Re: perl ssl was:Re: [gentoo-user] dovecot imap-login - gentoo-user

From:	jens wefer <jens.wefer@××××××.net>
To:	gentoo-user@l.g.o
Subject:	Re: perl ssl was:Re: [gentoo-user] dovecot imap-login
Date:	Sat, 19 Dec 2015 10:31:27
Message-Id:	`20151219113109.00000c61@ewetel.net`
In Reply to:	perl ssl was:Re: [gentoo-user] dovecot imap-login by jens wefer

1

Am Mon, 14 Dec 2015 08:50:29 +0100

2

schrieb jens wefer <jens.wefer@××××××.net>:

3

4

> Am Sat, 12 Dec 2015 23:09:20 +0100

5

> schrieb jens wefer <jens.wefer@××××××.net>:

6

>

7

> > Am Sat, 12 Dec 2015 17:53:04 +0000

8

> > schrieb Stroller <stroller@××××××××××××××××××.uk>:

9

> >

10

> > >

11

> > > > On Sat, 12 December 2015, at 3:08 a.m., jens wefer

12

> > > > <jens.wefer@××××××.net> wrote:

13

> > > >

14

> > > > I set up a mail server, postfix/dovecot, ssl required.

15

> > > > test with mail-client, all ok

16

> > > > when I try to copy mails with imapsync (gentoo) comes timeout,

17

> > > > and imapsync will login again.

18

> > > > with each new login, a new process imap-login is generated.

19

> > >

20

> > > Sorry if this is a dumb question, but how do you know it's timing

21

> > > out?

22

> > >

23

> > > Could it just be slow, as it has to compile loads of messages in

24

> > > its first run?

25

> > >

26

> > > Looks like dovecot has a 30 minute timeout. [1]

27

> > >

28

> > > An old message on the Dovecot mailing list [2] suggests to set

29

> > > "verbose_proctitle = yes" in config to see why each process is

30

> > > open.

31

> > >

32

> > > It also suggests using high-performance mode, rather that the

33

> > > default.

34

> > >

35

> > > Stroller.

36

> >

37

> > timeout comes from imapsync (default timeout 120 sec).

38

> > after 10 minutes then running 5 Dovecot processes which want 100%

39

> > CPU time. mail logfile:

40

> > imap-login: Login: user = .... blablub, TLS ession, ..

41

> >

42

>

43

> I think that's a problem with perl.

44

> When I send an email with sendEmail comes SSLv3 Aler handshake

45

> failure. if I use a newer sendEmail version (1.56.5) comes

46

> Segnentation fault. when I start sendEmail on CentOS is everything ok.

47

>

48

49

50

I send emails with email-client and sendEmail (win/centos).

51

mail.log

52

[...]: initializing the server-side TLS engine

53

[...]: connect from brumw.lxsbbshome.tld[192.168.0.15]

54

[...]: setting up TLS connection from brumw.lxsbbshome.tld[192.168.0.15]

55

[...]: brumw.lxsbbshome.tld[192.168.0.15]: TLS cipher list

56

"aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]:

57

SSL_accept:before/accept initialization [...]: SSL_accept:SSLv3 read

58

client hello A [...]: SSL_accept:SSLv3 write server hello A

59

[...]: SSL_accept:SSLv3 write certificate A

60

[...]: SSL_accept:SSLv3 write server done A

61

[...]: SSL_accept:SSLv3 flush data

62

[...]: SSL_accept:SSLv3 read client certificate A

63

[...]: SSL_accept:SSLv3 read client key exchange A

64

[...]: SSL_accept:SSLv3 read certificate verify A

65

[...]: SSL_accept:SSLv3 read finished A

66

[...]: brumw.lxsbbshome.tld[192.168.0.15]: Issuing session ticket, key

67

expiration: 1450478594 [...]: SSL_accept:SSLv3 write session ticket A

68

[...]: SSL_accept:SSLv3 write change cipher spec A

69

[...]: SSL_accept:SSLv3 write finished A

70

[...]: SSL_accept:SSLv3 flush data

71

[...]: Anonymous TLS connection established from

72

brumw.lxsbbshome.tld[192.168.0.15]: TLSv1.2 with cipher

73

AES128-GCM-SHA256 (128/128 bits) [...]: AFC46282149:

