Re: perl ssl was:Re: [gentoo-user] dovecot imap-login

2015-12-22 Thread Mick 
On Tuesday 22 Dec 2015 15:48:22 jens wefer wrote:
> Am Sun, 20 Dec 2015 23:18:00 +
> 
> schrieb Mick :

> > It may be a postfix bug, or it may be that gentoo's openssl ciphers
> > are more up to date and won't degrade the connection to SSLv3.  Can
> > you check what you get on the transaction with the server using
> > openssl_client?  Google for the correct commands to negotiate sending
> > messages using telnet so that you know what to type on the console.
> 
> Thanks for the tip.
> I test ssl smtp/imap with openssl s_client who reports error.20 unable
> to get local issuer certificate, so I create a new self signed
> certificate. first test with sendEmail and imapsync runs.
> I do not understand is why the client software works under other
> operating systems.
> 
> thx, bye, jens.

This could be because other distros OpenSSL configuration is not as strict/up 
to date as gentoo's.

-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: perl ssl was:Re: [gentoo-user] dovecot imap-login

2015-12-22 Thread jens wefer 
Am Sun, 20 Dec 2015 23:18:00 +
schrieb Mick :

> On Saturday 19 Dec 2015 10:31:09 jens wefer wrote:
> > Am Mon, 14 Dec 2015 08:50:29 +0100
> > 
> > schrieb jens wefer :
> > > Am Sat, 12 Dec 2015 23:09:20 +0100
> > > 
> > > schrieb jens wefer :
> > > > Am Sat, 12 Dec 2015 17:53:04 +
> > > > 
> > > > schrieb Stroller :
> > > > > > On Sat, 12 December 2015, at 3:08 a.m., jens wefer
> > > > > >  wrote:
> > > > > > 
> > > > > > I set up a mail server, postfix/dovecot, ssl required.
> > > > > > test with mail-client, all ok
> > > > > > when I try to copy mails with imapsync (gentoo) comes
> > > > > > timeout, and imapsync will login again.
> > > > > > with each new login, a new process imap-login is generated.
> > > > > 
> > > > > Sorry if this is a dumb question, but how do you know it's
> > > > > timing out?
> > > > > 
> > > > > Could it just be slow, as it has to compile loads of messages
> > > > > in its first run?
> > > > > 
> > > > > Looks like dovecot has a 30 minute timeout. [1]
> > > > > 
> > > > > An old message on the Dovecot mailing list [2] suggests to set
> > > > > "verbose_proctitle = yes" in config to see why each process is
> > > > > open.
> > > > > 
> > > > > It also suggests using high-performance mode, rather that the
> > > > > default.
> > > > > 
> > > > > Stroller.
> > > > 
> > > > timeout comes from imapsync (default timeout 120 sec).
> > > > after 10 minutes then running 5 Dovecot processes which want
> > > > 100% CPU time. mail logfile:
> > > > imap-login: Login: user =  blablub, TLS ession, ..
> > > 
> > > I think that's a problem with perl.
> > > When I send an email with sendEmail comes SSLv3 Aler handshake
> > > failure. if I use a newer sendEmail version (1.56.5) comes
> > > Segnentation fault. when I start sendEmail on CentOS is
> > > everything ok.
> > 
> > I send emails with email-client and sendEmail (win/centos).
