Current time: 11-16-2024, 04:53 PM Hello There, Guest! (LoginRegister)


Post Reply 
imap traffic - strange things
Author Message
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #1
imap traffic - strange things
Hi

while studying ticket #898 I came across this behaviour on my system.

The traffic counter greps the lines with 'imaplogin' ffrom the mail.log but there's not such line in my log (I have courierpop3login but no imaplogin).

Ok, let's see what's running:
Code:
/usr/sbin/courierlogger -pid=/var/run/courier/imapd-ssl.pid -start -name=imapd-ssl /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 993 /usr/

/usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 993 /usr/bin/couriertls -server -tcpd /usr/lib/courier/courier/imaplogin /usr/bin/imapd Mail

/usr/sbin/courierlogger -pid=/var/run/courier/pop3d-ssl.pid -start -name=pop3d-ssl /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 995 /usr/

/usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 995 /usr/bin/couriertls -server -tcpd /usr/lib/courier/courier/courierpop3login /usr/lib/cou

/usr/sbin/courierlogger -pid=/var/run/courier/authdaemon/pid -start /usr/lib/courier/courier-authlib/authdaemond

/usr/lib/courier/courier-authlib/authdaemond (6 times)

/usr/sbin/courierlogger -pid=/var/run/courier/imapd.pid -start /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 143 /usr/lib/courier/courier/

/usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 143 /usr/lib/courier/courier/imaplogin /usr/bin/imapd Maildir

/usr/sbin/couriertcpd -pid=/var/run/courier/pop3d.pid -stderrlogger=/usr/sbin/courierlogger -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup -address=0 110 /usr/lib/courier/c

/usr/sbin/courierlogger courierpop3login

and the same on a newly set up machine...

in the log I have theese two possibilities:

Code:
Nov 27 11:08:08 laudox courierpop3login: Connection, ip=[::ffff:123.45.67.89]
Nov 27 11:08:11 laudox courierpop3login: LOGIN: ip=[::ffff:123.45.67.89], command=QUIT
Nov 27 11:08:11 laudox courierpop3login: LOGOUT, ip=[::ffff:123.45.67.89]
Nov 27 11:08:11 laudox courierpop3login: Disconnected, ip=[::ffff:123.45.67.89]

Nov 27 11:08:16 laudox couriertcpd: Connection, ip=[::ffff:123.45.67.89]
Nov 27 11:08:32 laudox couriertcpd: LOGIN: ip=[::ffff:123.45.67.89], command=EXIT
Nov 27 11:08:45 laudox couriertcpd: LOGIN: ip=[::ffff:123.45.67.89], command=LOGIN
Nov 27 11:08:48 laudox couriertcpd: LOGIN: ip=[::ffff:123.45.67.89], command=LOGIN

well the IMAP commands are not the right - it's a telnet on 143 :-)

What do others with courier have in their logs?

Greets Joximu
11-27-2007 08:12 PM
Visit this user's website Find all posts by this user Quote this message in a reply
ephigenie Offline
Project Leader
*******
Administrators

Posts: 1,578
Joined: Oct 2006
Reputation: 15
Post: #2
RE: imap traffic - strange things
For me it looks like that :

pop3
Code:
Nov 27 13:37:59 ns2 courierpop3login: Connection, ip=[::ffff:123.45.67.89]
Nov 27 13:37:59 ns2 courierpop3login: LOGIN, user=tralalala@g-house.de, ip=[::ffff:123.45.67.89]
Nov 27 13:37:59 ns2 courierpop3login: LOGOUT, user=tralalala@g-house.de, ip=[::ffff:123.45.67.89], top=0, retr=0, rcvd=12, sent=39, time=0
imap
Code:
Nov 27 13:36:21 ns2 imapd: Connection, ip=[::ffff:123.45.67.89]
Nov 27 13:36:21 ns2 imapd: LOGIN, user=tralalala@g-house.de, ip=[::ffff:123.45.67.89], protocol=IMAP
Nov 27 13:36:21 ns2 imapd: DISCONNECTED, user=tralalala@g-house.de, ip=[::ffff:123.45.67.89], headers=0, body=0, rcvd=67, sent=154, time=0

So i've sent and rcvd in my lines ...

