Friends, The crashing was ALL caused by a griplist database location misconfiguration. I had a bad path in the config, which made the berkeley DB module leave too many connections to the griplist dbd-error.txt file open, ultimately crashing ASSP. Lesson learned: don't be a dope and have a bad path to the griplist!!! Thank you, as always, to Thomas for helping figure this one out!!
On Wed, Oct 6, 2021 at 1:35 PM K Post <nntp.p...@gmail.com> wrote: > Looking way better Thomas. Thank you. > > Connected: session:23D15F00 154.21.28.20:60788 > (assp internal ip):25 > > (smtp internal ip):25 > 154.21.28.20 warning: got an unexpected TLSv1_2 handshake > Client-Helo-Frame of version (3.3) from IP '154.21.28.20' at local IP > '(assp internal ip)' and Port '25' - the connection will be closed > 154.21.28.20 Message-Score: added 25 (etValencePB) for EarlyTalker, total > score for this message is now 25 > 154.21.28.20 info: PB-IP-Score for '154.21.28.0' is 50, added 25 in this > session > 154.21.28.20 disconnected: session:23D15F00 154.21.28.20 - processing time > 0 seconds > Connected: session:223748B0 154.21.28.20:60791 > (assp internal ip):25 > > (smtp internal ip):25 > Error: Worker_3 accept_SSL to client 154.21.28.20 denied - the client > failed before on SSL/TLS > Error: Worker_3 accept_SSL to client 154.21.28.20 denied - the client > failed before on SSL/TLS > Connected: session:297ED5F8 154.21.28.20:60795 > (assp internal ip):25 > > (smtp internal ip):25 > 154.21.28.20 disconnected: session:223748B0 154.21.28.20 - processing time > 1 seconds > > > This group of pesky servers (seems like a big range that keeps trying to > connect) keeps throwing SSL errors, but ASSP is now handling the errors > much more gracefully. No more bad file descriptor errors!!! > > It seems like a decent sized SMTP farm, I assume spamming. * Do you think > I should add the IP block to noTLSIP? *Will that force them not to use > SSL or are they just sending a handshake way too early for that to work? > > > > > > > > > > > On Wed, Oct 6, 2021 at 10:08 AM Thomas Eckardt <thomas.ecka...@thockar.com> > wrote: > >> try https://sourceforge.net/p/assp/svn/HEAD/tree/assp2/trunk/test/ >> >> tell me if and how it works for you >> >> Thomas >> >> >> >> >> Von: "K Post" <nntp.p...@gmail.com> >> An: "ASSP development mailing list" < >> assp-test@lists.sourceforge.net> >> Datum: 05.10.2021 16:30 >> Betreff: Re: [Assp-test] Too many open files - Windows >> ------------------------------ >> >> >> >> I had originally started a new thread on the below, but I wonder if stuck >> open sockets might be the cause of the Too many open files. Bad SSL >> connections seem to be failing to close "close failed on >> IO::Socket::SSL=GLOB(0x2b7a5cd0) : Bad file descriptor" That error happens >> a lot when a SMTP server is persistent, even when we kick it for previous >> failed SSL attempts. >> >> I'm aware that 21277 offers "Improved error handling in case a client or >> server connects to the default SMTP-listener (25) using SSL." >> >> I saw: >> got an unexpected TLSv1_2 handshake Client-Helo-Frame of version (3.3) >> from IP '154.21.28.74' at local IP '(my ip here)' and Port '25' - this >> frame is ignored >> and in the 21277 release thread, you said that's the new code throwing >> the warning >> >> I want to make sure something isn't awry though. It might just be >> coincidental, but with 21277, there's a couple smtp servers throwing >> warnings now and then close errors. Maybe this was always a problem with >> bad SMTP servers, just not warned about before. Most of the IP's I've seen >> have a poor Senderbase reputation, but aren't blacklisted. I've seen a lot >> from one particular IP, but there are others. Poor Reputation for the >> whole block of servers: >> *https://talosintelligence.com/reputation_center/lookup?search=154.21.114.200* >> <https://talosintelligence.com/reputation_center/lookup?search=154.21.114.200> >> >> >> Here's an excerpt from the log, which complains about Bad file descriptor >> and sockets that can't close.. Could I have something misconfigured?? >> Could the new SSL error handling be causing this, leaving things open, and >> then causing the Too many open files problem?? Is this a really bad >> behaving set of SMTP servers that ASSP is having trouble with and leaving >> things open? Or maybe it's completely unrelated to the too many open files >> problem? The below excerpt is all in the period of 2 seconds. And I see >> the same kind of thing happening, especially from this IP, many times in an >> hour. >> >> Connected: session:4C6AD911 *154.21.114.200:60973* >> <http://154.21.114.200:60973/> > (assp internal ip):25 > (smtp internal >> ip):25 >> 154.21.114.200 *warning: got an unexpected TLSv1_2 handshake >> Client-Helo-Frame of version (3.3) from IP '154.21.114.200' at local IP >> '(assp internal ip)' and Port '25' - this frame is ignored* >> Connected: session:23DBEBB0 *154.21.114.200:60975* >> <http://154.21.114.200:60975/> > (assp internal ip):25 > (smtp internal >> ip):25 >> 154.21.114.200 disconnected: session:4C6AD911 154.21.114.200 - processing >> time 0 seconds >> Error: Worker_2 accept_SSL to client 154.21.114.200 denied - the client >> failed before on SSL/TLS *<-- great, but then it doesn't seem to close >> the socket.