74

client=brumw.lxsbbshome.tld[192.168.0.15]

75

76

when I send email with sendEmail from gentoo-client it comes handshake

77

error mail.log

78

[...]: initializing the server-side TLS engine

79

[...]: connect from robin.lxsbbshome.tld[192.168.0.17]

80

[...]: setting up TLS connection from robin.lxsbbshome.tld[192.168.0.17]

81

[...]: robin.lxsbbshome.tld[192.168.0.17]: TLS cipher list

82

"aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]:

83

SSL_accept:before/accept initialization [...]: SSL3 alert

84

write:fatal:handshake failure [...]: SSL_accept:error in error

85

[...]: SSL_accept:error in error

86

[...]: SSL_accept error from robin.lxsbbshome.tld[192.168.0.17]: -1

87

[...]: warning: TLS library problem: error:1408A10B:SSL

88

routines:ssl3_get_client_hello:wrong version number:s3_srvr.c:960:

89

[...]: lost connection after STARTTLS from

90

robin.lxsbbshome.tld[192.168.0.17] [...]: disconnect from

91

robin.lxsbbshome.tld[192.168.0.17] ehlo=1 starttls=0/1 commands=1/2

92

93

sendEmail.log

94

[...]: DEBUG => Connecting to rosalie.lxsbbshome.tld:25

95

[...]: DEBUG => My IP address is: 192.168.0.17

96

[...]: DEBUG => evalSMTPresponse() - Checking for SMTP success or error

97

status in the message: 220 rosalie.lxsbbshome.tld ESMTP Postfix [...]:

98

DEBUG => evalSMTPresponse() - Found SMTP success code: 220 [...]:

99

SUCCESS => Received: 	220 rosalie.lxsbbshome.tld ESMTP Postfix

100

[...]: INFO => Sending: 	EHLO robin.lxsbbshome.tld [...]: DEBUG

101

=> evalSMTPresponse() - Checking for SMTP success or error status in

102

the message: 250-rosalie.lxsbbshome.tld, 250-PIPELINING, 250-SIZE

103

10240000, 250-VRFY, 250-ETRN, 250-STARTTLS, 250-AUTH PLAIN,

104

250-ENHANCEDSTATUSCODES, 250-8BITMIME, 250-DSN, 250 SMTPUTF8 [...]:

105

DEBUG => evalSMTPresponse() - Found SMTP success code: 250 [...]:

106

SUCCESS => Received: 	250-rosalie.lxsbbshome.tld,

107

250-PIPELINING, 250-SIZE 10240000, 250-VRFY, 250-ETRN, 250-STARTTLS,

108

250-AUTH PLAIN, 250-ENHANCEDSTATUSCODES, 250-8BITMIME, 250-DSN, 250

109

SMTPUTF8 [...]: DEBUG => The remote SMTP server supports TLS :) [...]:

110

DEBUG => Starting TLS [...]: INFO => Sending: 	STARTTLS [...]:

111

DEBUG => evalSMTPresponse() - Checking for SMTP success or error status

112

in the message: 220 2.0.0 Ready to start TLS [...]: DEBUG =>

113

evalSMTPresponse() - Found SMTP success code: 220 [...]: SUCCESS =>

114

Received: 	220 2.0.0 Ready to start TLS [...]: ERROR => TLS

115

setup failed: SSL connect attempt failed because of handshake problems

116

error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake

117

failure

118

119

120

I've tried various settings but nothing has helped.

121

122

then I install newer version of SSL.pm and SSLeay.pm with cpan,

123

and use newer version of sendEmail (1.56.5).

