1. Summary
  2. Files
  3. Support
  4. Report Spam
  5. Create account
  6. Log in

crash or no smtp functionality after tls or ssl

Moderators: pdreissen, fribo

crash or no smtp functionality after tls or ssl

Postby fixmbr » Fri Nov 18, 2011 4:06 pm

I configured DoTLS=do TLS with the delivered certs from you
I configured 587 as second lisen port requiring auth

Going into thunderbird account setup: SMTP Port 587, SSL Autodetect and Auth with auto mode for detecting if the password has to be encrypted or not. The client will test with ssl/tls,starttls,without and with encrypted password and normal.
If I test this two or three times assp will restart, will crash or the smtp proxy would not work properbly

Log file with restart
Nov-18-11 16:27:47 [Worker_1] Error: Worker_1 accept to client failed IO::Socket::SSL=GLOB(0x17bddcf0) (timeout: 180 s) : Bad file descriptor
Nov-18-11 16:27:47 [Worker_2] Error: Worker_2 accept to client failed IO::Socket::SSL=GLOB(0x1a5ad9f0) (timeout: 180 s) : Bad file descriptor
Nov-18-11 16:27:47 [Worker_2] Error: Worker_2 accept to client failed IO::Socket::SSL=GLOB(0x1aec9108) (timeout: 180 s) : Bad file descriptor
Nov-18-11 16:27:48 [Worker_1] Connected: 192.168.222.151:46054 > 192.168.222.152:25 > 127.0.0.1:41804 > 127.0.0.1:225 , 19-20
Nov-18-11 16:27:48 [Worker_1] 192.168.222.151 info: injected '250-STARTTLS' offer in to EHLO reply
Nov-18-11 16:27:48 [Worker_1] 192.168.222.151 info: send '250-STARTTLS' - injected for 127.0.0.1
Nov-18-11 16:27:49 [Worker_1] Disconnected: 192.168.222.151 - command list was 'EHLO,QUIT' - used 2 SocketCalls
Nov-18-11 16:27:49 [Worker_1] Connected: 192.168.222.156:47601 > 192.168.222.152:25 > 127.0.0.1:41806 > 127.0.0.1:225 , 19-20
Nov-18-11 16:27:50 [Worker_1] Disconnected: 192.168.222.156 - command list was 'HELO,MAIL FROM,QUIT' - used 3 SocketCalls
Nov-18-11 16:28:09 [Worker_1] Error: Worker_1 accept to client failed IO::Socket::SSL=GLOB(0x1753b3e8) (timeout: 180 s) : Bad file descriptor
Nov-18-11 16:28:09 [Worker_1] Error: Worker_1 accept to client failed IO::Socket::SSL=GLOB(0x1746b390) (timeout: 180 s) : Bad file descriptor
Nov-18-11 16:28:09 [Worker_1] Error: Worker_1 accept to client failed IO::Socket::SSL=GLOB(0x17be8168) (timeout: 180 s) : Bad file descriptor
Nov-18-11 16:28:22 [Worker_10000] Info: synchronizing and compacting all BerkeleyDB hashes to disk
Nov-18-11 16:28:25 [Worker_1] Error: Worker_1 accept to client failed IO::Socket::SSL=GLOB(0x17a33008) (timeout: 180 s) : Bad file descriptor
Nov-18-11 16:28:25 [Worker_1] Error: Worker_1 accept to client failed IO::Socket::SSL=GLOB(0x179b6128) (timeout: 180 s) : Bad file descriptor
Nov-18-11 16:28:25 [Main_Thread] Info: try to renewed listening on port 0.0.0.0:587 - after too many errors
Nov-18-11 16:28:25 [Main_Thread] Info: Main_Thread is waiting until Workers finished current SMTP-connections or 390 seconds - to renew Socket-Listener
Nov-18-11 16:28:25 [Main_Thread] Info: Main_Thread detected - all Workers are finished current SMTP-connections
Nov-18-11 16:28:25 [Main_Thread] Info: renewed listening for additional SMTP connections on port 0.0.0.0:587 - after too many errors
Nov-18-11 16:31:00 [Main_Thread] Info: unable to detect any running worker for a new connection - wait
Nov-18-11 16:31:00 [Main_Thread] Info: unable to detect any running worker for a new connection - wait
Nov-18-11 16:31:00 [Main_Thread] Info: unable to detect any running worker for a new connection - wait
Nov-18-11 16:31:00 [Main_Thread] Info: unable to detect any running worker for a new connection - wait
Nov-18-11 16:31:00 [Main_Thread] Info: unable to detect any running worker for a new connection - wait
Nov-18-11 16:31:00 [Main_Thread] Info: unable to detect any running worker for a new connection - wait
Nov-18-11 16:31:00 [Main_Thread] Info: unable to detect any running worker for a new connection - wait
