Re: IO Error: tlsv1 alert decode error
Yeah. Sorry about the misinformation. But it's nice when problems are already solved. :) Thanks again, Eric On 16 May 2015, at 10:57, Gilles Chehade gil...@poolp.org wrote: On Fri, May 15, 2015 at 11:21:33PM +0200, Eric Ripa wrote: Hi Gilles, I don???t know how far you got with this. I have resolved the issue, cause unknown. First, I actually had 5.4.3 and not 5.4.4. I was certain that I had upgraded. Anyway??? so I simply shutdown smtpd, upgraded to 5.4.5 and booted it up again. Then rescheduling the emails worked fine much better with proper downgrade. Hopefully it was fixed by the version change (something in this area probably changed as the message formatting was a bit different). I was going to mail you this morning and ask if you were sure you didn't run 5.4.3 as the bug you experience was fixed by Stefan Sieg and his fix was committed over 5 months ago: https://github.com/OpenSMTPD/OpenSMTPD/commit/4d8347ff92351462418cad2f67d6787aa6f137cd So nope, the issue doesn't have an unknown cause ;-) -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: IO Error: tlsv1 alert decode error
On Wed, May 13, 2015 at 01:27:44PM +0200, Eric Ripa wrote: Okay. So I've looked further into this, the destination MX record contains 6 addresses. The first 5 generates the below TLS IO Error, but the 6th doesn't seem to be up to respond on SMTP queries. So what I believe is happening is that OpenSMTPD retries all alternative MX records when TLS is failing on the first ones.. but then the last isn't up so it lingers with 'Network error on destination MXs' Any input on how to do a workaround? Is it possible to force non-tls on certain destinations or change the fallback algorithm? I'll have a look today -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: IO Error: tlsv1 alert decode error
Hi Gilles, I don’t know how far you got with this. I have resolved the issue, cause unknown. First, I actually had 5.4.3 and not 5.4.4. I was certain that I had upgraded. Anyway… so I simply shutdown smtpd, upgraded to 5.4.5 and booted it up again. Then rescheduling the emails worked fine much better with proper downgrade. Hopefully it was fixed by the version change (something in this area probably changed as the message formatting was a bit different). Heres a log excerpt: May 15 23:08:13 mail smtpd[5853]: smtp-out: Connecting to smtp+tls://[REDACTED]:25 (mms.[REDACTED].com) on session c1bf6e17bee0f395... May 15 23:08:13 mail smtpd[5853]: smtp-out: Connected on session c1bf6e17bee0f395 May 15 23:08:17 mail smtpd[5853]: smtp-out: TLS Error on session c1bf6e17bee0f395: TLS failed, downgrading to plain May 15 23:08:17 mail smtpd[5853]: smtp-out: Connecting to smtp://[REDACTED]:25 (mms.[REDACTED].com) on session c1bf6e17bee0f395... May 15 23:08:17 mail smtpd[5853]: smtp-out: Connected on session c1bf6e17bee0f395 May 15 23:08:19 mail smtpd[5853]: relay: Ok for bc9c69f19a657426: session=c1bf6e17bee0f395, from=[REDACTED], to=[REDACTED], rcpt=-, source=192.168.132.233, relay=[REDACTED] (mms.[REDACTED].com), d elay=2d23m40s, stat=250 ok: Message 64860805 accepted May 15 23:08:29 mail smtpd[5853]: smtp-out: Closing session c1bf6e17bee0f395: 1 message sent. Thanks for any effort you put into this! Eric On 15 May 2015, at 09:46, Gilles Chehade gil...@poolp.org wrote: On Wed, May 13, 2015 at 01:27:44PM +0200, Eric Ripa wrote: Okay. So I've looked further into this, the destination MX record contains 6 addresses. The first 5 generates the below TLS IO Error, but the 6th doesn't seem to be up to respond on SMTP queries. So what I believe is happening is that OpenSMTPD retries all alternative MX records when TLS is failing on the first ones.. but then the last isn't up so it lingers with 'Network error on destination MXs' Any input on how to do a workaround? Is it possible to force non-tls on certain destinations or change the fallback algorithm? I'll have a look today -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: IO Error: tlsv1 alert decode error
Okay. So I've looked further into this, the destination MX record contains 6 addresses. The first 5 generates the below TLS IO Error, but the 6th doesn't seem to be up to respond on SMTP queries. So what I believe is happening is that OpenSMTPD retries all alternative MX records when TLS is failing on the first ones.. but then the last isn't up so it lingers with 'Network error on destination MXs' Any input on how to do a workaround? Is it possible to force non-tls on certain destinations or change the fallback algorithm? Eric Ripa On 2015-05-13, at 13:18, Eric Ripa e...@stickybit.se wrote: I forgot to mention some details. It's OpenSMTPD 5.4.4 on OpenBSD 5.6. I'm happy to provide the MX hostnames in private if someone needs them. Eric Ripa On 2015-05-13, at 09:22, Eric Ripa e...@stickybit.se wrote: Hi, I'm getting a weird IO error on when smtpd tries to deliver mail over smtp+tls. The MX record contains multiple servers and all are showing the same behavior. Could anyone shed some light on the potential issue? Enveloped end up in temporary failure with 'Network error on destination MXs' May 13 09:16:51 mail smtpd[23296]: smtp-out: Connecting to smtp+tls://[REDACTED]:25 (mms.