Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: DBMail: dev

[DBMail 0000941]: IMAP Daemon hang on STARTTLS

 

 

DBMail dev RSS feed   Index | Next | Previous | View Threaded


bugtrack at dbmail

Nov 11, 2011, 6:31 PM

Post #1 of 9 (579 views)
Permalink
[DBMail 0000941]: IMAP Daemon hang on STARTTLS

The following issue has been SUBMITTED.
======================================================================
http://www.dbmail.org/mantis/view.php?id=941
======================================================================
Reported By: Bobbnz
Assigned To:
======================================================================
Project: DBMail
Issue ID: 941
Category: IMAP daemon
Reproducibility: always
Severity: crash
Priority: normal
Status: new
target:
======================================================================
Date Submitted: 12-Nov-11 03:31 CET
Last Modified: 12-Nov-11 03:31 CET
======================================================================
Summary: IMAP Daemon hang on STARTTLS
Description:
SSL connections working fine on port 995
issue STARTTLS and server hangs
======================================================================

Issue History
Date Modified Username Field Change
======================================================================
12-Nov-11 03:31 Bobbnz New Issue
======================================================================

_______________________________________________
Dbmail-dev mailing list
Dbmail-dev [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail-dev


bugtrack at dbmail

Nov 11, 2011, 6:40 PM

Post #2 of 9 (561 views)
Permalink
[DBMail 0000941]: IMAP Daemon hang on STARTTLS [In reply to]

A NOTE has been added to this issue.
======================================================================
http://www.dbmail.org/mantis/view.php?id=941
======================================================================
Reported By: Bobbnz
Assigned To:
======================================================================
Project: DBMail
Issue ID: 941
Category: IMAP daemon
Reproducibility: always
Severity: crash
Priority: normal
Status: new
target:
======================================================================
Date Submitted: 12-Nov-11 03:31 CET
Last Modified: 12-Nov-11 03:40 CET
======================================================================
Summary: IMAP Daemon hang on STARTTLS
Description:
SSL connections working fine on port 995
issue STARTTLS and server hangs
======================================================================

----------------------------------------------------------------------
(0003331) Bobbnz (reporter) - 12-Nov-11 03:40
http://www.dbmail.org/mantis/view.php?id=941#c3331
----------------------------------------------------------------------
Sorry, should read port 993 (set as tls port in dbmail.conf)

Issue History
Date Modified Username Field Change
======================================================================
12-Nov-11 03:31 Bobbnz New Issue
12-Nov-11 03:40 Bobbnz Note Added: 0003331
======================================================================

_______________________________________________
Dbmail-dev mailing list
Dbmail-dev [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail-dev


bugtrack at dbmail

Nov 12, 2011, 11:44 AM

Post #3 of 9 (556 views)
Permalink
[DBMail 0000941]: IMAP Daemon hang on STARTTLS [In reply to]

A NOTE has been added to this issue.
======================================================================
http://www.dbmail.org/mantis/view.php?id=941
======================================================================
Reported By: Bobbnz
Assigned To:
======================================================================
Project: DBMail
Issue ID: 941
Category: IMAP daemon
Reproducibility: always
Severity: crash
Priority: normal
Status: new
target:
======================================================================
Date Submitted: 12-Nov-11 03:31 CET
Last Modified: 12-Nov-11 20:44 CET
======================================================================
Summary: IMAP Daemon hang on STARTTLS
Description:
SSL connections working fine on port 995
issue STARTTLS and server hangs
======================================================================

----------------------------------------------------------------------
(0003331) Bobbnz (reporter) - 12-Nov-11 04:26
http://www.dbmail.org/mantis/view.php?id=941#c3331
----------------------------------------------------------------------
Sorry, should read port 993 (set as tls port in dbmail.conf)

Update - You dont have to issue STARTTLS, just connecting with non-ssl
client will hang it - eg 'telnet server.domain 993' - SSL connections are
working OK (until it hangs) so I'm guessing I have chained certs done right



----------------------------------------------------------------------
(0003332) paul (administrator) - 12-Nov-11 20:44
http://www.dbmail.org/mantis/view.php?id=941#c3332
----------------------------------------------------------------------
Bob,

This report is way too thin on details. Since I use STARTTLS all the time
using both thunderbird and k9-mail, your steps to reproduce must be missing
something.

