Long Delay in POP3 Login to IMAP
todd
OS: RH7.2
IMAP-200C-15
I still can't understand the meaning in the IMAP FAQ for the solution:
The FAQ wrote:
Source: http://www.washington.edu/imap/IMAP-FAQs/index.html
==============================
Q: Why is there a long delay in mail_open() before I get
connected to the IMAP server?
A:
By default, the c-client library attempts to make a connection
through rsh (and ssh, if you enable that). If the command: rsh
imapserver exec /etc/rimapd (or ssh if that is enabled) returns
with a "* PREAUTH" response, it will use the resulting rsh
session as the IMAP session and not require an authentication
step on the server. Unfortunately, rsh has a design error that
treats "TCP connection refused" as "temporary failure, try again";
it expects the "rsh not allowed" case to be implemented as a
successful connection followed by an error message and close
the connection. It must be emphasized that this is a bug in rsh.
It is NOT a bug in the IMAP toolkit. The use of rsh can be
disabled in any the following ways:
(1) You can disable it for this particular session by either:
(a) setting an explicit port number in the mailbox name,
e.g. {imapserver.foo.com:143}INBOX
(b) using SSL (the /ssl switch)
(2) You can disable it globally by setting the rsh timeout
value to 0 with the call: mail_parameters (NIL,SET_RSHTIMEOUT,0);
===============================
Can someone advise me in more plain English on how
to (1) Setting the explicit port number,,,,, Where is those setting goes
to?
(2) How to implement the DISABLE of the RSH time out to 0 ?
My problem is
from a PC client issue command
telnet pop3.mydomain.com 110
It would take about 30 seconds before the POP3 welcome message
show up for me to enter my username ....and go on the session.
Please help
Thanks
Meng Tsai
those who know me have no need of my name
>My problem is
> from a PC client issue command
> telnet pop3.mydomain.com 110
> It would take about 30 seconds before the POP3 welcome message
> show up for me to enter my username ....and go on the session.
this problem has nothing to do with the faq you quoted. typically this is
due to dns problems or to ident requests being ignored. in the former case
the attempt to resolve the connecting client's name via dns is failing and
the server waits until a timeout expires before proceeding, the solution to
which is to fix your dns. in the laster case the server is attempting to
obtain an ident response from the client and the client is ignores the
request so the server waits for a timeout to expire before proceeding, the
solution to which is to stop the server from making this attempt or to
configure the client to properly respond to the indent attempt.
--
bringing you boring signatures for 17 years
meng tsai
First thanks for your replying, I like to discuss more with you
due to I still have no idea on how to fix it.
(1)
> typically this is due to dns problems or ...
I can't see the problem is on the POP3 server's DNS problem
because :
(a) the POP3 server itself is not running NAMED daemon that
simply the situtation a little bit
(b) the POP3 server itself run SMTP server and in/out email works.
(c) Running NSLOOKUP command while inside the POP3 server,
works fine on resolving all WORLD's name - IP
(d) Running NSLOOKUP from the outside PC/server and
query the POP3 server's name, resolved back correct. That means
the POP3 server's DNS host ISP point the POP3 server right.
So I decided the cause from DNS on the POP3 server side can be
overlook for now. Unless you have further insight.
(2)
> ... or to ident requests being ignored.
I feel puzzle on this due to I don't knoe how OE on the PC side
responding to ident request and how ident can be manipulated/observed on
the pc side.
The same PC that has this problem of long delay to connect to the pop3
server
has no such proble when connected to other POP3 server that is running
the same RH7.2 and IMP 2000c-15 release. And all the PCs
that connected to this POP3 server hast the 30 sec delay of be able to log
on the
pop3 server.
So on this fact, I am lost on your comment to this.
More facts,
May I have your attenion more on this. ? my finding for this long delay,
(1) On a PC , run "telnet pop3.mydomain.com 110"
The PC dos command will not see the POP3 welcome
message until 30 seconds pass after the telnet command was entered.
(2) During that 30 sec periods, I issue the folloing commands on
the POP3 server side,
netstat -na
And I saw following, "SYNC_SENT"
tcp 0 1 pop3server.mydomaain:32901 fw-q.mypc.net:auth SYN_SENT
tcp 0 0 pop3server.mydomaain:pop3 fw-q.mypc.net:14890
ESTABLISHED
tcp 0 2 pop3server.mydomaain:telnet fw-q.mypc.net:14889
ESTABLISHED
(3) When the PC screen shown the POP3 welcome message,
+OK POP3 pop3server.mydomaain.com v2000.70rh server ready
The same "netstat -na" command on the POP3 server side, will not
shwon the "SYNC_SENT" anymore.
