[Dovecot] Sometimes Dovecot v1.0.3 does not accept new connections
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello,
occasionally Dovecot stops to accept new connections. Already existing ones do function properly. Strace'ing dovecot-auth reveals that it is running and is authentificating users, the logfile logs new connections. However, lots of other connects just stall, before the IMAP server responds with the greeting.
My user backend is a LDAP server.
I've sniffed the interface, but I also don't see numerous connection attempts, so I suppose, that there is no DoS attack running.
The logfile contains no warning or error except: dovecot: Oct 17 15:34:44 Warning: auth(default): Growing pool 'plain_auth_request' with: 2048 dovecot: Oct 17 15:34:49 Warning: auth(default): Growing pool 'plain_auth_request' with: 2048 dovecot: Oct 17 15:34:52 Warning: auth(default): Growing pool 'plain_auth_request' with: 2048 dovecot: Oct 17 15:35:02 Warning: auth(default): Growing pool 'plain_auth_request' with: 2048 dovecot: Oct 17 15:35:05 Warning: auth(default): Growing pool 'plain_auth_request' with: 2048 dovecot: Oct 17 15:35:12 Warning: auth(default): Growing pool 'plain_auth_request' with: 2048 dovecot: Oct 17 15:35:19 Warning: auth(default): Growing pool 'plain_auth_request' with: 2048 dovecot: Oct 17 15:35:20 Warning: auth(default): Growing pool 'plain_auth_request' with: 2048 dovecot: Oct 17 15:35:25 Warning: auth(default): Growing pool 'plain_auth_request' with: 2048 dovecot: Oct 17 15:35:26 Warning: auth(default): Growing pool 'plain_auth_request' with: 2048 dovecot: Oct 17 15:35:27 Warning: auth(default): Growing pool 'plain_auth_request' with: 2048 dovecot: Oct 17 15:35:27 Warning: auth(default): Growing pool 'plain_auth_request' with: 2048 dovecot: Oct 17 15:35:41 Warning: auth(default): Growing pool 'plain_auth_request' with: 2048 dovecot: Oct 17 15:35:42 Warning: auth(default): Growing pool 'plain_auth_request' with: 2048 dovecot: Oct 17 15:35:47 Warning: auth(default): Growing pool 'plain_auth_request' with: 2048 dovecot: Oct 17 15:35:49 Warning: auth(default): Growing pool 'plain_auth_request' with: 2048 dovecot: Oct 17 15:35:49 Warning: auth(default): Growing pool 'plain_auth_request' with: 2048 dovecot: Oct 17 15:35:50 Warning: auth(default): Growing pool 'plain_auth_request' with: 2048 dovecot: Oct 17 15:35:56 Warning: auth(default): Growing pool 'plain_auth_request' with: 2048 dovecot: Oct 17 15:36:03 Warning: auth(default): Growing pool 'plain_auth_request' with: 2048
Does somebody has an idea, where to go to look into the issue?
Bye,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRxYYSi9SORjhbDpvAQL8JQf+KWGlq9ic5ufFKcc/hZu6ZUQCpvDTzQHy YGyCFWXNsMoumMEXieiUw6plGDqEWajrhuDNbWHLtc8NPykpopT29lBaxIL2up1R uY0FV02AIjtNbexoRnC9Fk+0z+keDBb9DtrgHDZeNeK+vizxFQeLIM2xtWgXky9t MjoUVYeuXPAb8kZPm3ryW10SadDIJOi7mmnPZFWscaBgN/3Pvf9/oakAaEJyezFj HJY3bYVj2SeblVnn8xFXxszFTV1I3IOM/vIQAtA6gJ4p5D5xXabGzyERgSck1jz6 OtdUIyLJmLdFq5jRdP2FtYyLyOdb27z7krxfFGXeAMbHxf3TCefaiA== =TVVY -----END PGP SIGNATURE-----
On Wed, 2007-10-17 at 16:12 +0200, Steffen Kaiser wrote:
occasionally Dovecot stops to accept new connections. Already existing ones do function properly. Strace'ing dovecot-auth reveals that it is running and is authentificating users, the logfile logs new connections. However, lots of other connects just stall, before the IMAP server responds with the greeting.