124

125

Dec 19 00:50:38 rosalie postfix/smtpd[17390]: Anonymous TLS connection

126

established from robin.lxsbbshome.tld[192.168.0.17]: TLSv1.2 with

127

cipher AES128-SHA256 (128/128 bits) Dec 19 00:50:38 rosalie

128

postfix/smtpd[17390]: E332A2858CC:

129

client=robin.lxsbbshome.tld[192.168.0.17] Dec 19 00:55:38 rosalie

130

postfix/smtpd[17390]: timeout after DATA (0 bytes) from

131

robin.lxsbbshome.tld[192.168.0.17] Dec 19 00:55:58 rosalie

132

postfix/smtpd[17390]: disconnect from

133

robin.lxsbbshome.tld[192.168.0.17] ehlo=2 starttls=1 mail=1 rcpt=1

134

data=0/1 commands=5/6

135

136

137

Dec 19 00:50:38 robin sendEmail.lucia[1237]: DEBUG => Connecting to

138

rosalie.lxsbbshome.tld:25 [...]

139

Dec 19 00:50:38 robin sendEmail.lucia[1237]: SUCCESS => Received:

140

	220 2.0.0 Ready to start TLS Dec 19 00:50:38 robin

141

sendEmail.lucia[1237]: DEBUG => TLS: Using cipher: AES128-SHA256 Dec 19

142

00:50:38 robin sendEmail.lucia[1237]: DEBUG => TLS session

143

initialized :) Dec 19 00:50:38 robin sendEmail.lucia[1237]: INFO =>

144

Sending: 	EHLO robin.lxsbbshome.tld [...] Dec 19 00:50:38 robin

145

sendEmail.lucia[1237]: SUCCESS => Received: 	250 2.1.5 Ok Dec 19

146

00:50:38 robin sendEmail.lucia[1237]: INFO => Sending: 	DATA Dec

147

19 00:50:38 robin sendEmail.lucia[1237]: DEBUG => evalSMTPresponse() -

148

Checking for SMTP success or error status in the message: 354 End data

149

with <CR><LF>.<CR><LF> Dec 19 00:50:38 robin sendEmail.lucia[1237]:

150

DEBUG => evalSMTPresponse() - Found SMTP success code: 354 Dec 19

151

00:50:38 robin sendEmail.lucia[1237]: SUCCESS => Received: 	354

152

End data with <CR><LF>.<CR><LF> Dec 19 00:50:38 robin

153

sendEmail.lucia[1237]: INFO => Sending message body

154

155

handshake ok.

156

sendEmail hangs, I kill them after 5min.

157

my use flags on gentoo client and server:

158

USE="bindist mmx sse sse2 -mysql -mysqli -mssql maildir apache2 gd

159

vhosts postgres python sasl ssl imap unicode"

160

what else can I do?

