php imap_open & nginx
umask
umask at yandex.ru
Mon Aug 13 17:53:53 MSD 2007
13.08.07, 14:43, Anton Yuzhaninov <citrin at citrin.ru>:
> Hello umask,
> You wrote on Monday, August 13, 2007, 2:08:23 PM:
> u> 2007/08/13 14:01:21 [info] 15979#0: *4215 client ... connected to 0.0.0.0:143
> u> А вот что выводит сам php:
> u> PHP Warning: imap_open(): Couldn't open stream
> u> {IP:143/notls/novalidate-cert}INBOX in /tmp/2.php on line 2
> u> Can't connect: Can not authenticate to IMAP server: invalid command
> u> PHP Notice: Unknown: Can not authenticate to IMAP server: invalid
> u> command (errflg=2) in Unknown on line 0.
> Судя по всему php пытается использовать метод аутентификации,
> неподдерживаемый nginx
> Стоит посмотреть трафик между php и nginx и все будет ясно (tcpdump
> -s0 -X или удобнее tcpflow)
17:46:02.850962 IP 11.22.33.44.55268 > 11.22.33.44.imap: S 1094578457:1094578457(0) win 32792 <mss 16396,sackOK,timestamp 1022085151 0,nop,wscale 7>
0x0000: 4500 003c 3906 4000 4006 362e d917 8cac E..<9. at .@.6.....
0x0010: d917 8cac d7e4 008f 413d f119 0000 0000 ........A=......
0x0020: a002 8018 b231 0000 0204 400c 0402 080a .....1.... at .....
0x0030: 3ceb c81f 0000 0000 0103 0307 <...........
17:46:02.850992 IP 11.22.33.44.imap > 11.22.33.44.55268: S 1091985573:1091985573(0) ack 1094578458 win 32768 <mss 16396,sackOK,timestamp 1022085151 1022085151,nop,wscale 7>
0x0000: 4500 003c 0000 4000 4006 6f34 d917 8cac E..<.. at .@.o4....
0x0010: d917 8cac 008f d7e4 4116 60a5 413d f11a ........A.`.A=..
0x0020: a012 8000 0b72 0000 0204 400c 0402 080a .....r.... at .....
0x0030: 3ceb c81f 3ceb c81f 0103 0307 <...<.......
17:46:02.851010 IP 11.22.33.44.55268 > 11.22.33.44.imap: . ack 1 win 257 <nop,nop,timestamp 1022085151 1022085151>
0x0000: 4500 0034 3907 4000 4006 3635 d917 8cac E..49. at .@.65....
0x0010: d917 8cac d7e4 008f 413d f11a 4116 60a6 ........A=..A.`.
0x0020: 8010 0101 f395 0000 0101 080a 3ceb c81f ............<...
0x0030: 3ceb c81f <...
17:46:02.851494 IP 11.22.33.44.imap > 11.22.33.44.55268: P 1:19(18) ack 1 win 256 <nop,nop,timestamp 1022085152 1022085151>
0x0000: 4500 0046 a8b9 4000 4006 c670 d917 8cac E..F.. at .@..p....
0x0010: d917 8cac 008f d7e4 4116 60a6 413d f11a ........A.`.A=..
0x0020: 8018 0100 c4fa 0000 0101 080a 3ceb c820 ............<...
0x0030: 3ceb c81f 2a20 4f4b 2049 4d41 5034 2072 <...*.OK.IMAP4.r
0x0040: 6561 6479 0d0a eady..
17:46:02.851512 IP 11.22.33.44.55268 > 11.22.33.44.imap: . ack 19 win 257 <nop,nop,timestamp 1022085152 1022085152>
0x0000: 4500 0034 3908 4000 4006 3634 d917 8cac E..49. at .@.64....
0x0010: d917 8cac d7e4 008f 413d f11a 4116 60b8 ........A=..A.`.
0x0020: 8010 0101 f381 0000 0101 080a 3ceb c820 ............<...
0x0030: 3ceb c820 <...
17:46:02.851832 IP 11.22.33.44.55268 > 11.22.33.44.imap: P 1:22(21) ack 19 win 257 <nop,nop,timestamp 1022085152 1022085152>
0x0000: 4500 0049 3909 4000 4006 361e d917 8cac E..I9. at .@.6.....
0x0010: d917 8cac d7e4 008f 413d f11a 4116 60b8 ........A=..A.`.
0x0020: 8018 0101 9a20 0000 0101 080a 3ceb c820 ............<...
0x0030: 3ceb c820 3030 3030 3030 3030 2043 4150 <...00000000.CAP
0x0040: 4142 494c 4954 590d 0a ABILITY..
