Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 [2] 3 4

Author Topic: DSLstats pre-release version 6.0.9  (Read 2468 times)

Chrysalis

  • Content Team
  • Kitizen
  • *
  • Posts: 4984
Re: DSLstats pre-release version 6.0.9
« Reply #15 on: September 12, 2017, 01:14:07 PM »

port 465 is implicit ssl instead of starttls so that can give a hint whats going on, for me it works fine using starttls
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 38743
  • Penguins CAN fly
    • DSLstats
Re: DSLstats pre-release version 6.0.9
« Reply #16 on: September 12, 2017, 01:19:51 PM »

I see, thanks. There are some options in the code which may affect this, I'll check them out.
Logged
  Eric

burakkucat

  • Global Moderator
  • Senior Kitizen
  • *
  • Posts: 20152
  • Over the Rainbow
    • The ELRepo Project
Re: DSLstats pre-release version 6.0.9
« Reply #17 on: September 12, 2017, 04:28:52 PM »

I am both pleased and puzzled to be able to say that upon starting the utility this afternoon it has behaved impeccably with no spurious events appearing in the "Event Log".

There does still appear to be some sort of confusion over the "Line Attenuation" and "Signal Attenuation" values as reported under the "Stats" tab, the "Telnet Data >> Attenuation Log" and that reported in a harvest of the data generated by an invocation of "xdslctl info --linediag" at the Busybox shell.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Ansuel

  • Member
  • **
  • Posts: 45
Re: DSLstats pre-release version 6.0.9
« Reply #18 on: September 12, 2017, 11:46:53 PM »

Can you pls give support for 35b vdsl?
Can't underestand why bitloading works but hlog and qln doesn't...
Logged

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 38743
  • Penguins CAN fly
    • DSLstats
Re: DSLstats pre-release version 6.0.9
« Reply #19 on: September 13, 2017, 07:13:04 AM »

I've put it on the todo list, but it won't be very soon, I'm afraid.
Logged
  Eric

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 38743
  • Penguins CAN fly
    • DSLstats
Re: DSLstats pre-release version 6.0.9
« Reply #20 on: September 13, 2017, 07:20:27 AM »

port 465 is implicit ssl instead of starttls so that can give a hint whats going on, for me it works fine using starttls

I've found the options which control this and made some changes to support both varieties. On my system I can now use either port 465 or 587 for gmail and my own email accounts. At present I'm assuming that port 25 is unencrypted, port 465 is full SSL, and all other ports are StartTLS. Are these reasonable assumptions, or do I need to give the user the option to choose the SSL/TLS type explicitly?
Logged
  Eric

d2d4j

  • Reg Member
  • ***
  • Posts: 551
Re: DSLstats pre-release version 6.0.9
« Reply #21 on: September 13, 2017, 08:52:44 AM »

Hi roseway

Sorry, that's what I was trying to let you know when I could not remember the term implicit and explicit @chrysalis thanks

The way our implicit mail server works is as follows

Client connects using port 25 no encryption
If starttls is passed to server, the connection is upgraded to TLS secure on 587
Once upgraded to secure, credentials/information are the sent

We do not use 465 on most mail platforms (which was dropped at same time as SSLv3),  but it is upto each admin

I hope that helps a little

Many thanks

John
Logged

d2d4j

  • Reg Member
  • ***
  • Posts: 551
Re: DSLstats pre-release version 6.0.9
« Reply #22 on: September 13, 2017, 09:37:19 AM »

Hi Roseway
 
To show you what I mean, please see a test for TLS on one of our platforms.
 
Also, please see that port 25 has startTLS as an option or plain, but port 587 only has startTLS.  On our shared platforms, we only use port 25 or 587, so clients could use either port, but if using port 25, then upgrading to TLS, it changes to port 587
 
I hope that helps a little
 
Many thanks
 
John
 
port 25
 
220 ns1.domain.url InterWorx-CP SMTP Server Ready ESMTP
rset
250 flushed
ehlo me
250-ns1.domain.url InterWorx-CP SMTP Server Ready
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-STARTTLS
250-SIZE 52428800
250-PIPELINING
250 8BITMIME
 
port 587
 
220 ns1.domain.url InterWorx-CP SMTP Server Ready ESMTP
rset
250 flushed
ehlo me
250-ns1.domain.url InterWorx-CP SMTP Server Ready
250-STARTTLS
250-SIZE 52428800
250-PIPELINING
250 8BITMIME
 
External test
 
Trying TLS on mail.domain.url[nnn.nnn.nnn.nnn] (10):
 
 
seconds    test stage and result
 
[000.100]  Connected to server
[002.266] <--  220 ns1.domain.url InterWorx-CP SMTP Server Ready ESMTP
[002.266]  We are allowed to connect
[002.266]  --> EHLO domaincheck.url
[002.365] <--  250-ns1.domain.url InterWorx-CP SMTP Server Ready
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-STARTTLS
250-SIZE 52428800
250-PIPELINING
250 8BITMIME
[002.365]  We can use this server
[002.365]  TLS is an option on this server
[002.366]  --> STARTTLS
[002.465] <--  220 ready for tls
[002.465]  STARTTLS command works on this server
[002.794]  SSLVersion in use: TLSv1.2
[002.794]  Cipher in use: AES128-SHA256
[002.794]  Connection converted to SSL
[002.797]  Certificate 1 of 4 in chain:
serialNumber= ec:6a:6e:cf:17:06:ba:20:13:cb:54:31:a2:45:5f:d9
subject= /OU=PositiveSSL Wildcard/CN=*.domain.url
issuer= /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
 
[002.799]  Certificate 2 of 4 in chain:
serialNumber= 2b:2e:6e:ea:d9:75:36:6c:14:8a:6e:db:a3:7c:8c:07
subject= /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
issuer= /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
 
[002.801]  Certificate 3 of 4 in chain:
serialNumber= 27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
subject= /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
issuer= /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
 
[002.802]  Certificate 4 of 4 in chain:
serialNumber= 1
subject= /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
issuer= /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
 
[002.802]  Cert VALIDATED:
[002.802]  Cert Hostname VERIFIED (mail.domain.url = *.domain.url | DNS:*.domain.url | DNS:domain.url)
[002.803]  ~~> EHLO domaincheck.url
[002.902] <~~  250-ns1.domain.url InterWorx-CP SMTP Server Ready
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-SIZE 52428800
250-PIPELINING
250 8BITMIME
[002.902]  TLS successfully started on this server
[002.903]  ~~> MAIL FROM:<test@domaincheck.url>
[003.079] <~~  250 ok
[003.079]  Sender is OK
[003.079]  ~~> RCPT TO:<me@domain.url>
[003.178] <~~  250 ok
[003.178]  Recipient OK, email address proofed
[003.179]  ~~> QUIT
[003.278] <~~  221 ns1.domain.url InterWorx-CP SMTP Server Ready
Logged

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 38743
  • Penguins CAN fly
    • DSLstats
Re: DSLstats pre-release version 6.0.9
« Reply #23 on: September 13, 2017, 10:12:46 AM »

Thank you John for that helpful explanation.
Logged
  Eric

d2d4j

  • Reg Member
  • ***
  • Posts: 551
Re: DSLstats pre-release version 6.0.9
« Reply #24 on: September 13, 2017, 10:40:39 AM »

Hi roseway

Sorry, there maybe 1 point to note which has not been mentioned sorry

On our platforms, or most anyway, we implement a wait time between initial connection and response from server

This is to help stop spammers sending email to our servers

It works in most cases because spammers send mass mail immediately and do not care what response is given. If it is accepted or rejected, they do not care as some will be accepted

I am not sure over your implementation, but if possible, I would allow a period of seconds to elapse whilst waiting for a response before dropping the email

I hope that makes sense

Many thanks

John
Logged

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 38743
  • Penguins CAN fly
    • DSLstats
Re: DSLstats pre-release version 6.0.9
« Reply #25 on: September 13, 2017, 11:00:15 AM »

I am not sure over your implementation, but if possible, I would allow a period of seconds to elapse whilst waiting for a response before dropping the email

My implementation has a built-in timeout of several seconds, after which it returns a failure response. If the login details are wrong it returns a failure response, either after the timeout period or when the server responds, whichever is earlier.
Logged
  Eric

Chrysalis

  • Content Team
  • Kitizen
  • *
  • Posts: 4984
Re: DSLstats pre-release version 6.0.9
« Reply #26 on: September 13, 2017, 02:04:19 PM »

I've found the options which control this and made some changes to support both varieties. On my system I can now use either port 465 or 587 for gmail and my own email accounts. At present I'm assuming that port 25 is unencrypted, port 465 is full SSL, and all other ports are StartTLS. Are these reasonable assumptions, or do I need to give the user the option to choose the SSL/TLS type explicitly?


both port 25 and 587 are typically optional unencrypted or starttls. Please dont lock down 25 to no encryption only.  The reason 587 exists is that some isp's block outgoing connections to port 25 to prevent spam, so port 587 is for those people so they have an alternate port.  Port 465 is implicit ssl only and is considered obsolete but some providers still allow it for older clients.

Its also possible some providers enforce encryption in which case port 25 and 587 would be starttls only.

So

25 and 587 - plain and starttls
465 - implicit ssl

I suggest disabling the sslv3 protocol, leaving tls 1, tls 1.1, and tls 1.2 enabled.

You not going to get all 3 ports working for everyone as different providers have different configurations, but if you do as I suggested then at least one port will work for people. e.g. d2d4j confirmed he doesnt support 465, but 25 and 587 would likely work on his servers.

I think allowing the tls mode to be configurable is a good idea, no need to make it over complex, I would force 465 to be implicit ssl only. But for 25 and 587 allow choice of starttls or plain.  All 3 ports disable sslv3.
« Last Edit: September 13, 2017, 02:10:10 PM by Chrysalis »
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 38743
  • Penguins CAN fly
    • DSLstats
Re: DSLstats pre-release version 6.0.9
« Reply #27 on: September 13, 2017, 03:13:39 PM »

OK, thanks, I'll see what I can do with that.
Logged
  Eric

jelv

  • Helpful
  • Reg Member
  • *
  • Posts: 598
Re: DSLstats pre-release version 6.0.9
« Reply #28 on: September 13, 2017, 03:20:46 PM »

My implementation has a built-in timeout of several seconds, after which it returns a failure response. If the login details are wrong it returns a failure response, either after the timeout period or when the server responds, whichever is earlier.

User configurable parameter with the default being what you use now?
Logged
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. Rick Cook, The Wizardry Compiled

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 38743
  • Penguins CAN fly
    • DSLstats
Re: DSLstats pre-release version 6.0.9
« Reply #29 on: September 13, 2017, 04:24:54 PM »

User configurable parameter with the default being what you use now?

I'm using the default, but I haven't found out how to change it.
Logged
  Eric
Pages: 1 [2] 3 4