I just made simlar tests with my gmail account. I can't reproduce this behavior related to gmail.com.
I've sent a 9.1MB attachment in 133 seconds. Gmail used SMTPS(TLSv1_2 ECDHE-RSA-AES256-GCM-SHA384)- which is commonly used by many clients/servers. Sender was mail-qt0-f181.google.com ([209.85.216.181] helo=mail-qt0-f181.google.com) My line speed is 16MB/s inbound and 4MB/s outbound. I saw many faster SMTPS connections but also many slower - this may depend on the usage of my ISP connection. 133 seconds for such a mail is acceptable (I think). SSLv2/3:!SSLv3:!SSLv2 DEFAULT:!aNULL:!RC4:!MD5 are my SSL settings - not very strong - I know :):) the privat key used is 2048 Bit long In front of assp is the ISP-router and a pfsense 2.3.2 with snort 3.2.9.1 . Snort is configured the very hard way, except the SMTP rules are a bit more weak, because I need some spam. ASSP is running on a 4 Core 6GB W2K3 enterprise with an absolute uptodate ActivePerl 5.16.3 - using all Plugins, features and a replicated MySQL 5.6. Domain based mail routing (in- and out-bound) is done by hmailserver 5.6.4-B2283. All components are configured to use SSL/TLS when ever this is possible. For testing purposes I use a FreeBSD 10.2 with Perl 5.20 and ASSP - it runs the same way stable like the production system. You see - nothing magic, but maintenained (except the nice old W2K3 - but it works like a swiss made watch with an ETA 7750). I really don't know what I can do to fix up the SSL/TLS problems. Only to be complete: Backend for the mail environment and LDAP stuff is a Domino 9.0.1FP6. All the stuff above (and very much more) is running on a single VMWare vSphere 5.5 ( 8x 2.66GHz 48GB / x3650M2). Backups are done with EMC-Networker + EBR + DataDomain-VE, stored at a QNAP 419P+ Thomas Von: K Post <nntp.p...@gmail.com> An: ASSP development mailing list <assp-test@lists.sourceforge.net> Datum: 02.08.2016 00:07 Betreff: [Assp-test] Inbound TLS from gmail.com addresses / servers I originally thought that we had a problem with all TLS inbound email. As it turns out, my conclusion appears to have been wrong. - There are some SLOW servers outside that are just plain slow (nothing I can do there), - TLS seems to work reasonably fast with most inbound mail, though significantly slower than without TLS (5 seconds for an 11mb file without tls, vs 45 seconds with TLS on) - GMAIL.com inbound TLS emails are SLOW, no matter what settings I tweak With inbound gmail.com message. if I have TLS off, an 11mb attachment is delivered through ASSP in under 5 seconds. With TLS on it takes close to 10 minutes, which gets close to gmail's limit. I've tested with Outlook.com and that same 11mb attachment comes in through ASSP with TLS on in about 45 seconds. Sending a 30mb attachment from gmail FAILS because it takes too long. gmail will try for I believe 10 minutes to send a message, then it quits and retries. After a couple tries, it sends an NDR. This is a Windows 2012 R2 server, latest ASSP dev, OpenSSL 1.0.2h installed from slproweb.com/products/Win32OpenSSL.html (though I've also tried with the OpenSSL I downloaded a while back from the ASSP sourceforge site. net::ssleay 1.74 (openssl 1.0.2g). I'm almost certain that the OpenSSL installation is not used by ASSP, but I've not been able to get confirmation of that here. Just updated IO::Socket::SSL to 2.033. Net::SMTP:SSL 1.02. CPU usage as reported by assp is 4.78%. It's not on the fastest machine in the world (it's a hypver-v guest on a decent machine), but it seems speedy enough. 24gb ram. We've got similar physical hosts running Exchange as a guest without any speed issues whatsoever. Any other info I can provide to help figure this out? Disabling TLS for any gmail inbound mail isn't a feasible option, plus I don't know if it really is just google, or just the way that google connects which others might too... Thank you all. ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
------------------------------------------------------------------------------
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
