[Dovecot] Sudden, large numbers of "Timeout while waiting for lock for transaction log ..."
Jack Stewart
jstewart at caltech.edu
Fri Jan 9 20:04:45 EET 2009
Jack Stewart wrote:
>
>>>>
>>> Yes, the indexes are also on NFS.
>>>
>>> The locking is fcntl() - the default.
>>
>> I'm guessing that's the problem. NFS locking seems to break/hang
>> randomly sometimes. Can you somehow restart the NFS server locking
>> daemon?
>>
>
I changed the /etc/hosts.allow so that any connection from the server is
allowed (i.e. ALL: server_ip). This may only be specific to redhat
enterprise 5. Since making this change the error message in the log
files has gone away - not only for our IMAP servers but also for some
Xen servers that were logging the same errors.
The core problem appears to be that portmapper/nlockmgr uses tcpwrappers
or /etc/hosts.allow to determine if connections are accepted.
On occasion, the NFS server initiates a connection to nlockmgr on the
client. It appears this communication is used to make sure locking
information is accurate.
I have not found a bullet proof method of restricting the ports for
nlockmgr so 'ALL: server_ip' ensures that a communication to nlockmgr is
possible. IP Tables still apply so the risk to the system is minimal.
A strange problem, but I figure that people should know. Not as annoying
as the out of the box telnet vulnerability in Solaris 10, but close.
---Jack
More information about the dovecot
mailing list