Hi,
recently, we had a problem on one of our mail servers and, after
reboot, HDD with emails wasn't mounted into system. Until we fixed it,
LOTS of users logged in (Dovecot allowed login and recreated directory
structure of mailboxes) and saw empty mailboxes. Now they are
redownloading all email, which isn't fun, as it's about 2 TB of data.
Anyway, is there a way how to prevent this in the future? Can i set
Dovecot to disallow logins in such situations? Thanks.
azur
On 2019-04-12 07:43, azurit--- via dovecot wrote:
Hi,
recently, we had a problem on one of our mail servers and, after reboot, HDD with emails wasn't mounted into system. Until we fixed it, LOTS of users logged in (Dovecot allowed login and recreated directory structure of mailboxes) and saw empty mailboxes. Now they are redownloading all email, which isn't fun, as it's about 2 TB of data.
Anyway, is there a way how to prevent this in the future? Can i set Dovecot to disallow logins in such situations? Thanks.
You didn't tell which OS or init system you are using. With systemd, you can add use "systemctl edit dovecot" and use:
[Unit] RequiresMountsFor=/path/to/your/mounted/mailbox
This way dovecot will be started when the directory has been mounted.
IMHO, and with no offence intended, if you can't control your system initialization, then you should not start daemons automatically, i.e. you should take the role of systemd.
Cheers.
Citát "B. Reino via dovecot" <dovecot@dovecot.org>:
On 2019-04-12 07:43, azurit--- via dovecot wrote:
Hi,
recently, we had a problem on one of our mail servers and, after reboot, HDD with emails wasn't mounted into system. Until we fixed it, LOTS of users logged in (Dovecot allowed login and recreated directory structure of mailboxes) and saw empty mailboxes. Now they are redownloading all email, which isn't fun, as it's about 2 TB of data.
Anyway, is there a way how to prevent this in the future? Can i set Dovecot to disallow logins in such situations? Thanks.
You didn't tell which OS or init system you are using. With systemd, you can add use "systemctl edit dovecot" and use:
[Unit] RequiresMountsFor=/path/to/your/mounted/mailbox
This way dovecot will be started when the directory has been mounted.
IMHO, and with no offence intended, if you can't control your system
initialization, then you should not start daemons automatically,
i.e. you should take the role of systemd.Cheers.
Thanks. Any other suggestions? Some which will cover also situations
where HDD is disconnected while server is already running (so Dovecot
won't display empty mailbox but deny login instead).
-- S pozdravom Bc. Jozef Sudolsky
ELBIA, s. r. o. Stoličková 870/4 974 01 Banská Bystrica
IČO: 36 702 897 IČ DPH: SK2022300995 Spoločnosť je zapísana v OR vedenom OS v Banskej Bystrici pod spisovou značkou 12334/S v zložke Sro.
Pred vytlačením tohto mailu, prosím, zvážte dopad na životné
prostredie. Ďakujeme.
Please consider the environment before printing this e-mail. Thanks.
Citát "B. Reino via dovecot" <dovecot@dovecot.org>:
On 2019-04-12 07:43, azurit--- via dovecot wrote:
Hi,
recently, we had a problem on one of our mail servers and, after reboot, HDD with emails wasn't mounted into system. Until we fixed it, LOTS of users logged in (Dovecot allowed login and recreated directory structure of mailboxes) and saw empty mailboxes. Now they are redownloading all email, which isn't fun, as it's about 2 TB of data.
Anyway, is there a way how to prevent this in the future? Can i set Dovecot to disallow logins in such situations? Thanks.
You didn't tell which OS or init system you are using. With systemd, you can add use "systemctl edit dovecot" and use:
[Unit] RequiresMountsFor=/path/to/your/mounted/mailbox
This way dovecot will be started when the directory has been mounted.
IMHO, and with no offence intended, if you can't control your system
initialization, then you should not start daemons automatically,
i.e. you should take the role of systemd.Cheers.
Thanks. Any other suggestions? Some which will cover also situations
where HDD is disconnected while server is already running (so Dovecot
won't display empty mailbox but deny login instead).
