we've been using perdition as a pop3/pop3s/imap/imaps proxy for about
four years now, first with Debian Sarge package and now under Etch.
And throughout this time I've seen pop3s (and from the looks of it
the same happens with imaps) processes stuck in connect, like this:
16836 ? S 5:31 0 120 32179 2204 0.0 perdition.pop3s
28070 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect
7782 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect
24468 ? S 0:00 0 120 32311 1568 0.0 \_ perdition.pop3s: connect
14180 ? S 0:00 0 120 32311 1568 0.0 \_ perdition.pop3s: connect
13503 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect
They never die off, keep the connection open, there is no traffic and the
other end might be long gone. Last trace in the logs is always like this:
Feb 5 22:05:16 pp11 perdition: Connect: hi.mi.ts.u->18.104.22.168
It must be something related to the SSL'ness of these service, since I'm
not seeing this happening ever for imap/pop3. Alas a lot of people do use
TLS with those, so it's not a generic SSL issue. Maybe the master process
could kick a child handling connections in the head after "timeout"
seconds in connect state?
If more information is needed I can try to provide it, but note that with a
rate of roughly 35 pops per second I'm a bit weary to turn on
This may or may not be related to another SSL related issue, which will
be for the sake of making searches in the archive more likely to find good
keywords in a separate mail.
Christian Balzer Network/Systems Engineer NOC
chibi(a)gol.com Global OnLine Japan/Fusion Network Services
My perdition director seems to be working fine with unencrypted POP and
IMAP connections, but logs the following when I try to connect from
Thunderbird using TLS:
SELF: "* OK IMAP4 Ready yankee 0001de1f\r\n"
CLIENT: "1 capability\r\n"
SELF: "* CAPABILITY IMAP4 IMAP4REV1\r\n"
SELF: "1 OK CAPABILITY\r\n"
CLIENT: "2 STARTTLS\r\n"
SELF: "2 OK Begin TLS negotiation now\r\n"
main: username_mangle STATE_GET_SERVER
Fatal error manipulating username for client "22.214.171.124": Exiting
What should I do to get TLS working?
Robert C. Sheets
Modifications on *spec.in ( for vanessa_logger vanessa_adt
vanessa_socket perdition) are need for "rpmbuild -ta <name>.tar.gz" on
Fedora >7 ? systems (rpm ver 4.4.xx)
-> Copyright: GNU Lesser General Public Licence
-< License: GNU (or wherever)
Thanks for your magnific work ! :-)
-----BEGIN PGP SIGNED MESSAGE-----
Are there any plans for a new perdition release? With the changeable
ldap version via configuration file is at least one useful change in the
repository. Maybe experimental ipv6 support could also be added.
I'm also the FreeBSD maintainer of the perdition port and i would like
to bring this in the ports tree without maintaining too many local patches.
* Thomas Vogt UNIX System Engineer - SolNet AS9044 - PGP-3239B720 *
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
We're using Exim for our mail delivery and have standardised on CDB for large lookup tables so we wanted to use a single lookup table for both Exim and Perdition. Having pulled down perdition and discovered that it didn't support CDB, I've created a patch to add it by using the TinyCDB library. We're planning on putting this live in the next month or so after a little more testing.
Sorry if the patch isn't 100% correct for the build system, but this is the first time I've hacked on automake. The patch is against 1.17.1.
Thanks for the excellent software Simon!
Is it possible to addionally set PAM_RHOST in do_pam_authentication?
With PAM_RHOST set pam_abl module is able to block brute force password
crackings based on attacker's ip. Now pam_abl reports PAM_RHOST as NULL,
which also blocks users from beeing purged after successful login.
Lang & Schwarz Gate GmbH
Breite Strasse 34
t: + 49 (0) 211 - 138 40 710
f: + 49 (0) 211 - 138 40 779
Lang & Schwarz Gate GmbH
AG DDF HRB 36277 Firmensitz Duesseldorf
Geschaeftsfuehrer: Andre Buetow und Peter Zahn
Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
I'm trying to use Perdition + ImapProxy for a webmail system (I need both of them because Perdition supports multiple backend servers, while ImapProxy supports connection caching).
The idea is, when one logs in to IMAP, my webmail will send a login request like this to ImapProxy:
LOGIN firstname.lastname@example.org:port fooPassword
ImapProxy will send it to Perdition (running on the same host). Using the regexp map library, Perdition will forward this request to imap.host.com:port, logging in as "foo" with the given password.
So far so good. Now the problem is that some folks use SSL while others don't. The line Webmail ---> ImapProxy should always be plain, as well as the line ImapProxy ---> Perdition; however, from Perdition to the backend server the line should be encrypted.
In short, my question is that this can be achieved using the regex maps, say, for instance, that the Webmail will append a "!" character to the user:
LOGIN email@example.com:port! fooPassword
and in this case, using the regex map, I would like to indicate to Perdition that it should use SSL for outgoing socket. Is this possible?