Topic: SMTP over SSL faster than unsecured?!

[penguinzrool]

Hi,

I've been using SME 6.0.1 since Christmas to provide internet, email, file and printer sharing for a small business. The users use IMAP so email is kept on the server and accessible from any workstation.

We use Thunderbird as a mail client, and recently I have noticed sending email is very slow - the status box sits on 'Delivering Mail - 98%' for a long time before the message is sent. I put this down to the low specs of the server and ignored it.

However, as one of our users is now working from home, I installed the secure mail contrib from pagefault.org. This is not only working perfectly, but is infact faster than 'normal' IMAP access.

If I am on the local network and connect via SSL, the delay usually associated with sending an email is not there.

What is the difference between the handling of SMTP and SSL SMTP, and so why would SSL not experience the delay while sending mail?

Many thanks.

[CharlieBrady]

Hi,

I've been using SME 6.0.1 since Christmas to provide internet, email, file and printer sharing for a small business. The users use IMAP so email is kept on the server and accessible from any workstation.

We use Thunderbird as a mail client, and recently I have noticed sending email is very slow - the status box sits on 'Delivering Mail - 98%' for a long time before the message is sent. I put this down to the low specs of the server and ignored it.

Note that sending mail does not use IMAP, it uses SMTP. Your subject line is misleading, I'm pretty sure that you mean SMTP over SSL is faster.

However, as one of our users is now working from home, I installed the secure mail contrib from pagefault.org. This is not only working perfectly, but is infact faster than 'normal' IMAP access.

If I am on the local network and connect via SSL, the delay usually associated with sending an email is not there.

What is the difference between the handling of SMTP and SSL SMTP, and so why would SSL not experience the delay while sending mail?

I can think of two possibilities for such slow service. One is that there's some spam filtering applied to plaintext SMTP which isn't applied to SSL SMTP. The other is reverse DNS lookup timeouts. [In fact, the two might overlap, since reverse DNS lookup is often part of spam filtering.]

[penguinzrool]

I did indeed mean SMTP over SSL, sorry for the confusion!

Spam filtering could play a part of it - I'm using the Spamassassin rpm from sme.swerts-knudsen.com and also the Clam antivirus package from there. Why would the system check outgoing mail for spam, though? Unless it's to safeguard against some sort of malware which could have arrived on a network computer I suppose...

If that is the case, is there any way to disable this outgoing spam check?

The DNS sounds more promising, though. You've reminded me that I saw something similar when I installed OpenVPN over the weekend - Jesper suggested an entry to one of the DNS config files to prevent slow email sending, although I think that was just on the VPN. I'll have a look and see if it can be modified to apply for the local network as well.

That said, surely SMTP over SSL would suffer the same problem, unless it does DNS differently?

Thanks for the reply!
Chris.

[Franco]

Well notable indeed.
But I think the filtering would be done on the server itself, not when the client is talking to it.
It only refuses or tags the messages after you sent them.
One thing to note is the application being used, you mentioned Thunderbird on the LAN, but what are you using outside?

[penguinzrool]

At the moment I'm using Outlook Express to connect from outside, but I've already checked if it's client specific and isn't. If I'm in Thunderbird on the LAN and tell it to use SSL instead of plain SMTP for sending, it gets rid of the delay completely. So the problem doesn't seem to be in Thunderbird, it's how the server handles SMTP for SSL/unsecured...

I've had a look at Jesper's OpenVPN fix, and I *think* (my knowledge of C is pretty non-existant) that he's telling the server to redirect any DNS requests from the VPN connection to the server. One way to test whether the problem is DNS or something-else related is to set Thunderbird to use an IP address instead of a name - I'll try this this evening.

I'm getting the feeling, though, that there must be some difference in the way the server processes SMTP SSL, and SMTP unsecured. Perhaps related to the fact that the SSL connection has to be authenticated, and maybe this causes another check not to happen?

Cheers,
Chris.