From ben at electricembers.net  Thu Mar  5 15:45:40 2009
From: ben at electricembers.net (ben at electricembers.net)
Date: Thu, 5 Mar 2009 12:45:40 -0800 (PST)
Subject: [imapproxy-info] make fails because my openssl was built without
	thread support
Message-ID: <Pine.BSF.4.64.0903051242370.72448@internal.electricembers.net>

even though i configured it --without-openssl. . .

is this a bug? or am i simply forced to (re)build openssl with threads 
(slighly scarry on a production server.)

From dave64 at andrew.cmu.edu  Thu Mar  5 16:49:31 2009
From: dave64 at andrew.cmu.edu (Dave McMurtrie)
Date: Thu, 05 Mar 2009 16:49:31 -0500
Subject: [imapproxy-info] make fails because my openssl was built
 without thread support
In-Reply-To: <Pine.BSF.4.64.0903051242370.72448@internal.electricembers.net>
References: <Pine.BSF.4.64.0903051242370.72448@internal.electricembers.net>
Message-ID: <49B048EB.8000305@andrew.cmu.edu>

ben at electricembers.net wrote:
> even though i configured it --without-openssl. . .
> 
> is this a bug? or am i simply forced to (re)build openssl with threads 
> (slighly scarry on a production server.)

A bug?  Of course not!! :)

Unfortunately, some time ago I made a decision to always require OpenSSL 
even if you don't plan to use TLS.  imapproxy uses the base64 
encoding/decoding routines from the OpenSSL libs.

If you're truly terrified of throwing a new OpenSSL on your production 
machine, you can grab an older version of imapproxy that came with its 
own base64 routines (and didn't use the ones from OpenSSL) and use that 
to create a patch for the new version that should compile by changing a 
few lines of code.  If you're interested in doing this and you need 
further assistance, let me know off-list.

Thanks,

Dave
-- 
Dave McMurtrie, SPE
Email Systems Team Leader
Carnegie Mellon University,
Computing Services

From husmann at morningside.edu  Wed Mar 11 14:55:49 2009
From: husmann at morningside.edu (Mike Husmann)
Date: Wed, 11 Mar 2009 13:55:49 -0500
Subject: [imapproxy-info] imapproxy and tls
Message-ID: <20090311135549.168263exhfx2uqt1@squirrelmail.morningside.edu>

Hello,
   I currently have imapproxy running on the same host as my mail  
server, so no tls has been required.

However, now I'm moving the web server off, and tls is required.

I have put entered the the entries for my ssl certs (same as my imap  
server) into the appropriate fields in imapproxy.conf, but I still  
can't get imapproxy to advertise STARTTLS when I telnet to it.  I  
don't see any errors in the logs, and I'm wondering what I missed.

If I purposefully break the name of the ssl cert in imapproxy.conf, I  
don't see any complaints - indicating to me that it's not even trying  
to use them?

Any ideas as to where I can look for mistakes?

Thanks in advance,

Mike

--
Mike Husmann
Senior Systems Administrator
Morningside College






From dave64 at andrew.cmu.edu  Wed Mar 11 15:20:02 2009
From: dave64 at andrew.cmu.edu (Dave McMurtrie)
Date: Wed, 11 Mar 2009 15:20:02 -0400
Subject: [imapproxy-info] imapproxy and tls
In-Reply-To: <20090311135549.168263exhfx2uqt1@squirrelmail.morningside.edu>
References: <20090311135549.168263exhfx2uqt1@squirrelmail.morningside.edu>
Message-ID: <49B80EE2.9080609@andrew.cmu.edu>

Mike Husmann wrote:
> Hello,
>    I currently have imapproxy running on the same host as my mail  
> server, so no tls has been required.
> 
> However, now I'm moving the web server off, and tls is required.
> 
> I have put entered the the entries for my ssl certs (same as my imap  
> server) into the appropriate fields in imapproxy.conf, but I still  
> can't get imapproxy to advertise STARTTLS when I telnet to it.  I  
> don't see any errors in the logs, and I'm wondering what I missed.

Hi Mike,

imapproxy will only ever do TLS between imapproxy and the imap server.
It doesn't support TLS between a client (webmail, in your case) and
imapproxy.  Hence, it should never advertise STARTTLS.

The theory is that you always keep imapproxy running on the same host as
your webmail server.  That way, no traffic from webmail to imapproxy has
to traverse the network.  If your mail server is on a different host,
imapproxy can to TLS to your mail server.

Thanks,

Dave
-- 
Dave McMurtrie, SPE
Email Systems Team Leader
Carnegie Mellon University,
Computing Services

From husmann at morningside.edu  Wed Mar 11 15:21:38 2009
From: husmann at morningside.edu (Mike Husmann)
Date: Wed, 11 Mar 2009 14:21:38 -0500
Subject: [imapproxy-info] imapproxy and tls
In-Reply-To: <20090311135549.168263exhfx2uqt1@squirrelmail.morningside.edu>
References: <20090311135549.168263exhfx2uqt1@squirrelmail.morningside.edu>
Message-ID: <20090311142138.47587rh9zws40ev6@squirrelmail.morningside.edu>

Quoting Mike Husmann <husmann at morningside.edu>:

> Hello,
>    I currently have imapproxy running on the same host as my mail
> server, so no tls has been required.
>
> However, now I'm moving the web server off, and tls is required.
>
> I have put entered the the entries for my ssl certs (same as my imap
> server) into the appropriate fields in imapproxy.conf, but I still
> can't get imapproxy to advertise STARTTLS when I telnet to it.  I
> don't see any errors in the logs, and I'm wondering what I missed.
>
> If I purposefully break the name of the ssl cert in imapproxy.conf, I
> don't see any complaints - indicating to me that it's not even trying
> to use them?

   I did find the error -
           in.imapproxyd[4876]: main(): Failed to load CA data.  Exiting.

So it doesn't like my ssl certs.  I've got pem formatted certs.  I  
take it that's not what imapproxy is looking for?

Thanks,

Mike


From husmann at morningside.edu  Wed Mar 11 15:44:50 2009
From: husmann at morningside.edu (Mike Husmann)
Date: Wed, 11 Mar 2009 14:44:50 -0500
Subject: [imapproxy-info] imapproxy and tls
In-Reply-To: <49B80EE2.9080609@andrew.cmu.edu>
References: <20090311135549.168263exhfx2uqt1@squirrelmail.morningside.edu>
	<49B80EE2.9080609@andrew.cmu.edu>
Message-ID: <20090311144450.214425kft5z5ckoi@squirrelmail.morningside.edu>

Quoting Dave McMurtrie <dave64 at andrew.cmu.edu>:

> Mike Husmann wrote:
>> Hello,
>>    I currently have imapproxy running on the same host as my mail
>> server, so no tls has been required.
>>
>> However, now I'm moving the web server off, and tls is required.
>>
>> I have put entered the the entries for my ssl certs (same as my imap
>> server) into the appropriate fields in imapproxy.conf, but I still
>> can't get imapproxy to advertise STARTTLS when I telnet to it.  I
>> don't see any errors in the logs, and I'm wondering what I missed.
>
> Hi Mike,
>
> imapproxy will only ever do TLS between imapproxy and the imap server.
> It doesn't support TLS between a client (webmail, in your case) and
> imapproxy.  Hence, it should never advertise STARTTLS.
>
> The theory is that you always keep imapproxy running on the same host as
> your webmail server.  That way, no traffic from webmail to imapproxy has
> to traverse the network.  If your mail server is on a different host,
> imapproxy can to TLS to your mail server.

   Thanks for the quick response.  I did install imapproxy on the new  
box, and it works great for non-tls transactions.  Our cyrus 2.3.7  
mail server advertises this upon login:
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS]

However, it currently doesn't require tls connections (although that  
is coming in the future).  Is force_tls the way to require imapproxy  
to use tls when talking to the imap server?  When I turn that on,  
that's when imapproxy tells me:
   main(): Failed to load CA data.  Exiting.
and it bombs out.  What ssl certs info do I need to make this work?

Thanks so much,

Mike


From dave64 at andrew.cmu.edu  Wed Mar 11 18:19:48 2009
From: dave64 at andrew.cmu.edu (Dave McMurtrie)
Date: Wed, 11 Mar 2009 18:19:48 -0400
Subject: [imapproxy-info] imapproxy and tls
In-Reply-To: <20090311144450.214425kft5z5ckoi@squirrelmail.morningside.edu>
References: <20090311135549.168263exhfx2uqt1@squirrelmail.morningside.edu>	<49B80EE2.9080609@andrew.cmu.edu>
	<20090311144450.214425kft5z5ckoi@squirrelmail.morningside.edu>
Message-ID: <49B83904.3080408@andrew.cmu.edu>

Mike Husmann wrote:

>    Thanks for the quick response.  I did install imapproxy on the new  
> box, and it works great for non-tls transactions.  Our cyrus 2.3.7  
> mail server advertises this upon login:
> * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS]
> 
> However, it currently doesn't require tls connections (although that  
> is coming in the future).  Is force_tls the way to require imapproxy  
> to use tls when talking to the imap server?  

That's correct.  By default, imapproxy will only attempt STARTTLS if 
your imap server advertises LOGINDISABLED.  Setting force_tls in 
imapproxy.conf will cause imapproxy to always use STARTTLS.


> When I turn that on,  
> that's when imapproxy tells me:
>    main(): Failed to load CA data.  Exiting.
> and it bombs out. 

That's less than ideal.

> What ssl certs info do I need to make this work?

The error indicates that the CA cert is either not being found or it 
cannot be verified.  tls_ca_path should be set to the directory that 
contains your certificate authority cert in pem format.  tls_ca_file 
should be set to the file that contains your certificate authority cert 
in pem format.

There's an example using a self-signed cert in README.ssl that might be 
helpful to you.

Thanks,

Dave
-- 
Dave McMurtrie, SPE
Email Systems Team Leader
Carnegie Mellon University,
Computing Services

From japc at co.sapo.pt  Wed Mar 11 21:09:37 2009
From: japc at co.sapo.pt (Jose Celestino)
Date: Thu, 12 Mar 2009 01:09:37 +0000
Subject: [imapproxy-info] File descriptor leak issue
Message-ID: <20090312010937.GA15592@co.sapo.pt>

Hi.

There's a file descriptor leak issue on not checking the
pthread_create() return value on the main for(;;) loop.

If there's a connection burst and pthreads stack allocation temporarily
fails clientsd descriptors are not properly closed and will leak.

Attached is a patch that fixes this.

-- 
Jose Celestino | http://japc.uncovering.org/files/japc-pgpkey.asc
----------------------------------------------------------------
"One man?s theology is another man?s belly laugh." -- Robert A. Heinlein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: imapproxy-1.2.7rc2-pthread_create_fd_leak.diff
Type: text/x-diff
Size: 575 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/imapproxy-info/attachments/20090312/0e0840bb/attachment.bin 

From slusarz at curecanti.org  Wed Mar 25 18:38:25 2009
From: slusarz at curecanti.org (Michael M. Slusarz)
Date: Wed, 25 Mar 2009 16:38:25 -0600
Subject: [imapproxy-info] Discarding IDLE
In-Reply-To: <20090302041855.GE6607@co.sapo.pt>
References: <20090302041855.GE6607@co.sapo.pt>
Message-ID: <20090325163825.0s80c40ggkkk8@bigworm.curecanti.org>

Quoting Jose Celestino <japc at co.sapo.pt>:

> Hi. Anyone knowns what is the rationale for discarding IDLE from the server
> capability ?

Late (and lengthy) response to this question...

IDLE is of limited/no use to a disconnected client because, in theory,  
the disconnected client shouldn't be idling.  In the webmail case, an  
IMAP connection gets a burst of activity all at once and then returns  
to an inactive state.  There is no reason to implement the IDLE  
command because the MUA will not need to track the change of the  
mailbox over the course of the limited amount of time it is connected  
(in webmail clients, less than a second).

