Perdition-users December 2009

perdition-users@vergenet.net

11 participants
10 discussions

Zombie pop3s (and imaps?) processes in connect state

by Christian Balzer

Hello, we've been using perdition as a pop3/pop3s/imap/imaps proxy for about four years now, first with Debian Sarge package and now under Etch. And throughout this time I've seen pop3s (and from the looks of it the same happens with imaps) processes stuck in connect, like this: --- 16836 ? S 5:31 0 120 32179 2204 0.0 perdition.pop3s 28070 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect 7782 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect 24468 ? S 0:00 0 120 32311 1568 0.0 \_ perdition.pop3s: connect 14180 ? S 0:00 0 120 32311 1568 0.0 \_ perdition.pop3s: connect 13503 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect --- They never die off, keep the connection open, there is no traffic and the other end might be long gone. Last trace in the logs is always like this: --- Feb 5 22:05:16 pp11 perdition[7782]: Connect: hi.mi.ts.u->203.216.5.113 --- It must be something related to the SSL'ness of these service, since I'm not seeing this happening ever for imap/pop3. Alas a lot of people do use TLS with those, so it's not a generic SSL issue. Maybe the master process could kick a child handling connections in the head after "timeout" seconds in connect state? If more information is needed I can try to provide it, but note that with a rate of roughly 35 pops per second I'm a bit weary to turn on debugging. ^_- This may or may not be related to another SSL related issue, which will be for the sake of making searches in the archive more likely to find good keywords in a separate mail. Regards, Christian -- Christian Balzer Network/Systems Engineer NOC chibi(a)gol.com Global OnLine Japan/Fusion Network Services http://www.gol.com/

11 years

Problems with IMAP4S LOGIN command

by TOPdesk Systeembeheer (beheer＠TOPdesk.com)

Hi everybody, Since an upgrade to our backend IMAPS server (Zarafa 6.20.7), we have some trouble authenticating via our perdition IMAP4S proxy (version 1.17-7etch1). I've enabled debug and connection logging, and I see that the LOGIN command is splitted in 3 lines instead of sending the whole command in one. Is that normal? Can I configure it somewhere? Here is the log I get: Jul 2 14:33:45 floor perdition[9781]: Connect: xx.xx.xx.xx -> [IP proxy] Jul 2 14:33:45 floor perdition[9781]: SSL connection using AES128-SHA Jul 2 14:33:45 floor perdition[9781]: SELF: "* OK IMAP4 Ready floor 0001d839\r\n" Jul 2 14:33:46 floor perdition[9781]: CLIENT: "1.584 CAPABILITY\r\n" Jul 2 14:33:46 floor perdition[9781]: SELF: "* CAPABILITY IMAP4 IMAP4REV1\r\n" Jul 2 14:33:46 floor perdition[9781]: SELF: "1.584 OK CAPABILITY\r\n" Jul 2 14:33:46 floor perdition[9781]: CLIENT: "2.584 LOGIN piekjepuk 6012417\r\n" Jul 2 14:33:46 floor perdition[9781]: username_add_domain: username_add_domain 0 1 0x807bd1c Jul 2 14:33:46 floor perdition[9781]: getserver: do_dbserver_get Jul 2 14:33:46 floor perdition[9781]: SSL connection using AES256-SHA Jul 2 14:33:46 floor perdition[9781]: REAL: "* OK Zarafa IMAP gateway ready\r\n" Jul 2 14:33:46 floor perdition[9781]: SELF: "flim07 CAPABILITY\r\n" Jul 2 14:33:46 floor perdition[9781]: REAL: "* CAPABILITY IMAP4rev1 CHILDREN XAOL-OPTION IDLE\r\n" Jul 2 14:33:46 floor perdition[9781]: REAL: "flim07 OK CAPABILITY Completed\r\n" Jul 2 14:33:46 floor perdition[9781]: SELF: "flim08 LOGIN {6}\r\n" Jul 2 14:33:46 floor perdition[9781]: REAL: "flim08 BAD LOGIN must have 2 arguments\r\n" Jul 2 14:33:46 floor perdition[9781]: imap4_out_response: invalid tag from server 1 Jul 2 14:33:46 floor perdition[9781]: imap4_out_authenticate: imap4_out_response login Jul 2 14:33:46 floor perdition[9781]: SELF: "piekjepuk {7}\r\n" Jul 2 14:33:46 floor perdition[9781]: REAL: "piekjepuk BAD Command not recognized\r\n" Jul 2 14:33:46 floor perdition[9781]: imap4_out_response: invalid tag from server 1 Jul 2 14:33:46 floor perdition[9781]: imap4_out_authenticate: imap4_out_response name Jul 2 14:33:46 floor perdition[9781]: SELF: "6012417\r\n" Jul 2 14:33:46 floor perdition[9781]: REAL: "* BAD Command not recognized\r\n" Jul 2 14:33:46 floor perdition[9781]: SELF: "* BAD Command not recognized\r\n" Jul 2 14:34:46 floor perdition[9781]: REAL: "* BYE Connection closed because of timeout\r\n" Jul 2 14:34:46 floor perdition[9781]: SELF: "* BYE Connection closed because of timeout\r\n" Jul 2 14:34:46 floor perdition[9781]: REAL: "" Jul 2 14:34:46 floor perdition[9781]: token_read: token_fill_buffer Jul 2 14:34:46 floor perdition[9781]: read_line: token_read Jul 2 14:34:46 floor perdition[9781]: imap4_out_response: read_line Jul 2 14:34:46 floor perdition[9781]: imap4_out_authenticate: imap4_out_response passwd Jul 2 14:34:46 floor perdition[9781]: main: protocol->out_authenticate -1 Jul 2 14:34:46 floor perdition[9781]: Fatal error authenticating user. Exiting child. Any ideas? Thank you very much in advance! Best regards, -- Xesc

