Perdition-users October 2010

perdition-users@vergenet.net

8 participants
6 discussions

Zombie pop3s (and imaps?) processes in connect state

by Christian Balzer

Hello, we've been using perdition as a pop3/pop3s/imap/imaps proxy for about four years now, first with Debian Sarge package and now under Etch. And throughout this time I've seen pop3s (and from the looks of it the same happens with imaps) processes stuck in connect, like this: --- 16836 ? S 5:31 0 120 32179 2204 0.0 perdition.pop3s 28070 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect 7782 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect 24468 ? S 0:00 0 120 32311 1568 0.0 \_ perdition.pop3s: connect 14180 ? S 0:00 0 120 32311 1568 0.0 \_ perdition.pop3s: connect 13503 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect --- They never die off, keep the connection open, there is no traffic and the other end might be long gone. Last trace in the logs is always like this: --- Feb 5 22:05:16 pp11 perdition[7782]: Connect: hi.mi.ts.u->203.216.5.113 --- It must be something related to the SSL'ness of these service, since I'm not seeing this happening ever for imap/pop3. Alas a lot of people do use TLS with those, so it's not a generic SSL issue. Maybe the master process could kick a child handling connections in the head after "timeout" seconds in connect state? If more information is needed I can try to provide it, but note that with a rate of roughly 35 pops per second I'm a bit weary to turn on debugging. ^_- This may or may not be related to another SSL related issue, which will be for the sake of making searches in the archive more likely to find good keywords in a separate mail. Regards, Christian -- Christian Balzer Network/Systems Engineer NOC chibi(a)gol.com Global OnLine Japan/Fusion Network Services http://www.gol.com/

11 years, 4 months

xinetd.d entry for perdition

by Tobias Reckhard

Hi Sorry for this rather basic and more xinetd-oriented question, but does anyone on this list perhaps have an xinetd.conf snippet for perdition that they'd be willing to post? I'm having difficulties transferring the inetd configuration instructions from the man page to xinetd syntax. TIA and cheers, Tobias

13 years, 6 months

authenticate using domain part only

by Gregory Storme

Hi, I'm using perdition with mysql backend for pop3 proxy, with user:servername:port table schema. Is it possible to use only the domain part for authentication, instead of user@domain? I want to fill the database with domains instead of usernames. So when a user authenticates using someuser@domain, perdition should check the domain part only in the database, and proxy to the real server listed for it in the db.

13 years, 6 months

Re: [PERDITION-USERS] Question about stripping domain

by Javier de Miguel Rodríguez

> We have a similar setup like yours but we use LDAP. Our configuration > has the following lines: > > add_domain servername_lookup,1 > username_from_database > query_key \\U,+default@\\d I have tried your configuration, but still no luck in the backend server: /Oct 11 10:06:10 buzones_externos dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<prueba>, method=PLAIN, rip=192.168.1.13, lip=192.168.1.161 / I need perdition to send @domain to backend-server Thank you very much Haw > Hope this helps. > > > Haw > > > > ______________________________________________ > Perdition-users mailing list > Perdition-users(a)vergenet.net > http://lists.vergenet.net/listinfo/perdition-users

13 years, 6 months

Question about stripping domain

by Javier de Miguel Rodríguez

Hello. This is my setup INTERNET<--->perdition<---> multiple mail servers; each one with one domain I use popmap.re for domain routing. In my setup each mail server has only one domain, so popmap.re is rather easy. My problem: A new mailserver has MULTIPLE domains (@domain1, @domain2, @domain3). Mi popmap.re redirects connections to this host, but I need to redirect user1@domain1 and user2(a)domain2.com, not only "user1" and "user2" to the back-end hosts. In few words: i do NOT want to strip the domain part to the backend server Regards Javier Mi perdition.conf file: add_domain servername_lookup,remote_login authenticate_in "" no_bind_banner "" bind_address 0.0.0.0 connection_logging connect_relog 300 client_server_specification "" D @ d "" F mail g nobody I IMAP4 IMAP4REV1 i "" L 0 listen_port 110 login_disabled "" lower_case servername_lookup map_library /usr/lib/libperditiondb_gdbm.so map_library_opt "" no_daemon "" n "" O Hola server_resp_line "" protocol POP3 outgoing_port 110 pid_file /var/run/perdition/perdition.pid pid_file /var/run/perdition.pop3/perdition.pop3.pid pid_file /var/run/perdition.pop3s/perdition.pop3s.pid pid_file /var/run/perdition.imap4/perdition.imap4.pid pid_file /var/run/perdition.imap4s/perdition.imap4s.pid t 1800 u nobody U "" q "" query_key "\u,\D\d" ssl_mode ssl_all ssl_ca_chain_file /etc/perdition/perdition.ca.pem ssl_ca_file /etc/perdition/perdition.ca.pem ssl_ca_path /etc/perdition/perdition.ca/ ssl_ca_accept_self_signed ssl_cert_file /etc/perdition/perdition.crt.pem ssl_cert_accept_self_signed ssl_cert_accept_expired ssl_cert_accept_not_yet_valid ssl_cert_verify_depth 9 ssl_key_file /etc/perdition/perdition.key.pem ssl_listen_ciphers "ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH" ssl_outgoing_ciphers "ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH" ssl_no_cert_verify ssl_no_cn_verify

13 years, 6 months

Fatal error writing to client .Exiting child.

by Mark Hamilton

I don't know if this issue has already been discussed but I didn't see it after a quick search. I installed perdition 1.18 and set it up. Everything worked fantastic including ssl etc... Then I started seeing some errors like in the subject line above. After turning on debugging I saw a mention of a temporary failure in dns before the connection failed. I tested it myself by putting my ipad in an ip block that did not have a dns server resolving the reverse lookup. It failed. I added the block to a dns server where it was expected and it worked fine. Since I don't have access to everyone's reverse ip I tried adding one client to the hosts file on the server running perdition and it seemed to fix the issue as well. I have an older version, 1.17, that does not seem to have a problem with ips that do not have a proper dns server set up. Is there anyway to stop this from happening? Mark

13 years, 6 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Perdition-users October 2010