And also then, the maillog file will see a line log as below
. .... .. pop3 service init from xxx.xxx.xxx.xxx
So I guess, it has something to do with the "SYNC_SET" stuff.
But I do not know how to fix it ? any more specific idea ?
Great to discuss this with you
Meng
"those who know me have no need of my name" <not-a-rea...@usa.net>
wrote in message news:a8620...@enews3.newsguy.com...
Jorey Bump
> I feel puzzle on this due to I don't knoe how OE on the PC side
> responding to ident request and how ident can be manipulated/observed on
> the pc side.
Remove USERID wherever you see it in /etc/xinetd.conf and the files in
/etc/xinetd.d/. That is your problem.
> The same PC that has this problem of long delay to connect to the pop3
> server
> has no such proble when connected to other POP3 server that is running
> the same RH7.2 and IMP 2000c-15 release.
That's a webmail program running on the local machine, so you won't
notice a problem.
> And all the PCs
> that connected to this POP3 server hast the 30 sec delay of be able to log
> on the
> pop3 server.
That is because they are not running identd servers (and you don't need
them, just apply the xinetd fix mentioned above).
todd
Someone suggest that looking into the DNS for the
Long Delay, about 30 sec. to get to the POP3 welcome banner.
I am puzzled.
The wu-pop3 server runs on RH7.2, v2000-c.
The RH7.2 server , run nslookup can solve
all the NAME , including itself. The RH7.2 server
is not running named itself. Run NSLOOKUP can
also solve the IP of the PC clients that has delay
problems. However those PCs has no delay
problem to connect to other RH62 that run v7.4 IMAP sw.
And another RH6.2 server has no DELAY problem
when TELNET to this RH72 server with port 110.
I checked the cmd "hostname" on the RH72 server,
it returned back coorect name. Checked FWD/REV
name lookup thru NSLOOKUP utility either in
the RH72 server or from any outside internet server
return the RH72 server name/IP correctly.
I don't understand what DNS was configured wrong
on this RH72 server or even on teh PC clients ?
Exactly what section of the DNS is the POP3 code is
looking for? How come the NSLOOKUP can
not identify the same probem that the POP3 code detected
Thanks in adv for advise.
MEng
"todd" <to...@acse.com> wrote in message
news:cmvp8.70415$u77.18...@news02.optonline.net...
Jorey Bump
> Hi
>
> Someone suggest that looking into the DNS for the
> Long Delay, about 30 sec. to get to the POP3 welcome banner.
Not DNS. Remove USERID from /etc/xinetd.conf and all files in
/etc/xinetd.d/.
meng tsai
Thanks first.
I see no USERID in the xinetd.conf file. See below.
Can you please help me again ? thanks
Also, is this behavior perticular to v2000c?
Because the SAME pc has not such delay problem when
retrieve POP email from a RH62 that run v7.4 of IMAP sw.
Meng
----- contents of /etc/xinetd.d ----
defaults
{
instances = 60
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
}
includedir /etc/xinetd.d
----- contents of /etc/xinetd.d/ipop3 ----
# default: off
# description: The POP3 service allows remote users to access their mail \
# using an POP3 client such as Netscape Communicator, mutt, \
# or fetchmail.
service pop3
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/ipop3d
log_on_success += USERID
log_on_failure += USERID
}
---------------------------------
"Jorey Bump" <dev...@joreybump.com> wrote in message
news:3CA74189...@joreybump.com...
Jorey Bump
> Hi Jorey,
>
> Thanks first.
> I see no USERID in the xinetd.conf file. See below.
> Can you please help me again ? thanks
>
> Also, is this behavior perticular to v2000c?
It is specifically a xinetd problem, due to its default settings on most
systems. You will notice the delay on any service launched by xinetd
that tries to log the USERID. Note that it is NOT a bug, xinetd is
behaving correctly, and is an incredible improvement over inetd, IMHO.
The problem is that few clients run an identd server, these days (nor
should they). When none is detected, xinetd waits the required 30
seconds, then continues.
> Because the SAME pc has not such delay problem when
> retrieve POP email from a RH62 that run v7.4 of IMAP sw.
