Re: perl ssl was:Re: [gentoo-user] dovecot imap-login
On Tuesday 22 Dec 2015 15:48:22 jens wefer wrote: > Am Sun, 20 Dec 2015 23:18:00 + > > schrieb Mick: > > It may be a postfix bug, or it may be that gentoo's openssl ciphers > > are more up to date and won't degrade the connection to SSLv3. Can > > you check what you get on the transaction with the server using > > openssl_client? Google for the correct commands to negotiate sending > > messages using telnet so that you know what to type on the console. > > Thanks for the tip. > I test ssl smtp/imap with openssl s_client who reports error.20 unable > to get local issuer certificate, so I create a new self signed > certificate. first test with sendEmail and imapsync runs. > I do not understand is why the client software works under other > operating systems. > > thx, bye, jens. This could be because other distros OpenSSL configuration is not as strict/up to date as gentoo's. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: perl ssl was:Re: [gentoo-user] dovecot imap-login
Am Sun, 20 Dec 2015 23:18:00 + schrieb Mick: > On Saturday 19 Dec 2015 10:31:09 jens wefer wrote: > > Am Mon, 14 Dec 2015 08:50:29 +0100 > > > > schrieb jens wefer : > > > Am Sat, 12 Dec 2015 23:09:20 +0100 > > > > > > schrieb jens wefer : > > > > Am Sat, 12 Dec 2015 17:53:04 + > > > > > > > > schrieb Stroller : > > > > > > On Sat, 12 December 2015, at 3:08 a.m., jens wefer > > > > > > wrote: > > > > > > > > > > > > I set up a mail server, postfix/dovecot, ssl required. > > > > > > test with mail-client, all ok > > > > > > when I try to copy mails with imapsync (gentoo) comes > > > > > > timeout, and imapsync will login again. > > > > > > with each new login, a new process imap-login is generated. > > > > > > > > > > Sorry if this is a dumb question, but how do you know it's > > > > > timing out? > > > > > > > > > > Could it just be slow, as it has to compile loads of messages > > > > > in its first run? > > > > > > > > > > Looks like dovecot has a 30 minute timeout. [1] > > > > > > > > > > An old message on the Dovecot mailing list [2] suggests to set > > > > > "verbose_proctitle = yes" in config to see why each process is > > > > > open. > > > > > > > > > > It also suggests using high-performance mode, rather that the > > > > > default. > > > > > > > > > > Stroller. > > > > > > > > timeout comes from imapsync (default timeout 120 sec). > > > > after 10 minutes then running 5 Dovecot processes which want > > > > 100% CPU time. mail logfile: > > > > imap-login: Login: user = blablub, TLS ession, .. > > > > > > I think that's a problem with perl. > > > When I send an email with sendEmail comes SSLv3 Aler handshake > > > failure. if I use a newer sendEmail version (1.56.5) comes > > > Segnentation fault. when I start sendEmail on CentOS is > > > everything ok. > > > > I send emails with email-client and sendEmail (win/centos). > > mail.log > > [...]: initializing the server-side TLS engine > > [...]: connect from brumw.lxsbbshome.tld[192.168.0.15] > > [...]: setting up TLS connection from > > brumw.lxsbbshome.tld[192.168.0.15] [...]: > > brumw.lxsbbshome.tld[192.168.0.15]: TLS cipher list > > "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]: > > SSL_accept:before/accept initialization [...]: SSL_accept:SSLv3 > > read client hello A [...]: SSL_accept:SSLv3 write server hello A > > [...]: SSL_accept:SSLv3 write certificate A [...]: SSL_accept:SSLv3 > > write server done A [...]: SSL_accept:SSLv3 flush data > > [...]: SSL_accept:SSLv3 read client certificate A > > [...]: SSL_accept:SSLv3 read client key exchange A > > [...]: SSL_accept:SSLv3 read certificate verify A > > [...]: SSL_accept:SSLv3 read finished A > > [...]: brumw.lxsbbshome.tld[192.168.0.15]: Issuing session ticket, > > key expiration: 1450478594 [...]: SSL_accept:SSLv3 write session > > ticket A [...]: SSL_accept:SSLv3 write change cipher spec A > > [...]: SSL_accept:SSLv3 write finished A > > [...]: SSL_accept:SSLv3 flush data > > [...]: Anonymous TLS connection established from > > brumw.lxsbbshome.tld[192.168.0.15]: TLSv1.2 with cipher > > AES128-GCM-SHA256 (128/128 bits) [...]: AFC46282149: > > client=brumw.lxsbbshome.tld[192.168.0.15] > > > > when I send email with sendEmail from gentoo-client it comes > > handshake error mail.log > > [...]: initializing the server-side TLS engine > > [...]: connect from robin.lxsbbshome.tld[192.168.0.17] > > [...]: setting up TLS connection from > > robin.lxsbbshome.tld[192.168.0.17] [...]: > > robin.lxsbbshome.tld[192.168.0.17]: TLS cipher list > > "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]: > > SSL_accept:before/accept initialization [...]: SSL3 alert > > write:fatal:handshake failure [...]: SSL_accept:error in error > > [...]: SSL_accept:error in error [...]: SSL_accept error from > > robin.lxsbbshome.tld[192.168.0.17]: -1 [...]: warning: TLS library > > problem: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong > > version number:s3_srvr.c:960: [...]: lost connection after STARTTLS > > from robin.lxsbbshome.tld[192.168.0.17] [...]: disconnect from > > robin.lxsbbshome.tld[192.168.0.17] ehlo=1 starttls=0/1 commands=1/2 > > > > sendEmail.log > > [...]: DEBUG => Connecting to rosalie.lxsbbshome.tld:25 > > [...]: DEBUG => My IP address is: 192.168.0.17 > > [...]: DEBUG => evalSMTPresponse() - Checking for SMTP success or > > error status in the message: 220 rosalie.lxsbbshome.tld ESMTP > > Postfix [...]: DEBUG => evalSMTPresponse() - Found SMTP success > > code: 220 [...]: SUCCESS => Received: 220 > > rosalie.lxsbbshome.tld ESMTP Postfix [...]: INFO => Sending: > > EHLO robin.lxsbbshome.tld [...]: DEBUG => > > evalSMTPresponse() - Checking for SMTP success or error status in > > the message: 250-rosalie.lxsbbshome.tld, 250-PIPELINING, 250-SIZE > > 1024, 250-VRFY, 250-ETRN, 250-STARTTLS, 250-AUTH PLAIN, > >
Re: perl ssl was:Re: [gentoo-user] dovecot imap-login
On Saturday 19 Dec 2015 10:31:09 jens wefer wrote: > Am Mon, 14 Dec 2015 08:50:29 +0100 > > schrieb jens wefer: > > Am Sat, 12 Dec 2015 23:09:20 +0100 > > > > schrieb jens wefer : > > > Am Sat, 12 Dec 2015 17:53:04 + > > > > > > schrieb Stroller : > > > > > On Sat, 12 December 2015, at 3:08 a.m., jens wefer > > > > > wrote: > > > > > > > > > > I set up a mail server, postfix/dovecot, ssl required. > > > > > test with mail-client, all ok > > > > > when I try to copy mails with imapsync (gentoo) comes timeout, > > > > > and imapsync will login again. > > > > > with each new login, a new process imap-login is generated. > > > > > > > > Sorry if this is a dumb question, but how do you know it's timing > > > > out? > > > > > > > > Could it just be slow, as it has to compile loads of messages in > > > > its first run? > > > > > > > > Looks like dovecot has a 30 minute timeout. [1] > > > > > > > > An