Jack Stewart wrote:
Yes, the indexes are also on NFS.
The locking is fcntl() - the default.
I'm guessing that's the problem. NFS locking seems to break/hang randomly sometimes. Can you somehow restart the NFS server locking daemon?
I changed the /etc/hosts.allow so that any connection from the server is allowed (i.e. ALL: server_ip). This may only be specific to redhat enterprise 5. Since making this change the error message in the log files has gone away - not only for our IMAP servers but also for some Xen servers that were logging the same errors.
The core problem appears to be that portmapper/nlockmgr uses tcpwrappers or /etc/hosts.allow to determine if connections are accepted.
On occasion, the NFS server initiates a connection to nlockmgr on the client. It appears this communication is used to make sure locking information is accurate.
I have not found a bullet proof method of restricting the ports for nlockmgr so 'ALL: server_ip' ensures that a communication to nlockmgr is possible. IP Tables still apply so the risk to the system is minimal.
A strange problem, but I figure that people should know. Not as annoying as the out of the box telnet vulnerability in Solaris 10, but close.
---Jack