Do you have login_greeting_capability=yes?
Maybe these patches help figuring out what hangs: http://hg.dovecot.org/dovecot-1.0/rev/4bdab7e04a61 http://hg.dovecot.org/dovecot-1.0/rev/4dab9295cd95 http://hg.dovecot.org/dovecot-1.0/rev/9c74f599bb2f
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sat, 27 Oct 2007, Timo Sirainen wrote:
Do you have login_greeting_capability=yes?
No, I don't.
Maybe these patches help figuring out what hangs:
OK, I'll try
$ dovecot -n # 1.0.3: /usr/local/dovecot-1.0.3/etc/dovecot.conf base_dir: /var/run/dovecot/ log_path: /var/log/dovecot/dovecot.log protocols: imap imaps pop3 pop3s managesieve listen(default): * listen(imap): * listen(pop3): * listen(managesieve): *:2000 ssl_ca_file: /etc/ssl/certs/ca.crt ssl_cert_file(default): /etc/ssl/certs/imap.pem ssl_cert_file(imap): /etc/ssl/certs/imap.pem ssl_cert_file(pop3): /etc/ssl/certs/pop3.pem ssl_cert_file(managesieve): /etc/ssl/certs/imap.pem ssl_key_file(default): /etc/ssl/private/imap.key ssl_key_file(imap): /etc/ssl/private/imap.key ssl_key_file(pop3): /etc/ssl/private/pop3.key ssl_key_file(managesieve): /etc/ssl/private/imap.key disable_plaintext_auth: no verbose_ssl: yes login_dir(default): /var/run/dovecot//login login_dir(imap): /var/run/dovecot//login login_dir(pop3): /var/run/dovecot//login login_dir(managesieve): /var/run/dovecot/login login_executable(default): /usr/local/dovecot-1.0.3/libexec/dovecot/imap-login login_executable(imap): /usr/local/dovecot-1.0.3/libexec/dovecot/imap-login login_executable(pop3): /usr/local/dovecot-1.0.3/libexec/dovecot/pop3-login login_executable(managesieve): /usr/local/dovecot-1.0.3/libexec/dovecot/managesieve-login login_log_format_elements: %p: user=<%u> method=%m rip=%r lip=%l %c verbose_proctitle: yes first_valid_uid: 10 mail_location(default): maildir:%h/Maildir:CONTROL=/var/cache/dovecot/%i/control:INDEX=/var/cache/dovecot/%i/index mail_location(imap): maildir:%h/Maildir:CONTROL=/var/cache/dovecot/%i/control:INDEX=/var/cache/dovecot/%i/index mail_location(pop3): maildir:%h/Maildir:CONTROL=/var/cache/dovecot/%i/control:INDEX=/var/cache/dovecot/%i/index mail_location(managesieve): maildir:%h/Maildir mail_debug: yes dotlock_use_excl: yes maildir_copy_with_hardlinks: yes maildir_copy_preserve_filename: yes umask: 7 mail_executable(default): /usr/local/dovecot-1.0.3/libexec/dovecot/rawlog /usr/local/dovecot-1.0.3/libexec/dovecot/imap mail_executable(imap): /usr/local/dovecot-1.0.3/libexec/dovecot/rawlog /usr/local/dovecot-1.0.3/libexec/dovecot/imap mail_executable(pop3): /usr/local/dovecot-1.0.3/libexec/dovecot/pop3 mail_executable(managesieve): /usr/local/dovecot-1.0.3/libexec/dovecot/managesieve mail_plugins(default): quota imap_quota mail_log zlib mail_plugins(imap): quota imap_quota mail_log zlib mail_plugins(pop3): quota mail_log mail_plugins(managesieve): mail_plugin_dir(default): /usr/local/dovecot-1.0.3/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/dovecot-1.0.3/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/dovecot-1.0.3/lib/dovecot/pop3 mail_plugin_dir(managesieve): /usr/local/dovecot-1.0.3/lib/dovecot/managesieve mail_log_prefix: %Us(%u) [%p]: mail_log_max_lines_per_sec: 0 pop3_uidl_format(default): pop3_uidl_format(imap): pop3_uidl_format(pop3): %08Xu%08Xv pop3_uidl_format(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): oe-ns-eoh pop3_client_workarounds(managesieve): namespace: type: private separator: . inbox: yes auth default: mechanisms: plain login cache_size: 10 username_chars: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890- verbose: yes debug: yes passdb: driver: ldap args: /usr/local/dovecot-1.0.3/etc/dovecot-ldap.conf passdb: driver: shadow userdb: driver: ldap args: /usr/local/dovecot-1.0.3/etc/dovecot-ldap.conf userdb: driver: passwd socket: type: listen master: path: /var/run/dovecot/auth-master mode: 432 group: mail plugin: quota: fs
