[Dovecot] Wait for interface to become available instead of dying?
At the moment, if one of the interfaces specified with "listen=" in dovecot.conf is not up when Dovecot is started, then Dovecot just refuses to start. Is there an option to make Dovecot start anyway, and just use the interface when it becomes available? It is inconvenient to have Dovecot refuse to start during boot because some interface is temporarily not available.
Then again, maybe there is some strong security reasoning behind the way Dovecot behaves at the moment?
Am 10.06.2013 11:45, schrieb Sebastian Arcus:
At the moment, if one of the interfaces specified with "listen=" in dovecot.conf is not up when Dovecot is started, then Dovecot just refuses to start. Is there an option to make Dovecot start anyway, and just use the interface when it becomes available? It is inconvenient to have Dovecot refuse to start during boot because some interface is temporarily not available.
Then again, maybe there is some strong security reasoning behind the way Dovecot behaves at the moment?
the main question is why do you not order the start of your services correctly how should a application bind to a specific interface if it is not up?
listening on * is no problem in this case but you can hardly bind to a non existing interface
On 10/06/13 13:14, Reindl Harald wrote:
Am 10.06.2013 11:45, schrieb Sebastian Arcus:
At the moment, if one of the interfaces specified with "listen=" in dovecot.conf is not up when Dovecot is started, then Dovecot just refuses to start. Is there an option to make Dovecot start anyway, and just use the interface when it becomes available? It is inconvenient to have Dovecot refuse to start during boot because some interface is temporarily not available.
Then again, maybe there is some strong security reasoning behind the way Dovecot behaves at the moment?
the main question is why do you not order the start of your services correctly how should a application bind to a specific interface if it is not up?
The order of services is fine as it is. The problem is that if any of the interfaces Dovecot is supposed to be binding to is missing, Dovecot seems to refuse to start at all - instead of just binding to what is available. The openvpn service for example might have been reconfigured on a different IP. On next reboot, there is no imap server available for any interface. One of the network cards might go faulty. On next reboot
- not imap server.
Exim seems to be happy to start regardless of what is available - but I'm not sure of the intricacies of how they do it.
Am 10.06.2013 21:04, schrieb Sebastian Arcus:
On 10/06/13 13:14, Reindl Harald wrote:
Am 10.06.2013 11:45, schrieb Sebastian Arcus:
At the moment, if one of the interfaces specified with "listen=" in dovecot.conf is not up when Dovecot is started, then Dovecot just refuses to start. Is there an option to make Dovecot start anyway, and just use the interface when it becomes available? It is inconvenient to have Dovecot refuse to start during boot because some interface is temporarily not available.
Then again, maybe there is some strong security reasoning behind the way Dovecot behaves at the moment?
the main question is why do you not order the start of your services correctly how should a application bind to a specific interface if it is not up?
The order of services is fine as it is. The problem is that if any of the interfaces Dovecot is supposed to be binding to is missing, Dovecot seems to refuse to start at all
where i work and config servers *i want* the to fail if the config is wrong
instead of just binding to what is available
is not a predictable configuration if you specify ecplicit interfaces
openvpn service for example might have been reconfigured on a different IP
so why the hell to you not config dovecot with "address = *" if you want this
On next reboot, there is no imap server available for any interface
which is good because you recognize something goes wrong and if you want it to listen to "whatis available" avoid configs with specific interfaces
One of the network cards might go faulty. On next reboot - not imap server.
so what - if hardware dies you normally want to know it instead hav eit somehow masqueraded
Exim seems to be happy to start regardless of what is available
dovecot too as any other service if you configure it not explicitly for specific interfaces
On 11/06/13 00:21, Reindl Harald wrote:
Am 10.06.2013 21:04, schrieb Sebastian Arcus:
On 10/06/13 13:14, Reindl Harald wrote:
Am 10.06.2013 11:45, schrieb Sebastian Arcus:
At the moment, if one of the interfaces specified with "listen=" in dovecot.conf is not up when Dovecot is started, then Dovecot just refuses to start. Is there an option to make Dovecot start anyway, and just use the interface when it becomes available? It is inconvenient to have Dovecot refuse to start during boot because some interface is temporarily not available.
Then again, maybe there is some strong security reasoning behind the way Dovecot behaves at the moment?
the main question is why do you not order the start of your services correctly how should a application bind to a specific interface if it is not up?
