Re: [spamdyke-users] Error unable to write to SSL/TLS stream

2021-03-04 Thread Sam Clippinger via spamdyke-users
The timing in those log messages looks very suspicious to me -- it looks like 
the error occurs after exactly 5 minutes of inactivity.  If spamdyke's timeout 
features are disabled, there must be some other link in your setup enforcing a 
5 minute timeout.  Just spitballing here, maybe it's a firewall or a load 
balancer?  Is your qmail patched to invoke an external spam scanner or anything?

-- Sam Clippinger




> On Mar 3, 2021, at 11:22 AM, Alessio Cecchi via spamdyke-users 
>  wrote:
> 
> Hi,
> 
> when a specific company send an email to us we receive the messages many 
> times, but only if they insert into recipients about 50 email address of the 
> same domain, if they sent the same email to only one recipients all works 
> fine.
> After some investigation, with "full-log-dir" enabled, we discovered that our 
> qmail send a "421 timeout" to remote server but when the email is already 
> accepted, so the remote server try again and so on.
> 
> Debug log, please note the delay from the last . and the error, five minutes 
> and note that "421 timeout" error was sent before of "250 ok" from qmail:
> 
> 
> 
> [...]
> 03/02/2021 12:03:00 FROM REMOTE TO CHILD: 3 bytes TLS
> .
> 
> 03/02/2021 12:08:01 LOG OUTPUT TLS
> ERROR(tls_write()@tls.c:678): unable to write to SSL/TLS stream: The 
> operation failed due to an I/O error, Connection reset by peer
> ERROR(output_writeln()@log.c:104): unable to write 37 bytes to file 
> descriptor 1: Connection reset by peer
> 
> 03/02/2021 12:08:01 FROM SPAMDYKE TO REMOTE: 37 bytes TLS
> 421 Timeout. Talk faster next time.
> 
> 03/02/2021 12:08:01 LOG OUTPUT TLS
> TIMEOUT from: u...@company.biz  to: 
> u...@partnercompany.biz  origin_ip: 
> 40.107.3.43 origin_rdns: mail-eopbgr30043.outbound.protection.outlook.com 
> auth: (unknown) encryption: TLS reason: TIMEOUT
> 
> 03/02/2021 12:10:06 FROM CHILD, FILTERED: 28 bytes TLS
> 250 ok 1614683406 qp 12548
> 
> 03/02/2021 12:10:06 - TLS ended and closed
> 
> 03/02/2021 12:10:06 CLOSED
> 
> 
> So I set the timeout from 600 to 1200 in qmail-smtpd, remove "idle-timeout" 
> from spamdyke, and disable the softlimit, the error change but the problem is 
> still present:
> 
> 
> 
> 
> 03/02/2021 13:59:27 FROM REMOTE TO CHILD: 3 bytes TLS
> .
> 
> 03/02/2021 14:06:34 LOG OUTPUT TLS
> ERROR(tls_write()@tls.c:678): unable to write to SSL/TLS stream: The 
> operation failed due to an I/O error, Connection reset by peer
> ERROR(output_writeln()@log.c:104): unable to write 26 bytes to file 
> descriptor 1: Connection reset by peer
> 
> 03/02/2021 14:06:34 FROM CHILD TO REMOTE: 26 bytes TLS
> 250 ok 1614690394 qp 765
> 
> 03/02/2021 14:06:34 LOG OUTPUT TLS
> ALLOWED from: u...@company.biz  to: 
> u...@partnercompany.biz  origin_ip: 
> 40.107.0.68 origin_rdns: mail-eopbgr00068.outbound.protect
> ion.outlook.com auth: (unknown) encryption: TLS reason: 
> 250_ok_1614690394_qp_765
> [...]
> ALLOWED from: us...@company.biz  to: 
> us...@partnercompany.biz  origin_ip: 
> 40.107.0.68 origin_rdns: mail-eopbgr00068.outbound.protection.outlook.com 
> auth: (unknown) encryption: TLS reason: 250_ok_1614690394_qp_765
> ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The 
> operation failed due to an I/O error, Unexpected EOF found
> 
> 03/02/2021 14:06:34 - TLS ended and closed
> 
> 03/02/2021 14:06:34 CLOSED
> 
> 
> Any suggestions?
> 
> Thanks
> -- 
> Alessio Cecchi
> Postmaster @ http://www.qboxmail.it 
> https://www.linkedin.com/in/alessice 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> https://spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users


Re: [spamdyke-users] Error unable to write to SSL/TLS stream

2021-03-03 Thread Alessio Cecchi via spamdyke-users

Hi Angus,

thanks for you reply.

