headers
Christian Balzer | 6 Feb 2008 07:54

Zombie pop3s (and imaps?) processes in connect state


Hello,

we've been using perdition as a pop3/pop3s/imap/imaps proxy for about
four years now, first with Debian Sarge package and now under Etch.
And throughout this time I've seen pop3s (and from the looks of it
the same happens with imaps) processes stuck in connect, like this:
---
16836 ?        S      5:31      0   120 32179  2204  0.0 perdition.pop3s        
28070 ?        S      0:00      0   120 32311  1564  0.0  \_ perdition.pop3s: connect
 7782 ?        S      0:00      0   120 32311  1564  0.0  \_ perdition.pop3s: connect
24468 ?        S      0:00      0   120 32311  1568  0.0  \_ perdition.pop3s: connect
14180 ?        S      0:00      0   120 32311  1568  0.0  \_ perdition.pop3s: connect
13503 ?        S      0:00      0   120 32311  1564  0.0  \_ perdition.pop3s: connect
---
They never die off, keep the connection open, there is no traffic and the
other end might be long gone. Last trace in the logs is always like this:
---
Feb  5 22:05:16 pp11 perdition[7782]: Connect: hi.mi.ts.u->203.216.5.113
---

It must be something related to the SSL'ness of these service, since I'm
not seeing this happening ever for imap/pop3. Alas a lot of people do use
TLS with those, so it's not a generic SSL issue. Maybe the master process
could kick a child handling connections in the head after "timeout"
seconds in connect state?

If more information is needed I can try to provide it, but note that with a
rate of roughly 35 pops per second I'm a bit weary to turn on
debugging. ^_-
(Continue reading)

Permalink | Reply | 7 comments |
headers
Christian Balzer | 6 Feb 2008 08:59

TLS/SSL client credentials support?


Hello,

this one should be a fun one for Simon, as it's a "local" issue. ;)

When debugging a problem with downloads of large emails with 
Hidemaru mail (from the same guy that wrote the Hidemaru editor),
I've learned about something that I wasn't aware of. According to
the author of Hidemaru mail having "Client Credentials" enabled
in their client breaks the connection immediately, same thing for
the infamous Becky!. Both are using probably the same public M$
SSL code examples one ventures. 

Here is an example with Credentials on:
---
I サーバーを検索中 - popmail.gol.com
I 接続中 - 203.216.5.113
I 接続完了
R +OK POP3 Ready pp12 0001f653
S STLS
R +OK Begin TLS negotiation, mate
I SSL初期化中
E ホストからのデータ受信に失敗しました。エラーコード=10054
  (Error in receiving data from host)
---
Googling for that error code gives us for example:
http://glwebmail.gordano.com/kb.htm?q=275
So it's perdition hanging up after being so rudely presented with
unwanted credentials. ^_-
The respective entry in the logs here is:
(Continue reading)

Permalink | Reply | 0 comments |

Gmane