auth: Error - Request timed out
Hajo Locke
Hajo.Locke at gmx.de
Tue May 29 11:35:51 EEST 2018
Hello,
Am 29.05.2018 um 09:22 schrieb Aki Tuomi:
>
> On 29.05.2018 09:54, Hajo Locke wrote:
>> Hello List,
>>
>> i use dovecot 2.2.22 and have the same problem described here:
>> https://dovecot.org/pipermail/dovecot/2017-November/110020.html
>>
>> I can confirm that sometimes there is a problem with connection to
>> mysql-db, but sometimes not.
>> Reasons for failing are still under investigation by my mates.
>>
>> My current main problem is, that this fail seems to be a one way
>> ticket for dovecot. Even if mysql is verifyable working again and
>> waiting for connection dovecot stucks furthermore with errors like this:
>>
>> May 29 07:00:49 hostname dovecot: auth: Error:
>> plain(mail at example.com,xxx.xxx.xx.xxx,<HGI4FVFt2Oy80j3P>): Request
>> 999.7 timed out after 150 secs, state=1
>>
>> When restarting dovecot all is immediately working again.
>> Is there a way to tell dovecot to restart auth services or
>> reinitialize mysql-connection after these hard fails? I could insert
>> "idle_kill = 1 mins" into service auth and service auth-worker, but i
>> dont know if this would work. Unfortunately i am not able to reproduce
>> this error and there are always a couple of days between errors.
>>
>> Thanks,
>> Hajo
>>
>>
> Hi!
>
> I was not able to repeat this problem using 2.2.36. Can you provide
> steps to reproduce?
>
> May 29 10:20:24 auth: Debug: client in: AUTH 1 PLAIN
> service=imap secured session=XtpgEVNtQeUAAAAAAAAAAAAAAAAAAAAB
> lip=::1 rip=::1 lport=143 rport=58689 resp=<hidden>
> May 29 10:20:24 auth-worker(31098): Debug:
> sql(test at domain.org,::1,<XtpgEVNtQeUAAAAAAAAAAAAAAAAAAAAB>): query:
> SELECT userid AS username, domain, password FROM users WHERE userid =
> 'test' AND domain = 'domain.org'
> May 29 10:20:54 auth-worker(31098): Warning: mysql: Query failed,
> retrying: Lost connection to MySQL server during query (idled for 28 secs)
> May 29 10:20:59 auth-worker(31098): Error: mysql(127.0.0.1): Connect
> failed to database (dovecot): Can't connect to MySQL server on
> '127.0.0.1' (4) - waiting for 5 seconds before retry
> May 29 10:21:04 auth-worker(31098): Error: mysql(127.0.0.1): Connect
> failed to database (dovecot): Can't connect to MySQL server on
> '127.0.0.1' (4) - waiting for 5 seconds before retry
> May 29 10:21:14 auth: Debug: auth client connected (pid=31134)
> May 29 10:21:14 imap-login: Warning: Growing pool 'imap login commands'
> with: 1024
> May 29 10:21:14 auth-worker(31098): Error: mysql(127.0.0.1): Connect
> failed to database (dovecot): Can't connect to MySQL server on
> '127.0.0.1' (4) - waiting for 25 seconds before retry
>
> This is what it looks like for me and after restoring connectivity, it
> started working normally.
Unfortunately i can not reproduce. Servers running well for days or
sometimes weeks and then it happens one time. I can provide some more logs.
This is an error with mysql involvement:
May 29 06:56:59 hostname dovecot: auth-worker(1099): Error:
mysql(xx.xx.xx.xx): Connect failed to database (mysql): Can't connect to
MySQL server on 'xx.xx.xx.xx' (111) - waiting for 1 seconds before retry
.
. some more of above line
.
May 29 06:56:59 hostname dovecot: auth-worker(1110): Error:
sql(mail at example.com,xx.xx.xx.xx): Password query failed: Not connected
to database
May 29 06:56:59 hostname dovecot: auth: Error: auth worker: Aborted
PASSV request for mail at example.com: Internal auth worker failure
May 29 06:57:59 hostname dovecot: auth-worker(1099): Error: mysql: Query
timed out (no free connections for 60 secs): SELECT `inbox` as `user`,
`password` FROM `mail_users` WHERE `login` = 'username' AND `active`='Y'
May 29 06:59:30 hostname dovecot: auth: Error:
plain(username,xx.xx.xx.xx,<jc9yEFFtXcJXmx0F>): Request 999.2 timed out
after 151 secs, state=1
.
