[Dovecot] Time moved backwards

Eugene genie at geniechka.ru
Wed May 14 21:20:09 EEST 2008 

Hi people,

> From: Adam McDougall <mcdouga9 at egr.msu.edu>
> I would just like to mention a circumstance that happened to me this
> Sunday.  We had a total power outage in our building, longer than our
> UPS's could last and we don't have a generator for servers (nor is it
> economical or needed).  When the power came back on, my local NTP server
> came on at the same time as my mail servers, as well a majority of my
> other servers.  My servers tried to step their time to be in sync with
> my local NTP server, which was still busy trying to sync itself with
> outside sources, which takes a while, so my mail servers did not get an
> answer.  Later, dovecot died because the time finally synced, and I
> found out why pretty quick (have seen this before) but this was an
> unusual situation.
>
> My point is, we had an unusual circumstance, and even though I've taken
> steps to have my mail servers sync their time at boot and run ntpd
> afterwards, there are some circumstances in which this is not enough,
> and dovecot still died.  Its not always because someone was lazy about
> their time setup.

My point exactly. It's amazing how some people are quick to ramble about 
someone else's administrative incompetence without taking time to read the 
situation. (One person even suggested hacking the dovecot startup script to 
run ntpdate -- useless as ntpd already occupies the ports).

Fact is, ntpd can take unpredictable delay before the initial time-step. 
Delay that can't be controlled, and it would be unreasonable to delay 
starting mail services until it is guaranteed to complete. Then, dovecot 
dies, and admin (who is not always immediately available) has to start it 
manually anyway (especially as it is not clear what to do with possibly 
unsynced timestamps) -- only after the unnecessary downtime.
So, the question is: why on earth can't we add a single line of code to 
dovecot to restart itself after terminating?

Kind of reminds me of the "fsck_y_enable=YES" option in rc.conf. Without it, 
if fsck does not like someting during reboot, the server would just sit 
there in single-user prompt, waiting for (expensive) console operations.

Best wishes
Eugene

More information about the dovecot mailing list