> > mail.log
> > [...]: initializing the server-side TLS engine
> > [...]: connect from brumw.lxsbbshome.tld[192.168.0.15]
> > [...]: setting up TLS connection from
> > brumw.lxsbbshome.tld[192.168.0.15] [...]:
> > brumw.lxsbbshome.tld[192.168.0.15]: TLS cipher list
> > "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]:
> > SSL_accept:before/accept initialization [...]: SSL_accept:SSLv3
> > read client hello A [...]: SSL_accept:SSLv3 write server hello A
> > [...]: SSL_accept:SSLv3 write certificate A [...]: SSL_accept:SSLv3
> > write server done A [...]: SSL_accept:SSLv3 flush data
> > [...]: SSL_accept:SSLv3 read client certificate A
> > [...]: SSL_accept:SSLv3 read client key exchange A
> > [...]: SSL_accept:SSLv3 read certificate verify A
> > [...]: SSL_accept:SSLv3 read finished A
> > [...]: brumw.lxsbbshome.tld[192.168.0.15]: Issuing session ticket,
> > key expiration: 1450478594 [...]: SSL_accept:SSLv3 write session
> > ticket A [...]: SSL_accept:SSLv3 write change cipher spec A
> > [...]: SSL_accept:SSLv3 write finished A
> > [...]: SSL_accept:SSLv3 flush data
> > [...]: Anonymous TLS connection established from
> > brumw.lxsbbshome.tld[192.168.0.15]: TLSv1.2 with cipher
> > AES128-GCM-SHA256 (128/128 bits) [...]: AFC46282149:
> > client=brumw.lxsbbshome.tld[192.168.0.15]
> > 
> > when I send email with sendEmail from gentoo-client it comes
> > handshake error mail.log
> > [...]: initializing the server-side TLS engine
> > [...]: connect from robin.lxsbbshome.tld[192.168.0.17]
> > [...]: setting up TLS connection from
> > robin.lxsbbshome.tld[192.168.0.17] [...]:
> > robin.lxsbbshome.tld[192.168.0.17]: TLS cipher list
> > "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]:
> > SSL_accept:before/accept initialization [...]: SSL3 alert
> > write:fatal:handshake failure [...]: SSL_accept:error in error
> > [...]: SSL_accept:error in error [...]: SSL_accept error from
> > robin.lxsbbshome.tld[192.168.0.17]: -1 [...]: warning: TLS library
> > problem: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong
> > version number:s3_srvr.c:960: [...]: lost connection after STARTTLS
> > from robin.lxsbbshome.tld[192.168.0.17] [...]: disconnect from
> > robin.lxsbbshome.tld[192.168.0.17] ehlo=1 starttls=0/1 commands=1/2
> > 
> > sendEmail.log
> > [...]: DEBUG => Connecting to rosalie.lxsbbshome.tld:25
> > [...]: DEBUG => My IP address is: 192.168.0.17
> > [...]: DEBUG => evalSMTPresponse() - Checking for SMTP success or
> > error status in the message: 220 rosalie.lxsbbshome.tld ESMTP
> > Postfix [...]: DEBUG => evalSMTPresponse() - Found SMTP success
> > code: 220 [...]: SUCCESS => Received:   220
> > rosalie.lxsbbshome.tld ESMTP Postfix [...]: INFO => Sending:
> > EHLO robin.lxsbbshome.tld [...]: DEBUG =>
> > evalSMTPresponse() - Checking for SMTP success or error status in
> > the message: 250-rosalie.lxsbbshome.tld, 250-PIPELINING, 250-SIZE
> > 1024, 250-VRFY, 250-ETRN, 250-STARTTLS, 250-AUTH PLAIN,
> >

