Re: [Dovecot] Mail.app IDLE support

On 14/11/2007, at 14.21, Jason Fesler wrote:

...

Any hint on how to use tcpdump to only grab the interesting parts?

tcpdump port 143

or whatever.

...

My knowledge of tcpdump is very limited and I only seem to be able
to get a lot of noise out of it.

Look at ngrep - it lets you use both tcpdump expressions, *and*
further filter by regular expression. And, it shows ascii output
instead of all the hex crap - makes it a lot easier to follow ascii
based protocols.

Either way, you'll want to disable SSL on the client, so that you
can see the traffic properly. :-)

I installed dovecot 1.0.7 on my leopard laptop, disabled SSL and
started it on the loopback device. Then I connected to it from Mail.app using IMAP and the IDLE option in
Mail.app, while running:

tcpdump -A -s 0 -i lo0 'tcp port imap and (((ip[2:2] -
((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' > dump.txt

Here is what initially came out of the dump:

<cut a lot of stuff>

14:46:52.589999 IP localhost.50770 > localhost.imap: P 394:404(10) ack
1237 win 65535 E..>..@.@............R...V?2(k.......2..... ...5...57.2 IDLE

14:46:52.590346 IP localhost.imap > localhost.50770: P 1237:1247(10)
ack 404 win 65535 E..> .@.@..............R(k...V?<.....2..... ...5...5+ idling

14:46:57.448879 IP localhost.imap > localhost.50777: P
355780982:355781003(21) ack 2104750877 win 65535 497198950 497198950> E..I..@.@..............Y.4.v}s.......=..... ...f...f* OK Dovecot ready.

14:46:57.459450 IP localhost.50777 > localhost.imap: P 1:17(16) ack 21
win 65535 E..D..@.@............Y..}s...4.......8..... ...f...f1.6 CAPABILITY

14:46:57.459654 IP localhost.imap > localhost.50777: P 21:187(166) ack
17 win 65535 E.....@.@..............Y.4..}s.-........... ...f...f* CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES
MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS
AUTH=PLAIN 1.6 OK Capability completed.

<and a lot of more stuff and finally it came to a halt>

14:46:57.542907 IP localhost.imap > localhost.50772: P 449:525(76) ack
209 win 65535 E...w.@.@..............T.E....o`.....t..... ...g...g* STATUS "Deleted Messages" (UIDNEXT 3 UNSEEN 0) 7.3 OK Status completed.

14:48:52.590857 IP localhost.imap > localhost.50770: P 1247:1264(17)
ack 404 win 65535 E..EI.@.@..............R(k...V?<.....9..... .......5* OK Still here

14:50:52.590661 IP localhost.imap > localhost.50770: P 1264:1281(17)
ack 404 win 65535 E..E..@.@..............R(k...V?<.....9..... ........* OK Still here

14:52:52.590964 IP localhost.imap > localhost.50770: P 1281:1298(17)
ack 404 win 65535 E..E..@.@..............R(k...V?<.....9..... ........* OK Still here

The above shows the only time IDLE is every used (except when Mail.app
asks for the capabilities of the server). Somewhere after 14:46:57, but before 14:48:52, I copied (since I have
no SMTP server running on my laptop) a new mail into the new directory
of the maildir I subscribed to. But as you can see from the above,
somehow dovecot failed to notice the new mail. I don't use (d/i)notify or kqueue, but I did set dovecot up to check
every 30 sec, which it obviously didn't. Btw. the mail arrives fine if I manually check for new mail in Mail.app.

I can provide the full dump above if anybody thinks it is going to be
useful?

Martin