I'm running Courier 4.9.3-6.1.3 as distributed by OpenSuSE, with
Courier-authlib 0.63.0-16.1.3. I have a whopping three users fetching
mail: me, my wife, and my daughter. I use Gnus and my Nokia N900 phone
to talk to IMAP. My wife uses Apple Mail and an iPhone; my daughter
uses only Apple Mail. The daughter and I run unencrypted over a VPN;
the other connections are via IMAP-SSL.
>From time to time, for no apparent reason, one of my wife's or my
daughter's accounts stops accepting imap logins. The odd thing is that
only one will go bad, and never mine. I've included a sample transcript
below, with passwords and usernames obscured. The first proves that the
IMAP server is working. The second shows what happens when I try to log
into a hung account: after the login request, the IMAP server delays 15
seconds and then closes the connection. The third demonstrates that
it's not a password problem; a bad password produces a clearcut response
after five seconds.
I've also included relevant syslog lines.
So that's problem #1. It wouldn't be too horribly annoying, because
I've set up a Nagios monitor to watch both accounts and let me know when
they go bad. But problem #2 is I haven't figured out how to fix the
problem except by rebooting the server. *THAT* is a major nuisance.
You'd think that if I restarted courier-authdaemon courier, courier-ssl,
and courier (in that order) all would be well. But no.
So two questions: first, any idea what's going on? And second, can
anybody think of another service I could restart that might be
involved in authentication?
============================================================
Here's the transcript, run on the server to avoid extraneous interference:
mallet:2:506> telnet localhost imap
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT
THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION] Courier-IMAP ready. Copyright
1998-2011 Double Precision, Inc. See COPYING for distribution information.
A login wife wifepw
A OK LOGIN Ok.
A logout
* BYE Courier-IMAP server shutting down
A OK LOGOUT completed
Connection closed by foreign host.
mallet:2:507> telnet localhost imap
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT
THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION] Courier-IMAP ready. Copyright
1998-2011 Double Precision, Inc. See COPYING for distribution information.
A login daughter daughterpw
Connection closed by foreign host.
mallet:2:508> telnet localhost imap
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT
THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION] Courier-IMAP ready. Copyright
1998-2011 Double Precision, Inc. See COPYING for distribution information.
A login daughter badpw
A NO Login failed.
^]
telnet> quit
Connection closed.
============================================================
Here are syslog lines from just before and after the most recent failure
(Nagios alerted me at 19:22). The 76.90.0.0 IP address is the
obfuscated version of my current home IP, 166.137.0.0 is my wife's
iPhone, and 192.168.6.* is my VPN. Note that the daughter's account
didn't produce any log lines after the authdaemond line; a proper
exchange should have generated an imapd LOGIN line next.
Apr 2 19:19:27 mallet imapd-ssl: Connection, ip=[::ffff:76.90.0.0]
Apr 2 19:19:27 mallet authdaemond: received auth request, service=imap,
authtype=login
Apr 2 19:19:27 mallet authdaemond: pam_service=imap, pam_username=wife
Apr 2 19:19:27 mallet imapd-ssl: LOGIN, user=wife, ip=[::ffff:76.90.0.0],
port=[61814], protocol=IMAP
Apr 2 19:19:36 mallet imapd-ssl: LOGOUT, user=wife, ip=[::ffff:76.90.0.0],
headers=0, body=0, rcvd=413, sent=10014, time=9, starttls=1
Apr 2 19:21:03 mallet imapd: Connection, ip=[::ffff:192.168.6.5]
Apr 2 19:21:03 mallet authdaemond: received auth request, service=imap,
authtype=login
Apr 2 19:21:03 mallet authdaemond: pam_service=imap, pam_username=geoff
Apr 2 19:21:03 mallet imapd: LOGIN, user=geoff, ip=[::ffff:192.168.6.5],
port=[44640], protocol=IMAP
Apr 2 19:21:04 mallet imapd: LOGOUT, user=geoff, ip=[::ffff:192.168.6.5],
headers=0, body=0, rcvd=36, sent=341, time=1
Apr 2 19:21:34 mallet imapd-ssl: TIMEOUT, user=wife, ip=[::ffff:166.137.0.0]
, headers=0, body=0, rcvd=403, sent=9986, time=1801, starttls=1
Apr 2 19:22:09 mallet imapd: Connection, ip=[::ffff:127.0.0.1]
Apr 2 19:22:09 mallet authdaemond: received auth request, service=imap,
authtype=login
Apr 2 19:22:09 mallet authdaemond: pam_service=imap, pam_username=daughter
Apr 2 19:24:12 mallet imapd: Connection, ip=[::ffff:127.0.0.1]
Apr 2 19:24:12 mallet authdaemond: received auth request, service=imap,
authtype=login
Apr 2 19:24:12 mallet authdaemond: pam_service=imap, pam_username=wife
Apr 2 19:24:12 mallet imapd: LOGIN, user=wife, ip=[::ffff:127.0.0.1],
port=[57016], protocol=IMAP
Apr 2 19:24:14 mallet imapd: LOGOUT, user=wife, ip=[::ffff:127.0.0.1],
headers=0, body=0, rcvd=9, sent=80, time=2
--
Geoff Kuenning ge...@cs.hmc.edu http://www.cs.hmc.edu/~geoff/
Perl is awk with skin cancer.
-- Henry Spencer
------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire
the most talented Cisco Certified professionals. Visit the
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________
Courier-imap mailing list
Courier-imap@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
