Menu
▾
▴
Re: [Hermesmail-discuss] Send 10054 errors
|
From: Michael O. <ref...@ou...> - 2021-02-18 23:52:06
|
<html> <body> <br><br> BTW, I did try Pandora email client and it does not have this issue. SO it appears likely the source of the problem is somewhere in Hermes SSL code.<br><br> At 04:41 PM 2/18/2021, Michael Oujesky wrote:<br><br> <blockquote type=cite class=cite cite="">Thank you for the suggestion. I tried "never" and the send fails immediately with SSL required.<br><br> I sent out a couple of emails today that failed on the initial attempt, but then succeeded getting out on the second or third retry. I rather expect it is a timing issue in OpenSSL, but don't know if it is on my side or theirs. With Hermesmal SSL being a couple of years old now, I am wondering if a refresh of Hermes SSL support with a later version of OpenSSL might help resolve my issue.<br><br> However, I could still use documentation on settings for Eudora.ini SSL send option to test with.<br><br> Michael<br><br> At 01:51 PM 2/18/2021, Steven Zegas wrote:<br> <blockquote type=cite class=cite cite="">PS: I read the OP more carefully, and yes, it's related. I also thought about tweaking the .ini to solve this 'send' problem. Somewhere, some time, I had some documentation on the .ini. I thought I could just experiment. ... My guess? There is some new SMTP standard being implemented and TLS may be deprecated? Wild guess. <br><br> I am not sure if this is related. I have two discrete instances of Hermes installed in separate folders (with local .ini files; not reliant on the registry.) Both have used the same settings. I have separate email accounts with NetAddress (USA.net) and my clients have worked just fine with both, send/receive. Suddenly, send no longer worked (last week) - with unable to connect SMTP. Tech support insisted that they had no server-side changes ('please contact the support team for your email client.') All along, I used alternate submission port (587). I tried 465 at their request; didn't work. 25, default; didn't work. I cycled through secure sockets settings, which was working fine with 'required, STARTTLS', and finally, the one that worked is 'never'. ... In the tech all, they referred to Outlook incessantly, and the option to change or enforce PW. I'm not sure which. <br><br> Do this relate to the current email? <br> Helpful? Interesting?<br><br> <br><br> At 01:13 AM 02/18/2021, Ronald van Ginkel wrote:<br><br> <blockquote type=cite class=cite cite="">Hi Michael.<br><br> You can trace the source code to find references to it and try to understand how they work.<br><br> By example, this are some code snipets with some of those parameters:<br><br> <font face="Courier, Courier"><x-tab> </x-tab> m_pSSLReference->m_CertificateInfo.m_bIgnoreExpired<x-tab> </x-tab>= pSettings->m_nSSLReceiveIgnoreExpiredCerts;<br> <x-tab> </x-tab> m_pSSLReference->m_ProtocolInfo.m_AllowSSL_2_0 = pSettings->m_nSSLReceiveAllowVersion2;<br> <x-tab> </x-tab> m_pSSLReference->m_SSLLogSession = pSettings->m_SSLReceiveLogSession;<br> <x-tab> </x-tab> m_pSSLReference->m_ProtocolInfo.m_AllowRegExp = pSettings->m_SSLReceiveAllowRegExp;<br> <x-tab> </x-tab> m_pSSLReference->m_ProtocolInfo.m_CipherSuite = pSettings->m_SSLReceiveCipherSuite;<br> <x-tab> </x-tab> m_pSSLReference->m_ProtocolInfo.m_MinEncryption = pSettings->m_SSLReceiveMinEncryption;<br> <x-tab> </x-tab> m_pSSLReference->m_ProtocolInfo.m_MinKeyExchangeLength = pSettings->m_SSLReceiveMinKeyExchangeLength;<br> <x-tab> </x-tab> m_pSSLReference->m_CertificateInfo.m_csPrivateKey = pSettings->m_SSLReceivePrivateKey;<br> <x-tab> </x-tab> m_pSSLReference->m_CertificateInfo.m_csPassPhrase= pSettings->m_SSLReceivePrivateKeyPassword;<br><br> </font>And here they manage one of the (MinEncryption):<br><br> <font face="Courier, Courier">[...]<br> <x-tab> </x-tab> IDS_ERR_MINENCRYPTIONNONO "You have configured this personality/protocol to reject encryption levels below %ld.,\r\n But the negotiated encryption level is %ld\r\n Hence this established secure channel is unacceptable. Connection will be dropped."<br> [...]<x-tab> </x-tab><x-tab> </x-tab><br> <x-tab> </x-tab><x-tab> </x-tab><x-tab> </x-tab>// No easy way to determine this under SSL Plus 4.X.