Menu
▾
▴
Re: [Assp-test] Antwort: incoming tls connection leads into time out
|
From: Marco (s. box) <sp...@op...> - 2012-09-25 07:34:55
|
Hello, >This is a 'assp-test' list. Test's for build 12169 are done - three months ago - we are at build 12259. Sorry, I thought its for the hole assp 2 branch. Now I'm running 12259 and you are testing 12265 ;-) I will update it right now. >2012-08-15 fixed in assp 2.2.2 build 12228: I just want to let you know, that my problem still exists with version > 12228. This night a server wanted to deliver a mail with attachment again. My SSL proxy config (assp.cfg) DoTLS:=2 SSL_version:=SSLv2/3 SSL_cipher_list:= NoTLSlistenPorts:= TLStoProxyListenPorts:= SSLCertFile:="here I've got a hash of the file path" SSLKeyFile:= "here I've got a hash of the file path" SSLPKPassword:="hash.." SSLCaFile:="hash.." noTLSIP:=file:files/notls.txt sendEHLO:= SSLRetryOnError:=1 SSLtimeout:=360 SSLDEBUG:=3 I've got configured ClamAV with assp and have disabled all Plugins. Only OCR is enabled. Regards Marco -----Ursprüngliche Nachricht----- Von: Thomas Eckardt [mailto:Tho...@th...] Gesendet: Donnerstag, 20. September 2012 08:35 An: ASSP development mailing list Betreff: [Assp-test] Antwort: incoming tls connection leads into time out >I'm currently running ASSP 2.2.2(12169) This is a 'assp-test' list. Test's for build 12169 are done - three months ago - we are at build 12259. Reading the changelog for build 12228 shows: 2012-08-15 fixed in assp 2.2.2 build 12228: changed: - If the receive of mail data takes longer than 'smtpIdleTimeOut' (or 180 seconds if not set) and all the data are queued for the final Plugin-, charset conversion- or DKIM- processing - assp sends a simple header line X-ASSP-KEEP:[CR][LF] to the server and resets this special internal timer. So your MTA should get every 180 seconds this line in the DATA part of the mail as long as ASSP receives the slow large DATA, to keep the connection alife. This is done to prevent SMTP-timeouts for the MTA connection. >Does this line mean that there is a connection OR assp is receiving data? yes - SC-Time = SocketCall - Time - this line is diagnostics only (WorkerLog = 3) >'451 4.7.0 Timeout waiting for client input' Your MTA should have a longer SMTP timeout. >what's going wrong while talking ssl This has nothing to do with SSL ! Thomas Von: "Marco (spam box)" <sp...@op...> An: "ass...@li..." <ass...@li...>, Datum: 19.09.2012 13:27 Betreff: [Assp-test] incoming tls connection leads into time out Hello, I'm currently running ASSP 2.2.2(12169) and had two issues with incoming mails with attachment of about 10MB. I saw at the "SMTP connection List" a connection from the sending mail server transferring half a megabyte within 5 Minutes. The connection between the servers seemed to be very slow. After 5 Minutes my exchange server behind assp answered with '451 4.7.0 Timeout waiting for client input'. The exchange hub cancelled the connection because of the "ConnectionInactivityTimeout". Logfiles of assp: Sep-14-12 19:00:17 m-42016-02234 [Worker_1] [TLS-in] ip.ip.ip.ip <from> to: tu@x.us SC-Time Worker_1: 0.00290203094482422 [... 5 minutes lines of this kind...] Sep-14-12 19:05:17 m-42016-02234 [Worker_1] [TLS-in] ip.ip.ip.ip <from> to: tu@x.us SC-Time Worker_1: 0.00290203094482422 Sep-14-12 19:05:17 [Worker_1] [TLS-out] info: got reply '451 4.7.0 Timeout waiting for client input' - message is rejeted by the server host Sep-14-12 19:05:17 m-42016-02234 [Worker_1] [TLS-in] ip.ip.ip.ip <from@x.y> to: to@x.us [SMTP Status] 451 4.7.0 Timeout waiting for client input Sep-14-12 19:05:17 [Worker_1] [TLS-out] SC-Time Worker_1: 0.00414204597473145 Sep-14-12 19:05:17 m-42016-02234 [Worker_1] [TLS-in] ip.ip.ip.ip <from@x.y> to: to@x.us SC-Time Worker_1: -0.000149011611938477 Sep-14-12 19:05:17 m-42016-02234 [Worker_1] [TLS-in] ip.ip.ip.ip <from@x.y> to: to@x.us finished message - received DATA size: 673.65 kByte - sent DATA size: 0 Byte DoTLS is configured to "do TLS". Most of the mails are delivered via TLS without problems. I added the servers ip addresses to noTLSIP. After that the mail came in with usual speed. Maybe the servers have a problem to communicate and transfer the mail via SSL. The timeout of Exchange said that no data has been transferred for 5 minutes. The sender tries to send from multiple MTAs without success the hole day while mails from same origin without attachment will pass. Does this line mean that there is a connection OR assp is receiving data? Sep-14-12 19:05:17 m-42016-02234 [Worker_1] [TLS-in] ip.ip.ip.ip <from> to: tu@x.us SC-Time Worker_1: 0.00290203094482422 Has someone an idea how to find out, what's going wrong while talking ssl? Regards Marco ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Assp-test mailing list Ass...@li... https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* |