[Dovecot] When imapc can't connect to remote IMAP prevents user login (and blocks LDA)
Hi! I'm using dovecot 2.1.12-r1. When remote imap server rejects connections then I can't login into account and MTA can't deliver emails to maildir also.
I'm attaching snippets of logs: 2012-12-15T18:05:43.072594+01:00 meteor dovecot: imap-login: Login: user=marcin@mejor.pl, method=PLAIN, rip=2001:470:1f0b:1ab3:50af:bef4:6918:78ad, lip=2001:470:1f15:1b61::2, mpid=32533, TLS, session=<T0GGKOfQCQAgAQRwHwsas1CvvvRpGHit> 2012-12-15T18:05:43.442598+01:00 meteor dovecot: imap(marcin@mejor.pl) <T0GGKOfQCQAgAQRwHwsas1CvvvRpGHit>: Error: imapc(imap.wp.pl:143): Server disconnected: Connection reset by peer 2012-12-15T18:05:43.442598+01:00 meteor dovecot: imap(marcin@mejor.pl) <T0GGKOfQCQAgAQRwHwsas1CvvvRpGHit>: Error: imapc(imap.wp.pl:143): Authentication failed: Disconnected from server 2012-12-15T18:05:43.442598+01:00 meteor dovecot: imap(marcin@mejor.pl) <T0GGKOfQCQAgAQRwHwsas1CvvvRpGHit>: Error: imapc: Command failed: Disconnected from server 2012-12-15T18:05:43.442598+01:00 meteor dovecot: imap(marcin@mejor.pl) <T0GGKOfQCQAgAQRwHwsas1CvvvRpGHit>: Error: user marcin@mejor.pl: Initialization failed: Namespace 'xxx-wp-pl.': imapc: LIST failed: Internal error occurred. Refer to server log for more information. [2012-12-15 18:05:43] 2012-12-15T18:05:43.442598+01:00 meteor dovecot: imap(marcin@mejor.pl) <T0GGKOfQCQAgAQRwHwsas1CvvvRpGHit>: Error: Invalid user settings. Refer to server log for more information.
And snippet when LDA tries to deliver email: 2012-12-15T18:00:54.689877+01:00 meteor dovecot: lda(marcin@mejor.pl) <>: Error: imapc(imap.wp.pl:143): Server disconnected: Connection reset by peer 2012-12-15T18:00:54.689877+01:00 meteor dovecot: lda(marcin@mejor.pl) <>: Error: imapc(imap.wp.pl:143): Authentication failed: Disconnected from server 2012-12-15T18:00:54.689877+01:00 meteor dovecot: lda(marcin@mejor.pl) <>: Error: imapc: Command failed: Disconnected from server 2012-12-15T18:00:54.689877+01:00 meteor dovecot: lda(marcin@mejor.pl) <>: Error: user marcin@mejor.pl: Initialization failed: Namespace 'xxx-wp-pl.': imapc: LIST failed: Internal error occurred. Refer to server log for more information. [2012-12-15 18:00:54] 2012-12-15T18:00:54.689877+01:00 meteor dovecot: lda(marcin@mejor.pl) <>: Fatal: Invalid user settings. Refer to server log for more information.
I'd like to ask is this behavior correct? Thanks, Marcin
doveconf -n:
# 2.1.12: /etc/dovecot/dovecot.conf # OS: Linux 3.6.8-hardened x86_64 Gentoo Base System release 2.1 auth_cache_size = 1 k auth_mechanisms = login digest-md5 cram-md5 plain deliver_log_format = msgid=%m: from=%f: phys=%p: virt=%w %$ dict { quota = pgsql:/etc/dovecot/dovecot-dict-sql.conf.ext } first_valid_uid = 8 last_valid_uid = 8 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes mail_attachment_dir = /dane/domeny/zalaczniki mail_attachment_min_size = 10000 k mail_cache_min_mail_count = 20 mail_gid = mail mail_log_prefix = "%s(%u) <%{session}>: " mail_plugins = autocreate quota notify mail_log stats zlib mail_privileged_group = mail mail_uid = mail maildir_stat_dirs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy incl ude variables body enotify environment mailbox date ihave mdbox_preallocate_space = yes mdbox_rotate_interval = 60 days mdbox_rotate_size = 50 M namespace inbox { inbox = yes list = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = . subscriptions = yes } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { autocreate = Trash autocreate2 = Spam autocreate3 = Sent autocreate4 = Drafts autosubscribe = Trash autosubscribe2 = Spam autosubscribe3 = Sent autosubscribe4 = Drafts quota = dict:User quota::proxy::quota quota_exceeded_message = Quota exceeded / Skrzynka odbiorcy jest przepelniona, wiadomosc nie zostala dostarczona sieve = ~/.dovecot.sieve sieve_dir = ~/sieve stats_command_min_time = 1 mins stats_domain_min_time = 12 hours stats_ip_min_time = 12 hours stats_memory_limit = 1M stats_refresh = 30 s stats_session_min_time = 15 mins stats_track_cmds = yes stats_user_min_time = 1 hours zlib_save = gz } postmaster_address = postmaster@mejor.pl protocols = imap pop3 sieve service auth { unix_listener auth-userdb { group = mail mode = 0660 user = root } } service dict { unix_listener dict { user = mail } } service stats { fifo_listener stats-mail { mode = 0600 user = mail } } ssl_cert =
On Sat, 2012-12-15 at 18:14 +0100, Marcin Mirosław wrote:
I'm using dovecot 2.1.12-r1. When remote imap server rejects connections then I can't login into account and MTA can't deliver emails to maildir also.