old message on the Dovecot mailing list [2] suggests to set > > > > "verbose_proctitle = yes" in config to see why each process is > > > > open. > > > > > > > > It also suggests using high-performance mode, rather that the > > > > default. > > > > > > > > Stroller. > > > > > > timeout comes from imapsync (default timeout 120 sec). > > > after 10 minutes then running 5 Dovecot processes which want 100% > > > CPU time. mail logfile: > > > imap-login: Login: user = blablub, TLS ession, .. > > > > I think that's a problem with perl. > > When I send an email with sendEmail comes SSLv3 Aler handshake > > failure. if I use a newer sendEmail version (1.56.5) comes > > Segnentation fault. when I start sendEmail on CentOS is everything ok. > > I send emails with email-client and sendEmail (win/centos). > mail.log > [...]: initializing the server-side TLS engine > [...]: connect from brumw.lxsbbshome.tld[192.168.0.15] > [...]: setting up TLS connection from brumw.lxsbbshome.tld[192.168.0.15] > [...]: brumw.lxsbbshome.tld[192.168.0.15]: TLS cipher list > "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]: > SSL_accept:before/accept initialization [...]: SSL_accept:SSLv3 read > client hello A [...]: SSL_accept:SSLv3 write server hello A > [...]: SSL_accept:SSLv3 write certificate A > [...]: SSL_accept:SSLv3 write server done A > [...]: SSL_accept:SSLv3 flush data > [...]: SSL_accept:SSLv3 read client certificate A > [...]: SSL_accept:SSLv3 read client key exchange A > [...]: SSL_accept:SSLv3 read certificate verify A > [...]: SSL_accept:SSLv3 read finished A > [...]: brumw.lxsbbshome.tld[192.168.0.15]: Issuing session ticket, key > expiration: 1450478594 [...]: SSL_accept:SSLv3 write session ticket A > [...]: SSL_accept:SSLv3 write change cipher spec A > [...]: SSL_accept:SSLv3 write finished A > [...]: SSL_accept:SSLv3 flush data > [...]: Anonymous TLS connection established from > brumw.lxsbbshome.tld[192.168.0.15]: TLSv1.2 with cipher > AES128-GCM-SHA256 (128/128 bits) [...]: AFC46282149: > client=brumw.lxsbbshome.tld[192.168.0.15] > > when I send email with sendEmail from gentoo-client it comes handshake > error mail.log > [...]: initializing the server-side TLS engine > [...]: connect from robin.lxsbbshome.tld[192.168.0.17] > [...]: setting up TLS connection from robin.lxsbbshome.tld[192.168.0.17] > [...]: robin.lxsbbshome.tld[192.168.0.17]: TLS cipher list > "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]: > SSL_accept:before/accept initialization [...]: SSL3 alert > write:fatal:handshake failure [...]: SSL_accept:error in error > [...]: SSL_accept:error in error > [...]: SSL_accept error from robin.lxsbbshome.tld[192.168.0.17]: -1 > [...]: warning: TLS library problem: error:1408A10B:SSL > routines:ssl3_get_client_hello:wrong version number:s3_srvr.c:960: > [...]: lost connection after STARTTLS from > robin.lxsbbshome.tld[192.168.0.17] [...]: disconnect from > robin.lxsbbshome.tld[192.168.0.17] ehlo=1 starttls=0/1 commands=1/2 > > sendEmail.log > [...]: DEBUG => Connecting to rosalie.lxsbbshome.tld:25 > [...]: DEBUG => My IP address is: 192.168.0.17 > [...]: DEBUG => evalSMTPresponse() - Checking for SMTP success or error > status in the message: 220 rosalie.lxsbbshome.tld ESMTP Postfix [...]: > DEBUG => evalSMTPresponse() - Found SMTP success code: 220 [...]: > SUCCESS => Received: 220 rosalie.lxsbbshome.tld ESMTP Postfix > [...]: INFO => Sending: EHLO robin.lxsbbshome.tld [...]: DEBUG > => evalSMTPresponse() - Checking for SMTP success or error status in > the message: 250-rosalie.lxsbbshome.tld, 250-PIPELINING, 250-SIZE > 1024, 250-VRFY, 250-ETRN, 250-STARTTLS, 250-AUTH PLAIN, > 250-ENHANCEDSTATUSCODES, 250-8BITMIME, 250-DSN, 250 SMTPUTF8 [...]: > DEBUG => evalSMTPresponse() - Found SMTP success code: 250 [...]: > SUCCESS => Received: 250-rosalie.lxsbbshome.tld, > 250-PIPELINING, 250-SIZE 1024, 250-VRFY, 250-ETRN, 250-STARTTLS, > 250-AUTH PLAIN, 250-ENHANCEDSTATUSCODES,
Re: perl ssl was:Re: [gentoo-user] dovecot imap-login
Am Mon, 14 Dec 2015 08:50:29 +0100 schrieb jens wefer: > Am Sat, 12 Dec 2015 23:09:20 +0100 > schrieb jens wefer : > > > Am Sat, 12 Dec 2015 17:53:04 + > > schrieb Stroller : > > > > > > > > > On Sat, 12 December 2015, at 3:08 a.m., jens wefer > > > > wrote: > > > > > > > > I set up a mail server, postfix/dovecot, ssl required. > > > > test with mail-client, all ok > > > > when I try to copy mails with imapsync (gentoo) comes timeout, > > > > and imapsync will login again. > > > > with each new login, a new process imap-login is generated. > > > > > > Sorry if this is a dumb question, but how do you know it's timing > > > out? > > > > > > Could it just be slow, as it has to compile loads of messages in > > > its first run? > > > > > > Looks like dovecot has a 30 minute timeout. [1] > > > > > > An old message on the Dovecot mailing list [2] suggests to set > > > "verbose_proctitle = yes" in config to see why each process is > > > open. > > > > > > It also suggests using high-performance mode, rather that the > > > default. > > > > > > Stroller. > > > > timeout comes from imapsync (default timeout 120 sec). > > after 10 minutes then running 5 Dovecot processes which want 100% > > CPU time. mail logfile: > > imap-login: Login: user = blablub, TLS ession, .. > > > > I think that's a problem with perl. > When I send an email with sendEmail comes SSLv3 Aler handshake > failure. if I use a newer sendEmail version (1.56.5) comes > Segnentation fault. when I start sendEmail on CentOS is everything ok. > I send emails with email-client and sendEmail (win/centos). mail.log [...]: initializing the server-side TLS engine [...]: connect from brumw.lxsbbshome.tld[192.168.0.15] [...]: setting up TLS connection from brumw.lxsbbshome.tld[192.168.0.15] [...]: brumw.lxsbbshome.tld[192.168.0.15]: TLS cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]: SSL_accept:before/accept initialization [...]: SSL_accept:SSLv3 read client hello A [...]: SSL_accept:SSLv3 write server hello A [...]: SSL_accept:SSLv3 write certificate A [...]: SSL_accept:SSLv3 write server done A [...]: SSL_accept:SSLv3 flush data [...]: SSL_accept:SSLv3 read client certificate A [...]: SSL_accept:SSLv3 read client key exchange A [...]: SSL_accept:SSLv3 read certificate verify A [...]: SSL_accept:SSLv3 read finished A [...]: brumw.lxsbbshome.tld[192.168.0.15]: Issuing session ticket, key expiration: 1450478594 [...]: SSL_accept:SSLv3 write session ticket A [...]: SSL_accept:SSLv3 write change cipher spec A [...]: SSL_accept:SSLv3 write finished A [...]: SSL_accept:SSLv3 flush data [...]: Anonymous TLS connection established from brumw.lxsbbshome.tld[192.168.0.15]: TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits) [...]: AFC46282149: client=brumw.lxsbbshome.tld[192.168.0.15] when I send email with sendEmail from