Hello,
we've been using perdition as a pop3/pop3s/imap/imaps proxy for about
four years now, first with Debian Sarge package and now under Etch.
And throughout this time I've seen pop3s (and from the looks of it
the same happens with imaps) processes stuck in connect, like this:
---
16836 ? S 5:31 0 120 32179 2204 0.0 perdition.pop3s
28070 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect
7782 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect
24468 ? S 0:00 0 120 32311 1568 0.0 \_ perdition.pop3s: connect
14180 ? S 0:00 0 120 32311 1568 0.0 \_ perdition.pop3s: connect
13503 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect
---
They never die off, keep the connection open, there is no traffic and the
other end might be long gone. Last trace in the logs is always like this:
---
Feb 5 22:05:16 pp11 perdition[7782]: Connect: hi.mi.ts.u->203.216.5.113
---
It must be something related to the SSL'ness of these service, since I'm
not seeing this happening ever for imap/pop3. Alas a lot of people do use
TLS with those, so it's not a generic SSL issue. Maybe the master process
could kick a child handling connections in the head after "timeout"
seconds in connect state?
If more information is needed I can try to provide it, but note that with a
rate of roughly 35 pops per second I'm a bit weary to turn on
debugging. ^_-
This may or may not be related to another SSL related issue, which will
be for the sake of making searches in the archive more likely to find good
keywords in a separate mail.
Regards,
Christian
--
Christian Balzer Network/Systems Engineer NOC
chibi(a)gol.com Global OnLine Japan/Fusion Network Services
http://www.gol.com/
Hi Horms!
Modifications on *spec.in ( for vanessa_logger vanessa_adt
vanessa_socket perdition) are need for "rpmbuild -ta <name>.tar.gz" on
Fedora >7 ? systems (rpm ver 4.4.xx)
-> Copyright: GNU Lesser General Public Licence
-< License: GNU (or wherever)
Thanks for your magnific work ! :-)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello
Are there any plans for a new perdition release? With the changeable
ldap version via configuration file is at least one useful change in the
repository. Maybe experimental ipv6 support could also be added.
I'm also the FreeBSD maintainer of the perdition port and i would like
to bring this in the ports tree without maintaining too many local patches.
Regards,
Tom
- --
* Thomas Vogt UNIX System Engineer - SolNet AS9044 - PGP-3239B720 *
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkjbl6AACgkQGCwkYTI5tyC7PgCdGTBF7mM15RDR8ejuVo3EvUsz
5foAoIzS34h9IolJCRpqQ9G4k84iGtp/
=KoGU
-----END PGP SIGNATURE-----
The original IPv6 patches I submitted earlier didn't build on Linux
systems. Attached are updated IPv6 patches which have been tested
successfully in inetd mode on CentOS 5. However, in daemon mode under
CentOS, sometimes the spawned process will segfault. I'm still trying to
determine whether this is due to a problem with the patch itself or the
way I've built the RPM. Both daemon mode and inetd mode under FreeBSD
seems to work reliably though so I suspect this problem is something
peculiar to Linux which I've overlooked. In any case, I'm putting these
updated patches out in the hope of getting additional data back from
anyone running perdition in daemon mode on Linux systems.
Antonio Querubin
whois: AQ7-ARIN
Hi folks,
I'm newly subscribed to this list, and while I've searched for a mention
of this before and come up with nothing, I apologise if I'm duplicating
a report.
I'm using perdition-1.17.1 with perditiondb_ldap. Due to the nature of
our site, some users will have a mailhost configured in here, and some
will not. I am hoping to use the outgoing_server configuration option
as a default should the server return a partial response, since one of
our existing systems will break if we started adding this to all the
currently empty fields.
This works if the user had a mailhost set, but was refusing to use the
outgoing_server option if they did not, instead attempting to connect to
the person's username, treating it as a hostname. Omitting the port
works whether the server is set or not.
I have tracked down this problem to user_server_port_strn_assign in
getserver.c. This function appears to be dual-purpose, used for both
parsing the outgoing_server option in the configuration file, and also
for parsing the string returned by dbserver_get. Since these have a
slightly different format (hostname[:port] vs
username[<delimiter>hostname[:port]]), it gets confused when the string
returned from the DB doesn't contain a server. It falls through into
its configuration parsing option at the end, setting (*usp)->server to
(*usp)->user (the start of the string), and so the connection attempts
gethostbyname(username).
Thanks,
Simon.
--
The Wellcome Trust Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose registered
office is 215 Euston Road, London, NW1 2BE.