[Dovecot] Dovecot Alpha 4

Marcus Don mdon at names.co.uk
Thu Oct 27 19:42:32 EEST 2005 

Hi

We've been using Dovecot as our primary IMAP and POP3 server for around
70,000 users for a couple of months now. On the whole, we've been very
pleased with the performance of Dovecot - and are extremely grateful to the
developers! However, we have had a few issues, some of which we have yet to
resolve.

We chose Dovecot because it was the only IMAP/POP3 server we could find that
supported direct mysql authentication and both mboxes and maildirs. With
exim as our main SMTP server, we were able to convert the inboxes and imap
folders for all 70,000 users from mboxes to maildirs without any downtime
whatsoever!

For those who are interested, we have a cluster of 5 web/imap servers
(running our own webmail software) and a further 5 pop servers all placed
behind 2 Zeus load balancers and running RHEL 4 (actually CentOS 4.1).
Storage is provided by an EMC Clariion device, which is mounted via NFS onto
all servers in the cluster over gigabit ethernet.

1. index files

The main problem has always been the index files becoming corrupted. This
seems to have improved with the Alpha 4 release, but still happens for
several users each day. Perhaps it would be possible for Dovecot to just
delete index files and re-create them when they are corrupted, rather than
just erroring? Also, how do you turn off index files altogether? Even when
mail_never_cache_fields is set for all available fields, they still get
created.

Another issue relating to the index files is that, if a user is deleted and
then another user created with the same name, dovecot doesn't have
permissions to re-write the index files, because it has a different uid. So,
whenever a user is deleted, we have to delete the index files from every
machine in the cluster. We could store index files on the NFS device, but
this would affect performance (and might cause locking problems). A better
solution would be to make the uid one of the variables available in
default_mail_env. By naming index files by uid rather than username, this
wouldn't be an issue.

2. initgroups()

We use an nss-mysql to store all non-administrative system users in a mysql
database. We often encounter problems with applications that use the
initgroups() function, since this returns all users and groups - which in
our case returns masses of data from mysql. When using mysql (or ldap etc)
for authentication, it would be useful if there were an option to prevent
additional system lookups. At present, we have to comment out the following
in /src/lib/restrict-access.c, or the server load goes through the roof:

if (initgroups(env, gid) != 0) {
    i_fatal("initgroups(%s, %s) failed: %m", env, dec2str(gid));
} 

3. base_dir permissions bug

Since the alpha 4 release, it seems that the permissions dovecot
automatically sets for the base_dir are not sufficient to allow the
authentication user to access sockets, unless this user belongs to the same
group as the login user - which is contrary to the instructions in the
documentation. I'm pretty sure this is a bug, but perhaps someone could
confirm.

4. authentication caching

Also since the alpha 4 release, we have found that, once the authentication
cache is full, all subsequent login attempts for users that haven't been
cached return "password mismatch". I though this might be a conflict with
nscd, but it happens whether nscd is running or not. So, for the time being,
we have had to disable the authentication cache.

I'd be very keen to hear from anyone who has any feedback on any of the
points above.

Thanks

Marcus
--
Marcus Don
Applications Development Manager
Namesco Limited

Main Line:     +44 (0)870 120 8888
Main Fax:      +44 (0)870 120 8008
Tech Support:  +44 (0)870 162 4950
Email:         mdon at names.co.uk
Website:       http://www.names.co.uk
Address:       Acton House, Perdiswell Park, Worcester, WR3 7GD

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender
immediately.  If you are not the intended recipient you are notified that
disclosing, copying, distributing or taking any action in reliance on the
contents of this information is strictly prohibited. Please note that any
views or opinions presented in this email are solely those of the author and
do not necessarily represent those of the company.  Finally, the recipient
should check this email and any attachments for the presence of viruses.
The company accepts no liability for any damage caused by any virus
transmitted by this email.
------------------------------------------------------------------------
                ---------------------------------------
               |  Free Dial-up - no need to register!  |
                ---------------------------------------

Namesco Limited provides Free dialup access to anyone that wishes to use it.
You do not even have to be a customer, there is no need to register and is
especially handy if you are unable to connect with your current provider.
Simply use the following details:

        Dialup Number:  0844 535 2100*
        Username:       namesco
        Password:       easydialup

* Local call rate charges apply, 33% Cheaper than BT's 0845 local call rate.

If you need any help in configuring the Free Dial-up service on your
computer, please do not hesitate to call us on 0870 162 4950.

More information about the dovecot mailing list