Re: perl ssl was:Re: [gentoo-user] dovecot imap-login

2015-12-20 Thread Mick 
On Saturday 19 Dec 2015 10:31:09 jens wefer wrote:
> Am Mon, 14 Dec 2015 08:50:29 +0100
> 
> schrieb jens wefer :
> > Am Sat, 12 Dec 2015 23:09:20 +0100
> > 
> > schrieb jens wefer :
> > > Am Sat, 12 Dec 2015 17:53:04 +
> > > 
> > > schrieb Stroller :
> > > > > On Sat, 12 December 2015, at 3:08 a.m., jens wefer
> > > > >  wrote:
> > > > > 
> > > > > I set up a mail server, postfix/dovecot, ssl required.
> > > > > test with mail-client, all ok
> > > > > when I try to copy mails with imapsync (gentoo) comes timeout,
> > > > > and imapsync will login again.
> > > > > with each new login, a new process imap-login is generated.
> > > > 
> > > > Sorry if this is a dumb question, but how do you know it's timing
> > > > out?
> > > > 
> > > > Could it just be slow, as it has to compile loads of messages in
> > > > its first run?
> > > > 
> > > > Looks like dovecot has a 30 minute timeout. [1]
> > > > 
> > > > An old message on the Dovecot mailing list [2] suggests to set
> > > > "verbose_proctitle = yes" in config to see why each process is
> > > > open.
> > > > 
> > > > It also suggests using high-performance mode, rather that the
> > > > default.
> > > > 
> > > > Stroller.
> > > 
> > > timeout comes from imapsync (default timeout 120 sec).
> > > after 10 minutes then running 5 Dovecot processes which want 100%
> > > CPU time. mail logfile:
> > > imap-login: Login: user =  blablub, TLS ession, ..
> > 
> > I think that's a problem with perl.
> > When I send an email with sendEmail comes SSLv3 Aler handshake
> > failure. if I use a newer sendEmail version (1.56.5) comes
> > Segnentation fault. when I start sendEmail on CentOS is everything ok.
> 
> I send emails with email-client and sendEmail (win/centos).
> mail.log
> [...]: initializing the server-side TLS engine
> [...]: connect from brumw.lxsbbshome.tld[192.168.0.15]
> [...]: setting up TLS connection from brumw.lxsbbshome.tld[192.168.0.15]
> [...]: brumw.lxsbbshome.tld[192.168.0.15]: TLS cipher list
> "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]:
> SSL_accept:before/accept initialization [...]: SSL_accept:SSLv3 read
> client hello A [...]: SSL_accept:SSLv3 write server hello A
> [...]: SSL_accept:SSLv3 write certificate A
> [...]: SSL_accept:SSLv3 write server done A
> [...]: SSL_accept:SSLv3 flush data
> [...]: SSL_accept:SSLv3 read client certificate A
> [...]: SSL_accept:SSLv3 read client key exchange A
> [...]: SSL_accept:SSLv3 read certificate verify A
> [...]: SSL_accept:SSLv3 read finished A
> [...]: brumw.lxsbbshome.tld[192.168.0.15]: Issuing session ticket, key
> expiration: 1450478594 [...]: SSL_accept:SSLv3 write session ticket A
> [...]: SSL_accept:SSLv3 write change cipher spec A
> [...]: SSL_accept:SSLv3 write finished A
> [...]: SSL_accept:SSLv3 flush data
> [...]: Anonymous TLS connection established from
> brumw.lxsbbshome.tld[192.168.0.15]: TLSv1.2 with cipher
> AES128-GCM-SHA256 (128/128 bits) [...]: AFC46282149:
> client=brumw.lxsbbshome.tld[192.168.0.15]
> 
> when I send email with sendEmail from gentoo-client it comes handshake
> error mail.log
> [...]: initializing the server-side TLS engine
> [...]: connect from robin.lxsbbshome.tld[192.168.0.17]
> [...]: setting up TLS connection from robin.lxsbbshome.tld[192.168.0.17]
> [...]: robin.lxsbbshome.tld[192.168.0.17]: TLS cipher list
> "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]:
> SSL_accept:before/accept initialization [...]: SSL3 alert
> write:fatal:handshake failure [...]: SSL_accept:error in error
> [...]: SSL_accept:error in error
> [...]: SSL_accept error from robin.lxsbbshome.tld[192.168.0.17]: -1
> [...]: warning: TLS library problem: error:1408A10B:SSL
> routines:ssl3_get_client_hello:wrong version number:s3_srvr.c:960:
> [...]: lost connection after STARTTLS from
> robin.lxsbbshome.tld[192.168.0.17] [...]: disconnect from
> robin.lxsbbshome.tld[192.168.0.17] ehlo=1 starttls=0/1 commands=1/2
> 
> sendEmail.log
> [...]: DEBUG => Connecting to rosalie.lxsbbshome.tld:25
> [...]: DEBUG => My IP address is: 192.168.0.17
> [...]: DEBUG => evalSMTPresponse() - Checking for SMTP success or error
> status in the message: 220 rosalie.lxsbbshome.tld ESMTP Postfix [...]:
> DEBUG => evalSMTPresponse() - Found SMTP success code: 220 [...]:
> SUCCESS => Received:  220 rosalie.lxsbbshome.tld ESMTP Postfix
> [...]: INFO => Sending:   EHLO robin.lxsbbshome.tld [...]: DEBUG
> => evalSMTPresponse() - Checking for SMTP success or error status in
> the message: 250-rosalie.lxsbbshome.tld, 250-PIPELINING, 250-SIZE
> 1024, 250-VRFY, 250-ETRN, 250-STARTTLS, 250-AUTH PLAIN,
> 250-ENHANCEDSTATUSCODES, 250-8BITMIME, 250-DSN, 250 SMTPUTF8 [...]:
> DEBUG => evalSMTPresponse() - Found SMTP success code: 250 [...]:
> SUCCESS => Received:  250-rosalie.lxsbbshome.tld,
> 250-PIPELINING, 250-SIZE 1024, 250-VRFY, 250-ETRN, 250-STARTTLS,
> 250-AUTH PLAIN, 250-ENHANCEDSTATUSCODES,

