We just upgraded ASSP from the latest v1 to 2.2.2(12343).
We also added listenPortSSL=465.
On ASSPv1 the implicit SSL listener was tunneled through an instance of "stunnel" as a workaround, because of some obscure library problems.
Of course this means that ASSP did not know the connecting IP address, and we had to fix it somehow.
Tests showed that those problems would go away with ASSPv2, and they did.
Unfortunately, we now have another situation.
When a connection is made on port 465, but the connecting peer does not begin or complete the SSL handshake, the following kind of warning is logged :
[Worker_2] Error: Worker_2 accept to client failed IO::Socket::SSL=GLOB(0x7f5456500108) (timeout: 5 s) : Resource temporarily unavailable
The reason may vary. For example we can replicate the same error with "nc -z host 465", but the message is instantly written to the logs (without the 5 seconds timeout) and the reason is missing:
[Worker_2] Error: Worker_2 accept to client failed IO::Socket::SSL=GLOB(0x10152210) (timeout: 5 s) :
This does not happen a lot by itself, but it happens sometimes and we have plenty of those in the logs.
Bad SSL implementations, port scanning and exploitation of SSL vulnerabilities are just some of the reasons we could think of.
Anyway, it seems to be just a warning (a warning about a socket error, logged as an error, but still a warning) and nothing bad happens: the worker is freed and the service continue to work correctly.
The problem begins when the resetFH subroutine is called, apparently after 10 of those errors :
[Main_Thread] Info: try to renewed listening on port 0.0.0.0:465 - after too many errors
[Main_Thread] Info: Main_Thread is waiting until Workers finished current SMTP-connections or 630 seconds - to renew Socket-Listener
To begin with, the 600 seconds timeout is a long timeout for a reason: should be used for a soft restart, not in case of emergency.
Also, 30 seconds are added in the code, so lowering the setting does not help.
In the meantime, no SSL service is available.
When the timeout is reached or all the workers finished their jobs, the following happens :
[Main_Thread] Info: Main_Thread detected - all Workers are finished current SMTP-connections
[Main_Thread] Couldn't create server SSL-socket on port '465' -- maybe another service is running or I'm not root (uid=65534)? - or a wrong IP address is specified? -- Permission denied - IO::Socket::INET configuration failederror:00000000:lib(0):func(0):reason(0)
The service lowered its rights after being started, therefore it can not renew the listener.
There is no secure workaround to this problem: we want the 465 port to be protected from unprivileged users.
At this moment assp restarts, and more time is lost.
We obviously do not want this behavior, but there is no configuration variables to deactivate it.
We had to comment the last "if" block within the ConToThread subroutine, in order to avoid the call of resetFH "after too many errors".
We think that this is not just a blocking problem, but also a security issue.
With a few connections to the SSL port, anyone can deny access to ASSP for a while (via SSL at first, any access during the restart).
By doing this continually, the DoS is permanent.
Thank you for correcting this issue in the next release, or please help us find what we did wrong.