Nov-18-11 16:31:00 [Main_Thread] Info: unable to detect any running worker for a new connection - wait
Nov-18-11 16:31:00 [Main_Thread] Info: unable to detect any running worker for a new connection - wait
[...]
Nov-18-11 16:33:03 [Main_Thread] Info: unable to detect any running worker for a new connection - wait
Nov-18-11 16:33:03 [Main_Thread] Info: unable to detect any running worker for a new connection - wait
Nov-18-11 16:33:03 [Main_Thread] Info: unable to detect any running worker for a new connection - wait
Nov-18-11 16:33:03 [Main_Thread] Info: unable to detect any running worker for a new connection - wait
Nov-18-11 16:33:03 [Main_Thread] Info: unable to detect any running worker for a new connection - wait
Nov-18-11 16:33:03 [Main_Thread] Info: unable to detect any running worker for a new connection - wait
Nov-18-11 16:33:04 [Main_Thread] Info: unable to detect any running worker for a new connection - wait
Nov-18-11 16:33:04 [Main_Thread] Warning: Main_Thread is unable to transfer connection to any worker - try again!
Nov-18-11 16:33:04 [Main_Thread] Error: Main_Thread is unable to transfer connection to any worker within 120 seconds - restart ASSP!
Nov-18-11 16:33:04 [Main_Thread] Initializing shutdown sequence
Nov-18-11 16:33:04 [Shutdown] Info: removing all SMTP and Proxy listeners
Nov-18-11 16:33:04 [Shutdown] Waiting for all SMTP-Workers to be finished
Nov-18-11 16:33:04 [Worker_4] Worker_4 finished
Nov-18-11 16:33:04 [Worker_3] Worker_3 finished
Nov-18-11 16:33:04 [Worker_1] Worker_1 finished
Nov-18-11 16:33:04 [Worker_5] Worker_5 finished
Nov-18-11 16:33:04 [Worker_2] Worker_2 finished
Nov-18-11 16:33:04 [Shutdown] SMTP Workers finished
Nov-18-11 16:33:04 [Shutdown] Waiting for high Workers to be finished
Nov-18-11 16:33:07 [Worker_10001] Worker_10001 finished
Nov-18-11 16:33:07 [Worker_10000] Worker_10000 finished
Nov-18-11 16:33:07 [Shutdown] High workers finished work
Nov-18-11 16:33:07 [Shutdown] Saving whitelist
Nov-18-11 16:33:07 [Shutdown] Info: 48 records of Whitelist saved
Nov-18-11 16:33:07 [Shutdown] Saving redlist
Nov-18-11 16:33:07 [Shutdown] Info: 0 records of Redlist saved
Nov-18-11 16:33:07 [Shutdown] Saving delaying records
Nov-18-11 16:33:07 [Shutdown] Info: 0 records of Delay saved
Nov-18-11 16:33:07 [Shutdown] Info: 0 records of DelayWhite saved
Nov-18-11 16:33:07 [Shutdown] Saving ldaplist
Nov-18-11 16:33:07 [Shutdown] Info: 0 records of LDAPlist saved
Nov-18-11 16:33:07 [Shutdown] Saving penalty records
Nov-18-11 16:33:07 [Shutdown] Info: 0 records of PBBlack saved
Nov-18-11 16:33:07 [Shutdown] Info: 0 records of PBWhite saved
Nov-18-11 16:33:07 [Shutdown] Info: 0 records of PBTrap saved
Nov-18-11 16:33:07 [Shutdown] Saving cache records
Nov-18-11 16:33:07 [Shutdown] Info: 0 records of RBLCache saved
Nov-18-11 16:33:07 [Shutdown] Info: 0 records of URIBLCache saved
Nov-18-11 16:33:07 [Shutdown] Info: 0 records of SPFCache saved
Nov-18-11 16:33:07 [Shutdown] Info: 0 records of PTRCache saved
Nov-18-11 16:33:07 [Shutdown] Info: 0 records of MXACache saved
Nov-18-11 16:33:07 [Shutdown] Info: 49 records of SBCache saved
Nov-18-11 16:33:07 [Shutdown] Info: 0 records of RWLCache saved
Nov-18-11 16:33:07 [Shutdown] Info: 0 records of DKIMCache saved
Nov-18-11 16:33:07 [Shutdown] Info: 0 records of BATVTag saved
Nov-18-11 16:33:07 [Shutdown] Info: 0 records of BackDNS saved
Nov-18-11 16:33:07 [Shutdown] Saving personal Black records
Nov-18-11 16:33:07 [Shutdown] Info: 0 records of PersBlack saved
Nov-18-11 16:33:07 [Shutdown] Info: saving Stats in file asspstats.sav
Nov-18-11 16:33:07 [Shutdown] Info: synchronizing and compacting all BerkeleyDB hashes to disk
Nov-18-11 16:33:07 [Shutdown] Closing all databases
Nov-18-11 16:33:07 [Shutdown] Info: removing all WEB listeners
Nov-18-11 16:33:07 [Shutdown] Info: shutdown reason was: restarting
Nov-18-11 16:33:07 [Shutdown] ASSP finished work