A command-line test of STARTTLS can be done using openssl:

openssl s_client -connect mymailserver:143 -starttls imap

If you can reproduce this reliably, please upload detailed level 511
(anonimized) logs - only the relevant parts - plus dbmail.conf into this
issue.

Issue History
Date Modified Username Field Change
======================================================================
12-Nov-11 03:31 Bobbnz New Issue
12-Nov-11 03:40 Bobbnz Note Added: 0003331
12-Nov-11 04:26 Bobbnz Note Edited: 0003331
12-Nov-11 20:44 paul Note Added: 0003332
======================================================================

_______________________________________________
Dbmail-dev mailing list
Dbmail-dev [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail-dev


bugtrack at dbmail

Nov 12, 2011, 3:13 PM

Post #4 of 9 (557 views)
Permalink
[DBMail 0000941]: IMAP Daemon hang on STARTTLS [In reply to]

A NOTE has been added to this issue.
======================================================================
http://www.dbmail.org/mantis/view.php?id=941
======================================================================
Reported By: Bobbnz
Assigned To:
======================================================================
Project: DBMail
Issue ID: 941
Category: IMAP daemon
Reproducibility: always
Severity: crash
Priority: normal
Status: new
target:
======================================================================
Date Submitted: 12-Nov-11 03:31 CET
Last Modified: 13-Nov-11 00:13 CET
======================================================================
Summary: IMAP Daemon hang on STARTTLS
Description:
SSL connections working fine on port 995
issue STARTTLS and server hangs
======================================================================

----------------------------------------------------------------------
(0003331) Bobbnz (reporter) - 12-Nov-11 04:26
http://www.dbmail.org/mantis/view.php?id=941#c3331
----------------------------------------------------------------------
Sorry, should read port 993 (set as tls port in dbmail.conf)

Update - You dont have to issue STARTTLS, just connecting with non-ssl
client will hang it - eg 'telnet server.domain 993' - SSL connections are
working OK (until it hangs) so I'm guessing I have chained certs done right



----------------------------------------------------------------------
(0003332) paul (administrator) - 12-Nov-11 20:44
http://www.dbmail.org/mantis/view.php?id=941#c3332
----------------------------------------------------------------------
Bob,

This report is way too thin on details. Since I use STARTTLS all the time
using both thunderbird and k9-mail, your steps to reproduce must be missing
something.

A command-line test of STARTTLS can be done using openssl:

openssl s_client -connect mymailserver:143 -starttls imap

If you can reproduce this reliably, please upload detailed level 511
(anonimized) logs - only the relevant parts - plus dbmail.conf into this
issue.

----------------------------------------------------------------------
(0003335) Bobbnz (reporter) - 13-Nov-11 00:13
http://www.dbmail.org/mantis/view.php?id=941#c3335
----------------------------------------------------------------------
Hi Paul

To reproduce the problem you need to specify tls port (in this case 993)
in dbmail.conf. Then just connect to port 993 with standard telnet client
and issue anything at all and imapd will hang.

Bob

Issue History
Date Modified Username Field Change
======================================================================
12-Nov-11 03:31 Bobbnz New Issue
12-Nov-11 03:40 Bobbnz Note Added: 0003331
12-Nov-11 04:26 Bobbnz Note Edited: 0003331
12-Nov-11 20:44 paul Note Added: 0003332
13-Nov-11 00:07 Bobbnz File Added: dbmail.err.bob
13-Nov-11 00:07 Bobbnz File Added: dbmail.conf
13-Nov-11 00:13 Bobbnz Note Added: 0003335
======================================================================

_______________________________________________
Dbmail-dev mailing list
Dbmail-dev [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail-dev


bugtrack at dbmail

Nov 12, 2011, 3:18 PM

Post #5 of 9 (551 views)
Permalink
[DBMail 0000941]: IMAP Daemon hang on STARTTLS [In reply to]