And IDLE is not currently useful during the inactive state either.   
First, the current imapproxy procedure.  Let's say the MUA has  
selected the INBOX.  On MUA logout imapproxy returns the IMAP  
connection to the AUTHENTICATED state (via either the UNSELECT or  
SELECT <non-existent-mailbox>).  On the next successful login from the  
MUA, imapproxy will pass control to the IMAP server in the  
AUTHENTICATED state - which is *exactly* what the IMAP client exepects.

IDLE was designed to be used only when a mailbox is selected.  Let's  
use the same example as above with the INBOX.  This time, on logout,  
imapproxy issues a IDLE command (thus, the active proxy connection is  
still connected to INBOX).  Further more, let's assume imapproxy reads  
and stores all IDLE responses returned from the server.  On successful  
login, imapproxy necessarily needs to cancel the IDLE operation.   
imapproxy can then do one of two things.

1. To remain transparent (and thus, by defintion, a proxy), imapproxy  
needs to revert back to the AUTHENTICATED state because that is what  
the IMAP client expects/requires.  However, all the IDLE data becomes  
useless at this point - the various responses received by IDLE are  
useful only if the mailbox is selected.  Thus, imapproxy can't replay  
those messages automatically at login because the IMAP client won't  
know what to do with it (there is no mailbox context).  And we can't  
replay once we select the IDLE'd mailbox because the cache responses  
may no longer be correct and, regardless, much of that information is  
superfluous because SELECT/EXAMINE provides a lot of the information  
needed automatically.

2. Instead, imapproxy could theoretically remain in the mailbox and  
replay all cached responses to the client on login.  However, this  
would require some sort of mechanism whereby the proxy server must  
inform the mail client which mailbox is currently selected.  This is  
bit currently available and would need to be coded by someone.

Theoretically this could be done via an imapproxy specific enabling  
command.  Theoretically it could look something like this:

1. (1st connection) Client connects to imapproxy, issues the following  
UNAUTHENTICATED command:
   C: 1 XPROXY_USEIDLE
   S: 1 OK

2. Client login, SELECTs INBOX, and ends session.
2. Client stores state that he is SELECTed to INBOX
3. Server sends IDLE command in INBOX
4. Client connects to imapproxy and tells imapproxy its cached state  
information:

   S: * OK [CAPABILITY ...]
   C: 1 XPROXY_IDLE username SELECT INBOX
   S: 1 OK

XPROXY_IDLE <username> <SELECT | EXAMINE> <mailbox>
Always responds with OK if IDLE configured on imapproxy.  If not, or  
not using imapproxy, this command would return BAD response

5. Do a normal login.
6. If the proxy's stored state does not match the given XPROXY_IDLE  
state, the imapproxy undoes the IDLE and returns to AUTHENTICATED state.
7. If the proxy's state does match the XPROXY_IDLE state, issue an  
XPROXYIDLEOK response
   S: * OK [XPROXYIDLEOK]
8. Then replay any untagged responses received during the idle and  
close the idle.  Then revert control back to the IMAP server.  The  
IMAP client is responsible for parsing the IDLE responses and updating  
the state information of the mailbox.


However, unless this happens, the IDLE command is of no use to  
imapproxy (and thus, why it is removed from the CAPABILITY list).  it  
is debatable how much (if any) of a performance gain this would be  
over a solution such as QRESYNC.  However, while QRESYNC is the wave  
of the future, very few servers (much less stable servers) currently  
have QRESYNC support.  IDLE is a fairly common extension, so  
implementing this kind of imapproxy IDLE handling may be useful for  
legacy IMAP servers.

michael


From japc at co.sapo.pt  Wed Mar 25 19:30:13 2009
From: japc at co.sapo.pt (Jose Celestino)
Date: Wed, 25 Mar 2009 23:30:13 +0000
Subject: [imapproxy-info] Discarding IDLE
In-Reply-To: <20090325163825.0s80c40ggkkk8@bigworm.curecanti.org>
References: <20090302041855.GE6607@co.sapo.pt>
	<20090325163825.0s80c40ggkkk8@bigworm.curecanti.org>
Message-ID: <20090325233013.GO19073@co.sapo.pt>

