Summary: | Qmail: use of recordio breaks SSL connection attempts | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Martin Diers <martin> |
Component: | [OLD] Server | Assignee: | Net-Mail Packages <net-mail+disabled> |
Status: | VERIFIED TEST-REQUEST | ||
Severity: | normal | CC: | kallamej, steven |
Priority: | High | ||
Version: | 1.4 | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 29485 | ||
Attachments: |
Capture of SMTP traffic during a failed session
Capture of SMTP traffic during failed TLS/Recordio session Server-side capture of failed session Maybe this patch I found somewhere in the net fix the problema Fix for starttls and recordio breakage. |
Description
Martin Diers
2004-02-05 13:03:04 UTC
Using qmail-1.03-r15. I was attempting to use a combination of recordio and multilog filter commands, to implement error response logging. I was successful in doing so. However, I discovered that any attempted SSL connection dropped. Evidently recordio terminated as the SSL connection began. The resulting log file showed the server's response :220 ready for tls, followed by a string of 8-bit characters from the client. Then nothing, except for the final [EOF] line. I suspect that recordio is dying when it starts to receive the 8-bit data, thus killing qmail-smtpd along with it. could you please trace what output exactly causes recordio to terminate? i suggest using ethereal or some packet capture tool. Created attachment 25089 [details]
Capture of SMTP traffic during a failed session
This capture was done on the client side, using ethereal with the following
filter string: "tcp port 25".
Created attachment 25090 [details]
Capture of SMTP traffic during failed TLS/Recordio session
Same as above, this time as a binary attachment.
Created attachment 25091 [details]
Server-side capture of failed session
Here is another failed session, as captured from the server side, using
tethereal.
The following causes an error regarding TLS (note presence of recordio): # Configuration file for qmail-smtpd # $Header: /home/cvsroot/gentoo-x86/net-mail/qmail/files/1.03-r13/conf-smtpd,v 1.2 2003/11/30 03:00:20 robbat2 Exp $ # Stuff to run before tcpserver #QMAIL_TCPSERVER_PRE="" # Stuff to run before qmail-smtpd QMAIL_SMTP_PRE="recordio" # Stuff to after qmail-smtpd #QMAIL_SMTP_POST="" # this turns off the IDENT grab attempt on connecting TCPSERVER_OPTS="${TCPSERVER_OPTS} -R" # You might want to use rblsmtpd with this, but you need to fill in a RBL server here first # see http://cr.yp.to/ucspi-tcp/rblsmtpd.html for more details #QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} rblsmtpd -r RBL-SERVER" QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} rblsmtpd -r dsn.rfc-ignorant.org -r sbl.spamhaus.org -r list.dsbl.org -r bl.spamcop.net" Error from remote server attempting to deliver to gentoo qmail box: 2004-02-10 12:56:46.860111500 new msg 889176 2004-02-10 12:56:46.861980500 info msg 889176: bytes 302 from <root@mx1.uuplus.com> qp 8941 uid 0 2004-02-10 12:56:46.869226500 starting delivery 48788: msg 889176 to remote steven@trustworthy.net 2004-02-10 12:56:46.871254500 status: local 0/10 remote 1/20 2004-02-10 12:56:49.976509500 delivery 48788: deferral: TLS_not_available:_connect_failed:_error:00000000:lib(0):func(0):reason(0)/ 2004-02-10 12:56:49.977614500 status: local 0/10 remote 0/20 [root@mx1 root]# This condition goes away when 'recordio' is removed from the variable in conf-smtpd steven: could you post a tcpdump on the remote side (trustworthy.net) ? also the smtpd logs around that timeframe. Created attachment 33801 [details, diff]
Maybe this patch I found somewhere in the net fix the problema
I found a fix for this problem by Richard Lyons in a mailing list archive. Analysis as follows.
> > It looks as though the patched qmail-smtpd is trying to write to the input
> > descriptor. Correct me if I'm wrong, but isn't qmail-smtpd supposed to
> > read fd 0, and write on fd 1?
>In the TLS patch there will be a line like
> SSL_set_fd(ssl,0);
>which connects the SSL engine to fd 0. This is not normally a
>problem because fd 0 inherited from tcpserver is both writeable
>and readable. However, recordio creates a new set of fds when it
>runs the child and fd 0 is read-only. The quick fix is to remove
>recordio from your run file, for a more permanent solution replace
>the above line with
> SSL_set_rfd(ssl,0);
> SSL_set_wfd(ssl,1);
Created attachment 42047 [details, diff]
Fix for starttls and recordio breakage.
Fixed in qmail-1.03-r16. Could you test it, please? Patch applies and works OK. Thanks for testing, closing this bug. |