A NOTE has been added to this issue.
======================================================================
http://www.dbmail.org/mantis/view.php?id=941
======================================================================
Reported By: Bobbnz
Assigned To:
======================================================================
Project: DBMail
Issue ID: 941
Category: IMAP daemon
Reproducibility: always
Severity: crash
Priority: normal
Status: new
target:
======================================================================
Date Submitted: 12-Nov-11 03:31 CET
Last Modified: 13-Nov-11 00:18 CET
======================================================================
Summary: IMAP Daemon hang on STARTTLS
Description:
SSL connections working fine on port 995
issue STARTTLS and server hangs
======================================================================

----------------------------------------------------------------------
(0003331) Bobbnz (reporter) - 12-Nov-11 04:26
http://www.dbmail.org/mantis/view.php?id=941#c3331
----------------------------------------------------------------------
Sorry, should read port 993 (set as tls port in dbmail.conf)

Update - You dont have to issue STARTTLS, just connecting with non-ssl
client will hang it - eg 'telnet server.domain 993' - SSL connections are
working OK (until it hangs) so I'm guessing I have chained certs done right



----------------------------------------------------------------------
(0003332) paul (administrator) - 12-Nov-11 20:44
http://www.dbmail.org/mantis/view.php?id=941#c3332
----------------------------------------------------------------------
Bob,

This report is way too thin on details. Since I use STARTTLS all the time
using both thunderbird and k9-mail, your steps to reproduce must be missing
something.

A command-line test of STARTTLS can be done using openssl:

openssl s_client -connect mymailserver:143 -starttls imap

If you can reproduce this reliably, please upload detailed level 511
(anonimized) logs - only the relevant parts - plus dbmail.conf into this
issue.

----------------------------------------------------------------------
(0003335) Bobbnz (reporter) - 13-Nov-11 00:13
http://www.dbmail.org/mantis/view.php?id=941#c3335
----------------------------------------------------------------------
Hi Paul

To reproduce the problem you need to specify tls port (in this case 993)
in dbmail.conf. Then just connect to port 993 with standard telnet client
and issue anything at all and imapd will hang.

Bob

----------------------------------------------------------------------
(0003336) Bobbnz (reporter) - 13-Nov-11 00:18
http://www.dbmail.org/mantis/view.php?id=941#c3336
----------------------------------------------------------------------
Without tls_port specified, TLS is working fine on port 143 so not a
showstopper unless you need ssl on 993

Issue History
Date Modified Username Field Change
======================================================================
12-Nov-11 03:31 Bobbnz New Issue
12-Nov-11 03:40 Bobbnz Note Added: 0003331
12-Nov-11 04:26 Bobbnz Note Edited: 0003331
12-Nov-11 20:44 paul Note Added: 0003332
13-Nov-11 00:07 Bobbnz File Added: dbmail.err.bob
13-Nov-11 00:07 Bobbnz File Added: dbmail.conf
13-Nov-11 00:13 Bobbnz Note Added: 0003335
13-Nov-11 00:18 Bobbnz Note Added: 0003336
======================================================================

_______________________________________________
Dbmail-dev mailing list
Dbmail-dev [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail-dev


bugtrack at dbmail

Nov 13, 2011, 3:45 AM

Post #6 of 9 (558 views)
Permalink
[DBMail 0000941]: IMAP Daemon hang on STARTTLS [In reply to]

A NOTE has been added to this issue.
======================================================================
http://www.dbmail.org/mantis/view.php?id=941
======================================================================
Reported By: Bobbnz
Assigned To:
======================================================================
Project: DBMail
Issue ID: 941
Category: IMAP daemon
Reproducibility: always
Severity: crash
Priority: normal
Status: new
target:
======================================================================
Date Submitted: 12-Nov-11 03:31 CET
Last Modified: 13-Nov-11 12:45 CET
======================================================================
Summary: IMAP Daemon hang on STARTTLS
Description:
SSL connections working fine on port 995
issue STARTTLS and server hangs
======================================================================

----------------------------------------------------------------------
(0003331) Bobbnz (reporter) - 12-Nov-11 04:26
http://www.dbmail.org/mantis/view.php?id=941#c3331
----------------------------------------------------------------------
Sorry, should read port 993 (set as tls port in dbmail.conf)

Update - You dont have to issue STARTTLS, just connecting with non-ssl
client will hang it - eg 'telnet server.domain 993' - SSL connections are
working OK (until it hangs) so I'm guessing I have chained certs done right



----------------------------------------------------------------------
(0003332) paul (administrator) - 12-Nov-11 20:44
http://www.dbmail.org/mantis/view.php?id=941#c3332
----------------------------------------------------------------------
Bob,

This report is way too thin on details. Since I use STARTTLS all the time
using both thunderbird and k9-mail, your steps to reproduce must be missing
something.

