Hello,
we've been using perdition as a pop3/pop3s/imap/imaps proxy for about
four years now, first with Debian Sarge package and now under Etch.
And throughout this time I've seen pop3s (and from the looks of it
the same happens with imaps) processes stuck in connect, like this:
---
16836 ? S 5:31 0 120 32179 2204 0.0 perdition.pop3s
28070 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect
7782 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect
24468 ? S 0:00 0 120 32311 1568 0.0 \_ perdition.pop3s: connect
14180 ? S 0:00 0 120 32311 1568 0.0 \_ perdition.pop3s: connect
13503 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect
---
They never die off, keep the connection open, there is no traffic and the
other end might be long gone. Last trace in the logs is always like this:
---
Feb 5 22:05:16 pp11 perdition[7782]: Connect: hi.mi.ts.u->203.216.5.113
---
It must be something related to the SSL'ness of these service, since I'm
not seeing this happening ever for imap/pop3. Alas a lot of people do use
TLS with those, so it's not a generic SSL issue. Maybe the master process
could kick a child handling connections in the head after "timeout"
seconds in connect state?
If more information is needed I can try to provide it, but note that with a
rate of roughly 35 pops per second I'm a bit weary to turn on
debugging. ^_-
This may or may not be related to another SSL related issue, which will
be for the sake of making searches in the archive more likely to find good
keywords in a separate mail.
Regards,
Christian
--
Christian Balzer Network/Systems Engineer NOC
chibi(a)gol.com Global OnLine Japan/Fusion Network Services
http://www.gol.com/
Hello All,
I'm setting up perdition for IMAP and Managesieve proxying with LDAP.
LDAP proxying is working fine, I'm getting my mailhost from there, but
for managesieve I keep getting: "perdition.managesieve[7871]: Exiting
on signal 11" and I'm wondering if it's a recurrence of this bug -
http://lists.vergenet.net/pipermail/perdition-users/2010-July/002332.html
. I'm using the Debian Squeeze with has the following packages in the
repos:
ii perdition 1.19~rc4-2
POP3 and IMAP4 Proxy server
ii perdition-ldap 1.19~rc4-2
Library to allow perdition to access LDAP based popmaps
Here is more of my log:
Mar 30 14:40:00 perdition-dev perdition.managesieve[7871]: Connect:
10.30.40.197:37245->10.30.40.163:4190
Mar 30 14:40:00 perdition-dev perdition.managesieve[7871]: SELF:
"\"IMPLEMENTATION\" \"perdition\"\r\n\"SIEVE\" \"comparator-i;octet
comparator-i;ascii-casemap fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex
imap4flags copy include variables body enotify environment mailbox
date\"\r\n\"SASL\" \"PLAIN\"\r\n\"NOTIFY\" \"mailto\"\r\n\"VERSION\"
\"1.19-rc4\"\r\nOK \"predition ready on perdition-dev.localnet.sys
0002b5e3\"\r\n"
Mar 30 14:40:04 perdition-dev perdition.managesieve[7871]: CLIENT:
"AUTHENTICATE \"PLAIN\"
\"AHRlc3RhY2NvdW50MDBAbG9jYWxuZXQuY29tAFRlY2g5OTk=\"\r\n"
Mar 30 14:40:04 perdition-dev perdition.managesieve[7871]:
username_add_domain: username_add_domain 0 1
Mar 30 14:40:04 perdition-dev perdition.managesieve[7871]:
username_add_domain: username_add_domain 0 4
///////////////////////////// THIS RESPONSE IS FROM THE CORRECT
MANAGESIEVE SERVER SO THE PROXY IS WORKING
/////////////////////////////
Mar 30 14:40:04 perdition-dev perdition.managesieve[7871]: REAL:
"\"IMPLEMENTATION\" \"dovecot\"\r\n\"SIEVE\" \"comparator-i;octet
comparator-i;ascii-casemap fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex
imap4flags copy include variables body enotify environment mailbox
date spamtest spamtestplus virustest\"\r\n\"SASL\" \"PLAIN
LOGIN\"\r\n\"STARTTLS\"\r\n\"NOTIFY\" \"mailto\"\r\n\"VERSION\"
\"1.0\"\r\nOK \"Dovecot ready.\"\r\n"
Mar 30 14:40:04 perdition-dev perdition.managesieve[7871]: Exiting on signal 11
So as you can see it exits after it connects to the correct
managesieve server. I can provide any more logging and answers if
someone has an idea where to look. Thanks, Jesse
Sure,
dovecot.conf - http://pastebin.com/muUEPAh8
We are using LDAP:
dovecot-ldap.conf - http://pastebin.com/Qk4RDPgN
<http://pastebin.com/Qk4RDPgN>Has been working fine for us. Our LDAP is a
little weird but you should be able to figure it out. Check out the dovecot
docs for help, they are pretty good.
