[gentoo-user] dovecot imap-login

[gentoo-user] dovecot imap-login

[jens wefer]

hey,..

I set up a mail server, postfix/dovecot, ssl required.
test with mail-client, all ok
when I try to copy mails with imapsync (gentoo) comes timeout,
and imapsync will login again.
with each new login, a new process imap-login is generated.

I start imapsync on centos, all ok.
I configure postfix/dovecot without ssl and start imapsync (gentoo),
all ok.

need a hint, what could be wrong.

imapsync 1.592, 1.644 (gentoo)
1.644 (centos)

ima jw

Re: [gentoo-user] dovecot imap-login

[Stroller]

> On Sat, 12 December 2015, at 3:08 a.m., jens wefer <jens.wefer@ewetel.net> wrote:
> 
> I set up a mail server, postfix/dovecot, ssl required.
> test with mail-client, all ok
> when I try to copy mails with imapsync (gentoo) comes timeout,
> and imapsync will login again.
> with each new login, a new process imap-login is generated.

Sorry if this is a dumb question, but how do you know it's timing out?

Could it just be slow, as it has to compile loads of messages in its first run?

Looks like dovecot has a 30 minute timeout. [1]

An old message on the Dovecot mailing list [2] suggests to set "verbose_proctitle = yes" in config to see why each process is open.

It also suggests using high-performance mode, rather that the default. 

Stroller.




[1] http://www.dovecot.org/list/dovecot/2010-October/053422.html
[2] http://www.dovecot.org/list/dovecot/2013-August/092226.html

Re: [gentoo-user] dovecot imap-login

[jens wefer]

Am Sat, 12 Dec 2015 17:53:04 +0000
schrieb Stroller <stroller@stellar.eclipse.co.uk>:

> 
> > On Sat, 12 December 2015, at 3:08 a.m., jens wefer
> > <jens.wefer@ewetel.net> wrote:
> > 
> > I set up a mail server, postfix/dovecot, ssl required.
> > test with mail-client, all ok
> > when I try to copy mails with imapsync (gentoo) comes timeout,
> > and imapsync will login again.
> > with each new login, a new process imap-login is generated.
> 
> Sorry if this is a dumb question, but how do you know it's timing out?
> 
> Could it just be slow, as it has to compile loads of messages in its
> first run?
> 
> Looks like dovecot has a 30 minute timeout. [1]
> 
> An old message on the Dovecot mailing list [2] suggests to set
> "verbose_proctitle = yes" in config to see why each process is open.
> 
> It also suggests using high-performance mode, rather that the
> default. 
> 
> Stroller.

timeout comes from imapsync (default timeout 120 sec).
after 10 minutes then running 5 Dovecot processes which want 100% CPU
time. mail logfile:
imap-login: Login: user = .... blablub, TLS ession, ..

perl ssl was:Re: [gentoo-user] dovecot imap-login

[jens wefer]

Am Sat, 12 Dec 2015 23:09:20 +0100
schrieb jens wefer <jens.wefer@ewetel.net>:

> Am Sat, 12 Dec 2015 17:53:04 +0000
> schrieb Stroller <stroller@stellar.eclipse.co.uk>:
> 
> > 
> > > On Sat, 12 December 2015, at 3:08 a.m., jens wefer
> > > <jens.wefer@ewetel.net> wrote:
> > > 
> > > I set up a mail server, postfix/dovecot, ssl required.
> > > test with mail-client, all ok
> > > when I try to copy mails with imapsync (gentoo) comes timeout,
> > > and imapsync will login again.
> > > with each new login, a new process imap-login is generated.
> > 
> > Sorry if this is a dumb question, but how do you know it's timing
> > out?
> > 
> > Could it just be slow, as it has to compile loads of messages in its
> > first run?
> > 
> > Looks like dovecot has a 30 minute timeout. [1]
> > 
> > An old message on the Dovecot mailing list [2] suggests to set
> > "verbose_proctitle = yes" in config to see why each process is open.
> > 
> > It also suggests using high-performance mode, rather that the
> > default. 
> > 
> > Stroller.
> 
> timeout comes from imapsync (default timeout 120 sec).
> after 10 minutes then running 5 Dovecot processes which want 100% CPU
> time. mail logfile:
> imap-login: Login: user = .... blablub, TLS ession, ..
> 

I think that's a problem with perl.
When I send an email with sendEmail comes SSLv3 Aler handshake failure.
if I use a newer sendEmail version (1.56.5) comes Segnentation fault.
when I start sendEmail on CentOS is everything ok.

