Thanks Thomas.
I managed to get it to work. I managed to get Mail.app to change the port by
going to ‘Edit SMTP Server List’ which does not check first before saving.
Modifying the port on the Account’s Outgoing Mail Server setting would not work
because of the ‘read first’ error.
Thomas, ASSP refused to accept TLS connections from my IP no matter what
setting I changed:
Error: Worker_1 accept_SSL to client 124.188.23.116 denied - the client failed
before on SSL/TLS (suppressed 7 concurrent equal 'Error' loglines from all
Workers in the last 121 seconds)
Jul-01-18 17:40:42 [Worker_1] Error: Worker_1 accept_SSL to client
124.188.23.116 denied - the client failed before on SSL/TLS
Jul-01-18 17:41:11 [Main_Thread] Admin connection from user root on host
::1:60826; page:/edit; args;
Jul-01-18 17:41:25 [Main_Thread] Admin connection from user root on host
::1:60828; page:/;
Jul-01-18 17:41:25 [Main_Thread] AdminUpdate: [root ::1] banFailedSSLIP changed
from 'both (3)' to 'disable (0)'
Jul-01-18 17:41:25 [Main_Thread] Saving config
Jul-01-18 17:41:25 [Main_Thread] Info: saved config to
/Applications/assp/assp.cfg.tmp - which is now renamed to
/Applications/assp/assp.cfg
Jul-01-18 17:41:25 [Main_Thread] Finished saving config
Error: Worker_1 accept_SSL to client 124.188.23.116 denied - the client failed
before on SSL/TLS (suppressed 2 concurrent equal 'Error' loglines from all
Workers)
Jul-01-18 17:41:41 [Worker_10000] Info: synchronizing all BerkeleyDB hashes to
disk
Jul-01-18 17:41:41 [Worker_10000] Info: compacting all BerkeleyDB hashes on disk
Jul-01-18 17:41:47 [Main_Thread] Admin connection from user root on host
::1:60830; page:/;
Jul-01-18 17:41:47 [Main_Thread] AdminUpdate: [root ::1] maxSSLRenegotiations
changed from '2' to '10'
Jul-01-18 17:41:47 [Main_Thread] Saving config
Jul-01-18 17:41:47 [Main_Thread] Info: saved config to
/Applications/assp/assp.cfg.tmp - which is now renamed to
/Applications/assp/assp.cfg
Jul-01-18 17:41:47 [Main_Thread] Finished saving config
Jul-01-18 17:42:08 [Worker_1] Error: Worker_1 accept_SSL to client
124.188.23.116 denied - the client failed before on SSL/TLS
Error: Worker_1 accept_SSL to client 124.188.23.116 denied - the client failed
before on SSL/TLS (suppressed 2 concurrent equal 'Error' loglines from all
Workers)
I also have my IP in noBanFailedSSLIP.
When I clicked on the ‘edit SSL-failed-Cache’ button it showed no entries.
I was only able to get it to work by restarting ASSP.
Anyway, all good now.
James.
> On 1 Jul 2018, at 2:25 am, Thomas Eckardt <thomas.ecka...@thockar.com
> <mailto:thomas.ecka...@thockar.com>> wrote:
>
> Depending on the used SSL software and the SSL negotiation this error ('wants
> a read first') may happen. If ASSP gets this error it trys to satisfy the
> underlying SSL-IO-engine by allowing socket reads.
>
> You can add those IP's to noBanFailedSSLIP. You may also increase the
> SSLtimeout value.
>
> Thomas
>
>
>
> Von: "James Brown via Assp-test" <assp-test@lists.sourceforge.net
> <mailto:assp-test@lists.sourceforge.net>>
> An: "ASSP development mailing list" <assp-test@lists.sourceforge.net
> <mailto:assp-test@lists.sourceforge.net>>
> Kopie: "James Brown" <jlbr...@bordo.com.au
> <mailto:jlbr...@bordo.com.au>>
> Datum: 30.06.2018 16:05
> Betreff: Re: [Assp-test] Antwort: SSL 'wants a read first' error
>
>
>
> Hi Thomas. I want to stop using stunnel and to have ASSP accept TLS
> submissions on ports 465 and 587.
