Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: jens wefer <jens.wefer@××××××.net>
To: gentoo-user@l.g.o
Subject: Re: perl ssl was:Re: [gentoo-user] dovecot imap-login
Date: Tue, 22 Dec 2015 15:48:36
Message-Id: 20151222164822.000000ca@ewetel.net
In Reply to: Re: perl ssl was:Re: [gentoo-user] dovecot imap-login by Mick
1 Am Sun, 20 Dec 2015 23:18:00 +0000
2 schrieb Mick <michaelkintzios@×××××.com>:
3
4 > On Saturday 19 Dec 2015 10:31:09 jens wefer wrote:
5 > > Am Mon, 14 Dec 2015 08:50:29 +0100
6 > >
7 > > schrieb jens wefer <jens.wefer@××××××.net>:
8 > > > Am Sat, 12 Dec 2015 23:09:20 +0100
9 > > >
10 > > > schrieb jens wefer <jens.wefer@××××××.net>:
11 > > > > Am Sat, 12 Dec 2015 17:53:04 +0000
12 > > > >
13 > > > > schrieb Stroller <stroller@××××××××××××××××××.uk>:
14 > > > > > > On Sat, 12 December 2015, at 3:08 a.m., jens wefer
15 > > > > > > <jens.wefer@××××××.net> wrote:
16 > > > > > >
17 > > > > > > I set up a mail server, postfix/dovecot, ssl required.
18 > > > > > > test with mail-client, all ok
19 > > > > > > when I try to copy mails with imapsync (gentoo) comes
20 > > > > > > timeout, and imapsync will login again.
21 > > > > > > with each new login, a new process imap-login is generated.
22 > > > > >
23 > > > > > Sorry if this is a dumb question, but how do you know it's
24 > > > > > timing out?
25 > > > > >
26 > > > > > Could it just be slow, as it has to compile loads of messages
27 > > > > > in its first run?
28 > > > > >
29 > > > > > Looks like dovecot has a 30 minute timeout. [1]
30 > > > > >
31 > > > > > An old message on the Dovecot mailing list [2] suggests to set
32 > > > > > "verbose_proctitle = yes" in config to see why each process is
33 > > > > > open.
34 > > > > >
35 > > > > > It also suggests using high-performance mode, rather that the
36 > > > > > default.
37 > > > > >
38 > > > > > Stroller.
39 > > > >
40 > > > > timeout comes from imapsync (default timeout 120 sec).
41 > > > > after 10 minutes then running 5 Dovecot processes which want
42 > > > > 100% CPU time. mail logfile:
43 > > > > imap-login: Login: user = .... blablub, TLS ession, ..
44 > > >
45 > > > I think that's a problem with perl.
46 > > > When I send an email with sendEmail comes SSLv3 Aler handshake
47 > > > failure. if I use a newer sendEmail version (1.56.5) comes
48 > > > Segnentation fault. when I start sendEmail on CentOS is
49 > > > everything ok.
50 > >
51 > > I send emails with email-client and sendEmail (win/centos).
