[Dovecot] dovecot rejecting auth after working a few times
Greetings all, I've got a dovecot server up that works just fine for a few minutes, and then suddenly won't authenticate users. On top of it, it keeps spawning dovecot-auth processes that won't go away. If any one has seen this or knows what's causing it I sure could use some help.
Thanks much.
I've included my relevant config info below
Matthew Thorley
dovecot --version 1.0.beta3
grep -v \# /etc/dovecot/dovecot.conf | grep -vE "^$" protocols = imaps pop3s listen = * ssl_disable = no ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S " login_user = dovecot mail_extra_groups = mail mail_debug = yes default_mail_env = maildir:/var/mail/%u protocol imap { }
protocol pop3 {
pop3_uidl_format = %v-%u } auth_verbose =yes auth_debug = yes auth_debug_passwords = yes auth_worker_max_count = 10 auth default { mechanisms = plain passdb pam { } userdb passwd { } user = root } plugin { }
On 2/13/2008, Matthew Thorley (matthew.thorley@novusllc.us) wrote:
dovecot --version 1.0.beta3
Ack!
You will have to upgrade before anyone will spend any time trying to help you. This is extremely old.
It is recommended that you start with a clean, fresh config file, and slowly make the changes required for your situation, but be sure to read the CURRENT docs, because many things have changed...
--
Best regards,
Charles
Thanks Charles. I downloaded the latest code, and reconfigured from scratch. Now everything is working.
Regards
matthew
On Thu, Feb 14, 2008 at 3:55 AM, Charles Marcus CMarcus@media-brokers.com wrote:
On 2/13/2008, Matthew Thorley (matthew.thorley@novusllc.us) wrote:
dovecot --version 1.0.beta3
Ack!
You will have to upgrade before anyone will spend any time trying to help you. This is extremely old.
It is recommended that you start with a clean, fresh config file, and slowly make the changes required for your situation, but be sure to read the CURRENT docs, because many things have changed...
--
Best regards,
Charles
-- Matthew Thorley
Alright then. I took Charles advice, installed version 1.0.10, and created a new config from scratch.
Dovecot is still hanging up randomly. When I starts to hang (stop allowing users to login) I get errors like this in syslog
Feb 14 13:44:59 mail dovecot: pop3-login: Can't connect to auth server at default: Resource temporarily unavailable Feb 14 13:45:00 mail dovecot: imap-login: Can't connect to auth server at default: Resource temporarily unavailable
When the problem occurs I also get a few extra dovecot-auth processes that won't die. When I do killall -9 dovecot-auth, dovecot begins responding again and allowing users to access their mail.
I saw some similar problems with older versions in the list archives but no solutions. One was for an Ubuntu LTS system, which is what my server is. I am guessing then, that the problem may have to do with pam, or how dovecot is connecting to it. I saw some one mentioning a possible race condition, but no solution.
Does any one have any hints or suggestions.
Thanks. Relevant config info below
matthew
root@molly-sl:~# /opt/local/sbin/dovecot -n # 1.0.10: /opt/local/etc/dovecot.conf protocols: pop3s imaps ssl_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem ssl_key_file: /etc/ssl/private/ssl-cert-snakeoil.key login_dir: /opt/local/var/run/dovecot/login login_executable(default): /opt/local/libexec/dovecot/imap-login login_executable(imap): /opt/local/libexec/dovecot/imap-login login_executable(pop3): /opt/local/libexec/dovecot/pop3-login mail_location: maildir:/var/mail/%u mail_executable(default): /opt/local/libexec/dovecot/imap mail_executable(imap): /opt/local/libexec/dovecot/imap mail_executable(pop3): /opt/local/libexec/dovecot/pop3 mail_plugin_dir(default): /opt/local/lib/dovecot/imap mail_plugin_dir(imap): /opt/local/lib/dovecot/imap mail_plugin_dir(pop3): /opt/local/lib/dovecot/pop3 pop3_uidl_format(default): pop3_uidl_format(imap): pop3_uidl_format(pop3): %v-%u auth default: passdb: driver: pam userdb: driver: passwd
root@molly-sl:~# /opt/local/sbin/dovecot --version 1.0.10
Sorry Timo your seeing these twice. For some reason my mail client replied to you and not the list.
