is there a good reason for the 64 open files restriction in the OS?
Thomas
Von: "James Brown via Assp-test" <assp-test@lists.sourceforge.net>
An: "ASSP development mailing list" <assp-test@lists.sourceforge.net>
Kopie: "James Brown" <jlbr...@bordo.com.au>
Datum: 18.07.2018 09:37
Betreff: Re: [Assp-test] SSL failures - client being denied
This is it failing with useDB4IntCache turned on:
Jul 18 17:03:28 mail ASSP[85659]: Jul-18-18 17:03:28 [Main_Thread]
MainThread started
Jul 18 17:03:32 mail mdworker[85664]: (Normal) Import: Using too many
resources after 64 files (wired: 0 resident: 129997 swapped: 2 regions:
471), hit usage threshold importing
/Applications/assp/sl-cache/main-SNMPhandler.sl, exiting to clean up now.
Jul 18 17:03:37 mail com.apple.launchd.peruser.89[9715]
(com.apple.mdworker.pool.1): Throttling respawn: Will start in 5 seconds
Jul 18 17:03:43 mail mdworker[85669]: (Normal) Import: Using too many
resources after 64 files (wired: 0 resident: 129495 swapped: 2 regions:
473), hit usage threshold importing
/Applications/assp/sl-cache/main-getOriginIPs.sl, exiting to clean up now.
Jul 18 17:03:48 mail com.apple.launchd.peruser.89[9715]
(com.apple.mdworker.pool.1): Throttling respawn: Will start in 5 seconds
Jul 18 17:03:53 mail mdworker[85672]: (Normal) Import: Using too many
resources after 64 files (wired: 0 resident: 129934 swapped: 2 regions:
470), hit usage threshold importing
/Applications/assp/sl-cache/main-DMARCaddReport.sl, exiting to clean up
now.
Jul 18 17:03:58 mail com.apple.launchd.peruser.89[9715]
(com.apple.mdworker.pool.1): Throttling respawn: Will start in 5 seconds
Jul 18 17:04:04 mail mdworker[85674]: (Normal) Import: Using too many
resources after 64 files (wired: 0 resident: 130416 swapped: 2 regions:
467), hit usage threshold importing
/Applications/assp/sl-cache/main-BombWeight_Run.sl, exiting to clean up
now.
Jul 18 17:04:09 mail com.apple.launchd.peruser.89[9715]
(com.apple.mdworker.pool.1): Throttling respawn: Will start in 5 seconds
Jul 18 17:04:14 mail mdworker[85678]: (Normal) Import: Using too many
resources after 64 files (wired: 0 resident: 129928 swapped: 2 regions:
464), hit usage threshold importing
/Applications/assp/sl-cache/main-BackDNSCacheAdd.sl, exiting to clean up
now.
James.
On 18 Jul 2018, at 5:01 pm, James Brown via Assp-test <
assp-test@lists.sourceforge.net> wrote:
I turned on useDB4IntCache and restarted. It seemed to startup ok, but was
not accepting any connections. Perl was running at almost 100% CPU, and
the process was using about 4GB of RAM (normally under 1GB).
I had to turn it off (manually edit the config file) and force-quit Perl.
Is that normal? Did I just need to wait longer?
James.
On 18 Jul 2018, at 4:01 pm, Thomas Eckardt <thomas.ecka...@thockar.com>
wrote:
Your Perl is not working correctly.
The SSL-failed-Cache is not shared between all running threads. Depending
on the setting of 'useDB4IntCache' BerkeleyDB or threads::shared does not
work.
Worker_1 has the IP in its SSL-failed-Cache - the MainThread (shows the
GUI) has not.
Thomas
Von: "James Brown via Assp-test" <assp-test@lists.sourceforge.net>
An: "ASSP development mailing list" <
assp-test@lists.sourceforge.net>
Kopie: "James Brown" <jlbr...@bordo.com.au>
Datum: 18.07.2018 07:44
Betreff: Re: [Assp-test] SSL failures - client being denied
Setting banFailedSSLIP to ‘public only’ didn’t work:
Jul-18-18 15:33:12 [Worker_1] Error: Worker_1 accept_SSL to client
192.168.1.51 denied - the client failed before on SSL/TLS
Error: Worker_1 accept_SSL to client 192.168.1.51 denied - the client
failed before on SSL/TLS (suppressed 2 concurrent equal 'Error' loglines
from all Workers)
The IP 192.168.1.51 is not in SSL-failed-Cache
James.
On 18 Jul 2018, at 2:17 pm, Thomas Eckardt <thomas.ecka...@thockar.com>
wrote:
set 'banFailedSSLIP' to public only - and/or - include the ClientIP's
(e.g. 192.168.0.0/16) in to 'noBanFailedSSLIP'
Thomas
Von: "James Brown via Assp-test" <assp-test@lists.sourceforge.net>
An: "ASSP development mailing list" <
assp-test@lists.sourceforge.net>
Kopie: "James Brown" <jlbr...@bordo.com.au>
Datum: 18.07.2018 02:40
Betreff: [Assp-test] SSL failures - client being denied
I’ve set up ASSP to accept connections on port 465 (was previously using
stunnel).
It usually works fine, but sometimes I get users who can no longer send
emails. Logs show:
Error: Worker_1 accept_SSL to client 192.168.1.51 denied - the client
failed before on SSL/TLS (suppressed 8 concurrent equal 'Error' loglines
from all Workers)
Jul-18-18 10:10:09 [Worker_1] Error: Worker_1 accept_SSL to client
118.209.252.91 failed IO::Socket::SSL=GLOB(0x7f823b207498) (timeout: 5 s)
: SSL wants a read first
Jul-18-18 10:10:55 [Worker_1] Error: Worker_1 accept_SSL to client
192.168.1.51 denied - the client failed before on SSL/TLS
Error: Worker_1 accept_SSL to client 192.168.1.51 denied - the client
failed before on SSL/TLS (suppressed 2 concurrent equal 'Error' loglines
from all Workers)
Jul-18-18 10:11:09 [Worker_1] Error: Worker_1 accept_SSL to client
118.209.252.91 denied - the client failed before on SSL/TLS
I have to restart ASSP so that they can send emails again. I’ll look at
‘edit SSL-failed-cache’ next time.
Startup shows:
Jul-18-18 10:18:23 [init] Info: openssl version 1.0.2g is installed
Jul-18-18 10:18:23 [init] IO::Socket::SSL module version 2.022 installed -
https and TLS/SSL is possible
Jul-18-18 10:18:23 [init] Found valid certificate and private key file -
https and TLS/SSL is available
Jul-18-18 10:18:23 [init] The underlying SSL library Net::SSLeay version
1.72 uses OpenSSL 1.0.2l 25 May 2017
Jul-18-18 10:18:23 [init] SSL_read_ahead will be used
Any suggestions?
I have:
SSLRetryOnError: 1
SSLtimeout: 5
maxSSLRenegotiations: 10
SSLDEBUG: 1
thanks,
James.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
http://sdm.link/slashdot_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
http://sdm.link/slashdot_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
http://sdm.link/slashdot_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test