Folks,
Just ran into a problem, that fortunately for us - only affected about a
dozen or so people before it was caught - but has the potential to affect
several hundred to a few thousand if we were to roll with our software the
way it currently is.
I'll break it down a bit more here:
We have approximately 20 servers running a very old version of
Courier-everything. These servers are some old Dells running i586 version
of OpenSUSE 10.2 The RPMs we have installed are as follows:
courier-authlib-0.58-1
courier-authlib-devel-0.58-1
courier-maildrop-2.0.3-1
courier-imap-4.1.3-1
Our new servers are some Sun X4100s running X86-64 version of OpenSUSE
10.3 with the following RPMs installed:
courier-authlib-0.61.0-1
courier-authlib-devel-0.61.0-1
courier-maildrop-2.0.3-1
courier-imap-4.4.1-1
Architecture gap aside, you can see there is also a gap between the
versions of Courier that we are running. Now, I've dug through the
archives and found a small number of instances of a similiar situation
happening and its always blamed on the client, Outlook/MacMail/etc. I am
not going to argue that the clients are blame-free, because I know these
clients have faults, but what we just experienced throws some weight into
server side issues as well.
What happened was our series of older boxes, which I'll call sysA through
sysT we're serving along nicely, pop3d-ssl and imapd-ssl. We added sysX to
the rotation (the newer hardware + software) and suddenly what happened is
that when people bounced between sysA-T and sysX is that they would
download nearly all of their messages again. If they bounced between
these servers several times they downloaded their messages as many as
several thousand times...
Let me further clarify that all of these people have their settings in
Outlook/Macmail set to "Leave a copy of the message on server"
I've diff'd the pop3d-ssl files we have in /usr/lib/courier-imap/etc and
certainly there are some new options in the newer version of the software
that do not even exist (in comments) in our older config files. However,
the only significant differences I can find between the two files are:
sysA-T (older)
TLS_PROTOCOL=SSL3
TLS_CERTFILE=${prefix}/share/pop3d.pem
sysX (newer)
TLS_PROTOCOL= <-- NOT DEFINED, but I set to SSL23 (because seeting it to
only SSL3 seemed to throw errors)
TLS_CERTFILE=/usr/lib/courier-imap/share/pop3d.pem <--pretty much the same
path as above
The only other thing that stood out to me was something that is commented
out and furthermore appears as though the default is set to 0, but lists
different potential values
sysA-T (older)
# TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
sysX (newer)
# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:[EMAIL PROTECTED]"
This leaves me wondering, what else am I missing? I've compared numerous
config files and startup files and so far I can see reason why this is
happening
Are there significant code changes to the way pop3d-ssl handles requests
between these versions of courier? Another item to note is we also did
testing where we deleted the courierpop3dsizelist file to see what would
happen between hosts/tests. We noticed that Outlook did not recreate this
file, but Macmail did. Regardless, it still did not solve our problem.
Any ideas about what's going on, and what I can do to avoid rolling out
software that will make everyone download all of their messages via POP3
at least one more time than they care for?
Thanks!
./brm
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
