search for: 9090

We just had a bunch of backend boxes go down due to a DDoS in our director cluster. When the DDoS died down, our director ring was a mess. Each box had thousands (and hundreds per second, which is a bit much) of log lines like the following: Apr 03 19:59:29 director: Warning: director(10.1.20.10:9090/left): Host 10.1.17.15 is being updated before previous update had finished (up -> down) - setting to state=down vhosts=100 Apr 03 19:59:29 director: Warning: director(10.1.20.10:9090/left): Host 10.1.17.15 is being updated before previous update had finished (down -> up) - setting to state=u...

...a DDoS in our >> director cluster. When the DDoS died down, our director ring was a mess. >> >> Each box had thousands (and hundreds per second, which is a bit much) of >> log lines like the following: >> >> Apr 03 19:59:29 director: Warning: director(10.1.20.10:9090/left): Host >> 10.1.17.15 is being updated before previous update had finished (up -> >> down) - setting to state=down vhosts=100 >> Apr 03 19:59:29 director: Warning: director(10.1.20.10:9090/left): Host >> 10.1.17.15 is being updated before previous update had finished...

...end boxes go down due to a DDoS in our director > cluster. When the DDoS died down, our director ring was a mess. > > Each box had thousands (and hundreds per second, which is a bit much) of > log lines like the following: > > Apr 03 19:59:29 director: Warning: director(10.1.20.10:9090/left): Host > 10.1.17.15 is being updated before previous update had finished (up -> > down) - setting to state=down vhosts=100 > Apr 03 19:59:29 director: Warning: director(10.1.20.10:9090/left): Host > 10.1.17.15 is being updated before previous update had finished (down -> >...

...2.168.0.150 192.168.0.151 director_user_expire = 15 min service director { unix_listener login/director { mode = 0666 } fifo_listener login/proxy-notify { mode = 0600 user = $default_login_user } unix_listener director-userdb { mode = 0600 } inet_listener { port = 9090 } } service ipc { unix_listener ipc { user = $default_login_user } } Here 10.0.50.50 is node1, 10.0.50.51 is node2 # ring status on node1 director ip port type last failed 10.0.50.50 9090 self never 10.0.50.51 9090 never # ring status on node2 director ip port type last fai...

...--- --- -------- |Sip Softphone|-------|Internet|--------|F.W|-----|Asterisk| ------------- -------- --- -------- IP addresses: a.b.c.d q.w.e.r The SIP softphone(x-lite) is configured to register with the asterisk server through port 9090 (Domain q.w.e.r:9090).Firewall(F.W) is setup as the outbound proxy for the softphone(Outbound proxy a.b.c.d:9090). Authentication credentials for the softphone match the user registered in asterisk's sip.conf. F.W runs Kamailio and rtpproxy, with Kamailio listening on port 5060. The asteri...

Folks I'd love to use Cockpit, but I cannot open port 9090 for the access in all cases. I'd like to access it via my usual http port (such as 80) where I'm limited to a single HTTP port. I understand the security implications, and can deal with them later. My attempt was to allow the following URL to access the cockpit functionality: http...

...00 to 0 Sep 11 03:24:55 imap-front4 dovecot: director: doveadm: Host 192.168.1.218 vhost count changed from 100 to 0 Sep 11 03:24:55 imap-front4 dovecot: director: doveadm: Host 192.168.1.216 vhost count changed from 100 to 0 Sep 11 03:24:55 imap-front4 dovecot: director: director(212.183.164.161:9090/right): Host 192.168.1.145 vhost count changed from 100 to 0 Sep 11 03:24:55 imap-front4 dovecot: director: doveadm: Host 192.168.1.217 vhost count changed from 100 to 0 Sep 11 03:24:55 imap-front4 dovecot: director: doveadm: Host 192.168.1.144 vhost count changed from 100 to 0 Sep 11 03:24:55 i...

Hi Timo & everyone, I'm trying out a 2-node director setup, but I keep getting the following error: Oct 3 16:11:29 imapdir1 dovecot: master: Dovecot v2.0.15 starting up (core dumps disabled) Oct 3 16:11:34 imapdir1 dovecot: director: Error: connect(132.198.100.150:9090) failed: Invalid argument Oct 3 16:11:41 imapdir1 last message repeated 3 times Both nodes report this error. The director on each node is listening on port 9090 just fine: > [root at imapdir1 ~]# nc imapdir2 9090 > VERSION director 1 0 > ME 127.0.0.1 9090 >...

...(director2) directors.<domain> has IPv6 address 2001:x:y:f33::5:1 (director1) directors.<domain> has IPv6 address 2001:x:y:f33::5:2 (director2) But connecting the the neighbor director gives: Oct 13 21:23:29 director1 dovecot: director: Warning: Director 2001:x:y:f33::5:2:9090/left disconnected us with reason: Invalid input: ME 149.x.y.96 9090 Oct 13 21:23:29 director1 dovecot: director: Error: director(149.x.y.97:9090/out): connect() failed: Connection refused Oct 13 21:23:29 director1 dovecot: director: Warning: net_connect_ip(): ip->family != my_ip->family Oct 1...

