NFS Locking and Submission Service Authentication
Greetings,
We're in the process of upgrading our Dovecot server to new hardware and new expanded storage. We planned on using an NFS share for the mail storage, as we're running Postfix / Dovecot on a VM and wanted to separate out the mail storage from the VM for backup reasons.
I read as much as I could find on line regarding configuring Dovecot to use NFS, and set it up as best I could, but I'm still running into lock errors e.g.:
Sep 25 10:30:35 triata4 dovecot: imap(user@triata.globalchange.media)<75580><enQ/AWSTkQkKCgDu>: Error: fcntl(/vmail/triata.globalchange.media/user/dovecot.index.log, write-lock, F_SETLKW) locking failed: No locks available Sep 25 10:30:35 triata4 dovecot: imap(user@triata.globalchange.media)<75580><enQ/AWSTkQkKCgDu>: Error: mail_index_wait_lock_fd() failed with file /vmail/triata.globalchange.media/user/dovecot.index.log: No locks available
Also, I have been trying to configure the Dovecot submission service to authenticate with Postfix, but I keep running into errors which are related to how I'm configuring the authentication. How do we set the user@domain and password string for submission in the configs?
Thank you.
Please see doveconf -n below, if you see any other errors in this config, I'd be grateful if you pointed them out:
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.7.2 (7372921a) # OS: Linux 3.10.0-957.27.2.el7.x86_64 x86_64 CentOS Linux release 7.6.1810 (Core) nfs auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain debug_log_path = /var/log/dovecot-debug.log deliver_log_format = msgid=%m: from=%f: %$ hostname = triata.globalchange.media mail_debug = yes mail_fsync = always mail_home = /vmail/%d/%n/home mail_location = maildir:/vmail/%d/%n managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } plugin { mail_log_fields = uid box msgid from flags sieve = file:/vmail/%d/%n/sieve;active=/vmail/%d/%n/.dovecot.sieve } protocols = imap lmtp submission sieve service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } unix_listener auth-userdb { group = vmail mode = 0666 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener lmtp { mode = 0666 } } service managesieve-login { inet_listener sieve { port = 4190 } process_min_avail = 0 service_count = 1 vsz_limit = 64 M } service managesieve { process_limit = 1024 } service submission-login { inet_listener submission { port = 587 } } ssl_cert = </etc/letsencrypt/live/triata.globalchange.media/fullchain.pem ssl_key = # hidden, use -P to show it submission_relay_host = triata.globalchange.media submission_relay_password = # hidden, use -P to show it submission_relay_port = 587 submission_relay_ssl = starttls submission_relay_trusted = yes submission_relay_user = %u userdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } protocol lda { mail_plugins = }
For the record, ever since the last patches for NFS got committed, we don't see locking issues over NFS in general across all our platforms, but it also depends on how you configure your NFS server.
You might find that this is not a dovecot issue, but an NFS issue.
You might want to post more about your NFS setup(s) and then someone on the list might better assist you.
-- Michael --On 2019-09-25 10:44 a.m., Asai via dovecot wrote:
Greetings,
We're in the process of upgrading our Dovecot server to new hardware and new expanded storage. We planned on using an NFS share for the mail storage, as we're running Postfix / Dovecot on a VM and wanted to separate out the mail storage from the VM for backup reasons.
I read as much as I could find on line regarding configuring Dovecot to use NFS, and set it up as best I could, but I'm still running into lock errors e.g.:
Sep 25 10:30:35 triata4 dovecot: imap(user@triata.globalchange.media)<75580><enQ/AWSTkQkKCgDu>: Error: fcntl(/vmail/triata.globalchange.media/user/dovecot.index.log, write-lock, F_SETLKW) locking failed: No locks available Sep 25 10:30:35 triata4 dovecot: imap(user@triata.globalchange.media)<75580><enQ/AWSTkQkKCgDu>: Error: mail_index_wait_lock_fd() failed with file /vmail/triata.globalchange.media/user/dovecot.index.log: No locks available
Also, I have been trying to configure the Dovecot submission service to authenticate with Postfix, but I keep running into errors which are related to how I'm configuring the authentication. How do we set the user@domain and password string for submission in the configs?
