Intermittent connectivity issues ngx_mail_pop3_module

Server NGINX
1

Hi everyone,

I’ve recently installed nginx as a POP3/IMAP proxy, fronting for a
single server. Everything works most of the time. But every once in a
while, nginx fails to forward incoming connections with “-ERR internal
server error”.
I’ve narrowed it down to the stage after the authorization, but need
some help interpreting the nginx debug output.

Here’s a failing session: Failed session - Pastebin.com
and a successful session: Success session - Pastebin.com

They start to diverge at line 107:

success:
*3181 recv: fd:18 18 of 4096
*3181 mail proxy send user
*3181 send: fd:18 13 of 13
*3181 post event 0000000001CE83D0
*3181 post event 0000000001D1C3E0
*3181 delete posted event 0000000001D1C3E0
*3181 mail proxy dummy handler

failure:
*3028 recv: fd:26 0 of 4096
*3028 close mail proxy connection: 26
*3028 event timer del: 26: 1381257081145
*3028 reusable connection: 0
*3028 SSL to write: 28
*3028 SSL_write: 28
*3028 close mail connection: 23

What does ‘recv 0’ mean? Does this mean that nginx has a problem in
opening the connection to the actual pop3 server? (If I open connections
from the nginx computer to the pop3 server directly they always work.)

Anyone have an idea how to get more information from nginx at this
stage?

-Markus

tried with 1.2.1 and
nginx version: nginx/1.4.1
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx
–conf-path=/etc/nginx/nginx.conf
–error-log-path=/var/log/nginx/error.log
–http-client-body-temp-path=/var/lib/nginx/body
–http-fastcgi-temp-path=/var/lib/nginx/fastcgi
–http-log-path=/var/log/nginx/access.log
–http-proxy-temp-path=/var/lib/nginx/proxy
–http-scgi-temp-path=/var/lib/nginx/scgi
–http-uwsgi-temp-path=/var/lib/nginx/uwsgi
–lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid
–with-pcre-jit --with-debug --with-http_addition_module
–with-http_dav_module --with-http_geoip_module
–with-http_gzip_static_module --with-http_image_filter_module
–with-http_realip_module --with-http_stub_status_module
–with-http_ssl_module --with-http_sub_module --with-http_xslt_module
–with-ipv6 --with-mail --with-mail_ssl_module
–add-module=/build/nginx-WYjrxz/nginx-1.4.1/debian/modules/nginx-auth-pam
–add-module=/build/nginx-WYjrxz/nginx-1.4.1/debian/modules/nginx-dav-ext-module
–add-module=/build/nginx-WYjrxz/nginx-1.4.1/debian/modules/nginx-echo
–add-module=/build/nginx-WYjrxz/nginx-1.4.1/debian/modules/nginx-upstream-fair
–add-module=/build/nginx-WYjrxz/nginx-1.4.1/debian/modules/ngx_http_substitutions_filter_module

POP3 communication - success case:
fetchmail: POP3< +OK POP3 ready
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< SASL LOGIN PLAIN
fetchmail: POP3< STLS
fetchmail: POP3< .
fetchmail: POP3> STLS
fetchmail: POP3< +OK
fetchmail: Server certificate:
(…)
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< SASL LOGIN PLAIN
fetchmail: POP3< .
fetchmail: upgrade to TLS succeeded.
fetchmail: POP3> USER web1p1
fetchmail: POP3< +OK
fetchmail: POP3> PASS *
fetchmail: POP3< +OK logged in.
fetchmail: POP3> STAT
fetchmail: POP3< +OK 0 0
fetchmail: No mail for web1p1
fetchmail: POP3> QUIT
fetchmail: POP3< +OK Bye-bye.

POP3 communication - failure case:
fetchmail: POP3< +OK POP3 ready
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< SASL LOGIN PLAIN
fetchmail: POP3< STLS
fetchmail: POP3< .
fetchmail: POP3> STLS
fetchmail: POP3< +OK
fetchmail: Server certificate:
(…)
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< SASL LOGIN PLAIN
fetchmail: POP3< .
fetchmail: upgrade to TLS succeeded.
fetchmail: POP3> USER web1p1
fetchmail: POP3< +OK
fetchmail: POP3> PASS *
fetchmail: POP3< -ERR internal server error
fetchmail: POP3> QUIT

POP3 communication - failure case:
fetchmail: POP3< +OK POP3 ready
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< SASL LOGIN PLAIN
fetchmail: POP3< STLS
fetchmail: POP3< .
fetchmail: POP3> STLS
fetchmail: POP3< +OK
fetchmail: Server certificate:
(…)
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< SASL LOGIN PLAIN
fetchmail: POP3< .
fetchmail: upgrade to TLS succeeded.
fetchmail: POP3> USER web1p1
fetchmail: POP3< +OK
fetchmail: POP3> PASS *
fetchmail: POP3< -ERR internal server error
fetchmail: POP3> QUIT

2

Hello!

On Tue, Oct 08, 2013 at 08:42:56PM +0100, Markus Gerstel wrote:

Hi everyone,

I’ve recently installed nginx as a POP3/IMAP proxy, fronting for a
single server. Everything works most of the time. But every once in
a while, nginx fails to forward incoming connections with “-ERR
internal server error”.
I’ve narrowed it down to the stage after the authorization, but
need some help interpreting the nginx debug output.

[…]

opening the connection to the actual pop3 server? (If I open
connections from the nginx computer to the pop3 server directly they
always work.)

It means the recv() syscall returned 0, which in turn means
connection was closed by other side, i.e. by your backend server.
Try looking into your backend’s logs to find out why - there is no
additional information available on nginx side.


Maxim D.
http://nginx.org/en/donation.html