Hi all, I am running postfix with dovecot configured for local mail delivery. Everything works as expected for a while, but after successfully delivering ~250 mails, dovecot does not accept requests anymore and mails start queueing up in the postfix mailqueue. After restarting dovecot, another ~250 mails are processed and the problem occurs again.
The server is running ubuntu 18.04 with dovecot 2.2.33.2 and postfix 3.3.0 installed. Users are stored locally in /etc/dovecot/users.
Based on the log messages below and the output of netstat, it seems to me, that the auth service is not accepting any requests on the corresponding socket anymore.
Any help is very much appreciated!
Kind regards, Michael
--- postfix error messages --- Mar 28 09:36:13 srv postfix/lmtp[3850]: 2423F7A21C: to=<system@mydomain.de>, relay=srv.mydomain.de[private/dovecot-lmtp], delay=155, delays=0.01/0/0/155, dsn=4.3.0, status=deferred (host srv.mydomain.de[private/dovecot-lmtp] said: 451 4.3.0 <system@mydomain.de>Internal error occurred. Refer to server log for more information. (in reply to RCPT TO command)) Mar 28 09:38:48 srv postfix/lmtp[3850]: 45A0C7A2B5: to=<system@mydomain.de>, relay=srv.mydomain.de[private/dovecot-lmtp], delay=308, delays=0.01/153/0.02/155, dsn=4.3.0, status=deferred (host srv.mydomain.de[private/dovecot-lmtp] said: 451 4.3.0 <system@mydomain.de>Internal error occurred. Refer to server log for more information. (in reply to RCPT TO command))
-- dovecot error messages --- Mar 28 09:36:13 lmtp(2631): user-lookup(system@mydomain.de)Error: userdb lookup(system@mydomain.de): Request timed out Mar 28 09:36:14 lmtp(2623): user-lookup(system@mydomain.de)Error: userdb lookup(system@mydomain.de): Request timed out Mar 28 09:38:48 lmtp(2631): user-lookup(system@mydomain.de)Error: userdb lookup(system@mydomain.de): Connecting timed out Mar 28 09:38:49 lmtp(2623): user-lookup(system@mydomain.de)Error: userdb lookup(system@mydomain.de): Connecting timed out Mar 28 09:41:23 lmtp(system@mydomain.de): Error: userdb lookup(system@mydomain.de): Connecting timed out Mar 28 09:41:24 lmtp(system@mydomain.de): Error: userdb lookup(system@mydomain.de): Connecting timed out
--- relevant netstat output when dovecot hangs ---- root@srv:~# netstat | grep dovecot | sort unix 2 [ ] STREAM CONNECTED 1449174 /var/run/dovecot/auth-userdb unix 2 [ ] STREAM CONNECTED 1449995 /var/run/dovecot/auth-userdb unix 2 [ ] STREAM CONNECTING 0 /var/run/dovecot/auth-userdb unix 2 [ ] STREAM CONNECTING 0 /var/run/dovecot/auth-userdb unix 2 [ ] STREAM CONNECTING 0 /var/run/dovecot/auth-userdb unix 2 [ ] STREAM CONNECTING 0 /var/run/dovecot/auth-userdb unix 2 [ ] STREAM CONNECTING 0 /var/run/dovecot/auth-userdb unix 2 [ ] STREAM CONNECTING 0 /var/run/dovecot/auth-userdb unix 2 [ ] STREAM CONNECTING 0 /var/run/dovecot/auth-userdb unix 2 [ ] STREAM CONNECTING 0 /var/run/dovecot/auth-userdb unix 2 [ ] STREAM CONNECTING 0 /var/run/dovecot/auth-userdb unix 2 [ ] STREAM CONNECTING 0 /var/run/dovecot/auth-userdb unix 3 [ ] STREAM CONNECTED 1468180 /var/run/dovecot/config unix 3 [ ] STREAM CONNECTED 1468267 /var/run/dovecot/config unix 3 [ ] STREAM CONNECTED 1468271 /var/run/dovecot/config unix 3 [ ] STREAM CONNECTED 1469651 /var/run/dovecot/config unix 3 [ ] STREAM CONNECTED 1470606 /var/spool/postfix/private/dovecot-lmtp unix 3 [ ] STREAM CONNECTED 1470614 /var/spool/postfix/private/dovecot-lmtp unix 3 [ ] STREAM CONNECTING 0 /var/run/dovecot/auth-userdb unix 3 [ ] STREAM CONNECTING 0 /var/run/dovecot/auth-userdb
