>useDB4IntCache was off. Have turned it on and have restarted ASSP.
This may solve this problem for a while. How ever - sharing memory and
databases between all threads is a basic requirement of assp V2 to work.
If this sharing is not working for any reason, I expect a wrong behavior
for all assp features!
The perl modules threads and threads::shared have to work, regardless any
assp setting!
BerkelyDB can be used for some sharing to spend memory at the cost of
speed.
I only use BerkeleyDB for the Griplist (useDB4griplist), main hashes and
lists are using mysql, all other internal and temporary variables, caches
and hashes are shared in memory - even the rebuildspamdb task runs fully
in memory (useDB4Rebuild).
Just saw at GlobalPenaltyBox-server that you use perl 5.18.2.
Have a look at http://www.cpan.org/src/
Perl version before 5.20 are no longer supported. The Perl core will not
get any fix.
versions below 5.16.3 should not be used for assp - assp will run more or
less bad
5.16.3 to 5.22.4 are not recommended to be used with assp (by me) - but
assp will run with them more or less good
5.24.0 - 5.24.3 and 5.26.0 - 5.26.1 should be upgraded (at least) to the
latest minor release - there is no good reason to use them
5.24.4 , 5.26.2 and 5.28.0 are running very well
I'm on the way to switch to perl 5.28.0. Except a small problem with
Net::SNMP on Windows x86_64, Perl 5.28.0 is ready to go. The final assp
production testing has been started. The public release of assp for perl
5.28.0 is expected at the end of August 2018. Currently I don't find and
expect any required changes in the assp code, to become perl 5.28.0
compatble.
James - you should consider to upgrade the perl installation used for
assp. If darwin has not an uptodate perl available, create a BSD (or
linux) virtual machine of your choice for assp (or use one of the provided
OVA's). Don't mix different perl versions on the same system - this leads
in to a mess.
Moving assp to another system is simple (64Bit to 64Bit).
- install perl
- install assp in the same folder structure
- run the assp module installer script
- update all perl modules to the latest version
- copy or create the rc scripts
- move the external database if required
- backup the old assp folder
- restore the backup on the new system (overwrite all files)
- fix permissions
- if the new system uses other IP's - possibly some listeners in assp need
to be reconfigured - if used, the config sharing as well
done!
Moving assp from 32Bit to 64Bit or reverse, requires to use the (clear
text) export function in assp - because the encryption engine is
incompatible.
Thomas
Von: "James Brown via Assp-test" <assp-test@lists.sourceforge.net>
An: "ASSP development mailing list" <assp-test@lists.sourceforge.net>
Kopie: "James Brown" <jlbr...@bordo.com.au>
Datum: 18.07.2018 08:27
Betreff: Re: [Assp-test] SSL failures - client being denied
useDB4IntCache was off. Have turned it off and have restarted ASSP.
James.
On 18 Jul 2018, at 4:01 pm, Thomas Eckardt <thomas.ecka...@thockar.com>
wrote:
Your Perl is not working correctly.
The SSL-failed-Cache is not shared between all running threads. Depending
on the setting of 'useDB4IntCache' BerkeleyDB or threads::shared does not
work.
Worker_1 has the IP in its SSL-failed-Cache - the MainThread (shows the
GUI) has not.
Thomas
Von: "James Brown via Assp-test" <assp-test@lists.sourceforge.net>
An: "ASSP development mailing list" <
assp-test@lists.sourceforge.net>
Kopie: "James Brown" <jlbr...@bordo.com.au>
Datum: 18.07.2018 07:44
Betreff: Re: [Assp-test] SSL failures - client being denied
Setting banFailedSSLIP to ‘public only’ didn’t work:
Jul-18-18 15:33:12 [Worker_1] Error: Worker_1 accept_SSL to client
192.168.1.51 denied - the client failed before on SSL/TLS
Error: Worker_1 accept_SSL to client 192.168.1.51 denied - the client
failed before on SSL/TLS (suppressed 2 concurrent equal 'Error' loglines
from all Workers)
The IP 192.168.1.51 is not in SSL-failed-Cache
James.
On 18 Jul 2018, at 2:17 pm, Thomas Eckardt <thomas.ecka...@thockar.com>
wrote:
set 'banFailedSSLIP' to public only - and/or - include the ClientIP's
(e.g. 192.168.0.0/16) in to 'noBanFailedSSLIP'
Thomas
Von: "James Brown via Assp-test" <assp-test@lists.sourceforge.net>
An: "ASSP development mailing list" <
assp-test@lists.sourceforge.net>
Kopie: "James Brown" <jlbr...@bordo.com.au>
Datum: 18.07.2018 02:40
Betreff: [Assp-test] SSL failures - client being denied
I’ve set up ASSP to accept connections on port 465 (was previously using
stunnel).
It usually works fine, but sometimes I get users who can no longer send
emails. Logs show:
Error: Worker_1 accept_SSL to client 192.168.1.51 denied - the client
failed before on SSL/TLS (suppressed 8 concurrent equal 'Error' loglines
from all Workers)
Jul-18-18 10:10:09 [Worker_1] Error: Worker_1 accept_SSL to client
118.209.252.91 failed IO::Socket::SSL=GLOB(0x7f823b207498) (timeout: 5 s)
: SSL wants a read first
Jul-18-18 10:10:55 [Worker_1] Error: Worker_1 accept_SSL to client
192.168.1.51 denied - the client failed before on SSL/TLS
Error: Worker_1 accept_SSL to client 192.168.1.51 denied - the client
failed before on SSL/TLS (suppressed 2 concurrent equal 'Error' loglines
from all Workers)
Jul-18-18 10:11:09 [Worker_1] Error: Worker_1 accept_SSL to client
118.209.252.91 denied - the client failed before on SSL/TLS
I have to restart ASSP so that they can send emails again. I’ll look at
‘edit SSL-failed-cache’ next time.
Startup shows:
Jul-18-18 10:18:23 [init] Info: openssl version 1.0.2g is installed
Jul-18-18 10:18:23 [init] IO::Socket::SSL module version 2.022 installed -
https and TLS/SSL is possible
Jul-18-18 10:18:23 [init] Found valid certificate and private key file -
https and TLS/SSL is available
Jul-18-18 10:18:23 [init] The underlying SSL library Net::SSLeay version
1.72 uses OpenSSL 1.0.2l 25 May 2017
Jul-18-18 10:18:23 [init] SSL_read_ahead will be used
Any suggestions?
I have:
SSLRetryOnError: 1
SSLtimeout: 5
maxSSLRenegotiations: 10
SSLDEBUG: 1
thanks,
James.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
http://sdm.link/slashdot_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
http://sdm.link/slashdot_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