17:46:02.851842 IP 11.22.33.44.imap > 11.22.33.44.55268: . ack 22 win 256 <nop,nop,timestamp 1022085152 1022085152>
0x0000: 4500 0034 a8ba 4000 4006 c681 d917 8cac E..4.. at .@.......
0x0010: d917 8cac 008f d7e4 4116 60b8 413d f12f ........A.`.A=./
0x0020: 8010 0100 f36d 0000 0101 080a 3ceb c820 .....m......<...
0x0030: 3ceb c820 <...
17:46:02.852083 IP 11.22.33.44.imap > 11.22.33.44.55268: P 19:168(149) ack 22 win 256 <nop,nop,timestamp 1022085153 1022085152>
0x0000: 4500 00c9 a8bb 4000 4006 c5eb d917 8cac E..... at .@.......
0x0010: d917 8cac 008f d7e4 4116 60b8 413d f12f ........A.`.A=./
0x0020: 8018 0100 063f 0000 0101 080a 3ceb c821 .....?......<..!
0x0030: 3ceb c820 2a20 4341 5041 4249 4c49 5459 <...*.CAPABILITY
0x0040: 2043 4150 4142 494c 4954 5920 494d 4150 .CAPABILITY.IMAP
0x0050: 3420 494d 4150 3472 6576 3120 4155 5448 4.IMAP4rev1.AUTH
0x0060: 3d4c 4f47 494e 2041 434c 204e 414d 4553 =LOGIN.ACL.NAMES
0x0070: 5041 4345 2043 4849 4c44 5245 4e20 534f PACE.CHILDREN.SO
0x0080: 5254 2051 554f 5441 2054 4852 4541 443d RT.QUOTA.THREAD=
0x0090: 4f52 4445 5245 4453 5542 4a45 4354 2055 ORDEREDSUBJECT.U
0x00a0: 4e53 454c 4543 5420 5354 4152 5454 4c53 NSELECT.STARTTLS
0x00b0: 0d0a 3030 3030 3030 3030 204f 4b20 636f ..00000000.OK.co
0x00c0: 6d70 6c65 7465 640d 0a mpleted..
17:46:02.853044 IP 11.22.33.44.55268 > 11.22.33.44.imap: P 22:51(29) ack 168 win 265 <nop,nop,timestamp 1022085153 1022085153>
0x0000: 4500 0051 390a 4000 4006 3615 d917 8cac E..Q9. at .@.6.....
0x0010: d917 8cac d7e4 008f 413d f12f 4116 614d ........A=./A.aM
0x0020: 8018 0109 6a5a 0000 0101 080a 3ceb c821 ....jZ......<..!
0x0030: 3ceb c821 3030 3030 3030 3031 2041 5554 <..!00000001.AUT
0x0040: 4845 4e54 4943 4154 4520 4c4f 4749 4e0d HENTICATE.LOGIN.
0x0050: 0a .
17:46:02.853257 IP 11.22.33.44.imap > 11.22.33.44.55268: P 168:198(30) ack 51 win 256 <nop,nop,timestamp 1022085154 1022085153>
0x0000: 4500 0052 a8bc 4000 4006 c661 d917 8cac E..R.. at .@..a....
0x0010: d917 8cac 008f d7e4 4116 614d 413d f14c ........A.aMA=.L
0x0020: 8018 0100 fdf9 0000 0101 080a 3ceb c822 ............<.."
0x0030: 3ceb c821 3030 3030 3030 3031 2042 4144 <..!00000001.BAD
0x0040: 2069 6e76 616c 6964 2063 6f6d 6d61 6e64 .invalid.command
0x0050: 0d0a ..
17:46:02.853438 IP 11.22.33.44.55268 > 11.22.33.44.imap: P 51:68(17) ack 198 win 265 <nop,nop,timestamp 1022085154 1022085154>
0x0000: 4500 0045 390b 4000 4006 3620 d917 8cac E..E9. at .@.6.....
0x0010: d917 8cac d7e4 008f 413d f14c 4116 616b ........A=.LA.ak
0x0020: 8018 0109 14bf 0000 0101 080a 3ceb c822 ............<.."
0x0030: 3ceb c822 3030 3030 3030 3032 204c 4f47 <.."00000002.LOG
0x0040: 4f55 540d 0a OUT..
17:46:02.853580 IP 11.22.33.44.imap > 11.22.33.44.55268: P 198:228(30) ack 68 win 256 <nop,nop,timestamp 1022085154 1022085154>
0x0000: 4500 0052 a8bd 4000 4006 c660 d917 8cac E..R.. at .@..`....
0x0010: d917 8cac 008f d7e4 4116 616b 413d f15d ........A.akA=.]
0x0020: 8018 0100 4c90 0000 0101 080a 3ceb c822 ....L.......<.."