I'm attaching snippets of logs: 2012-12-15T18:05:43.072594+01:00 meteor dovecot: imap-login: Login: user=marcin@mejor.pl, method=PLAIN, rip=2001:470:1f0b:1ab3:50af:bef4:6918:78ad, lip=2001:470:1f15:1b61::2, mpid=32533, TLS, session=<T0GGKOfQCQAgAQRwHwsas1CvvvRpGHit> 2012-12-15T18:05:43.442598+01:00 meteor dovecot: imap(marcin@mejor.pl) <T0GGKOfQCQAgAQRwHwsas1CvvvRpGHit>: Error: imapc(imap.wp.pl:143): Server disconnected: Connection reset by peer 2012-12-15T18:05:43.442598+01:00 meteor dovecot: imap(marcin@mejor.pl) <T0GGKOfQCQAgAQRwHwsas1CvvvRpGHit>: Error: imapc(imap.wp.pl:143): Authentication failed: Disconnected from server 2012-12-15T18:05:43.442598+01:00 meteor dovecot: imap(marcin@mejor.pl) <T0GGKOfQCQAgAQRwHwsas1CvvvRpGHit>: Error: imapc: Command failed: Disconnected from server 2012-12-15T18:05:43.442598+01:00 meteor dovecot: imap(marcin@mejor.pl) <T0GGKOfQCQAgAQRwHwsas1CvvvRpGHit>: Error: user marcin@mejor.pl: Initialization failed: Namespace 'xxx-wp-pl.': imapc: LIST failed: Internal error occurred. Refer to server log for more information. [2012-12-15 18:05:43] 2012-12-15T18:05:43.442598+01:00 meteor dovecot: imap(marcin@mejor.pl) <T0GGKOfQCQAgAQRwHwsas1CvvvRpGHit>: Error: Invalid user settings. Refer to server log for more information.
Would be nice to have fewer and nicer error message lines of course.
I'd like to ask is this behavior correct?
You're using Dovecot as simple imapc proxy without local mails? Then yeah, what else could it really do?
W dniu 2012-12-18 21:33, Timo Sirainen pisze: Hi Timo, hi all!
On Sat, 2012-12-15 at 18:14 +0100, Marcin Mirosław wrote:
I'm using dovecot 2.1.12-r1. When remote imap server rejects connections then I can't login into account and MTA can't deliver emails to maildir also.
I'm attaching snippets of logs: 2012-12-15T18:05:43.072594+01:00 meteor dovecot: imap-login: Login: user=marcin@mejor.pl, method=PLAIN, rip=2001:470:1f0b:1ab3:50af:bef4:6918:78ad, lip=2001:470:1f15:1b61::2, mpid=32533, TLS, session=<T0GGKOfQCQAgAQRwHwsas1CvvvRpGHit> 2012-12-15T18:05:43.442598+01:00 meteor dovecot: imap(marcin@mejor.pl) <T0GGKOfQCQAgAQRwHwsas1CvvvRpGHit>: Error: imapc(imap.wp.pl:143): Server disconnected: Connection reset by peer 2012-12-15T18:05:43.442598+01:00 meteor dovecot: imap(marcin@mejor.pl) <T0GGKOfQCQAgAQRwHwsas1CvvvRpGHit>: Error: imapc(imap.wp.pl:143): Authentication failed: Disconnected from server 2012-12-15T18:05:43.442598+01:00 meteor dovecot: imap(marcin@mejor.pl) <T0GGKOfQCQAgAQRwHwsas1CvvvRpGHit>: Error: imapc: Command failed: Disconnected from server 2012-12-15T18:05:43.442598+01:00 meteor dovecot: imap(marcin@mejor.pl) <T0GGKOfQCQAgAQRwHwsas1CvvvRpGHit>: Error: user marcin@mejor.pl: Initialization failed: Namespace 'xxx-wp-pl.': imapc: LIST failed: Internal error occurred. Refer to server log for more information. [2012-12-15 18:05:43] 2012-12-15T18:05:43.442598+01:00 meteor dovecot: imap(marcin@mejor.pl) <T0GGKOfQCQAgAQRwHwsas1CvvvRpGHit>: Error: Invalid user settings. Refer to server log for more information.
