>Now I get the whole session through to the end of DATA and the trailing . within a few seconds >ASSP logs it and then leaves the connection open but does nothing >The MTA then times out the connection after 14400s
So I assume the following SMTP command sequence ..... MTA->ASSP->CLIENT: 354 send.... CLIENT->ASSP-MTA: data until[CR][LF].[CR][LF] MTA->ASSP->CLIENT: 250 queued in ...... At this point the client has the following options RSET MAIL FROM: QUIT NOOP HELP If nothing is sent by the client, the connection will run in to a timeout Thomas Von: Colin <colin.war...@gmail.com> An: ASSP development mailing list <assp-test@lists.sourceforge.net> Datum: 15.07.2014 10:41 Betreff: Re: [Assp-test] Timeout issues Hi Spyros, ASSP still does TLS for incoming connections. The only thing that I have disabled is the MTA (Exim) receiving inbound TLS connections - it will still send outbound emails via TLS. This means that the only affected connections are between ASSP and Exim and this occurs on the local loopback address. Exim does not even listen on any external interfaces. The only security risk is someone with access to the box being able to run tcpdump and by that point we're in serious trouble anyway! I looked into the tcpdump again yesterday and got further baffled. It seems that disabling TLS has changed the issue somewhat. The original issue was that ASSP would receive the message and deliver it to the MTA. Something would happen and the connection would go idle at the end of DATA until the MTA timed it out at 400s. Now I get the whole session through to the end of DATA and the trailing . within a few seconds. The MTA sends the OK and queue id number back to ASSP, ASSP logs it and then leaves the connection open but does nothing with it. The MTA then times out the connection after 14400s. The message has long since been delivered. Interestingly, it seems that Amazon Web Services IP addresses are responsible for the majority of these odd sessions in the logs. The only changes I have made are to disable TLS between ASSP and Exim as above and to increase the timeout from 400s to 14400s. All the best, Colin Waring. On 15/07/2014 09:25, Spyros Tsiolis wrote: >> -------------------------------------------- >> On Sat, 12/7/14, Colin <colin.war...@gmail.com> wrote: >> >> Subject: Re: [Assp-test] Timeout issues >> To: assp-test@lists.sourceforge.net >> Date: Saturday, 12 July, 2014, 21:32 >> >> Hi All, >> >> Good news. Disabling TLS on >> the mta has resolved the issue completely. >> There isn't any idle time on the >> connections any more and I've observed >> a previously affected server (unable to deliver >> a message to us for a >> couple of days) send >> through on its first retry attempt. >> >> I'm not sure what the issue is as I am >> using the same Exim config as I >> have always >> used. It could be Exim, it could be ASSP but I'm happy >> with >> TLS off as both are on the same box >> communicating over the loopback >> interface. >> >> All >> the best, >> Coin Waring > > hi Colin, > > but now isn't your system open to attacks ? > Since disabling TLS ? > I mean between the mua's (the clients) and the box that houses > your mta and assp ? > > Just wondering. > > s. > > ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