Timo > Where does pam authenticate from? Where does passwd (i.e. NSS) Timo > authenticate from?
I'm not sure about passwd, but pam authentication comes from ldap.
It started failing again. Here are some relevant log entries. The first few attempts at the top are good, but then it starts to fail, this time with with a different error than before.
And I am again seeing extra dovecot-auth processes. It does seem that the problem is related to pam, but I don't understand while it works for fails, and then works again if I kill off dovecot-auth.
Feb 14 14:32:06 mail dovecot: pop3-login: Login: user=<matthew>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS Feb 14 14:32:07 mail dovecot: POP3(matthew): Disconnected: Logged out top=0/0, retr=0/0, del=0/318, size=5975170 Feb 14 14:32:11 mail dovecot: pop3-login: Login: user=<lindsay>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS Feb 14 14:32:11 mail dovecot: pop3-login: Login: user=<lindsay>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS Feb 14 14:32:12 mail dovecot: POP3(lindsay): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Feb 14 14:32:12 mail dovecot: POP3(lindsay): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Feb 14 14:33:33 mail dovecot: pop3-login: Disconnected: rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS handshake Feb 14 14:34:16 mail dovecot: auth(default): pam(taylor,xxx.xxx.xxx.xxx): PAM child process 17506 timed out, killing it Feb 14 14:34:16 mail dovecot: auth(default): pam(lindsay,xxx.xxx.xxx.xxx): PAM child process 17509 timed out, killing it Feb 14 14:34:16 mail dovecot: auth(default): pam(lindsay,xxx.xxx.xxx.xxx): Child process died Feb 14 14:34:16 mail dovecot: auth(default): pam(taylor,xxx.xxx.xxx.xxx): Child process died Feb 14 14:34:16 mail dovecot: auth(default): PAM: Child 17506 died with signal 9 Feb 14 14:34:16 mail dovecot: auth(default): PAM: Child 17509 died with signal 9 Feb 14 14:34:17 mail dovecot: pop3-login: Aborted login (1 authentication attempts): user=<taylor>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS Feb 14 14:34:17 mail dovecot: pop3-login: Aborted login (1 authentication attempts): user=<lindsay>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS Feb 14 14:34:26 mail dovecot: auth(default): pam(matthew,xxx.xxx.xxx.xxx): PAM child process 17517 timed out, killing it Feb 14 14:34:26 mail dovecot: auth(default): pam(matthew,xxx.xxx.xxx.xxx): Child process died Feb 14 14:34:26 mail dovecot: auth(default): PAM: Child 17517 died with signal 9 Feb 14 14:34:26 mail dovecot: pop3-login: Disconnected: user=<matthew>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS Feb 14 14:34:46 mail dovecot: auth(default): pam(traci,xxx.xxx.xxx.xxx): PAM child process 17536 timed out, killing it Feb 14 14:34:46 mail dovecot: auth(default): pam(traci,xxx.xxx.xxx.xxx): Child process died Feb 14 14:34:46 mail dovecot: auth(default): PAM: Child 17536 died with signal 9 Feb 14 14:34:47 mail dovecot: pop3-login: Aborted login (1 authentication attempts): user=<traci>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS
On Feb 14, 2008, at 11:49 PM, Matthew Thorley wrote:
Timo > Where does pam authenticate from? Where does passwd (i.e. NSS) Timo > authenticate from?
I'm not sure about passwd, but pam authentication comes from ldap.
Sounds like you're using nss_ldap. See http://wiki.dovecot.org/AuthDatabase/Passwd
I found a message on the list describing a similar problems (link below) and added blocking=yes to my auth setting. I had that in my last config with the old version and still had trouble, but hopefully it will do the trick here.
-- matthew
http://www.mail-archive.com/dovecot@dovecot.org/msg04643.html
Thanks Timo, I updated my config again, according to the link you sent. I'll reply again later if I see any more problems.
-- Matthew Thorley
Thanks again for all the help. My server ran the rest of the day and all the night without any errors.
You guys rock!
-- matthew
participants (3)
-
Charles Marcus
-
Matthew Thorley
-
Timo Sirainen