Re: perl ssl was:Re: [gentoo-user] dovecot imap-login

[jens wefer]

Am Mon, 14 Dec 2015 08:50:29 +0100
schrieb jens wefer <jens.wefer@ewetel.net>:

> Am Sat, 12 Dec 2015 23:09:20 +0100
> schrieb jens wefer <jens.wefer@ewetel.net>:
> 
> > Am Sat, 12 Dec 2015 17:53:04 +0000
> > schrieb Stroller <stroller@stellar.eclipse.co.uk>:
> > 
> > > 
> > > > On Sat, 12 December 2015, at 3:08 a.m., jens wefer
> > > > <jens.wefer@ewetel.net> wrote:
> > > > 
> > > > I set up a mail server, postfix/dovecot, ssl required.
> > > > test with mail-client, all ok
> > > > when I try to copy mails with imapsync (gentoo) comes timeout,
> > > > and imapsync will login again.
> > > > with each new login, a new process imap-login is generated.
> > > 
> > > Sorry if this is a dumb question, but how do you know it's timing
> > > out?
> > > 
> > > Could it just be slow, as it has to compile loads of messages in
> > > its first run?
> > > 
> > > Looks like dovecot has a 30 minute timeout. [1]
> > > 
> > > An old message on the Dovecot mailing list [2] suggests to set
> > > "verbose_proctitle = yes" in config to see why each process is
> > > open.
> > > 
> > > It also suggests using high-performance mode, rather that the
> > > default. 
> > > 
> > > Stroller.
> > 
> > timeout comes from imapsync (default timeout 120 sec).
> > after 10 minutes then running 5 Dovecot processes which want 100%
> > CPU time. mail logfile:
> > imap-login: Login: user = .... blablub, TLS ession, ..
> > 
> 
> I think that's a problem with perl.
> When I send an email with sendEmail comes SSLv3 Aler handshake
> failure. if I use a newer sendEmail version (1.56.5) comes
> Segnentation fault. when I start sendEmail on CentOS is everything ok.
> 


I send emails with email-client and sendEmail (win/centos).
mail.log
[...]: initializing the server-side TLS engine
[...]: connect from brumw.lxsbbshome.tld[192.168.0.15]
[...]: setting up TLS connection from brumw.lxsbbshome.tld[192.168.0.15]
[...]: brumw.lxsbbshome.tld[192.168.0.15]: TLS cipher list
"aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]:
SSL_accept:before/accept initialization [...]: SSL_accept:SSLv3 read
client hello A [...]: SSL_accept:SSLv3 write server hello A
[...]: SSL_accept:SSLv3 write certificate A
[...]: SSL_accept:SSLv3 write server done A
[...]: SSL_accept:SSLv3 flush data
[...]: SSL_accept:SSLv3 read client certificate A
[...]: SSL_accept:SSLv3 read client key exchange A
[...]: SSL_accept:SSLv3 read certificate verify A
[...]: SSL_accept:SSLv3 read finished A
[...]: brumw.lxsbbshome.tld[192.168.0.15]: Issuing session ticket, key
expiration: 1450478594 [...]: SSL_accept:SSLv3 write session ticket A
[...]: SSL_accept:SSLv3 write change cipher spec A
[...]: SSL_accept:SSLv3 write finished A
[...]: SSL_accept:SSLv3 flush data
[...]: Anonymous TLS connection established from
brumw.lxsbbshome.tld[192.168.0.15]: TLSv1.2 with cipher
AES128-GCM-SHA256 (128/128 bits) [...]: AFC46282149:
client=brumw.lxsbbshome.tld[192.168.0.15]

when I send email with sendEmail from gentoo-client it comes handshake
error mail.log
[...]: initializing the server-side TLS engine
[...]: connect from robin.lxsbbshome.tld[192.168.0.17]
[...]: setting up TLS connection from robin.lxsbbshome.tld[192.168.0.17]
[...]: robin.lxsbbshome.tld[192.168.0.17]: TLS cipher list
"aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]:
SSL_accept:before/accept initialization [...]: SSL3 alert
write:fatal:handshake failure [...]: SSL_accept:error in error
[...]: SSL_accept:error in error
[...]: SSL_accept error from robin.lxsbbshome.tld[192.168.0.17]: -1
[...]: warning: TLS library problem: error:1408A10B:SSL
routines:ssl3_get_client_hello:wrong version number:s3_srvr.c:960:
[...]: lost connection after STARTTLS from
robin.lxsbbshome.tld[192.168.0.17] [...]: disconnect from
robin.lxsbbshome.tld[192.168.0.17] ehlo=1 starttls=0/1 commands=1/2

