ispCP - Board - Support - VHCS fork / ispCP Omega Development Area / General discussion / imap traffic - strange things

Post Reply  Post Thread 
Pages (2): [1] 2 Next >
imap traffic - strange things
Author Message
joximu Offline
Moderator
*****

joximu
Moderator
*****


Posts: 3,604
Group: Moderators
Joined: Jan 2007
Status: Offline
Reputation: 47
Post: #1
imap traffic - strange things
Hi

while studying ticket #898 I came across this behaviour on my system.

The traffic counter greps the lines with 'imaplogin' ffrom the mail.log but there's not such line in my log (I have courierpop3login but no imaplogin).

Ok, let's see what's running:
Code:
/usr/sbin/courierlogger -pid=/var/run/courier/imapd-ssl.pid -start -name=imapd-ssl /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 993 /usr/

/usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 993 /usr/bin/couriertls -server -tcpd /usr/lib/courier/courier/imaplogin /usr/bin/imapd Mail

/usr/sbin/courierlogger -pid=/var/run/courier/pop3d-ssl.pid -start -name=pop3d-ssl /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 995 /usr/

/usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 995 /usr/bin/couriertls -server -tcpd /usr/lib/courier/courier/courierpop3login /usr/lib/cou

/usr/sbin/courierlogger -pid=/var/run/courier/authdaemon/pid -start /usr/lib/courier/courier-authlib/authdaemond

/usr/lib/courier/courier-authlib/authdaemond (6 times)

/usr/sbin/courierlogger -pid=/var/run/courier/imapd.pid -start /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 143 /usr/lib/courier/courier/

/usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 143 /usr/lib/courier/courier/imaplogin /usr/bin/imapd Maildir

/usr/sbin/couriertcpd -pid=/var/run/courier/pop3d.pid -stderrlogger=/usr/sbin/courierlogger -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup -address=0 110 /usr/lib/courier/c

/usr/sbin/courierlogger courierpop3login

and the same on a newly set up machine...

in the log I have theese two possibilities:

Code:
Nov 27 11:08:08 laudox courierpop3login: Connection, ip=[::ffff:123.45.67.89]
Nov 27 11:08:11 laudox courierpop3login: LOGIN: ip=[::ffff:123.45.67.89], command=QUIT
Nov 27 11:08:11 laudox courierpop3login: LOGOUT, ip=[::ffff:123.45.67.89]
Nov 27 11:08:11 laudox courierpop3login: Disconnected, ip=[::ffff:123.45.67.89]

Nov 27 11:08:16 laudox couriertcpd: Connection, ip=[::ffff:123.45.67.89]
Nov 27 11:08:32 laudox couriertcpd: LOGIN: ip=[::ffff:123.45.67.89], command=EXIT
Nov 27 11:08:45 laudox couriertcpd: LOGIN: ip=[::ffff:123.45.67.89], command=LOGIN
Nov 27 11:08:48 laudox couriertcpd: LOGIN: ip=[::ffff:123.45.67.89], command=LOGIN

well the IMAP commands are not the right - it's a telnet on 143 :-)

What do others with courier have in their logs?

Greets Joximu
2008-08-05 ispCP RC6 released!!!
11-27-2007 08:12 PM
Visit this user's website Find all posts by this user Quote this message in a reply
ephigenie Offline
Administrator
*******
Administrators

ephigenie
Administrator
*******
Administrators


Posts: 667
Group: Administrators
Joined: Oct 2006
Status: Offline
Reputation: 12
Post: #2
RE: imap traffic - strange things
For me it looks like that :