my courier looks like that :
Code:
root      1947  0.0  0.0   1860   436 ?        S    Oct19   0:19 /usr/sbin/couriertcpd -address=0 -maxprocs=200 -maxperip=20 -nodnslookup -noidentlookup 143 /usr/lib/cou             rier/courier/imaplogin /usr/bin/imapd Maildir
root      1958  0.0  0.0   1756   324 ?        S    Oct19   0:00 /usr/sbin/courierlogger -pid=/var/run/courier/imapd-ssl.pid -start -name=imapd-ssl /usr/sbin/couriertcpd                                       -address=0 -maxprocs=200 -maxperip=20 -nodnslookup -noidentlookup 993 /usr/bin/couriertls -server -tcpd /usr/lib/courier/courier/imaplogin /usr/bin/imapd Maildir
root      1969  0.0  0.0   1856   404 ?        S    Oct19   0:21 /usr/sbin/couriertcpd -pid=/var/run/courier/pop3d.pid -stderrlogger=/usr/sbin/courierlogger -maxprocs=20                                      0 -maxperip=20 -nodnslookup -noidentlookup -address=0 110 /usr/lib/courier/courier/courierpop3login /usr/lib/courier/courier/courierpop3d Maildir
root      1982  0.0  0.0   1760   372 ?        S    Oct19   0:01 /usr/sbin/courierlogger -pid=/var/run/courier/pop3d-ssl.pid -start -name=pop3d-ssl /usr/sbin/couriertcpd                                       -address=0 -maxprocs=200 -maxperip=20 -nodnslookup -noidentlookup 995 /usr/bin/couriertls -server -tcpd /usr/lib/courier/courier/courierpop3login /usr/lib/courier/courier/courierpop3d Maildir
root      1983  0.0  0.0   1856   428 ?        S    Oct19   0:01 /usr/sbin/couriertcpd -address=0 -maxprocs=200 -maxperip=20 -nodnslookup -noidentlookup 995 /usr/bin/couriertls -server -tcpd /usr/lib/courier/courier/courierpop3login /usr/lib/courier/courier/courierpop3d Maildir

my logfile is :
/var/log/mail.log
Courier Version is standard etch.
(This post was last modified: 11-27-2007 10:42 PM by ephigenie.)
11-27-2007 10:36 PM
Visit this user's website Find all posts by this user Quote this message in a reply
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #3
RE: imap traffic - strange things
ok, it's not very different. Most important:

a grep 'imaplogin' in you mail.log finds nothing too...

we have to change the grep expression to get the imap traffic out of the whole mail.log.

/J
11-27-2007 11:50 PM
Visit this user's website Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #4
RE: imap traffic - strange things
I have dovecot and IMAP SSL and this entry:
Code:
Nov 27 06:28:59 vs24XXX dovecot: imap-login: Login: user=<bene@mydomain.tld>, method=plain, rip=217.243.170.XXX, lip=62.75.2XX.XX, TLS

Should grep "imap-login"

Greez BeNe
11-28-2007 12:02 AM
Visit this user's website Find all posts by this user Quote this message in a reply
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #5
RE: imap traffic - strange things
Yes with dovecot...

but until today: courier is the default with ispcp....

Seems there will be an update in the dovecot howto so it counts the traffic... :-)

/J
11-28-2007 12:21 AM
Visit this user's website Find all posts by this user Quote this message in a reply
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #6
RE: imap traffic - strange things
Hi testers
Can you please test the version of r929?

At least the "no-go" probems should be solved with this...

/Joxi
11-28-2007 08:39 PM
Visit this user's website Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #7
RE: imap traffic - strange things
I´m on the way...

Greez BeNe
11-28-2007 08:46 PM
Visit this user's website Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #8
RE: imap traffic - strange things
No Error now in this Fix - but still 100% CPU usage!
and this script runs and runs and runs....

Greez BeNe
11-28-2007 10:20 PM
Visit this user's website Find all posts by this user Quote this message in a reply
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #9
RE: imap traffic - strange things
are you sure it's the new script which runs - I also had some scripts runnning but they were from older releases...
11-28-2007 10:23 PM
Visit this user's website Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #10
RE: imap traffic - strange things
Yes i am sure! Or is there a new on than this --> http://www.isp-control.net/ispcp/changeset/929 ??

Greez BeNe
11-28-2007 10:27 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 3 Guest(s)