sendEmail.log
[...]: DEBUG => Connecting to rosalie.lxsbbshome.tld:25
[...]: DEBUG => My IP address is: 192.168.0.17
[...]: DEBUG => evalSMTPresponse() - Checking for SMTP success or error
status in the message: 220 rosalie.lxsbbshome.tld ESMTP Postfix [...]:
DEBUG => evalSMTPresponse() - Found SMTP success code: 220 [...]:
SUCCESS => Received: 	220 rosalie.lxsbbshome.tld ESMTP Postfix
[...]: INFO => Sending: 	EHLO robin.lxsbbshome.tld [...]: DEBUG
=> evalSMTPresponse() - Checking for SMTP success or error status in
the message: 250-rosalie.lxsbbshome.tld, 250-PIPELINING, 250-SIZE
10240000, 250-VRFY, 250-ETRN, 250-STARTTLS, 250-AUTH PLAIN,
250-ENHANCEDSTATUSCODES, 250-8BITMIME, 250-DSN, 250 SMTPUTF8 [...]:
DEBUG => evalSMTPresponse() - Found SMTP success code: 250 [...]:
SUCCESS => Received: 	250-rosalie.lxsbbshome.tld,
250-PIPELINING, 250-SIZE 10240000, 250-VRFY, 250-ETRN, 250-STARTTLS,
250-AUTH PLAIN, 250-ENHANCEDSTATUSCODES, 250-8BITMIME, 250-DSN, 250
SMTPUTF8 [...]: DEBUG => The remote SMTP server supports TLS :) [...]:
DEBUG => Starting TLS [...]: INFO => Sending: 	STARTTLS [...]:
DEBUG => evalSMTPresponse() - Checking for SMTP success or error status
in the message: 220 2.0.0 Ready to start TLS [...]: DEBUG =>
evalSMTPresponse() - Found SMTP success code: 220 [...]: SUCCESS =>
Received: 	220 2.0.0 Ready to start TLS [...]: ERROR => TLS
setup failed: SSL connect attempt failed because of handshake problems
error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake
failure


I've tried various settings but nothing has helped.

then I install newer version of SSL.pm and SSLeay.pm with cpan,
and use newer version of sendEmail (1.56.5).

Dec 19 00:50:38 rosalie postfix/smtpd[17390]: Anonymous TLS connection
established from robin.lxsbbshome.tld[192.168.0.17]: TLSv1.2 with
cipher AES128-SHA256 (128/128 bits) Dec 19 00:50:38 rosalie
postfix/smtpd[17390]: E332A2858CC:
client=robin.lxsbbshome.tld[192.168.0.17] Dec 19 00:55:38 rosalie
postfix/smtpd[17390]: timeout after DATA (0 bytes) from
robin.lxsbbshome.tld[192.168.0.17] Dec 19 00:55:58 rosalie
postfix/smtpd[17390]: disconnect from
robin.lxsbbshome.tld[192.168.0.17] ehlo=2 starttls=1 mail=1 rcpt=1
data=0/1 commands=5/6


Dec 19 00:50:38 robin sendEmail.lucia[1237]: DEBUG => Connecting to
rosalie.lxsbbshome.tld:25 [...]
Dec 19 00:50:38 robin sendEmail.lucia[1237]: SUCCESS => Received:
	220 2.0.0 Ready to start TLS Dec 19 00:50:38 robin
sendEmail.lucia[1237]: DEBUG => TLS: Using cipher: AES128-SHA256 Dec 19
00:50:38 robin sendEmail.lucia[1237]: DEBUG => TLS session
initialized :) Dec 19 00:50:38 robin sendEmail.lucia[1237]: INFO =>
Sending: 	EHLO robin.lxsbbshome.tld [...] Dec 19 00:50:38 robin
sendEmail.lucia[1237]: SUCCESS => Received: 	250 2.1.5 Ok Dec 19
00:50:38 robin sendEmail.lucia[1237]: INFO => Sending: 	DATA Dec
19 00:50:38 robin sendEmail.lucia[1237]: DEBUG => evalSMTPresponse() -
Checking for SMTP success or error status in the message: 354 End data
with <CR><LF>.<CR><LF> Dec 19 00:50:38 robin sendEmail.lucia[1237]:
DEBUG => evalSMTPresponse() - Found SMTP success code: 354 Dec 19
00:50:38 robin sendEmail.lucia[1237]: SUCCESS => Received: 	354
End data with <CR><LF>.<CR><LF> Dec 19 00:50:38 robin
sendEmail.lucia[1237]: INFO => Sending message body

handshake ok.
sendEmail hangs, I kill them after 5min.
my use flags on gentoo client and server:
USE="bindist mmx sse sse2 -mysql -mysqli -mssql maildir apache2 gd
vhosts postgres python sasl ssl imap unicode"
what else can I do?

