Re: mail/claws-mail: IPv6 issues: SSL handshake error

In reply to: Ronald Klop : "Re: mail/claws-mail: IPv6 issues: SSL handshake error"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: A FreeBSD User <freebsd_at_walstatt-de.de>
Date: Fri, 29 Aug 2025 18:57:42 UTC
Am Tage des Herren Thu, 28 Aug 2025 18:49:41 +0200
Ronald Klop <ronald@FreeBSD.org> schrieb:

> Op 28-08-2025 om 17:16 schreef A FreeBSD User:
> > Hello,
> > 
> > I'm using mail/claws-mail for my daily work with FreeBSD (CURRENT, 14-STABLE at this time).
> > After switching to a working IPv6 environment I face serious connection problems with one
> > of my providers, to which claws-mail prefereably connects via IPv6. Sending and receiving
> > is done via  "Use TLS" on sending an receiving (the provider, goneo.de has a dedicated
> > introduction configuring claws-mail I followed step by step).
> > 
> > On the firewall I observe that the provider in question is connected via IPv6, while other
> > providers, University and others, are not, they are still with IPv4 and do not show any
> > issues.
> > 
> > claws-mail provides a log screen, but I can not make much out of it, the SMTP and/or IMAP
> > server is connected at the correct port and the initial handshake seems all right, but in 8
> > out of 10 times the connection fails and does not get initialized due to a "TLS handshake
> > error". Sending emails takes sometimes 10 attempts, but then of a sudden it works
> > flawlessly! After running claws-mail for a couple of minutes a day, this problem seems to
> > go away in a mysterious way, receiving/sending works like a charm as nothing has ever been
> > broken before ...
> > 
> > I;m floating here like a dead man in the water. The firewall / router is FreeBSD / ipfw, I
> > suspected this instance, but why should mail being blocked/corrupted while other
> > connections via IPv6 work?
> > 
> > Maybe someone has some ideas what to check and where to look ...
> > 
> > Thanks in advance,
> > oh
> > 
> >   
> 
> 
> Hi,
> 
> Does it work with this provider if you force claws-mail to use ipv4?
> 
> Can you reproduce the issue easily? Is it possible to reproduce it with openssl?

The problem itself as described can be reproduced with claws-mail utilizing IPv6 - for me at
least - on CURRENT. But there is a certain speciality: my home office box uses IPv6 via prefix
delegation in a subnet, at  work we use OPNsense with NPTv6 - which doesn't introduce any
problems, although claws-mail prefers IPv6 (other provider there than thos of mine at home).
Just a "descriptive" statement.

Did not try openssl so far, but thank you for the hint!

> Something like this. There are also options to choose specific TLS versions.

I do not see such in claws-mail config, options are NO TLS, TLS, STARTTLS which refers to the
proper port when autoconfigured. Manually override can be applied.

> openssl s_client -starttls imap -connect <imap-server>:143 -6
> openssl s_client -starttls smtp -connect <smtp-server>:25 -6
> 
> Can you tcpdump the traffic to a file and see in wireshark what is going on?

Haven't done the wireshark analysis so far, but did a lot of tcpdumps both sides of the end of
the communication between host and router, but it seemed all clear to me and faults at the
provider's side ... But, I have to admit that in terms of networking, I'm a kind of an enduser
...

When forcing claws mail to use IPv4 only, everything is all right. There is also not problem
when using NPTv6 on my FreeBSD routing/ipfw  instance. 

In the faulty case, the puzzling thing is that after a couple of time running claws-mail, say,
20 - 30 minutes doing some mail fetches and sending (even with the nasty replying on faults)
everything runs smooth - until next restart of the application. And this looks to me like some
serious misconfiguration or serious issue on the providers side. 

> 
> Regards,
> Ronald.
> 
> 



-- 

A FreeBSD user