[Dovecot] director directing to wrong server (sometimes)
Hello,
I have discovered a strange behaviour with director proxying...
I have a user, its assigned server is 155.54.211.164. The problem is that I don't know why director sent him yesterday to a different server, because my server was up all the time. Moreover, I'm using poolmon in director servers to check availability of final servers and it didn't report any problem with the server.
I have two load balanced director servers. Logs at these servers are:logs directing him to the correct backend server Jun 28 08:38:18 myotis42 dovecot: auth: Debug: master in: PASS#0111#011<user>@um.es#011service=lmtp#011lip=155.54.211.185#011lport=24#011rip=155.54.212.168#011rport=52255 Jun 28 08:38:18 myotis42 dovecot: auth: Debug: static(<user>,155.54.212.168): lookup Jun 28 08:38:18 myotis42 dovecot: auth: Debug: master out: PASS#0111#011user=<user>#011proxy#011proxy_timeout=150 Jun 28 08:38:18 myotis42 dovecot: lmtp(15889): Debug: auth input: user=<user> proxy proxy_timeout=150 host=155.54.211.164 proxy_refresh=450 Jun 28 08:39:59 myotis42 dovecot: auth: Debug: master in: PASS#01118#011<user>@um.es#011service=lmtp#011lip=155.54.211.185#011lport=24#011rip=155.54.212.166#011rport=40008 Jun 28 08:39:59 myotis42 dovecot: auth: Debug: static(<user>,155.54.212.166): lookup Jun 28 08:39:59 myotis42 dovecot: auth: Debug: master out: PASS#01118#011user=<user>#011proxy#011proxy_timeout=150 Jun 28 08:39:59 myotis42 dovecot: lmtp(15361): Debug: auth input: user=<user> proxy proxy_timeout=150 host=155.54.211.164 proxy_refresh=450
now, the other director server sends him to an incorrect backend server Jun 28 09:01:12 myotis41 dovecot: auth: Debug: static(<user>,155.54.66.38): lookup Jun 28 09:01:12 myotis41 dovecot: auth: Debug: static(<user>,155.54.66.38): Allowing any password Jun 28 09:01:12 myotis41 dovecot: auth: Debug: client out: OK#01134556#011user=<user>#011proxy#011proxy_timeout=150#011pass=<hidden> Jun 28 09:01:12 myotis41 dovecot: auth: Debug: static(<user>,155.54.66.38): lookup Jun 28 09:01:12 myotis41 dovecot: auth: Debug: static(<user>,155.54.66.38): Allowing any password Jun 28 09:01:12 myotis41 dovecot: auth: Debug: client out: OK#01152763#011user=<user>#011proxy#011proxy_timeout=150#011pass=<hidden> Jun 28 09:01:12 myotis41 dovecot: imap-login: proxy(<user>): started proxying to 155.54.211.162:143: user=<<user>>, method=PLAIN, rip=155.54.66.38, lip=155.54.211.186 Jun 28 09:01:12 myotis41 dovecot: imap-login: proxy(<user>): started proxying to 155.54.211.162:143: user=<<user>>, method=PLAIN, rip=155.54.66.38, lip=155.54.211.186 Jun 28 09:01:13 myotis41 dovecot: auth: Debug: static(<user>,155.54.66.38): lookup Jun 28 09:01:13 myotis41 dovecot: auth: Debug: static(<user>,155.54.66.38): Allowing any password
Now, the first director sends him to the incorrect one too Jun 28 09:33:50 myotis42 dovecot: auth: Debug: master in: PASS#01132#011<user>@um.es#011service=lmtp#011lip=155.54.211.185#011lport=24#011rip=155.54.212.168#011rport=46830 Jun 28 09:33:50 myotis42 dovecot: auth: Debug: static(<user>,155.54.212.168): lookup Jun 28 09:33:50 myotis42 dovecot: auth: Debug: master out: PASS#01132#011user=<user>#011proxy#011proxy_timeout=150 Jun 28 09:33:50 myotis42 dovecot: lmtp(17284): Debug: auth input: user=<user> proxy proxy_timeout=150 host=155.54.211.162 proxy_refresh=450
I haven't found any error log for the correct backend server between the correct redirection and the incorrect one. In fact, I have lot of logs of other users directed to it, and logs of the same director directing connections to the correct server.
-- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337
Hi Angel,
Angel L. Mateo wrote:
I have a user, its assigned server is 155.54.211.164. The problem is that I don't know why director sent him yesterday to a different server, because my server was up all the time. Moreover, I'm using poolmon in director servers to check availability of final servers and it didn't report any problem with the server.
Which version of dovecot are you using? "doveconf -n" of director and mailbox instance?
You should monitor the output of doveadm director status username@example.org doveadm director ring status on each of the directors over time with a timestamp.
This might shed some light on where the user is directed and why, and ring status will tell which directors can see each other. doveadm director move can also influence where a user is sent, but this will be reflected by "Current:" entry of director status, there you can also find the time when the entry in hashtable will expire.
Regards Daniel
El 30/06/12 03:51, Daniel Parthey escribió:
Hi Angel,
Angel L. Mateo wrote:
I have a user, its assigned server is 155.54.211.164. The problem is that I don't know why director sent him yesterday to a different server, because my server was up all the time. Moreover, I'm using poolmon in director servers to check availability of final servers and it didn't report any problem with the server.
Which version of dovecot are you using? "doveconf -n" of director and mailbox instance?
Sorry. Here you have themYou should monitor the output of doveadm director status username@example.org doveadm director ring status on each of the directors over time with a timestamp.
This might shed some light on where the user is directed and why, and ring status will tell which directors can see each other. doveadm director move can also influence where a user is sent, but this will be reflected by "Current:" entry of director status, there you can also find the time when the entry in hashtable will expire.
I have running poolmon. It didn't report any problem in its logs. I have also check all dovecot logs and I don't have any error.
-- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868887590 Fax: 868888337
On 2.7.2012, at 9.53, Angel L. Mateo wrote:
I have a user, its assigned server is 155.54.211.164. The problem is that I don't know why director sent him yesterday to a different server, because my server was up all the time. Moreover, I'm using poolmon in director servers to check availability of final servers and it didn't report any problem with the server.
Which version of dovecot are you using? "doveconf -n" of director and mailbox instance?
Sorry. Here you have them
I think this shouldn't matter, but would be better to make both %n anyway:
auth_username_format = %n director_username_hash = %u
participants (3)
-
Angel L. Mateo
-
Daniel Parthey
-
Timo Sirainen