[Dovecot] Dovecot director doveadm with switch "-A" error
Hi,
we have a problem with our director proxy configuration. When we run on proxy server the doveadm command with -A switch, fails with the error:
# doveadm -D quota get -A doveadm(user1): Debug: auth input: user=user1 proxy starttls=any-cert doveadm(user1): Error: Proxy is missing destination host doveadm: Error: Failed to iterate through some users
If we execute the command with a single user, director assigns host and goes well, Example:
# doveadm -D quota get -u user1 doveadm(user1): Debug: auth input: user=user1 proxy starttls=any-cert host=xx.xx.xx.xx proxy_refresh=450 Quota name Type Value Limit % User quota STORAGE 159401 2621440 6 User quota MESSAGE 341 - 0
We have tried different configurations and all goes wrong with this "-A" switch, Timo please, could you tell us if we have a missconfiguration or its a possible director bug ??
We really want execute the expire plugin on ours directors and them redirect to the backends servers of every user.
thanks in advance.
Our doveconf -n:
# dovecot -n # 2.1.10: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-279.14.1.el6.x86_64 x86_64 CentOS release 6.3 (Final) auth_cache_size = 3 k auth_cache_ttl = 15 mins auth_debug = yes auth_verbose = yes base_dir = /var/run/dovecot/ default_client_limit = 30000 default_process_limit = 5000 dict { expire = mysql:/etc/dovecot/dovecot-dict-expire.conf.ext } director_doveadm_port = 990 director_mail_servers = mailserver1 mailserver2 director_servers = proxy1 doveadm_proxy_port = 24245 lmtp_proxy = yes mail_debug = yes mail_plugins = expire quota managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-ldap-users.conf.ext driver = ldap } plugin { expire = Trash expire2 = Trash/* expire_dict = proxy::expire } postmaster_address = postmaster<at>company protocols = imap pop3 lmtp sieve service auth { client_limit = 27048 unix_listener /var/spool/postfix/private/auth { mode = 0666 } unix_listener auth-userdb { group = dovecot mode = 0660 } } service director { fifo_listener login/proxy-notify { mode = 0600 user = $default_login_user } inet_listener { port = 9090 } unix_listener director-userdb { mode = 0660 } unix_listener login/director { mode = 0666 } } service doveadm { executable = doveadm-server director inet_listener doveadm-server { port = 24245 } } service imap-login { executable = imap-login director inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service ipc { unix_listener ipc { user = dovecot } } service lmtp { client_limit = 1 inet_listener lmtp { port = 30025 } } service managesieve-login { executable = managesieve-login director } service pop3-login { executable = pop3-login director inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } ssl = required ssl_cert = </etc/pki/tls/certs/imap.crt ssl_key = </etc/pki/tls/private/imap.uib.es_privatekey.pem syslog_facility = local1 userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-ldap-users.conf.ext driver = ldap } verbose_proctitle = yes protocol lmtp { auth_socket_path = director-userdb mail_plugins = expire quota sieve quota passdb { args = /etc/dovecot/dovecot-ldap-pass.conf.lmtp driver = ldap } } protocol doveadm { auth_socket_path = director-userdb } protocol imap { mail_max_userip_connections = 20 mail_plugins = expire quota } protocol pop3 { pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } local ip/24/24 { doveadm_password = supersecretpassword }
--
Ramon Frontera Gallardo Universitat de les Illes Balears
On 21.11.2012, at 15.05, Ramon Frontera wrote:
we have a problem with our director proxy configuration. When we run on proxy server the doveadm command with -A switch, fails with the error:
# doveadm -D quota get -A doveadm(user1): Debug: auth input: user=user1 proxy starttls=any-cert doveadm(user1): Error: Proxy is missing destination host doveadm: Error: Failed to iterate through some users
Well, I fixed various bugs in doveadm code related to this:
http://hg.dovecot.org/dovecot-2.1/rev/6f19c535110e http://hg.dovecot.org/dovecot-2.1/rev/275a57b8dc70 http://hg.dovecot.org/dovecot-2.1/rev/0dc3f56e6468 http://hg.dovecot.org/dovecot-2.1/rev/fdc509644d05
But I don't think they fix your specific issue. It looks as if doveadm is connecting to auth process directly instead of director.. Do:
strace -s 1000 -o log doveadm quota get -A
and send me the log? Note that the log contains the doveadm_password in the base64 strings.
Hi,
I send you attached the command's output.
Thanks!