Words by Michael M. Slusarz [Wed, Mar 25, 2009 at 04:38:25PM -0600]:
> Quoting Jose Celestino <japc at co.sapo.pt>:
> 
> > Hi. Anyone knowns what is the rationale for discarding IDLE from the server
> > capability ?
> 
> Late (and lengthy) response to this question...
> 
> IDLE is of limited/no use to a disconnected client because, in theory,  
> the disconnected client shouldn't be idling.  In the webmail case, an  
> IMAP connection gets a burst of activity all at once and then returns  
> to an inactive state.  There is no reason to implement the IDLE  
> command because the MUA will not need to track the change of the  
> mailbox over the course of the limited amount of time it is connected  
> (in webmail clients, less than a second).
> 

Ok. If you only use imapproxy for webmail scenarios that's right,
there's no use for idle. But then again the webmail code won't issue an
IDLE either so existing or not an idle on the server CAPABILITY is not
relevant.

> And IDLE is not currently useful during the inactive state either.   
> First, the current imapproxy procedure.  Let's say the MUA has  
> selected the INBOX.  On MUA logout imapproxy returns the IMAP  
> connection to the AUTHENTICATED state (via either the UNSELECT or  
> SELECT <non-existent-mailbox>).  On the next successful login from the  
> MUA, imapproxy will pass control to the IMAP server in the  
> AUTHENTICATED state - which is *exactly* what the IMAP client exepects.
> 

Yes.

> IDLE was designed to be used only when a mailbox is selected.  Let's  
> use the same example as above with the INBOX.  This time, on logout,  
> imapproxy issues a IDLE command (thus, the active proxy connection is  
> still connected to INBOX).  Further more, let's assume imapproxy reads  
> and stores all IDLE responses returned from the server.  On successful  
> login, imapproxy necessarily needs to cancel the IDLE operation.   
> imapproxy can then do one of two things.
> 
> 1. To remain transparent (and thus, by defintion, a proxy), imapproxy  

That's what we do.

x login japcxxxxxx at sapo.pt xxxxxxxxxx
x OK User logged in
x idle
+ idling
^]q

next

x login japcxxxxxx at sapo.pt xxxxxxxxxx
* OK [XPROXYREUSE] IMAP connection reused by imapproxy
* OK [XPROXYIDLING] IMAP IDLE connection was DONE
x OK User logged in
^]q

> However, unless this happens, the IDLE command is of no use to  
> imapproxy (and thus, why it is removed from the CAPABILITY list).  it  

I'm worried with some clients, that have use for IDLE.
And what I fail to understand is why IDLE was explicitly removed. You
have to have a very good reason to fight the inertia and do that.

I can understand that it may be bizarre for some that we use imapproxy
in places other than webmail but it allows us to, for instance:

- share imapd process resources between webmail and desktop imap clients
- keep some control over misbehaving clients
- reduce the load on authentication servers
- hash the same user to the same server (in-house patch) again getting
the most juice from imapd

> is debatable how much (if any) of a performance gain this would be  
> over a solution such as QRESYNC.  However, while QRESYNC is the wave  
> of the future, very few servers (much less stable servers) currently  
> have QRESYNC support.  IDLE is a fairly common extension, so  
> implementing this kind of imapproxy IDLE handling may be useful for  
> legacy IMAP servers.
> 

-- 
Jose Celestino | http://japc.uncovering.org/files/japc-pgpkey.asc
----------------------------------------------------------------
"One man?s theology is another man?s belly laugh." -- Robert A. Heinlein

From slusarz at curecanti.org  Thu Mar 26 13:38:02 2009
From: slusarz at curecanti.org (Michael M. Slusarz)
Date: Thu, 26 Mar 2009 11:38:02 -0600
Subject: [imapproxy-info] Discarding IDLE
In-Reply-To: <20090325233013.GO19073@co.sapo.pt>
References: <20090302041855.GE6607@co.sapo.pt>
	<20090325163825.0s80c40ggkkk8@bigworm.curecanti.org>
	<20090325233013.GO19073@co.sapo.pt>
Message-ID: <20090326113802.gcog8g4woog8@bigworm.curecanti.org>

Quoting Jose Celestino <japc at co.sapo.pt>:

>> 1. To remain transparent (and thus, by defintion, a proxy), imapproxy
>
> That's what we do.
>
> x login japcxxxxxx at sapo.pt xxxxxxxxxx
> x OK User logged in
> x idle
> + idling
> ^]q
>
> next
>
> x login japcxxxxxx at sapo.pt xxxxxxxxxx
> * OK [XPROXYREUSE] IMAP connection reused by imapproxy
> * OK [XPROXYIDLING] IMAP IDLE connection was DONE
> x OK User logged in
> ^]q

If that's really the full list of commands used (i.e. you haven't left  
any SELECT/EXAMINE command out), that usage of IDLE is incorrect.   
 From RFC 2177:

"The IDLE command is sent from the client to the server when the  
client is ready to accept unsolicited mailbox update messages."

Mailbox update messages are not sent in the unselected state. (I'm not  
sure the different IMAP states were defined at the time RFC 2177 was  
written).  If IDLE is meant to serve as a keepalive, NOOP should be  
used instead.

Additionally, what does the XPROXYIDLING (I assume this is a local  
hack) capability get you in this instance for disconnected clients or  
even connected clients that issue an IDLE and then disconnect before  
canceling the IDLE?  Unless the client is aware of this added feature,  
you are just creating additional load for no benefit - since any  
responses from the IDLE command will either be discarded or  
disregarded by the imap client on the next connection.

>> However, unless this happens, the IDLE command is of no use to
>> imapproxy (and thus, why it is removed from the CAPABILITY list).  it
>
> I'm worried with some clients, that have use for IDLE.
> And what I fail to understand is why IDLE was explicitly removed. You
> have to have a very good reason to fight the inertia and do that.
>
> I can understand that it may be bizarre for some that we use imapproxy
> in places other than webmail but it allows us to, for instance:
>
> - share imapd process resources between webmail and desktop imap clients
> - keep some control over misbehaving clients
> - reduce the load on authentication servers
> - hash the same user to the same server (in-house patch) again getting
> the most juice from imapd

I agree that these are instances where imapproxy would be useful for  
both connected and disconnected clients.  So you are correct that  
there is no reason for IDLE to be filtered from the CAPABILITY list -  
if a disconnected client does use IDLE, they do so at their own peril.

My previous message was more of an outline on how the IDLE command  
COULD be leveraged for disconnected clients to gain performance -  
namely a solution where the *client*, rather than the *server*, must  
indicate that it supports disconnected IDLE mode.

michael


From japc at co.sapo.pt  Thu Mar 26 13:59:19 2009
From: japc at co.sapo.pt (Jose Celestino)
Date: Thu, 26 Mar 2009 17:59:19 +0000
Subject: [imapproxy-info] Discarding IDLE
In-Reply-To: <20090326113802.gcog8g4woog8@bigworm.curecanti.org>
References: <20090302041855.GE6607@co.sapo.pt>
	<20090325163825.0s80c40ggkkk8@bigworm.curecanti.org>
	<20090325233013.GO19073@co.sapo.pt>
	<20090326113802.gcog8g4woog8@bigworm.curecanti.org>
Message-ID: <20090326175919.GG6318@co.sapo.pt>

Words by Michael M. Slusarz [Thu, Mar 26, 2009 at 11:38:02AM -0600]:
> Quoting Jose Celestino <japc at co.sapo.pt>:
>
>>> 1. To remain transparent (and thus, by defintion, a proxy), imapproxy
>>
>> That's what we do.
>>
>> x login japcxxxxxx at sapo.pt xxxxxxxxxx
>> x OK User logged in
>> x idle
>> + idling
>> ^]q
>>
>> next
>>
>> x login japcxxxxxx at sapo.pt xxxxxxxxxx
>> * OK [XPROXYREUSE] IMAP connection reused by imapproxy
>> * OK [XPROXYIDLING] IMAP IDLE connection was DONE
>> x OK User logged in
>> ^]q
>
> If that's really the full list of commands used (i.e. you haven't left  
> any SELECT/EXAMINE command out), that usage of IDLE is incorrect.  From 
> RFC 2177:
>
> "The IDLE command is sent from the client to the server when the client is 
> ready to accept unsolicited mailbox update messages."
>
> Mailbox update messages are not sent in the unselected state. (I'm not  
> sure the different IMAP states were defined at the time RFC 2177 was  
> written).  If IDLE is meant to serve as a keepalive, NOOP should be used 
> instead.
>

