nginx imap proxy issue with imap

David Farrar david.farrar at
Thu Nov 13 00:48:27 MSK 2008


Thank you for your response.

> > Has anybody else come across a similar situation and found a way to 
> > resolve the problem?
> IMHO, at first you should focus on fixing your dovecot's auth - the 
> message you cited is only sent if there was no response from auth 
> server for 30 seconds.  This is too many for real life.

Thank you for the tip. We do have a custom authentication script but I'd be
looking at that instead of bugging you here if it were really taking
anywhere near that long :D

I looked into the most recent release of dovecot and there are actually two
conditions which can trigger that message. I don't want to spam this list
with discussion of another software but dovecot is quite widely used so I
guess it may interest other users of nginx if this behaviour is new or rare:

The other test checks if there is an established connection to the
authentication process and stops processing commands if there isn't, writing
the waiting message to tell the client that it can expect a slight pause. I
saw the number of running authentication processes increasing and
descreasing fairly quickly but I don't yet know how dovecot is managing its
authentication pool so I can only guess at what's happening here without
looking into it. 

It's still possible that I'm causing the problem somehow so I'll take a
closer look and speak with the dovecot people if needed. Removing line 349
in function client_input in client.c should help as a quick fix if anyone
else is seeing the same thing:

      client_send_line(client, AUTH_WAITING_MSG);

Getting back to nginx (if people are still reading) - I'm not all that
familiar with imap but I guess that you could safely read data until a line
with the correct tag is encountered with running the risk of eating a
response from some other command? If I have to maintain an out of tree patch
then the one liner for dovecot is looking the better option but I'd rather
ask first if this change could be made to nginx since there are surely other
similar situations that it would avoid.



More information about the nginx mailing list