From nobody Fri Aug 29 18:57:42 2025 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cD6wr2dwXz6626B; Fri, 29 Aug 2025 18:58:20 +0000 (UTC) (envelope-from freebsd@walstatt-de.de) Received: from smtp052.goneo.de (smtp5.goneo.de [IPv6:2001:1640:5::8:30]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4cD6wq2kcWz3TB6; Fri, 29 Aug 2025 18:58:19 +0000 (UTC) (envelope-from freebsd@walstatt-de.de) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=walstatt-de.de header.s=DKIM001 header.b=qxNbxAfw; dmarc=none; spf=pass (mx1.freebsd.org: domain of freebsd@walstatt-de.de designates 2001:1640:5::8:30 as permitted sender) smtp.mailfrom=freebsd@walstatt-de.de Received: from hub1.goneo.de (hub1.goneo.de [IPv6:2001:1640:5::8:52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp5.goneo.de (Postfix) with ESMTPS id 0AC1B240454; Fri, 29 Aug 2025 20:58:12 +0200 (CEST) Received: from hub1.goneo.de (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by hub1.goneo.de (Postfix) with ESMTPS id 6A9762400D4; Fri, 29 Aug 2025 20:58:10 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=walstatt-de.de; s=DKIM001; t=1756493890; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=zFFE/VJS5Y2nW7H/9XnPnwHObStIVdHCyJSwMLNeR8g=; b=qxNbxAfwW1CXNoan35jZ0osIawpz94XdLYyy3quZHKsV4MK1cNIf1DKKWfcilqYvDfAlk6 fx7T9ChimKQw68KYvvpSfNDlww7m7RqxTQuI6ob7UIQ+LnqC0dsbYqQ63WndqfbD+iXhQd 9JxJBT+SmYWrccobbWAzc/6orriyDakSOXihoUcxGZL0lbMYo5FyUCwA2xwuCS4F86KSTe n8NDaDw6HCizLAnbF95FVFvDK14yiKXuqdlTs9y0o5gETbanrIhMdVotqQFNDu4UjPOQzR 3XYKn8rNMUypVBtopJ1vaQRQYz9vO7rTqSKT8fYaeRAmKXpUb6qmnNONt6s6aQ== Received: from thor.sb211.local (dynamic-2a02-3100-1a97-b302-14c5-b920-98da-1944.310.pool.telefonica.de [IPv6:2a02:3100:1a97:b302:14c5:b920:98da:1944]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by hub1.goneo.de (Postfix) with ESMTPSA id 27EA0240263; Fri, 29 Aug 2025 20:58:10 +0200 (CEST) Date: Fri, 29 Aug 2025 20:57:42 +0200 From: A FreeBSD User To: Ronald Klop Cc: FreeBSD CURRENT , FreeBSD Ports Subject: Re: mail/claws-mail: IPv6 issues: SSL handshake error Message-ID: <20250829203734.202d8f07@thor.sb211.local> In-Reply-To: <91944f04-24b4-4374-b147-474a59e85568@FreeBSD.org> References: <20250828171636.04a61a93@thor.sb211.local> <91944f04-24b4-4374-b147-474a59e85568@FreeBSD.org> X-Mailer: Claws Mail 3.21.0 (GTK+ 2.24.33; amd64-portbld-freebsd15.0) List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/bz_1Neq1c4IEuvJbYOO7SfX"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-Rspamd-UID: 0b0389 X-Rspamd-UID: 2d3a4b X-Spamd-Bar: ----- X-Spamd-Result: default: False [-5.70 / 15.00]; SIGNED_PGP(-2.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; R_SPF_ALLOW(-0.20)[+ip6:2001:1640:5::8:0/112]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; R_DKIM_ALLOW(-0.20)[walstatt-de.de:s=DKIM001]; RCVD_IN_DNSWL_LOW(-0.10)[2001:1640:5::8:30:from]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:25394, ipnet:2001:1640::/32, country:DE]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; DMARC_NA(0.00)[walstatt-de.de]; RCVD_TLS_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-current@freebsd.org,freebsd-ports@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[walstatt-de.de:+] X-Rspamd-Queue-Id: 4cD6wq2kcWz3TB6 --Sig_/bz_1Neq1c4IEuvJbYOO7SfX Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Am Tage des Herren Thu, 28 Aug 2025 18:49:41 +0200 Ronald Klop schrieb: > Op 28-08-2025 om 17:16 schreef A FreeBSD User: > > Hello, > >=20 > > I'm using mail/claws-mail for my daily work with FreeBSD (CURRENT, 14-S= TABLE at this time). > > After switching to a working IPv6 environment I face serious connection= problems