Hello Thomas, and anyone else interested,
I've been having issues with both types of encrypted SMTP connections in
ASSP. I believe they started sometime on or after build 13217. One
aspect of the issue (#1) is that STARTTLS enabled connections will
randomly stop working after the ASSP service has been running for a
while. The error then sent to the mail client says: "An error occurred
sending mail: Unable to establish a secure link with SMTP server
smtp.XXXXX.com using STARTTLS since it doesn't advertise that feature.
Switch off STARTTLS for that server or contact your service provider." A
restart of ASSP will temporarily resolve the issue, and get the STARTTLS
verb back for a time.
The other related issue (#2) that I am seeing is that SSL secured
connections can usually send mail ok, as long as it doesn't have an
attachment. It seems that emails with attachments (not sure this is
exclusive, just what I've noticed), even if they were small attachments
such as 100 KB or less, sometimes (usually after ASSP is running for a
while) produced this error at the mail client: "Sending of message
failed. The message could not be sent because the connection to SMTP
server smtp.XXXXX.com was lost in the middle of the transaction. Try
again or contact your network administrator". This error also adds the
IP to the SSLfailed cache, and blocks any further attempts to send mail
via SMTP, until it is removed from the cache.
Additionally, sometimes these attachments/larger emails just disappear
and the recipient never gets them. The sender also does not get an error
message about the failed transmission in their mail client. The email
just appears to have been sent normally as far as they know. ASSP logs
just make mention that the email is passing through and it's over
/npSize/, and do not mention anything about blocking it. My mail server
is also not doing any sort of blocking at all. But the mail just
disappears. It's a fairly rare occurence but it has been noticeably
happening, and to multiple, disparate, users as well. I suspect that the
connection drops, as it does in the above error, but the error never
gets sent back to the client, and the partial email cannot be sent on to
its destination and so is destroyed. But the way this happens is that
the user gets no notice that the mail did not actually get sent to its
destination.
The latest issue (#3) is that now I cannot connect to SMTP with SSL/TLS
at all, on any port (25, 465, 587). The connection just times out. This
was after I had changed around my ASSP network config. Previously, I had
all additional connections just going to/smtpDestination,/ but then, in
an attempt to resolve the previous issues, I reconfigured and added
separate destinations for /smtpDestinationSSL/ and /smtpAuthServer/. It
might seem like a misconfiguration or that a server isn't listening, but
STARTTLS works fine on these same ports. I previously was able to use
SSL/TLS here though, and only switched to STARTTLS because of the #2
SSL/TLS problems. All I am doing is proxying the connections, on the
same port, to my mailserver (Exim) on 127.0.0.1. So externalip:465
(ASSP) goes to 127.0.0.1:465 (Exim), and the same for the other ports.
Also, the additional ports are setup the same way in Exim, so there's
really nothing functionally different between the port 25 it was
previously listening on and the newly added port 587/465.
Ok, I've now reversed the ASSP configuration just above, and went back
to a single SMTP destination. All I did was change the ASSP config to
remove the additional SMTP destinations (made the additional options
blank, so it would revert to the main SMTP destination) and restarted
ASSP. I just left my mailserver alone. But now I have SSL/TLS SMTP
connections back. That behavior (losing the ability to make SSL/TLS
connections) is not what I would expect from configuring those
additional SMTP destination settings in ASSP though. Am I just missing
some setting needed for this port configuration, or do you see this as well?
I noticed in the changelog for assp 2.3.4 build 13251 that "after
upgrading IO::Socket::SSL and Net::SSLeay to the latest version sending
blockreports, sync requests, notifications and resend mails using
STARTTLS has been failed in some cases", and that sounded a lot like my
STARTTLS issue, except with SMTP, so I wonder if it might be related? I
don't remember exactly when I upgraded IO::Socket::SSL though.
Thanks in advance for investigating this. Please let me know if there's
any more information that you need, or if you need me to try something
out. I'm willing to do what I can to make ASSP better.
-C
--------------
Configuration:
I am aware of the SSLfailed cache and have been removing the ips from
there when testing. Though I'm pretty sure it was only error #2 that
added the ips to that cache.
