I am still having trouble with SSL failures. I think the problem may be an intermittent poor internet connection that incoming mail clients are on. With SSLTimeout set to 5 seconds, incoming connections may be added to SSfailed list, and thereafter are blocked by ASSP.
In the mail log I get this: Dec 12 23:32:59 mail postfix/smtpd[24137]: connect from mail.myserver.com[66.228.45.51] Dec 12 23:33:21 mail postfix/smtpd[24142]: connect from mail.myserver.com[66.228.45.51] Dec 12 23:33:24 mail postfix/smtpd[24142]: lost connection after EHLO from mail.myserver.com[66.228.45.51] Dec 12 23:33:24 mail postfix/smtpd[24142]: disconnect from mail.myserver.com[66.228.45.51] Then, in the SSlfailed list, I get: 209.216.187.251|::|[2012-12-12,23:33:26] Then, in the mail log I get this: Dec 12 23:36:06 mail postfix/smtpd[24137]: SSL_accept error from mail.myserver.com[66.228.45.51]: -1 Dec 12 23:36:06 mail postfix/smtpd[24137]: lost connection after STARTTLS from mail.myserver.com[66.228.45.51] Dec 12 23:36:06 mail postfix/smtpd[24137]: disconnect from mail.myserver.com[66.228.45.51] Dec 12 23:36:08 mail postfix/smtpd[24137]: connect from mail.myserver.com[66.228.45.51] Dec 12 23:36:09 mail postfix/smtpd[24137]: disconnect from mail.myserver.com[66.228.45.51] Question: Is ASSP blocking an IP address from connecting once an SSL connection has failed from that address? Can this be turned off? Thanks, - Jason On Dec 6, 2012, at 2:05 AM, Doug Lytle <[email protected]> wrote: > Jason Horn wrote: >> I am trying to troubleshoot a problem wherein ASSP stops responding to SMTP >> requests - that is, a user will be unable to send a message from their mail >> client. The mail client (Apple Mail) will report a problem with making an >> SSL connection to the SMTP server > > This usually happens when the SSL connection has failed between the > client and the server. > > ASSP will identify those types of connects and stop offering TLS/SSL. > If you're running ASSP version 2, you can see if this is the case by > looking into SSLfailed, lower left hand corner, under internal caches. > > You also have some SSL controlls for failures under SSL Proxy and TLS > support, make sure 'Retry SSL on "SSL want a read first" error > (SSLRetryOnError)' is checked. > > Doug > > > -- > Ben Franklin quote: > > "Those who would give up Essential Liberty to purchase a little Temporary > Safety, deserve neither Liberty nor Safety." > > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > Assp-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-user ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