If I'm lucky assp will start again.
If not assp will not shut down it will loop from stuck to normal and back to stuck with the next connection:
Nov-18-11 08:28:41 [Worker_10000] Info: MainThread has retured to normal state after stuck
Nov-18-11 08:29:09 [Worker_1] Error: Worker_1 accept to client failed IO::Socket::SSL=GLOB(0x17961160) (timeout: 360 s) : Bad file descriptor
Nov-18-11 08:30:11 [Worker_10000] Error: MainThread stuck for 61 seconds after: MainLoop get the best worker = 1 (0 sockets) - last debug step was: servicecheck!
Nov-18-11 08:30:16 [Worker_10000] Info: looking for files to (re)send
Nov-18-11 08:32:23 [Worker_10000] Info: MainThread has retured to normal state after stuck
Nov-18-11 08:32:50 [Worker_3] Error: Worker_3 accept to client failed IO::Socket::SSL=GLOB(0x1e10da38) (timeout: 360 s) : Bad file descriptor
Nov-18-11 08:34:00 [Worker_1] Error: Worker_1 accept to client failed IO::Socket::SSL=GLOB(0x179602f0) (timeout: 360 s) : Bad file descriptor
Nov-18-11 08:35:02 [Worker_10000] Error: MainThread stuck for 61 seconds after: MainLoop get the best worker = 1 (0 sockets) - last debug step was: servicecheck!
Nov-18-11 08:35:12 [Worker_10000] Info: MainThread has retured to normal state after stuck
Nov-18-11 08:35:18 [Worker_10000] Info: looking for files to (re)send
Nov-18-11 08:35:40 [Worker_2] Error: Worker_2 accept to client failed IO::Socket::SSL=GLOB(0x1b1cfcc0) (timeout: 360 s) : Bad file descriptor
Nov-18-11 08:36:21 [Worker_1] Error: Worker_1 accept to client failed IO::Socket::SSL=GLOB(0x17969488) (timeout: 360 s) : Bad file descriptor
Nov-18-11 08:37:01 [Worker_2] Error: Worker_2 accept to client failed IO::Socket::SSL=GLOB(0x1b385b60) (timeout: 360 s) : Bad file descriptor
Nov-18-11 08:37:41 [Worker_1] Error: Worker_1 accept to client failed IO::Socket::SSL=GLOB(0x17967738) (timeout: 360 s) : Bad file descriptor
Nov-18-11 08:38:44 [Worker_10000] Error: MainThread stuck for 62 seconds after: MainLoop get the best worker = 1 (0 sockets) - last debug step was: servicecheck!