with one > > of my providers, to which claws-mail prefereably connects via IPv6. Sen= ding and receiving > > is done via "Use TLS" on sending an receiving (the provider, goneo.de = has a dedicated > > introduction configuring claws-mail I followed step by step). > >=20 > > On the firewall I observe that the provider in question is connected vi= a IPv6, while other > > providers, University and others, are not, they are still with IPv4 and= do not show any > > issues. > >=20 > > claws-mail provides a log screen, but I can not make much out of it, th= e SMTP and/or IMAP > > server is connected at the correct port and the initial handshake seems= all right, but in 8 > > out of 10 times the connection fails and does not get initialized due t= o a "TLS handshake > > error". Sending emails takes sometimes 10 attempts, but then of a sudde= n it works > > flawlessly! After running claws-mail for a couple of minutes a day, thi= s problem seems to > > go away in a mysterious way, receiving/sending works like a charm as no= thing has ever been > > broken before ... > >=20 > > I;m floating here like a dead man in the water. The firewall / router i= s FreeBSD / ipfw, I > > suspected this instance, but why should mail being blocked/corrupted wh= ile other > > connections via IPv6 work? > >=20 > > Maybe someone has some ideas what to check and where to look ... > >=20 > > Thanks in advance, > > oh > >=20 > > =20 >=20 >=20 > Hi, >=20 > Does it work with this provider if you force claws-mail to use ipv4? >=20 > Can you reproduce the issue easily? Is it possible to reproduce it with o= penssl? The problem itself as described can be reproduced with claws-mail utilizing= IPv6 - for me at least - on CURRENT. But there is a certain speciality: my home office box u= ses IPv6 via prefix delegation in a subnet, at work we use OPNsense with NPTv6 - which doesn't= introduce any problems, although claws-mail prefers IPv6 (other provider there than thos = of mine at home). Just a "descriptive" statement. Did not try openssl so far, but thank you for the hint! > Something like this. There are also options to choose specific TLS versio= ns. I do not see such in claws-mail config, options are NO TLS, TLS, STARTTLS w= hich refers to the proper port when autoconfigured. Manually override can be applied. > openssl s_client -starttls imap -connect :143 -6 > openssl s_client -starttls smtp -connect :25 -6 >=20 > Can you tcpdump the traffic to a file and see in wireshark what is going = on? Haven't done the wireshark analysis so far, but did a lot of tcpdumps both = sides of the end of the communication between host and router, but it seemed all clear to me an= d faults at the provider's side ... But, I have to admit that in terms of networking, I'm a= kind of an enduser ... When forcing claws mail to use IPv4 only, everything is all right. There is= also not problem when using NPTv6 on my FreeBSD routing/ipfw instance.=20 In the faulty case, the puzzling thing is that after a couple of time runni= ng claws-mail, say, 20 - 30 minutes doing some mail fetches and sending (even with the nasty re= plying on faults) everything runs smooth - until next restart of the application. And this lo= oks to me like some serious misconfiguration or serious issue on the providers side.=20 >=20 > Regards, > Ronald. >=20 >=20 --=20 A FreeBSD user --Sig_/bz_1Neq1c4IEuvJbYOO7SfX Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRQheDybVktG5eW/1Kxzvs8OqokrwUCaLH4QQAKCRCxzvs8Oqok r3PmAQCGlhALYC982nhWr3+27MtgRn49/Jp4+njN2bNaRwiPngD+KR1/DZZeh9vg eAFGc47XC0/749P9mThpcpjZQeF0dA0= =NBL0 -----END PGP SIGNATURE----- --Sig_/bz_1Neq1c4IEuvJbYOO7SfX--