Results 1 to 10 of 27

Thread: ZCS 8.0.2 Proxy Issues with downloading large mails via pop

Hybrid View

  1. #1
    Join Date
    Feb 2011
    Posts
    42
    Rep Power
    4

    Default ZCS 8.0.2 Proxy Issues with downloading large mails via pop

    I have a major issue in production environment. I am running zcs-8.0.2_GA_5569.FOSS on RHEL 6.2 64 bit. Multiserver environment with 1 LDAP Master, about 8 Mailstore servers, couple of MTA servers, Proxy for pop3/IMAP and Proxy for https.
    The issue I am facing is that whenever a user tries to download a mail more than say 2MB via pop, the connection closes. All I can find in the /opt/zimbra/log/nginx.log is the following entry:

    2013/02/21 23:53:12 [error] 17271#0: *725148 SSL_read() failed (SSL: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac) while proxying and reading from upstream, client: IP.Addr.of.client using starttls, server: 0.0.0.0:110, login: "userid", upstream: IP.Addr.of.mailstoreserver:995 (IP.Addr.of.client:49956-IP.Addr.of.popproxy:110) <=> (IP.Addr.of.popproxy:34307-IP.Addr.of.mailstoreserver:995)
    If I bypass proxy, and connect directly to the mailstore server, no issues. Everything works fine.

    I can't find any relation between the above error and the problem we are facing. Any help is highly appreciated.

    Thanks

  2. #2
    Join Date
    Feb 2011
    Posts
    42
    Rep Power
    4

    Default

    Quote Originally Posted by sviriyala View Post
    I have a major issue in production environment. I am running zcs-8.0.2_GA_5569.FOSS on RHEL 6.2 64 bit. Multiserver environment with 1 LDAP Master, about 8 Mailstore servers, couple of MTA servers, Proxy for pop3/IMAP and Proxy for https.
    The issue I am facing is that whenever a user tries to download a mail more than say 2MB via pop, the connection closes. All I can find in the /opt/zimbra/log/nginx.log is the following entry:



    If I bypass proxy, and connect directly to the mailstore server, no issues. Everything works fine.

    I can't find any relation between the above error and the problem we are facing. Any help is highly appreciated.

    Thanks
    Anyone/someone can throw some light on the issue? I am kind of stuck & hit a block. Can't even think how to proceed. I have a major production issue here.

    Thanks

  3. #3
    Join Date
    Apr 2010
    Posts
    57
    Rep Power
    5

    Default

    Just a guess, but if the proxy is talking over SSL to the mailbox servers, perhaps you can try not over SSL.

  4. #4
    Join Date
    Feb 2011
    Posts
    42
    Rep Power
    4

    Default

    Thanks for the response speno.
    Yes tried disabling SSL. Still same error.
    Does nginx have any bug? Does this apply to Zimbra?

    #215 (SSL: decryption failed or bad record mac with upstream servers)

    Thanks

  5. #5
    Join Date
    Apr 2010
    Posts
    57
    Rep Power
    5

    Default

    Quote Originally Posted by sviriyala View Post
    Thanks for the response speno.
    Yes tried disabling SSL. Still same error.
    Does nginx have any bug? Does this apply to Zimbra?

    #215 (SSL: decryption failed or bad record mac with upstream servers)

    Thanks
    Sure looks like it. I would try adding the proxy_buffers setting to your nginx config and see how it goes. If that fixes it, file a Zimbra bug on it.

  6. #6
    Join Date
    Feb 2011
    Posts
    42
    Rep Power
    4

    Default

    Quote Originally Posted by speno View Post
    Sure looks like it. I would try adding the proxy_buffers setting to your nginx config and see how it goes. If that fixes it, file a Zimbra bug on it.
    After a lot of searching, finally found out how to add proxy_buffer to nginx config. To survive reboots/restarts proxy_buffer needs to be added in the following files:

    /opt/zimbra/conf/nginx/templates/nginx.conf.mail.pop3.default.template
    # POP3 proxy default configuration
    #
    server
    {
    ${core.ipboth.enabled}listen [::]:${mail.pop3.port};
    ${core.ipv4only.enabled}listen ${mail.pop3.port};
    ${core.ipv6only.enabled}listen [::]:${mail.pop3.port} ipv6only=on;
    protocol pop3;
    proxy on;
    proxy_buffer 32K;
    timeout ${mail.pop3.timeout};
    proxy_timeout ${mail.pop3.proxytimeout};
    sasl_service_name "pop";
    starttls ${mail.pop3.tls};
    ssl_certificate ${ssl.crt.default};
    ssl_certificate_key ${ssl.key.default};
    }
    /opt/zimbra/conf/nginx/templates/nginx.conf.mail.pop3s.default.template

    # POP3S proxy default configuration
    #
    server
    {
    ${core.ipboth.enabled}listen [::]:${mail.pop3s.port};
    ${core.ipv4only.enabled}listen ${mail.pop3s.port};
    ${core.ipv6only.enabled}listen [::]:${mail.pop3s.port} ipv6only=on;
    protocol pop3;
    proxy_buffer 32K;
    proxy on;
    timeout ${mail.pop3.timeout};
    proxy_timeout ${mail.pop3.proxytimeout};
    ssl on;
    ssl_certificate ${ssl.crt.default};
    ssl_certificate_key ${ssl.key.default};
    sasl_service_name "pop";
    }


    Restart Zimbra service (zmcontrol restart).

    However I still get the same errors. Either whatever I did, was not the correct way to configure the proxy_buffer or the bug doesn't apply to me. Hence the question. This issue is driving me nuts.

    Thanks

Similar Threads

  1. Outlook 2010 stopped downloading e-mails and syncing
    By Steffi_Nano in forum Zimbra Connector for Outlook
    Replies: 2
    Last Post: 05-09-2012, 04:32 AM
  2. Outlook 2010 stopped downloading e-mails and syncing
    By Steffi_Nano in forum Error Reports
    Replies: 1
    Last Post: 05-09-2012, 04:04 AM
  3. [SOLVED] downloading large paid Yahoo mail with many folders
    By arlesterc in forum General Questions
    Replies: 2
    Last Post: 01-27-2011, 12:54 PM
  4. Replies: 1
    Last Post: 12-10-2008, 03:30 AM
  5. Not downloading new mails in GMail
    By deepanjan_nag in forum Error Reports
    Replies: 0
    Last Post: 07-31-2008, 09:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •