nginx imap proxy issue with imap
mdounin at mdounin.ru
Thu Nov 13 03:48:12 MSK 2008
On Wed, Nov 12, 2008 at 09:48:27PM -0000, David Farrar wrote:
> Thank you for your response.
> > > Has anybody else come across a similar situation and found a way to
> > > resolve the problem?
> > IMHO, at first you should focus on fixing your dovecot's auth - the
> > message you cited is only sent if there was no response from auth
> > server for 30 seconds. This is too many for real life.
> Thank you for the tip. We do have a custom authentication script but I'd be
> looking at that instead of bugging you here if it were really taking
> anywhere near that long :D
> I looked into the most recent release of dovecot and there are actually two
> conditions which can trigger that message. I don't want to spam this list
> with discussion of another software but dovecot is quite widely used so I
> guess it may interest other users of nginx if this behaviour is new or rare:
> The other test checks if there is an established connection to the
> authentication process and stops processing commands if there isn't, writing
> the waiting message to tell the client that it can expect a slight pause. I
> saw the number of running authentication processes increasing and
> descreasing fairly quickly but I don't yet know how dovecot is managing its
> authentication pool so I can only guess at what's happening here without
> looking into it.
Yes, indeed. I'm somehow missed this possibility assuming that
connection to devecot's auth process can't go away in the middle of
operation - but it of course can.
> Getting back to nginx (if people are still reading) -
> I'm not all that
> familiar with imap but I guess that you could safely read data until a line
> with the correct tag is encountered with running the risk of eating a
> response from some other command?
Not really - arbitrary garbage should still close the connection.
But in most cases (not when waiting for initial greeting) we may
safely read/skip/pass-to-client unexpected untagged responses.
> If I have to maintain an out of tree patch
> then the one liner for dovecot is looking the better option but I'd rather
> ask first if this change could be made to nginx since there are surely other
> similar situations that it would avoid.
Personally I think that this change should be made to nginx
eventually, but I'm not Igor.
More information about the nginx