This problem started appearing with RH 7.0, which switched to xinetd as
standard.
> ----- contents of /etc/xinetd.d/ipop3 ----
> # default: off
> # description: The POP3 service allows remote users to access their mail \
> # using an POP3 client such as Netscape Communicator, mutt, \
> # or fetchmail.
> service pop3
> {
> disable = no
> socket_type = stream
> wait = no
> user = root
> server = /usr/sbin/ipop3d
> log_on_success += USERID
> log_on_failure += USERID
> }
> ---------------------------------
Well, there is your problem. You may safely *delete* the lines that
contain USERID. The daemons that come with imap-2000 have their own
logging routines, so it is not necessary to use the logging features of
xinetd with them. They will continue to log just fine.
meng tsai
I don't know how to resolve it.
I think the problem lies in our PIX firewall.
( I appologize that I did not mentioned this clear before.)
The PIX do PAT, not NAT.
Plus, I think somehow the RH72 POP3 server is also
run IDENTD.
So I guess my desire solution is to make sure the
IDENTD is not run in the RH72 which I verified but
not been able to be sure.
I run "ntsysv" and see the it is not checked.
I run "ps -ax " and see no such process existing.
Can anyone advise me how to make sure
v2000c of the IMAP software not using the identd
to challenge the POP3 clients ?
I think the RH6.2 and v7.4 of IMAP has no
such feature enable by default. That was why our
PC has not delay problem when connected to the RH62 POP3 server.
thanks in adv.
Meng
BTW: Removed the "USERID" keyword in /etc/xinetd.d/ipop3 file
did not solve the DELAY problem. And by default. the file
/etc/xinetd.conf has not such keyword in it.
"todd" <to...@acse.com> wrote in message
news:cmvp8.70415$u77.18...@news02.optonline.net...
Jorey Bump
> I think that I found the cause of my long delay problem but
> I don't know how to resolve it.
>
> I think the problem lies in our PIX firewall.
> ( I appologize that I did not mentioned this clear before.)
> The PIX do PAT, not NAT.
> Plus, I think somehow the RH72 POP3 server is also
> run IDENTD.
>
> So I guess my desire solution is to make sure the
> IDENTD is not run in the RH72 which I verified but
> not been able to be sure.
That has nothing to do with it. xinetd is trying to query the USERID
from the *client machine*, which is not usually running an identd server
(especially in the case of Windows).
>
> I run "ntsysv" and see the it is not checked.
> I run "ps -ax " and see no such process existing.
>
> Can anyone advise me how to make sure
> v2000c of the IMAP software not using the identd
> to challenge the POP3 clients ?
It doesn't. Ask Mark Crispin.
> I think the RH6.2 and v7.4 of IMAP has no
> such feature enable by default. That was why our
> PC has not delay problem when connected to the RH62 POP3 server.
It's not related to IMAP or POP3. You will have the same problem with
telnet, if the daemon is started by xinetd and it queries the USERID.
> BTW: Removed the "USERID" keyword in /etc/xinetd.d/ipop3 file
> did not solve the DELAY problem. And by default. the file
> /etc/xinetd.conf has not such keyword in it.
You should reload or restart it after editing the configuration files:
service xinetd reload
or
service xinetd restart
meng tsai
Thanks very much for your time spent on advising me.
> You should reload or restart it after editing the configuration files:
> service xinetd reload
> or
> service xinetd restart
I did reload, restart but no improvement.
This is what I did and found:
On the RH72 sever (all is quite default, not customizaton at all)
(1) I leave the /etc/xinetd.conf alone. as below
# cat xinetd.conf
#
# Simple configuration file for xinetd
#
# Some defaults, and include /etc/xinetd.d/
defaults
{
instances = 60
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
}
includedir /etc/xinetd.d
(2) In file /etc/xinetd.d/ipop3 , change lines
log_on_success += USERID
log_on_failure += USERID
to become
log_on_success += EXIT
log_on_failure += ATTEMPT
Reload the xinetd , even restart.
The result is the DELAY still there.
(3) In file /etc/xinetd.d/ipop3 , delete the 2 lines
log_on_success += USERID
log_on_failure += USERID
entilrely.
Reload the xinetd , even restart.
The result was "connection failed" , when telnet pop3 110 .
Would you like to contribute your time again ?