13 years, 8 months

Map different user password for real server

by patux

Hi, I would like to map different password for users on the real server. I mean: 1 - authenticate users locally 2 - lookup for a password for the given user 3 - finally authenticate to the real server with that password. AFAICS from docs, it is not possible. Actually, i was making some modifications on perdition.c adding the ability to lookup on a CSV file for the second password. It's just a probe of concept, the code is no good quality (i'm not a good coder :) ) Thanks a lot for the help.

13 years, 11 months

ldap mailRoutingAddress

by Dominique Marant

Hi, In perdition 1.17, the conf below is running successfully to find the real server for a user : M /usr/lib/libperditiondb_ldap.so m "ldap://server/dc=domain,dc=fr?mailRoutingAddress?sub?(uid=%s)" but in perdition 1.18, it's not running and in the log, I see : server="(null)" port="143" status="failed: Could not determine server" (the request and the response are good in the ldap server) How to use mailRoutingAdresse with perdition 1.18 ? Thanks for your help Dominique

13 years, 11 months

Add password on mysql map table

by patux

13 years, 11 months

Fatal error during/after TLS negotiation

by Robert C. Sheets

Hello list, My perdition director seems to be working fine with unencrypted POP and IMAP connections, but logs the following when I try to connect from Thunderbird using TLS: Connect: 128.146.221.167->206.71.169.193 SELF: "* OK IMAP4 Ready yankee 0001de1f\r\n" CLIENT: "1 capability\r\n" SELF: "* CAPABILITY IMAP4 IMAP4REV1\r\n" SELF: "1 OK CAPABILITY\r\n" CLIENT: "2 STARTTLS\r\n" SELF: "2 OK Begin TLS negotiation now\r\n" username_mangle: username_strip main: username_mangle STATE_GET_SERVER Fatal error manipulating username for client "128.146.221.167": Exiting child What should I do to get TLS working? Thanks! -- Robert C. Sheets Picosecond Software

13 years, 12 months

LDAP attribute format

by Jim Tyrrell

Hi, I have just been looking at using perdition as part of a mail migration between multiple POP3 servers and have it working well with LDAP. At the moment I have it configured to lookup against the domain part of the user login and have temporarily added the following attribute to the domain object in LDAP: mailhost=192.168.10.81 That works, but I would like to use an existing attribute that already exists and wouldnt require manually editing the LDAP object everytime a domain was updated. The problem is this attribute is in the format of: mailtransport=nexthop:[mda-clusterX.domain.com] So my query is returning "nexthop:[mdaX.domain.com]". Is there anyway to get ldap/perdition to retrieve the part of the result thats in the [] brackets? If I could use that part of the LDAP attribute I would only need to add an entry to the hosts file so that it would use the POP3 server that corresponds with the Mail Delivery server in that attribute? If theres a trick to accimplish that it would save me alot of work. :) Thanks. Jim.

14 years

SSL key passphrase

by Aaron Thoreson

I apologize if this has been covered. The signal-to-noise ration in my Google searching and GMANE/MARC searching didn't lead me to good results... I see a few posts from ~2004 regarding passphrase protected SSL keys. Mr. Horms indicated that he thought it ought to work, but was unable to devote effort at the time, being 'snowed under' :) Was this functionality added? I see in the .c code some callbacks to the ctx 'passphrase' parts of libssl but can't tell where it's getting sent along, if at all. Can anyone provide tips? Thanks! -- Aaron Thoreson aaront(a)midco.net

14 years

libmapi support

by Sandra Kachelmann

hi i'm working for a company that uses exchange as a corporate mailserver. unfortunately the admin boneheads don't allow me to connect via imap. however, i managed to create connectivity via openexchange (libmapi). i can list all my folders, retrieve mails and so on. the ideal solution for me however would be to use imap. a bit of research led me to perdition. if i could have something like a local imap2mapi proxy this would solve my problem. perdition would have to use libmapi (http://www.openchange.org/) as backend and translate imap commands to mapi (vice versa). has this been discussed before? is something like that planed? are there better ways or other solutions available to my problem? any input is gratefully appreciated. sandra

14 years

How to make use of perdition to connec the VM

by Stephen Liu

Hi folks, KVM - virtualization software SugarCRM host OS - Debian 5.0 VMs (guest) OS - Ubutun 9.04 Single(one) external IP This is an experiment. There are 4 VMs, each running SugarCRM which is a web-base CRM. Each VM has its own host name and internal IP. Desktops on local network(Intranet) can browse each VM on; local_ip/sugarcrm without problem. Now my further test is how can the remote-desktops connect/browse the VMs? Because there is only ONE external IP. Suggestion and pointer would be appreciated. TIA B.R. Stephen L Send instant messages to your online friends http://uk.messenger.yahoo.com

14 years

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Perdition-users December 2009