SMTP Timeouts

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

SMTP Timeouts

Doug Lytle
I am running ASSP version 2.4.6(15334) on Debian GNU/Linux 7.9 (wheezy),
Perl version:

perl -v

This is perl 5, version 18, subversion 0 (v5.18.0) built for
x86_64-linux-thread-multi

I've noted that when ASSP's 'do TLS' module is enabled on port 25, I get
lots of SMTP timeouts, when it's only available on port 587, I get
almost none.  Is there a fix for this?

IO::Socket::SSL version: 1.02

Thanks,

Doug


------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: SMTP Timeouts

Thomas Eckardt/eck
Doug, please enable 'ConTimeoutDebug' , let a connection run in to the
timeout and send me the related file from the debug folder.
Thank you.

Thomas



Von:    Doug Lytle <[hidden email]>
An:     ASSP Test <[hidden email]>
Datum:  06.12.2015 12:36
Betreff:        [Assp-test] SMTP Timeouts



I am running ASSP version 2.4.6(15334) on Debian GNU/Linux 7.9 (wheezy),
Perl version:

perl -v

This is perl 5, version 18, subversion 0 (v5.18.0) built for
x86_64-linux-thread-multi

I've noted that when ASSP's 'do TLS' module is enabled on port 25, I get
lots of SMTP timeouts, when it's only available on port 587, I get
almost none.  Is there a fix for this?

IO::Socket::SSL version: 1.02

Thanks,

Doug


------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple
OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: SMTP Timeouts

Thomas Eckardt/eck
In reply to this post by Doug Lytle
Doug, please upgrade IO::Socket::SSL to the latest version (possibly also
Net::SSLeay) and tryout the latest assp v2 dev build.
Tell me if the issue (timeouts) is gone.

Thank you.

Thomas





Von:    Doug Lytle <[hidden email]>
An:     ASSP Test <[hidden email]>
Datum:  06.12.2015 12:36
Betreff:        [Assp-test] SMTP Timeouts



I am running ASSP version 2.4.6(15334) on Debian GNU/Linux 7.9 (wheezy),
Perl version:

perl -v

This is perl 5, version 18, subversion 0 (v5.18.0) built for
x86_64-linux-thread-multi

I've noted that when ASSP's 'do TLS' module is enabled on port 25, I get
lots of SMTP timeouts, when it's only available on port 587, I get
almost none.  Is there a fix for this?

IO::Socket::SSL version: 1.02

Thanks,

Doug


------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple
OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------

_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: SMTP Timeouts

Doug Lytle
Thomas Eckardt wrote:
> Doug, please upgrade IO::Socket::SSL to the latest version (possibly also
> Net::SSLeay) and tryout the latest assp v2 dev build.
> Tell me if the issue (timeouts) is gone.

Thanks Thomas,

I'm on vacation starting Monday and will put those into place and let
you know.



------------------------------------------------------------------------------
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: SMTP Timeouts

Doug Lytle
In reply to this post by Thomas Eckardt/eck
I found some time this AM to upgrade our work ASSP:

ASSP version 2.4.6(15351)

IO::Socket::SSL 2.022 / 2.020
Net::SSLeay 1.72 / 1.72

I've had 30 timeouts in the last hour

I'm planning on doing a TCP dump on my home mail server this upcoming Monday (running Zimbra at work and at home) to see if I can get a decent idea what's going on.

Doug

------------------------------------------------------------------------------
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: SMTP Timeouts

Thomas Eckardt/eck
>I've had 30 timeouts in the last hour

bad news! Thank you for testing.

Your debug output has shown, that IO::Socket::SSL (Net::SSLeay) has
returned, that all data were written to the socket. The Net::SSLeay has to
encrypt (SSL) all data and has to write the SSL-data to the system socket.
There is anywhere a problem, if the SSL connection uses the localhost IP
address as target - but only on some systems (OS ..... ????) to some MTA
(postfix, sendmail ... ????).

>I'm planning on doing a TCP dump on my home mail server this upcoming
Monday

Thank you Doug, but I think this will not tell us much, because the data
you'll see in the dump will be SSL-encrypted. You may count the data bytes
and compare them to the size of the raw mail data - if more bytes are sent
by assp (TCP-SSL) than the size of the raw mail data, the SSL socket of
the MTA can't decode the last frame(s) for any reason.

BTW - you must face the same problem (incomplete GUI data), if you use
HTTPS for the webinterface and you start the browser at the local system (
https://localhost:55555). The GUI data have a size of 3-4MB. If the GUI
works this way, there must be a problem with the MTA.
Using HTTPS makes only one difference to SMTP - the HTML data are
compressed before they are encrypted. The SSL parameters used by assp, are
the same for both connections.