We are not using greylisting in spamdyke.

Il 03/03/21 19:00, Angus McIntyre via spamdyke-users ha scritto:

I think spamdyke implements greylisting by sending a 421 Temporary
Failure code on first connection. That might be what's happening here.

Greylisting is off by default, but if you have it turned on you could
set `graylist-level` to `none` to turn it off. If you want to keep it on
but just fix it for that specific domain, you should be able to
configure exceptions by adding appropriate `graylist-exception-ip-entry`
or `graylist-exception-rdns-entry` entries.

Incidentally, I tend to favor disabling greylisting these days. The
original intention was to protect against spam clients that couldn't
recognize the 421 error as indicating a temporary condition: they'd try
once, get an error code, and go away. But from what I see in my own
server logs, many -- most? -- spam clients these days just keep
attempting redeliveries until either something gets delivered or they
hit some threshold number of retries. Greylisting is no help against those.

Angus


Alessio Cecchi via spamdyke-users wrote on 3/3/21 12:22 PM:

Hi,

when a specific company send an email to us we receive the messages many
times, but only if they insert into recipients about 50 email address of
the same domain, if they sent the same email to only one recipients all
works fine.

After some investigation, with "full-log-dir" enabled, we discovered
that our qmail send a "421 timeout" to remote server but when the email
is already accepted, so the remote server try again and so on.

Debug log, please note the delay from the last . and the error, five
minutes and note that "421 timeout" error was sent before of "250 ok"
from qmail:



[...]
03/02/2021 12:03:00 FROM REMOTE TO CHILD: 3 bytes TLS
.

03/02/2021 12:08:01 LOG OUTPUT TLS
ERROR(tls_write()@tls.c:678): unable to write to SSL/TLS stream: The
operation failed due to an I/O error, Connection reset by peer
ERROR(output_writeln()@log.c:104): unable to write 37 bytes to file
descriptor 1: Connection reset by peer

03/02/2021 12:08:01 FROM SPAMDYKE TO REMOTE: 37 bytes TLS
421 Timeout. Talk faster next time.

03/02/2021 12:08:01 LOG OUTPUT TLS
TIMEOUT from: u...@company.biz to: u...@partnercompany.biz origin_ip:
40.107.3.43 origin_rdns:
mail-eopbgr30043.outbound.protection.outlook.com auth: (unknown)
encryption: TLS reason: TIMEOUT

03/02/2021 12:10:06 FROM CHILD, FILTERED: 28 bytes TLS
250 ok 1614683406 qp 12548

03/02/2021 12:10:06 - TLS ended and closed

03/02/2021 12:10:06 CLOSED



So I set the timeout from 600 to 1200 in qmail-smtpd, remove
"idle-timeout" from spamdyke, and disable the softlimit, the error
change but the problem is still present:




03/02/2021 13:59:27 FROM REMOTE TO CHILD: 3 bytes TLS
.

03/02/2021 14:06:34 LOG OUTPUT TLS
ERROR(tls_write()@tls.c:678): unable to write to SSL/TLS stream: The
operation failed due to an I/O error, Connection reset by peer
ERROR(output_writeln()@log.c:104): unable to write 26 bytes to file
descriptor 1: Connection reset by peer

03/02/2021 14:06:34 FROM CHILD TO REMOTE: 26 bytes TLS
250 ok 1614690394 qp 765

03/02/2021 14:06:34 LOG OUTPUT TLS
ALLOWED from: u...@company.biz to: u...@partnercompany.biz origin_ip:
40.107.0.68 origin_rdns: mail-eopbgr00068.outbound.protect
ion.outlook.com auth: (unknown) encryption: TLS reason:
250_ok_1614690394_qp_765
[...]
ALLOWED from: us...@company.biz to: us...@partnercompany.biz origin_ip:
40.107.0.68 origin_rdns:
mail-eopbgr00068.outbound.protection.outlook.com auth: (unknown)
encryption: TLS reason: 250_ok_1614690394_qp_765
ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The
operation failed due to an I/O error, Unexpected EOF found

03/02/2021 14:06:34 - TLS ended and closed

03/02/2021 14:06:34 CLOSED



Any suggestions?

Thanks

--
Alessio Cecchi
Postmaster @ http://www.qboxmail.it
https://www.linkedin.com/in/alessice



___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users


___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users


--
Alessio Cecchi
Postmaster @ http://www.qboxmail.it
https://www.linkedin.com/in/alessice

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users


Re: [spamdyke-users] Error unable to write to SSL/TLS stream

2021-03-03 Thread Angus McIntyre via spamdyke-users
I think spamdyke implements greylisting by sending a 421 Temporary
Failure code on first connection. That might be what's happening here.

