Hello,
we've been using perdition as a pop3/pop3s/imap/imaps proxy for about
four years now, first with Debian Sarge package and now under Etch.
And throughout this time I've seen pop3s (and from the looks of it
the same happens with imaps) processes stuck in connect, like this:
---
16836 ? S 5:31 0 120 32179 2204 0.0 perdition.pop3s
28070 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect
7782 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect
24468 ? S 0:00 0 120 32311 1568 0.0 \_ perdition.pop3s: connect
14180 ? S 0:00 0 120 32311 1568 0.0 \_ perdition.pop3s: connect
13503 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect
---
They never die off, keep the connection open, there is no traffic and the
other end might be long gone. Last trace in the logs is always like this:
---
Feb 5 22:05:16 pp11 perdition[7782]: Connect: hi.mi.ts.u->203.216.5.113
---
It must be something related to the SSL'ness of these service, since I'm
not seeing this happening ever for imap/pop3. Alas a lot of people do use
TLS with those, so it's not a generic SSL issue. Maybe the master process
could kick a child handling connections in the head after "timeout"
seconds in connect state?
If more information is needed I can try to provide it, but note that with a
rate of roughly 35 pops per second I'm a bit weary to turn on
debugging. ^_-
This may or may not be related to another SSL related issue, which will
be for the sake of making searches in the archive more likely to find good
keywords in a separate mail.
Regards,
Christian
--
Christian Balzer Network/Systems Engineer NOC
chibi(a)gol.com Global OnLine Japan/Fusion Network Services
http://www.gol.com/
Hi Horms!
Modifications on *spec.in ( for vanessa_logger vanessa_adt
vanessa_socket perdition) are need for "rpmbuild -ta <name>.tar.gz" on
Fedora >7 ? systems (rpm ver 4.4.xx)
-> Copyright: GNU Lesser General Public Licence
-< License: GNU (or wherever)
Thanks for your magnific work ! :-)
The original IPv6 patches I submitted earlier didn't build on Linux
systems. Attached are updated IPv6 patches which have been tested
successfully in inetd mode on CentOS 5. However, in daemon mode under
CentOS, sometimes the spawned process will segfault. I'm still trying to
determine whether this is due to a problem with the patch itself or the
way I've built the RPM. Both daemon mode and inetd mode under FreeBSD
seems to work reliably though so I suspect this problem is something
peculiar to Linux which I've overlooked. In any case, I'm putting these
updated patches out in the hope of getting additional data back from
anyone running perdition in daemon mode on Linux systems.
Antonio Querubin
whois: AQ7-ARIN
Hello everybody,
after three days messing around with the set up, reading manuals,
looking for similar problems in the internet and trying possible
solutions, I come here, hopping that somebody has had the same problem
or can point me to the right direction. We have an email set up, that
uses perdition as the proxy server to our pop3 mailboxes hosted in a big
network drive. The authentication is trough ldap.
The production servers works ok. We have build few more servers cloning
the same configuration. The problem is that if we try to log with just
username, it works fine, but if we try to log as username(a)foo.bar we get
an authentication failure. The delimiter parameter is set up in
perdition.conf (as said is a clone configuration from production
server), /etc/authlib/authldaprc is the same in both set ups. We are
using same ldap server.
The perdition versions are different (1.15-1 production vs 1.17-1 new
servers) but haven't found anything relevant to this problem, reading
the docs.
perdition[17682]: Auth: 127.0.0.1->127.0.0.1 user="blablabla(a)bloblo.com"
server="127.0.0.1"
port="1110" status="failed: Re-Authentication Failure"
perdition[17762]: Fatal Error reading authentication information from
client
"127.0.0.1->127.0.0.1 ": Exiting child
Thank you in advance.
Antonio.
This email has been scanned for all viruses by the MessageLabs SkyScan service.
Please consider the environment before printing this email.
The content of this email and any attachment is private and may be privileged. If you are not the intended recipient, any use, disclosure, copying or forwarding of this email and/or its attachments is unauthorised. If you have received this email in error please notify the sender by email and delete this message and any attachments immediately. Nothing in this email shall bind the Company or any of its subsidiaries or businesses in any contract or obligation, unless we have specifically agreed to be bound.
