ZCS 8.0.2 Proxy Issues with downloading large mails via pop

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
sviriyala
Posts: 41
Joined: Sat Sep 13, 2014 1:49 am

ZCS 8.0.2 Proxy Issues with downloading large mails via pop

Postby sviriyala » Thu Feb 21, 2013 2:56 pm

I have a major issue in production environment. I am running zcs-8.0.2_GA_5569.FOSS on RHEL 6.2 64 bit. Multiserver environment with 1 LDAP Master, about 8 Mailstore servers, couple of MTA servers, Proxy for pop3/IMAP and Proxy for https.

The issue I am facing is that whenever a user tries to download a mail more than say 2MB via pop, the connection closes. All I can find in the /opt/zimbra/log/nginx.log is the following entry:
[QUOTE]2013/02/21 23:53:12 [error] 17271#0: *725148 SSL_read() failed (SSL: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac) while proxying and reading from upstream, client: IP.Addr.of.client using starttls, server: 0.0.0.0:110, login: "userid", upstream: IP.Addr.of.mailstoreserver:995 (IP.Addr.of.client:49956-IP.Addr.of.popproxy:110) (IP.Addr.of.popproxy:34307-IP.Addr.of.mailstoreserver:995)[/QUOTE]
If I bypass proxy, and connect directly to the mailstore server, no issues. Everything works fine.
I can't find any relation between the above error and the problem we are facing. Any help is highly appreciated.
Thanks


sviriyala
Posts: 41
Joined: Sat Sep 13, 2014 1:49 am

ZCS 8.0.2 Proxy Issues with downloading large mails via pop

Postby sviriyala » Fri Feb 22, 2013 2:30 pm

[quote user="sviriyala"]I have a major issue in production environment. I am running zcs-8.0.2_GA_5569.FOSS on RHEL 6.2 64 bit. Multiserver environment with 1 LDAP Master, about 8 Mailstore servers, couple of MTA servers, Proxy for pop3/IMAP and Proxy for https.

The issue I am facing is that whenever a user tries to download a mail more than say 2MB via pop, the connection closes. All I can find in the /opt/zimbra/log/nginx.log is the following entry:

If I bypass proxy, and connect directly to the mailstore server, no issues. Everything works fine.
I can't find any relation between the above error and the problem we are facing. Any help is highly appreciated.
Thanks[/QUOTE]
Anyone/someone can throw some light on the issue? I am kind of stuck & hit a block. Can't even think how to proceed. I have a major production issue here.
Thanks
speno
Advanced member
Advanced member
Posts: 56
Joined: Sat Sep 13, 2014 1:08 am

ZCS 8.0.2 Proxy Issues with downloading large mails via pop

Postby speno » Mon Feb 25, 2013 11:11 am

Just a guess, but if the proxy is talking over SSL to the mailbox servers, perhaps you can try not over SSL.
sviriyala
Posts: 41
Joined: Sat Sep 13, 2014 1:49 am

ZCS 8.0.2 Proxy Issues with downloading large mails via pop

Postby sviriyala » Tue Feb 26, 2013 4:59 am

Thanks for the response speno.

Yes tried disabling SSL. Still same error.

Does nginx have any bug? Does this apply to Zimbra?
#215 (SSL: decryption failed or bad record mac with upstream servers)
Thanks
speno
Advanced member
Advanced member
Posts: 56
Joined: Sat Sep 13, 2014 1:08 am

ZCS 8.0.2 Proxy Issues with downloading large mails via pop

Postby speno » Tue Feb 26, 2013 6:40 am

[quote user="sviriyala"]Thanks for the response speno.

Yes tried disabling SSL. Still same error.

Does nginx have any bug? Does this apply to Zimbra?
#215 (SSL: decryption failed or bad record mac with upstream servers)
Thanks[/QUOTE]
Sure looks like it. I would try adding the proxy_buffers setting to your nginx config and see how it goes. If that fixes it, file a Zimbra bug on it.
sviriyala
Posts: 41
Joined: Sat Sep 13, 2014 1:49 am

ZCS 8.0.2 Proxy Issues with downloading large mails via pop

Postby sviriyala » Tue Feb 26, 2013 7:08 am

[quote user="speno"]Sure looks like it. I would try adding the proxy_buffers setting to your nginx config and see how it goes. If that fixes it, file a Zimbra bug on it.[/QUOTE]
After a lot of searching, finally found out how to add proxy_buffer to nginx config. To survive reboots/restarts proxy_buffer needs to be added in the following files:
/opt/zimbra/conf/nginx/templates/nginx.conf.mail.pop3.default.template

