Hello,
we've been using perdition as a pop3/pop3s/imap/imaps proxy for about
four years now, first with Debian Sarge package and now under Etch.
And throughout this time I've seen pop3s (and from the looks of it
the same happens with imaps) processes stuck in connect, like this:
---
16836 ? S 5:31 0 120 32179 2204 0.0 perdition.pop3s
28070 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect
7782 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect
24468 ? S 0:00 0 120 32311 1568 0.0 \_ perdition.pop3s: connect
14180 ? S 0:00 0 120 32311 1568 0.0 \_ perdition.pop3s: connect
13503 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect
---
They never die off, keep the connection open, there is no traffic and the
other end might be long gone. Last trace in the logs is always like this:
---
Feb 5 22:05:16 pp11 perdition[7782]: Connect: hi.mi.ts.u->203.216.5.113
---
It must be something related to the SSL'ness of these service, since I'm
not seeing this happening ever for imap/pop3. Alas a lot of people do use
TLS with those, so it's not a generic SSL issue. Maybe the master process
could kick a child handling connections in the head after "timeout"
seconds in connect state?
If more information is needed I can try to provide it, but note that with a
rate of roughly 35 pops per second I'm a bit weary to turn on
debugging. ^_-
This may or may not be related to another SSL related issue, which will
be for the sake of making searches in the archive more likely to find good
keywords in a separate mail.
Regards,
Christian
--
Christian Balzer Network/Systems Engineer NOC
chibi(a)gol.com Global OnLine Japan/Fusion Network Services
http://www.gol.com/
Hello list,
My perdition director seems to be working fine with unencrypted POP and
IMAP connections, but logs the following when I try to connect from
Thunderbird using TLS:
Connect: 128.146.221.167->206.71.169.193
SELF: "* OK IMAP4 Ready yankee 0001de1f\r\n"
CLIENT: "1 capability\r\n"
SELF: "* CAPABILITY IMAP4 IMAP4REV1\r\n"
SELF: "1 OK CAPABILITY\r\n"
CLIENT: "2 STARTTLS\r\n"
SELF: "2 OK Begin TLS negotiation now\r\n"
username_mangle: username_strip
main: username_mangle STATE_GET_SERVER
Fatal error manipulating username for client "128.146.221.167": Exiting
child
What should I do to get TLS working?
Thanks!
--
Robert C. Sheets
Picosecond Software
Hi Horms!
Modifications on *spec.in ( for vanessa_logger vanessa_adt
vanessa_socket perdition) are need for "rpmbuild -ta <name>.tar.gz" on
Fedora >7 ? systems (rpm ver 4.4.xx)
-> Copyright: GNU Lesser General Public Licence
-< License: GNU (or wherever)
Thanks for your magnific work ! :-)
Hi,
Often I'm asked to restrict access to some e-mail accounts based on the
client IP address (for example, some employees should not access e-mail
except from office to avoid overtime and other labor related lawsuits).
I'm thinking about implementing a flag to pass the client IP address
along with the username field to the database backend, so I can write a
custom backend to implement client IP based rules.
Any comments/advice?
TIA,
--
Paulo
I just saw its already there, I can use --query_key for this.
Thanks!!!
On Wed, 26 Aug 2009 12:13:47 -0500, scott hollatz <shollatz(a)d.umn.edu>
wrote:
>> Hi,
>>
>> Often I'm asked to restrict access to some e-mail accounts based on the
>> client IP address (for example, some employees should not access e-mail
>> except from office to avoid overtime and other labor related lawsuits).
>
> This depends on the size of your user base, but launching perdition
> via xinetd and using its access controls (IP, time period, etc) may work.
>
>> I'm thinking about implementing a flag to pass the client IP address
>> along with the username field to the database backend, so I can write a
>> custom backend to implement client IP based rules.
>>
>> Any comments/advice?
>>
>> TIA,
>> --
>> Paulo
>> ______________________________________________
>> Perdition-users mailing list
>> Perdition-users(a)vergenet.net
>> http://lists.vergenet.net/listinfo/perdition-users
>
>
> --
> scott hollatz net
> shollatz(a)d.UMn.eDu
> information technology systems and services tel +1 218 726 8851
> university of minnesota duluth mn usa fax +1 218 726 7674
>
> --
> "Asn aD ta zlAp em uT
> zt33rg"
Hi!
Some years ago I developed a little patch that allows to add multiple
MySQL servers to the MySQL database backend, so if the first server
isn't reachable, perdition falls back to the second etc.
I was sure, that I sent this patch to Simon or to this list, but the
patch never appeared in the upstream source and when I checked all my
outbound mail, I didn't find a mail with this patch, so I seem to have
forgotten to do so.
Today I updated my patch to the current 1.17.1. Maybe someone else
will find this patch useful.
Tschoeeee
Roland
--
Roland Rosenfeld - Content Delivery - NED - Technik
NetCologne Gesellschaft für Telekommunikation mbH - HRB 25580, AG Köln
Am Coloneum 9 50829 Köln Tel.: +49-221-2222-373 Fax: +49-221-2222-7373
Geschäftsführer: Werner Hanf, Karl-Heinz Zankel