On Tue, Apr 26, 2011 at 3:38 PM, YANG ChengFu <chengfu.yang(a)gameloft.com>wrote:
> Hello Jesse,
>
> thanks a look, can you share your dovecot proxy and password DB
> configuration files ?
>
> --
> *YANG ChengFu*
> UNIX Administrator/Administrateur UNIX
>
> 5800 St-Denis suite 1001
> Montréal (QC), H2S 3L5
> Msn/mail: chengfu.yang(a)gameloft.com
> tel:(514)798-1700 x.4514
>
>
>
> On 11-04-26 02:57 PM, Jesse Jarzynka wrote:
>
> I actually wound up using Dovecot myself for IMAP, POP3, and Managesieve
> proxying. You might want to take a look at doing that until Simon can get
> around to fixing the perdition bug.
>
> On Tue, Apr 26, 2011 at 2:54 PM, YANG ChengFu <chengfu.yang(a)gameloft.com>wrote:
>
>> Hello Simon,
>>
>> perdition is really a good open source software, I like it. Now I want to
>> enable managesieve feature, but it always give me 11 signal errors, just
>> like my previous mail mentioned.
>>
>> May we have your attentions on it, if managesieve works, it will be
>> perfect?
>>
>> --
>> *YANG ChengFu*
>> UNIX Administrator/Administrateur UNIX
>>
>> 5800 St-Denis suite 1001
>> Montréal (QC), H2S 3L5
>> Msn/mail: chengfu.yang(a)gameloft.com
>> tel:(514)798-1700 x.4514
>>
>>
>>
>> On 11-04-07 07:55 PM, Simon Horman wrote:
>>
>> Sorry Jesse,
>>
>> I haven't had time to look into it yet, but if you are getting a sig 11
>> then there is a bug.
>>
>> On Thu, Apr 07, 2011 at 10:47:14AM -0400, Jesse Jarzynka wrote:
>>
>> Hello Simon, any updates on this? Is this a confirmed bug that you are still
>> working on? Just want to make sure it's not something I'm doing wrong,
>> thanks! -Jesse
>>
>> On Tue, Apr 5, 2011 at 1:38 PM, Jesse Jarzynka <jesse(a)jessejoe.com> <jesse(a)jessejoe.com> wrote:
>>
>>
>> Simon,
>>
>> I apologize but this was wrong. For some reason I turned off managesieve on
>> the destination server, probably something I was testing. I am now
>> confirming that perdition still exits on signal 11 when trying to
>> authenticate managesieve same as before with the latest mercurial code. It
>> still seems to send me to the right server and I see the managesieve
>> response from the correct managesieve server, and then I get the exit 11:
>>
>> Apr 5 13:35:47 perdition-dev perdition.managesieve[21571]: Connect:
>> 10.30.40.197:49949->*MailScanner warning: numerical links are often malicious:* 10.30.40.163:4190 <http://10.30.40.163:4190>
>> Apr 5 13:35:48 perdition-dev perdition.managesieve[21571]: SELF:
>> "\"IMPLEMENTATION\" \"perdition\"\r\n\"SIEVE\" \"comparator-i;octet
>> comparator-i;ascii-casemap fileinto reject envelope encoded-character
>> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
>> copy include variables body enotify environment mailbox date\"\r\n\"SASL\"
>> \"PLAIN\"\r\n\"NOTIFY\" \"mailto\"\r\n\"VERSION\" \"1.19-rc4\"\r\nOK
>> \"perdition ready on perdition-dev.localnet.sys 0002b4d8\"\r\n"
>> Apr 5 13:35:50 perdition-dev perdition.managesieve[21571]: CLIENT:
>> "AUTHENTICATE \"PLAIN\"
>> \"AHRlc3RhY2NvdW50MDBAbG9jYWxuZXQuY29tAFRlY2g5OTk=\"\r\n"
>> Apr 5 13:35:50 perdition-dev perdition.managesieve[21571]:
>> username_add_domain: username_add_domain 0 1
>> Apr 5 13:35:51 perdition-dev perdition.managesieve[21571]:
>> username_add_domain: username_add_domain 0 4
>> Apr 5 13:35:51 perdition-dev perdition.managesieve[21571]: REAL:
>> "\"IMPLEMENTATION\" \"dovecot\"\r\n\"SIEVE\" \"comparator-i;octet
>> comparator-i;ascii-casemap fileinto reject envelope encoded-character
>> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
>> copy include variables body enotify environment mailbox date spamtest
>> spamtestplus virustest\"\r\n\"SASL\" \"PLAIN
>> LOGIN\"\r\n\"STARTTLS\"\r\n\"NOTIFY\" \"mailto\"\r\n\"VERSION\"
>> \"1.0\"\r\nOK \"Dovecot ready.\"\r\n"
>> Apr 5 13:35:51 perdition-dev perdition.managesieve[21571]: Exiting on
>> signal 11
>>
>> On Mon, Apr 4, 2011 at 10:52 AM, Jesse Jarzynka <jesse(a)jessejoe.com> <jesse(a)jessejoe.com>wrote:
>>
>>
>> On Sat, Apr 2, 2011 at 6:09 PM, Simon Horman <horms(a)verge.net.au> <horms(a)verge.net.au> wrote:
>>
>> # apt-get build-dep perdition
>>
>> The build-dep must've grabbed something I was missing because I was
>> able to compile it after that.
>>
>> I'm not getting the same error anymore, so that's good! I'm still not
>> getting the right server from ldap with managesieve though. Here's and
>> example of my IMAP auth working correctly and adding the right server:
>>
>> Apr 4 10:42:35 perdition-dev perdition.imap4[17368]: Starting
>> perdition version=1.19-rc4 protocol=IMAP4
>> Apr 4 10:42:35 perdition-dev perdition.imap4[17368]: add_domain="",
>> authenticate_in=off, authenticate_timeout=1800, bind_address="",
>> client_server_specification=off,
>> config_file="/home/jjarzynka/perdition.conf", connection_limit=0,
>> connection_logging=on, connect_relog=300, debug=on,
>> domain_delimiter="@", explicit_domain="", group="root",
>> imap_capability="IMAP4 IMAP4REV1", inetd_mode=off,
>> listen_port="imap2", log_facility="mail", log_passwd="never",
>> login_disabled=off, lower_case="",
>> managesieve_capability=""IMPLEMENTATION" "perdition" "SIEVE"
>> "comparator-i;octet comparator-i;ascii-casemap fileinto reject
>> envelope encoded-character vacation subaddress
>> comparator-i;ascii-numeric relational regex imap4flags copy include
>> variables body enotify environment mailbox date" "SASL" "PLAIN"
>> "NOTIFY" "mailto" "VERSION" "1.19-rc4"",
>> map_library="/usr/lib/libperditiondb_ldap.so.0.0.0",
>>
>> map_library_opt="ldap://ldap.localnet.sys/ou=accounts,dc=localnet,dc=com?mail,mailHost,port?one?(mail=%s)",
>> no_bind_banner=off, no_daemon=off, no_lookup=off, tcp_keepalive=off,
>> nodename="perdition-dev", ok_line="You are so in",
>> outgoing_port="imap2", outgoing_server="",
>> pid_file="/var/run/perdition.imap4s/perdition.imap4s.pid",
>> pop_capability="UIDL.USER", protocol="IMAP4", server_resp_line=off,
>> strip_domain="", timeout=1800, username="root",
>> username_from_database=off, query_key="", quiet=off (mask=0x00000400
>> 00000000)
>> Apr 4 10:42:35 perdition-dev perdition.imap4[17368]: ssl_mode="",
>> ssl_ca_file="", ssl_ca_path="/usr/etc/perdition/perdition.ca/",