[QUOTE]# POP3 proxy default configuration

#

server

{

${core.ipboth.enabled}listen [::]:${mail.pop3.port};

${core.ipv4only.enabled}listen ${mail.pop3.port};

${core.ipv6only.enabled}listen [::]:${mail.pop3.port} ipv6only=on;

protocol pop3;

proxy on;

proxy_buffer 32K;

timeout ${mail.pop3.timeout};

proxy_timeout ${mail.pop3.proxytimeout};

sasl_service_name "pop";

starttls ${mail.pop3.tls};

ssl_certificate ${ssl.crt.default};

ssl_certificate_key ${ssl.key.default};

}

[/QUOTE]
/opt/zimbra/conf/nginx/templates/nginx.conf.mail.pop3s.default.template
[QUOTE]# POP3S proxy default configuration

#

server

{

${core.ipboth.enabled}listen [::]:${mail.pop3s.port};

${core.ipv4only.enabled}listen ${mail.pop3s.port};

${core.ipv6only.enabled}listen [::]:${mail.pop3s.port} ipv6only=on;

protocol pop3;

proxy_buffer 32K;

proxy on;

timeout ${mail.pop3.timeout};

proxy_timeout ${mail.pop3.proxytimeout};

ssl on;

ssl_certificate ${ssl.crt.default};

ssl_certificate_key ${ssl.key.default};

sasl_service_name "pop";

}

[/QUOTE]
Restart Zimbra service (zmcontrol restart).
However I still get the same errors. Either whatever I did, was not the correct way to configure the proxy_buffer or the bug doesn't apply to me. Hence the question. This issue is driving me nuts.
Thanks
speno
Advanced member
Advanced member
Posts: 56
Joined: Sat Sep 13, 2014 1:08 am

ZCS 8.0.2 Proxy Issues with downloading large mails via pop

Postby speno » Tue Feb 26, 2013 8:10 am

[quote user="sviriyala"]After a lot of searching, finally found out how to add proxy_buffer to nginx config. To survive reboots/restarts proxy_buffer needs to be added in the following files:
/opt/zimbra/conf/nginx/templates/nginx.conf.mail.pop3.default.template


/opt/zimbra/conf/nginx/templates/nginx.conf.mail.pop3s.default.template

Restart Zimbra service (zmcontrol restart).
However I still get the same errors. Either whatever I did, was not the correct way to configure the proxy_buffer or the bug doesn't apply to me. Hence the question. This issue is driving me nuts.
Thanks[/QUOTE]
Unless that's a typo, then i think you wanted:
proxy_buffers 8 32k;
As proxy_buffers takes two parameters, not just one.
sviriyala
Posts: 41
Joined: Sat Sep 13, 2014 1:49 am

ZCS 8.0.2 Proxy Issues with downloading large mails via pop

Postby sviriyala » Tue Feb 26, 2013 8:23 am

[quote user="speno"]Unless that's a typo, then i think you wanted:
proxy_buffers 8 32k;
As proxy_buffers takes two parameters, not just one.[/QUOTE]
No typo there. I had followed this wiki to set the values:
MailProxyModule
Here
there is only one option for proxy_buffers: buffer size in K.
However for httpproxymodule it takes two values: .
HttpProxyModule
Thanks
speno
Advanced member
Advanced member
Posts: 56
Joined: Sat Sep 13, 2014 1:08 am

ZCS 8.0.2 Proxy Issues with downloading large mails via pop

Postby speno » Tue Feb 26, 2013 8:32 am

Ok. If you have a Zimbra support contract, you should open a case. Otherwise, submit a bugzilla ticket on the issue. Or both!
sviriyala
Posts: 41
Joined: Sat Sep 13, 2014 1:49 am

ZCS 8.0.2 Proxy Issues with downloading large mails via pop

Postby sviriyala » Tue Feb 26, 2013 8:50 am

[quote user="speno"]Ok. If you have a Zimbra support contract, you should open a case. Otherwise, submit a bugzilla ticket on the issue. Or both![/QUOTE]
No I run Open Source Edition. So no support. :(

Submitted a bug on bugzilla site.
Bug 80563 – downloading large mails (>2MB) over WAN links closes POP3 sessions when using Proxy in Multiserver Env
Thanks for your support Speno.
BTW, no one running a multiserver env for 8.0.2? How come no one faced this issue & only I am facing this?
Thanks

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 12 guests