Thanks
Meng
"Jorey Bump" <dev...@joreybump.com> wrote in message
news:3CA9F1E0...@joreybump.com...
meng tsai
And perticulary to Jorey,
I finally solved the issue and glad to put a close to this thread.
Jorey was absolutely right. The solution was
to remove the 2 lines below, in file /etc/xinet.d/ipop3.
----
log_on_success += USERID
log_on_failure += USERID
----
The reason that it failed in my 1st trying early today was because
I made a copy of the original file /etc/xinetd.d/ipop3 to be as
/etc/xinetd.d/ipop3.orig
That was a mistake that I backup the file to that "/etc/xinet.d "
directory. Appearantly the xinetd daemon will read all the files
in the "include" directory regardless what filename you call it.
That ends my POP3 adventure for now.
For those who like to read more to the related issues, you
may find enjoyment on the following URL, and have a good time,
----------------------------------------
http://www.sdnp.undp.org/rc/forums/tech/sdnptech/msg03068.html
http://www.lawlists.net/pipermail/linux-help/2001-May/000182.html
http://cwrulug.cwru.edu/archive/cwrulug/200011/0043.html
http://www.mediatemple.net/customer_support/kb/1.4.html <<<<<<
For POP3 and IMAP connections, xinetd will make a connection back
to the IP Address that has initiated the POP3 or IMAP connections.
xinetd is trying to connect to the ident port to determine the user
name of the person connecting. This will fail if the user is behind
a firewall because the firewall will not respond to this connection.
----------------------------------------
See you again.
Meng
"Jorey Bump" <dev...@joreybump.com> wrote in message
news:3CA9F1E0...@joreybump.com...
Jorey Bump
> I did reload, restart but no improvement.
>
> This is what I did and found:
> On the RH72 sever (all is quite default, not customizaton at all)
>
> (1) I leave the /etc/xinetd.conf alone. as below
> # cat xinetd.conf
> #
> # Simple configuration file for xinetd
> #
> # Some defaults, and include /etc/xinetd.d/
>
> defaults
> {
> instances = 60
> log_type = SYSLOG authpriv
> log_on_success = HOST PID
> log_on_failure = HOST
> cps = 25 30
> }
>
> includedir /etc/xinetd.d
That's correct.
> (3) In file /etc/xinetd.d/ipop3 , delete the 2 lines
>
> log_on_success += USERID
> log_on_failure += USERID
>
> entilrely.
>
> Reload the xinetd , even restart.
>
> The result was "connection failed" , when telnet pop3 110 .
That's strange. Deleting those lines would not have that effect. Here is
a working /etc/xinetd.d/ipop3:
service pop3
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/ipop3d
}
Yours should look similar.
Make sure xinetd is running. Post the results of this command:
ps ax | grep xinetd
Jorey Bump
> Thanks All
>
> And perticulary to Jorey,
> I finally solved the issue and glad to put a close to this thread.
>
> Jorey was absolutely right. The solution was
> to remove the 2 lines below, in file /etc/xinet.d/ipop3.
> ----
> log_on_success += USERID
> log_on_failure += USERID
> ----
>
> The reason that it failed in my 1st trying early today was because
> I made a copy of the original file /etc/xinetd.d/ipop3 to be as
> /etc/xinetd.d/ipop3.orig
> That was a mistake that I backup the file to that "/etc/xinet.d "
> directory. Appearantly the xinetd daemon will read all the files
> in the "include" directory regardless what filename you call it.
Yes. It will load any configs with the line:
disable = no
(why the developers chose that over "enable = yes" is anyone's guess).
So it is safe to back up files in that directory, as long as you change
that line to:
disable = yes
or alternatively use the command (on Red Hat-related distros):
chkconfig filename off
which merely writes the previous line to the config file. You can see
the services in xinetd's conf file or include directory by typing:
chkconfig --list
xinetd based services and their status will appear at the end. This
allows you to have alternative configurations for the same service,
which you can activate easily with the chkconfig command. One such use
would be to set up a honeypot:
service finger
{
disable = yes
socket_type = stream
wait = no
user = nobody
flags = SENSOR
type = INTERNAL
log_on_success = HOST PID
# deny, in minutes
deny_time = 20
}
Save this as /etc/xinetd.d/honeyfinger and type:
chkconfig finger off
chkconfig honeyfinger on
service xinetd reload
Now any machine that tries to finger you will be denied access to other
xinetd based services for 20 minutes.