Re: perl ssl was:Re: [gentoo-user] dovecot imap-login

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 8187 bytes --]

On Saturday 19 Dec 2015 10:31:09 jens wefer wrote:
> Am Mon, 14 Dec 2015 08:50:29 +0100
> 
> schrieb jens wefer <jens.wefer@ewetel.net>:
> > Am Sat, 12 Dec 2015 23:09:20 +0100
> > 
> > schrieb jens wefer <jens.wefer@ewetel.net>:
> > > Am Sat, 12 Dec 2015 17:53:04 +0000
> > > 
> > > schrieb Stroller <stroller@stellar.eclipse.co.uk>:
> > > > > On Sat, 12 December 2015, at 3:08 a.m., jens wefer
> > > > > <jens.wefer@ewetel.net> wrote:
> > > > > 
> > > > > I set up a mail server, postfix/dovecot, ssl required.
> > > > > test with mail-client, all ok
> > > > > when I try to copy mails with imapsync (gentoo) comes timeout,
> > > > > and imapsync will login again.
> > > > > with each new login, a new process imap-login is generated.
> > > > 
> > > > Sorry if this is a dumb question, but how do you know it's timing
> > > > out?
> > > > 
> > > > Could it just be slow, as it has to compile loads of messages in
> > > > its first run?
> > > > 
> > > > Looks like dovecot has a 30 minute timeout. [1]
> > > > 
> > > > An old message on the Dovecot mailing list [2] suggests to set
> > > > "verbose_proctitle = yes" in config to see why each process is
> > > > open.
> > > > 
> > > > It also suggests using high-performance mode, rather that the
> > > > default.
> > > > 
> > > > Stroller.
> > > 
> > > timeout comes from imapsync (default timeout 120 sec).
> > > after 10 minutes then running 5 Dovecot processes which want 100%
> > > CPU time. mail logfile:
> > > imap-login: Login: user = .... blablub, TLS ession, ..
> > 
> > I think that's a problem with perl.
> > When I send an email with sendEmail comes SSLv3 Aler handshake
> > failure. if I use a newer sendEmail version (1.56.5) comes
> > Segnentation fault. when I start sendEmail on CentOS is everything ok.
> 
> I send emails with email-client and sendEmail (win/centos).
> mail.log
> [...]: initializing the server-side TLS engine
> [...]: connect from brumw.lxsbbshome.tld[192.168.0.15]
> [...]: setting up TLS connection from brumw.lxsbbshome.tld[192.168.0.15]
> [...]: brumw.lxsbbshome.tld[192.168.0.15]: TLS cipher list
> "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]:
> SSL_accept:before/accept initialization [...]: SSL_accept:SSLv3 read
> client hello A [...]: SSL_accept:SSLv3 write server hello A
> [...]: SSL_accept:SSLv3 write certificate A
> [...]: SSL_accept:SSLv3 write server done A
> [...]: SSL_accept:SSLv3 flush data
> [...]: SSL_accept:SSLv3 read client certificate A
> [...]: SSL_accept:SSLv3 read client key exchange A
> [...]: SSL_accept:SSLv3 read certificate verify A
> [...]: SSL_accept:SSLv3 read finished A
> [...]: brumw.lxsbbshome.tld[192.168.0.15]: Issuing session ticket, key
> expiration: 1450478594 [...]: SSL_accept:SSLv3 write session ticket A
> [...]: SSL_accept:SSLv3 write change cipher spec A
> [...]: SSL_accept:SSLv3 write finished A
> [...]: SSL_accept:SSLv3 flush data
> [...]: Anonymous TLS connection established from
> brumw.lxsbbshome.tld[192.168.0.15]: TLSv1.2 with cipher
> AES128-GCM-SHA256 (128/128 bits) [...]: AFC46282149:
> client=brumw.lxsbbshome.tld[192.168.0.15]
> 
> when I send email with sendEmail from gentoo-client it comes handshake
> error mail.log
> [...]: initializing the server-side TLS engine
> [...]: connect from robin.lxsbbshome.tld[192.168.0.17]
> [...]: setting up TLS connection from robin.lxsbbshome.tld[192.168.0.17]
> [...]: robin.lxsbbshome.tld[192.168.0.17]: TLS cipher list
> "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]:
> SSL_accept:before/accept initialization [...]: SSL3 alert
> write:fatal:handshake failure [...]: SSL_accept:error in error
> [...]: SSL_accept:error in error
> [...]: SSL_accept error from robin.lxsbbshome.tld[192.168.0.17]: -1
> [...]: warning: TLS library problem: error:1408A10B:SSL
