>The same email now took only 269 seconds. This is OK for googles behavior - the 1440 byte SSL frame. Around 300s was expected by me for this mail - hmm.. it is 10% better - nice!
Take the following math. mail size = 15000 kB google frame size = 1.44 kB required assp loop cycles = mail size / frame size = 10.400 mail size = 15000 kB outlook.com frame size = 16 kB required assp loop cycles = mail size / frame size = 940 >I really wonder if I need to tweak my cipher_list. No! Again Ken, the SSL parameters are NOT the problem on your system. Your debug log shows a socket read time of max ~ 0.5 milliseconds (typical ~0.3 ms) for SSL. This read operation includes the time required for the decryption of the data. This is very very fast! It is simply the amazing count (10.400) of read and process operations (cycles) required by assp for such a mail, that causes the overall slow mail receive. >Is ClamAV scanning skipped too? Yes. >Could the plugins be run on the full mail after receipt, regardless of size? Override the config parameters. Keep in mind that 'npSize' may also involved in skipping or processing some mail body checks. >Isn't DKIM checking just a one time thing and not intensive? The full DKIM check is very intensive. It requires to calculate an RSA/SHA hash over the complete mail. DCC and Razor are doing something similar. ASSP_AFC would make all checks (ClamAV, FileScan, content checks with several regular expression, decompression of attachments ....) for the complete mail. It parses the complete mail at once with Email::MIME. This requires a huge amount of memory. Not a big deal on a 64bit OS with 8GB RAM and several CPU cores - who can !? All these can be done for any mail size, if the system is able to process the amount of data fast enough. On most havy load systems, the 12.000.000 will be to large and may lead in to stucking workers. ASSP has this set of config parameters - change them to your need - try - and if does not work switch back - nothing more easy. Thomas Von: K Post <nntp.p...@gmail.com> An: ASSP development mailing list <assp-test@lists.sourceforge.net> Datum: 27.09.2016 21:08 Betreff: Re: [Assp-test] Inbound TLS from gmail.com addresses / servers Our primary internet connection went down again (nothing to do with ASSP) which gave me the opportunity to replace 16270 with 16271. Nothing like making lemonade out of lemons... The same email now took only 269 seconds. That's about 15x longer than with TLS off, but WOW that's way better than it was before. I also tried with the blank cipher list, no notable difference And with the SSL buffers set to 0 (64 MB), again without a speed difference. SO- you've made a real difference here!! Is there more optimization to be made? The rub is that the exact same message sent through Outlook.com to us, took exactly 30 seconds, just a 50% overhead when compared to the 19 seconds for a non-TLS message of the same size, instead of a 1500% overhead for encryption when receiving from google. *Is there some magical debug switch that I could turn on to see what encryption Outlook.com is using and compare that to what Google's connection to us with?* I think prohibiting whatever the slow cipher that google's using (probably a really strong one) might make the final bit of difference. I'm breathing so much easier now!! Thank you. On Tue, Sep 27, 2016 at 2:08 PM, K Post <nntp.p...@gmail.com> wrote: > Despite all the problems we have with personalities and policies in our > organization, the infrastructure is pretty solid. MTU's are set correctly, > no fragmentation, no jitter. There's low latency across the board, and > really low bandwidth usage. If we sent 1000 mails a day, it's a lot. > > ...and yes, they even pay their bills, though not me very well :) > > I think it's which SSL algorithm is being used that's at least partially > to blame. I have: > SSL_Version: SSLv23:!SSLv3:!SSLv2 > SSL_Cipher_list: kEECDH+ECDSA:kEECDH:kEDH:HIGH:+SHA:+RC4:RC4 > :!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!DSS:!PSK:!SRP:!kECDH:! > CAMELLIA128:!IDEA:!SEED > > I tried the default wih SSL_Cipher_List blank before, I don't think there > was a difference (but I've played with so many settings, I really don't > remember) > > And last, on the SSL buffer size. If set to zero in the gui, on windows > 2012, it says in green that it's set to 64 MB. I follow what you're saying > about it readying 4x 16 Kb without a loop cycle. Is that a good or bad > thing though? > > > ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
------------------------------------------------------------------------------
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