52 > > mail.log
53 > > [...]: initializing the server-side TLS engine
54 > > [...]: connect from brumw.lxsbbshome.tld[192.168.0.15]
55 > > [...]: setting up TLS connection from
56 > > brumw.lxsbbshome.tld[192.168.0.15] [...]:
57 > > brumw.lxsbbshome.tld[192.168.0.15]: TLS cipher list
58 > > "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]:
59 > > SSL_accept:before/accept initialization [...]: SSL_accept:SSLv3
60 > > read client hello A [...]: SSL_accept:SSLv3 write server hello A
61 > > [...]: SSL_accept:SSLv3 write certificate A [...]: SSL_accept:SSLv3
62 > > write server done A [...]: SSL_accept:SSLv3 flush data
63 > > [...]: SSL_accept:SSLv3 read client certificate A
64 > > [...]: SSL_accept:SSLv3 read client key exchange A
65 > > [...]: SSL_accept:SSLv3 read certificate verify A
66 > > [...]: SSL_accept:SSLv3 read finished A
67 > > [...]: brumw.lxsbbshome.tld[192.168.0.15]: Issuing session ticket,
68 > > key expiration: 1450478594 [...]: SSL_accept:SSLv3 write session
69 > > ticket A [...]: SSL_accept:SSLv3 write change cipher spec A
70 > > [...]: SSL_accept:SSLv3 write finished A
71 > > [...]: SSL_accept:SSLv3 flush data
72 > > [...]: Anonymous TLS connection established from
73 > > brumw.lxsbbshome.tld[192.168.0.15]: TLSv1.2 with cipher
74 > > AES128-GCM-SHA256 (128/128 bits) [...]: AFC46282149:
75 > > client=brumw.lxsbbshome.tld[192.168.0.15]
76 > >
77 > > when I send email with sendEmail from gentoo-client it comes
78 > > handshake error mail.log
79 > > [...]: initializing the server-side TLS engine
80 > > [...]: connect from robin.lxsbbshome.tld[192.168.0.17]
81 > > [...]: setting up TLS connection from
82 > > robin.lxsbbshome.tld[192.168.0.17] [...]:
83 > > robin.lxsbbshome.tld[192.168.0.17]: TLS cipher list
84 > > "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]:
85 > > SSL_accept:before/accept initialization [...]: SSL3 alert
86 > > write:fatal:handshake failure [...]: SSL_accept:error in error
87 > > [...]: SSL_accept:error in error [...]: SSL_accept error from
88 > > robin.lxsbbshome.tld[192.168.0.17]: -1 [...]: warning: TLS library
89 > > problem: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong
90 > > version number:s3_srvr.c:960: [...]: lost connection after STARTTLS
91 > > from robin.lxsbbshome.tld[192.168.0.17] [...]: disconnect from
92 > > robin.lxsbbshome.tld[192.168.0.17] ehlo=1 starttls=0/1 commands=1/2
93 > >
94 > > sendEmail.log
95 > > [...]: DEBUG => Connecting to rosalie.lxsbbshome.tld:25
96 > > [...]: DEBUG => My IP address is: 192.168.0.17
97 > > [...]: DEBUG => evalSMTPresponse() - Checking for SMTP success or
98 > > error status in the message: 220 rosalie.lxsbbshome.tld ESMTP
99 > > Postfix [...]: DEBUG => evalSMTPresponse() - Found SMTP success
100 > > code: 220 [...]: SUCCESS => Received: 220
101 > > rosalie.lxsbbshome.tld ESMTP Postfix [...]: INFO => Sending:
102 > > EHLO robin.lxsbbshome.tld [...]: DEBUG =>
103 > > evalSMTPresponse() - Checking for SMTP success or error status in
104 > > the message: 250-rosalie.lxsbbshome.tld, 250-PIPELINING, 250-SIZE
105 > > 10240000, 250-VRFY, 250-ETRN, 250-STARTTLS, 250-AUTH PLAIN,
106 > > 250-ENHANCEDSTATUSCODES, 250-8BITMIME, 250-DSN, 250 SMTPUTF8 [...]:
107 > > DEBUG => evalSMTPresponse() - Found SMTP success code: 250 [...]:
108 > > SUCCESS => Received: 250-rosalie.lxsbbshome.tld,
109 > > 250-PIPELINING, 250-SIZE 10240000, 250-VRFY, 250-ETRN,
110 > > 250-STARTTLS, 250-AUTH PLAIN, 250-ENHANCEDSTATUSCODES,
111 > > 250-8BITMIME, 250-DSN, 250 SMTPUTF8 [...]: DEBUG => The remote SMTP
112 > > server supports TLS :) [...]: DEBUG => Starting TLS [...]: INFO =>
113 > > Sending: STARTTLS [...]: DEBUG => evalSMTPresponse() -
114 > > Checking for SMTP success or error status in the message: 220 2.0.0
115 > > Ready to start TLS [...]: DEBUG => evalSMTPresponse() - Found SMTP
116 > > success code: 220 [...]: SUCCESS => Received: 220 2.0.0
117 > > Ready to start TLS [...]: ERROR => TLS setup failed: SSL connect
118 > > attempt failed because of handshake problems error:14094410:SSL
119 > > routines:ssl3_read_bytes:sslv3 alert handshake failure
120 > >
121 > >
122 > > I've tried various settings but nothing has helped.
