Perdition-users August 2008

perdition-users@vergenet.net

10 participants
10 discussions

Zombie pop3s (and imaps?) processes in connect state

by Christian Balzer

Hello, we've been using perdition as a pop3/pop3s/imap/imaps proxy for about four years now, first with Debian Sarge package and now under Etch. And throughout this time I've seen pop3s (and from the looks of it the same happens with imaps) processes stuck in connect, like this: --- 16836 ? S 5:31 0 120 32179 2204 0.0 perdition.pop3s 28070 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect 7782 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect 24468 ? S 0:00 0 120 32311 1568 0.0 \_ perdition.pop3s: connect 14180 ? S 0:00 0 120 32311 1568 0.0 \_ perdition.pop3s: connect 13503 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect --- They never die off, keep the connection open, there is no traffic and the other end might be long gone. Last trace in the logs is always like this: --- Feb 5 22:05:16 pp11 perdition[7782]: Connect: hi.mi.ts.u->203.216.5.113 --- It must be something related to the SSL'ness of these service, since I'm not seeing this happening ever for imap/pop3. Alas a lot of people do use TLS with those, so it's not a generic SSL issue. Maybe the master process could kick a child handling connections in the head after "timeout" seconds in connect state? If more information is needed I can try to provide it, but note that with a rate of roughly 35 pops per second I'm a bit weary to turn on debugging. ^_- This may or may not be related to another SSL related issue, which will be for the sake of making searches in the archive more likely to find good keywords in a separate mail. Regards, Christian -- Christian Balzer Network/Systems Engineer NOC chibi(a)gol.com Global OnLine Japan/Fusion Network Services http://www.gol.com/

11 years, 4 months

rpm .spec modification

by No Body is Perfect

Hi Horms! Modifications on *spec.in ( for vanessa_logger vanessa_adt vanessa_socket perdition) are need for "rpmbuild -ta <name>.tar.gz" on Fedora >7 ? systems (rpm ver 4.4.xx) -> Copyright: GNU Lesser General Public Licence -< License: GNU (or wherever) Thanks for your magnific work ! :-)

14 years, 7 months

updated IPv6 patches for perdition and vanessa socket lib

by Antonio Querubin

The original IPv6 patches I submitted earlier didn't build on Linux systems. Attached are updated IPv6 patches which have been tested successfully in inetd mode on CentOS 5. However, in daemon mode under CentOS, sometimes the spawned process will segfault. I'm still trying to determine whether this is due to a problem with the patch itself or the way I've built the RPM. Both daemon mode and inetd mode under FreeBSD seems to work reliably though so I suspect this problem is something peculiar to Linux which I've overlooked. In any case, I'm putting these updated patches out in the hope of getting additional data back from anyone running perdition in daemon mode on Linux systems. Antonio Querubin whois: AQ7-ARIN

15 years, 5 months

Announce: Source Code has moved from CVS to Mercurial

by Simon Horman

Hi, I have decided to move the perdition code from CVS to Mercurial as I believe that the latter is on the whole a lot easier to use than the former. Perdition can now be found at http://hg.vergenet.net/perdition/perdition which you can point your web browser at to browse the repository, or point mercurial at to checkout the repository. hg clone http://hg.vergenet.net/perdition/perdition The relevant Vanessa libraries can be checked out using: hg clone http://hg.vergenet.net/vanessa/vanessa_logger hg clone http://hg.vergenet.net/vanessa/vanessa_socket hg clone http://hg.vergenet.net/vanessa/vanessa_adt These URLs can also be used to browse the repositories using a web browser.

15 years, 7 months

authentication failure using username@domain

by Antonio de la Fuente

Hello everybody, after three days messing around with the set up, reading manuals, looking for similar problems in the internet and trying possible solutions, I come here, hopping that somebody has had the same problem or can point me to the right direction. We have an email set up, that uses perdition as the proxy server to our pop3 mailboxes hosted in a big network drive. The authentication is trough ldap. The production servers works ok. We have build few more servers cloning the same configuration. The problem is that if we try to log with just username, it works fine, but if we try to log as username(a)foo.bar we get an authentication failure. The delimiter parameter is set up in perdition.conf (as said is a clone configuration from production server), /etc/authlib/authldaprc is the same in both set ups. We are using same ldap server. The perdition versions are different (1.15-1 production vs 1.17-1 new servers) but haven't found anything relevant to this problem, reading the docs. perdition[17682]: Auth: 127.0.0.1->127.0.0.1 user="blablabla(a)bloblo.com" server="127.0.0.1" port="1110" status="failed: Re-Authentication Failure" perdition[17762]: Fatal Error reading authentication information from client "127.0.0.1->127.0.0.1 ": Exiting child Thank you in advance. Antonio. This email has been scanned for all viruses by the MessageLabs SkyScan service. Please consider the environment before printing this email. The content of this email and any attachment is private and may be privileged. If you are not the intended recipient, any use, disclosure, copying or forwarding of this email and/or its attachments is unauthorised. If you have received this email in error please notify the sender by email and delete this message and any attachments immediately. Nothing in this email shall bind the Company or any of its subsidiaries or businesses in any contract or obligation, unless we have specifically agreed to be bound. KCOM Group PLC is a public limited company incorporated in England and Wales, company number 02150618 and whose registered office is at 37 Carr Lane, Hull, HU1 3RE. 118288 - KCOM UK Directory Enquiries. Calls cost 49p connection + 14p per minute including VAT from a KC or BT landline. Call charges from mobiles and other networks may vary. If you are calling from a mobile you will now receive your requested number via text message. You will not be charged for the text message.

