This is end to end opportunistic SSL/TLS you are referring to? Does authenticated mail client SSL/TLS work reliably?
Of being on the postfix list, only a very few are enabling opportunistic SSL/TLS. It is said, only a small percentage of MTA offer it, and for the trouble, it may not be worth it to secure these MTA to MTA routes. Espacially proxy to MTA. This is usually one switch port away, or same box , can this be turned off via a setting? Is it possible to disable SSL/TLS, but still keep it running for authenticated users? How reliable is the "make test"? Perhaps writing a test set for the two perl modules, sort of a stress tester that will generate a report as to what versions and what results those versions are outputting would be helpful to get the issues isolated to one small set of code. -- Scott Iphone says hello. On Aug 21, 2009, at 3:32 AM, Thomas Eckardt/eck <[email protected] > wrote: > Hi all, > > if TLS/SSL is not working for you (V2) - do the following: > > 1. check the modules IO::Socket::SSL and Net::SSLeay - they should > have > the lastest version number > 2. if you have installed any of these modules via cpan - use "make > test" > to check that the modules are running without any errors - never use > the > --force switch to install any of these modules > 3. check your PATH, where ssleay librarys are installed (ssleay32.dll, > libeay32.dll) - correct the PATH so, that your Perl directory is the > first > entry > 4. it is normal that some connections will fail, if you use the > selfcert > certificate and keys (created by assp) and the peer uses any > certificate > verification (which will fail in this case). To solve this problem, > you > have to use a trusted certificate (and keys) which could be verfied > by any > peer. Make sure that the hostname is listed in the certificate! > 5. if you get "SSL wants a read first" errors - increase > "SSLTimeout" - 10 > seconds should be high enough for typical DSL band wide > 6. exclude failing IP's permanently from TLS/SSL - including these > IP's in > 'noTLSIP' > 7. windows users can use 'jbmail' to verfy there SSL installation - > linux > users can use any of the free tools to do this > 8. set "SSLdebug" to level 3 to analyse problems - the debug output is > written to STDERR - so you have to start ASSP in commandline mode > > There are many reasons that could cause a TLS/SSL negotiation to > fail - to > get a overview, I recommend reading IANA RFC 5246. > > Thomas > > > > Trevor Jacques <[email protected]> > 21.08.2009 01:57 > Bitte antworten an > ASSP development mailing list <[email protected]> > > > An > ASSP development mailing list <[email protected]> > Kopie > > Thema > Re: [Assp-test] TLS/SSL is not working in our production server > > > > > > > >> I am also having issues with SSL. This is in version 2.0. Many >> servers will just not connect properly and the connection stalls. > > There's something up with TLS/SSL in recent versions. I can't figure > out exactly what, but the slowdowns were so great that I'm back on . > 18 It's tough enough for me on the same local network to get mail > out. My remote users have been bleating that the delays were such that > even simple text mails with no attachments were taking minutes to an > hour or more to get out, whereas they rocketed out with earlier > versions. :-( > > T. > > --- > --- > --- > --------------------------------------------------------------------- > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 > 30-Day > trial. Simplify your report design, integration and deployment - and > focus > on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, > legally > privileged and protected in law and are intended solely for the use > of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > --- > --- > --- > --------------------------------------------------------------------- > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 > 30-Day > trial. Simplify your report design, integration and deployment - and > focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