>
> I’m testing using port 466 for the moment.
>
> In Mail.app on macOS I change the outgoing server’s port to 466 and click
> save. It tries to establish a connection but fails after a minute and says:
> Unable to verify account name or password.
>
> ASSP log shows:
> Jun-30-18 23:39:56 [Worker_1] Error: Worker_1 accept_SSL to client
> 124.188.23.116 failed IO::Socket::SSL=GLOB(0x7f8dcd057360) (timeout: 5 s) :
> SSL wants a read first
> Later I see:
> Jun-30-18 23:40:57 [Worker_1] Error: Worker_1 accept_SSL to client
> 124.188.23.116 denied - the client failed before on SSL/TLS
>
>
> Perl module installed:
> IO::Socket::SSL 2.022 / 2.020 enabled CPAN
> <http://search.cpan.org/search?query=IO::Socket::SSL>
>
> I found this thread that I started from a long time ago.
>
> So I don’t even get to try to send a message. I just try to save the settings
> and Mail.app first checks that they work, but fails.
>
> Running ASSP version 2.6.2(18174)
>
> Any suggestions?
>
> Thanks,
>
> James.
>
> On 27 Mar 2009, at 6:44 pm, Thomas Eckardt/eck <thomas.ecka...@thockar.com
> <mailto:thomas.ecka...@thockar.com>> wrote:
>
> SSL wants a read first
>
> means the other peer wants to read from the socket first - this should not
> happen, because we are not connected at this time!
>
> Thomas
>
>
>
>
> James Brown <jlbr...@bordo.com.au <mailto:jlbr...@bordo.com.au>>
> 27.03.2009 01:43
> Bitte antworten an
> ASSP development mailing list <assp-test@lists.sourceforge.net
> <mailto:assp-test@lists.sourceforge.net>>
>
>
> An
> ASSP development mailing list <assp-test@lists.sourceforge.net
> <mailto:assp-test@lists.sourceforge.net>>
> Kopie
>
> Thema
> [Assp-test] SSL 'wants a read first' error
>
>
>
>
>
>
> Have just set listenPortSSL to 465 and quit stunnel
>
> When I try to send an email on port 465 I see:
>
> Mar-23-09 11:45:34 [Worker_1] Connected: 192.168.1.10:64068 ->
> 192.168.1.9:2525 -> 192.168.1.9:10026 , 10-11
> Mar-23-09 11:45:34 [Worker_1] Disconnected: 192.168.1.10
> Mar-23-09 11:45:48 [Worker_1] Error: Couldn't move socket to SSL
> 0.0.0.0:465SSL wants a read first
> Mar-23-09 11:45:48 [Worker_1] Connected: 192.168.1.10:64096 ->
> 192.168.1.9:465 -> 127.0.0.1:10026 , 10-11
> Mar-23-09 11:45:48 [Worker_1] Disconnected: 192.168.1.10
> Mar-23-09 11:46:08 [Worker_1] Error: Couldn't move socket to SSL
> 0.0.0.0:465SSL wants a read first
> Mar-23-09 11:46:08 [Worker_1] Connected: 192.168.1.10:64118 ->
> 192.168.1.9:465 -> 127.0.0.1:10026 , 10-11
>
> The email gets sent OK.
>
> Is something form stunnel still active that is causing this problem?
> Any other suggestions?
>
> Also, there should be a space between the '0.0.0.0:465' and the 'SSL'
> in the Error line.
>
> Thanks,
>
> James.
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net <mailto:Assp-test@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/assp-test
> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net <mailto:Assp-test@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/assp-test
> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org <http://slashdot.org/>!
> http://sdm.link/slashdot <http://sdm.link/slashdot>
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net <mailto:Assp-test@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/assp-test
> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no known
> virus in this email!
> *******************************************************
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org <http://slashdot.org/>!
> http://sdm.link/slashdot_______________________________________________
> <http://sdm.link/slashdot_______________________________________________>
> Assp-test mailing list
> Assp-test@lists.sourceforge.net <mailto:Assp-test@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