Except for /DoTLS/, /SSLRetryOnError/, and the certificate settings,
/SSL Proxy and TLS Support/ settings are set to the defaults.
Currently running ASSP version 2.3.4(13303) (Perl 5.014003) (on linux -
Centos 5.10 64 bit)
OpenSSL is the default CentOS 5 RPM package, Version : 0.9.8e
Release : 26.el5_9.1
Perl Modules:
Module Name Module Version Module Status Download
show module load errors installed / required(recommended)
ASSP_FC disabled by Module Setup / 1.03 is disabled in config
CPAN
ASSP_SVG disabled by Module Setup / 1.02 is disabled in config
CPAN
ASSP_WordStem 1.23 / 1.23 enabled sourceforge
AsspSelfLoader 2.03 / 2.03 enabled sourceforge
Authen::SASL 2.16 / 2.1401 enabled CPAN
BerkeleyDB disabled by Module Setup / 0.42 is disabled in config
CPAN
BerkeleyDB_DBEngine / 4.5 status unknown oracle
Compress::Zlib 2.061 / 2.008 enabled CPAN
Convert::TNEF 0.18 / 0.17 enabled CPAN
DB_File disabled by Module Setup / 1.816 is disabled in config
CPAN
Digest::MD5 2.52 / 2.36_01 enabled CPAN
Digest::SHA1 2.13 / 2.11 enabled CPAN
Email::MIME 1.911 / 1.442 enabled CPAN
Email::Send 2.198 / 2.192 enabled CPAN
File::ReadBackwards 1.05 / 1.04 enabled CPAN
File::Scan::ClamAV disabled by Module Setup / 1.8 is disabled in
config CPAN
IO::Poll 0.08 / 0.07 enabled CPAN
IO::Select 1.20 / 1.17 enabled CPAN
IO::Socket::INET6 disabled by Module Setup / 2.67 is not
detected (enableIPv6 is not set) CPAN
IO::Socket::SSL 1.955 / 1.32 enabled CPAN
LWP::Simple 6.00 / 1.41 enabled CPAN
MIME::Types 1.38 / 1.23 enabled CPAN
Mail::DKIM::Verifier 0.4 / 0.37 enabled CPAN
Mail::SPF 2.008 / 2.007 enabled CPAN
Mail::SPF::Query 1.999001 / 1.999001 enabled CPAN
Mail::SRS 0.31 / 0.31 enabled CPAN
Net::CIDR::Lite 0.21 / 0.20 enabled CPAN
Net::DNS 0.72 / 0.61 enabled CPAN
Net::IP 1.50 / 1.26 enabled CPAN
Net::LDAP disabled by Module Setup / 0.33 is disabled in config
CPAN
Net::SMTP 2.31 / 2.31 enabled CPAN
Net::SMTP::TLS disabled by Module Setup / 0.12 is disabled in
config CPAN
Net::SSLeay 1.55 / 1.35 enabled CPAN
NetAddr::IP::Lite 1.50 / 1.47 enabled CPAN
NetSNMP::agent disabled by Module Setup / 5.05 is disabled in
config CPAN
PerlIO::scalar 0.11_01 / 0.05 enabled CPAN
Regex::Optimizer 1.12 / 1.12 enabled sourceforge
Regexp::Optimizer disabled by Module Setup / 0.23 is disabled in
config CPAN
Schedule::Cron 1.01 / 0.97 enabled CPAN
Sys::CpuAffinity 1.06 / 1.05 enabled CPAN
Sys::MemInfo 0.91 / 0.91 enabled CPAN
Sys::Syslog 0.33 / 0.25 enabled CPAN
Text::Unidecode 0.04 / 0.04 enabled CPAN
Thread::Queue 3.02 / 2.11 enabled CPAN
Thread::State 0.09 / 0.09 enabled CPAN
Tie::RDBM 0.73 / 0.70 enabled CPAN
Time::HiRes 1.9725 / 1.9707 enabled CPAN
Unicode::GCString 2012.10 / 2012.04 enabled CPAN
threads 1.87 / 1.74 enabled CPAN
threads::shared 1.43 / 1.32 enabled CPAN
------------------------------------------------------------------------------
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