A command-line test of STARTTLS can be done using openssl:

openssl s_client -connect mymailserver:143 -starttls imap

If you can reproduce this reliably, please upload detailed level 511
(anonimized) logs - only the relevant parts - plus dbmail.conf into this
issue.

----------------------------------------------------------------------
(0003335) Bobbnz (reporter) - 13-Nov-11 00:19
http://www.dbmail.org/mantis/view.php?id=941#c3335
----------------------------------------------------------------------
Hi Paul

To reproduce the problem you need to specify tls port (in this case 993)
in dbmail.conf. Then just connect to port 993 with standard telnet client
and issue anything at all and imapd will hang.


Without tls_port specified, TLS is working fine on port 143 so not a
showstopper unless you need ssl on 993

Bob



----------------------------------------------------------------------
(0003337) paul (administrator) - 13-Nov-11 12:45
http://www.dbmail.org/mantis/view.php?id=941#c3337
----------------------------------------------------------------------
The ssl socket is blocking, and you are doing a denial-of-service attach on
it. Doing a plain telnet on a SSL socket is invalid, and should be dealt
with by dropping the connection if a ssl negotiation is not started on it.
Also, SSL sockets must be made non-blocking.

Issue History
Date Modified Username Field Change
======================================================================
12-Nov-11 03:31 Bobbnz New Issue
12-Nov-11 03:40 Bobbnz Note Added: 0003331
12-Nov-11 04:26 Bobbnz Note Edited: 0003331
12-Nov-11 20:44 paul Note Added: 0003332
13-Nov-11 00:07 Bobbnz File Added: dbmail.err.bob
13-Nov-11 00:07 Bobbnz File Added: dbmail.conf
13-Nov-11 00:13 Bobbnz Note Added: 0003335
13-Nov-11 00:18 Bobbnz Note Added: 0003336
13-Nov-11 00:18 Bobbnz Note Deleted: 0003336
13-Nov-11 00:19 Bobbnz Note Edited: 0003335
13-Nov-11 12:45 paul Note Added: 0003337
======================================================================

_______________________________________________
Dbmail-dev mailing list
Dbmail-dev [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail-dev


bugtrack at dbmail

Nov 13, 2011, 3:46 AM

Post #7 of 9 (559 views)
Permalink
[DBMail 0000941]: IMAP Daemon hang on STARTTLS [In reply to]

A NOTE has been added to this issue.
======================================================================
http://www.dbmail.org/mantis/view.php?id=941
======================================================================
Reported By: Bobbnz
Assigned To:
======================================================================
Project: DBMail
Issue ID: 941
Category: IMAP daemon
Reproducibility: always
Severity: crash
Priority: normal
Status: new
target:
======================================================================
Date Submitted: 12-Nov-11 03:31 CET
Last Modified: 13-Nov-11 12:46 CET
======================================================================
Summary: IMAP Daemon hang on STARTTLS
Description:
SSL connections working fine on port 995
issue STARTTLS and server hangs
======================================================================

----------------------------------------------------------------------
(0003331) Bobbnz (reporter) - 12-Nov-11 04:26
http://www.dbmail.org/mantis/view.php?id=941#c3331
----------------------------------------------------------------------
Sorry, should read port 993 (set as tls port in dbmail.conf)

Update - You dont have to issue STARTTLS, just connecting with non-ssl
client will hang it - eg 'telnet server.domain 993' - SSL connections are
working OK (until it hangs) so I'm guessing I have chained certs done right



----------------------------------------------------------------------
(0003332) paul (administrator) - 12-Nov-11 20:44
http://www.dbmail.org/mantis/view.php?id=941#c3332
----------------------------------------------------------------------
Bob,

This report is way too thin on details. Since I use STARTTLS all the time
using both thunderbird and k9-mail, your steps to reproduce must be missing
something.

