Hi,
from time to time the IMAP login times out ... my external monitoring says "connection reset by peer (SSL)" and Thunderbird tries to connect forever. After a short while everything returns back to normal operation.
The system resources are plenty, there are no error messages and no greedy background tasks running.
I read a little about tweaking imap-login - but all the default parameters seem to be set more generously than what was recommended.
Where should I start the debugging process?
I really wish there was some "dovecot optimizer tool" ... :P
-- Cheers, \\|// Vince (o o) ----------------------------ooO-(_)-Ooo------------------------- ''' (o)_(o) [ ][0][ ] ô¿ô (=°o°=) World Domination by Copy and Paste [ ][ ][0]
- (")_(") [0][0][0]
() ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Ooo. ---------------------------.ooO----( )------------------------- ( ) (_/ \_)
Am 28.05.2016 um 21:25 schrieb Vince42:
Hi,
from time to time the IMAP login times out ... my external monitoring says "connection reset by peer (SSL)" and Thunderbird tries to connect forever. After a short while everything returns back to normal operation.
The system resources are plenty, there are no error messages and no greedy background tasks running.
I read a little about tweaking imap-login - but all the default parameters seem to be set more generously than what was recommended.
Where should I start the debugging process?
I really wish there was some "dovecot optimizer tool" ... :P
That sounds suspiciously as if you are running out of entropy. Is that a virtual machine you are running with dovecot?
At time when the SSL connection cannot be established check the value of available entropy by
cat /proc/sys/kernel/random/entropy_availIn case you see a low value you should consider running a daemon like haveged.
Alexander
On May 29, 2016 at 1:43 AM Alexander Dalloz <ad+lists@uni-x.org> wrote:
Am 28.05.2016 um 21:25 schrieb Vince42:
Hi,
from time to time the IMAP login times out ... my external monitoring says "connection reset by peer (SSL)" and Thunderbird tries to connect forever. After a short while everything returns back to normal operation.
The system resources are plenty, there are no error messages and no greedy background tasks running.
I read a little about tweaking imap-login - but all the default parameters seem to be set more generously than what was recommended.
Where should I start the debugging process?
I really wish there was some "dovecot optimizer tool" ... :P
Dovecot optimization is usually only required for large installations.
That sounds suspiciously as if you are running out of entropy. Is that a virtual machine you are running with dovecot?
At time when the SSL connection cannot be established check the value of available entropy by
cat /proc/sys/kernel/random/entropy_avail
In case you see a low value you should consider running a daemon like haveged.
Alexander
Also make sure you are not facing simple firewall or interconnectivity issue.
Also usually it helps if you provide outputs from
doveconf -n doveadm log errors
Aki Tuomi
Hi,
[aki.tuomi@dovecot.fi] - [29.05.2016 08:58]
Also make sure you are not facing simple firewall or interconnectivity issue.
The server is running well all the time, except for these "hickups". I will also try Alexander's hint.
Also usually it helps if you provide outputs from doveconf -n doveadm log errors
Here is my doveconf -n (doveadm log shows only old errors, nothing in relation to the timeouts):
# 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-68-generic x86_64 Ubuntu 14.04.4 LTS auth_mechanisms = plain login auth_username_format = %n debug_log_path = /var/log/dovecot.log mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 lmtp sieve pop3 service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl_cert = </etc/ssl/certs/domain.crt ssl_key = </etc/ssl/private/domain.key userdb { driver = passwd } protocol lmtp { mail_plugins = " sieve" } protocol lda { mail_plugins = " sieve" } protocol imap { mail_max_userip_connections = 50 }
-- Cheers, \\|// Vince (o o) ----------------------------ooO-(_)-Ooo------------------------- ''' (o)_(o) [ ][0][ ] ô¿ô (=°o°=) World Domination by Copy and Paste [ ][ ][0]
- (")_(") [0][0][0]
() ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Ooo. ---------------------------.ooO----( )------------------------- ( ) (_/ \_)
Hi,
[Alexander Dalloz] - [29.05.2016 00:43]
At time when the SSL connection cannot be established check the value of available entropy by cat /proc/sys/kernel/random/entropy_avail In case you see a low value you should consider running a daemon like haveged.
I had the issue yesterday again and the available entropy has values between 1300 and 1500 - seems to be fine to me ... any other ideas, what I could check or monitor?
-- Cheers, \\|// Vince (o o) ----------------------------ooO-(_)-Ooo------------------------- ''' (o)_(o) [ ][0][ ] ô¿ô (=°o°=) World Domination by Copy and Paste [ ][ ][0]
- (")_(") [0][0][0]
() ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Ooo. ---------------------------.ooO----( )------------------------- ( ) (_/ \_)
participants (3)
-
aki.tuomi@dovecot.fi
-
Alexander Dalloz
-
Vince42