Looking way better Thomas. Thank you. Connected: session:23D15F00 154.21.28.20:60788 > (assp internal ip):25 > (smtp internal ip):25 154.21.28.20 warning: got an unexpected TLSv1_2 handshake Client-Helo-Frame of version (3.3) from IP '154.21.28.20' at local IP '(assp internal ip)' and Port '25' - the connection will be closed 154.21.28.20 Message-Score: added 25 (etValencePB) for EarlyTalker, total score for this message is now 25 154.21.28.20 info: PB-IP-Score for '154.21.28.0' is 50, added 25 in this session 154.21.28.20 disconnected: session:23D15F00 154.21.28.20 - processing time 0 seconds Connected: session:223748B0 154.21.28.20:60791 > (assp internal ip):25 > (smtp internal ip):25 Error: Worker_3 accept_SSL to client 154.21.28.20 denied - the client failed before on SSL/TLS Error: Worker_3 accept_SSL to client 154.21.28.20 denied - the client failed before on SSL/TLS Connected: session:297ED5F8 154.21.28.20:60795 > (assp internal ip):25 > (smtp internal ip):25 154.21.28.20 disconnected: session:223748B0 154.21.28.20 - processing time 1 seconds
This group of pesky servers (seems like a big range that keeps trying to connect) keeps throwing SSL errors, but ASSP is now handling the errors much more gracefully. No more bad file descriptor errors!!! It seems like a decent sized SMTP farm, I assume spamming. * Do you think I should add the IP block to noTLSIP? *Will that force them not to use SSL or are they just sending a handshake way too early for that to work? On Wed, Oct 6, 2021 at 10:08 AM Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > try https://sourceforge.net/p/assp/svn/HEAD/tree/assp2/trunk/test/ > > tell me if and how it works for you > > Thomas > > > > > Von: "K Post" <nntp.p...@gmail.com> > An: "ASSP development mailing list" < > assp-test@lists.sourceforge.net> > Datum: 05.10.2021 16:30 > Betreff: Re: [Assp-test] Too many open files - Windows > ------------------------------ > > > > I had originally started a new thread on the below, but I wonder if stuck > open sockets might be the cause of the Too many open files. Bad SSL > connections seem to be failing to close "close failed on > IO::Socket::SSL=GLOB(0x2b7a5cd0) : Bad file descriptor" That error happens > a lot when a SMTP server is persistent, even when we kick it for previous > failed SSL attempts. > > I'm aware that 21277 offers "Improved error handling in case a client or > server connects to the default SMTP-listener (25) using SSL." > > I saw: > got an unexpected TLSv1_2 handshake Client-Helo-Frame of version (3.3) > from IP '154.21.28.74' at local IP '(my ip here)' and Port '25' - this > frame is ignored > and in the 21277 release thread, you said that's the new code throwing the > warning > > I want to make sure something isn't awry though. It might just be > coincidental, but with 21277, there's a couple smtp servers throwing > warnings now and then close errors. Maybe this was always a problem with > bad SMTP servers, just not warned about before. Most of the IP's I've seen > have a poor Senderbase reputation, but aren't blacklisted. I've seen a lot > from one particular IP, but there are others. Poor Reputation for the > whole block of servers: > *https://talosintelligence.com/reputation_center/lookup?search=154.21.114.200* > <https://talosintelligence.com/reputation_center/lookup?search=154.21.114.200> > > > Here's an excerpt from the log, which complains about Bad file descriptor > and sockets that can't close.. Could I have something misconfigured?? > Could the new SSL error handling be causing this, leaving things open, and > then causing the Too many open files problem?? Is this a really bad > behaving set of SMTP servers that ASSP is having trouble with and leaving > things open? Or maybe it's completely unrelated to the too many open files > problem? The below excerpt is all in the period of 2 seconds. And I see > the same kind of thing happening, especially from this IP, many times in an > hour. > > Connected: session:4C6AD911 *154.21.114.200:60973* > <http://154.21.114.200:60973/> > (assp internal ip):25 > (smtp internal > ip):25 > 154.21.114.200 *warning: got an unexpected TLSv1_2 handshake > Client-Helo-Frame of version (3.3) from IP '154.21.114.200' at local IP > '(assp internal ip)' and Port '25' - this frame is ignored* > Connected: session:23DBEBB0 *154.21.114.200:60975* > <http://154.21.114.200:60975/> > (assp internal ip):25 > (smtp internal > ip):25 > 154.21.114.200 disconnected: session:4C6AD911 154.21.114.200 - processing > time 0 seconds > Error: Worker_2 accept_SSL to client 154.21.114.200 denied - the client > failed before on SSL/TLS *<-- great, but then it doesn't seem to close > the socket.