Re: perl ssl was:Re: [gentoo-user] dovecot imap-login

2015-12-19 Thread jens wefer 
Am Mon, 14 Dec 2015 08:50:29 +0100
schrieb jens wefer :

> Am Sat, 12 Dec 2015 23:09:20 +0100
> schrieb jens wefer :
> 
> > Am Sat, 12 Dec 2015 17:53:04 +
> > schrieb Stroller :
> > 
> > > 
> > > > On Sat, 12 December 2015, at 3:08 a.m., jens wefer
> > > >  wrote:
> > > > 
> > > > I set up a mail server, postfix/dovecot, ssl required.
> > > > test with mail-client, all ok
> > > > when I try to copy mails with imapsync (gentoo) comes timeout,
> > > > and imapsync will login again.
> > > > with each new login, a new process imap-login is generated.
> > > 
> > > Sorry if this is a dumb question, but how do you know it's timing
> > > out?
> > > 
> > > Could it just be slow, as it has to compile loads of messages in
> > > its first run?
> > > 
> > > Looks like dovecot has a 30 minute timeout. [1]
> > > 
> > > An old message on the Dovecot mailing list [2] suggests to set
> > > "verbose_proctitle = yes" in config to see why each process is
> > > open.
> > > 
> > > It also suggests using high-performance mode, rather that the
> > > default. 
> > > 
> > > Stroller.
> > 
> > timeout comes from imapsync (default timeout 120 sec).
> > after 10 minutes then running 5 Dovecot processes which want 100%
> > CPU time. mail logfile:
> > imap-login: Login: user =  blablub, TLS ession, ..
> > 
> 
> I think that's a problem with perl.
> When I send an email with sendEmail comes SSLv3 Aler handshake
> failure. if I use a newer sendEmail version (1.56.5) comes
> Segnentation fault. when I start sendEmail on CentOS is everything ok.
> 


I send emails with email-client and sendEmail (win/centos).
mail.log
[...]: initializing the server-side TLS engine
[...]: connect from brumw.lxsbbshome.tld[192.168.0.15]
[...]: setting up TLS connection from brumw.lxsbbshome.tld[192.168.0.15]
[...]: brumw.lxsbbshome.tld[192.168.0.15]: TLS cipher list
"aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]:
SSL_accept:before/accept initialization [...]: SSL_accept:SSLv3 read
client hello A [...]: SSL_accept:SSLv3 write server hello A
[...]: SSL_accept:SSLv3 write certificate A
[...]: SSL_accept:SSLv3 write server done A
[...]: SSL_accept:SSLv3 flush data
[...]: SSL_accept:SSLv3 read client certificate A
[...]: SSL_accept:SSLv3 read client key exchange A
[...]: SSL_accept:SSLv3 read certificate verify A
[...]: SSL_accept:SSLv3 read finished A
[...]: brumw.lxsbbshome.tld[192.168.0.15]: Issuing session ticket, key
expiration: 1450478594 [...]: SSL_accept:SSLv3 write session ticket A
[...]: SSL_accept:SSLv3 write change cipher spec A
[...]: SSL_accept:SSLv3 write finished A
[...]: SSL_accept:SSLv3 flush data
[...]: Anonymous TLS connection established from
brumw.lxsbbshome.tld[192.168.0.15]: TLSv1.2 with cipher
AES128-GCM-SHA256 (128/128 bits) [...]: AFC46282149:
client=brumw.lxsbbshome.tld[192.168.0.15]