* >> Error: Worker_2 *close failed on IO::Socket::SSL=GLOB(0x5dfd18c8) : Bad >> file descriptor* >> Error: Worker_2 accept_SSL to client 154.21.114.200 denied - the client >> failed before on SSL/TLS >> Error: Worker_2 *close failed on IO::Socket::SSL=GLOB(0x5dfd18c8) : Bad >> file descriptor* >> Connected: session:70F3C0C8 *154.21.114.200:60979* >> <http://154.21.114.200:60979/> > (assp internal ip):25 > (smtp internal >> ip):25 >> 154.21.114.200 disconnected: session:23DBEBB0 154.21.114.200 - processing >> time 1 seconds >> Connected: session:2452D908 *154.21.114.200:60982* >> <http://154.21.114.200:60982/> > (assp internal ip):25 > (smtp internal >> ip):25 >> 154.21.114.200 disconnected: session:70F3C0C8 154.21.114.200 - processing >> time 1 seconds >> Error: Worker_2 accept_SSL to client 154.21.114.200 denied - the client >> failed before on SSL/TLS >> Error: Worker_2 *close failed on IO::Socket::SSL=GLOB(0x22463520) : Bad >> file descriptor* >> 154.21.114.200 disconnected: session:2452D908 154.21.114.200 - processing >> time 1 seconds >> Error: Worker_2 accept_SSL to client 154.21.114.200 denied - the client >> failed before on SSL/TLS >> Error: Worker_2 *close failed on IO::Socket::SSL=GLOB(0x22463520) : Bad >> file descriptor* >> Info: successfully sent file messages/resendmail/n200000232.txt to (smtp >> internal ip):25 (smtpDestination) >> >> There's repeated attempts from this single IP (and others that seem >> unrelated with a similar problem). Yes, I can block the IP, but I want to >> ensure that 21277 hasn't introduced an issue that's leaving files open. >> >> Here's another where 154.21.114.200 is connecting from the outside *to >> port 587*. Odd that it would use that port instead of 25, but they're >> likely a spammer trying to get around filtering. Either way. I get the >> SSL accept attempt failed. Is it timing out?? >> >> Connected: session:48196D90 *154.21.114.200:65253* >> <http://154.21.114.200:65253/> > (interal assp ip):587 > (internal smtp >> ip):25 >> 154.21.114.200 disconnected: session:48196D90 154.21.114.200 - processing >> time 1 seconds >> Error: Worker_4 accept_SSL to client 154.21.114.200 failed >> IO::Socket::SSL=GLOB(0x2b79ffd0) (timeout: 5 s) : SSL accept attempt failed >> >> >> >> On Tue, Oct 5, 2021 at 9:18 AM K Post <*nntp.p...@gmail.com* >> <nntp.p...@gmail.com>> wrote: >> I've seen this a couple times now with 21277. Windows. >> >> error: unable to close Socket IO::Socket::INET=GLOB(0x10fd4f70) - - Bad >> file descriptor >> >> and >> >> Oct-05-21 08:51:09 *** (our internal smtp ip):25 didn't work, trying >> others... - Too many open files >> Oct-05-21 08:51:09 Error: couldn't create server socket to (our internal >> smtp ip):25 -- aborting connection >> Oct-05-21 08:51:09 [SMTP Status] 421 <*assp.ourcharity.org* >> <http://assp.ourcharity.org/>> service temporarily unavailable, closing >> transmission >> Oct-05-21 08:51:09 xx.32.204.172 disconnected: session:98B71A10 >> xx.32.204.172 - processing time 0 seconds >> >> I've restarted the machine, but if this happens again (and it likely will >> being that I've seen it a couple times now), where can I look to help >> determine what files are getting stuck open and the cause? >> >> I should note that this is a relatively new Windows 2019 install. >> Strawberry Perl 5.32.1.0. MySQL 8.0.26. All modules up to date. Very >> light load. I didn't see this error until I started with 21277, but there >> wasn't much traffic on previous builds in this particular installation. >> >> Thanks >> >> _______________________________________________ >> Assp-test mailing list >> Assp-test@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/assp-test >> >> >> >> >> DISCLAIMER: >> ******************************************************* >> This email and any files transmitted with it may be confidential, legally >> privileged and protected in law and are intended solely for the use of the >> individual to whom it is addressed. >> This email was multiple times scanned for viruses. There should be no >> known virus in this email! >> ******************************************************* >> >> _______________________________________________ >> Assp-test mailing list >> Assp-test@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/assp-test >> >
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
