Thanks to you all for your input I have upgraded my SSL module, I am waiting to see what happens, because I can't reliably reproduce the problem I will have to monitor the logs and wait.
JR - thanks for the pointers on the debug logging - I use a similar technique in my work but I am not very PERL savvy so it is good to find a technique I can relate to. Is there any way (other than by quizzing the senders sys-op) of knowing if it _is_ key verification that is the problem - I would happily spend the money if it would fix things but I would need to provide a cost justification to my boss. -----Original Message----- From: J.R. Oldroyd [mailto:[email protected]] Sent: 06 April 2009 15:30 To: [email protected] Subject: Re: [Assp-test] 1.5.1.2 - Many Connection Idle - timeout On Mon, 6 Apr 2009 13:07:22 +0100, "Kevin Lawry" <[email protected]> wrote: > > > Using 1.5.1.2(0.0.03, and earlier versions - I upgraded in the hope of a > fix, I get many 'Connection Idle' timeouts and related dropped > connections. > > I am running with SSL enabled, using a self signed OpenSSL certificate > and the problem seems more prevalent when SSL is enabled - I am trying > to prove that but collecting enough samples is proving problematic. > > I have debug logging turned on, connection logging turned on and verbose > logging for most things in place. I am trying to understand the logs > produced, and I can see the conversation start (at least in the last > example I found) but it seems to just come to a halt - the debug log > has a series of <6>, <50>, <8> repeats and then drops in to the next > conversation (I assume those are place markers from the script) > The <N> entries correspond to the d(N) trace points in the code. > I would like please a bit of guidance, can somebody suggest where I > should start with the process of debugging this problem. > If you're suspecting SSL, turn SSL off and see if the problem goes away. If it still appears to be SSL, this could be a low-level SSL problem. ASSP checks that the modules it uses are recent (i.e., IO::Socket::SSL is 1.13 or later - 1.13 is reported to work). This SSL module uses lower-level SSL modules (NET::SSLeay) internally. ASSP cannot check that module version because ASSP does not use it directly and different implementations may or may not use SSLeay internally. Check that's up-to-date, too. While INET6 is unrelated to SSL, others have reported that an out-of-date INET6 module can adversely affect SSL, so make sure IO::Socket::INET6 is either up-to-date (>= 2.65) or not present. (ASSP disables INET6 if the INET6 module is out-of-date, but it does not disable SSL if the INET6 module is out-of-date.) A problem like this could be due to the client trying to do SSL key verification. Since your keys are self-signed, they cannot be verified, so this will fail. If this is the case, the problem will go away when you disable SSL. The fix would be to use keys signed by a verifiable agency. > So far, I have found that for one sender at least they can send > sometimes and not others (their mail server is running exim - may or may > not be important) > Intermittent problems suggest a problem dependent on data (e.g., email content or size) or on time. That would again suggest a low-level module bug. > Not everything that fails is spam (else I wouldn't care) > > Final point - DBG files seem to keep vanishing - is that expected > behaviour? > Files "vanishing" is usually caused by a delete/unlink operation on the file. Check for something deleting them. I didn't think ASSP did this, but it might. -jr ------------------------------------------------------------------------ ------ _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