In this morning I was wondering why there are no normal smtp connections from outside without auth and TLS within the log file.
I connected to my Port 25 for receiving Mails from outside and the service didn't offer me "220 xxxx Microsoft ESMTP MAIL Service ready" line. It seems that assp will offers a secure dialog to my listenPort1.
fixmbr
 
Posts: 6
Joined: Wed Nov 16, 2011 10:26 am

Re: crash or no smtp functionality after tls or ssl

Postby fixmbr » Sat Nov 19, 2011 1:16 pm

Nov-19-11 14:08:12 [Worker_1] Error: Worker_1 accept to client failed IO::Socket::SSL=GLOB(0x175c6980) (timeout: 180 s) : Bad file descriptor
Nov-19-11 14:08:13 [Main_Thread] Info: try to renewed listening on port 0.0.0.0:587 - after too many errors
Nov-19-11 14:08:13 [Main_Thread] Info: Main_Thread is waiting until Workers finished current SMTP-connections or 390 seconds - to renew Socket-Listener
Nov-19-11 14:08:13 [Main_Thread] Info: Main_Thread detected - all Workers are finished current SMTP-connections
Nov-19-11 14:08:13 [Main_Thread] Info: renewed listening for additional SMTP connections on port 0.0.0.0:587 - after too many errors

If I'm connecting to port 25 there is no readable line from assp. If I'm typing something to the promt the cursor will move wihtout printing Characters. Seems to be a ssl connection.

lots of
Nov-19-11 14:12:50 [Main_Thread] Info: unable to detect any running worker for a new connection - wait

this time assp shuts down and will restarts.
fixmbr
 
Posts: 6
Joined: Wed Nov 16, 2011 10:26 am

Re: crash or no smtp functionality after tls or ssl

Postby fixmbr » Sat Nov 19, 2011 1:26 pm

the restart stuck at:
Nov-19-11 14:16:19 [Worker_10000] Griplist update complete: IPv6 addresses, IPv4 addresses
Nov-19-11 14:16:19 [Main_Thread] Saving config
Nov-19-11 14:16:19 [Main_Thread] Finished saving config
Nov-19-11 14:16:19 [Worker_4] AdminUpdate: warning count of URIBLServiceProvider not >= URIBLmaxreplies - possibly ok if weigths are used
Nov-19-11 14:16:19 [Worker_4] AdminUpdate: warning count of URIBLServiceProvider not >= URIBLmaxreplies - possibly ok if weigths are used
fixmbr
 
Posts: 6
Joined: Wed Nov 16, 2011 10:26 am

Re: crash or no smtp functionality after tls or ssl

Postby fixmbr » Mon Nov 21, 2011 1:54 pm

One of my users installed the assp certification with default settings. The cert should be installed into the "trusted root certification authorities" container.
If not the conntect of the user will lead to this line:
[Worker_1] Error: Worker_1 accept to client failed IO::Socket::SSL=GLOB(0x175c6980) (timeout: 180 s) : Bad file descriptor

Nevertheless it is possible that someone from outside can shutdown my asspspam proxy :-/
fixmbr
 
Posts: 6
Joined: Wed Nov 16, 2011 10:26 am

Re: crash or no smtp functionality after tls or ssl

Postby beddo » Fri Dec 02, 2011 11:45 am

Are you using a self signed cert? That would be the only reason the end user would have to install the self signed cert.

I also had to play about a bit to get ASSP to work with a chained certificate. I needed to create a single .pem file with the actual cert in there first and the cabundle pasted directly after. Without that then the certificate or cabundle would have had to have been installed manually by clients.

I'm not sure about the loss of connectivity though, I never saw anything like that.
beddo
 
Posts: 98
Joined: Mon Aug 23, 2010 5:05 pm


Return to Bug reports

Who is online

Users browsing this forum: No registered users and 1 guest

cron