Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 40521 - Qmail: use of recordio breaks SSL connection attempts
Summary: Qmail: use of recordio breaks SSL connection attempts
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Net-Mail Packages
Depends on:
Blocks: 29485
  Show dependency tree
Reported: 2004-02-05 13:03 UTC by Martin Diers
Modified: 2005-01-04 09:55 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Capture of SMTP traffic during a failed session (smtp.cap,1.65 KB, text/plain)
2004-02-06 10:36 UTC, Martin Diers
Capture of SMTP traffic during failed TLS/Recordio session (smtp.cap,1.65 KB, application/octet-stream)
2004-02-06 10:38 UTC, Martin Diers
Server-side capture of failed session (smtp-srv.cap,1.53 KB, application/octet-stream)
2004-02-06 10:53 UTC, Martin Diers
Maybe this patch I found somewhere in the net fix the problema (fixcrio-tls.patch,2.59 KB, patch)
2004-06-21 20:41 UTC, Abner Graham Jacobsen
Details | Diff
Fix for starttls and recordio breakage. (qmail-smtpd-recordio-starttls-fix.patch,390 bytes, patch)
2004-10-17 12:20 UTC, Anders Hellgren
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Diers 2004-02-05 13:03:04 UTC
When using /usr/bin/recordio under QMAIL_PRE_SMTPD, SSL connections cannot be made to qmail-smtpd.
Comment 1 Martin Diers 2004-02-05 13:10:22 UTC
Using qmail-1.03-r15.

I was attempting to use a combination of recordio and multilog filter commands, to implement error response logging. I was successful in doing so. However, I discovered that any attempted SSL connection dropped.

Evidently recordio terminated as the SSL connection began. The resulting log file showed the server's response :220 ready for tls, followed by a string of 8-bit characters from the client. Then nothing, except for the final [EOF] line. I suspect that recordio is dying when it starts to receive the 8-bit data, thus killing qmail-smtpd along with it.

Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-02-05 21:02:49 UTC
could you please trace what output exactly causes recordio to terminate?
i suggest using ethereal or some packet capture tool.
Comment 3 Martin Diers 2004-02-06 10:36:35 UTC
Created attachment 25089 [details]
Capture of SMTP traffic during a failed session

This capture was done on the client side, using ethereal with the following
filter string: "tcp port 25".
Comment 4 Martin Diers 2004-02-06 10:38:10 UTC
Created attachment 25090 [details]
Capture of SMTP traffic during failed TLS/Recordio session

Same as above, this time as a binary attachment.
Comment 5 Martin Diers 2004-02-06 10:53:12 UTC
Created attachment 25091 [details]
Server-side capture of failed session

Here is another failed session, as captured from the server side, using
Comment 6 Steven Boothe 2004-02-10 13:00:06 UTC
The following causes an error regarding TLS (note presence of recordio):

# Configuration file for qmail-smtpd
# $Header: /home/cvsroot/gentoo-x86/net-mail/qmail/files/1.03-r13/conf-smtpd,v 1.2 2003/11/30 03:00:20 robbat2 Exp $

# Stuff to run before tcpserver
# Stuff to run before qmail-smtpd
# Stuff to after qmail-smtpd

# this turns off the IDENT grab attempt on connecting

# You might want to use rblsmtpd with this, but you need to fill in a RBL server here first
# see for more details
QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} rblsmtpd -r -r -r -r"

Error from remote server attempting to deliver to gentoo qmail box:
2004-02-10 12:56:46.860111500 new msg 889176
2004-02-10 12:56:46.861980500 info msg 889176: bytes 302 from <> qp 8941 uid 0
2004-02-10 12:56:46.869226500 starting delivery 48788: msg 889176 to remote
2004-02-10 12:56:46.871254500 status: local 0/10 remote 1/20
2004-02-10 12:56:49.976509500 delivery 48788: deferral: TLS_not_available:_connect_failed:_error:00000000:lib(0):func(0):reason(0)/
2004-02-10 12:56:49.977614500 status: local 0/10 remote 0/20
[root@mx1 root]#

This condition goes away when 'recordio' is removed from the variable in conf-smtpd
Comment 7 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-02-10 14:02:31 UTC
steven: could you post a tcpdump on the remote side ( ?
also the smtpd logs around that timeframe.
Comment 8 Abner Graham Jacobsen 2004-06-21 20:41:18 UTC
Created attachment 33801 [details, diff]
Maybe this patch I found somewhere in the net fix the problema
Comment 9 Anders Hellgren gentoo-dev 2004-10-17 12:17:33 UTC
I found a fix for this problem by Richard Lyons in a mailing list archive. Analysis as follows.

> > It looks as though the patched qmail-smtpd is trying to write to the input
> > descriptor.  Correct me if I'm wrong, but isn't qmail-smtpd supposed to
> > read fd 0, and write on fd 1?
>In the TLS patch there will be a line like
>         SSL_set_fd(ssl,0);
>which connects the SSL engine to fd 0.  This is not normally a
>problem because fd 0 inherited from tcpserver is both writeable
>and readable.  However, recordio creates a new set of fds when it
>runs the child and fd 0 is read-only.  The quick fix is to remove
>recordio from your run file, for a more permanent solution replace
>the above line with
>         SSL_set_rfd(ssl,0);
>         SSL_set_wfd(ssl,1);
Comment 10 Anders Hellgren gentoo-dev 2004-10-17 12:20:03 UTC
Created attachment 42047 [details, diff]
Fix for starttls and recordio breakage.
Comment 11 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-01-03 12:55:36 UTC
Fixed in qmail-1.03-r16. Could you test it, please?
Comment 12 Anders Hellgren gentoo-dev 2005-01-04 06:29:29 UTC
Patch applies and works OK.
Comment 13 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-01-04 09:55:16 UTC
Thanks for testing, closing this bug.