Ramon Frontera Gallardo
Centre de Tecnologies de la Informació
Universitat de les Illes Balears
Ctra. Valldemossa km 7,5
07122 Palma de Mallorca
El 27/11/2012, a las 05:29, Timo Sirainen escribió:
On 21.11.2012, at 15.05, Ramon Frontera wrote:
we have a problem with our director proxy configuration. When we run on proxy server the doveadm command with -A switch, fails with the error:
# doveadm -D quota get -A doveadm(user1): Debug: auth input: user=user1 proxy starttls=any-cert doveadm(user1): Error: Proxy is missing destination host doveadm: Error: Failed to iterate through some users
Well, I fixed various bugs in doveadm code related to this:
http://hg.dovecot.org/dovecot-2.1/rev/6f19c535110e http://hg.dovecot.org/dovecot-2.1/rev/275a57b8dc70 http://hg.dovecot.org/dovecot-2.1/rev/0dc3f56e6468 http://hg.dovecot.org/dovecot-2.1/rev/fdc509644d05
But I don't think they fix your specific issue. It looks as if doveadm is connecting to auth process directly instead of director.. Do:
strace -s 1000 -o log doveadm quota get -A
and send me the log? Note that the log contains the doveadm_password in the base64 strings.
On Tue, 2012-11-27 at 13:27 +0100, Ramon Frontera wrote:
# doveadm -D quota get -A doveadm(user1): Debug: auth input: user=user1 proxy starttls=any-cert doveadm(user1): Error: Proxy is missing destination host doveadm: Error: Failed to iterate through some users
..
connect(8, {sa_family=AF_FILE, path="/var/run/dovecot//auth-userdb"}, 110) = 0
It's connecting to auth-userdb, while it should be connecting to director-userdb. This should have been done by this setting:
protocol doveadm { auth_socket_path = director-userdb }
Make sure doveconf -n shows that. And if nothing seems to work, this at least should:
doveadm -o auth_socket_path=director-userdb quota get -A
Hi,
Dovecot -n show the correct configuration like you explain. The command doveadm -o auth_socket_path=director-userdb quota get -A works fine on the proxy and now assigns host.
Now, the problem is that when we execute doveadm -A or doveadm -u *something* the command fails in the mailserver with this error:
dovecot: doveadm: Fatal: master: service(doveadm): child 13482 killed with signal 11 (core dumps disabled)
This errors occurs when the search finds more than one user. When we execute doveadm -u user it works fine
I send attached the strace of the mailserver
Thanks in advance!
--
Ramon Frontera Gallardo
Centre de Tecnologies de la Informació
Universitat de les Illes Balears
Ctra. Valldemossa km 7,5
07122 Palma de Mallorca
El 28/11/2012, a las 02:15, Timo Sirainen escribió:
On Tue, 2012-11-27 at 13:27 +0100, Ramon Frontera wrote:
# doveadm -D quota get -A doveadm(user1): Debug: auth input: user=user1 proxy starttls=any-cert doveadm(user1): Error: Proxy is missing destination host doveadm: Error: Failed to iterate through some users
..
connect(8, {sa_family=AF_FILE, path="/var/run/dovecot//auth-userdb"}, 110) = 0
It's connecting to auth-userdb, while it should be connecting to director-userdb. This should have been done by this setting:
protocol doveadm { auth_socket_path = director-userdb }
Make sure doveconf -n shows that. And if nothing seems to work, this at least should:
doveadm -o auth_socket_path=director-userdb quota get -A
On 28.11.2012, at 16.50, Ramon Frontera wrote:
Dovecot -n show the correct configuration like you explain. The command doveadm -o auth_socket_path=director-userdb quota get -A works fine on the proxy and now assigns host.
Then doveadm isn't seeing the same configuration as what you're looking at. For example did you restart dovecot since the change? Does this return the correct path? :
doveconf -m doveadm -f service=doveadm auth_socket_path
Now, the problem is that when we execute doveadm -A or doveadm -u *something* the command fails in the mailserver with this error:
dovecot: doveadm: Fatal: master: service(doveadm): child 13482 killed with signal 11 (core dumps disabled)
I fixed several bugs related to this in hg. I think you hit one of them.
This errors occurs when the search finds more than one user. When we execute doveadm -u user it works fine
I send attached the strace of the mailserver<doveadm.log.zip>
strace isn't very useful in debugging crashes. gdb backtraces are: http://dovecot.org/bugreport.html
Hi,
we have installed dovecot version 2.1.11
Now we have found 3 problems with doveadm on proxy server:
1 problem: In our configuration we have: protocol doveadm { auth_socket_path = director-userdb }
I have executed this: # doveconf -m doveadm -f service=doveadm auth_socket_path auth_socket_path = director-userdb
Now when We execute doveadm quota get -A we have this error: doveadm(user1): Error: /var/run/dovecot//auth-userdb: Proxy is missing destination host (maybe set auth_socket_path=director-userdb) doveadm: Error: Failed to iterate through some users
with "-o auth_socket_path=director-userdb " it works for the early users.
