389461 – Intermittent IMAP server failure

Bug 389461 - Intermittent IMAP server failure

Summary: Intermittent IMAP server failure

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Infrastructure
Classification:	Unclassified
Component:	Other (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Infrastructure

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-11-03 22:30 UTC by Gilles Dartiguelongue (RETIRED)
Modified:	2011-11-21 16:30 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Gilles Dartiguelongue (RETIRED) gentoo-dev

2011-11-03 22:30:15 UTC

Hi,

I've been having problems contacting gentoo IMAP server for weeks but didn't know whether to blame transatlantic link, evolution or gentoo infra itself. Well, it looks like it's not evolution at least. Here's what I've got connecting "by hand":

$ openssl s_client -connect mail.gentoo.org:993
CONNECTED(00000003)
139872629479080:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 211 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

This very same command worked fine like 10 minutes ago and I was able to perform IMAP operations just fine.

Here is the result of previous run:

$ openssl s_client -connect mail.gentoo.org:993
CONNECTED(00000003)
depth=2 O = Root CA, OU = http://www.cacert.org, CN = CA Cert Signing Authority, emailAddress = support@cacert.org
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/C=US/ST=New Mexico/L=Albuquerque/O=GENTOO Foundation, Inc./OU=dev.gentoo.org IMAP SSL key/CN=dev.gentoo.org
   i:/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
 1 s:/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
   i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org
 2 s:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org
   i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIE9TCCAt2gAwIBAgIDANVGMA0GCSqGSIb3DQEBBQUAMFQxFDASBgNVBAoTC0NB
Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV
BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTEwNjIwMDE1OTI5WhcNMTMwNjE5
MDE1OTI5WjCBmTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBNZXhpY28xFDAS
BgNVBAcTC0FsYnVxdWVycXVlMSAwHgYDVQQKExdHRU5UT08gRm91bmRhdGlvbiwg
SW5jLjEkMCIGA1UECxMbZGV2LmdlbnRvby5vcmcgSU1BUCBTU0wga2V5MRcwFQYD
VQQDEw5kZXYuZ2VudG9vLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN4p7MDeNwbIwAe5yKx/cKciJdhwm45f2XXQMu8i1Dxi/pFOGb6ProFoHZJV
cn52/XnB7a4VJ3H2G/vgInnR9w6Z3kB7MEVfZrdLf/PLT7YBS63OawzhISyPGy3n
ldOCIACYZfUvIaGvpc9x0SCPQQGJEFqJ34Q88whrHpRtawudlsiiJQ9Ee17w4eTI
5yC/LPDgGPk/eo0xxMzZ2Utse0gFZmSiSFnPQBM9dLr21MW7lsGgWvuBuynrYJze
AHbVcimari8JdbXTBjS/ffyzJ2QTPfUhIKEtf0tjlh9dIBDASGP08IXEJf+KFcs8
vhiIWxedD9bThDAm8GfTp7wNHGUCAwEAAaOBiTCBhjAMBgNVHRMBAf8EAjAAMDQG
A1UdJQQtMCsGCCsGAQUFBwMCBggrBgEFBQcDAQYJYIZIAYb4QgQBBgorBgEEAYI3
CgMDMAsGA1UdDwQEAwIFoDAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0
dHA6Ly9vY3NwLmNhY2VydC5vcmcvMA0GCSqGSIb3DQEBBQUAA4ICAQCeXSd2gQZo
bL+woilqv6sXfc15hyKTr2I2RTwY0joMMXTmNHjEdWx+FWULs1kAKIsbyqNEa47y
aIIpj2IZU8ekkrtCtTMSfTjW7VQSHJXN036xZtbUtL5H5aUyGXqnrkmAy1sJF4YO
+Ha940fPaIjhAieScDwsWjFoO1+1PLJN20t0HklAfswoXQ4EiU+Mns8i7bqyc1c1
/nj6drYXhE+zi+5JM7pzMzQ+dOP62CnprXIS2ha7HUA/e00cJqE0eqTljhF7JfON
3kTyJYBeRoVN0ButsPR+cv6dhZEVM/ge4H2EnT1Y5vgmd4ohvhWKPZg4VaCIk4Q7
IHo1sQG7Ms9IAw+B1ONN5PwS7ZRuQ+xeilEfmTEVo8nm+uPUV4RVP5qW+WE42YZi
53p4STRqRmUtp4bq3Y5OUdGG9IJeyBwGfudZ2yOFma79GfD1L8dul1NDwvt1EzOW
DTr1tbVK4DvmXrOw4CkelL/ueW2DC4poy/NS9ujUf0fjJVd9JRvUer8C82vcrcaa
fSexQnTllOxYXLJ6zzpCwb+yphT/F9p6eOq/08TUOK7dlrIVw8xnXzum0S2wZZ9W
FxP0cbzpJCqx5xM1ZrEijUN234THnFXSh7P9GzFZx4dzbwnoJTbJ2pLEBe2I2+Tm
iNKHAj4YZwttBexXja6QBe4OtmRTuCiEgA==
-----END CERTIFICATE-----
subject=/C=US/ST=New Mexico/L=Albuquerque/O=GENTOO Foundation, Inc./OU=dev.gentoo.org IMAP SSL key/CN=dev.gentoo.org
issuer=/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
---
No client certificate CA names sent
---
SSL handshake has read 5000 bytes and written 537 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: 4EBBAC6AC9DD381411BAD1BB052F93371B8D9820D006ECB3317C664B96D35ED0
    Session-ID-ctx: 
    Master-Key: 3AAA76619C88677E38444311C36105DE182E7F8570D0FC896D89AE1B54CFB9B61F687D71BEDEEC8A566BBA47D21B225D
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket:
    0000 - 06 9a bf 28 b3 39 c5 be-62 76 17 b2 4d b3 db d6   ...(.9..bv..M...
    0010 - e3 2b 10 96 e2 07 3b c9-d2 b3 8a 63 a2 9f ed 28   .+....;....c...(
    0020 - 1f 24 07 ad 18 f8 11 12-75 8a 6a 25 29 98 6e f0   .$......u.j%).n.
    0030 - cf 54 99 fa 4f d1 c6 50-2d 30 12 de 46 15 74 28   .T..O..P-0..F.t(
    0040 - 7e 01 aa 0d 2b 95 d0 96-ec 72 22 ce 75 ef b4 0e   ~...+....r".u...
    0050 - 62 1b eb 03 01 e6 4d b2-37 4b d9 60 5a b6 d9 88   b.....M.7K.`Z...
    0060 - e1 fa 5e 03 8b 72 2e 01-3b 9f 8a 13 d9 56 1e 74   ..^..r..;....V.t
    0070 - ba b2 97 08 58 71 4e 83-ed c1 4a da 1c 5b b0 bb   ....XqN...J..[..
    0080 - f6 81 92 9e 15 5a 6b 75-56 83 19 9c ca 82 2f 02   .....ZkuV...../.
    0090 - 2b e3 c3 59 35 89 4c 63-a7 e8 4e 9f 48 9f 43 6d   +..Y5.Lc..N.H.Cm

