Forum: NGINX intermittent connectivity issues ngx_mail_pop3_module

57106161f6dec1bed04d326b96e1e5d0?d=identicon&s=25 Markus Gerstel (Guest)
on 2013-10-08 21:43
(Received via mailing list)
Hi everyone,

I've recently installed nginx as a POP3/IMAP proxy, fronting for a
single server. Everything works most of the time. But every once in a
while, nginx fails to forward incoming connections with "-ERR internal
server error".
I've narrowed it down to the stage *after* the authorization, but need
some help interpreting the nginx debug output.

Here's a failing session: http://pastebin.com/VtQKsb92
and a successful session: http://pastebin.com/vae5YwAy

They start to diverge at line 107:

success:
  *3181 recv: fd:18 18 of 4096
  *3181 mail proxy send user
  *3181 send: fd:18 13 of 13
  *3181 post event 0000000001CE83D0
  *3181 post event 0000000001D1C3E0
  *3181 delete posted event 0000000001D1C3E0
  *3181 mail proxy dummy handler

failure:
  *3028 recv: fd:26 0 of 4096
  *3028 close mail proxy connection: 26
  *3028 event timer del: 26: 1381257081145
  *3028 reusable connection: 0
  *3028 SSL to write: 28
  *3028 SSL_write: 28
  *3028 close mail connection: 23

What does 'recv 0' mean? Does this mean that nginx has a problem in
opening the connection to the actual pop3 server? (If I open connections
from the nginx computer to the pop3 server directly they always work.)

Anyone have an idea how to get more information from nginx at this
stage?

-Markus



tried with 1.2.1 and
nginx version: nginx/1.4.1
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx
--conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-log-path=/var/log/nginx/access.log
--http-proxy-temp-path=/var/lib/nginx/proxy
--http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi
--lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid
--with-pcre-jit --with-debug --with-http_addition_module
--with-http_dav_module --with-http_geoip_module
--with-http_gzip_static_module --with-http_image_filter_module
--with-http_realip_module --with-http_stub_status_module
--with-http_ssl_module --with-http_sub_module --with-http_xslt_module
--with-ipv6 --with-mail --with-mail_ssl_module
--add-module=/build/nginx-WYjrxz/nginx-1.4.1/debian/modules/nginx-auth-pam
--add-module=/build/nginx-WYjrxz/nginx-1.4.1/debian/modules/nginx-dav-ext-module
--add-module=/build/nginx-WYjrxz/nginx-1.4.1/debian/modules/nginx-echo
--add-module=/build/nginx-WYjrxz/nginx-1.4.1/debian/modules/nginx-upstream-fair
--add-module=/build/nginx-WYjrxz/nginx-1.4.1/debian/modules/ngx_http_substitutions_filter_module


POP3 communication - success case:
fetchmail: POP3< +OK POP3 ready
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< SASL LOGIN PLAIN
fetchmail: POP3< STLS
fetchmail: POP3< .
fetchmail: POP3> STLS
fetchmail: POP3< +OK
fetchmail: Server certificate:
(..)
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< SASL LOGIN PLAIN
fetchmail: POP3< .
fetchmail: upgrade to TLS succeeded.
fetchmail: POP3> USER web1p1
fetchmail: POP3< +OK
fetchmail: POP3> PASS *
fetchmail: POP3< +OK logged in.
fetchmail: POP3> STAT
fetchmail: POP3< +OK 0 0
fetchmail: No mail for web1p1
fetchmail: POP3> QUIT
fetchmail: POP3< +OK Bye-bye.


POP3 communication - failure case:
fetchmail: POP3< +OK POP3 ready
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< SASL LOGIN PLAIN
fetchmail: POP3< STLS
fetchmail: POP3< .
fetchmail: POP3> STLS
fetchmail: POP3< +OK
fetchmail: Server certificate:
(..)
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< SASL LOGIN PLAIN
fetchmail: POP3< .
fetchmail: upgrade to TLS succeeded.
fetchmail: POP3> USER web1p1
fetchmail: POP3< +OK
fetchmail: POP3> PASS *
fetchmail: POP3< -ERR internal server error
fetchmail: POP3> QUIT



POP3 communication - failure case:
fetchmail: POP3< +OK POP3 ready
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< SASL LOGIN PLAIN
fetchmail: POP3< STLS
fetchmail: POP3< .
fetchmail: POP3> STLS
fetchmail: POP3< +OK
fetchmail: Server certificate:
(..)
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< SASL LOGIN PLAIN
fetchmail: POP3< .
fetchmail: upgrade to TLS succeeded.
fetchmail: POP3> USER web1p1
fetchmail: POP3< +OK
fetchmail: POP3> PASS *
fetchmail: POP3< -ERR internal server error
fetchmail: POP3> QUIT
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2013-10-09 13:10
(Received via mailing list)
Hello!

On Tue, Oct 08, 2013 at 08:42:56PM +0100, Markus Gerstel wrote:

> Hi everyone,
>
> I've recently installed nginx as a POP3/IMAP proxy, fronting for a
> single server. Everything works most of the time. But every once in
> a while, nginx fails to forward incoming connections with "-ERR
> internal server error".
> I've narrowed it down to the stage *after* the authorization, but
> need some help interpreting the nginx debug output.

[...]

> opening the connection to the actual pop3 server? (If I open
> connections from the nginx computer to the pop3 server directly they
> always work.)

It means the recv() syscall returned 0, which in turn means
connection was closed by other side, i.e. by your backend server.
Try looking into your backend's logs to find out why - there is no
additional information available on nginx side.

--
Maxim Dounin
http://nginx.org/en/donation.html
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.