Hello,
last week and today our dovecot pop3 server stopped responding. Without any other logentries dovecot start to log only this:
Dec 12 09:14:12 mbox1 dovecot: auth: Error: ldap(testuser,192.0.2.110,<FBZH7lHtAQAK/FCj>): ldap_search(base=ou=accounts,dc=example,dc=de filter=(&(|(uid=testuser)(mail=testuser))(!(state=blocked)))) failed: Operations error
For every pop3 Session, ~2000 per Minute ..., over 10 Minutes I send dovecot a SIGTERM. After dovecot was started again, all was fine again.
# doveconf -n http://postmaster.datev.de/tmp/dovecot.conf
The LDAP-Server itself did resond to queries in the same timeframe. I know this because the MTA on the same host was able to deliver messages into mailboxes.
Any hints?
Thanks Andreas
-- Andreas Schulze Internetdienste | P252
DATEV eG 90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Dipl.-Kfm. Dr. Robert Mayr Jörg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen
On 12.12.2013, at 13.05, Andreas Schulze <andreas.schulze@datev.de> wrote:
last week and today our dovecot pop3 server stopped responding. Without any other logentries dovecot start to log only this:
Dec 12 09:14:12 mbox1 dovecot: auth: Error: ldap(testuser,192.0.2.110,<FBZH7lHtAQAK/FCj>): ldap_search(base=ou=accounts,dc=example,dc=de filter=(&(|(uid=testuser)(mail=testuser))(!(state=blocked)))) failed: Operations error
For every pop3 Session, ~2000 per Minute ..., over 10 Minutes I send dovecot a SIGTERM. After dovecot was started again, all was fine again.
# doveconf -n http://postmaster.datev.de/tmp/dovecot.conf
The LDAP-Server itself did resond to queries in the same timeframe. I know this because the MTA on the same host was able to deliver messages into mailboxes.
Likely the difference is that Dovecot keeps the LDAP connection open for a very long time, while MTA likely recreates new connections often (maybe even every time). I guess the fix would be to simply treat that error as "reconnection required": http://hg.dovecot.org/dovecot-2.2/rev/ea38559ffd4e
participants (2)
-
Andreas Schulze
-
Timo Sirainen