. much more of these lines with Request timed out
.
At this point my mates restartet dovecot and all worked well
immediately. Mysql performed a short restart at 6:56 and dovecot was not
able to reconnect for about 10 mins until my mates did the restart. I
could not reproduce the problem by manually restarting of mysql, this
worked well.
This is an error without visible mysql involvement:
.
. lines of normal imap/pop activity
.
May 29 05:43:03 hostname dovecot: imap-login: Error: master(imap): Auth
request timed out (received 0/12 bytes)
May 29 05:43:03 hostname dovecot: imap-login: Internal login failure
(pid=1014 id=16814) (internal failure, 1 successful auths):
user=<username>, method=PLAIN, rip=xx.xx.xx.xx, lip=xx.xx.xx.xx, TLS
May 29 05:43:03 hostname dovecot: imap: Error: Login client disconnected
too early
May 29 05:44:03 hostname dovecot: auth: Error:
plain(username,xx.xx.xx.xx,<Wry1AlBt7couU7FV>): Request 1014.16815 timed
out after 150 secs, state=1
May 29 05:44:08 hostname dovecot: imap: Error: Auth server request timed
out after 155 secs (client-pid=1014 client-id=16814)
May 29 05:44:33 hostname dovecot: imap-login: Disconnected: Inactivity
during authentication (disconnected while authenticating, waited 180
secs): user=<>, method=PLAIN, rip=xx.xx.xx.xx, lip=xx.xx.xx.xx, TLS:
Disconnected
May 29 05:46:07 hostname dovecot: auth: Error:
plain(mail at example.com,xx.xx.xx.xx,<j2cWClBtVf3Z+t+p>): Request
1014.16819 timed out after 150 secs, state=1
.
. and so on until restart
.
There is no errorlog in relation to mysql written by dovecot.
We use 2.2.22 because this version is provided with Ubuntu 16.04 and
Ubuntu Team is maintaining software and providing security patches,
which happens 2017 and 2018 a couple of times. By manually compiling and
using newer versions you have to check updates by yourself and you are
forced to run every single update. Our goal is reliability which
contradicts to use of bleeding edge software.
This is output of current doveconf -n
# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.13 (7b14904)
# OS: Linux 4.4.0-127-generic x86_64 Ubuntu 16.04.4 LTS
auth_mechanisms = plain login
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@üÜöÖäÄ
auth_worker_max_count = 60
disable_plaintext_auth = no
imap_capability = +XLIST
lock_method = flock
login_greeting = mailserver ready.
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
mail_cache_min_mail_count = 30
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_max_userip_connections = 30
mbox_read_locks = dotlock
mbox_very_dirty_syncs = yes
namespace inbox {
inbox = yes
location =
mailbox Archiv {
auto = no
special_use =
}
mailbox Drafts {
auto = no
special_use =
}
mailbox Junk {
auto = no
special_use =
}
mailbox Sent {
auto = no
special_use =
}
mailbox Trash {
auto = no
special_use =
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
user = root
}
service imap-login {
executable = /usr/lib/dovecot/imap-login
process_min_avail = 1
service_count = 0
user = dovecot
}
service imap {
process_limit = 1024
}
service pop3-login {
executable = /usr/lib/dovecot/pop3-login
process_min_avail = 1
service_count = 0
user = dovecot
}
service pop3 {
executable = /usr/lib/dovecot/pop3
process_limit = 1024
}
shutdown_clients = no
ssl_ca = </path/path/cert.pem
ssl_cert = </path/path/cert.pem
ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
ssl_dh_parameters_length = 2048
ssl_key = </path/path/cert.pem
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3
userdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
verbose_proctitle = yes
protocol imap {
imap_client_workarounds = delay-newmail
mail_plugins = mail_log notify
ssl = yes
}
protocol pop3 {
pop3_client_workarounds = oe-ns-eoh outlook-no-nuls
pop3_no_flag_updates = no
pop3_uidl_format = %08Xu%08Xv
ssl = yes
}
I hope you have some hints. I dislike to monitor this with fail2ban and
do hard restarts.
> Aki
>
Thanks,
Hajo
More information about the dovecot
mailing list