    Compression: 1 (zlib compression)
    Start Time: 1320358443
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE AUTH=PLAIN ACL ACL2=UNION] Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc.  See COPYING for distribution information.
a01 CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE AUTH=PLAIN ACL ACL2=UNION
a01 NO Error in IMAP command received by server.
a02 LOGIN eva **********
a02 OK LOGIN Ok.

Hope this is the proper place to take this to.

Comment 1 Robin Johnson archtester

2011-11-03 23:12:08 UTC

I can connect right now fine.
The fact there was no SSL makes me wonder if there is something weird at your ISP.
When it fails, can you reach http://dev.g.o/ at all?

Comment 2 Gilles Dartiguelongue (RETIRED) gentoo-dev

2011-11-04 08:04:24 UTC

Yes, I can ssh/ping. Thought about something before falling asleep, maybe there's a limit of connections allowed per IP address. Recent evolution default to 5 parallel connections to an IMAP server and manually opening 5 with openssl s_client fails at the fifth.

It looks like decreasing the number of parallel connections in evolution settings gets me a working imap again :). I'll confirm this this weekend as I've only tested this for 10 minutes right now.

Comment 3 Robin Johnson archtester

2011-11-04 10:31:12 UTC

ah, our limit was set at 4 per IP.
I've raised it to 10.

Comment 4 Gilles Dartiguelongue (RETIRED) gentoo-dev

2011-11-20 22:12:42 UTC

Yeah, works perfectly fine now. Thanks.

Comment 5 Christian Ruppert (idl0r) gentoo-dev

2011-11-21 16:30:49 UTC

Thanks.