jr. ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error)
The "STARTTLS is not allowed for" is only in 2.6.5.21074, I reverted to 2.6.3.20002 and that issue goes away, but the first issue remains. I can try reverting to another version prior to that. Outlook IPv4, the other was Gmail/Google IPv6, same issue Aug 2 11:45:39 mail2 assp.pl[15632]: [Worker_4] [TLS-in] [TLS-out] 40.107.93.46 TLS-Connection idle for 180 secs - timeout Aug 2 11:45:39 mail2 assp.pl[15632]: [Worker_4] [TLS-in] [TLS-out] 40.107.93.46 [SMTP Status] 451 Connection timeout, try later Aug 2 11:45:39 mail2 assp.pl[15632]: [Worker_4] [TLS-in] [TLS-out] 40.107.93.46 disconnected: session:7FF31088DA20 40.107.93.46 - processing time 0 seconds On Mon, 2 Aug 2021 14:19:40 -0400 "William L. Thomson Jr." wrote: > This is affecting me as well... > > On Fri, 30 Jul 2021 14:57:45 +0200 > Thomas Eckardt wrote: > > > >something must changed in ssl/tls or in postfix. > > > > http://postfix.cs.utah.edu/source/official/postfix-3.4.1.RELEASE_NOTES > > > > Yes, there are many SSL/TLS related changes in the last postfix > > releases. > > I do not use postfix, I run qmail instead. I am having major issues > with Gmail, eBay, Outlook, Amazon, and many others. It looks like it > might be something related to gray listing, as the error code is 451 > for both. Gmail showed this error > > "451 connection timeout, try again later" > > That comes straight from the logs > > Aug 2 13:57:13 mail assp.pl[21426]: [Worker_4] [TLS-in] [TLS-out] > 2607:f8b0:4864:20::b30 TLS-Connection idle for 180 secs - timeout > Aug 2 13:57:13 mail assp.pl[21426]: [Worker_4] [TLS-in] [TLS-out] > 2607:f8b0:4864:20::b30 [SMTP Status] 451 Connection timeout, try later > Aug 2 13:57:13 mail assp.pl[21426]: [Worker_4] [TLS-in] [TLS-out] > 2607:f8b0:4864:20::b30 disconnected: session:7F3EBD76F4B8 > 2607:f8b0:4864:20::b30 - processing time 0 seconds > > For another I got this > > Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] 185.55.116.145 info: > got STARTTLS request from 185.55.116.145 > Aug 2 13:23:00 mail assp.pl[21426]: > [Worker_4] 185.55.116.145 info: STARTTLS is not allowed for > 185.55.116.145 > Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] 185.55.116.145 [SMTP > Error] 502 command not implemented or not allowed to be used by > 185.55.116.145 > Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] IPv4/IPv6 disconnected: > session:7F3EBC83AC78 185.55.116.145 - processing time 0 seconds > > Those might be unrelated. Not sure why STARTTLS is not available for > some IPv4/IPv6 addresses, but works fine for others. The above was the > same regardless of IPv4 or IPv6. > > Either way, the issue is the same, the senders email server sees > connection issue and assumes the server is unreachable. A lot of email > is not arriving as a result. > -- William L. Thomson Jr. ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error)
This is affecting me as well... On Fri, 30 Jul 2021 14:57:45 +0200 Thomas Eckardt wrote: > >something must changed in ssl/tls or in postfix. > > http://postfix.cs.utah.edu/source/official/postfix-3.4.1.RELEASE_NOTES > > Yes, there are many SSL/TLS related changes in the last postfix > releases. I do not use postfix, I run qmail instead. I am having major issues with Gmail, eBay, Outlook, Amazon, and many others. It looks like it might be something related to gray listing, as the error code is 451 for both. Gmail showed this error "451 connection timeout, try again later" That comes straight from the logs Aug 2 13:57:13 mail assp.pl[21426]: [Worker_4] [TLS-in] [TLS-out] 2607:f8b0:4864:20::b30 TLS-Connection idle for 180 secs - timeout Aug 2 13:57:13 mail assp.pl[21426]: [Worker_4] [TLS-in] [TLS-out] 2607:f8b0:4864:20::b30 [SMTP Status] 451 Connection timeout, try later Aug 2 13:57:13 mail assp.pl[21426]: [Worker_4] [TLS-in] [TLS-out] 2607:f8b0:4864:20::b30 disconnected: session:7F3EBD76F4B8 2607:f8b0:4864:20::b30 - processing time 0 seconds For another I got this Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] 185.55.116.145 info: got STARTTLS request from 185.55.116.145 Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] 185.55.116.145 info: STARTTLS is not allowed for 185.55.116.145 Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] 185.55.116.145 [SMTP Error] 502 command not implemented or not allowed to be used by 185.55.116.145 Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] IPv4/IPv6 disconnected: session:7F3EBC83AC78 185.55.116.145 - processing time 0 seconds Those might be unrelated. Not sure why STARTTLS is not available for some IPv4/IPv6 addresses, but works fine for others. The above was the same regardless of IPv4 or IPv6. Either way, the issue is the same, the senders email server sees connection issue and assumes the server is unreachable. A lot of email is not arriving as a result. -- William L. Thomson Jr. ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error)
>something must changed in ssl/tls or in postfix. http://postfix.cs.utah.edu/source/official/postfix-3.4.1.RELEASE_NOTES Yes, there are many SSL/TLS related changes in the last postfix releases. Thomas Von:"Ing. Lukáš Pečínka" An: assp-user@lists.sourceforge.net Datum: 30.07.2021 08:13 Betreff: Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error) Hi, something must changed in ssl/tls or in postfix. After some time my postfix log write (spam) this: postfix/smtpd[75310]: timeout after EHLO from localhost[127.0.0.1] postfix/smtpd[75273]: timeout after DATA (0 bytes) from localhost[127.0.0.1] postfix/smtpd[75316]: timeout after MAIL from localhost[127.0.0.1] postfix/smtpd[75258]: timeout after DATA (0 bytes) from localhost[127.0.0.1] postfix/smtpd[75284]: timeout after STARTTLS from localhost[127.0.0.1] I tried everything in assp and in postfix but it is same. I can't use tls proxy on assp becuse messages will be non readable for assp. I must tur on 587 submisson at postfix and turn of in assp. This works for users but for meassages from outside some tls connections are timeouted too. I am using ubuntu server 20.04 LTS (want use centos 7 but it is impossible to install recommended perl with packages on it :-)) Dne 30. 07. 21 v 3:26 Mark D Montgomery II via Assp-user napsal(a): > Yeah, with the Disable SSL setting blank and also with 25 added to the > Force TLS proxy setting incoming connections just time out (unsure if > it's all the time or just most of the time). > > Jul-29-21 21:19:31 [Worker_3] [TLS-in] [TLS-out] 209.85.218.52 > TLS-Connection idle for 180 secs - timeout > Jul-29-21 21:19:31 [Worker_3] [TLS-in] [TLS-out] 209.85.218.52 [SMTP > Status] 451 Connection timeout, try later > > I'll have to test more thoroughly when I have time. > > - Message from K Post - > Date: Thu, 29 Jul 2021 20:39:29 -0400 > From: K Post > Reply-To: For Users of ASSP > Subject: Re: [Assp-user] STARTTLS - connection randomly timeout > (outlook imap error) > To: For Users of ASSP > > >> Just my 1 1/2 cents: >> I'm not sure why you needed to (or would want to) disable ssl on port >> 25, >> but setting >> >> Disable SSL on listenports: 25 >> >> will make it so that outside smtp servers communicate with you without >> encryption. Outside centers always deliver on port 25, and won't try >> 587 >> or any other port. >> >> On Wed, Jul 28, 2021 at 5:49 PM Mark D Montgomery II via Assp-user < >> assp-user@lists.sourceforge.net> wrote: >> >>> I fought with this for quite a while the other day after upgrading my >>> VPS from Debian 9 to 10. >>> It seems something must have changed with SSL handling at another >>> level (maybe something with a Postfix update?). >>> >>> What I ended up with: >>> >>> Network Setup: >>> SMTP Listen Port: 25 >>> SMTP Destination: 125 >>> SMTP Secure Listen Port: 465 >>> SSL Destination: 1465 >>> Second SMTP Listen Port: 587 >>> Second SMTP Destination: 1587 >>> Force SMTP AUTH on Second SMTP Listen Port: On >>> >>> >>> SSL/TLS: >>> How to Handle STARTTLS Request: do TLS >>> Disable