ПРОЕКТЫ 


  АРХИВ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 


  СТАТЬИ 


  ПЕРСОНАЛЬНОЕ 


  ПРОГРАММЫ 



ПИШИТЕ
ПИСЬМА












     АРХИВ :: nginx-ru
Nginx-ru mailing list archive (nginx-ru@sysoev.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: php imap_open & nginx






13.08.07, 14:43, Anton Yuzhaninov <citrin@xxxxxxxxx>:



> Hello umask,

> You wrote on Monday, August 13, 2007, 2:08:23 PM:

> u> 2007/08/13 14:01:21 [info] 15979#0: *4215 client ... connected to 
> 0.0.0.0:143

> u> А вот что выводит сам php:

> u> PHP Warning:  imap_open(): Couldn't open stream

> u> {IP:143/notls/novalidate-cert}INBOX in /tmp/2.php on line 2

> u> Can't connect: Can not authenticate to IMAP server: invalid command

> u> PHP Notice:  Unknown: Can not authenticate to IMAP server: invalid

> u> command (errflg=2) in Unknown on line 0.

> Судя по всему php пытается использовать метод аутентификации,

> неподдерживаемый nginx

> Стоит посмотреть трафик между php и nginx и все будет ясно (tcpdump

> -s0 -X или удобнее tcpflow)



17:46:02.850962 IP 11.22.33.44.55268 > 11.22.33.44.imap: S 
1094578457:1094578457(0) win 32792 <mss 16396,sackOK,timestamp 1022085151 
0,nop,wscale 7>

        0x0000:  4500 003c 3906 4000 4006 362e d917 8cac  E..<9.@.@.6.....

        0x0010:  d917 8cac d7e4 008f 413d f119 0000 0000  ........A=......

        0x0020:  a002 8018 b231 0000 0204 400c 0402 080a  .....1....@.....

        0x0030:  3ceb c81f 0000 0000 0103 0307            <...........

17:46:02.850992 IP 11.22.33.44.imap > 11.22.33.44.55268: S 
1091985573:1091985573(0) ack 1094578458 win 32768 <mss 16396,sackOK,timestamp 
1022085151 1022085151,nop,wscale 7>

        0x0000:  4500 003c 0000 4000 4006 6f34 d917 8cac  E..<..@.@.o4....

        0x0010:  d917 8cac 008f d7e4 4116 60a5 413d f11a  ........A.`.A=..

        0x0020:  a012 8000 0b72 0000 0204 400c 0402 080a  .....r....@.....

        0x0030:  3ceb c81f 3ceb c81f 0103 0307            <...<.......

17:46:02.851010 IP 11.22.33.44.55268 > 11.22.33.44.imap: . ack 1 win 257 
<nop,nop,timestamp 1022085151 1022085151>

        0x0000:  4500 0034 3907 4000 4006 3635 d917 8cac  E..49.@.@.65....

        0x0010:  d917 8cac d7e4 008f 413d f11a 4116 60a6  ........A=..A.`.

        0x0020:  8010 0101 f395 0000 0101 080a 3ceb c81f  ............<...

        0x0030:  3ceb c81f                                <...

17:46:02.851494 IP 11.22.33.44.imap > 11.22.33.44.55268: P 1:19(18) ack 1 win 
256 <nop,nop,timestamp 1022085152 1022085151>

        0x0000:  4500 0046 a8b9 4000 4006 c670 d917 8cac  E..F..@.@..p....

        0x0010:  d917 8cac 008f d7e4 4116 60a6 413d f11a  ........A.`.A=..

        0x0020:  8018 0100 c4fa 0000 0101 080a 3ceb c820  ............<...

        0x0030:  3ceb c81f 2a20 4f4b 2049 4d41 5034 2072  <...*.OK.IMAP4.r

        0x0040:  6561 6479 0d0a                           eady..

17:46:02.851512 IP 11.22.33.44.55268 > 11.22.33.44.imap: . ack 19 win 257 
<nop,nop,timestamp 1022085152 1022085152>

        0x0000:  4500 0034 3908 4000 4006 3634 d917 8cac  E..49.@.@.64....

        0x0010:  d917 8cac d7e4 008f 413d f11a 4116 60b8  ........A=..A.`.

        0x0020:  8010 0101 f381 0000 0101 080a 3ceb c820  ............<...

        0x0030:  3ceb c820                                <...

