set 'banFailedSSLIP' to public only - and/or - include the ClientIP's
(e.g. 192.168.0.0/16) in to 'noBanFailedSSLIP'
Thomas
Von: "James Brown via Assp-test" <assp-test@lists.sourceforge.net>
An: "ASSP development mailing list" <assp-test@lists.sourceforge.net>
Kopie: "James Brown" <jlbr...@bordo.com.au>
Datum: 18.07.2018 02:40
Betreff: [Assp-test] SSL failures - client being denied
I’ve set up ASSP to accept connections on port 465 (was previously using
stunnel).
It usually works fine, but sometimes I get users who can no longer send
emails. Logs show:
Error: Worker_1 accept_SSL to client 192.168.1.51 denied - the client
failed before on SSL/TLS (suppressed 8 concurrent equal 'Error' loglines
from all Workers)
Jul-18-18 10:10:09 [Worker_1] Error: Worker_1 accept_SSL to client
118.209.252.91 failed IO::Socket::SSL=GLOB(0x7f823b207498) (timeout: 5 s)
: SSL wants a read first
Jul-18-18 10:10:55 [Worker_1] Error: Worker_1 accept_SSL to client
192.168.1.51 denied - the client failed before on SSL/TLS
Error: Worker_1 accept_SSL to client 192.168.1.51 denied - the client
failed before on SSL/TLS (suppressed 2 concurrent equal 'Error' loglines
from all Workers)
Jul-18-18 10:11:09 [Worker_1] Error: Worker_1 accept_SSL to client
118.209.252.91 denied - the client failed before on SSL/TLS
I have to restart ASSP so that they can send emails again. I’ll look at
‘edit SSL-failed-cache’ next time.
Startup shows:
Jul-18-18 10:18:23 [init] Info: openssl version 1.0.2g is installed
Jul-18-18 10:18:23 [init] IO::Socket::SSL module version 2.022 installed -
https and TLS/SSL is possible
Jul-18-18 10:18:23 [init] Found valid certificate and private key file -
https and TLS/SSL is available
Jul-18-18 10:18:23 [init] The underlying SSL library Net::SSLeay version
1.72 uses OpenSSL 1.0.2l 25 May 2017
Jul-18-18 10:18:23 [init] SSL_read_ahead will be used
Any suggestions?
I have:
SSLRetryOnError: 1
SSLtimeout: 5
maxSSLRenegotiations: 10
SSLDEBUG: 1
thanks,
James.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
