enable 'ConTimeOutDebug' - the debug logs will show where the communication stucks
Thomas Von: "Dirk Kulmsee" <d.kulm...@netgroup.de> An: "'ASSP development mailing list'" <assp-test@lists.sourceforge.net> Datum: 16.12.2019 12:43 Betreff: [Assp-test] TLS connections getting stuck Hi all, i am currently using ASSP 2.6.4 19341 on Debian Linux, Perl 5.28 For some weeks now I have the problem that many TLS connections time out so mails are not received or are received after retries with huge delays up to several days. This happens with several different servers (e.g. from gmx.net, t-online.de) but it does not always happen. Most mail flows smoothly. I am using an official SSL certificate (Digicert wildcard), SSL_version and SSL_cipher_list are set to default. ASSP forwards mail to a Postfix on the same machine, port 125. Here are some log lines: Dec 16 11:54:32 localhost assp.pl[115465]: [Worker_1] Worker_1 wakes up Dec 16 11:54:32 localhost assp.pl[115465]: [Worker_1] Info: Worker_1 got connection from MainThread Dec 16 11:54:32 localhost assp.pl[115465]: [Worker_1] Connected: session:7FA1F68F3B30 212.18.1.53:33523 > 192.168.12.242:25 > 127.0.0.1:125 Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] 212.18.1.53 Disabled SMTP AUTH for External IPs Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] 212.18.1.53 info: got STARTTLS request from 212.18.1.53 Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:1578: start handshake Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:1030: starting sslifying Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:1077: Net::SSLeay::accept -> -1 Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:1077: Net::SSLeay::accept -> -1 Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:1077: Net::SSLeay::accept -> 1 Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:1125: handshake done, socket ready Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:1578: start handshake Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:757: ssl handshake not started Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:802: not using SNI because hostname is unknown Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:3093: get_session(127.0.0.1:125) -> none Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:850: set socket to non-blocking to enforce timeout=5 Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:863: call Net::SSLeay::connect Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:866: done Net::SSLeay::connect -> 1 Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:921: ssl handshake done Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:2970: callback session new <127.0.0.1:125> 140333579019952 Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: .../IO/Socket/SSL.pm:3040: add_session(127.0.0.1:125,140333579019952) Dec 16 11:57:44 localhost assp.pl[115465]: [Worker_1] [TLS-in] [TLS-out] 212.18.1.53 TLS-Connection idle for 180 secs - timeout Dec 16 11:57:44 localhost assp.pl[115465]: [Worker_1] [TLS-in] [TLS-out] 212.18.1.53 [SMTP Status] 451 Connection timeout, try later Dec 16 11:57:44 localhost assp.pl[115465]: [Worker_1] [TLS-in] [TLS-out] 212.18.1.53 disconnected: session:7FA1F68F3B30 212.18.1.53 - processing time 0 seconds Dec 16 11:57:44 localhost assp.pl[115465]: [Worker_1] Worker_1 will sleep now The IP mentioned here ends up in SSL-failed-cache. Any ideas where to look or what to change? Best regards Dirk_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