17:46:02.851832 IP 11.22.33.44.55268 > 11.22.33.44.imap: P 1:22(21) ack 19 win 
257 <nop,nop,timestamp 1022085152 1022085152>

        0x0000:  4500 0049 3909 4000 4006 361e d917 8cac  E..I9.@.@.6.....

        0x0010:  d917 8cac d7e4 008f 413d f11a 4116 60b8  ........A=..A.`.

        0x0020:  8018 0101 9a20 0000 0101 080a 3ceb c820  ............<...

        0x0030:  3ceb c820 3030 3030 3030 3030 2043 4150  <...00000000.CAP

        0x0040:  4142 494c 4954 590d 0a                   ABILITY..

17:46:02.851842 IP 11.22.33.44.imap > 11.22.33.44.55268: . ack 22 win 256 
<nop,nop,timestamp 1022085152 1022085152>

        0x0000:  4500 0034 a8ba 4000 4006 c681 d917 8cac  E..4..@.@.......

        0x0010:  d917 8cac 008f d7e4 4116 60b8 413d f12f  ........A.`.A=./

        0x0020:  8010 0100 f36d 0000 0101 080a 3ceb c820  .....m......<...

        0x0030:  3ceb c820                                <...

17:46:02.852083 IP 11.22.33.44.imap > 11.22.33.44.55268: P 19:168(149) ack 22 
win 256 <nop,nop,timestamp 1022085153 1022085152>

        0x0000:  4500 00c9 a8bb 4000 4006 c5eb d917 8cac  E.....@.@.......

        0x0010:  d917 8cac 008f d7e4 4116 60b8 413d f12f  ........A.`.A=./

        0x0020:  8018 0100 063f 0000 0101 080a 3ceb c821  .....?......<..!

        0x0030:  3ceb c820 2a20 4341 5041 4249 4c49 5459  <...*.CAPABILITY

        0x0040:  2043 4150 4142 494c 4954 5920 494d 4150  .CAPABILITY.IMAP

        0x0050:  3420 494d 4150 3472 6576 3120 4155 5448  4.IMAP4rev1.AUTH

        0x0060:  3d4c 4f47 494e 2041 434c 204e 414d 4553  =LOGIN.ACL.NAMES

        0x0070:  5041 4345 2043 4849 4c44 5245 4e20 534f  PACE.CHILDREN.SO

        0x0080:  5254 2051 554f 5441 2054 4852 4541 443d  RT.QUOTA.THREAD=

        0x0090:  4f52 4445 5245 4453 5542 4a45 4354 2055  ORDEREDSUBJECT.U

        0x00a0:  4e53 454c 4543 5420 5354 4152 5454 4c53  NSELECT.STARTTLS

        0x00b0:  0d0a 3030 3030 3030 3030 204f 4b20 636f  ..00000000.OK.co

        0x00c0:  6d70 6c65 7465 640d 0a                   mpleted..

17:46:02.853044 IP 11.22.33.44.55268 > 11.22.33.44.imap: P 22:51(29) ack 168 
win 265 <nop,nop,timestamp 1022085153 1022085153>

        0x0000:  4500 0051 390a 4000 4006 3615 d917 8cac  E..Q9.@.@.6.....

        0x0010:  d917 8cac d7e4 008f 413d f12f 4116 614d  ........A=./A.aM

        0x0020:  8018 0109 6a5a 0000 0101 080a 3ceb c821  ....jZ......<..!

        0x0030:  3ceb c821 3030 3030 3030 3031 2041 5554  <..!00000001.AUT

        0x0040:  4845 4e54 4943 4154 4520 4c4f 4749 4e0d  HENTICATE.LOGIN.

        0x0050:  0a                                       .

17:46:02.853257 IP 11.22.33.44.imap > 11.22.33.44.55268: P 168:198(30) ack 51 
win 256 <nop,nop,timestamp 1022085154 1022085153>

        0x0000:  4500 0052 a8bc 4000 4006 c661 d917 8cac  E..R..@.@..a....

        0x0010:  d917 8cac 008f d7e4 4116 614d 413d f14c  ........A.aMA=.L

        0x0020:  8018 0100 fdf9 0000 0101 080a 3ceb c822  ............<.."

        0x0030:  3ceb c821 3030 3030 3030 3031 2042 4144  <..!00000001.BAD

        0x0040:  2069 6e76 616c 6964 2063 6f6d 6d61 6e64  .invalid.command

        0x0050:  0d0a                                     ..

