starred/modoboa-modoboa
1
0
Fork 0
mirror of https://github.com/modoboa/modoboa.git synced 2026-04-26 01:16:01 +03:00
Code Issues 60 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #1977] Slow TLS verification and connection establishment #1483

New issue
Closed
opened 2026-02-27 11:17:20 +03:00 by kerem · 2 comments
kerem commented 2026-02-27 11:17:20 +03:00
Owner
Copy link

Originally created by @sdeepakbz on GitHub (Jun 12, 2020).
Original GitHub issue: https://github.com/modoboa/modoboa/issues/1977

Impacted versions

  • Modoboa: 1.15.0
  • installer used: Yes
  • Webserver: Nginx

Steps to reproduce

Fresh installed using the installer and configured SMTP in WordPress website to send out order emails to the customer.

Current behavior

TLS authentication/verification is taking some time. After the connection is initiated from the external server to the SMTP modoboa server there is a pause of 5-10 seconds and then email is sent.

Connection started at Jun 12 22:39:15 and the next update on Jun 12 22:39:21 followed by connection established at Jun 12 22:39:22 timestamp. And finally, email sent at Jun 12 22:39:24
Find logs below in last section.

Expected behavior

TLS authentication to be a little faster or disable verification by using insecure 25 Port for sending out emails.

Video/Screenshot link (optional)

Attaching logs: https://del.dog/raw/resehuxegr

Server Specs

  • 8 Xeon E3 CPU Cores @ 3.4 Ghz
  • 8GB RAM
  • 100 GB SSD
  • 1 Gbit Network
Originally created by @sdeepakbz on GitHub (Jun 12, 2020). Original GitHub issue: https://github.com/modoboa/modoboa/issues/1977 # Impacted versions * Modoboa: 1.15.0 * installer used: Yes * Webserver: Nginx # Steps to reproduce Fresh installed using the installer and configured SMTP in WordPress website to send out order emails to the customer. # Current behavior TLS authentication/verification is taking some time. After the connection is initiated from the external server to the SMTP modoboa server there is a pause of 5-10 seconds and then email is sent. Connection started at Jun 12 22:39:15 and the next update on Jun 12 22:39:21 followed by connection established at Jun 12 22:39:22 timestamp. And finally, email sent at Jun 12 22:39:24 Find logs below in last section. # Expected behavior TLS authentication to be a little faster or disable verification by using insecure 25 Port for sending out emails. # Video/Screenshot link (optional) Attaching logs: https://del.dog/raw/resehuxegr # Server Specs * 8 Xeon E3 CPU Cores @ 3.4 Ghz * 8GB RAM * 100 GB SSD * 1 Gbit Network
kerem closed this issue 2026-02-27 11:17:21 +03:00
kerem commented 2026-02-27 11:17:21 +03:00
Author
Owner
Copy link

@MrGeneration commented on GitHub (Jun 12, 2020):

The first three lines you provided show that the authentication takes somewhat of two seconds on your end. The TLS connection is negioated after 1 second which is fine. On my system these steps occur on the same second, but this may happen due to network latency between the client and the server:

Jun 12 22:39:13 smtp postfix/submission/smtpd[12193]: connect from unknown[149.xx.xx.xx]
Jun 12 22:39:14 smtp postfix/submission/smtpd[12193]: Anonymous TLS connection established from unknown[149.xx.xx.xx]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jun 12 22:39:15 smtp postfix/submission/smtpd[12193]: NOQUEUE: client=unknown[149.xx.xx.xx], sasl_method=LOGIN, sasl_username=smtp-login@domain.com

What's more interesting is the 6 seconds between submission queue and handover to the smtpd queue:

Jun 12 22:39:15 smtp postfix/submission/smtpd[12193]: NOQUEUE: client=unknown[149.xx.xx.xx], sasl_method=LOGIN, sasl_username=smtp-login@domain.com
Jun 12 22:39:21 smtp postfix/smtpd[12220]: connect from localhost[127.0.0.1]

The reason for this gap is the fact that, by default, modoboa setups are not just checking incoming mails via amavis, but outgoing as well.

This can be changed in /etc/postfix/master.cf

Your current config should contain this block:

submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o tls_preempt_cipherlist=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=reject_sender_login_mismatch
  -o milter_macro_daemon_name=ORIGINATING
  -o smtpd_proxy_filter=inet:[127.0.0.1]:10026

The last line is the filter option, if you comment that out and reload your postfix, the delay will be gone.

