Perdition-users February 2010

perdition-users@vergenet.net

4 participants
5 discussions

Zombie pop3s (and imaps?) processes in connect state

by Christian Balzer

Hello, we've been using perdition as a pop3/pop3s/imap/imaps proxy for about four years now, first with Debian Sarge package and now under Etch. And throughout this time I've seen pop3s (and from the looks of it the same happens with imaps) processes stuck in connect, like this: --- 16836 ? S 5:31 0 120 32179 2204 0.0 perdition.pop3s 28070 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect 7782 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect 24468 ? S 0:00 0 120 32311 1568 0.0 \_ perdition.pop3s: connect 14180 ? S 0:00 0 120 32311 1568 0.0 \_ perdition.pop3s: connect 13503 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect --- They never die off, keep the connection open, there is no traffic and the other end might be long gone. Last trace in the logs is always like this: --- Feb 5 22:05:16 pp11 perdition[7782]: Connect: hi.mi.ts.u->203.216.5.113 --- It must be something related to the SSL'ness of these service, since I'm not seeing this happening ever for imap/pop3. Alas a lot of people do use TLS with those, so it's not a generic SSL issue. Maybe the master process could kick a child handling connections in the head after "timeout" seconds in connect state? If more information is needed I can try to provide it, but note that with a rate of roughly 35 pops per second I'm a bit weary to turn on debugging. ^_- This may or may not be related to another SSL related issue, which will be for the sake of making searches in the archive more likely to find good keywords in a separate mail. Regards, Christian -- Christian Balzer Network/Systems Engineer NOC chibi(a)gol.com Global OnLine Japan/Fusion Network Services http://www.gol.com/

11 years, 4 months

Problems with IMAP4S LOGIN command

by TOPdesk Systeembeheer (beheer＠TOPdesk.com)

Hi everybody, Since an upgrade to our backend IMAPS server (Zarafa 6.20.7), we have some trouble authenticating via our perdition IMAP4S proxy (version 1.17-7etch1). I've enabled debug and connection logging, and I see that the LOGIN command is splitted in 3 lines instead of sending the whole command in one. Is that normal? Can I configure it somewhere? Here is the log I get: Jul 2 14:33:45 floor perdition[9781]: Connect: xx.xx.xx.xx -> [IP proxy] Jul 2 14:33:45 floor perdition[9781]: SSL connection using AES128-SHA Jul 2 14:33:45 floor perdition[9781]: SELF: "* OK IMAP4 Ready floor 0001d839\r\n" Jul 2 14:33:46 floor perdition[9781]: CLIENT: "1.584 CAPABILITY\r\n" Jul 2 14:33:46 floor perdition[9781]: SELF: "* CAPABILITY IMAP4 IMAP4REV1\r\n" Jul 2 14:33:46 floor perdition[9781]: SELF: "1.584 OK CAPABILITY\r\n" Jul 2 14:33:46 floor perdition[9781]: CLIENT: "2.584 LOGIN piekjepuk 6012417\r\n" Jul 2 14:33:46 floor perdition[9781]: username_add_domain: username_add_domain 0 1 0x807bd1c Jul 2 14:33:46 floor perdition[9781]: getserver: do_dbserver_get Jul 2 14:33:46 floor perdition[9781]: SSL connection using AES256-SHA Jul 2 14:33:46 floor perdition[9781]: REAL: "* OK Zarafa IMAP gateway ready\r\n" Jul 2 14:33:46 floor perdition[9781]: SELF: "flim07 CAPABILITY\r\n" Jul 2 14:33:46 floor perdition[9781]: REAL: "* CAPABILITY IMAP4rev1 CHILDREN XAOL-OPTION IDLE\r\n" Jul 2 14:33:46 floor perdition[9781]: REAL: "flim07 OK CAPABILITY Completed\r\n" Jul 2 14:33:46 floor perdition[9781]: SELF: "flim08 LOGIN {6}\r\n" Jul 2 14:33:46 floor perdition[9781]: REAL: "flim08 BAD LOGIN must have 2 arguments\r\n" Jul 2 14:33:46 floor perdition[9781]: imap4_out_response: invalid tag from server 1 Jul 2 14:33:46 floor perdition[9781]: imap4_out_authenticate: imap4_out_response login Jul 2 14:33:46 floor perdition[9781]: SELF: "piekjepuk {7}\r\n" Jul 2 14:33:46 floor perdition[9781]: REAL: "piekjepuk BAD Command not recognized\r\n" Jul 2 14:33:46 floor perdition[9781]: imap4_out_response: invalid tag from server 1 Jul 2 14:33:46 floor perdition[9781]: imap4_out_authenticate: imap4_out_response name Jul 2 14:33:46 floor perdition[9781]: SELF: "6012417\r\n" Jul 2 14:33:46 floor perdition[9781]: REAL: "* BAD Command not recognized\r\n" Jul 2 14:33:46 floor perdition[9781]: SELF: "* BAD Command not recognized\r\n" Jul 2 14:34:46 floor perdition[9781]: REAL: "* BYE Connection closed because of timeout\r\n" Jul 2 14:34:46 floor perdition[9781]: SELF: "* BYE Connection closed because of timeout\r\n" Jul 2 14:34:46 floor perdition[9781]: REAL: "" Jul 2 14:34:46 floor perdition[9781]: token_read: token_fill_buffer Jul 2 14:34:46 floor perdition[9781]: read_line: token_read Jul 2 14:34:46 floor perdition[9781]: imap4_out_response: read_line Jul 2 14:34:46 floor perdition[9781]: imap4_out_authenticate: imap4_out_response passwd Jul 2 14:34:46 floor perdition[9781]: main: protocol->out_authenticate -1 Jul 2 14:34:46 floor perdition[9781]: Fatal error authenticating user. Exiting child. Any ideas? Thank you very much in advance! Best regards, -- Xesc