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRyXDii9SORjhbDpvAQJnHwf+NEhmhrF8eR3zc4MhStMlXFcUvQtZZPg5 H7XR+6eVQFVsDFSX9lvqB1rBGS2kHRJnyArf9gqiP/0Kl1XdLoS8afxtBq0yLLDu pn2lYDIj40CZAQk0iHvnU/yPW5tHIFCIRLcloM0L0gY3CN6icGfXR7lMMonNd/Ka zOIztf9xQAFOqpVSaFseTBdVt1SJW7V0UDR5xfuwm+mwwurkftOgg6JtC5Qytf5+ lTh2Zo0sv2PcnOxX5OcdoxhSjkoAul19bk775rJzJVSgdg9qBDSuliaTlndOp2r8 VJ611OPHVpxwfb4SG+PifeGLoFBfveSEWbwkdRik1JgGvlIo12zAtQ== =OfkH -----END PGP SIGNATURE-----
On Mon, 2007-10-29 at 12:27 +0100, Steffen Kaiser wrote:
Do you have login_greeting_capability=yes?
No, I don't.
Maybe these patches help figuring out what hangs:
OK, I'll try
Then those patches probably don't help. How did you figure out it wasn't giving a greeting? By manually with telnet or something? Did it show that the connection was accepted?
If login_greeting_capability=no then the first thing it does after accepting a connection is send the greeting. So accept+no greeting shouldn't really happen.
But if the connection doesn't even get accepted, then it sounds like there are too few login processes for too many users and changing the settings could help.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, 29 Oct 2007, Timo Sirainen wrote:
On Mon, 2007-10-29 at 12:27 +0100, Steffen Kaiser wrote:
Do you have login_greeting_capability=yes?
No, I don't.
Then those patches probably don't help. How did you figure out it wasn't giving a greeting? By manually with telnet or something? Did it show that the connection was accepted?
Figure out: I'm working with the MUA, when checking mail of different incoming folders the connection (or better to open a new folder) becomes very slow or times out. I do use another MUA for different things, which cannot connect at all.
At this time I ssh to the mail server and telnet to local port 143. I get a connect ("Connected to localhost"), but no greeting. When I keep the telnet open, nothing happens. There is no greeting, even if the server gets back into "normal" state, the telnet session simply stays so.
But if the connection doesn't even get accepted, then it sounds like there are too few login processes for too many users and changing the settings could help.
This is a) worth a try and b) not that bad anyway, because we have several times a day about 30 users are instructed to read their mails simultaneously.
Maybe, the connections come in too fast.
Bye,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRybtdi9SORjhbDpvAQLFjwgAoji6QJPJhTLAg+dSm9vSnG+1nFvlf524 5zQk5mS2fdfQy3zkD9q9odxOpZ+6T1MPnDoM2Ax8fJPLCsu2VVeranOAg1Cf8/mL l/7+fF4QXX2efHaPzDdpyQe6iIzclyGEIaRTqolHESpp3QG9a6c7Mzz66UKQoHt5 w5NP07NQQI0Yqjt0V3SQLNzf7i4zMi41UGqZBDxvEjjtRmEkXHsTD+A7WU9y/Cfl NsthjosVlcHf4TqMl+LTDkLDrX/TcKBA0wYxLbHhI42uEsz6ZffyVyqtFkJs0hrU bqOpspYKzTIDfxqXF+Fg9H0TIeYeUS3eM1hDYj647el9ZTtgkAuA6g== =DRzm -----END PGP SIGNATURE-----
participants (2)
-
Steffen Kaiser
-
Timo Sirainen