Hello,
I've just found that if vpopmail is compiled with --enable-roaming-users=y, but tcprules binary is missing there is kind of denial of service situation, which is not very obvious for debugging.
I know this is result of misconfiguration and I suppose this is more of a vpopmail() bug, but it is somewhat hard to debug and causes greater harm to dovecot long running auth process than vpopmail's short living vchkpw process.
Symptoms
Login to dovecot imap takes very long time. There are auth processes in D state:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 9873 0.0 0.0 2884 1396 ? D 14:04 0:00 dovecot/auth -w root 11292 0.0 0.0 2884 1396 ? S 14:25 0:00 \_ dovecot/auth -w
Cause
When new user has to be authenticated from vpopmail, the sequence of events goes something like this:
libexec/dovecot/auth -w process is doing the authentication (passdb-vpopmail.c)
passdb-vpopmail.c: at some point user is authenticated and open_smtp_relay() is called
vpopmail.c: open_smtp_relay() gets a write lock on ~vpopmail/etc/open-smtp.lock adds new IP to ~vpopmail/etc/open-smtp and calls update_rules() etc. to rebuild the tcp.cdb file
vpopmailc: tcprules_open() is called and it fork()s and tries to execv() tcprules
if tcprules is not found, execv() fails silently, and we are left with a forked libexec/dovecot/auth instance, which runs all over again up to the open_smtp_relay() point where it tries to obtain write lock on ~vpopmail/etc/open-smtp.lock again (it is already locked by parent)
Hope this helps someone.