I know. When no mailbox is selected our imap server (dovecot) IDLEs
without any notifications being issued (it does not call
mailbox_notify_changes()). It is harmless and good for debug because of
less tipying :)

> Additionally, what does the XPROXYIDLING (I assume this is a local hack) 
> capability get you in this instance for disconnected clients or even 
> connected clients that issue an IDLE and then disconnect before canceling 
> the IDLE?  Unless the client is aware of this added feature, you are just 
> creating additional load for no benefit - since any responses from the 
> IDLE command will either be discarded or disregarded by the imap client on 
> the next connection.
>

Debug. Yes, it should be taken out on a future update.

-- 
Jose Celestino | http://japc.uncovering.org/files/japc-pgpkey.asc
----------------------------------------------------------------
"One man?s theology is another man?s belly laugh." -- Robert A. Heinlein

From vgpublic at gmail.com  Thu Mar 26 16:05:10 2009
From: vgpublic at gmail.com (David B)
Date: Thu, 26 Mar 2009 16:05:10 -0400
Subject: [imapproxy-info] UNSELECT issued while not in selected state
Message-ID: <5c61bdcb0903261305y6022e6f1h1655984a17df9eeb@mail.gmail.com>

Hello,
We are using imapproxy 1.2.6 as a proxy to IMAP on z/VM.   Using the latest
version of IMP as our webmail client, we get the following errors (lots of
them) on the IMAP server console:
DTCIMP3000E [imapproxy server IP] Bad command UNSELECT received; connection
state 1
The IMAP server supports the UNSELECT command, I've tested it via a direct
telnet session, and the message does not display if imapproxy is
bypassed.    I believe the UNSELECT command is being sent while the
connection is not in the selected state.

Does anyone have any insight into this issue?

Thanks,
Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/imapproxy-info/attachments/20090326/1844c84e/attachment.html 

From dave64 at andrew.cmu.edu  Thu Mar 26 19:05:46 2009
From: dave64 at andrew.cmu.edu (Dave McMurtrie)
Date: Thu, 26 Mar 2009 19:05:46 -0400
Subject: [imapproxy-info] UNSELECT issued while not in selected state
In-Reply-To: <5c61bdcb0903261305y6022e6f1h1655984a17df9eeb@mail.gmail.com>
References: <5c61bdcb0903261305y6022e6f1h1655984a17df9eeb@mail.gmail.com>
Message-ID: <49CC0A4A.4020402@andrew.cmu.edu>

David B wrote:
> Hello,
> We are using imapproxy 1.2.6 as a proxy to IMAP on z/VM.   Using the latest
> version of IMP as our webmail client, we get the following errors (lots of
> them) on the IMAP server console:
> DTCIMP3000E [imapproxy server IP] Bad command UNSELECT received; connection
> state 1
> The IMAP server supports the UNSELECT command, I've tested it via a direct
> telnet session, and the message does not display if imapproxy is
> bypassed.    I believe the UNSELECT command is being sent while the
> connection is not in the selected state.
> 
> Does anyone have any insight into this issue?

There's no real mystery to this one.  imapproxy will send an UNSELECT 
(or it will EXAMINE a null mailbox if the server doesn't support 
UNSELECT) to the imap server every time a client logs out regardless of 
whether it's in selected state or not.  It does this to guarantee that 
the server will be in unselected state should a client reconnect, since 
that's really what a stateless client is expecting.  Whether or not the 
server was in selected state to begin with doesn't much matter, since 
the end result will be that it will be in the desired unselected state 
afterward.

Having said that, since more than one person has complained about this 
behavior, and since this behavior is not strictly correct, I guess I 
should probably do something about it.

I'll shove out the next version early next week, then start looking 
through the ton of patches I recently received.  Among that work, I will 
also look into changing the behavior you report here.

Thanks,

Dave
-- 
Dave McMurtrie, SPE
Email Systems Team Leader
Carnegie Mellon University,
Computing Services