>> ssl_ca_accept_self_signed="off",
>> ssl_cert_file="/usr/etc/perdition/perdition.crt.pem",
>> ssl_cert_accept_expired="off", ssl_cert_not_yet_valid="off",
>> ssl_cert_self_signed="off", ssl_cert_verify_depth=9,
>> ssl_key_file="/usr/etc/perdition/perdition.key.pem",
>> ssl_listen_ciphers="", ssl_outgoing_ciphers="",
>> ssl_no_cert_verify="off", ssl_no_client_cert_verify="off",
>> ssl_no_cn_verify="off" ssl_passphrase_fd=0,
>> ssl_passphrase_file="(null)", (ssl_mask=0x00000000)
>> Apr 4 10:42:35 perdition-dev perdition.imap4[17370]:
>> vanessa_socket_daemon_setid: uid=0 euid=0 gid=0 egid=0
>> Apr 4 10:42:41 perdition-dev perdition.imap4[17371]: Connect:
>> 10.30.40.197:34045->*MailScanner warning: numerical links are often malicious:* 10.30.40.163:143 <http://10.30.40.163:143>
>> Apr 4 10:42:41 perdition-dev perdition.imap4[17371]: SELF: "* OK
>> [CAPABILITY IMAP4 IMAP4REV1] perdition ready on
>> perdition-dev.localnet.sys 0002b0cf\r\n"
>> Apr 4 10:42:51 perdition-dev perdition.imap4[17371]: CLIENT: "01
>> login testaccount00(a)localnet.com PASSWORD\r\n"
>> Apr 4 10:42:51 perdition-dev perdition.imap4[17371]:
>> username_add_domain: username_add_domain 0 1
>> Apr 4 10:42:51 perdition-dev perdition.imap4[17371]:
>> username_add_domain: username_add_domain 0 4
>> Apr 4 10:42:51 perdition-dev perdition.imap4[17371]: REAL: "* OK
>> [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT
>> THREAD=REFERENCES SORT QUOTA IDLE] Courier-IMAP ready. Copyright
>> 1998-2003 Double Precision, Inc. See COPYING for distribution
>> information.\r\n"
>> Apr 4 10:42:51 perdition-dev perdition.imap4[17371]: SELF: "flim07
>> CAPABILITY\r\n"
>> Apr 4 10:42:51 perdition-dev perdition.imap4[17371]: REAL: "*
>> CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT
>> THREAD=REFERENCES SORT QUOTA IDLE\r\nflim07 OK CAPABILITY
>> completed\r\n"
>> Apr 4 10:42:51 perdition-dev perdition.imap4[17371]: SELF: "flim08
>> LOGIN {26}\r\n"
>> Apr 4 10:42:51 perdition-dev perdition.imap4[17371]: REAL: "+ OK\r\n"
>> Apr 4 10:42:51 perdition-dev perdition.imap4[17371]: SELF:"testaccount00(a)localnet.com {7}\r\n" <testaccount00(a)localnet.com%7B7%7D%5Cr%5Cn>
>> Apr 4 10:42:51 perdition-dev perdition.imap4[17371]: REAL: "+ OK\r\n"
>> Apr 4 10:42:51 perdition-dev perdition.imap4[17371]: SELF:
>> "PASSWORD\r\n"
>> Apr 4 10:42:51 perdition-dev perdition.imap4[17371]: REAL: "flim08
>> OK LOGIN Ok.\r\n"
>> Apr 4 10:42:51 perdition-dev perdition.imap4[17371]: SELF: "01 OK
>> You are so in\r\n"
>> Apr 4 10:42:51 perdition-dev perdition.imap4[17371]: Auth:
>> 10.30.40.197:34045->*MailScanner warning: numerical links are often malicious:* 10.30.40.163:143 <http://10.30.40.163:143> client-secure=plaintext
>> authorisation_id=NONE authentication_id="testaccount00(a)localnet.com" <testaccount00(a)localnet.com>
>> server="maildrop-dovecot-dev.localnet.sys:imap2" protocol=IMAP4
>> server-secure=plaintext status="ok"
>>
>>
>> So you can see it finds the correct mail server for this user as
>> "maildrop-dovecot-dev.localnet.sys" and forwards my connection there.