123 > >
124 > > then I install newer version of SSL.pm and SSLeay.pm with cpan,
125 > > and use newer version of sendEmail (1.56.5).
126 > >
127 > > Dec 19 00:50:38 rosalie postfix/smtpd[17390]: Anonymous TLS
128 > > connection established from robin.lxsbbshome.tld[192.168.0.17]:
129 > > TLSv1.2 with cipher AES128-SHA256 (128/128 bits) Dec 19 00:50:38
130 > > rosalie postfix/smtpd[17390]: E332A2858CC:
131 > > client=robin.lxsbbshome.tld[192.168.0.17] Dec 19 00:55:38 rosalie
132 > > postfix/smtpd[17390]: timeout after DATA (0 bytes) from
133 > > robin.lxsbbshome.tld[192.168.0.17] Dec 19 00:55:58 rosalie
134 > > postfix/smtpd[17390]: disconnect from
135 > > robin.lxsbbshome.tld[192.168.0.17] ehlo=2 starttls=1 mail=1 rcpt=1
136 > > data=0/1 commands=5/6
137 > >
138 > >
139 > > Dec 19 00:50:38 robin sendEmail.lucia[1237]: DEBUG => Connecting to
140 > > rosalie.lxsbbshome.tld:25 [...]
141 > > Dec 19 00:50:38 robin sendEmail.lucia[1237]: SUCCESS => Received:
142 > > 220 2.0.0 Ready to start TLS Dec 19 00:50:38 robin
143 > > sendEmail.lucia[1237]: DEBUG => TLS: Using cipher: AES128-SHA256
144 > > Dec 19 00:50:38 robin sendEmail.lucia[1237]: DEBUG => TLS session
145 > > initialized :) Dec 19 00:50:38 robin sendEmail.lucia[1237]: INFO =>
146 > > Sending: EHLO robin.lxsbbshome.tld [...] Dec 19 00:50:38
147 > > robin sendEmail.lucia[1237]: SUCCESS => Received: 250 2.1.5
148 > > Ok Dec 19 00:50:38 robin sendEmail.lucia[1237]: INFO => Sending:
149 > > DATA Dec 19 00:50:38 robin sendEmail.lucia[1237]: DEBUG =>
150 > > evalSMTPresponse() - Checking for SMTP success or error status in
151 > > the message: 354 End data with <CR><LF>.<CR><LF> Dec 19 00:50:38
152 > > robin sendEmail.lucia[1237]: DEBUG => evalSMTPresponse() - Found
153 > > SMTP success code: 354 Dec 19 00:50:38 robin sendEmail.lucia[1237]:
154 > > SUCCESS => Received: 354 End data with <CR><LF>.<CR><LF>
155 > > Dec 19 00:50:38 robin sendEmail.lucia[1237]: INFO => Sending
156 > > message body
157 > >
158 > > handshake ok.
159 > > sendEmail hangs, I kill them after 5min.
160 > > my use flags on gentoo client and server:
161 > > USE="bindist mmx sse sse2 -mysql -mysqli -mssql maildir apache2 gd
162 > > vhosts postgres python sasl ssl imap unicode"
163 > > what else can I do?
164 >
165 > It may be a postfix bug, or it may be that gentoo's openssl ciphers
166 > are more up to date and won't degrade the connection to SSLv3. Can
167 > you check what you get on the transaction with the server using
168 > openssl_client? Google for the correct commands to negotiate sending
169 > messages using telnet so that you know what to type on the console.
170 >
171
172 Thanks for the tip.
173 I test ssl smtp/imap with openssl s_client who reports error.20 unable
174 to get local issuer certificate, so I create a new self signed
175 certificate. first test with sendEmail and imapsync runs.
176 I do not understand is why the client software works under other
177 operating systems.
178
179 thx, bye, jens.

Replies

Subject Author
Re: perl ssl was:Re: [gentoo-user] dovecot imap-login Mick <michaelkintzios@×××××.com>
Report Message
Find on MARC Find on Google Groups