--- dovecot configuration ---- root@srv:~# dovecot -n # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.21 (92477967) doveconf: Warning: SSLv2 not supported by OpenSSL. Please consider removing it from ssl_protocols. # OS: Linux 4.19.75-meson64 aarch64 Ubuntu 18.04.4 LTS auth_debug = yes auth_username_format = %n auth_verbose = yes debug_log_path = /var/log/dovecot-info.log default_client_limit = 16 default_process_limit = 32 first_valid_uid = 1000 hostname = mail.mydomain.de info_log_path = /var/log/dovecot-info.log lda_mailbox_autocreate = yes listen = * lock_method = dotlock log_path = /var/log/dovecot.log mail_debug = yes mail_fsync = always mail_location = mbox:~/mail:INBOX=/var/mail/%u mail_privileged_group = mail mmap_disable = yes namespace { inbox = yes location = mailbox { special_use = \Drafts name = Drafts } mailbox { special_use = \Junk name = Junk } mailbox { special_use = \Sent name = Sent } mailbox { special_use = \Sent name = Sent Messages } mailbox { special_use = \Trash name = Trash } prefix = name = inbox } passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } postmaster_address = postmaster@mydomain.de protocols = " imap lmtp pop3" service replication-notify-fifo { name = aggregator } service { client_limit = 102 unix_listener { mode = 00 path = anvil-auth-penalty } name = anvil } service auth-worker { user = root name = auth-worker } service { client_limit = 160 name = auth } service config { name = config } service dict-async { name = dict-async } service dict { name = dict } service login/proxy-notify { name = director } service dns-client { name = dns_client } service doveadm-server { name = doveadm } service imap-hibernate { name = imap-hibernate } service { executable = imap-login -R rawlogs inet_listener { port = 0 name = imap } service_count = 0 vsz_limit = 256 M name = imap-login } service imap-urlauth { name = imap-urlauth-login } service imap-urlauth-worker { name = imap-urlauth-worker } service token-login/imap-urlauth { name = imap-urlauth } service { process_limit = 8 name = imap } service indexer-worker { name = indexer-worker } service indexer { name = indexer } service ipc { name = ipc } service { unix_listener { group = postfix mode = 0660 user = postfix path = /var/spool/postfix/private/dovecot-lmtp } name = lmtp } service log-errors { name = log } service { inet_listener { port = 0 name = pop3 } inet_listener { port = 0 name = pop3s } name = pop3-login } service { process_limit = 4 name = pop3 } service replicator-doveadm { name = replicator } service login/ssl-params { name = ssl-params } service stats-mail { name = stats } ssl = required ssl_cert = </etc/ssl/certs/srv.mydomain.de.pem ssl_cipher_list = ALL:HIGH:!SSLv2:!MEDIUM:!LOW:!EXP:!RC4:!MD5:!aNULL ssl_client_ca_dir = /etc/ssl/certs ssl_dh_parameters_length = 2048 ssl_key = # hidden, use -P to show it ssl_protocols = !SSLv2 !SSLv3 !TLSv1 userdb { args = username_format=%u /etc/dovecot/users driver = passwd-file } verbose_ssl = yes protocol lmtp { service replication-notify-fifo { name = aggregator } service anvil-auth-penalty { name = anvil } service auth-worker { name = auth-worker } service auth-client { name = auth } service config { name = config } service dict-async { name = dict-async } service dict { name = dict } service login/proxy-notify { name = director } service dns-client { name = dns_client } service doveadm-server { name = doveadm } service imap-hibernate { name = imap-hibernate } service imap { name = imap-login } service imap-urlauth { name = imap-urlauth-login } service imap-urlauth-worker { name = imap-urlauth-worker } service token-login/imap-urlauth { name = imap-urlauth } service imap-master { name = imap } service indexer-worker { name = indexer-worker } service indexer { name = indexer } service ipc { name = ipc } service lmtp { name = lmtp } service log-errors { name = log } service pop3 { name = pop3-login } service login/pop3 { name = pop3 } service replicator-doveadm { name = replicator } service login/ssl-params { name = ssl-params } service stats-mail { name = stats } } protocol !indexer-worker { service replication-notify-fifo { name = aggregator } service anvil-auth-penalty { name = anvil } service auth-worker { name = auth-worker } service auth-client { name = auth } service config { name = config } service dict-async { name = dict-async } service dict { name = dict } service login/proxy-notify { name = director } service dns-client { name = dns_client } service doveadm-server { name = doveadm } service imap-hibernate { name = imap-hibernate } service imap { name = imap-login } service imap-urlauth { name = imap-urlauth-login } service imap-urlauth-worker { name = imap-urlauth-worker } service token-login/imap-urlauth { name = imap-urlauth } service imap-master { name = imap } service indexer-worker { name = indexer-worker } service indexer { name = indexer } service ipc { name = ipc } service lmtp { name = lmtp } service log-errors { name = log } service pop3 { name = pop3-login } service login/pop3 { name = pop3 } service replicator-doveadm { name = replicator } service login/ssl-params { name = ssl-params } service stats-mail { name = stats } } protocol lda { service replication-notify-fifo { name = aggregator } service anvil-auth-penalty { name = anvil } service auth-worker { name = auth-worker } service auth-client { name = auth } service config { name = config } service dict-async { name = dict-async } service dict { name = dict } service login/proxy-notify { name = director } service dns-client { name = dns_client } service doveadm-server { name = doveadm } service imap-hibernate { name = imap-hibernate } service imap { name = imap-login } service imap-urlauth { name = imap-urlauth-login } service imap-urlauth-worker { name = imap-urlauth-worker } service token-login/imap-urlauth { name = imap-urlauth } service imap-master { name = imap } service indexer-worker { name = indexer-worker } service indexer { name = indexer } service ipc { name = ipc } service lmtp { name = lmtp } service log-errors { name = log } service pop3 { name = pop3-login } service login/pop3 { name = pop3 } service replicator-doveadm { name = replicator } service login/ssl-params { name = ssl-params } service stats-mail { name = stats } } protocol imap { service replication-notify-fifo { name = aggregator } service anvil-auth-penalty { name = anvil } service auth-worker { name = auth-worker } service auth-client { name = auth } service config { name = config } service dict-async { name = dict-async } service dict { name = dict } service login/proxy-notify { name = director } service dns-client { name = dns_client } service doveadm-server { name = doveadm } service imap-hibernate { name = imap-hibernate } service imap { name = imap-login } service imap-urlauth { name = imap-urlauth-login } service imap-urlauth-worker { name = imap-urlauth-worker } service token-login/imap-urlauth { name = imap-urlauth } service imap-master { name = imap } service indexer-worker { name = indexer-worker } service indexer { name = indexer } service ipc { name = ipc } service lmtp { name = lmtp } service log-errors { name = log } service pop3 { name = pop3-login } service login/pop3 { name = pop3 } service replicator-doveadm { name = replicator } service login/ssl-params { name = ssl-params } service stats-mail { name = stats } } protocol pop3 { service replication-notify-fifo { name = aggregator } service anvil-auth-penalty { name = anvil } service auth-worker { name = auth-worker } service auth-client { name = auth } service config { name = config } service dict-async { name = dict-async } service dict { name = dict } service login/proxy-notify { name = director } service dns-client { name = dns_client } service doveadm-server { name = doveadm } service imap-hibernate { name = imap-hibernate } service imap { name = imap-login } service imap-urlauth { name = imap-urlauth-login } service imap-urlauth-worker { name = imap-urlauth-worker } service token-login/imap-urlauth { name = imap-urlauth } service imap-master { name = imap } service indexer-worker { name = indexer-worker } service indexer { name = indexer } service ipc { name = ipc } service lmtp { name = lmtp } service log-errors { name = log } service pop3 { name = pop3-login } service login/pop3 { name = pop3 } service replicator-doveadm { name = replicator } service login/ssl-params { name = ssl-params } service stats-mail { name = stats } }