gentoo-client it comes handshake error mail.log [...]: initializing the server-side TLS engine [...]: connect from robin.lxsbbshome.tld[192.168.0.17] [...]: setting up TLS connection from robin.lxsbbshome.tld[192.168.0.17] [...]: robin.lxsbbshome.tld[192.168.0.17]: TLS cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]: SSL_accept:before/accept initialization [...]: SSL3 alert write:fatal:handshake failure [...]: SSL_accept:error in error [...]: SSL_accept:error in error [...]: SSL_accept error from robin.lxsbbshome.tld[192.168.0.17]: -1 [...]: warning: TLS library problem: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number:s3_srvr.c:960: [...]: lost connection after STARTTLS from robin.lxsbbshome.tld[192.168.0.17] [...]: disconnect from robin.lxsbbshome.tld[192.168.0.17] ehlo=1 starttls=0/1 commands=1/2 sendEmail.log [...]: DEBUG => Connecting to rosalie.lxsbbshome.tld:25 [...]: DEBUG => My IP address is: 192.168.0.17 [...]: DEBUG => evalSMTPresponse() - Checking for SMTP success or error status in the message: 220 rosalie.lxsbbshome.tld ESMTP Postfix [...]: DEBUG => evalSMTPresponse() - Found SMTP success code: 220 [...]: SUCCESS => Received:220 rosalie.lxsbbshome.tld ESMTP Postfix [...]: INFO => Sending: EHLO robin.lxsbbshome.tld [...]: DEBUG => evalSMTPresponse() - Checking for SMTP success or error status in the message: 250-rosalie.lxsbbshome.tld, 250-PIPELINING, 250-SIZE 1024, 250-VRFY, 250-ETRN, 250-STARTTLS, 250-AUTH PLAIN, 250-ENHANCEDSTATUSCODES, 250-8BITMIME, 250-DSN, 250 SMTPUTF8 [...]: DEBUG => evalSMTPresponse() - Found SMTP success code: 250 [...]: SUCCESS => Received:250-rosalie.lxsbbshome.tld, 250-PIPELINING, 250-SIZE 1024, 250-VRFY, 250-ETRN, 250-STARTTLS, 250-AUTH PLAIN, 250-ENHANCEDSTATUSCODES, 250-8BITMIME, 250-DSN, 250 SMTPUTF8 [...]: DEBUG => The remote SMTP server supports TLS :) [...]: DEBUG => Starting TLS [...]: INFO => Sending: STARTTLS [...]: DEBUG => evalSMTPresponse() - Checking for SMTP success or error status in
perl ssl was:Re: [gentoo-user] dovecot imap-login
Am Sat, 12 Dec 2015 23:09:20 +0100 schrieb jens wefer: > Am Sat, 12 Dec 2015 17:53:04 + > schrieb Stroller : > > > > > > On Sat, 12 December 2015, at 3:08 a.m., jens wefer > > > wrote: > > > > > > I set up a mail server, postfix/dovecot, ssl required. > > > test with mail-client, all ok > > > when I try to copy mails with imapsync (gentoo) comes timeout, > > > and imapsync will login again. > > > with each new login, a new process imap-login is generated. > > > > Sorry if this is a dumb question, but how do you know it's timing > > out? > > > > Could it just be slow, as it has to compile loads of messages in its > > first run? > > > > Looks like dovecot has a 30 minute timeout. [1] > > > > An old message on the Dovecot mailing list [2] suggests to set > > "verbose_proctitle = yes" in config to see why each process is open. > > > > It also suggests using high-performance mode, rather that the > > default. > > > > Stroller. > > timeout comes from imapsync (default timeout 120 sec). > after 10 minutes then running 5 Dovecot processes which want 100% CPU > time. mail logfile: > imap-login: Login: user = blablub, TLS ession, .. > I think that's a problem with perl. When I send an email with sendEmail comes SSLv3 Aler handshake failure. if I use a newer sendEmail version (1.56.5) comes Segnentation fault. when I start sendEmail on CentOS is everything ok.