Thomas







Von:    Doug Lytle <[hidden email]>
An:     ASSP development mailing list <[hidden email]>
Datum:  18.12.2015 13:22
Betreff:        Re: [Assp-test] SMTP Timeouts



I found some time this AM to upgrade our work ASSP:

ASSP version 2.4.6(15351)

IO::Socket::SSL                  2.022 / 2.020
Net::SSLeay                              1.72 / 1.72

I've had 30 timeouts in the last hour

I'm planning on doing a TCP dump on my home mail server this upcoming
Monday (running Zimbra at work and at home) to see if I can get a decent
idea what's going on.

Doug

------------------------------------------------------------------------------
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------

_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: SMTP Timeouts

Doug Lytle
>>> On Dec 18, 2015, at 8:22 AM, Thomas Eckardt [hidden email] wrote:

>>>I've had 30 timeouts in the last hour

>>>> bad news! Thank you for testing.


Postfix manual for TLS logging gives:

Server-side TLS activity logging

To get additional information about Postfix SMTP server TLS activity you can increase the log level from 0..4. Each logging level also includes the information that is logged at a lower logging level.

    Level Postfix 2.9 and later Earlier releases.
    0 Disable logging of TLS activity.

    1 Log only a summary message on TLS handshake completion — no logging of client certificate trust-chain verification errors if client certificate verification is not required. Log the summary message, peer certificate summary information and unconditionally log trust-chain verification errors.

    2 Also log levels during TLS negotiation.

    3 Also log hexadecimal and ASCII dump of TLS negotiation process.

    4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS.

It's currently set to 1.

Would setting it to 2, 3 or even 4 be of help?

Doug

------------------------------------------------------------------------------
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: SMTP Timeouts

Thomas Eckardt/eck
>Would setting it to 2, 3 or even 4 be of help?

At least 3 would be required. So we can see, if there is a renegotiating
problem.

Thomas





Von:    Doug Lytle <[hidden email]>
An:     ASSP development mailing list <[hidden email]>
Datum:  18.12.2015 14:57
Betreff:        Re: [Assp-test] SMTP Timeouts



>>> On Dec 18, 2015, at 8:22 AM, Thomas Eckardt [hidden email]
wrote:

>>>I've had 30 timeouts in the last hour

>>>> bad news! Thank you for testing.


Postfix manual for TLS logging gives:

Server-side TLS activity logging

To get additional information about Postfix SMTP server TLS activity you
can increase the log level from 0..4. Each logging level also includes the
information that is logged at a lower logging level.

    Level                Postfix 2.9 and later           Earlier releases.
    0            Disable logging of TLS activity.

    1            Log only a summary message on TLS handshake completion —
no logging of client certificate trust-chain verification errors if client
certificate verification is not required.                Log the summary
message, peer certificate summary information and unconditionally log
trust-chain verification errors.

    2            Also log levels during TLS negotiation.

    3            Also log hexadecimal and ASCII dump of TLS negotiation
process.

    4            Also log hexadecimal and ASCII dump of complete
transmission after STARTTLS.

It's currently set to 1.

Would setting it to 2, 3 or even 4 be of help?

Doug

------------------------------------------------------------------------------
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************



------------------------------------------------------------------------------

_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: SMTP Timeouts

Doug Lytle
Thomas Eckardt wrote:
>> Would setting it to 2, 3 or even 4 be of help?
> At least 3 would be required. So we can see, if there is a renegotiating
> problem.


Thomas,

I have a Postfix loglevel 3 on a TLS timeout, would you like me to send
the archive directly to you?  It's 165KB compressed.

Doug


------------------------------------------------------------------------------
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: SMTP Timeouts

Thomas Eckardt/eck
Yes - send it directly to me. Thank you.

Thomas





Von:    Doug Lytle <[hidden email]>
An:     ASSP development mailing list <[hidden email]>
Datum:  19.12.2015 20:44
Betreff:        Re: [Assp-test] SMTP Timeouts



Thomas Eckardt wrote:
>> Would setting it to 2, 3 or even 4 be of help?
> At least 3 would be required. So we can see, if there is a renegotiating
> problem.


Thomas,

I have a Postfix loglevel 3 on a TLS timeout, would you like me to send
the archive directly to you?  It's 165KB compressed.

Doug


------------------------------------------------------------------------------
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------

_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: SMTP Timeouts [SOLVED]

Doug Lytle
In reply to this post by Thomas Eckardt/eck
>>> On Dec 19, 2015, at 2:39 PM, support [hidden email] wrote:

Thomas Eckardt wrote:
>> Would setting it to 2, 3 or even 4 be of help?
> At least 3 would be required. So we can see, if there is a renegotiating
> problem.


> Thomas,

> I have a Postfix loglevel 3 on a TLS timeout, would you like me to send
> the archive directly to you?  It's 165KB compressed.


Just following up on this old thread.  

My problem went away when I started using valid SSL Certificates from LetsEncrypt.

It's been 3 months without failure.

Doug

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test