<br> <x-tab> </x-tab>if (pConnectionInfo->m_CipherKeyBits < pSSLReference->m_ProtocolInfo.m_MinEncryption)<br> <x-tab> </x-tab>{<br> <x-tab> </x-tab><x-tab> </x-tab>CString csError;<br> <x-tab> </x-tab><x-tab> </x-tab> csError.Format(CResString(IDS_ERR_MINENCRYPTIONNONO), pSSLReference->m_ProtocolInfo.m_MinEncryption, pConnectionInfo->m_CipherKeyBits);<br> <x-tab> </x-tab><x-tab> </x-tab> pConnectionInfo->m_Outcome.AddErrors(csError);<br> <x-tab> </x-tab><x-tab> </x-tab> pConnectionInfo->m_Outcome.m_Outcome = SSLOutcome::SSLREJECTED;<br> <x-tab> </x-tab>}<br> [...]<br><br> <br> </font>Of course, get some kind of documentation should be a lot easier ;-)<br><br> Regards!<br><br> ______________________________________________________________________________________________________________________________________<br> <br> I have been getting 10054 errors while sending email. No issues receiving mail, just sending. Sometime merely retrying the send works for smaller message, but if there are embedded images or attachments that doesn't work. My email provider provided the following from one of the failures <dl> <dd>Dec 17 20:28:24 pb-smtp21 postfix-sasl-smtpd[80996]: [ID 947731 mail.warning] warning: TLS library problem: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:535: 2:49 <dd>Dec 17 20:28:24 pb-smtp21 postfix-sasl-smtpd[80996]: [ID 197553 mail.info] lost connection after DATA (5739 bytes) from unknown[x.x.x.x] </dl>I have tried another email app (Pandors) and it does not have the same issue. So, I am looking to tweak the SSLSend options in Eudora.ini to see if I can resolve this issus with OpenSSL. However, I have been able to find any detail explanations of the following settings and the Eudora/Hermes pop-up for the option is singularly un-enlightening. <dl> <dd>< <a href="x-eudora-option:SSLSendAllowRegExp" eudora="autourl"> X-Eudora-Option:SSLSendAllowRegExp</a>> <dd>< <a href="x-eudora-option:SSLSendAllowVersion2" eudora="autourl"> X-Eudora-Option:SSLSendAllowVersion2</a>> <dd>< <a href="x-eudora-option:SSLSendCipherSuite" eudora="autourl"> X-Eudora-Option:SSLSendCipherSuite</a>> <dd>< <a href="x-eudora-option:SSLSendClientCertsFile" eudora="autourl"> X-Eudora-Option:SSLSendClientCertsFile</a>> <dd>< <a href="x-eudora-option:SSLSendClientCertsInfo" eudora="autourl"> X-Eudora-Option:SSLSendClientCertsInfo</a>> <dd>< <a href="x-eudora-option:SSLSendIgnoreExpCert" eudora="autourl"> X-Eudora-Option:SSLSendIgnoreExpCert</a>> <dd>< <a href="x-eudora-option:SSLSendLogSession" eudora="autourl"> X-Eudora-Option:SSLSendLogSession</a>> <dd>< <a href="x-eudora-option:SSLSendMinEncryption" eudora="autourl"> X-Eudora-Option:SSLSendMinEncryption</a>> <dd>< <a href="x-eudora-option:SSLSendMinKeyExchangeLength" eudora="autourl"> X-Eudora-Option:SSLSendMinKeyExchangeLength</a>> <dd>< <a href="x-eudora-option:SSLSendPrivateKey" eudora="autourl"> x-Eudora-option:SSLSendPrivateKey</a>> <dd>< <a href="x-eudora-option:SSLSendPrivateKeyPassword" eudora="autourl"> x-Eudora-option:SSLSendPrivateKeyPassword</a>> <dd>< <a href="x-eudora-option:SSLSendUse" eudora="autourl"> X-Eudora-Option:SSLSendUse</a>> <dd>< <a href="x-eudora-option:SSLSendVersion" eudora="autourl"> X-Eudora-Option:SSLSendVersion</a>> <dd>< <a href="x-eudora-option:SSLSendVersion3" eudora="autourl"> X-Eudora-Option:SSLSendVersion3</a>> </dl>Might someone be able to direct me to where I might find the details on these option settings?<br><br> Thank you in advance.<br><br> <br><br> <br><br> <br> _______________________________________________<br> Hermesmail-discuss mailing list<br> Her...@li...<br> <a href="https://lists.sourceforge.net/lists/listinfo/hermesmail-discuss" eudora="autourl"> https://lists.sourceforge.net/lists/listinfo/hermesmail-discuss</a><br> <br> ______________________________________________________________________________________________________________________________________ <br> _______________________________________________<br> Hermesmail-discuss mailing list<br> Her...@li...<br> <a href="https://lists.sourceforge.net/lists/listinfo/hermesmail-discuss" eudora="autourl"> https://lists.sourceforge.net/lists/listinfo/hermesmail-discuss</a> </blockquote></blockquote></blockquote></body> <br> </html> |
