we've been using perdition as a pop3/pop3s/imap/imaps proxy for about
four years now, first with Debian Sarge package and now under Etch.
And throughout this time I've seen pop3s (and from the looks of it
the same happens with imaps) processes stuck in connect, like this:
16836 ? S 5:31 0 120 32179 2204 0.0 perdition.pop3s
28070 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect
7782 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect
24468 ? S 0:00 0 120 32311 1568 0.0 \_ perdition.pop3s: connect
14180 ? S 0:00 0 120 32311 1568 0.0 \_ perdition.pop3s: connect
13503 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect
They never die off, keep the connection open, there is no traffic and the
other end might be long gone. Last trace in the logs is always like this:
Feb 5 22:05:16 pp11 perdition: Connect: hi.mi.ts.u->126.96.36.199
It must be something related to the SSL'ness of these service, since I'm
not seeing this happening ever for imap/pop3. Alas a lot of people do use
TLS with those, so it's not a generic SSL issue. Maybe the master process
could kick a child handling connections in the head after "timeout"
seconds in connect state?
If more information is needed I can try to provide it, but note that with a
rate of roughly 35 pops per second I'm a bit weary to turn on
This may or may not be related to another SSL related issue, which will
be for the sake of making searches in the archive more likely to find good
keywords in a separate mail.
Christian Balzer Network/Systems Engineer NOC
chibi(a)gol.com Global OnLine Japan/Fusion Network Services
I would like to map different password for users on the real server. I
1 - authenticate users locally
2 - lookup for a password for the given user
3 - finally authenticate to the real server with that password.
AFAICS from docs, it is not possible. Actually, i was making some
modifications on perdition.c adding the ability to lookup on a CSV
file for the second password. It's just a probe of concept, the code
is no good quality (i'm not a good coder :) )
Thanks a lot for the help.
In perdition 1.17, the conf below is running successfully to find the
real server for a user :
but in perdition 1.18, it's not running and in the log, I see :
server="(null)" port="143" status="failed: Could not determine server"
(the request and the response are good in the ldap server)
How to use mailRoutingAdresse with perdition 1.18 ?
Thanks for your help
After my last post, i was reading about libperditiondb_mysql.
It would be great if we can map (on a mysql table) a diferent password
that the one used for "authenticate_in" feature.
| Field | Type | Null | Key | Default | Extra |
| user | varchar(128) | | PRI | | |
| pass | varchar(128) | | | | |
| servername | varchar(255) | | | | |
| port | varchar(8) | YES | | NULL | |
It will be useful to take this password for authentication with the
Thanks in advance.
My perdition director seems to be working fine with unencrypted POP and
IMAP connections, but logs the following when I try to connect from
Thunderbird using TLS:
SELF: "* OK IMAP4 Ready yankee 0001de1f\r\n"
CLIENT: "1 capability\r\n"
SELF: "* CAPABILITY IMAP4 IMAP4REV1\r\n"
SELF: "1 OK CAPABILITY\r\n"
CLIENT: "2 STARTTLS\r\n"
SELF: "2 OK Begin TLS negotiation now\r\n"
main: username_mangle STATE_GET_SERVER
Fatal error manipulating username for client "188.8.131.52": Exiting
What should I do to get TLS working?
Robert C. Sheets
I have just been looking at using perdition as part of a mail migration
between multiple POP3 servers and have it working well with LDAP.
At the moment I have it configured to lookup against the domain part of
the user login and have temporarily added the following attribute to the
domain object in LDAP:
That works, but I would like to use an existing attribute that already
exists and wouldnt require manually editing the LDAP object everytime a
domain was updated. The problem is this attribute is in the format of:
So my query is returning "nexthop:[mdaX.domain.com]". Is there anyway
to get ldap/perdition to retrieve the part of the result thats in the 
brackets? If I could use that part of the LDAP attribute I would only
need to add an entry to the hosts file so that it would use the POP3
server that corresponds with the Mail Delivery server in that attribute?
If theres a trick to accimplish that it would save me alot of work. :)
I apologize if this has been covered. The signal-to-noise ration in my
Google searching and GMANE/MARC searching didn't lead me to good results...
I see a few posts from ~2004 regarding passphrase protected SSL keys.
Mr. Horms indicated that he thought it ought to work, but was unable to
devote effort at the time, being 'snowed under' :)
Was this functionality added? I see in the .c code some callbacks to
the ctx 'passphrase' parts of libssl but can't tell where it's getting
sent along, if at all.
Can anyone provide tips?
i'm working for a company that uses exchange as a corporate
mailserver. unfortunately the admin boneheads don't allow me to
connect via imap. however, i managed to create connectivity via
openexchange (libmapi). i can list all my folders, retrieve mails and
so on. the ideal solution for me however would be to use imap. a bit
of research led me to perdition. if i could have something like a
local imap2mapi proxy this would solve my problem. perdition would
have to use libmapi (http://www.openchange.org/) as backend and
translate imap commands to mapi (vice versa).
has this been discussed before? is something like that planed? are
there better ways or other solutions available to my problem?
any input is gratefully appreciated.
KVM - virtualization software
host OS - Debian 5.0
VMs (guest) OS - Ubutun 9.04
Single(one) external IP
This is an experiment.
There are 4 VMs, each running SugarCRM which is a web-base CRM. Each VM has its own host name and internal IP. Desktops on local network(Intranet) can browse each VM on;
Now my further test is how can the remote-desktops connect/browse the VMs? Because there is only ONE external IP. Suggestion and pointer would be appreciated. TIA
Send instant messages to your online friends http://uk.messenger.yahoo.com