14 years

timeout on pop3s not working

by eric c

Hi, I have perdition running great for sometime and just implemented pop3s. POP3s works great too but the timeout value is not taking affect on a idle connection Here is the config: ##### map_library /usr/local/lib/libperditiondb_ldap.so map_library_opt "ldap://10.0.2.56 10.0.2.58/ou=EmailAccount,o=myinternalcave.com?uid,mailhost,port?one?(uid=%25s)" username_from_database pid_file /var/run/perdition.pop3s.pid #log_facility /dev/null no_lookup outgoing_port 110 ssl_mode ssl_listen ssl_cert_file /etc/postfix/ssl/mailssl.crt ssl_key_file /etc/postfix/ssl/mailssl.key ssl_ca_chain_file /etc/postfix/ssl/chain log_facility mail timeout 60 ####### iox1# time telnet mail.myinternalcave.com 110 Escape character is '^]'. +OK POP3 Ready dark 0001341e Connection closed by foreign host. 0.000u 0.015s 1:00.10 0.0% 208+912k 0+0io 0pf+0w 1minute timeout works fine on pop3 but pop3s just sits there forever it seems. Does this feature work on pop3s? Thanks eric c

14 years, 1 month

Problem connection IMAP server and Exchange server

by Mathieu Coïc

Hello ! I'm studying a way to connect a mobile phone with only IPv6 address to a IMAP server and an Exchange Microsoft server which are in the IPv4 world... I use perdition and it works for my gmail address but I have 2 problems for other mail accounts : 1 - With a IMAP server where no SSL connection is needed, I made this configuration for perdition.imap4.conf : bind_address proxyv6.com listen_port 144 protocol IMAP4 debug connection_logging map_library /usr/lib/libperditiondb_posix_regex.so.0.0.0 map_library_opt /etc/perdition/popmap.re username_from_database ssl_mode none ssl_ca_accept_self_signed ssl_cert_accept_self_signed ssl_cert_accept_expired ssl_cert_accept_not_yet_valid ssl_no_cert_verify ssl_no_cn_verify And the result of the debug in /var/log/syslog : Feb 14 07:45:07 pontenn perdition[28472]: CLIENT: "1 capability\r\n" Feb 14 07:45:07 pontenn perdition[28472]: SELF: "* CAPABILITY IMAP4 IMAP4REV1\ r\n" Feb 14 07:45:07 pontenn perdition[28472]: SELF: "1 OK CAPABILITY\r\n" Feb 14 07:45:12 pontenn perdition[28472]: CLIENT: "2 login \"mathieu.coic(a)free.f r\" \"*****************\"\r\n" Feb 14 07:45:12 pontenn perdition[28472]: username_add_domain: username_add_doma in 0 1 Feb 14 07:45:12 pontenn perdition[28472]: username_add_domain: username_add_doma in 0 4 Feb 14 07:45:12 pontenn perdition[28472]: REAL: "* OK [CAPABILITY IMAP4REV1 X- NETSCAPE LOGIN-REFERRALS AUTH=LOGIN] IMAP4rev1 Free\r\n" Feb 14 07:45:12 pontenn perdition[28472]: SELF: "flim07 CAPABILITY\r\n" Feb 14 07:45:12 pontenn perdition[28472]: REAL: "* CAPABILITY IMAP4REV1 X-NETS CAPE NAMESPACE MAILBOX-REFERRALS SCAN SORT THREAD=REFERENCES THREAD=ORDEREDSUBJE CT MULTIAPPEND LOGIN-REFERRALS AUTH=LOGIN\r\nflim07 OK Completed\r\n" Feb 14 07:45:12 pontenn perdition[28472]: SELF: "flim08 LOGIN {12}\r\n" Feb 14 07:45:12 pontenn perdition[28472]: REAL: "+ go ahead\r\n" Feb 14 07:45:12 pontenn perdition[28472]: SELF: "mathieu.coic {8}\r\n" Feb 14 07:45:15 pontenn perdition[28472]: REAL: "flim08 NO LOGIN failed\r\n" Feb 14 07:45:15 pontenn perdition[28472]: imap4_out_response: invalid tag from s erver 1 The client send well the login et the password for my account. Is there a way for perdition to not send "flim08 LOGIN" ? 