[tpop3d-discuss] Anti-virus POP3-proxy failed after upgrade (1.4.2->1.5.1/1.5.2)

michael@computerpech.nl michael at computerpech.nl
Fri, 19 Sep 2003 13:09:59 +0200 

Dear List,

First of all: I like your POP3 daemon (easy configuration, nice
perfomance and easy use with MySQL database), so keep on going!

But.... I (we) have a little problem.

After upgrading from version 1.4.2 to 1.5.1 (or 1.5.2), some POP3
proxies within virusscanners doesn't work.

Our situation:
- FreeBSD 4.x and FreeBSD 5.x machines
- Tpop3d 1.4.2 (before upgrade), 1.5.1 and 1.5.2 (some servers, after
the upgrade)
- Customers use Norman anti-virus and Norton anti-virus
- Before upgrade all scanners seem to work fine and without problems

After we upgraded tpop3d (1.4.2 --> 1.5.1) on one of our FreeBSD 4.x
machines, all our customers (on this server) begin to complain about
unsuccessfull attempts to retrieve their e-mail (POP3-based). After
upgrading a second machine (FreeBSD 5.x), it seems this server has exact
the same problem. Turning of their virusscanner "solved" the problem.
Retrieving without virusscanner succeeds.

What I have tested:

* Norman with local POP3-proxy *
Test Norman anti-virus (with local POP3-proxy to scan mail for viruses).
Nothing happened. Our customers report that Norton has the same problem,
I haven't tested this one, because I don't have (want... :-D) it.

* Test with clients *
Outlook, Outlook Express and Mozilla mail can't retrieve their mail.
They keep on waiting en say they are performing the authentication
actions. Mozilla Mail doesn't say anything, but keeps on trying. Outlook
(Express) give the usual 'Timeout' dialog.

* Upgrade 1.4.2 --> 1.5.2 *
Problem remains

* Upgrade 1.5.1 --> 1.5.2 *
Problem remains

* Debugging mode *
With tpop3d in debugging mode (verbose, attached to screen), it seems
that the commands USER and PASS completes. But before the client says
'list' to the POP3-daemon, it keeps on waiting (and waiting...).

Tpop3d says after the timeout of the mailclient: ioabs_tcp_post_select:
client [6]michael((CLIENTIP)): read: Connection reset by peer; closing
connection

Part of log (private information masked):
-------------------------------------------
listeners_post_select: client [6](CLIENTIP)/(SERVERHOSTNAME): connected
to local address (SERVERIP):110
connection_parsecommand: client [6](CLIENTIP)/saturn.computerpech.nl:
received `USER michael'
connection_sendresponse: client [6](CLIENTIP)/saturn.computerpech.nl:
sent `+OK Tell me your password.'
connection_parsecommand: client [6](CLIENTIP)/saturn.computerpech.nl:
received `PASS [...]'
auth_mysql_new_user_pass: SQL query: SELECT (COLUMNS) FROM users WHERE
login='michael'
authcontext_new_user_pass: began session for `michael' with mysql; uid
26, gid 26
fork_child: [6]michael((CLIENTIP)): began session for `michael' with
mysql; child PID is 78717
maildir_new: scanned maildir /var/spool/virtual/(DOMAIN)/michael/Maildir
(58 messages) in 0.001s
connection_sendresponse: client [6]michael((CLIENTIP)): sent `+OK
Welcome aboard! You have 58 messages.'
ioabs_tcp_post_select: client [6]michael((CLIENTIP)): read: Connection
reset by peer; closing connection
connections_post_select: client [6]michael((CLIENTIP)): finished session
for `michael' with mysql
connections_post_select: client [6]michael((CLIENTIP)): disconnected;
29/134 bytes read/written
-------------------------------------------

Customers say that all other virusscanners with a local POP3 proxy (like
Norman and Norton) fail too. On the other hand, 2 programs that act like
a POP3 proxy  ie Spampal and SAProxy (both scanning on
'received'-headers and compare them to RBL's), work great!

I don't think it's related to the virusscanners, but maybe they are much
faster than both Spam-proxies (because this ones need to do several DNS
lookups) and are too quick (or too slow....). It seems the mail clients
are waiting for a respons, that has already been sent to them (because
the client don't ask the list).

Conclusion:
- After upgrading of different machines, they all give the same problem
for different virusscanners. Multiple mailclients wait and 'fail'
(authentication is succesfull). Our customers didn't change their
settings, so it seems it's related to the POP3 daemon. POP3 proxies like
spam proxies work and have no problems.

Tpop3d configuration file:
-------------------------------------------
listen-address: 0.0.0.0
max-children: 20
append-domain: yes
strip-domain: yes
auth-mysql-enable: yes
auth-mysql-hostname: HOST
auth-mysql-database: DATABASE
auth-mysql-username: USER
auth-mysql-password: PASS
auth-mysql-pass-query: SQLQUERY
auth-pam-enable: no
timeout-seconds: 600
-------------------------------------------


If you need more info, let me know. I hope you can help me. Thanks! 

Yours sincerely,

Michael
The Netherlands