[Dovecot] Sudden, large numbers of "Timeout while waiting for lock for transaction log ..."

Jack Stewart jstewart at caltech.edu
Fri Jan 9 20:04:45 EET 2009


Jack Stewart wrote:
> 
>>>>
>>> Yes, the indexes are also on NFS.
>>>
>>> The locking is fcntl() - the default.
>>
>> I'm guessing that's the problem. NFS locking seems to break/hang
>> randomly sometimes. Can you somehow restart the NFS server locking
>> daemon?
>>
> 

I changed the /etc/hosts.allow so that any connection from the server is 
allowed (i.e. ALL: server_ip). This may only be specific to redhat 
enterprise 5. Since making this change the error message in the log 
files has gone away - not only for our IMAP servers but also for some 
Xen servers that were logging the same errors.

The core problem appears to be that portmapper/nlockmgr uses tcpwrappers 
or /etc/hosts.allow to determine if connections are accepted.

On occasion, the NFS server initiates a connection to nlockmgr on the 
client. It appears this communication is used to make sure locking 
information is accurate.

I have not found a bullet proof method of restricting the ports for 
nlockmgr so 'ALL: server_ip' ensures that a communication to nlockmgr is 
possible. IP Tables still apply so the risk to the system is minimal.

A strange problem, but I figure that people should know. Not as annoying 
as the out of the box telnet vulnerability in Solaris 10, but close.

---Jack


More information about the dovecot mailing list