pop3
Code:
Nov 27 13:37:59 ns2 courierpop3login: Connection, ip=[::ffff:123.45.67.89]
Nov 27 13:37:59 ns2 courierpop3login: LOGIN, user=tralalala@g-house.de, ip=[::ffff:123.45.67.89]
Nov 27 13:37:59 ns2 courierpop3login: LOGOUT, user=tralalala@g-house.de, ip=[::ffff:123.45.67.89], top=0, retr=0, rcvd=12, sent=39, time=0
imap
Code:
Nov 27 13:36:21 ns2 imapd: Connection, ip=[::ffff:123.45.67.89]
Nov 27 13:36:21 ns2 imapd: LOGIN, user=tralalala@g-house.de, ip=[::ffff:123.45.67.89], protocol=IMAP
Nov 27 13:36:21 ns2 imapd: DISCONNECTED, user=tralalala@g-house.de, ip=[::ffff:123.45.67.89], headers=0, body=0, rcvd=67, sent=154, time=0

So i've sent and rcvd in my lines ...

my courier looks like that :
Code:
root      1947  0.0  0.0   1860   436 ?        S    Oct19   0:19 /usr/sbin/couriertcpd -address=0 -maxprocs=200 -maxperip=20 -nodnslookup -noidentlookup 143 /usr/lib/cou             rier/courier/imaplogin /usr/bin/imapd Maildir
root      1958  0.0  0.0   1756   324 ?        S    Oct19   0:00 /usr/sbin/courierlogger -pid=/var/run/courier/imapd-ssl.pid -start -name=imapd-ssl /usr/sbin/couriertcpd                                       -address=0 -maxprocs=200 -maxperip=20 -nodnslookup -noidentlookup 993 /usr/bin/couriertls -server -tcpd /usr/lib/courier/courier/imaplogin /usr/bin/imapd Maildir
root      1969  0.0  0.0   1856   404 ?        S    Oct19   0:21 /usr/sbin/couriertcpd -pid=/var/run/courier/pop3d.pid -stderrlogger=/usr/sbin/courierlogger -maxprocs=20                                      0 -maxperip=20 -nodnslookup -noidentlookup -address=0 110 /usr/lib/courier/courier/courierpop3login /usr/lib/courier/courier/courierpop3d Maildir
root      1982  0.0  0.0   1760   372 ?        S    Oct19   0:01 /usr/sbin/courierlogger -pid=/var/run/courier/pop3d-ssl.pid -start -name=pop3d-ssl /usr/sbin/couriertcpd                                       -address=0 -maxprocs=200 -maxperip=20 -nodnslookup -noidentlookup 995 /usr/bin/couriertls -server -tcpd /usr/lib/courier/courier/courierpop3login /usr/lib/courier/courier/courierpop3d Maildir
root      1983  0.0  0.0   1856   428 ?        S    Oct19   0:01 /usr/sbin/couriertcpd -address=0 -maxprocs=200 -maxperip=20 -nodnslookup -noidentlookup 995 /usr/bin/couriertls -server -tcpd /usr/lib/courier/courier/courierpop3login /usr/lib/courier/courier/courierpop3d Maildir

my logfile is :
/var/log/mail.log
Courier Version is standard etch.

This post was last modified: 11-27-2007 10:42 PM by ephigenie.
11-27-2007 10:36 PM
Visit this user's website Find all posts by this user Quote this message in a reply
joximu Offline
Moderator
*****

joximu
Moderator
*****


Posts: 3,604
Group: Moderators
Joined: Jan 2007
Status: Offline
Reputation: 47
Post: #3
RE: imap traffic - strange things
ok, it's not very different. Most important:

a grep 'imaplogin' in you mail.log finds nothing too...

we have to change the grep expression to get the imap traffic out of the whole mail.log.

