sendmail-8.12.5 infinite loop within tls_read (STARTTLS: read error=generic SSL error)

sendmail-8.12.5 infinite loop within tls_read (STARTTLS: read error=generic SSL error)

Post by Walter Muelle » Wed, 29 Jan 2003 23:29:55



Hello,

Today, on our mail relay several sendmail processes continued logging
    STARTTLS: read error=generic SSL error (0)
in an infinite loop until until our log filesystem was full. This was the
first time after running for about one month under heavy load without
problems. All processes have been started by connections from one single
SMTP-Client system outside of our organization.

We are using sendmail Version 8.12.5 on a RedHat 7.3 Linux System with rpm
package openssl-0.9.6b-28.

I have looked into the source and detected a possible reason for the
infinite loop in tls_read.c . In some cases the count variable "again"
(I guess it should protect from such loops) will be reset and the message
above will be logged.

In the current release 8.12.7 there have been changes in this part of the
code.
Does _FFR_DEAL_WITH_ERROR_SSL cure our problem?
Is this Define enabled by default?

--
With best regards - thanks for any kind of advice
Walter Mller - Zentraler Informatikdienst - Universitaet Innsbruck

 
 
 

sendmail-8.12.5 infinite loop within tls_read (STARTTLS: read error=generic SSL error)

Post by Claus A?man » Thu, 30 Jan 2003 00:38:29


[If you post a question and mail it to sendmail.org then please
tell us so we can avoid double work]

Quote:> Today, on our mail relay several sendmail processes continued logging
>     STARTTLS: read error=generic SSL error (0)
> in an infinite loop until until our log filesystem was full. This was the
> first time after running for about one month under heavy load without
> problems. All processes have been started by connections from one single
> SMTP-Client system outside of our organization.
> We are using sendmail Version 8.12.5 on a RedHat 7.3 Linux System with rpm
> package openssl-0.9.6b-28.
> I have looked into the source and detected a possible reason for the
> infinite loop in tls_read.c . In some cases the count variable "again"
> (I guess it should protect from such loops) will be reset and the message
> above will be logged.

I don't think that's the reason... the problem is that
the error conditions are not well defined in the OpenSSL
documentation (at least the last time I looked).

Quote:> In the current release 8.12.7 there have been changes in this part of the
> code.
> Does _FFR_DEAL_WITH_ERROR_SSL cure our problem?

It is supposed to do that.

Quote:> Is this Define enabled by default?

No.

 
 
 

sendmail-8.12.5 infinite loop within tls_read (STARTTLS: read error=generic SSL error)

Post by acqa » Sat, 08 Feb 2003 05:08:34




> [If you post a question and mail it to sendmail.org then please
> tell us so we can avoid double work]

> > Today, on our mail relay several sendmail processes continued logging
> >     STARTTLS: read error=generic SSL error (0)
> > in an infinite loop until until our log filesystem was full. This was the
> > first time after running for about one month under heavy load without
> > problems. All processes have been started by connections from one single
> > SMTP-Client system outside of our organization.

> > We are using sendmail Version 8.12.5 on a RedHat 7.3 Linux System with rpm
> > package openssl-0.9.6b-28.

> > I have looked into the source and detected a possible reason for the
> > infinite loop in tls_read.c . In some cases the count variable "again"
> > (I guess it should protect from such loops) will be reset and the message
> > above will be logged.

> I don't think that's the reason... the problem is that
> the error conditions are not well defined in the OpenSSL
> documentation (at least the last time I looked).

> > In the current release 8.12.7 there have been changes in this part of the
> > code.
> > Does _FFR_DEAL_WITH_ERROR_SSL cure our problem?

> It is supposed to do that.

> > Is this Define enabled by default?

> No.

So far seems to do that.  Went from 8.12.2 to 8.12.7 with
_FFR_DEAL_WITH_ERROR_SSL.  The hosts (the last one was a sendmail
8.12.5 MTA acting as a TLS client) now show up as "did not issue
EHLO......"
 
 
 

1. Ruleset 181 infinite loop, rule 47 error ...

Several of my users here are having mail bounce with this error:
----------------------------

Sent: Monday, October 28, 2002 9:28 PM

Subject: Returned mail: Service unavailable

The original message was received at Tue, 29 Oct 2002 00:27:23 -0500

   ----- The following addresses had permanent fatal errors -----


   ----- Transcript of session follows -----
... while talking to isvw2.cadence.com.:
<<< 554 Infinite loop in ruleset 181, rule 47
554

Service unavailable
----------------------------

I am unable to find any reference to this anywhere, nor can I make
sendmail spit the error out...  (Via debug or test mode).

Any thoughts on how to remedy this?

regards,
Gregory Hicks

--

"The trouble with doing anything right the first time is that nobody
appreciates how difficult it was."

When a team of dedicated individuals makes a commitment to act as
one...  the sky's the limit.

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

You can have it done good, fast, or cheap -- pick any two.

2. RPC issues with SGI IRIX 6.4

3. Generic SSL error

4. Falcon on HD - Yahoo!!

5. amavisd-snapshot20020300 and sendmail-8.12.5-7

6. xerox homecentre

7. Sendmail v8.12.5 configuration with Red Hat Linux v8.0

8. Maximum connections to connecting point??

9. Infinite Loops and Sendmail

10. sendmail error 554 rewrite: infinite recursion

11. infinite looping with sendmail.mx

12. Can't Compile sendmail8.12.5

13. compile issues with Solaris9 & sm8.12.5