A command-line test of STARTTLS can be done using openssl:

openssl s_client -connect mymailserver:143 -starttls imap

If you can reproduce this reliably, please upload detailed level 511
(anonimized) logs - only the relevant parts - plus dbmail.conf into this
issue.

----------------------------------------------------------------------
(0003335) Bobbnz (reporter) - 13-Nov-11 00:19
http://www.dbmail.org/mantis/view.php?id=941#c3335
----------------------------------------------------------------------
Hi Paul

To reproduce the problem you need to specify tls port (in this case 993)
in dbmail.conf. Then just connect to port 993 with standard telnet client
and issue anything at all and imapd will hang.


Without tls_port specified, TLS is working fine on port 143 so not a
showstopper unless you need ssl on 993

Bob



----------------------------------------------------------------------
(0003337) paul (administrator) - 13-Nov-11 12:45
http://www.dbmail.org/mantis/view.php?id=941#c3337
----------------------------------------------------------------------
The ssl socket is blocking, and you are doing a denial-of-service attach on
it. Doing a plain telnet on a SSL socket is invalid, and should be dealt
with by dropping the connection if a ssl negotiation is not started on it.
Also, SSL sockets must be made non-blocking.

----------------------------------------------------------------------
(0003338) paul (administrator) - 13-Nov-11 12:46
http://www.dbmail.org/mantis/view.php?id=941#c3338
----------------------------------------------------------------------
Correction: only the listening socket must be made non-blocking. Active
connections already are non-blocking.

Issue History
Date Modified Username Field Change
======================================================================
12-Nov-11 03:31 Bobbnz New Issue
12-Nov-11 03:40 Bobbnz Note Added: 0003331
12-Nov-11 04:26 Bobbnz Note Edited: 0003331
12-Nov-11 20:44 paul Note Added: 0003332
13-Nov-11 00:07 Bobbnz File Added: dbmail.err.bob
13-Nov-11 00:07 Bobbnz File Added: dbmail.conf
13-Nov-11 00:13 Bobbnz Note Added: 0003335
13-Nov-11 00:18 Bobbnz Note Added: 0003336
13-Nov-11 00:18 Bobbnz Note Deleted: 0003336
13-Nov-11 00:19 Bobbnz Note Edited: 0003335
13-Nov-11 12:45 paul Note Added: 0003337
13-Nov-11 12:46 paul Note Added: 0003338
======================================================================

_______________________________________________
Dbmail-dev mailing list
Dbmail-dev [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail-dev


bugtrack at dbmail

Nov 13, 2011, 4:01 AM

Post #8 of 9 (556 views)
Permalink
[DBMail 0000941]: IMAP Daemon hang on STARTTLS [In reply to]

A NOTE has been added to this issue.
======================================================================
http://www.dbmail.org/mantis/view.php?id=941
======================================================================
Reported By: Bobbnz
Assigned To:
======================================================================
Project: DBMail
Issue ID: 941
Category: IMAP daemon
Reproducibility: always
Severity: crash
Priority: normal
Status: new
target:
======================================================================
Date Submitted: 12-Nov-11 03:31 CET
Last Modified: 13-Nov-11 13:01 CET
======================================================================
Summary: IMAP Daemon hang on STARTTLS
Description:
SSL connections working fine on port 995
issue STARTTLS and server hangs
======================================================================

----------------------------------------------------------------------
(0003331) Bobbnz (reporter) - 12-Nov-11 04:26
http://www.dbmail.org/mantis/view.php?id=941#c3331
----------------------------------------------------------------------
Sorry, should read port 993 (set as tls port in dbmail.conf)

Update - You dont have to issue STARTTLS, just connecting with non-ssl
client will hang it - eg 'telnet server.domain 993' - SSL connections are
working OK (until it hangs) so I'm guessing I have chained certs done right



----------------------------------------------------------------------
(0003332) paul (administrator) - 12-Nov-11 20:44
http://www.dbmail.org/mantis/view.php?id=941#c3332
----------------------------------------------------------------------
Bob,

This report is way too thin on details. Since I use STARTTLS all the time
using both thunderbird and k9-mail, your steps to reproduce must be missing
something.