0x0030: 3ceb c822 2a20 4259 450d 0a30 3030 3030 <.."*.BYE..00000
0x0040: 3030 3220 4f4b 2063 6f6d 706c 6574 6564 002.OK.completed
0x0050: 0d0a ..
17:46:02.853726 IP 11.22.33.44.imap > 11.22.33.44.55268: F 228:228(0) ack 68 win 256 <nop,nop,timestamp 1022085154 1022085154>
0x0000: 4500 0034 a8be 4000 4006 c67d d917 8cac E..4.. at .@..}....
0x0010: d917 8cac 008f d7e4 4116 6189 413d f15d ........A.a.A=.]
0x0020: 8011 0100 f269 0000 0101 080a 3ceb c822 .....i......<.."
0x0030: 3ceb c822 <.."
17:46:02.853874 IP 11.22.33.44.55268 > 11.22.33.44.imap: F 68:68(0) ack 229 win 265 <nop,nop,timestamp 1022085154 1022085154>
0x0000: 4500 0034 390c 4000 4006 3630 d917 8cac E..49. at .@.60....
0x0010: d917 8cac d7e4 008f 413d f15d 4116 618a ........A=.]A.a.
0x0020: 8011 0109 f25f 0000 0101 080a 3ceb c822 ....._......<.."
0x0030: 3ceb c822 <.."
17:46:02.853887 IP 11.22.33.44.imap > 11.22.33.44.55268: . ack 69 win 256 <nop,nop,timestamp 1022085154 1022085154>
0x0000: 4500 0034 a8bf 4000 4006 c67c d917 8cac E..4.. at .@..|....
0x0010: d917 8cac 008f d7e4 4116 618a 413d f15e ........A.a.A=.^
0x0020: 8010 0100 f268 0000 0101 080a 3ceb c822 .....h......<.."
0x0030: 3ceb c822 <.."
nginx.conf:
user nginx nginx;
worker_processes 4;
error_log /var/log/nginx/error.log debug;
#error_log /var/log/nginx/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 512;
# Linux epoll
use epoll;
}
mail {
#auth_http 127.0.0.1:8080/cgi-bin/auth;
auth_http 127.0.0.1:8080/auth.php;
auth_http_timeout 15s;
# use keepalive connections to backend
so_keepalive on;
imap_capabilities "CAPABILITY" "IMAP4" "IMAP4rev1" "AUTH=LOGIN" "ACL" "NAMESPACE" "CHILDREN" "SORT" "QUOTA" "THREAD=ORDEREDSUBJECT" "UNSELECT";
pop3_capabilities "TOP" "USER" "UIDL";
# example for smtp
#smtp_capabilities "SIZE 10485760" ENHANCEDSTATUSCODES 8BITMIME DSN;
# it's work, but HTTP auth server must implement it!
#pop3_auth plain apop cram-md5;
#smtp_auth login plain cram-md5;
pop3_auth plain;
#smtp_auth login plain;
ssl_certificate /etc/nginx/x.ru.pem;
ssl_certificate_key /etc/nginx/x.ru.pem;
# POP3 with STARTTLS
server {
listen 110;
protocol pop3;
proxy on;
starttls on;
}
# POP3 with SSL
server {
listen 995;
protocol pop3;
proxy on;
ssl on;
}
# IMAP with STARTTLS
server {
listen 143;
protocol imap;
proxy on;
starttls on;
}
# IMAP with SSL
server {
listen 993;
protocol imap;
proxy on;
ssl on;
}
# SMTP proxying example
# SMTP
#server {
#listen 25;
#protocol smtp;
#proxy on;
# RFC2821:
#timeout 300s;
#}
# SMTP with SSL
#server {
#listen 465;
#protocol smtp;
#proxy on;
#ssl on;
# RFC2821:
#timeout 300s;
#}
}
http {
include /etc/nginx/mime.types;
#default_type application/octet-stream;
default_type text/plain;
log_format main '$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 30;
#gzip on;
server {
listen 127.0.0.1:8080;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /home/nginx/htdocs;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /home/nginx/htdocs;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/nginx/htdocs$fastcgi_script_name;
fastcgi_param _SERVER /home/nginx/htdocs;
fastcgi_param DOCUMENT_ROOT /home/nginx/htdocs;
include /etc/nginx/fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
#server {
#listen 80;
#server_name test.rupochta.ru;
#access_log /var/log/nginx/tomcat_access.log main;
#location / {
# proxy_pass http://localhost:9090/;
# proxy_set_header X-Real-IP $remote_addr;
#}
#}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
Из tcpdump видно, что используется AUTHENTICATE LOGIN. В этом и состоит проблема.
Как её возможно решить?
Я так полагаю, что imap capabilities можно поправить?
А как заставить php imap_open использовать LOGIN аутентификацию?
More information about the nginx-ru
mailing list