[Dovecot] Dovecot hanging up with many defunct processes
Hi,
I am in a very awkward situation and need some kind of immediate fix up.
I had installed dovecot in my organization as part of migration of email server. The setup involves sendmail, dovecot (imaps+pop3s) and webmail (squirrelmail) running on apache webserver. All was working fine until one day I found a lot of defunct processes on system related to dovecot. dovecot-auth, imap-login and imap were all defunct. The system is using pam_ldap and nss_ldap to authenticate users to a Windows 2003 Active Directory. Immediate restart of dovecot solved the problem for me that day, however since then it's been about 3 times that I've faced this problem. After visiting various forums I came to know one thing, that it has something to do with pam_ldap and nss_ldap. However with UW-IMAP we were using the same setup and we didn't find any problems there. It would be very kind of you, if you can help me out on this front as apart from these mishaps the mail server is running perfectly fine and we wish to continue using Dovecot for our setup in future as well. Following is the system details:
- OS: RHEL4 (Kernel - 2.6.9-5.ELsmp)
- Dovecot: Dovecot (Version - 1.0.3)
- Following is dovecot configuration: log_path: /var/log/dovecot.log protocols: imaps pop3s ssl_cert_file: /usr/share/ssl/certs/imapd.pem ssl_key_file: /usr/share/ssl/private/imapd.pem login_dir: /usr/local/var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login max_mail_processes: 10240 mail_location: mbox:~/mail:INBOX=/var/mail/%u mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 pop3_uidl_format(default): pop3_uidl_format(imap): pop3_uidl_format(pop3): %08Xu%08Xv auth default: passdb: driver: pam userdb: driver: passwd
- Dovecot's PAM file (/etc/pam.d/dovecot) #%PAM-1.0 auth required pam_ldap.so account required pam_ldap.so session required pam_mkhomedir.so skel=/etc/skel umask=0077 session required pam_ldap.so
As far as I feel it's problem with pam_ldap not able to authenticate against Windows 2003 Active Directory due to some reason or the other. However I'm not sure why is this happening.
Regards,
Mayank Joshi.
Mayank Joshi wrote:
passdb: driver: pam userdb: driver: passwd
- Dovecot's PAM file (/etc/pam.d/dovecot) #%PAM-1.0 auth required pam_ldap.so account required pam_ldap.so session required pam_mkhomedir.so skel=/etc/skel umask=0077 session required pam_ldap.so
Our situation is similar (but not exact) to yours - I'm authenticating against LDAP though and not AD2003. Perhaps one of these settings I use may help:
dovecot.conf: login_process_per_connection: no
auth default: cache_size: 4096 cache_ttl: 7200 passdb: driver: pam args: cache_key=%u dovecot userdb: driver: passwd args: blocking=yes
The blocking=yes in the userdb might be the first thing you try, see these wiki pages for the reasons I have it like this:
http://wiki.dovecot.org/UserDatabase/NSS http://wiki.dovecot.org/AuthDatabase/Passwd
Additionally my pam.d dovecot uses the system stack, which *then* uses nss_ldap on it's own; I don't specifically bind pam_ldap into the dovecot pam.d file:
# cat /etc/pam.d/dovecot #%PAM-1.0 auth required pam_nologin.so auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth session required pam_stack.so service=system-auth
In this case the file /etc/nsswitch.conf is controlling my authentication mechanism (LDAP), and the pam_ldap.so stack entry is located in /etc/pam.d/system-auth (these are all Red Hat defaults out of the box).
Hope some of this helps, -te
-- Troy Engel | Systems Engineer Fluid, Inc | http://www.fluid.com
Hi Mayank,
Mayank Joshi schrieb:
dovecot-auth, imap-login and imap were all defunct. The system is using pam_ldap and nss_ldap to authenticate users to a Windows 2003 Active Directory. Immediate restart of dovecot solved the problem for me that day, however since then it's been about 3 times that I've faced this problem. After visiting various forums I came to know one thing, that it has something to do with pam_ldap and nss_ldap. However with UW-IMAP we were using the same setup and we didn't find any problems there.
Following is the system details:
passdb: driver: pam
Not sure if it will solve your problem, but you probably want to set args = blocking=yes in your passdb or switch to direct LDAP queries.
http://wiki.dovecot.org/PasswordDatabase/PAM#head-71368e6eb385969ff27fcda066...
Benjamin
-- Benjamin Dabelow benjamin@dabelow.eu
participants (3)
-
Benjamin Dabelow
-
Mayank Joshi
-
Troy Engel