Hi all; I've upgraded a ring of dovecot directors from 2.2.15 to 2.2.36. After the upgrade I've got some instability: a few time per day per server, seemly at random, the auth process stop responding and the clients cannot authenticate any more:
Sep 6 14:45:51 imap-front13 dovecot: pop3-login: Warning: Auth process not responding, delayed sending initial response (greeting): user=<>, rip=xx.xx.xx.xx, lip=xx.xx.xx.xx, TLS, session=<1HVqRTN10MNTie+S>
I can't figure it out.... Any hints?
This is my configuration:
# 2.2.36 (1f10bfa63): /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 Debian 7.11 # Hostname: imap-front13.mailfarm.interac.it auth_mechanisms = plain login digest-md5 cram-md5 apop scram-sha-1 auth_verbose = yes auth_verbose_passwords = plain auth_worker_max_count = 50 base_dir = /var/run/dovecot/ default_login_user = nobody director_doveadm_port = 9091 director_mail_servers = 192.168.1.142 192.168.1.143 192.168.1.144 192.168.1.145 192.168.1.216 192.168.1.217 192.168.1.218 192.168.1.219 director_servers = 212.183.164.157 212.183.164.158 212.183.164.159 212.183.164.160 listen = * passdb { args = /usr/local/etc/dovecot/sql.conf driver = sql } protocols = imap pop3 service director { fifo_listener login/proxy-notify { mode = 0666 } inet_listener { port = 9090 } unix_listener director-userdb { mode = 0600 } unix_listener login/director { mode = 0666 } } service imap-login { executable = imap-login director service_count = 0 vsz_limit = 128 M } service pop3-login { executable = pop3-login director service_count = 0 vsz_limit = 128 M } ssl_cert = </usr/local/etc/dovecot/qcom.wildcard.pem ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM- SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA- AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128- SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128- SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256- SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS- AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256- SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:! MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA ssl_dh_parameters_length = 2048 ssl_key = # hidden, use -P to show it ssl_parameters_regenerate = 1 weeks ssl_prefer_server_ciphers = yes ssl_protocols = !SSlv2 !SSLv3 syslog_facility = local5 userdb { driver = prefetch }
-- *Simone Lazzaris* *Qcom S.p.A.*