A command-line test of STARTTLS can be done using openssl:

openssl s_client -connect mymailserver:143 -starttls imap

If you can reproduce this reliably, please upload detailed level 511
(anonimized) logs - only the relevant parts - plus dbmail.conf into this
issue.

----------------------------------------------------------------------
(0003335) Bobbnz (reporter) - 13-Nov-11 00:19
http://www.dbmail.org/mantis/view.php?id=941#c3335
----------------------------------------------------------------------
Hi Paul

To reproduce the problem you need to specify tls port (in this case 993)
in dbmail.conf. Then just connect to port 993 with standard telnet client
and issue anything at all and imapd will hang.


Without tls_port specified, TLS is working fine on port 143 so not a
showstopper unless you need ssl on 993

Bob



----------------------------------------------------------------------
(0003337) paul (administrator) - 13-Nov-11 12:45
http://www.dbmail.org/mantis/view.php?id=941#c3337
----------------------------------------------------------------------
The ssl socket is blocking, and you are doing a denial-of-service attach on
it. Doing a plain telnet on a SSL socket is invalid, and should be dealt
with by dropping the connection if a ssl negotiation is not started on it.
Also, SSL sockets must be made non-blocking.

----------------------------------------------------------------------
(0003338) paul (administrator) - 13-Nov-11 12:46
http://www.dbmail.org/mantis/view.php?id=941#c3338
----------------------------------------------------------------------
Correction: only the listening socket must be made non-blocking. Active
connections already are non-blocking.

----------------------------------------------------------------------
(0003339) Bobbnz (reporter) - 13-Nov-11 13:01
http://www.dbmail.org/mantis/view.php?id=941#c3339
----------------------------------------------------------------------
It was Outlook trying to do tls that started the problem, I just used
telnet for easy illustration. It's a dos vulnerabilty that can be triggered
too easily by accident.Fwiw - Pop3 ssl on 995 seems ok :)

Issue History
Date Modified Username Field Change
======================================================================
12-Nov-11 03:31 Bobbnz New Issue
12-Nov-11 03:40 Bobbnz Note Added: 0003331
12-Nov-11 04:26 Bobbnz Note Edited: 0003331
12-Nov-11 20:44 paul Note Added: 0003332
13-Nov-11 00:07 Bobbnz File Added: dbmail.err.bob
13-Nov-11 00:07 Bobbnz File Added: dbmail.conf
13-Nov-11 00:13 Bobbnz Note Added: 0003335
13-Nov-11 00:18 Bobbnz Note Added: 0003336
13-Nov-11 00:18 Bobbnz Note Deleted: 0003336
13-Nov-11 00:19 Bobbnz Note Edited: 0003335
13-Nov-11 12:45 paul Note Added: 0003337
13-Nov-11 12:46 paul Note Added: 0003338
13-Nov-11 13:01 Bobbnz Note Added: 0003339
======================================================================

_______________________________________________
Dbmail-dev mailing list
Dbmail-dev [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail-dev


bugtrack at dbmail

Nov 13, 2011, 5:14 AM

Post #9 of 9 (556 views)
Permalink
[DBMail 0000941]: IMAP Daemon hang on STARTTLS [In reply to]

The following issue has been RESOLVED.
======================================================================
http://www.dbmail.org/mantis/view.php?id=941
======================================================================
Reported By: Bobbnz
Assigned To: paul
======================================================================
Project: DBMail
Issue ID: 941
Category: IMAP daemon
Reproducibility: always
Severity: crash
Priority: normal
Status: resolved
target:
Resolution: fixed
Fixed in Version: 3.0.0-final
======================================================================
Date Submitted: 12-Nov-11 03:31 CET
Last Modified: 13-Nov-11 14:14 CET
======================================================================
Summary: IMAP Daemon hang on STARTTLS
Description:
SSL connections working fine on port 995
issue STARTTLS and server hangs
======================================================================

----------------------------------------------------------------------
(0003331) Bobbnz (reporter) - 12-Nov-11 04:26
http://www.dbmail.org/mantis/view.php?id=941#c3331
----------------------------------------------------------------------
Sorry, should read port 993 (set as tls port in dbmail.conf)

Update - You dont have to issue STARTTLS, just connecting with non-ssl
client will hang it - eg 'telnet server.domain 993' - SSL connections are
working OK (until it hangs) so I'm guessing I have chained certs done right



----------------------------------------------------------------------
(0003332) paul (administrator) - 12-Nov-11 20:44
http://www.dbmail.org/mantis/view.php?id=941#c3332
----------------------------------------------------------------------
Bob,

This report is way too thin on details. Since I use STARTTLS all the time
using both thunderbird and k9-mail, your steps to reproduce must be missing
something.