On 2019-04-12 11:05, azurit--- via dovecot wrote:
Citát "B. Reino via dovecot" <dovecot@dovecot.org>:
On 2019-04-12 07:43, azurit--- via dovecot wrote:
Hi,
recently, we had a problem on one of our mail servers and, after reboot, HDD with emails wasn't mounted into system. Until we fixed it, LOTS of users logged in (Dovecot allowed login and recreated directory structure of mailboxes) and saw empty mailboxes. Now they are redownloading all email, which isn't fun, as it's about 2 TB of data.
Anyway, is there a way how to prevent this in the future? Can i set Dovecot to disallow logins in such situations? Thanks.
You didn't tell which OS or init system you are using. With systemd, you can add use "systemctl edit dovecot" and use:
[Unit] RequiresMountsFor=/path/to/your/mounted/mailbox
This way dovecot will be started when the directory has been mounted.
IMHO, and with no offence intended, if you can't control your system
initialization, then you should not start daemons automatically, i.e. you should take the role of systemd.Cheers.
Thanks. Any other suggestions? Some which will cover also situations where HDD is disconnected while server is already running (so Dovecot won't display empty mailbox but deny login instead).
You could set the permissions of the mount point so that dovecot cannot read or write from there. This way, if for any reason the HDD is unmounted dovecot won't be able to continue working (i.e. won't be able to access the mailboxes or create empty ones).
This may or may not prevent users from logging in (you can test it).
.. I suppose your "use case" is pretty unusual. Normally you don't randomly pull HDDs from a running server, but I don't know which environment you have to live with :)
(That said, there's probably a way to automatically run a script when a device is unmounted, and then have the script stop dovecot, etc. -- but then this is outside of the scope of dovecot itself, and more a system administration issue.. and you still haven't said which operating system or init system you have).
Cheers.
Citát "B. Reino via dovecot" <dovecot@dovecot.org>:
On 2019-04-12 11:05, azurit--- via dovecot wrote:
Citát "B. Reino via dovecot" <dovecot@dovecot.org>:
On 2019-04-12 07:43, azurit--- via dovecot wrote:
Hi,
recently, we had a problem on one of our mail servers and, after reboot, HDD with emails wasn't mounted into system. Until we fixed it, LOTS of users logged in (Dovecot allowed login and recreated directory structure of mailboxes) and saw empty mailboxes. Now they are redownloading all email, which isn't fun, as it's about 2 TB of data.
Anyway, is there a way how to prevent this in the future? Can i set Dovecot to disallow logins in such situations? Thanks.
You didn't tell which OS or init system you are using. With systemd, you can add use "systemctl edit dovecot" and use:
[Unit] RequiresMountsFor=/path/to/your/mounted/mailbox
This way dovecot will be started when the directory has been mounted.
IMHO, and with no offence intended, if you can't control your
system initialization, then you should not start daemons
automatically, i.e. you should take the role of systemd.Cheers.
Thanks. Any other suggestions? Some which will cover also situations where HDD is disconnected while server is already running (so Dovecot won't display empty mailbox but deny login instead).
You could set the permissions of the mount point so that dovecot
cannot read or write from there. This way, if for any reason the HDD is unmounted dovecot won't be
able to continue working (i.e. won't be able to access the mailboxes
or create empty ones).This may or may not prevent users from logging in (you can test it).
.. I suppose your "use case" is pretty unusual. Normally you don't
randomly pull HDDs from a running server, but I don't know which
environment you have to live with :)(That said, there's probably a way to automatically run a script
when a device is unmounted, and then have the script stop dovecot,
etc. -- but then this is outside of the scope of dovecot itself, and
more a system administration issue.. and you still haven't said
which operating system or init system you have).Cheers.
I'm on standard Debian Stretch.
HDDs/storage can be easily pulled out in virtual environment or using
NFS. Stopping Dovecot after detecting this is not very efficient, as
'detecting and stopping' can take up to minute or two and that's
enough time for all active users (thousands in our case for one proxy
backend) to noticing empty mailboxes.
I was already thinking about changing permissions on mount point but
it's quite hard to test it.
Isn't there any option telling Dovecot to NOT create 'root' directory
of a mail account if it doesn't exists? And, instead, deny login with
an error (something like 'Internal error' would be sufficient).
participants (3)
-
azurit@pobox.sk
-
B. Reino
-
Jozef Sudolsky ELBIA s. r. o.