The order of services is fine as it is. The problem is that if any of the interfaces Dovecot is supposed to be binding to is missing, Dovecot seems to refuse to start at all
where i work and config servers *i want* the to fail if the config is wrong
instead of just binding to what is available
is not a predictable configuration if you specify ecplicit interfaces
openvpn service for example might have been reconfigured on a different IP
so why the hell to you not config dovecot with "address = *" if you want this
Steady now. I was only asking a question. No need to burst a blood vessel over this. Some people prefer their systems to work slightly differently than others. It's the way of the world.
Thank you for taking the time to answer.
Am 11.06.2013 09:00, schrieb Sebastian Arcus:
At the moment, if one of the interfaces specified with "listen=" in dovecot.conf is not up when Dovecot is started, then Dovecot just refuses to start. Is there an option to make Dovecot start anyway, and just use the interface when it becomes available? It is inconvenient to have Dovecot refuse to start during boot because some interface is temporarily not available.
try write some wrapper to the dovecot start script , checking your interfaces and perhaps echo some stuff in dovecot.conf, or simply use -c option for starting another dovecot.conf but i would not recommand this practises
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
On 11/06/13 08:18, Robert Schetterer wrote:
Am 11.06.2013 09:00, schrieb Sebastian Arcus:
At the moment, if one of the interfaces specified with "listen=" in dovecot.conf is not up when Dovecot is started, then Dovecot just refuses to start. Is there an option to make Dovecot start anyway, and just use the interface when it becomes available? It is inconvenient to have Dovecot refuse to start during boot because some interface is temporarily not available.
try write some wrapper to the dovecot start script , checking your interfaces and perhaps echo some stuff in dovecot.conf, or simply use -c option for starting another dovecot.conf but i would not recommand this practises
Thanks Robert. That's an interesting idea. It probably isn't really worth the hassle as the whole issue is not quite that important. I was merely wondering if there is a configuration option for Dovecot to ignore missing interfaces.
Maybe coming from the other direction of the spectrum might also be a good idea - something like a "nolisten" option - to prevent it from listening on certain interfaces. That's the main reason I use the "listen" option - to prevent Dovecot from ever listening on certain interfaces, as an extra layer of protection in case the firewall ever gets misconfigured.
Am 11.06.2013 09:24, schrieb Sebastian Arcus:
On 11/06/13 08:18, Robert Schetterer wrote:
Am 11.06.2013 09:00, schrieb Sebastian Arcus:
At the moment, if one of the interfaces specified with "listen=" in dovecot.conf is not up when Dovecot is started, then Dovecot just refuses to start. Is there an option to make Dovecot start anyway, and just use the interface when it becomes available? It is inconvenient to have Dovecot refuse to start during boot because some interface is temporarily not available.
try write some wrapper to the dovecot start script , checking your interfaces and perhaps echo some stuff in dovecot.conf, or simply use -c option for starting another dovecot.conf but i would not recommand this practises
Thanks Robert. That's an interesting idea. It probably isn't really worth the hassle as the whole issue is not quite that important. I was merely wondering if there is a configuration option for Dovecot to ignore missing interfaces.
Maybe coming from the other direction of the spectrum might also be a good idea - something like a "nolisten" option - to prevent it from listening on certain interfaces. That's the main reason I use the "listen" option - to prevent Dovecot from ever listening on certain interfaces, as an extra layer of protection in case the firewall ever gets misconfigured.
perhaps good idea , but i think it hasnt high prior, wait for Timos Statement
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
On 2013-06-10 02:45, Sebastian Arcus wrote:
At the moment, if one of the interfaces specified with "listen=" in dovecot.conf is not up when Dovecot is started, then Dovecot just refuses to start. Is there an option to make Dovecot start anyway, and just use the interface when it becomes available? It is inconvenient to have Dovecot refuse to start during boot because some interface is temporarily not available.
Then again, maybe there is some strong security reasoning behind the way Dovecot behaves at the moment?
Depending on platform, but on Linux:
sysctl -w net.ipv4.ip_nonlocal_bind = 1
And presto. Do note that figuring out that some applications are then misconfigured is a lot of fun, though 'netstat -anp' will help with that. (-p only as root on again Linuxes)
Greets, Jeroen
participants (4)
-
Jeroen Massar
-
Reindl Harald
-
Robert Schetterer
-
Sebastian Arcus