[spamdyke-users] follow up on spamdyke tls accept problem.
Is it a bug ? I'll summarize the problem: Spamdyke , when tls is disabled, seems to require every time a tls connetion, and so forece the remote mta to talk tls. I understand that the problem could be fixed by enabling the tls support in spamdyke, but if i want to use the tls on qmail-smtpd side i need to disable tls on the spamdyke side. So, is a problem that could be solved ? Thx in advance, Davie ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] follow up on spamdyke tls accept problem.
It sounds like a bug. I've seen several complaints about TLS passthrough but I've been unable to reproduce it myself. Out of curiosity, why do you want qmail to do the TLS instead of spamdyke? During my (very) little free time over the past week, I've been trying to fix the 100% CPU bug (reported by Pablo González on 1/11). I haven't been able to reproduce it yet, despite trying a number of different things. There are still more ideas to try. Hopefully Real Life(tm) will slow down this week and I'll have more time for spamdyke. -- Sam Clippinger Davide Bozzelli wrote: Is it a bug ? I'll summarize the problem: Spamdyke , when tls is disabled, seems to require every time a tls connetion, and so forece the remote mta to talk tls. I understand that the problem could be fixed by enabling the tls support in spamdyke, but if i want to use the tls on qmail-smtpd side i need to disable tls on the spamdyke side. So, is a problem that could be solved ? Thx in advance, Davie ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] follow up on spamdyke tls accept problem.
Hello, I think the 100% cpu bug is related to TLS. I disabled TLS on spamdyke and the 100% bug disappeared, but now I see that qmail-smtpd TLS is broken too: openssl s_client -starttls smtp -crlf -connect localhost:25 CONNECTED(0003) 6570:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:567: This was an old issue documented at shupp.org but I can't solve it . my /var/qmail/control: /var/qmail/control# ls -l tls* -rw-r--r-- 1 root root 386 2008-01-01 10:44 tlsclientciphers -rw-r--r-- 1 root root 386 2008-01-01 10:44 tlsserverciphers /var/qmail/control# ls -l *.pem -rw-r- 1 vpopmail qmail 2189 2007-12-12 15:53 clientcert.pem -rw-r- 1 vpopmail qmail 245 2008-01-16 01:01 dh1024.pem -rw-r- 1 vpopmail qmail 156 2008-01-16 01:01 dh512.pem -rw-r- 1 vpopmail qmail 493 2008-01-16 01:01 rsa512.pem -rw-r- 1 vpopmail qmail 2189 2007-12-12 15:53 servercert.pem # dpkg -l openssl openssl0.9.8c-4etch1 I hope you can give me some hints. Il giorno 16 gen 2008, alle ore 18:26, Sam Clippinger ha scritto: It sounds like a bug. I've seen several complaints about TLS passthrough but I've been unable to reproduce it myself. Out of curiosity, why do you want qmail to do the TLS instead of spamdyke? During my (very) little free time over the past week, I've been trying to fix the 100% CPU bug (reported by Pablo González on 1/11). I haven't been able to reproduce it yet, despite trying a number of different things. There are still more ideas to try. Hopefully Real Life(tm) will slow down this week and I'll have more time for spamdyke. -- Sam Clippinger Davide Bozzelli wrote: Is it a bug ? I'll summarize the problem: Spamdyke , when tls is disabled, seems to require every time a tls connetion, and so forece the remote mta to talk tls. I understand that the problem could be fixed by enabling the tls support in spamdyke, but if i want to use the tls on qmail-smtpd side i need to disable tls on the spamdyke side. So, is a problem that could be solved ? Thx in advance, Davie ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] follow up on spamdyke tls accept problem.
Yes, the 100% CPU bug seems to be TLS-related but it is separate from the bug with TLS passthrough. The two functions use different portions of the code, so fixing one will not necessarily fix the other. By disabling TLS, you've simply switched bugs. Sorry about that. :( -- Sam Clippinger Paolo wrote: Hello, I think the 100% cpu bug is related to TLS. I disabled TLS on spamdyke and the 100% bug disappeared, but now I see that qmail-smtpd TLS is broken too: openssl s_client -starttls smtp -crlf -connect localhost:25 CONNECTED(0003) 6570:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:567: This was an old issue documented at shupp.org but I can't solve it . my /var/qmail/control: /var/qmail/control# ls -l tls* -rw-r--r-- 1 root root 386 2008-01-01 10:44 tlsclientciphers -rw-r--r-- 1 root root 386 2008-01-01 10:44 tlsserverciphers /var/qmail/control# ls -l *.pem -rw-r- 1 vpopmail qmail 2189 2007-12-12 15:53 clientcert.pem -rw-r- 1 vpopmail qmail 245 2008-01-16 01:01 dh1024.pem -rw-r- 1 vpopmail qmail 156 2008-01-16 01:01 dh512.pem -rw-r- 1 vpopmail qmail 493 2008-01-16 01:01 rsa512.pem -rw-r- 1 vpopmail qmail 2189 2007-12-12 15:53 servercert.pem # dpkg -l openssl openssl0.9.8c-4etch1 I hope you can give me some hints. Il giorno 16 gen 2008, alle ore 18:26, Sam Clippinger ha scritto: It sounds like a bug. I've seen several complaints about TLS passthrough but I've been unable to reproduce it myself. Out of curiosity, why do you want qmail to do the TLS instead of spamdyke? During my (very) little free time over the past week, I've been trying to fix the 100% CPU bug (reported by Pablo González on 1/11). I haven't been able to reproduce it yet, despite trying a number of different things. There are still more ideas to try. Hopefully Real Life(tm) will slow down this week and I'll have more time for spamdyke. -- Sam Clippinger Davide Bozzelli wrote: Is it a bug ? I'll summarize the problem: Spamdyke , when tls is disabled, seems to require every time a tls connetion, and so forece the remote mta to talk tls. I understand that the problem could be fixed by enabling the tls support in spamdyke, but if i want to use the tls on qmail-smtpd side i need to disable tls on the spamdyke side. So, is a problem that could be solved ? Thx in advance, Davie ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] follow up on spamdyke tls accept problem.
Sam Clippinger ha scritto: It sounds like a bug. I've seen several complaints about TLS passthrough but I've been unable to reproduce it myself. Out of curiosity, why do you want qmail to do the TLS instead of spamdyke? One of the reasons coul be for granularity of options: with the jms combined patch for example, i could choose how and when enable the tls/sll options by enabling the right env vars, example: http://qmail.jms1.net/tls-auth.shtml This link show all the possible combination . Is it clear then that by disabling spamdyke tls i can use all the possibility of configurations at qmail-smtpd level. Have fun, Davide ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