when I send email with sendEmail from gentoo-client it comes handshake
error mail.log
[...]: initializing the server-side TLS engine
[...]: connect from robin.lxsbbshome.tld[192.168.0.17]
[...]: setting up TLS connection from robin.lxsbbshome.tld[192.168.0.17]
[...]: robin.lxsbbshome.tld[192.168.0.17]: TLS cipher list
"aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]:
SSL_accept:before/accept initialization [...]: SSL3 alert
write:fatal:handshake failure [...]: SSL_accept:error in error
[...]: SSL_accept:error in error
[...]: SSL_accept error from robin.lxsbbshome.tld[192.168.0.17]: -1
[...]: warning: TLS library problem: error:1408A10B:SSL
routines:ssl3_get_client_hello:wrong version number:s3_srvr.c:960:
[...]: lost connection after STARTTLS from
robin.lxsbbshome.tld[192.168.0.17] [...]: disconnect from
robin.lxsbbshome.tld[192.168.0.17] ehlo=1 starttls=0/1 commands=1/2

sendEmail.log
[...]: DEBUG => Connecting to rosalie.lxsbbshome.tld:25
[...]: DEBUG => My IP address is: 192.168.0.17
[...]: DEBUG => evalSMTPresponse() - Checking for SMTP success or error
status in the message: 220 rosalie.lxsbbshome.tld ESMTP Postfix [...]:
DEBUG => evalSMTPresponse() - Found SMTP success code: 220 [...]:
SUCCESS => Received:220 rosalie.lxsbbshome.tld ESMTP Postfix
[...]: INFO => Sending: EHLO robin.lxsbbshome.tld [...]: DEBUG
=> evalSMTPresponse() - Checking for SMTP success or error status in
the message: 250-rosalie.lxsbbshome.tld, 250-PIPELINING, 250-SIZE
1024, 250-VRFY, 250-ETRN, 250-STARTTLS, 250-AUTH PLAIN,
250-ENHANCEDSTATUSCODES, 250-8BITMIME, 250-DSN, 250 SMTPUTF8 [...]:
DEBUG => evalSMTPresponse() - Found SMTP success code: 250 [...]:
SUCCESS => Received:250-rosalie.lxsbbshome.tld,
250-PIPELINING, 250-SIZE 1024, 250-VRFY, 250-ETRN, 250-STARTTLS,
250-AUTH PLAIN, 250-ENHANCEDSTATUSCODES, 250-8BITMIME, 250-DSN, 250
SMTPUTF8 [...]: DEBUG => The remote SMTP server supports TLS :) [...]:
DEBUG => Starting TLS [...]: INFO => Sending:   STARTTLS [...]:
DEBUG => evalSMTPresponse() - Checking for SMTP success or error status
in

perl ssl was:Re: [gentoo-user] dovecot imap-login

2015-12-13 Thread jens wefer 
Am Sat, 12 Dec 2015 23:09:20 +0100
schrieb jens wefer :

> Am Sat, 12 Dec 2015 17:53:04 +
> schrieb Stroller :
> 
> > 
> > > On Sat, 12 December 2015, at 3:08 a.m., jens wefer
> > >  wrote:
> > > 
> > > I set up a mail server, postfix/dovecot, ssl required.
> > > test with mail-client, all ok
> > > when I try to copy mails with imapsync (gentoo) comes timeout,
> > > and imapsync will login again.
> > > with each new login, a new process imap-login is generated.
> > 
> > Sorry if this is a dumb question, but how do you know it's timing
> > out?
> > 
> > Could it just be slow, as it has to compile loads of messages in its
> > first run?
> > 
> > Looks like dovecot has a 30 minute timeout. [1]
> > 
> > An old message on the Dovecot mailing list [2] suggests to set
> > "verbose_proctitle = yes" in config to see why each process is open.
> > 
> > It also suggests using high-performance mode, rather that the
> > default. 
> > 
> > Stroller.
> 
> timeout comes from imapsync (default timeout 120 sec).
> after 10 minutes then running 5 Dovecot processes which want 100% CPU
> time. mail logfile:
> imap-login: Login: user =  blablub, TLS ession, ..
> 

I think that's a problem with perl.
When I send an email with sendEmail comes SSLv3 Aler handshake failure.
if I use a newer sendEmail version (1.56.5) comes Segnentation fault.
when I start sendEmail on CentOS is everything ok.