Would be nice to have fewer and nicer error message lines of course.
This isn't problem for me.
I'd like to ask is this behavior correct?
You're using Dovecot as simple imapc proxy without local mails? Then yeah, what else could it really do?
Here is problem, I'm using local mails also!:) So when remote imap server doesn't want to talk with me I can't even check mail emails. I can understand this behavior (e.g. lda can't deliver email because sieve script could put such email in folder available via imapc) but it looks like a kind of DoS for my mailbox;) Maybe some kind of switch could be implemented: treat imapc errors as critical or not? Just an idea. Thanks, Marcin
On 19.12.2012, at 0.06, Marcin Mirosław marcin@mejor.pl wrote:
I'd like to ask is this behavior correct?
You're using Dovecot as simple imapc proxy without local mails? Then yeah, what else could it really do?
Here is problem, I'm using local mails also!:) So when remote imap server doesn't want to talk with me I can't even check mail emails. I can understand this behavior (e.g. lda can't deliver email because sieve script could put such email in folder available via imapc) but it looks like a kind of DoS for my mailbox;) Maybe some kind of switch could be implemented: treat imapc errors as critical or not? Just an idea.
I saw only one namespace in your configuration. Are you adding the imapc namespace somewhere else, or how exactly does your system work? Anyway, if you have a separate imapc namespace, I think you can simply set:
namespace .. { ignore_on_failure = yes }
W dniu 2012-12-18 23:10, Timo Sirainen pisze:
On 19.12.2012, at 0.06, Marcin Mirosław marcin@mejor.pl wrote:
I'd like to ask is this behavior correct?
You're using Dovecot as simple imapc proxy without local mails? Then yeah, what else could it really do?
Here is problem, I'm using local mails also!:) So when remote imap server doesn't want to talk with me I can't even check mail emails. I can understand this behavior (e.g. lda can't deliver email because sieve script could put such email in folder available via imapc) but it looks like a kind of DoS for my mailbox;) Maybe some kind of switch could be implemented: treat imapc errors as critical or not? Just an idea.
I saw only one namespace in your configuration. Are you adding the imapc namespace somewhere else, or how exactly does your system work? Anyway, if you have a separate imapc namespace, I think you can simply set:
namespace .. { ignore_on_failure = yes }
So I reinvented the wheel:] Thanks for tip! I'm storing namespaces in database. Thanks again, Marcin
W dniu 18.12.2012 23:10, Timo Sirainen pisze:
On 19.12.2012, at 0.06, Marcin Mirosław marcin@mejor.pl wrote:
I'd like to ask is this behavior correct?
You're using Dovecot as simple imapc proxy without local mails? Then yeah, what else could it really do?
Here is problem, I'm using local mails also!:) So when remote imap server doesn't want to talk with me I can't even check mail emails. I can understand this behavior (e.g. lda can't deliver email because sieve script could put such email in folder available via imapc) but it looks like a kind of DoS for my mailbox;) Maybe some kind of switch could be implemented: treat imapc errors as critical or not? Just an idea.
I saw only one namespace in your configuration. Are you adding the imapc namespace somewhere else, or how exactly does your system work? Anyway, if you have a separate imapc namespace, I think you can simply set:
namespace .. { ignore_on_failure = yes }
Hi again! I'm answering in this old thread because I found another case when "ignore_on_failure = yes" doesn't help. When remote IMAP server is shuted down or is firewalled, in log appears " 2013-10-26T14:27:04.380859+02:00 meteor dovecot: imap(marcin@mejor.pl) <bkQcQY7p5QBTkHPS>: Error: imapc(imap.wp.pl:993): connect(212.77.101.140, 993) timed out after 30 seconds "
In this case LDA doesn't deliver emails not I can't login using IMAP client. Is it possible to do something with such case?
P.S. Now I'm using dovecot-2.2.6.
Marcin
participants (2)
-
Marcin Mirosław
-
Timo Sirainen