2 problem when we execute doveadm -o auth_socket_path=director-userdb quota get -A it works for the early users and then return this error on proxy:
doveadm(userabc): Fatal: table formatter doesn't support multi-line values
3 problem I have tested other doveadm command on proxy wich also fails:
# doveadm -o auth_socket_path=director-userdb search -u user mailbox Trash savedbefore 1d
on proxy we have this error: " doveadm(user): Error: xx.xx.xx.xx:24245: Internal failure for user" on mailserver we have this error: "doveadm: Fatal: master: service(doveadm): child 22171 killed with signal 11 (core dumps disabled)"
I put the gdm bt output hope it help you. (mailserver)
Core was generated by `dovecot/doveadm-server'. Program terminated with signal 11, Segmentation fault. #0 auth_master_user_list_next (ctx=0x0) at auth-master.c:680 680 auth-master.c: No such file or directory. in auth-master.c Missing separate debuginfos, use: debuginfo-install dovecot-2.1.11-1_136.el6.x86_64 (gdb) bt full #0 auth_master_user_list_next (ctx=0x0) at auth-master.c:680 No locals. #1 0x00007f2dfe414f23 in mail_storage_service_all_next (ctx=0xf92900, username_r=0x7fff4306cab8) at mail-storage-service.c:1215 __FUNCTION__ = "mail_storage_service_all_next" #2 0x00007f2dfd0b0ed2 in doveadm_expire_mail_init (ctx=0xf89020) at doveadm-expire.c:420 ectx = 0xf89198 dict = 0xf93110 query = <value optimized out> expire_dict = <value optimized out> username = 0x0 value = <value optimized out> username_dup = <value optimized out> #3 0x000000000040aa1a in doveadm_mail_single_user () No symbol table info available. #4 0x00000000004121b9 in client_connection_input () No symbol table info available. #5 0x00007f2dfe14f2c6 in io_loop_call_io (io=0xf8e7a0) at ioloop.c:379 ioloop = 0xf84690 t_id = 2 #6 0x00007f2dfe1502ef in io_loop_handler_run (ioloop=<value optimized out>) at ioloop-epoll.c:213 ---Type <return> to continue, or q <return> to quit--- ctx = 0xf874c0 events = <value optimized out> event = 0xf87530 list = 0xf8e7f0 io = <value optimized out> tv = {tv_sec = 2147483, tv_usec = 0} msecs = <value optimized out> ret = 1 i = <value optimized out> call = <value optimized out> #7 0x00007f2dfe14f268 in io_loop_run (ioloop=0xf84690) at ioloop.c:398 No locals. #8 0x00007f2dfe13ac73 in master_service_run (service=0xf84540, callback=<value optimized out>) at master-service.c:544 No locals. #9 0x00000000004128f1 in main () No symbol table info available.
Thanks in advance!!!!
--
Ramon Frontera Gallardo Universitat de les Illes Balears
El 28/11/2012, a las 23:45, Timo Sirainen escribió:
On 28.11.2012, at 16.50, Ramon Frontera wrote:
Dovecot -n show the correct configuration like you explain. The command doveadm -o auth_socket_path=director-userdb quota get -A works fine on the proxy and now assigns host.
Then doveadm isn't seeing the same configuration as what you're looking at. For example did you restart dovecot since the change? Does this return the correct path? :
doveconf -m doveadm -f service=doveadm auth_socket_path
Now, the problem is that when we execute doveadm -A or doveadm -u *something* the command fails in the mailserver with this error:
dovecot: doveadm: Fatal: master: service(doveadm): child 13482 killed with signal 11 (core dumps disabled)
I fixed several bugs related to this in hg. I think you hit one of them.
This errors occurs when the search finds more than one user. When we execute doveadm -u user it works fine
I send attached the strace of the mailserver<doveadm.log.zip>
strace isn't very useful in debugging crashes. gdb backtraces are: http://dovecot.org/bugreport.html
On 29.11.2012, at 16.22, Ramon Frontera wrote:
Now we have found 3 problems with doveadm on proxy server:
1 problem: In our configuration we have: protocol doveadm { auth_socket_path = director-userdb }
I have executed this: # doveconf -m doveadm -f service=doveadm auth_socket_path auth_socket_path = director-userdb
Now when We execute doveadm quota get -A we have this error: doveadm(user1): Error: /var/run/dovecot//auth-userdb: Proxy is missing destination host (maybe set auth_socket_path=director-userdb) doveadm: Error: Failed to iterate through some users
with "-o auth_socket_path=director-userdb " it works for the early users.
