The more I look at this, the more I'm guessing Outlook.com is using some pathetically low cipher and Google's not. One's putting stress on the system or is just slow, the other isn't. I'd love to know how to tell what they're using. I really wonder if I need to tweak my cipher_list.
ASSP logs the STARTTLS request info: got STARTTLS request from 209.85.223.182 Could we have it put what cipher's being used there or more useful encryption info? Also, with the new test version 16271, and it's default neverqueueSize of 12000000 bytes, why would DKIM be skipped? Isn't DKIM checking just a one time thing and not intensive? info: message is too large ( SIZE 15700405 byte > neverQueueSize 12000000 byte) to be queued for further internal processing! Skipping DKIM, Plugins and charset conversion. I'm also afraid of plugins being skipped - no AFC for large emails. That scares me. Is ClamAV scanning skipped too? Could the plugins be run on the full mail after receipt, regardless of size? I know I can override this limit in ASSP_Correction, but you've obviously coded this for a reason. Any way to get a happy medium here (speed but full functionality)? On Tue, Sep 27, 2016 at 3:07 PM, K Post <nntp.p...@gmail.com> wrote: > Our primary internet connection went down again (nothing to do with ASSP) > which gave me the opportunity to replace 16270 with 16271. Nothing like > making lemonade out of lemons... > > The same email now took only 269 seconds. That's about 15x longer than > with TLS off, but WOW that's way better than it was before. > I also tried with the blank cipher list, no notable difference > And with the SSL buffers set to 0 (64 MB), again without a speed > difference. > > SO- you've made a real difference here!! Is there more optimization to > be made? > > The rub is that the exact same message sent through Outlook.com to us, > took exactly 30 seconds, just a 50% overhead when compared to the 19 > seconds for a non-TLS message of the same size, instead of a 1500% overhead > for encryption when receiving from google. > > *Is there some magical debug switch that I could turn on to see what > encryption Outlook.com is using and compare that to what Google's > connection to us with?* I think prohibiting whatever the slow cipher > that google's using (probably a really strong one) might make the final bit > of difference. > > I'm breathing so much easier now!! Thank you. > > > On Tue, Sep 27, 2016 at 2:08 PM, K Post <nntp.p...@gmail.com> wrote: > >> Despite all the problems we have with personalities and policies in our >> organization, the infrastructure is pretty solid. MTU's are set correctly, >> no fragmentation, no jitter. There's low latency across the board, and >> really low bandwidth usage. If we sent 1000 mails a day, it's a lot. >> >> ...and yes, they even pay their bills, though not me very well :) >> >> I think it's which SSL algorithm is being used that's at least partially >> to blame. I have: >> SSL_Version: SSLv23:!SSLv3:!SSLv2 >> SSL_Cipher_list: kEECDH+ECDSA:kEECDH:kEDH:HIGH:+SHA:+RC4:RC4 >> :!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!DSS:!PSK:!SRP:!kECDH:!C >> AMELLIA128:!IDEA:!SEED >> >> I tried the default wih SSL_Cipher_List blank before, I don't think there >> was a difference (but I've played with so many settings, I really don't >> remember) >> >> And last, on the SSL buffer size. If set to zero in the gui, on windows >> 2012, it says in green that it's set to 64 MB. I follow what you're saying >> about it readying 4x 16 Kb without a loop cycle. Is that a good or bad >> thing though? >> >> >> >
------------------------------------------------------------------------------
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