A command-line test of STARTTLS can be done using openssl:

openssl s_client -connect mymailserver:143 -starttls imap

If you can reproduce this reliably, please upload detailed level 511
(anonimized) logs - only the relevant parts - plus dbmail.conf into this
issue.

----------------------------------------------------------------------
(0003335) Bobbnz (reporter) - 13-Nov-11 00:19
http://www.dbmail.org/mantis/view.php?id=941#c3335
----------------------------------------------------------------------
Hi Paul

To reproduce the problem you need to specify tls port (in this case 993)
in dbmail.conf. Then just connect to port 993 with standard telnet client
and issue anything at all and imapd will hang.


Without tls_port specified, TLS is working fine on port 143 so not a
showstopper unless you need ssl on 993

Bob



----------------------------------------------------------------------
(0003337) paul (administrator) - 13-Nov-11 12:45
http://www.dbmail.org/mantis/view.php?id=941#c3337
----------------------------------------------------------------------
The ssl socket is blocking, and you are doing a denial-of-service attach on
it. Doing a plain telnet on a SSL socket is invalid, and should be dealt
with by dropping the connection if a ssl negotiation is not started on it.
Also, SSL sockets must be made non-blocking.

----------------------------------------------------------------------
(0003338) paul (administrator) - 13-Nov-11 12:46
http://www.dbmail.org/mantis/view.php?id=941#c3338
----------------------------------------------------------------------
Correction: only the listening socket must be made non-blocking. Active
connections already are non-blocking.

----------------------------------------------------------------------
(0003339) Bobbnz (reporter) - 13-Nov-11 13:01
http://www.dbmail.org/mantis/view.php?id=941#c3339
----------------------------------------------------------------------
It was Outlook trying to do tls that started the problem, I just used
telnet for easy illustration. It's a dos vulnerabilty that can be triggered
too easily by accident.Fwiw - Pop3 ssl on 995 seems ok :)

----------------------------------------------------------------------
(0003340) paul (administrator) - 13-Nov-11 14:14
http://www.dbmail.org/mantis/view.php?id=941#c3340
----------------------------------------------------------------------
pls try

http://git.dbmail.eu/paul/dbmail/commit/?id=9efbf4ee05760a4b964fac4a3ef048c0347ed60f

which I believe fixes this behaviour:

- ssl sockets are non-blocking on accept
- handle SSL_ERROR_WANT_READ/WRITE errors during accept

Issue History
Date Modified Username Field Change
======================================================================
12-Nov-11 03:31 Bobbnz New Issue
12-Nov-11 03:40 Bobbnz Note Added: 0003331
12-Nov-11 04:26 Bobbnz Note Edited: 0003331
12-Nov-11 20:44 paul Note Added: 0003332
13-Nov-11 00:07 Bobbnz File Added: dbmail.err.bob
13-Nov-11 00:07 Bobbnz File Added: dbmail.conf
13-Nov-11 00:13 Bobbnz Note Added: 0003335
13-Nov-11 00:18 Bobbnz Note Added: 0003336
13-Nov-11 00:18 Bobbnz Note Deleted: 0003336
13-Nov-11 00:19 Bobbnz Note Edited: 0003335
13-Nov-11 12:45 paul Note Added: 0003337
13-Nov-11 12:46 paul Note Added: 0003338
13-Nov-11 13:01 Bobbnz Note Added: 0003339
13-Nov-11 14:14 paul Note Added: 0003340
13-Nov-11 14:14 paul Assigned To => paul
13-Nov-11 14:14 paul Status new => resolved
13-Nov-11 14:14 paul Resolution open => fixed
13-Nov-11 14:14 paul Fixed in Version => 3.0.0-final
======================================================================

_______________________________________________
Dbmail-dev mailing list
Dbmail-dev [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail-dev

DBMail dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.