That's strange. I don't really have any ideas left how to debug it easily.
2 problem when we execute doveadm -o auth_socket_path=director-userdb quota get -A it works for the early users and then return this error on proxy:
doveadm(userabc): Fatal: table formatter doesn't support multi-line values
Oh. Hmm. I see the problem.. I'll fix it later. For now you could change the formatter with doveadm -f tab or -f flow
3 problem I have tested other doveadm command on proxy wich also fails:
# doveadm -o auth_socket_path=director-userdb search -u user mailbox Trash savedbefore 1d
on proxy we have this error: " doveadm(user): Error: xx.xx.xx.xx:24245: Internal failure for user" on mailserver we have this error: "doveadm: Fatal: master: service(doveadm): child 22171 killed with signal 11 (core dumps disabled)"
I put the gdm bt output hope it help you. (mailserver)
#0 auth_master_user_list_next (ctx=0x0) at auth-master.c:680 No locals. #1 0x00007f2dfe414f23 in mail_storage_service_all_next (ctx=0xf92900, username_r=0x7fff4306cab8) at mail-storage-service.c:1215 __FUNCTION__ = "mail_storage_service_all_next" #2 0x00007f2dfd0b0ed2 in doveadm_expire_mail_init (ctx=0xf89020) at doveadm-expire.c:420
This should fix it: http://hg.dovecot.org/dovecot-2.1/rev/75dc4cb4bfe0
Hi,
Thanks Timo for your help!
I have installed dovecot version 2.1.12
changing format has solved "doveadm -o auth_socket_path=director-userdb quota get -A"
Now, "doveadm -o auth_socket_path=director-userdb search -u user mailbox Trash savedbefore 1d" works fine!!!!
Best regards!
Ramon Frontera Gallardo Universitat de les Illes Balears
El 30/11/2012, a las 02:17, Timo Sirainen escribió:
On 29.11.2012, at 16.22, Ramon Frontera wrote:
Now we have found 3 problems with doveadm on proxy server:
1 problem: In our configuration we have: protocol doveadm { auth_socket_path = director-userdb }
I have executed this: # doveconf -m doveadm -f service=doveadm auth_socket_path auth_socket_path = director-userdb
Now when We execute doveadm quota get -A we have this error: doveadm(user1): Error: /var/run/dovecot//auth-userdb: Proxy is missing destination host (maybe set auth_socket_path=director-userdb) doveadm: Error: Failed to iterate through some users
with "-o auth_socket_path=director-userdb " it works for the early users.
That's strange. I don't really have any ideas left how to debug it easily.
2 problem when we execute doveadm -o auth_socket_path=director-userdb quota get -A it works for the early users and then return this error on proxy:
doveadm(userabc): Fatal: table formatter doesn't support multi-line values
Oh. Hmm. I see the problem.. I'll fix it later. For now you could change the formatter with doveadm -f tab or -f flow
3 problem I have tested other doveadm command on proxy wich also fails:
# doveadm -o auth_socket_path=director-userdb search -u user mailbox Trash savedbefore 1d
on proxy we have this error: " doveadm(user): Error: xx.xx.xx.xx:24245: Internal failure for user" on mailserver we have this error: "doveadm: Fatal: master: service(doveadm): child 22171 killed with signal 11 (core dumps disabled)"
I put the gdm bt output hope it help you. (mailserver)
#0 auth_master_user_list_next (ctx=0x0) at auth-master.c:680 No locals. #1 0x00007f2dfe414f23 in mail_storage_service_all_next (ctx=0xf92900, username_r=0x7fff4306cab8) at mail-storage-service.c:1215 __FUNCTION__ = "mail_storage_service_all_next" #2 0x00007f2dfd0b0ed2 in doveadm_expire_mail_init (ctx=0xf89020) at doveadm-expire.c:420
This should fix it: http://hg.dovecot.org/dovecot-2.1/rev/75dc4cb4bfe0
On 30.11.2012, at 3.17, Timo Sirainen wrote:
2 problem when we execute doveadm -o auth_socket_path=director-userdb quota get -A it works for the early users and then return this error on proxy:
doveadm(userabc): Fatal: table formatter doesn't support multi-line values
Oh. Hmm. I see the problem.. I'll fix it later. For now you could change the formatter with doveadm -f tab or -f flow
This problem should be fixed: http://hg.dovecot.org/dovecot-2.1/rev/c1e47738e7c3
participants (2)
-
Ramon Frontera
-
Timo Sirainen