mail-proxy, ssl and line termination

[Maxim Dounin]

Hello!

On Thu, Oct 25, 2012 at 10:07:38AM +0300, Igor Grabin wrote:

> Good morning,
> 
> maybe, I'm posting this to the wrong place. nginx-devel@ rejected
> this.
> 
> any pointers appreciated :-)
> 
> the setup...
>  1 nginx frontend, pop3 / pop3s / imap / imaps
>  2 backends, dovecot + ms-exchange.
> 
> the problem:
>  pop3s / imaps connections being forwarded to exchange (in other
> words, decapsulated from ssl) stall after login.
>  otherwise, all types of connections work fine, i.e.
>  nginx:pop3s -> dovecot:pop3, nginx:pop3 -> exchange:pop3
> 
> tested on 1.2.4 as bundled with ubuntu 10.10, and 1.3.7, compiled by
> hand.
> 
> I did a bit of tracing and have an assumption. nginx doesn't put an
> extra '\r' in a first statement of ssl-decapsulated session.
> here's a sample (being captured between nginx and a backend). this may
> upset redmond-based products ;-).
> 
> $ hexdump -c inflow.imap.good ( nginx:imap -> exchange:imap)
> 0000000   1       L   O   G   I   N       {   9   }  \r  \n   c   a c
> 0000010   o   d   e   m   o   n       {   7   }  \r  \n   X   X   X X
> 0000020   X   X   X  \r  \n   2       s   e   l   e   c   t       i n
> 0000030   b   o   x  \r  \n   3       l   o   g   o   u   t  \r  \n
> 
> $ hexdump -c inflow.imap.bad (nginx:imaps -> exchange:imap)
> 0000000   1       L   O   G   I   N       {   9   }  \r  \n   c   a c
> 0000010   o   d   e   m   o   n       {   7   }  \r  \n   X   X   X X
> 0000020   X   X   X  \r  \n   2       s   e   l   e   c   t       i n
> 0000030   b   o   x  \n
> 
> same goes for pop3 in the same direction - missing '\r' after 'list'
> command.

The "2 select ..." is not something nginx sent by itself, it's 
client data it forwarded.  You may take a look at a client you use 
instead.

-- 
Maxim Dounin
http://nginx.com/support.html