> routines:ssl3_get_client_hello:wrong version number:s3_srvr.c:960:
> [...]: lost connection after STARTTLS from
> robin.lxsbbshome.tld[192.168.0.17] [...]: disconnect from
> robin.lxsbbshome.tld[192.168.0.17] ehlo=1 starttls=0/1 commands=1/2
> 
> sendEmail.log
> [...]: DEBUG => Connecting to rosalie.lxsbbshome.tld:25
> [...]: DEBUG => My IP address is: 192.168.0.17
> [...]: DEBUG => evalSMTPresponse() - Checking for SMTP success or error
> status in the message: 220 rosalie.lxsbbshome.tld ESMTP Postfix [...]:
> DEBUG => evalSMTPresponse() - Found SMTP success code: 220 [...]:
> SUCCESS => Received: 	220 rosalie.lxsbbshome.tld ESMTP Postfix
> [...]: INFO => Sending: 	EHLO robin.lxsbbshome.tld [...]: DEBUG
> => evalSMTPresponse() - Checking for SMTP success or error status in
> the message: 250-rosalie.lxsbbshome.tld, 250-PIPELINING, 250-SIZE
> 10240000, 250-VRFY, 250-ETRN, 250-STARTTLS, 250-AUTH PLAIN,
> 250-ENHANCEDSTATUSCODES, 250-8BITMIME, 250-DSN, 250 SMTPUTF8 [...]:
> DEBUG => evalSMTPresponse() - Found SMTP success code: 250 [...]:
> SUCCESS => Received: 	250-rosalie.lxsbbshome.tld,
> 250-PIPELINING, 250-SIZE 10240000, 250-VRFY, 250-ETRN, 250-STARTTLS,
> 250-AUTH PLAIN, 250-ENHANCEDSTATUSCODES, 250-8BITMIME, 250-DSN, 250
> SMTPUTF8 [...]: DEBUG => The remote SMTP server supports TLS :) [...]:
> DEBUG => Starting TLS [...]: INFO => Sending: 	STARTTLS [...]:
> DEBUG => evalSMTPresponse() - Checking for SMTP success or error status
> in the message: 220 2.0.0 Ready to start TLS [...]: DEBUG =>
> evalSMTPresponse() - Found SMTP success code: 220 [...]: SUCCESS =>
> Received: 	220 2.0.0 Ready to start TLS [...]: ERROR => TLS
> setup failed: SSL connect attempt failed because of handshake problems
> error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake
> failure
> 
> 
> I've tried various settings but nothing has helped.
> 
> then I install newer version of SSL.pm and SSLeay.pm with cpan,
> and use newer version of sendEmail (1.56.5).
> 
> Dec 19 00:50:38 rosalie postfix/smtpd[17390]: Anonymous TLS connection
> established from robin.lxsbbshome.tld[192.168.0.17]: TLSv1.2 with
> cipher AES128-SHA256 (128/128 bits) Dec 19 00:50:38 rosalie
> postfix/smtpd[17390]: E332A2858CC:
> client=robin.lxsbbshome.tld[192.168.0.17] Dec 19 00:55:38 rosalie
> postfix/smtpd[17390]: timeout after DATA (0 bytes) from
> robin.lxsbbshome.tld[192.168.0.17] Dec 19 00:55:58 rosalie
> postfix/smtpd[17390]: disconnect from
> robin.lxsbbshome.tld[192.168.0.17] ehlo=2 starttls=1 mail=1 rcpt=1
> data=0/1 commands=5/6
> 
> 
> Dec 19 00:50:38 robin sendEmail.lucia[1237]: DEBUG => Connecting to
> rosalie.lxsbbshome.tld:25 [...]
> Dec 19 00:50:38 robin sendEmail.lucia[1237]: SUCCESS => Received:
> 	220 2.0.0 Ready to start TLS Dec 19 00:50:38 robin
> sendEmail.lucia[1237]: DEBUG => TLS: Using cipher: AES128-SHA256 Dec 19
> 00:50:38 robin sendEmail.lucia[1237]: DEBUG => TLS session
> initialized :) Dec 19 00:50:38 robin sendEmail.lucia[1237]: INFO =>
> Sending: 	EHLO robin.lxsbbshome.tld [...] Dec 19 00:50:38 robin
> sendEmail.lucia[1237]: SUCCESS => Received: 	250 2.1.5 Ok Dec 19
> 00:50:38 robin sendEmail.lucia[1237]: INFO => Sending: 	DATA Dec
> 19 00:50:38 robin sendEmail.lucia[1237]: DEBUG => evalSMTPresponse() -
> Checking for SMTP success or error status in the message: 354 End data
> with <CR><LF>.<CR><LF> Dec 19 00:50:38 robin sendEmail.lucia[1237]:
> DEBUG => evalSMTPresponse() - Found SMTP success code: 354 Dec 19
> 00:50:38 robin sendEmail.lucia[1237]: SUCCESS => Received: 	354
> End data with <CR><LF>.<CR><LF> Dec 19 00:50:38 robin
> sendEmail.lucia[1237]: INFO => Sending message body
> 
> handshake ok.
> sendEmail hangs, I kill them after 5min.
> my use flags on gentoo client and server:
> USE="bindist mmx sse sse2 -mysql -mysqli -mssql maildir apache2 gd
> vhosts postgres python sasl ssl imap unicode"
> what else can I do?

