>What to do now? Downgrade assp? This will not help. ASSP uses standard libs for SSL/TLS (IO::Socket::SSL -> Net::SSLeay -> openssl-lib !
>It is not good situation at production server. If openssl was upgraded, I recommend to read the release notes. If postfix was upgraded, .. the same. Such readings and upgrade planing are done by an IT-department before system upgrades are done! If you have any doubt about upcoming problems, all upgrades needs to be tested in a test environment BEFORE they are going in to production mode. IMHO - most of these problems are related to the usage of self signed certificates, outdated certificates, unchained certificates, missing intermediate certificates in chains, allowed weak cipher suites, allowed weak SSL protocols, too weak RSA keys openssl as well as postfix (and many other products) are working hard to secure their applications. Some or all of the above faults may lead in to more and more problems with every new software release. Most times there are temporary workarounds available (openssl.cnf , master.cnf .....), if the default security is increased in new releases. Notice: peers using new software releases may reject connection to or from older releases, because of the availability of "unsecure" communication options! So, the workarounds may not solve all your problems. SSLDEBUG and ConTimeoutDebug may help to get some more information from assp. btw.: I use certificates from letsencrypt and I never had any SSL/TLS problems. I update the perl modules at least once a week from CPAN. openssl is upgraded once in a year (together with the new perl version). I use every time the (my) latest assp development version on my production system. Thomas Von: "Ing. Lukáš Pečínka" <lukas.peci...@osu.cz> An: assp-user@lists.sourceforge.net Datum: 03.08.2021 10:12 Betreff: Re: [Assp-user] STARTTLS - connection randomly timeout (outlook imap error) What to do now? Downgrade assp? Change some values in postfix? Last postfix changelog said that some values was changed (default values) and i reverted it...Nothing changed. It is not good situation at production server. Dne 02. 08. 21 v 20:58 William L. Thomson Jr. napsal(a): > This issue remains in 2.6.3.20002 as well as 2.6.5.21074, it seems > sporadic, but the other issue is consistent. > > Using this site to test, that triggers the STARTTLS is not allowed, > sometimes, on rare occasion it works, but most times it does not. > > https://ssl-tools.net/mailservers/ > > On Mon, 2 Aug 2021 14:51:50 -0400 > "William L. Thomson Jr." <wlt...@o-sinc.com> wrote: > >> The "STARTTLS is not allowed for" is only in 2.6.5.21074, I reverted >> to 2.6.3.20002 and that issue goes away, but the first issue remains. >> I can try reverting to another version prior to that. >> >>> Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] 185.55.116.145 info: >>> got STARTTLS request from 185.55.116.145 >>> Aug 2 13:23:00 mail assp.pl[21426]: >>> [Worker_4] 185.55.116.145 info: STARTTLS is not allowed for >>> 185.55.116.145 >>> Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] 185.55.116.145 [SMTP >>> Error] 502 command not implemented or not allowed to be used by >>> 185.55.116.145 >>> Aug 2 13:23:00 mail assp.pl[21426]: [Worker_4] IPv4/IPv6 >>> disconnected: session:7F3EBC83AC78 185.55.116.145 - processing time >>> 0 seconds > -- S pozdravem a přáním pěkného dne | Best regards Ing. Lukáš Pečínka System administrator, Postmaster, IdP administrator Students mail, Antispam, Mail delivery system Centre for information technology University of Ostrava Bráfova 5 701 03 Ostrava Czech Republic lukas.peci...@osu.cz m...@helpdesk.osu.cz ed...@helpdesk.osu.cz +420 597 09 1116 +420 731 639 635 _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
_______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