Thank you.
Please see doveconf -n below, if you see any other errors in this config, I'd be grateful if you pointed them out:
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.7.2 (7372921a) # OS: Linux 3.10.0-957.27.2.el7.x86_64 x86_64 CentOS Linux release 7.6.1810 (Core) nfs auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain debug_log_path = /var/log/dovecot-debug.log deliver_log_format = msgid=%m: from=%f: %$ hostname = triata.globalchange.media mail_debug = yes mail_fsync = always mail_home = /vmail/%d/%n/home mail_location = maildir:/vmail/%d/%n managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } plugin { mail_log_fields = uid box msgid from flags sieve = file:/vmail/%d/%n/sieve;active=/vmail/%d/%n/.dovecot.sieve } protocols = imap lmtp submission sieve service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } unix_listener auth-userdb { group = vmail mode = 0666 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener lmtp { mode = 0666 } } service managesieve-login { inet_listener sieve { port = 4190 } process_min_avail = 0 service_count = 1 vsz_limit = 64 M } service managesieve { process_limit = 1024 } service submission-login { inet_listener submission { port = 587 } } ssl_cert = </etc/letsencrypt/live/triata.globalchange.media/fullchain.pem ssl_key = # hidden, use -P to show it submission_relay_host = triata.globalchange.media submission_relay_password = # hidden, use -P to show it submission_relay_port = 587 submission_relay_ssl = starttls submission_relay_trusted = yes submission_relay_user = %u userdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } protocol lda { mail_plugins = }
-- "Catch the Magic of Linux..."
Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company.
On 9/25/2019 2:06 PM, Michael Peddemors via dovecot wrote:
For the record, ever since the last patches for NFS got committed, we don't see locking issues over NFS in general across all our platforms, but it also depends on how you configure your NFS server.
You might find that this is not a dovecot issue, but an NFS issue.
You might want to post more about your NFS setup(s) and then someone on the list might better assist you.
Thank you, Michael, for the advice. Turns out the NFS locking problem was a firewall issue on the Dovecot server, which is now fixed.
Does anyone have any advice on the the Submission Service authentication?
For example, this is what's coming up in the logs:
Sep 25 14:39:04 triata4 dovecot: submission-login: Client has quit the connection (auth failed, 1 attempts in 2 secs): user=<%u>, method=PLAIN, rip=10.1.1.99, lip=10.1.1.99, TLS, session=<mrNJe2eTDMUKAQFj>
As you can see, it's choking on user=<%u>, which it's not expanding, so is there a variable I can put in there, or is it strictly hard coded authentication?
Thanks.
On 2019-09-26 03:44, Asai via dovecot wrote:
Greetings,
We're in the process of upgrading our Dovecot server to new hardware and new expanded storage. We planned on using an NFS share for the mail storage, as we're running Postfix / Dovecot on a VM and wanted to separate out the mail storage from the VM for backup reasons.
I read as much as I could find on line regarding configuring Dovecot to use NFS, and set it up as best I could, but I'm still running into lock errors e.g.:
Sep 25 10:30:35 triata4 dovecot: imap(user@triata.globalchange.media)<75580><enQ/AWSTkQkKCgDu>: Error: fcntl(/vmail/triata.globalchange.media/user/dovecot.index.log, write-lock, F_SETLKW) locking failed: No locks available Sep 25 10:30:35 triata4 dovecot: imap(user@triata.globalchange.media)<75580><enQ/AWSTkQkKCgDu>: Error: mail_index_wait_lock_fd() failed with file /vmail/triata.globalchange.media/user/dovecot.index.log: No locks available
How is your NFS export mounted on the client? Can you post the output of "egrep nfs /proc/mounts"?
-- Adi Pircalabu
On 9/25/2019 4:17 PM, Adi Pircalabu via dovecot wrote:
How is your NFS export mounted on the client? Can you post the output of "egrep nfs /proc/mounts"?
Hi Adi, thank you for your reply.
Turns out that the problem was that the firewall on the Dovecot server needed to be opened to allow the NFS server to communicate lock commands, so I made a firewall exception and it's working now.
Asai
participants (3)
-
Adi Pircalabu
-
Asai
-
Michael Peddemors