17:46:02.853438 IP 11.22.33.44.55268 > 11.22.33.44.imap: P 51:68(17) ack 198 
win 265 <nop,nop,timestamp 1022085154 1022085154>

        0x0000:  4500 0045 390b 4000 4006 3620 d917 8cac  E..E9.@.@.6.....

        0x0010:  d917 8cac d7e4 008f 413d f14c 4116 616b  ........A=.LA.ak

        0x0020:  8018 0109 14bf 0000 0101 080a 3ceb c822  ............<.."

        0x0030:  3ceb c822 3030 3030 3030 3032 204c 4f47  <.."00000002.LOG

        0x0040:  4f55 540d 0a                             OUT..

17:46:02.853580 IP 11.22.33.44.imap > 11.22.33.44.55268: P 198:228(30) ack 68 
win 256 <nop,nop,timestamp 1022085154 1022085154>

        0x0000:  4500 0052 a8bd 4000 4006 c660 d917 8cac  E..R..@.@..`....

        0x0010:  d917 8cac 008f d7e4 4116 616b 413d f15d  ........A.akA=.]

        0x0020:  8018 0100 4c90 0000 0101 080a 3ceb c822  ....L.......<.."

        0x0030:  3ceb c822 2a20 4259 450d 0a30 3030 3030  <.."*.BYE..00000

        0x0040:  3030 3220 4f4b 2063 6f6d 706c 6574 6564  002.OK.completed

        0x0050:  0d0a                                     ..

17:46:02.853726 IP 11.22.33.44.imap > 11.22.33.44.55268: F 228:228(0) ack 68 
win 256 <nop,nop,timestamp 1022085154 1022085154>

        0x0000:  4500 0034 a8be 4000 4006 c67d d917 8cac  E..4..@.@..}....

        0x0010:  d917 8cac 008f d7e4 4116 6189 413d f15d  ........A.a.A=.]

        0x0020:  8011 0100 f269 0000 0101 080a 3ceb c822  .....i......<.."

        0x0030:  3ceb c822                                <.."

17:46:02.853874 IP 11.22.33.44.55268 > 11.22.33.44.imap: F 68:68(0) ack 229 win 
265 <nop,nop,timestamp 1022085154 1022085154>

        0x0000:  4500 0034 390c 4000 4006 3630 d917 8cac  E..49.@.@.60....

        0x0010:  d917 8cac d7e4 008f 413d f15d 4116 618a  ........A=.]A.a.

        0x0020:  8011 0109 f25f 0000 0101 080a 3ceb c822  ....._......<.."

        0x0030:  3ceb c822                                <.."

17:46:02.853887 IP 11.22.33.44.imap > 11.22.33.44.55268: . ack 69 win 256 
<nop,nop,timestamp 1022085154 1022085154>

        0x0000:  4500 0034 a8bf 4000 4006 c67c d917 8cac  E..4..@.@..|....

        0x0010:  d917 8cac 008f d7e4 4116 618a 413d f15e  ........A.a.A=.^

        0x0020:  8010 0100 f268 0000 0101 080a 3ceb c822  .....h......<.."

        0x0030:  3ceb c822                                <.."





nginx.conf:



user  nginx nginx;

worker_processes  4;



error_log  /var/log/nginx/error.log debug;

#error_log  /var/log/nginx/error.log  notice;

#error_log  logs/error.log  info;



#pid        logs/nginx.pid;





events {

    worker_connections  512;

    # Linux epoll

    use epoll;

}



mail {

    #auth_http  127.0.0.1:8080/cgi-bin/auth;

    auth_http  127.0.0.1:8080/auth.php;

    auth_http_timeout   15s;



    # use keepalive connections to backend

    so_keepalive on;

    imap_capabilities "CAPABILITY" "IMAP4" "IMAP4rev1" "AUTH=LOGIN" "ACL" 
"NAMESPACE" "CHILDREN" "SORT" "QUOTA" "THREAD=ORDEREDSUBJECT" "UNSELECT";

    pop3_capabilities "TOP" "USER" "UIDL";

    # example for smtp

    #smtp_capabilities "SIZE 10485760" ENHANCEDSTATUSCODES 8BITMIME DSN;



    # it's work, but HTTP auth server must implement it!

    #pop3_auth    plain apop cram-md5;

