Re: [qmailtoaster] RES: TLS error

[Dan McAllister]

The most common problem I've had with TLS and all of the QMAIL TOASTER 
daemons is a lack of available RAM.

First off, let me explain that I use both 64-bit and 32-bit Linux 
implementations (mostly CentOS, some Fedora, a few Debian), and the 
problem first arose on a 64-bit system. The fix was to drastically 
increase the softlimit in my run scripts, and since I duplicate config 
info on all of my systems - regardless of 64 or 32-bit OSes -- I've 
never seen this be a problem in the 32-bit systems.

What happens when the process runs out of RAM because of the need for 
the TLS libraries is that the process crashes -- with indeterminate results.

So, my suggestion is to up your softlimit and let's go from there!

Dan

---
IT4SOHO, LLC
224 13th Ave N
St. Petersburg, FL 33701-1122

877-IT4SOHO: Toll Free
727-647-7646 In Pinellas
813-464-2093 In Hillsborough
727-507-9435 Fax Only

"We make IT work for small business!"




Fábio R. P. Franco wrote:
Hey guys!

I think it was what I thought. I searched through the list archives and
found out that command:

[r...@sulistasrv13 send]# openssl s_client -starttls smtp -crlf -connect
209.239.114.87:25 -debug
CONNECTED(00000003)
read from 0x867fc20 [0x8679350] (8192 bytes => 34 (0x22))
0000 - 32 32 30 20 63 68 65 65-74 61 72 61 2e 6e 65 74   220 cheetara.net
0010 - 73 70 61 2e 63 6f 6d 2e-62 72 20 45 53 4d 54 50   spa.com.br ESMTP
0020 - 0d 0a                                             ..
write to 0x867fc20 [0x7fffb419a920] (10 bytes => 10 (0xA))
0000 - 53 54 41 52 54 54 4c 53-0d 0a                     STARTTLS..
read from 0x867fc20 [0x8677340] (8192 bytes => 19 (0x13))
0000 - 32 32 30 20 72 65 61 64-79 20 66 6f 72 20 74 6c   220 ready for tl
0010 - 73 0d 0a                                          s..
write to 0x867fc20 [0x867fcc0] (133 bytes => 133 (0x85))
0000 - 80 83 01 03 01 00 5a 00-00 00 20 00 00 39 00 00   ......Z... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0   8..5............
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00   ..3..2../.....f.
0030 - 00 05 00 00 04 01 00 80-00 00 63 00 00 62 00 00   ..........c..b..
0040 - 15 00 00 12 00 00 09 06-00 40 00 00 65 00 00 64   .........@..e..d
0050 - 00 00 14 00 00 11 00 00-08 00 00 06 04 00 80 00   ................
0060 - 00 03 02 00 80 e3 81 2d-45 6e 15 7e 88 9b a3 48   .......-En.~...H
0070 - fb 3c 61 3d 08 46 f9 84-01 b3 6a 91 6a f6 ca 88   .<a=.F....j.j...
0080 - 30 ac 5d a4 6d                                    0.].m
HELO kernel.org


When I did the HELO on a functioning server (smtp.gmail.com) it gave some
error and quit, but the 209.239.114.87 server didn't do anything -- probably
it's dying after STARTTLS.

Any opinions?

Fabio Franco

-----Mensagem original-----
De: Fábio R. P. Franco [mailto:fabio.fra...@pelissari.com.br] 
Enviada em: quarta-feira, 3 de junho de 2009 14:34
Para: 'qmailtoaster-list@qmailtoaster.com'
Assunto: TLS error

Hello guys!

I am having problems delivering an e-mail  to a certain server:
209.239.114.87

2009-06-01 11:45:55.590179500 delivery 1220787: deferral:
TLS_connect_failed:_timed_out;_connected_to_209.239.114.87./
2009-06-01 11:45:55.590202500 status: local 0/10 remote 2/60
2009-06-01 11:45:55.612051500 delivery 1220788: deferral:
TLS_connect_failed:_timed_out;_connected_to_209.239.114.87./
2009-06-01 11:45:55.612060500 status: local 0/10 remote 1/60

I think it’s trying to use TLS. The message is staying on queue and giving
these errors on the send logs. 

My bet is that their server (209.239.114.87) is not correctly configured for
TLS so it’s timing out. What do you think? Any tests I can run?

Att,

Fabio Franco


---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
    Vickers Consulting Group offers Qmailtoaster support and installations.
      If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
     Please visit qmailtoaster.com for the latest news, updates, and packages.
     
      To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
     For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


  

---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and packages.
    
     To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
    For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com