On Tue, 2009-07-21 at 15:08 -0400, Timo Sirainen wrote:
On Tue, 2009-07-21 at 14:45 -0400, Chris O'Regan wrote:
I have a v1.2.1 installed on my development box waiting for me to tinker with the configuration. On several occasions, I have noticed that all the dovecot processes are listed as "defunct". I don't recall seeing anything significant in the logs the last time I checked. The system is not under any load.
What exactly is "all"? Do you mean just dovecot-auth processes, or do you really mean everything, including imap-login, dovecot-auth, imap, pop3, ..?
If it's only dovecot-auth processes, it's probably a PAM issue. If it's more than dovecot-auth, is everything still anyway working?
It just happened again:
root 2904 1 0 14:32 ? 00:00:00 /local/bin/dovecot root 2907 2904 0 14:32 ? 00:00:00 dovecot-auth root 2919 2904 0 14:32 ? 00:00:00 dovecot-auth -w dovecot 7026 2904 0 15:02 ? 00:00:00 [imap-login <defunct>] [and many other imap-login processes, all defunct]
If I telnet to "imap", a connection is established but there is no greeting. I get "connection refused" if I try to access "imaps" from Thunderbird.
No errors in the logs, except for some messages that I believe are related to an internal Nessus scan (repeated a few times):
Jul 21 15:01:45 XXX dovecot: imap-login: Disconnected (no auth attempts): rip=XXX.XXX.XXX.XXX, lip=XXX.XXX.XXX.XXX, TLS handshaking: Disconnected Jul 21 15:02:20 XXX dovecot: imap-login: Disconnected (no auth attempts): rip=XXX.XXX.XXX.XXX, lip=XXX.XXX.XXX.XXX, TLS handshaking: SSL_accept() failed: error:1406B0CB:SSL routines:GET_CLIENT_MASTER_KEY:peer error no cipher
Hrmmm...look at the time of the imap-login process...that can't be a coincidence. Nessus is scanning our production IMAP servers, too, but as I mentioned, they are running an older version of Dovecot, namely v1.1.14.
-- Chris O'Regan chris@encs.concordia.ca Senior Unix Systems Administrator, Academic IT Services Faculty of Engineering and Computer Science Concordia University, Montreal, Canada