Send to KindleI run my own server for a variety of things, and I’m the SA (SysAdmin). I get a kick out of it, so I don’t find it to be a grind.
One of the things that I run is a Jabber server. On my laptop, I use GAIM to connect to it. I’ve been running it for a long time, and for the most part, I really like GAIM as a client, and Jabber as a service. Unfortunately, if I’m on for my typical 12 hour day, GAIM will lose it’s connection to my server at least 10 times. It reconnects within a few seconds, but every one on my buddy list sees me “flapping” (logging off and then back on).
It has been really annoying, but I never spent even one minute trying to track it down. I assumed that either GAIM was flakey, or the Jabber server I was running was flakey, etc.
For many reasons (most of them more paranoid than sound), I have strongly resisted running IMAP as my main email protocol. As a result, I use POP to retrieve my emails, and back up my files on to external USB disks. For those of you who have read my past posts, you’ll know that I spent an absurd amount of time playing with SPAM filtering over the past 1-2 months.
As a result, I ended up with a rhythm that I like. All suspicious mail gets auto-filtered into IMAP folders (yes, IMAP, because it’s not intended to stay on the server), and all good mail continues to be polled and pulled continuously via POP. Whenever I want to check on my spam, I open up the IMAP folders, scan them quickly, and either dispose of the spam permanently, or drag a good email into my inbox, etc.
When I first started, it worked fine. Then I started doing it for Lois as well (with equally good results). After a week or two, IMAP started hanging relatively frequently. It always worked, but it was way more annoying than the GAIM disconnect/reconnect dance. In the case of IMAP, I was actively clicking on something because I was ready to process it, and the hangs (even if they were only 30 seconds in length) were killing me!
So, I googled a bit, and discovered a likely culprit. Courier-imap (which I have been very happy with forever) has a configuration variable that by default, only permits 4 simultaneous connections from a single IP. Of course, since I was NAT’ed, all of my connections were coming from the same IP. I was proud of myself for finding this, and I upped the variable and restarted Courier-imap. It seemed to work. However, after a few days (and perhaps more folders and clicks), it started to reliably hang again.
I upgraded to the latest Courier-imap with no change. This was too maddening. So, I started watching the /var/log/messages file. When I was hanging, I was seeing a number of IPTABLES log messages being spewed. It turns out that packets from my laptop were being dropped (rejected!). Huh? My firewall is supposed to let me in, not keep me out!
So, the specific packets were dropped for being in the state “NewNotSyn” (you can google it yourself if you care) 😉
After some serious googling, it turns out that this is a known problem in two frequent configurations:
- Two firewalls in between the client and application (this is true for me)
- Microsoft Networking being the client, with Linux being the server (oops, that’s me too).
So, after changing my firewall config a bit, IMAP never hangs any longer (yeah, that’s right, never). As a bonus, in three days since I’ve made the change, GAIM has only flapped once (perhaps twice). GAIM still seems overly sensitive to any network hiccup, but it’s clear that the dropped packets were killing GAIM, whereas Thunderbird’s IMAP implementation kept trying relentlessly, and eventually always reconnected…
Whew. If I hadn’t started mucking with spam filters, then I wouldn’t have started using IMAP, then I wouldn’t have started hanging on IMAP, then I wouldn’t have discovered the dropped packets, and I wouldn’t have solved my long-standing, long-suffering GAIM problem.
Another happy ending. 🙂
Leave a Reply