It may be a postfix bug, or it may be that gentoo's openssl ciphers are more 
up to date and won't degrade the connection to SSLv3.  Can you check what you 
get on the transaction with the server using openssl_client?  Google for the 
correct commands to negotiate sending messages using telnet so that you know 
what to type on the console.

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

Re: perl ssl was:Re: [gentoo-user] dovecot imap-login

[jens wefer]

Am Sun, 20 Dec 2015 23:18:00 +0000
schrieb Mick <michaelkintzios@gmail.com>:

> On Saturday 19 Dec 2015 10:31:09 jens wefer wrote:
> > Am Mon, 14 Dec 2015 08:50:29 +0100
> > 
> > schrieb jens wefer <jens.wefer@ewetel.net>:
> > > Am Sat, 12 Dec 2015 23:09:20 +0100
> > > 
> > > schrieb jens wefer <jens.wefer@ewetel.net>:
> > > > Am Sat, 12 Dec 2015 17:53:04 +0000
> > > > 
> > > > schrieb Stroller <stroller@stellar.eclipse.co.uk>:
> > > > > > On Sat, 12 December 2015, at 3:08 a.m., jens wefer
> > > > > > <jens.wefer@ewetel.net> wrote:
> > > > > > 
> > > > > > I set up a mail server, postfix/dovecot, ssl required.
> > > > > > test with mail-client, all ok
> > > > > > when I try to copy mails with imapsync (gentoo) comes
> > > > > > timeout, and imapsync will login again.
> > > > > > with each new login, a new process imap-login is generated.
> > > > > 
> > > > > Sorry if this is a dumb question, but how do you know it's
> > > > > timing out?
> > > > > 
> > > > > Could it just be slow, as it has to compile loads of messages
> > > > > in its first run?
> > > > > 
> > > > > Looks like dovecot has a 30 minute timeout. [1]
> > > > > 
> > > > > An old message on the Dovecot mailing list [2] suggests to set
> > > > > "verbose_proctitle = yes" in config to see why each process is
> > > > > open.
> > > > > 
> > > > > It also suggests using high-performance mode, rather that the
> > > > > default.
> > > > > 
> > > > > Stroller.
> > > > 
> > > > timeout comes from imapsync (default timeout 120 sec).
> > > > after 10 minutes then running 5 Dovecot processes which want
> > > > 100% CPU time. mail logfile:
> > > > imap-login: Login: user = .... blablub, TLS ession, ..
> > > 
> > > I think that's a problem with perl.
> > > When I send an email with sendEmail comes SSLv3 Aler handshake
> > > failure. if I use a newer sendEmail version (1.56.5) comes
> > > Segnentation fault. when I start sendEmail on CentOS is
> > > everything ok.
> > 
> > I send emails with email-client and sendEmail (win/centos).
> > mail.log
> > [...]: initializing the server-side TLS engine
> > [...]: connect from brumw.lxsbbshome.tld[192.168.0.15]
> > [...]: setting up TLS connection from
> > brumw.lxsbbshome.tld[192.168.0.15] [...]:
> > brumw.lxsbbshome.tld[192.168.0.15]: TLS cipher list
> > "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]:
> > SSL_accept:before/accept initialization [...]: SSL_accept:SSLv3
> > read client hello A [...]: SSL_accept:SSLv3 write server hello A
> > [...]: SSL_accept:SSLv3 write certificate A [...]: SSL_accept:SSLv3
> > write server done A [...]: SSL_accept:SSLv3 flush data
> > [...]: SSL_accept:SSLv3 read client certificate A
> > [...]: SSL_accept:SSLv3 read client key exchange A
> > [...]: SSL_accept:SSLv3 read certificate verify A
> > [...]: SSL_accept:SSLv3 read finished A
> > [...]: brumw.lxsbbshome.tld[192.168.0.15]: Issuing session ticket,
> > key expiration: 1450478594 [...]: SSL_accept:SSLv3 write session
> > ticket A [...]: SSL_accept:SSLv3 write change cipher spec A
> > [...]: SSL_accept:SSLv3 write finished A
> > [...]: SSL_accept:SSLv3 flush data
> > [...]: Anonymous TLS connection established from
> > brumw.lxsbbshome.tld[192.168.0.15]: TLSv1.2 with cipher
> > AES128-GCM-SHA256 (128/128 bits) [...]: AFC46282149:
> > client=brumw.lxsbbshome.tld[192.168.0.15]
> > 
> > when I send email with sendEmail from gentoo-client it comes
> > handshake error mail.log
> > [...]: initializing the server-side TLS engine
> > [...]: connect from robin.lxsbbshome.tld[192.168.0.17]
> > [...]: setting up TLS connection from
> > robin.lxsbbshome.tld[192.168.0.17] [...]:
> > robin.lxsbbshome.tld[192.168.0.17]: TLS cipher list
> > "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" [...]:
> > SSL_accept:before/accept initialization [...]: SSL3 alert
> > write:fatal:handshake failure [...]: SSL_accept:error in error
> > [...]: SSL_accept:error in error [...]: SSL_accept error from
> > robin.lxsbbshome.tld[192.168.0.17]: -1 [...]: warning: TLS library
> > problem: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong
> > version number:s3_srvr.c:960: [...]: lost connection after STARTTLS
> > from robin.lxsbbshome.tld[192.168.0.17] [...]: disconnect from
> > robin.lxsbbshome.tld[192.168.0.17] ehlo=1 starttls=0/1 commands=1/2
> > 
> > sendEmail.log
> > [...]: DEBUG => Connecting to rosalie.lxsbbshome.tld:25
> > [...]: DEBUG => My IP address is: 192.168.0.17
> > [...]: DEBUG => evalSMTPresponse() - Checking for SMTP success or
> > error status in the message: 220 rosalie.lxsbbshome.tld ESMTP
> > Postfix [...]: DEBUG => evalSMTPresponse() - Found SMTP success
> > code: 220 [...]: SUCCESS => Received: 	220
> > rosalie.lxsbbshome.tld ESMTP Postfix [...]: INFO => Sending:
> > 	EHLO robin.lxsbbshome.tld [...]: DEBUG =>
> > evalSMTPresponse() - Checking for SMTP success or error status in
> > the message: 250-rosalie.lxsbbshome.tld, 250-PIPELINING, 250-SIZE
> > 10240000, 250-VRFY, 250-ETRN, 250-STARTTLS, 250-AUTH PLAIN,
> > 250-ENHANCEDSTATUSCODES, 250-8BITMIME, 250-DSN, 250 SMTPUTF8 [...]:
> > DEBUG => evalSMTPresponse() - Found SMTP success code: 250 [...]:
> > SUCCESS => Received: 	250-rosalie.lxsbbshome.tld,
> > 250-PIPELINING, 250-SIZE 10240000, 250-VRFY, 250-ETRN,
> > 250-STARTTLS, 250-AUTH PLAIN, 250-ENHANCEDSTATUSCODES,
> > 250-8BITMIME, 250-DSN, 250 SMTPUTF8 [...]: DEBUG => The remote SMTP
> > server supports TLS :) [...]: DEBUG => Starting TLS [...]: INFO =>
> > Sending: 	STARTTLS [...]: DEBUG => evalSMTPresponse() -
> > Checking for SMTP success or error status in the message: 220 2.0.0
> > Ready to start TLS [...]: DEBUG => evalSMTPresponse() - Found SMTP
> > success code: 220 [...]: SUCCESS => Received: 	220 2.0.0
> > Ready to start TLS [...]: ERROR => TLS setup failed: SSL connect
> > attempt failed because of handshake problems error:14094410:SSL
> > routines:ssl3_read_bytes:sslv3 alert handshake failure
> > 
> > 
> > I've tried various settings but nothing has helped.
> > 
> > then I install newer version of SSL.pm and SSLeay.pm with cpan,
> > and use newer version of sendEmail (1.56.5).
> > 
> > Dec 19 00:50:38 rosalie postfix/smtpd[17390]: Anonymous TLS
> > connection established from robin.lxsbbshome.tld[192.168.0.17]:
> > TLSv1.2 with cipher AES128-SHA256 (128/128 bits) Dec 19 00:50:38
> > rosalie postfix/smtpd[17390]: E332A2858CC:
> > client=robin.lxsbbshome.tld[192.168.0.17] Dec 19 00:55:38 rosalie
> > postfix/smtpd[17390]: timeout after DATA (0 bytes) from
> > robin.lxsbbshome.tld[192.168.0.17] Dec 19 00:55:58 rosalie
> > postfix/smtpd[17390]: disconnect from
> > robin.lxsbbshome.tld[192.168.0.17] ehlo=2 starttls=1 mail=1 rcpt=1
> > data=0/1 commands=5/6
> > 
> > 
> > Dec 19 00:50:38 robin sendEmail.lucia[1237]: DEBUG => Connecting to
> > rosalie.lxsbbshome.tld:25 [...]
> > Dec 19 00:50:38 robin sendEmail.lucia[1237]: SUCCESS => Received:
> > 	220 2.0.0 Ready to start TLS Dec 19 00:50:38 robin
> > sendEmail.lucia[1237]: DEBUG => TLS: Using cipher: AES128-SHA256
> > Dec 19 00:50:38 robin sendEmail.lucia[1237]: DEBUG => TLS session
> > initialized :) Dec 19 00:50:38 robin sendEmail.lucia[1237]: INFO =>
> > Sending: 	EHLO robin.lxsbbshome.tld [...] Dec 19 00:50:38
> > robin sendEmail.lucia[1237]: SUCCESS => Received: 	250 2.1.5
> > Ok Dec 19 00:50:38 robin sendEmail.lucia[1237]: INFO => Sending:
> > 	DATA Dec 19 00:50:38 robin sendEmail.lucia[1237]: DEBUG =>
> > evalSMTPresponse() - Checking for SMTP success or error status in
> > the message: 354 End data with <CR><LF>.<CR><LF> Dec 19 00:50:38
> > robin sendEmail.lucia[1237]: DEBUG => evalSMTPresponse() - Found
> > SMTP success code: 354 Dec 19 00:50:38 robin sendEmail.lucia[1237]:
> > SUCCESS => Received: 	354 End data with <CR><LF>.<CR><LF>
> > Dec 19 00:50:38 robin sendEmail.lucia[1237]: INFO => Sending
> > message body
> > 
> > handshake ok.
> > sendEmail hangs, I kill them after 5min.
> > my use flags on gentoo client and server:
> > USE="bindist mmx sse sse2 -mysql -mysqli -mssql maildir apache2 gd
> > vhosts postgres python sasl ssl imap unicode"
> > what else can I do?
> 
> It may be a postfix bug, or it may be that gentoo's openssl ciphers
> are more up to date and won't degrade the connection to SSLv3.  Can
> you check what you get on the transaction with the server using
> openssl_client?  Google for the correct commands to negotiate sending
> messages using telnet so that you know what to type on the console.
> 