[REDACTED].com) on session 5a151ca2c611100d... May 13 09:16:51 mail smtpd[23296]: smtp-out: Connected on session 5a151ca2c611100d May 13 09:16:52 mail smtpd[23296]: smtp-out: Error on session 5a151ca2c611100d: IO Error: error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error May 13 09:16:52 mail smtpd[23296]: smtp-out: Disabling route [] - [REDACTED] (mms.[REDACTED].com) for 800s May 13 09:16:53 mail smtpd[23296]: smtp-out: Connecting to smtp+tls://[REDACTED]:25 (mail-gw.[REDACTED].com) on session 5a151ca314e2c781... May 13 09:16:53 mail smtpd[23296]: smtp-out: Connected on session 5a151ca314e2c781 May 13 09:16:54 mail smtpd[23296]: smtp-out: Error on session 5a151ca314e2c781: IO Error: error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error May 13 09:16:54 mail smtpd[23296]: smtp-out: Disabling route [] - [REDACTED] (mail-gw.[REDACTED].com) for 800s May 13 09:16:55 mail smtpd[23296]: smtp-out: Connecting to smtp+tls://[REDACTED]:25 (mail-gw6.[REDACTED].com) on session 5a151ca44b96ca01... May 13 09:16:56 mail smtpd[23296]: smtp-out: Connected on session 5a151ca44b96ca01 May 13 09:16:56 mail smtpd[23296]: smtp-out: Error on session 5a151ca44b96ca01: IO Error: error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error May 13 09:16:56 mail smtpd[23296]: smtp-out: Disabling route [] - [REDACTED] (mail-gw6.[REDACTED].com) for 800s Thanks, Eric Ripa -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: IO Error: tlsv1 alert decode error
I forgot to mention some details. It's OpenSMTPD 5.4.4 on OpenBSD 5.6. I'm happy to provide the MX hostnames in private if someone needs them. Eric Ripa On 2015-05-13, at 09:22, Eric Ripa e...@stickybit.se wrote: Hi, I'm getting a weird IO error on when smtpd tries to deliver mail over smtp+tls. The MX record contains multiple servers and all are showing the same behavior. Could anyone shed some light on the potential issue? Enveloped end up in temporary failure with 'Network error on destination MXs' May 13 09:16:51 mail smtpd[23296]: smtp-out: Connecting to smtp+tls://[REDACTED]:25 (mms.[REDACTED].com) on session 5a151ca2c611100d... May 13 09:16:51 mail smtpd[23296]: smtp-out: Connected on session 5a151ca2c611100d May 13 09:16:52 mail smtpd[23296]: smtp-out: Error on session 5a151ca2c611100d: IO Error: error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error May 13 09:16:52 mail smtpd[23296]: smtp-out: Disabling route [] - [REDACTED] (mms.[REDACTED].com) for 800s May 13 09:16:53 mail smtpd[23296]: smtp-out: Connecting to smtp+tls://[REDACTED]:25 (mail-gw.[REDACTED].com) on session 5a151ca314e2c781... May 13 09:16:53 mail smtpd[23296]: smtp-out: Connected on session 5a151ca314e2c781 May 13 09:16:54 mail smtpd[23296]: smtp-out: Error on session 5a151ca314e2c781: IO Error: error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error May 13 09:16:54 mail smtpd[23296]: smtp-out: Disabling route [] - [REDACTED] (mail-gw.[REDACTED].com) for 800s May 13 09:16:55 mail smtpd[23296]: smtp-out: Connecting to smtp+tls://[REDACTED]:25 (mail-gw6.[REDACTED].com) on session 5a151ca44b96ca01... May 13 09:16:56 mail smtpd[23296]: smtp-out: Connected on session 5a151ca44b96ca01 May 13 09:16:56 mail smtpd[23296]: smtp-out: Error on session 5a151ca44b96ca01: IO Error: error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error May 13 09:16:56 mail smtpd[23296]: smtp-out: Disabling route [] - [REDACTED] (mail-gw6.[REDACTED].com) for 800s Thanks, Eric Ripa -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
IO Error: tlsv1 alert decode error
Hi, I'm getting a weird IO error on when smtpd tries to deliver mail over smtp+tls. The MX record contains multiple servers and all are showing the same behavior. Could anyone shed some light on the potential issue? Enveloped end up in temporary failure with 'Network error on destination MXs' May 13 09:16:51 mail smtpd[23296]: smtp-out: Connecting to smtp+tls://[REDACTED]:25 (mms.[REDACTED].com) on session 5a151ca2c611100d... May 13 09:16:51 mail smtpd[23296]: smtp-out: Connected on session 5a151ca2c611100d May 13 09:16:52 mail smtpd[23296]: smtp-out: Error on session 5a151ca2c611100d: IO Error: error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error May 13 09:16:52 mail smtpd[23296]: smtp-out: Disabling route [] - [REDACTED] (mms.[REDACTED].com) for 800s May 13 09:16:53 mail smtpd[23296]: smtp-out: Connecting to smtp+tls://[REDACTED]:25 (mail-gw.[REDACTED].com) on session 5a151ca314e2c781... May 13 09:16:53 mail smtpd[23296]: smtp-out: Connected on session 5a151ca314e2c781 May 13 09:16:54 mail smtpd[23296]: smtp-out: Error on session 5a151ca314e2c781: IO Error: error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error May 13 09:16:54 mail smtpd[23296]: smtp-out: Disabling route [] - [REDACTED] (mail-gw.[REDACTED].com) for 800s May 13 09:16:55 mail smtpd[23296]: smtp-out: Connecting to smtp+tls://[REDACTED]:25 (mail-gw6.[REDACTED].com) on session 5a151ca44b96ca01... May 13 09:16:56 mail smtpd[23296]: smtp-out: Connected on session 5a151ca44b96ca01 May 13 09:16:56 mail smtpd[23296]: smtp-out: Error on session 5a151ca44b96ca01: IO Error: error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error May 13 09:16:56 mail smtpd[23296]: smtp-out: Disabling route [] - [REDACTED] (mail-gw6.[REDACTED].com) for 800s Thanks, Eric Ripa -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