SSL on listenports: 25 >>> Force TLS to Proxy on this Ports: 587 >>> >>> Client Side: >>> Connections to port 465: SSL/TLS >>> Connections to port 587: STARTTLS >>> >>> >>> >>> - Message from "Ing. Lukáš Pečínka" >>> - >>> Date: Wed, 28 Jul 2021 12:10:46 +0200 >>> From: "Ing. Lukáš Pečínka" >>> Reply-To: For Users of ASSP >>> Subject: [Assp-user] STARTTLS - connection randomly timeout (outlook >>> imap error) >>>To: assp-user@lists.sourceforge.net >>> >>> >>> > Hello, >>> > >>> > I have some problem. I started ASSP with STARTTLS. Some users have >>> > problem with connection timeout (180s). Same with MS Outlook. Test >>> > message never pass and never connect on server. If I switch assp to >>> > TLS proxy everything works fine. After 2 days I don't know what to >>> > do or what I did bad. Could someone help me? Thank you. >>> > >>> > Is something to tweak? Some Timeout or connection rise/lower? >>> > >>> > I tested starttls connection in terminal via openssl - everything is >>> good. >>> > >>> > Listen SMTP port 25 >>> > >>> > SMTP destination 125 >>> > >>> &
Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error)
Hi, something must changed in ssl/tls or in postfix. After some time my postfix log write (spam) this: postfix/smtpd[75310]: timeout after EHLO from localhost[127.0.0.1] postfix/smtpd[75273]: timeout after DATA (0 bytes) from localhost[127.0.0.1] postfix/smtpd[75316]: timeout after MAIL from localhost[127.0.0.1] postfix/smtpd[75258]: timeout after DATA (0 bytes) from localhost[127.0.0.1] postfix/smtpd[75284]: timeout after STARTTLS from localhost[127.0.0.1] I tried everything in assp and in postfix but it is same. I can't use tls proxy on assp becuse messages will be non readable for assp. I must tur on 587 submisson at postfix and turn of in assp. This works for users but for meassages from outside some tls connections are timeouted too. I am using ubuntu server 20.04 LTS (want use centos 7 but it is impossible to install recommended perl with packages on it :-)) Dne 30. 07. 21 v 3:26 Mark D Montgomery II via Assp-user napsal(a): Yeah, with the Disable SSL setting blank and also with 25 added to the Force TLS proxy setting incoming connections just time out (unsure if it's all the time or just most of the time). Jul-29-21 21:19:31 [Worker_3] [TLS-in] [TLS-out] 209.85.218.52 TLS-Connection idle for 180 secs - timeout Jul-29-21 21:19:31 [Worker_3] [TLS-in] [TLS-out] 209.85.218.52 [SMTP Status] 451 Connection timeout, try later I'll have to test more thoroughly when I have time. - Message from K Post - Date: Thu, 29 Jul 2021 20:39:29 -0400 From: K Post Reply-To: For Users of ASSP Subject: Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error) To: For Users of ASSP Just my 1 1/2 cents: I'm not sure why you needed to (or would want to) disable ssl on port 25, but setting Disable SSL on listenports: 25 will make it so that outside smtp servers communicate with you without encryption. Outside centers always deliver on port 25, and won't try 587 or any other port. On Wed, Jul 28, 2021 at 5:49 PM Mark D Montgomery II via Assp-user < assp-user@lists.sourceforge.net> wrote: I fought with this for quite a while the other day after upgrading my VPS from Debian 9 to 10. It seems something must have changed with SSL handling at another level (maybe something with a Postfix update?). What I ended up with: Network Setup: SMTP Listen Port: 25 SMTP Destination: 125 SMTP Secure Listen Port: 465 SSL Destination: 1465 Second SMTP Listen Port: 587 Second SMTP Destination: 1587 Force SMTP AUTH on Second SMTP Listen Port: On SSL/TLS: How to Handle STARTTLS Request: do TLS Disable SSL on listenports: 25 Force TLS to Proxy on this Ports: 587 Client Side: Connections to port 465: SSL/TLS Connections to port 587: STARTTLS - Message from "Ing. Lukáš Pečínka" - Date: Wed, 28 Jul 2021 12:10:46 +0200 From: "Ing. Lukáš Pečínka" Reply-To: For Users of ASSP Subject: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error) To: assp-user@lists.sourceforge.net > Hello, > > I have some problem. I started ASSP with STARTTLS. Some users have > problem with connection timeout (180s). Same with MS Outlook. Test > message never pass and never connect on server. If I switch assp to > TLS proxy everything works fine. After 2 days I don't know what to > do or what I did bad. Could someone help me? Thank you. > > Is something to tweak? Some Timeout or connection rise/lower? > > I tested starttls connection in terminal via openssl - everything is good. > > Listen SMTP port 25 > > SMTP destination 125 > > SMTP secure listen port 465 > > SSL Destination 225 > > second SMTP listen port 587 > > TLS Do TLS > > > Thanks a lot > > -- > S pozdravem a přáním pěkného dne | Best regards > > Lucas > > > > ___ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user - End message from "Ing. Lukáš Pečínka" - -- Mark D Montgomery II techi...@techiem2.net https://www.techiem2.net (Blog) https://www.techiem2.tv (Photo Gallery/Journal) ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user - End message from K Post - -- S pozdravem a přáním pěkného dne | Best regards Ing. Lukáš Pečínka System administrator, Postmaster, IdP administrator Students mail, Antispam, Mail delivery system Centre for information technology University of Ostrava Bráfova 5 701 03 Ostrava Czech Republic lukas.peci...@osu.cz m...@helpdesk.osu.cz ed...@helpdesk.osu.cz +420 597 09 1116 +420 731 639 635 ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error)
Yeah, with the Disable SSL setting blank and also with 25 added to the Force TLS proxy setting incoming connections just time out (unsure if it's all the time or just most of the time). Jul-29-21 21:19:31 [Worker_3] [TLS-in] [TLS-out] 209.85.218.52 TLS-Connection idle for 180 secs - timeout Jul-29-21 21:19:31 [Worker_3] [TLS-in] [TLS-out] 209.85.218.52 [SMTP Status] 451 Connection timeout, try later I'll have to test more thoroughly when I have time. - Message from K Post - Date: Thu, 29 Jul 2021 20:39:29 -0400 From: K Post Reply-To: For Users of ASSP Subject: Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error) To: For Users of ASSP Just my 1 1/2 cents: I'm not sure why you needed to (or would want to) disable ssl on port 25, but setting Disable SSL on listenports: 25 will make it so that outside smtp servers communicate with you without encryption. Outside centers always deliver on port 25, and won't try 587 or any other port. On Wed, Jul 28, 2021 at 5:49 PM Mark D Montgomery II via Assp-user < assp-user@lists.sourceforge.net> wrote: I fought with this for quite a while the other day after upgrading my VPS from Debian 9 to 10. It seems something must have changed with SSL handling at another level (maybe something with a Postfix update?). What I ended up with: Network Setup: SMTP Listen Port: 25 SMTP Destination: 125 SMTP Secure Listen Port: 465 SSL Destination: 1465 Second SMTP Listen Port: 587 Second SMTP Destination: 1587 Force SMTP AUTH on Second SMTP Listen Port: On SSL/TLS: How to Handle STARTTLS Request: do TLS Disable SSL on listenports: 25 Force TLS to Proxy on this Ports: 587 Client Side: Connections to port 465: SSL/TLS Connections to port 587: STARTTLS - Message from "Ing. Lukáš Pečínka" - Date: Wed, 28 Jul 2021 12:10:46 +0200 From: "Ing. Lukáš Pečínka" Reply-To: For Users of ASSP Subject: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error) To: assp-user@lists.sourceforge.net > Hello, > > I have some problem. I started ASSP with STARTTLS. Some users have > problem with connection timeout (180s). Same with MS Outlook. Test > message never pass and never connect on server. If I switch assp to > TLS proxy everything works fine. After 2 days I don't know what to > do or what I did bad. Could someone help me? Thank you. > > Is something to tweak? Some Timeout or connection rise/lower? > > I tested starttls connection in terminal via openssl - everything is good. > > Listen SMTP port 25 > > SMTP destination 125 > > SMTP secure listen port 465 > > SSL Destination 225 > > second SMTP listen port 587 > > TLS Do TLS > > > Thanks a lot > > -- > S pozdravem a přáním pěkného dne | Best regards > > Lucas > > > > ___ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user - End message from "Ing. Lukáš Pečínka" - -- Mark D Montgomery II techi...