mail-proxy, ssl and line termination

Thu Oct 25 10:25:49 UTC 2012

Hello!

On Thu, Oct 25, 2012 at 11:24:58AM +0300, Igor Grabin wrote:

> On Thu, Oct 25, 2012 at 12:04:54PM +0400, Maxim Dounin wrote:
> > > $ hexdump -c inflow.imap.good ( nginx:imap -> exchange:imap)
> > > 0000000   1       L   O   G   I   N       {   9   }  \r  \n   c   a c
> > > 0000010   o   d   e   m   o   n       {   7   }  \r  \n   X   X   X X
> > > 0000020   X   X   X  \r  \n   2       s   e   l   e   c   t       i n
> > > 0000030   b   o   x  \r  \n   3       l   o   g   o   u   t  \r  \n
> > > $ hexdump -c inflow.imap.bad (nginx:imaps -> exchange:imap)
> > > 0000000   1       L   O   G   I   N       {   9   }  \r  \n   c   a c
> > > 0000010   o   d   e   m   o   n       {   7   }  \r  \n   X   X   X X
> > > 0000020   X   X   X  \r  \n   2       s   e   l   e   c   t       i n
> > > 0000030   b   o   x  \n
> > > same goes for pop3 in the same direction - missing '\r' after 'list'
> > > command.
> > The "2 select ..." is not something nginx sent by itself, it's
> > client data it forwarded.  You may take a look at a client you use
> > instead.
> 
> both testcases produced by me, using plain linux telnet and plain
> linux openssl s_client.

So the difference observed more or less comes from telnet vs. 
openssl s_client.  Try "openssl s_client -crlf" instead, quote 
from man s_client:

       -crlf
           this option translated a line feed from the terminal into CR+LF as
           required by some servers.

> I'd kinda expect no '\r' in that case, but it's there in the
> beginning in both cases.

The CRLF is correctly sent in the "LOGIN" command as it's sent by 
nginx itself.

In case of telnet you don't get bare LF as it does LF -> CRLF 
conversion by default.  I would recommend nc (aka netcat) if you 
need raw tcp client without any conversions.

-- 
Maxim Dounin
http://nginx.com/support.html