>> Here is my output when using managesieve on the latest mercurial code
>> and the same config file now:
>>
>>
>> Apr 4 10:47:24 perdition-dev perdition.managesieve[17401]: Starting
>> perdition version=1.19-rc4 protocol=MANAGESIEVE
>> Apr 4 10:47:24 perdition-dev perdition.managesieve[17401]:
>> add_domain="", authenticate_in=off, authenticate_timeout=1800,
>> bind_address="", client_server_specification=off,
>> config_file="/home/jjarzynka/perdition.conf", connection_limit=0,
>> connection_logging=on, connect_relog=300, debug=on,
>> domain_delimiter="@", explicit_domain="", group="root",
>> imap_capability="IMAP4 IMAP4REV1", inetd_mode=off,
>> listen_port="sieve", log_facility="mail", log_passwd="never",
>> login_disabled=off, lower_case="",
>> managesieve_capability=""IMPLEMENTATION" "perdition" "SIEVE"
>> "comparator-i;octet comparator-i;ascii-casemap fileinto reject
>> envelope encoded-character vacation subaddress
>> comparator-i;ascii-numeric relational regex imap4flags copy include
>> variables body enotify environment mailbox date" "SASL" "PLAIN"
>> "NOTIFY" "mailto" "VERSION" "1.19-rc4"",
>> map_library="/usr/lib/libperditiondb_ldap.so.0.0.0",
>>
>> map_library_opt="ldap://ldap.localnet.sys/ou=accounts,dc=localnet,dc=com?mail,mailHost,port?one?(mail=%s)",
>> no_bind_banner=off, no_daemon=off, no_lookup=off, tcp_keepalive=off,
>> nodename="perdition-dev", ok_line="You are so in",
>> outgoing_port="sieve", outgoing_server="",
>> pid_file="/var/run/perdition.imap4s/perdition.imap4s.pid",
>> pop_capability="UIDL.USER", protocol="MANAGESIEVE",
>> server_resp_line=off, strip_domain="", timeout=1800, username="root",
>> username_from_database=off, query_key="", quiet=off (mask=0x00000400
>> 00000000)
>> Apr 4 10:47:24 perdition-dev perdition.managesieve[17401]:
>> ssl_mode="", ssl_ca_file="",
>> ssl_ca_path="/usr/etc/perdition/perdition.ca/",
>> ssl_ca_accept_self_signed="off",
>> ssl_cert_file="/usr/etc/perdition/perdition.crt.pem",
>> ssl_cert_accept_expired="off", ssl_cert_not_yet_valid="off",
>> ssl_cert_self_signed="off", ssl_cert_verify_depth=9,
>> ssl_key_file="/usr/etc/perdition/perdition.key.pem",
>> ssl_listen_ciphers="", ssl_outgoing_ciphers="",
>> ssl_no_cert_verify="off", ssl_no_client_cert_verify="off",
>> ssl_no_cn_verify="off" ssl_passphrase_fd=0,
>> ssl_passphrase_file="(null)", (ssl_mask=0x00000000)
>> Apr 4 10:47:24 perdition-dev perdition.managesieve[17403]:
>> vanessa_socket_daemon_setid: uid=0 euid=0 gid=0 egid=0
>> Apr 4 10:47:44 perdition-dev perdition.managesieve[17407]: Connect:
>> 10.30.40.197:44134->*MailScanner warning: numerical links are often malicious:* 10.30.40.163:4190 <http://10.30.40.163:4190>
>> Apr 4 10:47:44 perdition-dev perdition.managesieve[17407]: SELF:
>> "\"IMPLEMENTATION\" \"perdition\"\r\n\"SIEVE\" \"comparator-i;octet
>> comparator-i;ascii-casemap fileinto reject envelope encoded-character
>> vacation subaddress comparator-i;ascii-numeric relational regex
>> imap4flags copy include variables body enotify environment mailbox
>> date\"\r\n\"SASL\" \"PLAIN\"\r\n\"NOTIFY\" \"mailto\"\r\n\"VERSION\"
>> \"1.19-rc4\"\r\nOK \"perdition ready on perdition-dev.localnet.sys
>> 0002b4d8\"\r\n"
>> Apr 4 10:47:49 perdition-dev perdition.managesieve[17407]: CLIENT:
>> "AUTHENTICATE \"PLAIN\"
>> \"AHRlc3RhY2NvdW50QGxvY2FsbmV0LmNvbQB0ZXN0\"\r\n"
>> Apr 4 10:47:49 perdition-dev perdition.managesieve[17407]:
>> username_add_domain: username_add_domain 0 1
>> Apr 4 10:47:50 perdition-dev perdition.managesieve[17407]:
>> vanessa_socket_client_src_open: getaddrinfo dst: "deleted" "sieve":
>> Name or service not known
>> Apr 4 10:47:50 perdition-dev perdition.managesieve[17407]: main:
>> vanessa_socket_client_open
>> Apr 4 10:47:53 perdition-dev perdition.managesieve[17407]: SELF:
>> "NO \"failed: Could not connect to server\"\r\n"
>> Apr 4 10:47:53 perdition-dev perdition.managesieve[17407]: Auth:
>> 10.30.40.197:44134->*MailScanner warning: numerical links are often malicious:* 10.30.40.163:4190 <http://10.30.40.163:4190> client-secure=plaintext
>> authorisation_id=NONE authentication_id="testaccount(a)localnet.com" <testaccount(a)localnet.com>
>> server="deleted:sieve" protocol=MANAGESIEVE server-secure=plaintext
>> status="failed: Could not connect to server"
>>
>>
>> This time it gets the mail server as "deleted:sieve" instead of
>> "maildrop-dovecot-dev.localnet.sys". Shouldn't it be using my mail
>> server defined in my ldap lookup like IMAP does? It does appear you
>> have fixed whatever bug was disconnecting me immediately though.