Some more information: the issue has just occurred, again on an instance without the "service_count = 0" configuration directive on pop3-login. I've observed that while the issue is occurring, the director process goes 100% CPU. I've straced the process. It is seemingly looping: ... ... epoll_ctl(13, EPOLL_CTL_ADD, 78, {EPOLLIN|EPOLLPRI|EPOLLERR|EPOLLHUP, {u32=149035320,

...es from the other director running. The other one > is using an unpatched version of dovecot. Your patch for backend-certificate verification works. Thank you for the good and fast work. Is there any chance that this will make it into Dovecot's next release? BTW: The ambiguity of 2001:db8::9090 remains. Shouldn't you allow [2001:db8::]? resp [2001:db8::9090]? resp. [2001:db8::]:9090? for such cases? (In case one want's to use IPv6 addresses instead of hostnames in the director_servers option. (And probably in other places too.)) ?) Address ?) Address:Port Best regards from D...

I have two iptable rules for userspace modification : iptable -t mangle -A PREROUTING -p udp --dport 9090 -j NFQUEUE iptable -t mangle -A OUTPUT -p udp --sport 9090 -j NFQUEUE I have the following network setup: client ---------------->Linux Box or router--------------------->server. What i'm trying to achieve is modifying all packets which comes from client to 9090 port of the Linux Box...

Hi, I'm using cockpit in standard port 9090 in a Centos 7 system. Due to a suggestion from management, they want TLS 1.1 disabled system-wide in all Linux boxes and TLS 1.2 enabled. I have not found proper documentation on how to disable it for cockpit (version 195.1 ships with Centos 7) So far I have tried (https://cockpit-project.org/gui...

Heiko Schlittermann <hs at schlittermann.de> (Mi 14 Okt 2015 00:10:50 CEST): > Timo Sirainen <tss at iki.fi> (Di 13 Okt 2015 23:49:20 CEST): > ? > > > > Proxying in general does check that hostname matches the SSL certificate, because both the hostname and IP address are sent to login process. So it should work in a way that host=<hostname> and

...rs.<domain> has IPv6 address 2001:x:y:f33::5:1 (director1) > directors.<domain> has IPv6 address 2001:x:y:f33::5:2 (director2) > > But connecting the the neighbor director gives: > > Oct 13 21:23:29 director1 dovecot: director: Warning: Director 2001:x:y:f33::5:2:9090/left disconnected us with reason: Invalid input: ME 149.x.y.96 9090 > Oct 13 21:23:29 director1 dovecot: director: Error: director(149.x.y.97:9090/out): connect() failed: Connection refused > Oct 13 21:23:29 director1 dovecot: director: Warning: net_connect_ip(): ip->family != my_ip->fa...

...the other director instance, it seems to work. Tomorrow I'll do more testing. Good work, thank you. BTW: I've put there an IPv6 address into the director_servers list (not an DNS name). director_servers = 2001:x:y:f33::5:1 ? inet_listener { address = :: port = 9090 } it doesn't recognize itself: Oct 14 01:06:13 director1 dovecot: director: Fatal: director_servers doesn't list ourself director_servers = 2001:x:y:f33::5:1:9090 ? inet_listener { address = :: port = 9090 } works, but is ambigous, isn't it? Shoul...

...LS1.0 Environment=G_TLS_GNUTLS_PRIORITY=SECURE192:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2 And my last one: Environment=G_TLS_GNUTLS_PRIORITY=NONE:+SECURE128:-VERS-ALL:-SHA384:-SHA256 systemctl daemon-reload systemctl restart cockpit [root at cockpit ~]# echo test | openssl s_client -connect localhost:9090 -tls1_1 2>&1 | grep -e Protocol -e Cipher New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA Protocol : TLSv1.1 Cipher : ECDHE-RSA-AES256-SHA [root at cockpit ~]# echo test | openssl s_client -connect localhost:9090 -tls1_2 2>&1 | grep -e Protocol -e Cipher New, TLSv1/SSLv...

...ce. Dec 27 16:23:21 cockpit.localdomain cockpit-ws[3573]: Using certificate: /etc/cockpit/ws-certs.d/0-self-signed.cert Dec 27 16:23:30 cockpit.localdomain cockpit-ws[3573]: received invalid HTTP request line [root at cockpit ~]# [root at cockpit ~]# echo test | openssl s_client -connect localhost:9090 -tls1_1 2>&1 | grep -e Protocol -e Cipher New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA Protocol : TLSv1.1 Cipher : ECDHE-RSA-AES256-SHA On Fri, Dec 27, 2019 at 10:09 AM Randal, Phil <phil.randal at hoopleltd.co.uk> wrote: > > Oops, excuse my typo > > Create...

...ecot proxy. I upgraded one server to 2.3.1 and got the configs fixed so far that it started again. But when I tried to add it into the proxying again with "doveadm director add" I see the following in the logfiles: May 6 07:19:30 host dovecot: director: Warning: Director xxx.xxx.xxx.176:9090/out disconnected us with reason: Invalid input: OPTIONS May 6 07:19:30 $host dovecot: director: Connecting to xxx.xxx.xxx.171:9090 (as xxx.xxx.xxx.176): Reconnecting after error xxx.xxx.xxx.176 is the upgraded host, xxx.xxx.xxx.171 is one of the other hosts (the applicable hosts are in the range...

On Thu, Feb 23, 2017 at 3:15 PM, Timo Sirainen <tss at iki.fi> wrote: > On 24 Feb 2017, at 0.08, Mark Moseley <moseleymark at gmail.com> wrote: > > > > As someone who is about to begin the process of moving from maildir to > > mdbox on NFS (and therefore just about to start the 'director-ization' of > > everything) for ~6.5m mailboxes, I'm