2 - My second problem is the connection with an Exchange server. I used a mobile phone which has a Exchange Client and it's the result of syslog : Feb 14 07:51:25 pontenn perdition[28531]: SELF: "* OK IMAP4 Ready fe80::2bd:3a ff:fe72:ee46%eth1 0001e6ab\r\n" Feb 14 07:51:25 pontenn perdition[28531]: CLIENT: "OPTIONS /Microsoft-Server-Act iveSync HTTP/1.1\r\nAccept: */*\r\nAccept-Encoding: gzip\r\nUser-Agent: N900/1.1 \r\nHost: proxyv6.com\r\nConnection: Keep-Alive\r\nAuthorization: Basic dTEwNTQ2 MjptYUNvaTU2\r\nContent-Length: 0\r\n\r\n" Feb 14 07:51:28 pontenn perdition[28531]: SELF: "OPTIONS BAD Unrecognised comm and, mate\r\n" Feb 14 07:51:31 pontenn perdition[28531]: SELF: "Accept: BAD Unrecognised comm and, mate\r\n" Feb 14 07:51:34 pontenn perdition[28531]: SELF: "Accept-Encoding: BAD Unrecogn ised command, mate\r\n" Feb 14 07:51:37 pontenn perdition[28531]: SELF: "User-Agent: BAD Unrecognised command, mate\r\n" Feb 14 07:51:40 pontenn perdition[28531]: SELF: "Host: BAD Unrecognised comman d, mate\r\n" Feb 14 07:51:43 pontenn perdition[28531]: SELF: "Connection: BAD Unrecognised command, mate\r\n" Feb 14 07:51:46 pontenn perdition[28531]: SELF: "Authorization: BAD Unrecognis ed command, mate\r\n" Feb 14 07:51:49 pontenn perdition[28531]: SELF: "Content-Length: BAD Unrecogni sed command, mate\r\n" Feb 14 07:51:52 pontenn perdition[28531]: SELF: "* BAD Invalid tag, mate\r\n" Feb 14 07:52:22 pontenn perdition[28531]: CLIENT: "" Feb 14 07:52:22 pontenn perdition[28531]: token_read: token_fill_buffer Feb 14 07:52:22 pontenn perdition[28531]: read_line: token_read Feb 14 07:52:22 pontenn perdition[28531]: imap4_in_get_pw: read_imap4_line 1 Feb 14 07:52:22 pontenn perdition[28531]: main: protocol->in_get_pw Can perdition just forward the flag OPTIONS to the Exchange server ? Thanks for the response, Mathieu Coïc

14 years, 2 months

Re: [PERDITION-USERS] Fallback server

by David Halik

Hi, I've been attempting to setup perdition to use multiple servers for the same user names, but it doesn't seem possible which is a shame. In my googling attempts I ran into this email: http://lists.vergenet.net/pipermail/perdition-users/2009-November/002214.ht… That's exactly what I would like to do. Currently, perdition has no way of handling a server being down. If user1: serverA, and serverA is down, user1 is out of luck. I shouldn't think it would be hard to have user1: serverA,serverB,serverC and just have perdition go to the next server when the first times out. Also, if this was in place you would probably want an option to say "dont_return_to_master." The point of this being, if serverA goes down and connections go to B, when A comes back up you don't want connections going back there automatically or you will have user1 on both A and B. Some IMAP servers have a major issue with conflicting sessions. Anyway just some ideas. But just to verify, perdition can't do backup IMAP servers, correct? -- ================================ David Halik System Administrator OIT-CSS Rutgers University dhalik(a)jla.rutgers.edu ================================

14 years, 2 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Perdition-users February 2010