>> Thanks for your continued help. -Jesse
>>
>>
>> ______________________________________________
>> Perdition-users mailing listPerdition-users@vergenet.nethttp://lists.vergenet.net/listinfo/perdition-users
>>
>>
>> ______________________________________________
>> Perdition-users mailing list
>> Perdition-users(a)vergenet.net
>> http://lists.vergenet.net/listinfo/perdition-users
>>
>>
>
I've been trying to figure out how to setup perdition with mysql and proxy
gmail, but have not had any luck!
I read this post, http://permalink.gmane.org/gmane.mail.perdition.user/1721,
which leads to believe its possible.
perdition 1.18
cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=10.04
DISTRIB_CODENAME=lucid
DISTRIB_DESCRIPTION="Ubuntu 10.04.1 LTS"
Here's the error's I see, which makes me think its not looking up mysql db
correctly.
Apr 24 12:31:22 desktop perdition[4517]: Connect: 127.0.0.1->127.0.0.1
Apr 24 12:31:22 desktop perdition[4517]: SSL connection using AES256-SHA
Apr 24 12:31:22 desktop perdition[4517]: username_add_domain:
username_add_domain 1 1
Apr 24 12:31:22 desktop perdition[4517]: getserver: do_dbserver_get
Apr 24 12:31:25 desktop perdition[4517]: Auth: 127.0.0.1->127.0.0.1 user="
megamind(a)webeclouding.com" passwd="XXXXXXX" server="(null)" port="993"
status="failed: Could not determine server"
Apr 24 12:31:25 skytap-desktop perdition[4517]: token_read:
token_fill_buffer
Apr 24 12:31:25 skytap-desktop perdition[4517]: read_line: token_read
Apr 24 12:31:25 skytap-desktop perdition[4517]: imap4_in_get_pw:
read_imap4_line 1
Apr 24 12:31:25 skytap-desktop perdition[4517]: main: protocol->in_get_pw
Apr 24 12:31:25 skytap-desktop perdition[4517]: Fatal Error reading
authentication information from client 127.0.0.1->127.0.0.1: Exiting child
Perdition.conf
desktop:~# cat /etc/perdition/perdition.conf
######################################################################
# perdition.conf
# A|add_domain STATE[,STATE...][,STRIP_DEPTH]:
# Appends a domain to the USER based on the IP address connected to in
# given state(s).
# (default "")
#A servername_lookup,1
add_domain servername_lookup,1
# a|authenticate_in:
# User is authenticated by perdition before connection to real-server.
#a
#authenticate_in
# B|no_bind_banner:
# Use uname to generate banner of even if bind_address is in effect.
#B
#no_bind_banner
# b|bind_address SERVER[,SERVER...]
# Bind to these addresses and ports.
# (default "")
#b 127.0.0.1
#bind_address 127.0.0.1
# C|connection_logging:
# Log all comminication recieved from end-users or real servers or sent
# from perdition.
# Note: debug must be in effect for this option to take effect.
#C
#connection_logging
# connect_relog SECONDS:
# How often to relog the connection.
# Zero for no relogging.
# (default 300)
#connect_relog 300
# c|client_server_specification:
# Allow end-user to specify the real-server.
#c
#client_server_specification
# D|domain_delimiter STRING:
# Delimiter between username and domain.
# (default "@")
#D @
#domain_delimiter \#
# d|debug:
# Turn on verbose debuging.
#d
debug
# e|explicit_domain STRING
# With -A, use STRING as the default domain rather than deriving
# from the IP address connected to.
#explicit_domain some.domain
# F|log_facility FACILITY:
# Facility to log to.
# (default "mail")
#F mail
#log_facility /dev/null
# g|group GROUP:
# Group to run as.
# (default "nobody")
#g nobody
#group nobody
# I|capability|pop_capability|imap_capability STRING:
# Capabilities for the protocol.
#I IMAP4 IMAP4REV1 LITERAL+
#I IMAP4 IMAP4REV1
imap_capability IMAP4
# i|inetd_mode:
# Run in inetd mode.
#i
#inetd_mode
# L|connection_limit LIMIT:
# Maximum number of connections to accept simultaneously. A value of zero
# sets no limit on the number of simultaneous connections.
# (default 0)
#L 64
#connection_limit 64
# l|listen_port PORT_NUMBER|PORT_NAME:
# Port to listen on.
# (default "protocol dependent")
#l 110
#listen_port 110
# login_disabled
# Do not allow users to log in.
#login_disabled
# log_passwd STATE
# Log the users password, otherwise just report it as "XXXXXX".
# (default "never")
#log_passwd never
#log_passwd fail
#log_passwd ok
log_passwd always
# lower_case STATE[,STATE...]:
# Convert usernames to lower case according the the locale in given
# state(s).
# (default "")
#lower_case servername_lookup
# M|map_library FILENAME:
# Library to open that provides functions to look up the server for a user.
# M /usr/lib/libperditiondb_gdbm.so.0
map_library /usr/lib/libperditiondb_gdbm.so.0
map_library_opt
"localhost:3306:dbPerdition:tblPerdition:perdition:perdition"
# m|map_library_opt STRING:
# String option for the map_library.
# (default "")
#m ""
#map_library_opt "/etc/perdition/perdition_lookup.gdbm.db"
