Hello,
we've been using perdition as a pop3/pop3s/imap/imaps proxy for about
four years now, first with Debian Sarge package and now under Etch.
And throughout this time I've seen pop3s (and from the looks of it
the same happens with imaps) processes stuck in connect, like this:
---
16836 ? S 5:31 0 120 32179 2204 0.0 perdition.pop3s
28070 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect
7782 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect
24468 ? S 0:00 0 120 32311 1568 0.0 \_ perdition.pop3s: connect
14180 ? S 0:00 0 120 32311 1568 0.0 \_ perdition.pop3s: connect
13503 ? S 0:00 0 120 32311 1564 0.0 \_ perdition.pop3s: connect
---
They never die off, keep the connection open, there is no traffic and the
other end might be long gone. Last trace in the logs is always like this:
---
Feb 5 22:05:16 pp11 perdition[7782]: Connect: hi.mi.ts.u->203.216.5.113
---
It must be something related to the SSL'ness of these service, since I'm
not seeing this happening ever for imap/pop3. Alas a lot of people do use
TLS with those, so it's not a generic SSL issue. Maybe the master process
could kick a child handling connections in the head after "timeout"
seconds in connect state?
If more information is needed I can try to provide it, but note that with a
rate of roughly 35 pops per second I'm a bit weary to turn on
debugging. ^_-
This may or may not be related to another SSL related issue, which will
be for the sake of making searches in the archive more likely to find good
keywords in a separate mail.
Regards,
Christian
--
Christian Balzer Network/Systems Engineer NOC
chibi(a)gol.com Global OnLine Japan/Fusion Network Services
http://www.gol.com/
Hello,
I am trying to do something I thought would be simple, but seem to be
messing up somehow. I have tried following the documentation, but with
no success so I figured I would ask here and see if anyone had a
suggestion. I don't know what I am missing.
The idea was to use perdition in a migration from an old POP3 server to
a new zimbra mail server. In testing I am running perdition from the
command line as follows:
perdition -A remote_login,1 -C -d -F - -l 111 -M
/usr/lib/libperditiondb_gdbm.so.0 -p 110
Running on Port 111 to test, will be moved to 110 when working. The
idea is for most accounts to just log in to the local server as normal
-- this works fine.
My popmap is as follows:
sammy:sammy@zimbra.realnet.com
In /etc/hosts I have:
64.147.109.53 zimbra.realnet.comzimbra.realnet.com 64.147.109.53
When you login to port 111 as the user 'sammy' it tries to do a
connection to the server 'zimbra.realnet.com', but as the USER 'sammy',
not as the USER 'sammy(a)realnet.com'. According to what I have read the
command "-A remote_login,1" should add the domain with the 'zimbra'
removed and login.
My logs show it is trying to login to the correct server, but just as
the USER 'sammy' not as 'sammy(a)realnet.com'. The add_domain does not
appear to be working for some reason.
Here are the debug logs for perdition if that helps (password blanked out):
arthur:/etc/perdition# perdition -A remote_login,1 -C -d -F - -l 111 -M
/usr/lib/libperditiondb_gdbm.so.0 -p 110
Jan 16 11:52:41 perdition[4959]: Starting perdition version=1.19-rc4
protocol=POP3
Jan 16 11:52:41 perdition[4959]: add_domain="remote_login,1",
authenticate_in=off, authenticate_timeout=1800, bind_address="",
client_server_specification=off,
config_file="/etc/perdition/perdition.conf", connection_limit=0,
connection_logging=on, connect_relog=300, debug=on,
domain_delimiter="@", explicit_domain="", group="nogroup",
imap_capability="IMAP4 IMAP4REV1", inetd_mode=off, listen_port="111",
