[Dovecot] resilience suggestion

Chris Wakelin c.d.wakelin at reading.ac.uk
Fri Feb 9 10:59:10 UTC 2007

David Lee wrote:
> We're running dovecot on Fedora Core 5 (FC5), with passwd map details
> supplied by NIS.  We have found that "nscd" sometimes thinks that a
> username is invalid, even though it is valid.  So when "deliver" attempts
> a delivery to the INBOX of that username, it receives "user unknown" from
> the name service, and then does a 5xx permanent failure of valid email.
>>From the user perspective "The System" has incorrectly rejected perfectly
> valid incoming email.  It is rare, but it does occasionally happen on
> large, busy systems.

We don't use "deliver" (just use Exim) but we build a static passwd-file
userdb from NIS overnight and use PAM for authentication (via pam_ldap
to Active Directory, but it works with pam_unix too). We did this for a
performance boost as Dovecot then caches the userdb, rather than having
to wait for a NIS lookup each time, but I'd expect it to iron out
problems with deliver/nscd as well. While the passwords could change any
time, userdb information generally doesn't happen that often, and it
only takes a few seconds to rebuild manually if a new user has to be
added quickly.


Christopher Wakelin,                           c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading,  Tel: +44 (0)118 378 8439
Whiteknights, Reading, RG6 2AF, UK              Fax: +44 (0)118 975 3094

More information about the dovecot mailing list