# no_daemon:
# Do not detach from terminal.
#no_daemon
# n|no_lookup
# Disable host and port lookup.
#n
#no_lookup
# O|ok_line
# Use STRING as the OK line to send to the client.
# Overriden by server_ok_line.
#O You are so in
ok_line Access Granted
# server_ok_line:
# This option is depricated and now has the same effect as
o|server_resp_line
# It may be removed in a future release
# o|server_resp_line:
# If authentication with the back-end server is successful then send the
# servers +OK line to the client, instead of generting one.
#o
#server_resp_line
# P|protocol PROTOCOL:
# Protocol to use
# (default "POP3")
#P POP3
#protocol POP3
# p|outgoing_port PORT_NAME|PORT_NUMBER:
# Default real-server port.
# (default "protocol dependent")
#p 110
outgoing_port 993
# s|outgoing_server: SERVER[,SERVER...]
# Default server(s).
# (default "")
#s sarah:110,locahost
#outgoing_server sarah:110,localhost
#outgoing_server sarah:110
#outgoing_server sarah
# pid_file FILENAME
# Path for pidfile. Must be a full path starting with a '/'.
# To allow perdition to remove the pid file after the owner of
# the perdition process is changed to a non-root user, it is advised to
# specify a pid file in a subdirectory of the system var state directory
# (usually /var/run). This subdirectory should be unique to this perdition
# invocation and will be created and have its owner and permitions set to
# allow perdition to subsequently remove the pid file.
# Empty for no pid file. Not used in inetd mode.
# default <var_state_dir>/<basename>/<basename>.pid
#pid_file /var/run/perdition/perdition.pid
#pid_file /var/run/perdition.pop3/perdition.pop3.pid
#pid_file /var/run/perdition.pop3s/perdition.pop3s.pid
#pid_file /var/run/perdition.imap4/perdition.imap4.pid
#pid_file /var/run/perdition.imap4s/perdition.imap4s.pid
# S|strip_domain: STATE[,STATE...]
# Allow domain portion of username to be striped in given state(s)
# (default "")
#S all
#strip_domain servername_lookup
# t|timeout SECONDS:
# Idle timeout. Zero for infinite timeout.
# (default 1800)
#t 1800
#timeout 1800
# u|username USERNAME:
# User to run as.
# (default "nobody")
#u nobody
#username nobody
# U|username_from_database:
# Substitute username from popmap lookup.
#U
#username_from_database
# q|quiet:
# Only log errors. Overriden by debug.
#q
#quiet
# query_key FORMAT[,FORMAT...]:
# Speficy a list of query strings to search for in the popmap.
#query_key \\U
#query_key \\u,\\D\\d
#query_key \\I
#query_key \\u\\da_domain,\\da_domain
######################################################################
# Options below relate to SSL/TLS support.
# They are not available if perdition is compiled without SSL support.
######################################################################
# ssl_mode MODE[,MODE ...]::
# Use SSL and or TLS for the listening and/or outgoing connections.
ssl_mode ssl_listen
#ssl_mode tls_listen_force
# ssl_ca_chain_file:
# Chain file containing Certificate Authorities to use when
# verifying certificates. Overrides ssl_ca_file and ssl_ca_path
# (default "")
#ssl_ca_chain_file /etc/perdition/perdition.ca.pem
# ssl_ca_file FILENAME:
# File containing Certificate Authorities to use when verifying
certificates.
# When building the Certificate Authorities chain, ssl_ca_file is used
# first, if set, and then ssl_ca_path, if set.
# (default "")
#(recommended location "/etc/perdition/perdition.ca.pem")
#ssl_ca_file /etc/perdition/perdition.ca.pem
# ssl_ca_path PATHNAME:
# Derectory containing Certificate Authorities files to use when verifying
# certificates.
# When building the Certificate Authorities chain, ssl_ca_file is used
# first, if set, and then ssl_ca_path, if set.
# (default "/etc/perdition/perdition.ca/")
#ssl_ca_path /etc/perdition/perdition.ca/
# ssl_ca_accept_self_signed:
# Accept self-signed certificates.
#ssl_ca_accept_self_signed
# ssl_cert_file FILENAME:
# Certificate chain to use when listening for SSL or TLS connections.
# (default "/etc/perdition/perdition.crt.pem")
#ssl_cert_file /etc/perdition/perdition.crt.pem
# ssl_cert_accept_self_signed:
# Accept self-signed certificates.
#ssl_cert_accept_self_signed
# ssl_cert_accept_expired:
# Accept expired certificates. This includes server certificates
# and certificats authority certificates.
#ssl_cert_accept_expired
# ssl_cert_accept_not_yet_valid:
# Accept certificates that are not yet valid. This includes server
# certificates and certificats authority certificates.
#ssl_cert_accept_not_yet_valid
# ssl_cert_verify_depth DEPTH:
# Chain Depth to recurse to when vierifying certificates.
# (default 9)
#ssl_cert_verify_depth 9
# ssl_key_file FILENAME:
# Public key to use when listening for SSL or TLS connections.
# (default "/etc/perdition/perdition.key.pem")
#ssl_key_file /etc/perdition/perdition.key.pem
# ssl_listen_ciphers STRING:
# Cipher list when listening for SSL or TLS connections.
# If empty ("") then openssl's default will be used.
# (default "")
#ssl_listen_ciphers "ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
# ssl_outgoing_ciphers STRING:
# Cipher list when making outgoing SSL or TLS connections.
# If empty ("") then openssl's default will be used.
# (default "")
#ssl_outgoing_ciphers "ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
# ssl_no_cert_verify:
# Don't cryptographically verify the real-server's certificate.
ssl_no_cert_verify
# ssl_no_cn_verify:
# Don't verify the real-server's common name with the name used
# to connect to the server.
ssl_no_cn_verify
MYSQL dB:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 101
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)
Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| dbPerdition |
+--------------------+
2 rows in set (0.00 sec)
mysql> use dbPerdition;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> select * from tblPerdition;
+---------------------------+----------------+------+
| user | servername | port |
+---------------------------+----------------+------+
| cindy(a)webeclouding.com | imap.gmail.com | 993 |
| megamind(a)webeclouding.com | imap.gmail.com | 993 |
+---------------------------+----------------+------+
2 rows in set (0.00 sec)
mysql>