log_facility="-", log_passwd="never", login_disabled=off, lower_case="",
managesieve_capability=""IMPLEMENTATION" "perdition" "SIEVE"
"comparator-i;octet comparator-i;ascii-casemap fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date" "SASL" "PLAIN" "NOTIFY" "mailto" "VERSION"
"1.19-rc4"", map_library="/usr/lib/libperditiondb_gdbm.so.0",
map_library_opt="", no_bind_banner=off, no_daemon=off, no_lookup=off,
tcp_keepalive=off, nodename="arthur", ok_line="You are so in",
outgoing_port="110", outgoing_server="localhost",
pid_file="/var/run/perdition/perdition.pid", pop_capability="UIDL.USER",
protocol="POP3", server_resp_line=off, strip_domain="", timeout=1800,
username="nobody", username_from_database=off, query_key="", quiet=off
(mask=0x0042a081 00000000)
Jan 16 11:52:41 perdition[4959]: ssl_mode="", ssl_ca_file="",
ssl_ca_path="/etc/perdition/perdition.ca/",
ssl_ca_accept_self_signed="off",
ssl_cert_file="/etc/perdition/perdition.crt.pem",
ssl_cert_accept_expired="off", ssl_cert_not_yet_valid="off",
ssl_cert_self_signed="off", ssl_cert_verify_depth=9,
ssl_key_file="/etc/perdition/perdition.key.pem", ssl_listen_ciphers="",
ssl_outgoing_ciphers="", ssl_no_cert_verify="off",
ssl_no_client_cert_verify="off", ssl_no_cn_verify="off"
ssl_passphrase_fd=0, ssl_passphrase_file="(null)", (ssl_mask=0x00000000)
Jan 16 11:52:41 perdition[4959]: vanessa_socket_daemon_setid: uid=65534
euid=65534 gid=65534 egid=65534
Jan 16 11:52:47 perdition[4968]: Connect: 127.0.0.1:35488->127.0.0.1:111
Jan 16 11:52:47 perdition[4968]: SELF: "+OK POP3 perditon ready on
localhost 00028a10\r\n"
Jan 16 11:52:49 perdition[4968]: CLIENT: "USER sammy\r\n"
Jan 16 11:52:49 perdition[4968]: SELF: "+OK USER sammy set, mate\r\n"
Jan 16 11:52:56 perdition[4968]: CLIENT: "PASS Samhain42\r\n"
Jan 16 11:52:56 perdition[4968]: username_add_domain:
username_add_domain 4 1
Jan 16 11:52:56 perdition[4968]: username_add_domain:
username_add_domain 4 4
Jan 16 11:52:56 perdition[4968]: username_add_domain: No domain
completely stripped away, not added
Jan 16 11:52:56 perdition[4968]: REAL: "+OK zm3.realnetdb.com Zimbra
POP3 server ready\r\n"
Jan 16 11:52:56 perdition[4968]: SELF: "USER sammy\r\n"
Jan 16 11:52:56 perdition[4968]: REAL: "+OK hello sammy, please enter
your password\r\n"
Jan 16 11:52:56 perdition[4968]: SELF: "PASS XXXXXXXXX\r\n"
Jan 16 11:52:57 perdition[4968]: REAL: "-ERR invalid
username/password\r\n"
Jan 16 11:52:57 perdition[4968]: SELF: "QUIT\r\n"
Jan 16 11:52:57 perdition[4968]: REAL: "+OK zm3.realnetdb.com Zimbra
POP3 server closing connection\r\n"
Jan 16 11:53:00 perdition[4968]: SELF: "-ERR failed: Re-Authentication
Failure\r\n"
Jan 16 11:53:00 perdition[4968]: Auth: 127.0.0.1:35488->127.0.0.1:111
client-secure=plaintext authorisation_id=NONE authentication_id="sammy"
server="zimbra.realnet.com:110" protocol=POP3 server-secure=plaintext
status="failed: Re-Authentication Failure"
Jan 16 11:53:05 perdition[4968]: CLIENT: "quit\r\n"
Jan 16 11:53:05 perdition[4968]: SELF: "+OK QUIT\r\n"
Jan 16 11:53:05 perdition[4968]: Closing NULL session:
127.0.0.1:35488->127.0.0.1:111 authorisation_id=NONE authentication_id=y"
If I change the perdiction command to be this:
perdition -A remote_login,1 -C -d -e realnet.com -F - -l 111 -M
/usr/lib/libperditiondb_gdbm.so.0 -p 110 -s localhost:110
the explicit adding of the realnet.com works and the user 'sammy' can
now login to the remote server. However, any users on the local server
now add the '@realnet.com' and their logins fail.
Sorry for the long first message and the bother, but any help will be
appreciated.
Thanks!
--
- Steven
Realnet Solutions