Greylisting is off by default, but if you have it turned on you could
set `graylist-level` to `none` to turn it off. If you want to keep it on
but just fix it for that specific domain, you should be able to
configure exceptions by adding appropriate `graylist-exception-ip-entry`
or `graylist-exception-rdns-entry` entries.

Incidentally, I tend to favor disabling greylisting these days. The
original intention was to protect against spam clients that couldn't
recognize the 421 error as indicating a temporary condition: they'd try
once, get an error code, and go away. But from what I see in my own
server logs, many -- most? -- spam clients these days just keep
attempting redeliveries until either something gets delivered or they
hit some threshold number of retries. Greylisting is no help against those.

Angus


Alessio Cecchi via spamdyke-users wrote on 3/3/21 12:22 PM:
> Hi,
> 
> when a specific company send an email to us we receive the messages many
> times, but only if they insert into recipients about 50 email address of
> the same domain, if they sent the same email to only one recipients all
> works fine.
> 
> After some investigation, with "full-log-dir" enabled, we discovered
> that our qmail send a "421 timeout" to remote server but when the email
> is already accepted, so the remote server try again and so on.
> 
> Debug log, please note the delay from the last . and the error, five
> minutes and note that "421 timeout" error was sent before of "250 ok"
> from qmail:
> 
> 
> 
> [...]
> 03/02/2021 12:03:00 FROM REMOTE TO CHILD: 3 bytes TLS
> .
> 
> 03/02/2021 12:08:01 LOG OUTPUT TLS
> ERROR(tls_write()@tls.c:678): unable to write to SSL/TLS stream: The
> operation failed due to an I/O error, Connection reset by peer
> ERROR(output_writeln()@log.c:104): unable to write 37 bytes to file
> descriptor 1: Connection reset by peer
> 
> 03/02/2021 12:08:01 FROM SPAMDYKE TO REMOTE: 37 bytes TLS
> 421 Timeout. Talk faster next time.
> 
> 03/02/2021 12:08:01 LOG OUTPUT TLS
> TIMEOUT from: u...@company.biz to: u...@partnercompany.biz origin_ip:
> 40.107.3.43 origin_rdns:
> mail-eopbgr30043.outbound.protection.outlook.com auth: (unknown)
> encryption: TLS reason: TIMEOUT
> 
> 03/02/2021 12:10:06 FROM CHILD, FILTERED: 28 bytes TLS
> 250 ok 1614683406 qp 12548
> 
> 03/02/2021 12:10:06 - TLS ended and closed
> 
> 03/02/2021 12:10:06 CLOSED
> 
> 
> 
> So I set the timeout from 600 to 1200 in qmail-smtpd, remove
> "idle-timeout" from spamdyke, and disable the softlimit, the error
> change but the problem is still present:
> 
> 
> 
> 
> 03/02/2021 13:59:27 FROM REMOTE TO CHILD: 3 bytes TLS
> .
> 
> 03/02/2021 14:06:34 LOG OUTPUT TLS
> ERROR(tls_write()@tls.c:678): unable to write to SSL/TLS stream: The
> operation failed due to an I/O error, Connection reset by peer
> ERROR(output_writeln()@log.c:104): unable to write 26 bytes to file
> descriptor 1: Connection reset by peer
> 
> 03/02/2021 14:06:34 FROM CHILD TO REMOTE: 26 bytes TLS
> 250 ok 1614690394 qp 765
> 
> 03/02/2021 14:06:34 LOG OUTPUT TLS
> ALLOWED from: u...@company.biz to: u...@partnercompany.biz origin_ip:
> 40.107.0.68 origin_rdns: mail-eopbgr00068.outbound.protect
> ion.outlook.com auth: (unknown) encryption: TLS reason:
> 250_ok_1614690394_qp_765
> [...]
> ALLOWED from: us...@company.biz to: us...@partnercompany.biz origin_ip:
> 40.107.0.68 origin_rdns:
> mail-eopbgr00068.outbound.protection.outlook.com auth: (unknown)
> encryption: TLS reason: 250_ok_1614690394_qp_765
> ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The
> operation failed due to an I/O error, Unexpected EOF found
> 
> 03/02/2021 14:06:34 - TLS ended and closed
> 
> 03/02/2021 14:06:34 CLOSED
> 
> 
> 
> Any suggestions?
> 
> Thanks
> 
> -- 
> Alessio Cecchi
> Postmaster @ http://www.qboxmail.it
> https://www.linkedin.com/in/alessice
> 
> 
> 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> https://spamdyke.org/mailman/listinfo/spamdyke-users
> 
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users