/J
2008-08-05 ispCP RC6 released!!!
11-27-2007 11:50 PM
Visit this user's website Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****

BeNe
Moderator
*****


Posts: 2,941
Group: Moderators
Joined: Jan 2007
Status: Offline
Reputation: 41
Post: #4
RE: imap traffic - strange things
I have dovecot and IMAP SSL and this entry:
Code:
Nov 27 06:28:59 vs24XXX dovecot: imap-login: Login: user=<bene@mydomain.tld>, method=plain, rip=217.243.170.XXX, lip=62.75.2XX.XX, TLS

Should grep "imap-login"

Greez BeNe
[Image: ispcpsw.png]
Ein Betriebssystem ist immer nur so gut und sicher wie der Administrator der es verwaltet.
Wie gut der Administrator jedoch seine Fähigkeiten ausspielen kann, legt das Betriebssystem fest.
-> Linux rulZ!
11-28-2007 12:02 AM
Visit this user's website Find all posts by this user Quote this message in a reply
joximu Offline
Moderator
*****

joximu
Moderator
*****


Posts: 3,604
Group: Moderators
Joined: Jan 2007
Status: Offline
Reputation: 47
Post: #5
RE: imap traffic - strange things
Yes with dovecot...

but until today: courier is the default with ispcp....

Seems there will be an update in the dovecot howto so it counts the traffic... :-)

/J
2008-08-05 ispCP RC6 released!!!
11-28-2007 12:21 AM
Visit this user's website Find all posts by this user Quote this message in a reply
joximu Offline
Moderator
*****

joximu
Moderator
*****


Posts: 3,604
Group: Moderators
Joined: Jan 2007
Status: Offline
Reputation: 47
Post: #6
RE: imap traffic - strange things
Hi testers
Can you please test the version of r929?

At least the "no-go" probems should be solved with this...

/Joxi
2008-08-05 ispCP RC6 released!!!
11-28-2007 08:39 PM
Visit this user's website Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****

BeNe
Moderator
*****


Posts: 2,941
Group: Moderators
Joined: Jan 2007
Status: Offline
Reputation: 41
Post: #7
RE: imap traffic - strange things
I´m on the way...

Greez BeNe
[Image: ispcpsw.png]
Ein Betriebssystem ist immer nur so gut und sicher wie der Administrator der es verwaltet.
Wie gut der Administrator jedoch seine Fähigkeiten ausspielen kann, legt das Betriebssystem fest.
-> Linux rulZ!
11-28-2007 08:46 PM
Visit this user's website Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****

BeNe
Moderator
*****


Posts: 2,941
Group: Moderators
Joined: Jan 2007
Status: Offline
Reputation: 41
Post: #8
RE: imap traffic - strange things
No Error now in this Fix - but still 100% CPU usage!
and this script runs and runs and runs....

Greez BeNe
[Image: ispcpsw.png]
Ein Betriebssystem ist immer nur so gut und sicher wie der Administrator der es verwaltet.
Wie gut der Administrator jedoch seine Fähigkeiten ausspielen kann, legt das Betriebssystem fest.
-> Linux rulZ!
11-28-2007 10:20 PM
Visit this user's website Find all posts by this user Quote this message in a reply
joximu Offline
Moderator
*****

joximu
Moderator
*****


Posts: 3,604
Group: Moderators
Joined: Jan 2007
Status: Offline
Reputation: 47
Post: #9
RE: imap traffic - strange things
are you sure it's the new script which runs - I also had some scripts runnning but they were from older releases...
2008-08-05 ispCP RC6 released!!!
11-28-2007 10:23 PM
Visit this user's website Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****

BeNe
Moderator
*****


Posts: 2,941
Group: Moderators
Joined: Jan 2007
Status: Offline
Reputation: 41
Post: #10
RE: imap traffic - strange things
Yes i am sure! Or is there a new on than this --> http://www.isp-control.net/ispcp/changeset/929 ??

Greez BeNe
[Image: ispcpsw.png]
Ein Betriebssystem ist immer nur so gut und sicher wie der Administrator der es verwaltet.
Wie gut der Administrator jedoch seine Fähigkeiten ausspielen kann, legt das Betriebssystem fest.
-> Linux rulZ!
11-28-2007 10:27 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Pages (2): [1] 2 Next >
Post Reply  Post Thread 

View a Printable Version
Send this Thread to a Friend
Subscribe to this thread |
Forum Jump:

Contact Us | isp Control Panel ( ispCP ) a VHCS fork | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication

| All rights reserved : isp-control.net |