@techiem2.net https://www.techiem2.net (Blog) https://www.techiem2.tv (Photo Gallery/Journal) ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user - End message from K Post - -- Mark D Montgomery II techi...@techiem2.net https://www.techiem2.net (Blog) https://www.techiem2.tv (Photo Gallery/Journal) ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error)
I'll try changing it back and see what happens. I don't remember if I just changed it while testing or if things actually didn't work with ssl on for it. - Message from K Post - Date: Thu, 29 Jul 2021 20:39:29 -0400 From: K Post Reply-To: For Users of ASSP Subject: Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error) To: For Users of ASSP Just my 1 1/2 cents: I'm not sure why you needed to (or would want to) disable ssl on port 25, but setting Disable SSL on listenports: 25 will make it so that outside smtp servers communicate with you without encryption. Outside centers always deliver on port 25, and won't try 587 or any other port. On Wed, Jul 28, 2021 at 5:49 PM Mark D Montgomery II via Assp-user < assp-user@lists.sourceforge.net> wrote: I fought with this for quite a while the other day after upgrading my VPS from Debian 9 to 10. It seems something must have changed with SSL handling at another level (maybe something with a Postfix update?). What I ended up with: Network Setup: SMTP Listen Port: 25 SMTP Destination: 125 SMTP Secure Listen Port: 465 SSL Destination: 1465 Second SMTP Listen Port: 587 Second SMTP Destination: 1587 Force SMTP AUTH on Second SMTP Listen Port: On SSL/TLS: How to Handle STARTTLS Request: do TLS Disable SSL on listenports: 25 Force TLS to Proxy on this Ports: 587 Client Side: Connections to port 465: SSL/TLS Connections to port 587: STARTTLS - Message from "Ing. Lukáš Pečínka" - Date: Wed, 28 Jul 2021 12:10:46 +0200 From: "Ing. Lukáš Pečínka" Reply-To: For Users of ASSP Subject: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error) To: assp-user@lists.sourceforge.net > Hello, > > I have some problem. I started ASSP with STARTTLS. Some users have > problem with connection timeout (180s). Same with MS Outlook. Test > message never pass and never connect on server. If I switch assp to > TLS proxy everything works fine. After 2 days I don't know what to > do or what I did bad. Could someone help me? Thank you. > > Is something to tweak? Some Timeout or connection rise/lower? > > I tested starttls connection in terminal via openssl - everything is good. > > Listen SMTP port 25 > > SMTP destination 125 > > SMTP secure listen port 465 > > SSL Destination 225 > > second SMTP listen port 587 > > TLS Do TLS > > > Thanks a lot > > -- > S pozdravem a přáním pěkného dne | Best regards > > Lucas > > > > ___ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user - End message from "Ing. Lukáš Pečínka" - -- Mark D Montgomery II techi...@techiem2.net https://www.techiem2.net (Blog) https://www.techiem2.tv (Photo Gallery/Journal) ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user - End message from K Post - -- Mark D Montgomery II techi...@techiem2.net https://www.techiem2.net (Blog) https://www.techiem2.tv (Photo Gallery/Journal) ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error)