15 years, 7 months

perdition-1.17.1 with ldap segmentation fault

by yogeen honnavar

Dear users, we have installed perdition-1.17.1 on AIX 5.3 (compiled with openldap and openssl support). when we start perdition with command shown below. we get a segmentation fault. myhost:/tmp/perdition-1.17.1> ./perdition/perdition -PIMAP4 -f /usr/local/perdition/etc/perdition/perdition.conf Segmentation fault But it is able to server one IMAP sesion. After that session, daemon crashes with "segmenation fault". If we start with the --no_daemon option the segmentation fault does not occur immediately but if we start an IMAP session after its closure perdition crashes. our perdition.conf options are given below: M /usr/local/perdition/lib/libperditiondb_ldap.so.0 m ldap://10.10.10.9:389/dc=dos?servername?sub?(mailacceptinggeneralid=%25s) our logs given below : Aug 13 11:14:07 myhost mail:info perdition[348166]: version=1.17.1, add_domain="", authenticate_in=off, bind_address="", capability="IMAP4 IMAP4REV1", client_server_specification=off, config_file="/usr/local/perdition/etc/perdition/perdition.conf", connection_limit=0, connection_logging=off, connect_relog=300, debug=on, domain_delimiter="@", explicit_domain="", group="nobody", inetd_mode=off, listen_port="143", log_facility="mail", login_disabled=off, lower_case="", map_library="/usr/local/perdition/lib/libperditiondb_ldap.so.0", map_library_opt="ldap://10.10.10.9:389/dc=dos?servername?sub?(mailacceptinggeneralid=%25s)", no_bind_banner=off, no_daemon=on, no_lookup=off, nodename="myhost", ok_line="You are so in", outgoing_port="143", outgoing_server="", pid_file="/usr/local/perdition/var/run/lt-perdition/lt-perdition.pid", protocol="IMAP4", server_resp_line=off, strip_domain="", timeout=1800, username="nobody", username_from_database=off, query_key="", quiet=off, ssl_mode="", ssl_ca_file="", ssl_ca_path="/usr/local/perdition Aug 13 11:14:08 myhost mail:debug perdition[348166]: vanessa_socket_daemon_setid: uid=-2 euid=-2 gid=-2 egid=-2 Please let us know how to resolve this ? any clues ? thanks and regards -yogeen honnavar

15 years, 8 months

authenticate_in

by Martin Schiøtz

Hi When using "authenticate_in" is possible keep user/password in a database instead of using pam (UNIX user)? - Martin

15 years, 8 months

imap_capability

by Martin Schiøtz

Hi Is it possible somehow to specify different capability strings for different real servers? Cheers Martin

15 years, 8 months

Exchange Server 2007 and perdition proxy config

by Tiz

I am trying to proxy secure imap on port 993 from my Solaris 10 perdition sun box to Microsoft Exchanges secure imap port and cannot seem to get it to work. I currently I have perdition running on a 992 for a proxy to my sendmail server running regular imap on 143. Perdition offers the SSL certs and does the forwarding based on a mysql table. This setup is working fine... For the exchange server I am a little lost. Here is the config... outgoing_server 10.XXX.XXX.XXX log_facility /var/log/perdition.imap4s.log no_lookup timeout 40 imap_capability "IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA ACL ACL2=UNION STARTTLS" ssl_mode tls_listen,tls_listen_force ssl_cert_file /etc/perdition/perdition.crt.pem ssl_key_file /etc/perdition/perdition.key.pem pid_file /var/run/perdition.imap4s/perdition.imap4s.pid debug no_daemon ...but actually I am floundering on this part. I was hoping for some understanding on what my options are for this proxy connecting to exchange server 2007. 1. Can I setup just a plain jane pass through on the proxy and push the traffic to the exchange server? Is this sane? Examples? Is worth trying just to see if it works? 2. Can I offer certs on the proxy, then talk SSL from the proxy to the exchange server? Does anyone have an example of how to do that? 3. Should I turn down secure imap on the server and let the proxy handle the certs? Regs -Tiz

15 years, 8 months

help

by Glenn Tanyag

hello, Can you help me how to resolve this error below: Aug 1 11:24:22 mail3 perdition[1004]: version=1.17.1, add_domain="", authenticate_in=off, bind_address="", capability="IMAP4 IMAP4REV1", client_server_specification=off, config_file="/usr/local/etc/perdition/imap4s.conf", connection_limit=0, connection_logging=off, connect_relog=300, debug=off, domain_delimiter="@", explicit_domain="", group="perdition", inetd_mode=off, listen_port="993", log_facility="mail", login_disabled=off, lower_case="", map_library="/usr/local/lib/libperditiondb_posix_regex.so.0", map_library_opt="/usr/local/etc/perdition/popmap.re", no_bind_banner=off, no_daemon=off, no_lookup=on, nodename="mail3.infocom.ph", ok_line="You are so in", outgoing_port="143", outgoing_server="", pid_file="/var/run/imap4s/imap4s.pid", protocol="IMAP4S", server_resp_line=on, strip_domain="", timeout=1800, username="perdition", username_from_database=off, query_key="\d", quiet=off, ssl_mode="ssl_listen", ssl_ca_file="", ssl_ca_path="/usr/local/etc/perdition/perdition.ca/", ssl_ca_accept_self_signed="off", ssl_ Aug 1 11:24:41 mail3 perdition[1007]: Connect: 202.163.239.11->202.163.239.11 Aug 1 11:24:49 mail3 perdition[1007]: Fatal error establishing SSL connection to client Aug 1 15:38:35 mail3 perdition[1669]: Connect: 203.172.11.213->202.163.239.11 Aug 1 15:38:39 mail3 perdition[1669]: Fatal error establishing SSL connection to client Thanks in advanced, Glenn

15 years, 8 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Perdition-users August 2008