[Dovecot] auth tcp socket, Authentication client gave a PID 7542 of existing connection
Hi Dovecot-list!
My setup consists of a dovecot server with lmtp delivery and 3 postfix mta servers in front. Previously the mtas authenticated (SASL) through the courier-authdaemond software to our mysql database. To get support for more password formats i migrated to dovecot for SASL authentification.
Our postfix mtas connect to dovecot through a tcp-socket
smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = inet:10.11.100.230:12345 smtpd_sasl_security_options = noanonymous smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = broken_sasl_auth_clients = yes
10.11.100.230 is our dovecot server.
Please look at the attached doveconf.log to see my auth service configuration. I did the configuration according to the postfix SASL README.
http://www.postfix.org/SASL_README.html#server_dovecot
I tested the setup and everything worked fine but after 2 days i noticed these error messages in my mail.log:
dovecot: auth: Error: BUG: Authentication client gave a PID 7542 of existing connection
and also these messages from postfix:
SASL LOGIN authentication failed: Connection lost to authentication server
I get the dovecot error message about 3000 times a day and postfix message about 270 times. Please see my attached mail.log for a detailed trace.
Thank you for your help :)
Alex
On 16.3.2012, at 22.00, Alex Ha wrote:
dovecot: auth: Error: BUG: Authentication client gave a PID 7542 of existing connection
Oh, right, PIDs of course aren't unique when you're using multiple servers. Try if the attached patch fixes your troubles. If it does, I'll commit it to hg.
On Fri, Mar 16, 2012 at 9:14 PM, Timo Sirainen tss@iki.fi wrote:
On 16.3.2012, at 22.00, Alex Ha wrote:
dovecot: auth: Error: BUG: Authentication client gave a PID 7542 of existing connection
Oh, right, PIDs of course aren't unique when you're using multiple servers. Try if the attached patch fixes your troubles. If it does, I'll commit it to hg.
Thanks Timo! I will try the patch and report to you.
Alex
On Fri, Mar 16, 2012 at 9:39 PM, Alex Ha alex.handle@gmail.com wrote:
On Fri, Mar 16, 2012 at 9:14 PM, Timo Sirainen tss@iki.fi wrote:
On 16.3.2012, at 22.00, Alex Ha wrote:
dovecot: auth: Error: BUG: Authentication client gave a PID 7542 of existing connection
Oh, right, PIDs of course aren't unique when you're using multiple servers. Try if the attached patch fixes your troubles. If it does, I'll commit it to hg.
Thanks Timo! I will try the patch and report to you.
Hi Timo!
I tried the patch with 2.0.19 and the dovecot error messages disappeared.
I still get a lot of this postfix warnings:
SASL LOGIN authentication failed: Connection lost to authentication server
but only for ips which tried a sasl brute force attack.
"Connection lost to authentication server" could this be because of the dovecot auth penalties? so far i did not get any complaints from users.
Thanks for your help!
Alex
On 19.3.2012, at 21.16, Alex Ha wrote:
dovecot: auth: Error: BUG: Authentication client gave a PID 7542 of existing connection
Oh, right, PIDs of course aren't unique when you're using multiple servers. Try if the attached patch fixes your troubles. If it does, I'll commit it to hg.
Thanks Timo! I will try the patch and report to you.
Hi Timo!
I tried the patch with 2.0.19 and the dovecot error messages disappeared.
OK, it's going to be included in v2.1.3 and v2.0.20 (if that ever gets released).
I still get a lot of this postfix warnings:
SASL LOGIN authentication failed: Connection lost to authentication server
but only for ips which tried a sasl brute force attack.
"Connection lost to authentication server" could this be because of the dovecot auth penalties? so far i did not get any complaints from users.
The auth penalties wait for max. 17 seconds I think. Looks like Postfix has a timeout of 10 seconds. You could disable auth penalties, or perhaps Postfix should use 20 second limit.
On 2012-03-21 7:48 AM, Timo Sirainen tss@iki.fi wrote:
On 19.3.2012, at 21.16, Alex Ha wrote:
dovecot: auth: Error: BUG: Authentication client gave a PID 7542 of existing connection
Oh, right, PIDs of course aren't unique when you're using mulitiple servers. Try if the attached patch fixes your troubles. If it does, I'll commit it to hg.
Thanks Timo! I will try the patch and report to you.
I tried the patch with 2.0.19 and the dovecot error messages disappeared.
OK, it's going to be included in v2.1.3 and v2.0.20 (if that ever gets released).
Presumably you mean 2.1.4 (since 2.1.3 is already released)?
--
Best regards,
Charles
On 21.3.2012, at 13.55, Charles Marcus wrote:
On 2012-03-21 7:48 AM, Timo Sirainen tss@iki.fi wrote:
On 19.3.2012, at 21.16, Alex Ha wrote:
dovecot: auth: Error: BUG: Authentication client gave a PID 7542 of existing connection
Oh, right, PIDs of course aren't unique when you're using mulitiple servers. Try if the attached patch fixes your troubles. If it does, I'll commit it to hg.
Thanks Timo! I will try the patch and report to you.
I tried the patch with 2.0.19 and the dovecot error messages disappeared.
OK, it's going to be included in v2.1.3 and v2.0.20 (if that ever gets released).
Presumably you mean 2.1.4 (since 2.1.3 is already released)?
Ah, yes. :)
participants (3)
-
Alex Ha
-
Charles Marcus
-
Timo Sirainen