[Dovecot] dovecot sasl with postfix: SASL LOGIN authentication failed: Connection lost to authentication server
David Jonas
djonas at vitalwerks.com
Tue May 1 05:28:28 EEST 2012
When using dovecot (2.1.5) sasl with postfix (2.8.4) behind nginx smtp
proxy I am seeing a ton of errors of the form:
postfix/smtpd[7731]: warning: unknown[192.168.0.6]: SASL LOGIN
authentication failed: Connection lost to authentication server
Nothing is printed by dovecot in the logs regarding the error. It seems
that dovecot just hung up on postfix. (side note: no, can't use xclient
in nginx/postfix. But perhaps soon.)
After much digging I thought I solved it with:
login_trusted_networks = 172.20.20.0/24
mail_max_userip_connections = 0
This seems safe enough because dovecot is only providing sasl to
postfix, no connections to the outside world.
But the error is still happening.
# doveadm penalty
IP penalty last_penalty last_update
172.20.20.61 1 2012-04-30 19:15:56 19:15:56
strace on the anvil process shows a lot of GETs and INCs:
18:54:06 read(14, "PENALTY-GET\t172.20.20.61\n", 397) = 25 <0.000016>
18:54:06 write(14, "1 1335837245\n", 13) = 13 <0.000029>
A two minute survey showed penalty distribution:
0: 60%
1: 15%
2: 18%
3: 8%
Finally I just disabled penalties with the info from
http://www.dovecot.org/list/dovecot/2011-December/062631.html
and that seemed to do it. Is there a better way?
This took me a long time to run down so I tried to make this message
detailed enough that others with similar problems will stumble upon it.
More information about the dovecot
mailing list