Hi,
I am new to dovecot and I am trying to prepare a POC environment.
I have dovecot installed with postfix to perform SASL authentication. I'm using postgresql as auth backend which is working fine. But I am facing an issue with dovecot's internal auth cache. The internal auth cache just expires in 5 minutes. There is only one login (it's me testing) and there are no other logins.
OS version: Almalinux 10 Postfix: postfix-3.8.5-8.el10.x86_64 system memory: 4 GB CPU: 2
auth_cache_size = 10M auth_cache_ttl = 1800secs auth_cache_negative_ttl = 300secs ( I have tried this setting to 0 but it does not change anything )
Here's the dovecot -n:
2.3.21 (47349e2482): /etc/dovecot/dovecot.conf
OS: Linux 6.12.0-55.9.1.el10_0.x86_64 x86_64 AlmaLinux release 10.0
(Purple Lion)
Hostname: localhostvm
auth_cache_size = 10 M auth_cache_verify_password_with_worker = yes auth_debug = yes auth_mechanisms = plain login auth_verbose = yes login_log_format = %$: %s %f passdb { args = /etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } protocols = service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } ssl = required ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_cipher_list = PROFILE=SYSTEM ssl_key = # hidden, use -P to show it userdb { driver = prefetch }
Here's the cache hit log:
Jul 14 11:53:35 localhostvm postfix/submission/smtpd[107852]: connect from remote-server Jul 14 11:53:36 localhostvm dovecot[107739]: auth: Debug: client in: AUTH#0112#011LOGIN#011service=smtp#011nologin#011lip=192.168.100.12#011rip=192.168.100.25 Jul 14 11:53:36 localhostvm dovecot[107739]: auth: Debug: client passdb out: CONT#0112#011VXNlcm5hbWU6 Jul 14 11:53:36 localhostvm dovecot[107739]: auth: Debug: client in: CONT<hidden> Jul 14 11:53:36 localhostvm dovecot[107739]: auth: Debug: client passdb out: CONT#0112#011UGFzc3dvcmQ6 Jul 14 11:53:36 localhostvm dovecot[107739]: auth: Debug: client in: CONT<hidden> Jul 14 11:53:36 localhostvm dovecot[107739]: auth: Debug: sql(user@tld,192.168.100.25): Performing passdb lookup Jul 14 11:53:36 localhostvm dovecot[107739]: auth: Debug: sql(user@tld,192.168.100.25): cache hit: <hidden>#011user=user@tld Jul 14 11:53:36 localhostvm dovecot[107739]: auth: Debug: sql(user@tld,192.168.100.25): cache: validating password on worker Jul 14 11:53:36 localhostvm dovecot[107739]: auth-worker(107886): Debug: Loading modules from directory: /usr/lib64/dovecot/auth Jul 14 11:53:36 localhostvm dovecot[107739]: auth-worker(107886): Debug: Module loaded: /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so Jul 14 11:53:36 localhostvm dovecot[107739]: auth-worker(107886): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_pgsql.so Jul 14 11:53:36 localhostvm dovecot[107739]: auth-worker(107886): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Jul 14 11:53:36 localhostvm dovecot[107739]: auth-worker(107886): Debug: sqlpool(pgsql): Creating new connection Jul 14 11:53:36 localhostvm dovecot[107739]: auth-worker(107886): Debug: sqlpool(pgsql): Creating new connection Jul 14 11:53:36 localhostvm dovecot[107739]: auth-worker(107886): Debug: conn unix:auth-worker (pid=107856,uid=97): Server accepted connection (fd=15) Jul 14 11:53:36 localhostvm dovecot[107739]: auth-worker(107886): Debug: conn unix:auth-worker (pid=107856,uid=97): Sending version handshake Jul 14 11:53:36 localhostvm dovecot[107739]: auth-worker(107886): Debug: conn unix:auth-worker (pid=107856,uid=97): auth-worker<1>: Handling PASSW request Jul 14 11:53:36 localhostvm dovecot[107739]: auth-worker(107886): Debug: conn unix:auth-worker (pid=107856,uid=97): auth-worker<1>: Finished Jul 14 11:53:36 localhostvm dovecot[107739]: auth: Debug: sql(user@tld,192.168.100.25): Finished passdb lookup Jul 14 11:53:36 localhostvm dovecot[107739]: auth: Debug: auth(user@tld,192.168.100.25): Auth request finished Jul 14 11:53:36 localhostvm dovecot[107739]: auth: Debug: client passdb out: OK#0112#011user=user@tld Jul 14 11:53:37 localhostvm postfix/submission/smtpd[107852]: 81GFE2083CH9: client=remote-server[192.168.100.25], sasl_method=LOGIN, sasl_username=user@tld
I am not sure what is causing the cache to disappear in 5 min although I have set it to 1800s.
Thank you.
Burn Zero via dovecot skrev den 2025-07-14 08:50:
auth_cache_size = 10M auth_cache_ttl = 1800secs auth_cache_negative_ttl = 300secs ( I have tried this setting to 0 but it does not change anything )
doveconf -d | grep auth_cache_ttl
you have reduced cache ttl from default 1 hours
hmm :=)
syntax might aswell be culpit, 18000secs is diffrent from 1800 secs
hope dokumention is correct here https://doc.dovecot.org/2.3/configuration_manual/authentication/caching/ all ttl is numbers not text, i dont know for sure, but if it only numbers, one could leave out hours, it will imho be one secs
doveconf -n | grep auth_cache_ttl
is it displaying something ?
"doveconf -n | grep auth_cache_ttl" is not displaying any output. But later I found that it is because of "default_idle_kill". The dovecot-auth process was killed due to this setting and resetting cache. But when I increase the default_idle_kill time, the dovecot-auth process stays that amount of time and the cache did not get clear.
participants (3)
-
Benny Pedersen
-
Burn Zero
-
burnzerog@gmail.com