    #smtp_auth    login plain cram-md5;

    pop3_auth    plain;

    #smtp_auth    login plain;



    ssl_certificate      /etc/nginx/x.ru.pem;

    ssl_certificate_key  /etc/nginx/x.ru.pem;



    # POP3 with STARTTLS

    server {

        listen     110;

        protocol   pop3;

        proxy      on;

        starttls   on;

    }



    # POP3 with SSL

    server {

        listen    995;

        protocol  pop3;

        proxy     on;

        ssl       on;

    }



    # IMAP with STARTTLS

    server {

        listen    143;

        protocol  imap;

        proxy     on;

        starttls  on;

    }



    # IMAP with SSL

    server {

        listen    993;

        protocol  imap;

        proxy     on;

        ssl       on;

    }



    # SMTP proxying example

    # SMTP

    #server {

        #listen    25;

        #protocol  smtp;

        #proxy     on;

        # RFC2821:

        #timeout   300s;

    #}



    # SMTP with SSL

    #server {

        #listen    465;

        #protocol  smtp;

        #proxy     on;

        #ssl       on;

        # RFC2821:

        #timeout   300s;

    #}

}



http {

    include       /etc/nginx/mime.types;

    #default_type  application/octet-stream;

    default_type  text/plain;



    log_format  main  '$remote_addr - $remote_user [$time_local] $request '

                      '"$status" $body_bytes_sent "$http_referer" '

                      '"$http_user_agent" "$http_x_forwarded_for"';



    access_log  /var/log/nginx/access.log  main;



    sendfile        on;

    #tcp_nopush     on;



    #keepalive_timeout  0;

    keepalive_timeout  30;



    #gzip  on;



    server {

        listen       127.0.0.1:8080;

        server_name  localhost;



        #charset koi8-r;



        #access_log  logs/host.access.log  main;



        location / {

            root   /home/nginx/htdocs;

            index  index.html index.htm;

        }



        #error_page  404              /404.html;



        # redirect server error pages to the static page /50x.html

        #

        error_page   500 502 503 504  /50x.html;

        location = /50x.html {

            root   /home/nginx/htdocs;

        }



        # proxy the PHP scripts to Apache listening on 127.0.0.1:80

        #

        #location ~ \.php$ {

        #    proxy_pass   http://127.0.0.1;

        #}



        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

        #

        location ~ \.php$ {

            fastcgi_pass        127.0.0.1:9000;

            fastcgi_index       index.php;

            fastcgi_param       SCRIPT_FILENAME 
/home/nginx/htdocs$fastcgi_script_name;

            fastcgi_param       _SERVER         /home/nginx/htdocs;

            fastcgi_param       DOCUMENT_ROOT   /home/nginx/htdocs;

            include             /etc/nginx/fastcgi_params;

        }



        # deny access to .htaccess files, if Apache's document root

        # concurs with nginx's one

        #

        #location ~ /\.ht {

        #    deny  all;

        #}

    }



    #server {

        #listen 80;

        #server_name test.rupochta.ru;



        #access_log /var/log/nginx/tomcat_access.log main;



        #location / {

        #       proxy_pass        http://localhost:9090/;

        #       proxy_set_header  X-Real-IP  $remote_addr;

        #}

    #}



    # another virtual host using mix of IP-, name-, and port-based configuration

    #

    #server {

    #    listen       8000;

    #    listen       somename:8080;

    #    server_name  somename  alias  another.alias;



    #    location / {

    #        root   html;

    #        index  index.html index.htm;

    #    }

    #}





    # HTTPS server

    #

    #server {

    #    listen       443;

    #    server_name  localhost;



    #    ssl                  on;

    #    ssl_certificate      cert.pem;

    #    ssl_certificate_key  cert.key;



    #    ssl_session_timeout  5m;



    #    ssl_protocols  SSLv2 SSLv3 TLSv1;

    #    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

    #    ssl_prefer_server_ciphers   on;



    #    location / {

    #        root   html;

    #        index  index.html index.htm;

    #    }

    #}



}



Из tcpdump видно, что используется AUTHENTICATE LOGIN. В этом и состоит 
проблема.



Как её возможно решить?



Я так полагаю, что imap capabilities можно поправить?

А как заставить php imap_open использовать LOGIN аутентификацию?




 




Copyright © Lexa Software, 1996-2009.