[Dovecot] Dovecot stops talking to the auth server.
Hi,
I have an RHEL4 machine running dovecot-1.0.3 + postfix-2.3.2 + postfixadmin + mysql-4.1.20-2.RHEL4.1 + amavisd-new-2.5.2-1.
The machine only has a gig of memory in it, I am trying to keep it running until I get new hardware to replace it in a couple of weeks.
For the most part it works as advertised but every once in a while it stops talking to the auth server. I think I have tracked this to periods of high auth requests. Today the machine experienced a dictionary attack and I had log entries like the following:
Sep 10 13:31:06 rocky dovecot: pop3-login: Disconnected: Shutting down: rip=::ffff:24.0.201.240, lip=::ffff:192.168.0.16 Sep 10 13:31:06 rocky dovecot: pop3-login: Can't connect to auth server at default: Resource temporarily unavailable Sep 10 13:31:07 rocky last message repeated 47 times Sep 10 13:31:08 rocky dovecot: pop3-login: Disconnected: Shutting down: rip=::ffff:24.0.201.240, lip=::ffff:192.168.0.16 Sep 10 13:31:08 rocky dovecot: imap-login: Can't connect to auth server at default: Resource temporarily unavailable Sep 10 13:31:08 rocky dovecot: pop3-login: Can't connect to auth server at default: Resource temporarily unavailable Sep 10 13:31:09 rocky last message repeated 27 times Sep 10 13:31:09 rocky dovecot: imap-login: Can't connect to auth server at default: Resource temporarily unavailable Sep 10 13:31:09 rocky dovecot: pop3-login: Can't connect to auth server at default: Resource temporarily unavailable Sep 10 13:31:09 rocky last message repeated 4 times Sep 10 13:31:09 rocky dovecot: imap-login: Can't connect to auth server at default: Resource temporarily unavailable ...
a ps showed numerous defunct processes similar to the following:
... nobody 16647 0.0 0.2 9784 2112 ? S 13:17 0:00 dovecot-auth nobody 16654 0.0 0.2 9784 2088 ? S 13:17 0:00 dovecot-auth nobody 16663 0.0 0.0 0 0 ? Z 13:17 0:00 [dovecot-auth] <defunct> nobody 16668 0.0 0.2 9784 2088 ? S 13:17 0:00 dovecot-auth nobody 16669 0.0 0.0 0 0 ? Z 13:17 0:00 [dovecot-auth] <defunct> nobody 16671 0.0 0.2 9784 2088 ? S 13:17 0:00 dovecot-auth nobody 16672 0.0 0.2 9784 2128 ? S 13:17 0:00 dovecot-auth nobody 16673 0.0 0.2 9784 2088 ? S 13:17 0:00 dovecot-auth nobody 16674 0.0 0.2 9784 2088 ? S 13:17 0:00 dovecot-auth nobody 16675 0.0 0.2 9784 2112 ? S 13:17 0:00 dovecot-auth nobody 16681 0.0 0.0 0 0 ? Z 13:17 0:00 [dovecot-auth] <defunct> ...
dovecot -n follows:
(rocky pts4) # dovecot -n # 1.0.3: /etc/dovecot.conf login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login first_valid_uid: 509 last_valid_uid: 509 first_valid_gid: 509 last_valid_gid: 509 mail_extra_groups: vmail mail_location: maildir:~/ maildir_copy_with_hardlinks: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugins(default): mail_plugins(imap): mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): outlook-idle pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh auth default: mechanisms: plain login user: nobody worker_max_count: 20 passdb: driver: sql args: /etc/dovecot/sql.conf passdb: driver: pam userdb: driver: passwd userdb: driver: static args: uid=509 gid=509 home=/home/vmail/domains/%d/%n userdb: driver: sql args: /etc/dovecot/sql.conf userdb: driver: prefetch socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: vmail master: path: /var/run/dovecot/auth-master mode: 432 user: vmail group: vmail plugin: quota: maildir:storage=10240:messages=1000 acl: vfile:/etc/dovecot/acls trash: /etc/dovecot/trash.conf (rocky pts4) #
Is there anything I can do to prevent this? Does this look like simply a resource problem or am I doing something else wrong?
Regards,
-- Tom Diehl tdiehl@rogueind.com Spamtrap address mtd123@rogueind.com
On Tue, 2007-09-11 at 00:41 -0400, Tom Diehl wrote:
For the most part it works as advertised but every once in a while it stops talking to the auth server. I think I have tracked this to periods of high auth requests. Today the machine experienced a dictionary attack and I had log entries like the following:
Sep 10 13:31:06 rocky dovecot: pop3-login: Disconnected: Shutting down: rip=::ffff:24.0.201.240, lip=::ffff:192.168.0.16 Sep 10 13:31:06 rocky dovecot: pop3-login: Can't connect to auth server at default: Resource temporarily unavailable Sep 10 13:31:07 rocky last message repeated 47 times
So there were about 50 auth requests/sec.
passdb: driver: sql args: /etc/dovecot/sql.conf passdb: driver: pam
I think this PAM lookup is your worst problem. Dovecot forks a new process for each lookup. Do you really need it? You could also try giving blocking=yes setting to it to make it use auth worker processes. But even with that if your PAM implementation makes Dovecot wait for 2 seconds after unsuccessful lookup, with your configured 20 workers it can handle only 10 invalid logins/sec.
If your PAM lookup uses /etc/shadow, you could instead use passdb shadow.
userdb: driver: static args: uid=509 gid=509 home=/home/vmail/domains/%d/%n userdb: driver: sql args: /etc/dovecot/sql.conf userdb: driver: prefetch
Your userdb static catches all the userdb lookups (that aren't in passwd). The userdb sql and prefetch are pointless here.
participants (2)
-
Timo Sirainen
-
Tom Diehl