Thanks for the tip.
I test ssl smtp/imap with openssl s_client who reports error.20 unable
to get local issuer certificate, so I create a new self signed
certificate. first test with sendEmail and imapsync runs.
I do not understand is why the client software works under other
operating systems.

thx, bye, jens.

Re: perl ssl was:Re: [gentoo-user] dovecot imap-login

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 971 bytes --]

On Tuesday 22 Dec 2015 15:48:22 jens wefer wrote:
> Am Sun, 20 Dec 2015 23:18:00 +0000
> 
> schrieb Mick <michaelkintzios@gmail.com>:

> > It may be a postfix bug, or it may be that gentoo's openssl ciphers
> > are more up to date and won't degrade the connection to SSLv3.  Can
> > you check what you get on the transaction with the server using
> > openssl_client?  Google for the correct commands to negotiate sending
> > messages using telnet so that you know what to type on the console.
> 
> Thanks for the tip.
> I test ssl smtp/imap with openssl s_client who reports error.20 unable
> to get local issuer certificate, so I create a new self signed
> certificate. first test with sendEmail and imapsync runs.
> I do not understand is why the client software works under other
> operating systems.
> 
> thx, bye, jens.

This could be because other distros OpenSSL configuration is not as strict/up 
to date as gentoo's.

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]