Setting banFailedSSLIP to ‘public only’ didn’t work:
Jul-18-18 15:33:12 [Worker_1] Error: Worker_1 accept_SSL to client 192.168.1.51
denied - the client failed before on SSL/TLS
Error: Worker_1 accept_SSL to client 192.168.1.51 denied - the client failed
before on SSL/TLS (suppressed 2 concurrent equal 'Error' loglines from all
Workers)
The IP 192.168.1.51 is not in SSL-failed-Cache
James.
> On 18 Jul 2018, at 2:17 pm, Thomas Eckardt <thomas.ecka...@thockar.com
> <mailto:thomas.ecka...@thockar.com>> wrote:
>
> set 'banFailedSSLIP' to public only - and/or - include the ClientIP's (e.g.
> 192.168.0.0/16) in to 'noBanFailedSSLIP'
>
>
> Thomas
>
>
> Von: "James Brown via Assp-test" <assp-test@lists.sourceforge.net
> <mailto:assp-test@lists.sourceforge.net>>
> An: "ASSP development mailing list" <assp-test@lists.sourceforge.net
> <mailto:assp-test@lists.sourceforge.net>>
> Kopie: "James Brown" <jlbr...@bordo.com.au
> <mailto:jlbr...@bordo.com.au>>
> Datum: 18.07.2018 02:40
> Betreff: [Assp-test] SSL failures - client being denied
>
>
>
> I’ve set up ASSP to accept connections on port 465 (was previously using
> stunnel).
>
> It usually works fine, but sometimes I get users who can no longer send
> emails. Logs show:
>
> Error: Worker_1 accept_SSL to client 192.168.1.51 denied - the client failed
> before on SSL/TLS (suppressed 8 concurrent equal 'Error' loglines from all
> Workers)
> Jul-18-18 10:10:09 [Worker_1] Error: Worker_1 accept_SSL to client
> 118.209.252.91 failed IO::Socket::SSL=GLOB(0x7f823b207498) (timeout: 5 s) :
> SSL wants a read first
> Jul-18-18 10:10:55 [Worker_1] Error: Worker_1 accept_SSL to client
> 192.168.1.51 denied - the client failed before on SSL/TLS
> Error: Worker_1 accept_SSL to client 192.168.1.51 denied - the client failed
> before on SSL/TLS (suppressed 2 concurrent equal 'Error' loglines from all
> Workers)
> Jul-18-18 10:11:09 [Worker_1] Error: Worker_1 accept_SSL to client
> 118.209.252.91 denied - the client failed before on SSL/TLS
>
> I have to restart ASSP so that they can send emails again. I’ll look at ‘edit
> SSL-failed-cache’ next time.
>
> Startup shows:
>
> Jul-18-18 10:18:23 [init] Info: openssl version 1.0.2g is installed
> Jul-18-18 10:18:23 [init] IO::Socket::SSL module version 2.022 installed -
> https and TLS/SSL is possible
> Jul-18-18 10:18:23 [init] Found valid certificate and private key file -
> https and TLS/SSL is available
> Jul-18-18 10:18:23 [init] The underlying SSL library Net::SSLeay version 1.72
> uses OpenSSL 1.0.2l 25 May 2017
> Jul-18-18 10:18:23 [init] SSL_read_ahead will be used
>
> Any suggestions?
>
> I have:
>
> SSLRetryOnError: 1
> SSLtimeout: 5
> maxSSLRenegotiations: 10
> SSLDEBUG: 1
>
> thanks,
>
> James.
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org <http://slashdot.org/>!
> http://sdm.link/slashdot <http://sdm.link/slashdot>
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net <mailto:Assp-test@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/assp-test
> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no known
> virus in this email!
> *******************************************************
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org <http://slashdot.org/>!
> http://sdm.link/slashdot_______________________________________________
> <http://sdm.link/slashdot_______________________________________________>
> Assp-test mailing list
> Assp-test@lists.sourceforge.net <mailto:Assp-test@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test