<!-- gh-comment-id:643442885 --> @MrGeneration commented on GitHub (Jun 12, 2020): The first three lines you provided show that the authentication takes somewhat of two seconds on your end. The TLS connection is negioated after 1 second which is fine. On my system these steps occur on the same second, but this may happen due to network latency between the client and the server: ``` Jun 12 22:39:13 smtp postfix/submission/smtpd[12193]: connect from unknown[149.xx.xx.xx] Jun 12 22:39:14 smtp postfix/submission/smtpd[12193]: Anonymous TLS connection established from unknown[149.xx.xx.xx]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Jun 12 22:39:15 smtp postfix/submission/smtpd[12193]: NOQUEUE: client=unknown[149.xx.xx.xx], sasl_method=LOGIN, sasl_username=smtp-login@domain.com ``` What's more interesting is the 6 seconds between submission queue and handover to the smtpd queue: ``` Jun 12 22:39:15 smtp postfix/submission/smtpd[12193]: NOQUEUE: client=unknown[149.xx.xx.xx], sasl_method=LOGIN, sasl_username=smtp-login@domain.com Jun 12 22:39:21 smtp postfix/smtpd[12220]: connect from localhost[127.0.0.1] ``` The reason for this gap is the fact that, by default, modoboa setups are not just checking incoming mails via amavis, but outgoing as well. This can be changed in `/etc/postfix/master.cf` Your current config should contain this block: ``` submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o tls_preempt_cipherlist=yes -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions=reject_sender_login_mismatch -o milter_macro_daemon_name=ORIGINATING -o smtpd_proxy_filter=inet:[127.0.0.1]:10026 ``` The last line is the filter option, if you comment that out and reload your postfix, the delay will be gone.
kerem commented 2026-02-27 11:17:21 +03:00
Author
Owner
Copy link

@sdeepakbz commented on GitHub (Jun 13, 2020):

@MrGeneration thanks alot.
that actually fixed the delay when sending out emails.
Perfect :)

<!-- gh-comment-id:643614118 --> @sdeepakbz commented on GitHub (Jun 13, 2020): @MrGeneration thanks alot. that actually fixed the delay when sending out emails. Perfect :)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
fix/sievefilters-allow-email-in-rule-name
dependabot/npm_and_yarn/frontend/axios-1.15.0
translations_04c0b653215cb5fa48ab101eae1a1917_ja_JP
translations_5d93982e9fd6dab991db4faf93ce9ded_ja_JP
fix/login-issue-3995
fix/sievefilters-issues
add-vitepress-openapi
2974-dmarc-empty-email
2.3.x
updated-doc-2.3.0
feature/OIDC
delete-all-alarms
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_af_ZA
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ar
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ca
1.x
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_sk
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_tr
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_es_ES
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_uk
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_zh_CN
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_de_DE
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_da_DK
1.8.x
1.7.x
1.6.x
1.4.x
1.3.x
1.2.x
2.8.2
2.8.1
2.8.0
2.7.2
2.7.1
2.7.0
2.6.5
2.6.4
2.6.3
2.6.2
2.6.1
2.6.0
2.5.1
2.5.0
2.4.11
2.4.10
2.4.9
2.4.8
2.4.7
2.4.6
2.4.5
2.4.4
2.4.3
2.4.2
2.4.1
2.4.0
2.3.6
2.3.5
2.3.4
2.3.3
2.3.2
2.3.1
2.3.0
2.3.0-beta.4
2.3.0-beta.3
2.3.0-beta.2
2.3.0-beta.1
2.2.4
2.2.3
2.2.2
2.2.1
2.2.0
2.1.2
2.1.1
2.1.0
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
2.0.0-beta.3
2.0.0-beta.2
2.0.0-beta.1
1.17.0
1.16.1
1.16.0
1.15.0
1.14.0
1.13.1
1.13.0
1.12.2
1.12.1
1.12.0
1.11.1
1.11.0
1.10.7
1.10.6
1.10.5
1.10.4
1.10.3
1.10.2
1.10.1
1.10.0
1.9.1
1.9.0
1.8.3
1.8.2
1.8.1
1.8.0
1.7.4
1.7.3
1.7.2
1.7.1
1.7.0
1.6.3
1.6.2
1.6.1
1.6.0
1.5.3
1.5.2
1.5.1
1.5.0
1.4.5
1.4.4
1.4.3
1.4.2
1.4.1
1.4.0
1.3.5
1.3.4
1.2.2
1.3.3
1.3.2
1.3.1
1.3.0
1.2.1
1.2.0
1.2.0-rc2
1.2.0-rc1
1.1.7
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.1
1.0.0
0.9.5
0.9.4
0.9.3
0.9.2
0.9.1
0.9
0.8.8
0.8.7
0.8.6.1
0.8.6
0.8.5
0.8.4
0.8.3
0.8.3-rc1
0.8.2
0.8.1
0.8
0.8-rc2
0.8-rc1
0.7.2
0.7.1
0.7
0.6.1
0.6
0.5
0.3
0.2
0.1
Labels
Clear labels   
bug

   
bug

   
dependencies

   
design

   
documentation

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
feedback-needed

   
help-needed

   
help-needed

   
installer

   
invalid

   
looking-for-sponsors

   
modoboa-contacts

   
new-ui

   
new-ui

   
pr

   
pull-request

Mirrored from GitHub Pull Request

  
pyconfr

   
python

   
question

   
security

   
stale

   
webmail

   
wontfix
No labels
bug
bug
dependencies
design
documentation
duplicate
enhancement
enhancement
enhancement
feedback-needed
help-needed
help-needed
installer
invalid
looking-for-sponsors
modoboa-contacts
new-ui
new-ui
pr
pull-request
pyconfr
python
question
security
stale
webmail
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/modoboa-modoboa#1483
No description provided.