Hi Doug, I've also noticed issues like these when using Thunderbird as MUA, for about the past year. Search the list archives for my previous messages.
I was never able to find the root cause behind it. But I had assumed it was caused by my fairly old version of openssl, since I am on CentOS 5, which uses openssl 0.9.8e. But it looks like wheezy is using 1.0.1e. So then the common denominator here is actually Mozilla MUA software, so I wonder if there's some sort of peculiarity with that and STARTTLS. A large part of the problem seems to be that whatever initially happens to the connection at first to cause it to fail, that failure then gets the IP banned from SSL by ASSP for later connections. My workaround was to use (noBanFailedSSLIP) to whitelist the affected users and allow them to continue trying until the mail went through, but that got to be too much of a management problem, so I ended up setting (banFailedSSLIP) to /disable/, which is where I currently am. While not optimal, it seems to let users just retrying sending again and again until the mail finally goes through, which it seems to do - even without frequent ASSP restarts. If you come up with anything better, I'd love to hear it. Soon, I want to disable all user logins via unencrypted protocols, and it would be really nice to have more reliable secure connections to go with that. -C Doug Lytle said the following on 11/30/2014 5:40 AM: > Everybody, > > I've been having issues with remote users not being able to send email > using STARTTLS with SeaMonkey as the MUA on port 587, for the last > couple months. > > The symptoms are: > > User goes to send email > > SeaMonkey's status bar indicates email is in the process of being sent. > It then just sits there with the status bar at 99%. Two minutes later, > SeaMonkey times out stating the email could not be sent. > Restarting ASSP and trying again, succeeds. > > Once ASSP has been restarted, email will flow fine for 2 or 3 hours, > before the process needs to be restarted again. > > I did download and put into place the SSL.pm from the SourceForge page, > hoping the bump would fix the issue, but it has not. I placed it into > /assp/lib/Net/SMTP. The version number is showing correct in the ASSP > admin page. > > I've set a debug on the test IP address for a success and failure that > I've attached via pastebin. > > Any suggestions on what may be the cause? > > Failed attempt debug: http://pastebin.com/U5dYMNNR > Succeed attempt debug: http://pastebin.com/7LJTdZgB > > I've upgraded to the latest ASSP today: > > ASSP version 2.4.4(14331) > > It made no difference > > System specs: > > root@assp2:/assp/debug# lsb_release -a > No LSB modules are available. > Distributor ID: Debian > Description: Debian GNU/Linux 7.7 (wheezy) > Release: 7.7 > Codename: wheezy > > perl -v > > This is perl 5, version 18, subversion 0 (v5.18.0) built for > x86_64-linux-thread-multi > > The mail server is Zimbra (Backend is Postfix) > > Thanks! > > Doug > ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