Just my 1 1/2 cents: I'm not sure why you needed to (or would want to) disable ssl on port 25, but setting Disable SSL on listenports: 25 will make it so that outside smtp servers communicate with you without encryption. Outside centers always deliver on port 25, and won't try 587 or any other port. On Wed, Jul 28, 2021 at 5:49 PM Mark D Montgomery II via Assp-user < assp-user@lists.sourceforge.net> wrote: > I fought with this for quite a while the other day after upgrading my > VPS from Debian 9 to 10. > It seems something must have changed with SSL handling at another > level (maybe something with a Postfix update?). > > What I ended up with: > > Network Setup: > SMTP Listen Port: 25 > SMTP Destination: 125 > SMTP Secure Listen Port: 465 > SSL Destination: 1465 > Second SMTP Listen Port: 587 > Second SMTP Destination: 1587 > Force SMTP AUTH on Second SMTP Listen Port: On > > > SSL/TLS: > How to Handle STARTTLS Request: do TLS > Disable SSL on listenports: 25 > Force TLS to Proxy on this Ports: 587 > > Client Side: > Connections to port 465: SSL/TLS > Connections to port 587: STARTTLS > > > > - Message from "Ing. Lukáš Pečínka" - > Date: Wed, 28 Jul 2021 12:10:46 +0200 > From: "Ing. Lukáš Pečínka" > Reply-To: For Users of ASSP > Subject: [Assp-user] STARTTLS - connection randomly timeout (outlook > imap error) >To: assp-user@lists.sourceforge.net > > > > Hello, > > > > I have some problem. I started ASSP with STARTTLS. Some users have > > problem with connection timeout (180s). Same with MS Outlook. Test > > message never pass and never connect on server. If I switch assp to > > TLS proxy everything works fine. After 2 days I don't know what to > > do or what I did bad. Could someone help me? Thank you. > > > > Is something to tweak? Some Timeout or connection rise/lower? > > > > I tested starttls connection in terminal via openssl - everything is > good. > > > > Listen SMTP port 25 > > > > SMTP destination 125 > > > > SMTP secure listen port 465 > > > > SSL Destination 225 > > > > second SMTP listen port 587 > > > > TLS Do TLS > > > > > > Thanks a lot > > > > -- > > S pozdravem a přáním pěkného dne | Best regards > > > > Lucas > > > > > > > > ___ > > Assp-user mailing list > > Assp-user@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/assp-user > > > - End message from "Ing. Lukáš Pečínka" - > > > > -- > Mark D Montgomery II > techi...@techiem2.net > https://www.techiem2.net (Blog) > https://www.techiem2.tv (Photo Gallery/Journal) > > > > ___ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user > ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error)
I fought with this for quite a while the other day after upgrading my VPS from Debian 9 to 10. It seems something must have changed with SSL handling at another level (maybe something with a Postfix update?). What I ended up with: Network Setup: SMTP Listen Port: 25 SMTP Destination: 125 SMTP Secure Listen Port: 465 SSL Destination: 1465 Second SMTP Listen Port: 587 Second SMTP Destination: 1587 Force SMTP AUTH on Second SMTP Listen Port: On SSL/TLS: How to Handle STARTTLS Request: do TLS Disable SSL on listenports: 25 Force TLS to Proxy on this Ports: 587 Client Side: Connections to port 465: SSL/TLS Connections to port 587: STARTTLS - Message from "Ing. Lukáš Pečínka" - Date: Wed, 28 Jul 2021 12:10:46 +0200 From: "Ing. Lukáš Pečínka" Reply-To: For Users of ASSP Subject: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error) To: assp-user@lists.sourceforge.net Hello, I have some problem. I started ASSP with STARTTLS. Some users have problem with connection timeout (180s). Same with MS Outlook. Test message never pass and never connect on server. If I switch assp to TLS proxy everything works fine. After 2 days I don't know what to do or what I did bad. Could someone help me? Thank you. Is something to tweak? Some Timeout or connection rise/lower? I tested starttls connection in terminal via openssl - everything is good. Listen SMTP port 25 SMTP destination 125 SMTP secure listen port 465 SSL Destination 225 second SMTP listen port 587 TLS Do TLS Thanks a lot -- S pozdravem a přáním pěkného dne | Best regards Lucas ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user - End message from "Ing. Lukáš Pečínka" - -- Mark D Montgomery II techi...@techiem2.net https://www.techiem2.net (Blog) https://www.techiem2.tv (Photo Gallery/Journal) ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user