Gentoo Archives: gentoo-user

Replies

1	Am Mon, 14 Dec 2015 08:50:29 +0100
2	schrieb jens wefer <jens.wefer@××××××.net>:
3
4	> Am Sat, 12 Dec 2015 23:09:20 +0100
5	> schrieb jens wefer <jens.wefer@××××××.net>:
6	>
7	> > Am Sat, 12 Dec 2015 17:53:04 +0000
8	> > schrieb Stroller <stroller@××××××××××××××××××.uk>:
9	> >
10	> > >
11	> > > > On Sat, 12 December 2015, at 3:08 a.m., jens wefer
12	> > > > <jens.wefer@××××××.net> wrote:
13	> > > >
14	> > > > I set up a mail server, postfix/dovecot, ssl required.
15	> > > > test with mail-client, all ok
16	> > > > when I try to copy mails with imapsync (gentoo) comes timeout,
17	> > > > and imapsync will login again.
18	> > > > with each new login, a new process imap-login is generated.
19	> > >
20	> > > Sorry if this is a dumb question, but how do you know it's timing
21	> > > out?
22	> > >
23	> > > Could it just be slow, as it has to compile loads of messages in
24	> > > its first run?
25	> > >
26	> > > Looks like dovecot has a 30 minute timeout. [1]
27	> > >
28	> > > An old message on the Dovecot mailing list [2] suggests to set
29	> > > "verbose_proctitle = yes" in config to see why each process is
30	> > > open.
31	> > >
32	> > > It also suggests using high-performance mode, rather that the
33	> > > default.
34	> > >
35	> > > Stroller.
36	> >
37	> > timeout comes from imapsync (default timeout 120 sec).
38	> > after 10 minutes then running 5 Dovecot processes which want 100%
39	> > CPU time. mail logfile:
40	> > imap-login: Login: user = .... blablub, TLS ession, ..
41	> >
42	>
43	> I think that's a problem with perl.
44	> When I send an email with sendEmail comes SSLv3 Aler handshake
45	> failure. if I use a newer sendEmail version (1.56.5) comes
46	> Segnentation fault. when I start sendEmail on CentOS is everything ok.
47	>
48
49
50	I send emails with email-client and sendEmail (win/centos).
51	mail.log
52	[...]: initializing the server-side TLS engine
53	[...]: connect from brumw.lxsbbshome.tld[192.168.0.15]
54	[...]: setting up TLS connection from brumw.lxsbbshome.tld[192.168.0.15]
55	[...]: brumw.lxsbbshome.tld[192.168.0.15]: TLS cipher list
56	"aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]:
57	SSL_accept:before/accept initialization [...]: SSL_accept:SSLv3 read
58	client hello A [...]: SSL_accept:SSLv3 write server hello A
59	[...]: SSL_accept:SSLv3 write certificate A
60	[...]: SSL_accept:SSLv3 write server done A
61	[...]: SSL_accept:SSLv3 flush data
62	[...]: SSL_accept:SSLv3 read client certificate A
63	[...]: SSL_accept:SSLv3 read client key exchange A
64	[...]: SSL_accept:SSLv3 read certificate verify A
65	[...]: SSL_accept:SSLv3 read finished A
66	[...]: brumw.lxsbbshome.tld[192.168.0.15]: Issuing session ticket, key
67	expiration: 1450478594 [...]: SSL_accept:SSLv3 write session ticket A
68	[...]: SSL_accept:SSLv3 write change cipher spec A
69	[...]: SSL_accept:SSLv3 write finished A
70	[...]: SSL_accept:SSLv3 flush data
71	[...]: Anonymous TLS connection established from
72	brumw.lxsbbshome.tld[192.168.0.15]: TLSv1.2 with cipher
73	AES128-GCM-SHA256 (128/128 bits) [...]: AFC46282149:
74	client=brumw.lxsbbshome.tld[192.168.0.15]
75
76	when I send email with sendEmail from gentoo-client it comes handshake
77	error mail.log
78	[...]: initializing the server-side TLS engine
79	[...]: connect from robin.lxsbbshome.tld[192.168.0.17]
80	[...]: setting up TLS connection from robin.lxsbbshome.tld[192.168.0.17]
81	[...]: robin.lxsbbshome.tld[192.168.0.17]: TLS cipher list
82	"aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]:
83	SSL_accept:before/accept initialization [...]: SSL3 alert
84	write:fatal:handshake failure [...]: SSL_accept:error in error
85	[...]: SSL_accept:error in error
86	[...]: SSL_accept error from robin.lxsbbshome.tld[192.168.0.17]: -1
87	[...]: warning: TLS library problem: error:1408A10B:SSL
88	routines:ssl3_get_client_hello:wrong version number:s3_srvr.c:960:
89	[...]: lost connection after STARTTLS from
90	robin.lxsbbshome.tld[192.168.0.17] [...]: disconnect from
91	robin.lxsbbshome.tld[192.168.0.17] ehlo=1 starttls=0/1 commands=1/2
92
93	sendEmail.log
94	[...]: DEBUG => Connecting to rosalie.lxsbbshome.tld:25
95	[...]: DEBUG => My IP address is: 192.168.0.17
96	[...]: DEBUG => evalSMTPresponse() - Checking for SMTP success or error
97	status in the message: 220 rosalie.lxsbbshome.tld ESMTP Postfix [...]:
98	DEBUG => evalSMTPresponse() - Found SMTP success code: 220 [...]:
99	SUCCESS => Received: 220 rosalie.lxsbbshome.tld ESMTP Postfix
100	[...]: INFO => Sending: EHLO robin.lxsbbshome.tld [...]: DEBUG
101	=> evalSMTPresponse() - Checking for SMTP success or error status in
102	the message: 250-rosalie.lxsbbshome.tld, 250-PIPELINING, 250-SIZE
103	10240000, 250-VRFY, 250-ETRN, 250-STARTTLS, 250-AUTH PLAIN,
104	250-ENHANCEDSTATUSCODES, 250-8BITMIME, 250-DSN, 250 SMTPUTF8 [...]:
105	DEBUG => evalSMTPresponse() - Found SMTP success code: 250 [...]:
106	SUCCESS => Received: 250-rosalie.lxsbbshome.tld,
107	250-PIPELINING, 250-SIZE 10240000, 250-VRFY, 250-ETRN, 250-STARTTLS,
108	250-AUTH PLAIN, 250-ENHANCEDSTATUSCODES, 250-8BITMIME, 250-DSN, 250
109	SMTPUTF8 [...]: DEBUG => The remote SMTP server supports TLS :) [...]:
110	DEBUG => Starting TLS [...]: INFO => Sending: STARTTLS [...]:
111	DEBUG => evalSMTPresponse() - Checking for SMTP success or error status
112	in the message: 220 2.0.0 Ready to start TLS [...]: DEBUG =>
113	evalSMTPresponse() - Found SMTP success code: 220 [...]: SUCCESS =>
114	Received: 220 2.0.0 Ready to start TLS [...]: ERROR => TLS
115	setup failed: SSL connect attempt failed because of handshake problems
116	error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake
117	failure
118
119
120	I've tried various settings but nothing has helped.
121
122	then I install newer version of SSL.pm and SSLeay.pm with cpan,
123	and use newer version of sendEmail (1.56.5).
124
125	Dec 19 00:50:38 rosalie postfix/smtpd[17390]: Anonymous TLS connection
126	established from robin.lxsbbshome.tld[192.168.0.17]: TLSv1.2 with
127	cipher AES128-SHA256 (128/128 bits) Dec 19 00:50:38 rosalie
128	postfix/smtpd[17390]: E332A2858CC:
129	client=robin.lxsbbshome.tld[192.168.0.17] Dec 19 00:55:38 rosalie
130	postfix/smtpd[17390]: timeout after DATA (0 bytes) from
131	robin.lxsbbshome.tld[192.168.0.17] Dec 19 00:55:58 rosalie
132	postfix/smtpd[17390]: disconnect from
133	robin.lxsbbshome.tld[192.168.0.17] ehlo=2 starttls=1 mail=1 rcpt=1
134	data=0/1 commands=5/6
135
136
137	Dec 19 00:50:38 robin sendEmail.lucia[1237]: DEBUG => Connecting to
138	rosalie.lxsbbshome.tld:25 [...]
139	Dec 19 00:50:38 robin sendEmail.lucia[1237]: SUCCESS => Received:
140	220 2.0.0 Ready to start TLS Dec 19 00:50:38 robin
141	sendEmail.lucia[1237]: DEBUG => TLS: Using cipher: AES128-SHA256 Dec 19
142	00:50:38 robin sendEmail.lucia[1237]: DEBUG => TLS session
143	initialized :) Dec 19 00:50:38 robin sendEmail.lucia[1237]: INFO =>
144	Sending: EHLO robin.lxsbbshome.tld [...] Dec 19 00:50:38 robin
145	sendEmail.lucia[1237]: SUCCESS => Received: 250 2.1.5 Ok Dec 19
146	00:50:38 robin sendEmail.lucia[1237]: INFO => Sending: DATA Dec
147	19 00:50:38 robin sendEmail.lucia[1237]: DEBUG => evalSMTPresponse() -
148	Checking for SMTP success or error status in the message: 354 End data
149	with <CR><LF>.<CR><LF> Dec 19 00:50:38 robin sendEmail.lucia[1237]:
150	DEBUG => evalSMTPresponse() - Found SMTP success code: 354 Dec 19
151	00:50:38 robin sendEmail.lucia[1237]: SUCCESS => Received: 354
152	End data with <CR><LF>.<CR><LF> Dec 19 00:50:38 robin
153	sendEmail.lucia[1237]: INFO => Sending message body
154
155	handshake ok.
156	sendEmail hangs, I kill them after 5min.
157	my use flags on gentoo client and server:
158	USE="bindist mmx sse sse2 -mysql -mysqli -mssql maildir apache2 gd
159	vhosts postgres python sasl ssl imap unicode"
160	what else can I do?