* > Error: Worker_2 *close failed on IO::Socket::SSL=GLOB(0x5dfd18c8) : Bad > file descriptor* > Error: Worker_2 accept_SSL to client 154.21.114.200 denied - the client > failed before on SSL/TLS > Error: Worker_2 *close failed on IO::Socket::SSL=GLOB(0x5dfd18c8) : Bad > file descriptor* > Connected: session:70F3C0C8 *154.21.114.200:60979* > <http://154.21.114.200:60979/> > (assp internal ip):25 > (smtp internal > ip):25 > 154.21.114.200 disconnected: session:23DBEBB0 154.21.114.200 - processing > time 1 seconds > Connected: session:2452D908 *154.21.114.200:60982* > <http://154.21.114.200:60982/> > (assp internal ip):25 > (smtp internal > ip):25 > 154.21.114.200 disconnected: session:70F3C0C8 154.21.114.200 - processing > time 1 seconds > Error: Worker_2 accept_SSL to client 154.21.114.200 denied - the client > failed before on SSL/TLS > Error: Worker_2 *close failed on IO::Socket::SSL=GLOB(0x22463520) : Bad > file descriptor* > 154.21.114.200 disconnected: session:2452D908 154.21.114.200 - processing > time 1 seconds > Error: Worker_2 accept_SSL to client 154.21.114.200 denied - the client > failed before on SSL/TLS > Error: Worker_2 *close failed on IO::Socket::SSL=GLOB(0x22463520) : Bad > file descriptor* > Info: successfully sent file messages/resendmail/n200000232.txt to (smtp > internal ip):25 (smtpDestination) > > There's repeated attempts from this single IP (and others that seem > unrelated with a similar problem). Yes, I can block the IP, but I want to > ensure that 21277 hasn't introduced an issue that's leaving files open. > > Here's another where 154.21.114.200 is connecting from the outside *to > port 587*. Odd that it would use that port instead of 25, but they're > likely a spammer trying to get around filtering. Either way. I get the > SSL accept attempt failed. Is it timing out?? > > Connected: session:48196D90 *154.21.114.200:65253* > <http://154.21.114.200:65253/> > (interal assp ip):587 > (internal smtp > ip):25 > 154.21.114.200 disconnected: session:48196D90 154.21.114.200 - processing > time 1 seconds > Error: Worker_4 accept_SSL to client 154.21.114.200 failed > IO::Socket::SSL=GLOB(0x2b79ffd0) (timeout: 5 s) : SSL accept attempt failed > > > > On Tue, Oct 5, 2021 at 9:18 AM K Post <*nntp.p...@gmail.com* > <nntp.p...@gmail.com>> wrote: > I've seen this a couple times now with 21277. Windows. > > error: unable to close Socket IO::Socket::INET=GLOB(0x10fd4f70) - - Bad > file descriptor > > and > > Oct-05-21 08:51:09 *** (our internal smtp ip):25 didn't work, trying > others... - Too many open files > Oct-05-21 08:51:09 Error: couldn't create server socket to (our internal > smtp ip):25 -- aborting connection > Oct-05-21 08:51:09 [SMTP Status] 421 <*assp.ourcharity.org* > <http://assp.ourcharity.org/>> service temporarily unavailable, closing > transmission > Oct-05-21 08:51:09 xx.32.204.172 disconnected: session:98B71A10 > xx.32.204.172 - processing time 0 seconds > > I've restarted the machine, but if this happens again (and it likely will > being that I've seen it a couple times now), where can I look to help > determine what files are getting stuck open and the cause? > > I should note that this is a relatively new Windows 2019 install. > Strawberry Perl 5.32.1.0. MySQL 8.0.26. All modules up to date. Very > light load. I didn't see this error until I started with 21277, but there > wasn't much traffic on previous builds in this particular installation. > > Thanks > > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test >
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