KCOM Group PLC is a public limited company incorporated in England and Wales, company number 02150618 and whose registered office is at 37 Carr Lane, Hull, HU1 3RE.
118288 - KCOM UK Directory Enquiries. Calls cost 49p connection + 14p per minute including VAT from a KC or BT landline. Call charges from mobiles and other networks may vary. If you are calling from a mobile you will now receive your requested number via text message. You will not be charged for the text message.
Dear users,
we have installed perdition-1.17.1 on AIX 5.3 (compiled with openldap and openssl support). when we start perdition with command shown below. we get a segmentation fault.
myhost:/tmp/perdition-1.17.1> ./perdition/perdition -PIMAP4 -f /usr/local/perdition/etc/perdition/perdition.conf
Segmentation fault
But it is able to server one IMAP sesion. After that session, daemon crashes with "segmenation fault".
If we start with the --no_daemon option the segmentation fault does not occur immediately but if we start an IMAP session after its closure perdition crashes.
our perdition.conf options are given below:
M /usr/local/perdition/lib/libperditiondb_ldap.so.0
m ldap://10.10.10.9:389/dc=dos?servername?sub?(mailacceptinggeneralid=%25s)
our logs given below :
Aug 13 11:14:07 myhost mail:info perdition[348166]: version=1.17.1,
add_domain="", authenticate_in=off, bind_address="", capability="IMAP4
IMAP4REV1", client_server_specification=off,
config_file="/usr/local/perdition/etc/perdition/perdition.conf",
connection_limit=0, connection_logging=off, connect_relog=300,
debug=on, domain_delimiter="@", explicit_domain="", group="nobody",
inetd_mode=off, listen_port="143", log_facility="mail",
login_disabled=off, lower_case="",
map_library="/usr/local/perdition/lib/libperditiondb_ldap.so.0",
map_library_opt="ldap://10.10.10.9:389/dc=dos?servername?sub?(mailacceptinggeneralid=%25s)", no_bind_banner=off, no_daemon=on, no_lookup=off, nodename="myhost", ok_line="You are so in", outgoing_port="143", outgoing_server="", pid_file="/usr/local/perdition/var/run/lt-perdition/lt-perdition.pid", protocol="IMAP4", server_resp_line=off, strip_domain="", timeout=1800, username="nobody", username_from_database=off, query_key="", quiet=off, ssl_mode="", ssl_ca_file="",
ssl_ca_path="/usr/local/perdition
Aug 13 11:14:08 myhost mail:debug perdition[348166]:
vanessa_socket_daemon_setid: uid=-2 euid=-2 gid=-2 egid=-2
Please let us know how to resolve this ? any clues ?
thanks and regards
-yogeen honnavar
I am trying to proxy secure imap on port 993 from my Solaris 10 perdition sun
box to Microsoft Exchanges secure imap port and cannot seem to get it to work.
I currently I have perdition running on a 992 for a proxy to my sendmail server
running regular imap on 143. Perdition offers the SSL certs and does the
forwarding based on a mysql table. This setup is working fine...
For the exchange server I am a little lost.
Here is the config...
outgoing_server 10.XXX.XXX.XXX
log_facility /var/log/perdition.imap4s.log
no_lookup
timeout 40
imap_capability "IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT
THREAD=REFERENCES SORT QUOTA ACL ACL2=UNION
STARTTLS"
ssl_mode tls_listen,tls_listen_force
ssl_cert_file /etc/perdition/perdition.crt.pem
ssl_key_file /etc/perdition/perdition.key.pem
pid_file /var/run/perdition.imap4s/perdition.imap4s.pid
debug
no_daemon
...but actually I am floundering on this part.
I was hoping for some understanding on what my options are for this proxy
connecting to exchange server 2007.
1. Can I setup just a plain jane pass through on the proxy and push the traffic
to the exchange server? Is this sane? Examples? Is worth trying just to see
if it works?
2. Can I offer certs on the proxy, then talk SSL from the proxy to the exchange
server? Does anyone have an example of how to do that?
3. Should I turn down secure imap on the server and let the proxy handle the certs?
Regs
-Tiz