[Dovecot] Dovecot-auth timeouts

Javier Fox jfox at corp.spiritone.com
Wed Dec 24 00:50:01 EET 2008


Hello,

I've unfortunately been unable to find anything relating to the problem I'm having specifically, in searching the list or google, and so I now plead to you to assistance.

I'm running Dovecot as an LDA and SASL auth for Postfix on a Debian 4 box.  Dovecot is version 1.0.rc15 (the official debian pkg version).

The problem I'm running into is this.  After some time of running (lately it's been as little as 5 minutes), I start to see the following errors in dovecot.log:

deliver(user at domain.com): "Dec 23 14:38:47 "Error: User request from dovecot-auth timed out
deliver(anotheruser at domain.com): "Dec 23 14:38:48 "Error: User request from dovecot-auth timed out

Postfix responds to these by simply deferring the messages.  Dovecot itself, however, begins to return 'Authentication failed' messages after significant lag time (sometimes greater than 30s):

Connected to localhost.
Escape character is '^]'.
+OK Dovecot-POP
user username
+OK
pass mypassword
-ERR Authentication failed.

Now, for authentication, Dovecot is using LDAP on the local server.  The only additional information I can find pertaining to these errors is the following from slapd.log:

slapd[22593]: connection_input: conn=6 deferring operation: pending operations

These messages correspond 1-to-1 to the above 'deliver' errors, where 'conn' is always the same number.  Restarting dovecot and ldap resolves the issue for a few minutes, but sure enough the errors start flowing again.

I'm really at the end of my rope on this, as nothing I do seems to help.  I have a good 500+ customers being effected by this as well, and they're all none too pleased by it.  If this is something that will absolutely be resolved by upgrading from source, that is doable, but we'd prefer to stick with the official package version if possible.

Dovecot configs follow

Thanks,
J. Fox

----- configs follow -----

dovecot.conf
------------
auth_verbose = yes
auth_debug = yes
auth_debug_passwords = yes
mail_debug = no

base_dir = /var/run/dovecot/
protocols = imap imaps pop3 pop3s
protocol lda {
  postmaster_address = postmaster at spiritone.com
  auth_socket_path = /var/run/dovecot/auth-master
  log_path = /var/log/dovecot.log
  info_log_path = /var/log/mail.info
  }
listen = *
shutdown_clients = yes
mmap_disable = yes
lock_method = dotlock
maildir_copy_with_hardlinks = no
log_path = /var/log/dovecot.log
info_log_path = /var/log/mail.log
log_timestamp = "%b %d %H:%M:%S "
syslog_facility = mail
auth_default_realm = involved.com
disable_plaintext_auth = no
ssl_cert_file = /etc/ssl/certs/dovecot.pem
ssl_key_file = /etc/ssl/private/dovecot.pem
login_chroot = yes
valid_chroot_dirs = /home/vmail/
login_user = postfix
login_process_per_connection = yes
login_processes_count = 2
login_max_processes_count = 64
login_max_connections = 128
login_greeting = Involved
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
login_log_format = %$: %s
default_mail_env = maildir:/home/vmail/domains/%d/%u
first_valid_uid = 103
pop3_uidl_format = %08Xu%08Xv
auth_cache_size = 10485760
auth_cache_ttl = 3600
auth_worker_max_count = 10
#auth_worker_max_request_count = 50
auth default {
    mechanisms = PLAIN LOGIN
    passdb ldap {
        args = /etc/dovecot/dovecot-ldap.conf
    }
    userdb ldap {
        args = /etc/dovecot/dovecot-ldap.conf
    }
    socket listen {
                master {
                        path = /var/run/dovecot/auth-master
                        mode = 0666
                        user = vmail
                        group = vmail
                }
                client {
                        path = /var/spool/postfix/private/auth
                        mode = 0660
                        user = postfix
                        group = postfix
                }
    }
    user = vmail
}


dovecot-ldap.conf
-----------------
hosts = localhost
auth_bind = yes
auth_bind_userdn = cn=%n,ou=%d,ou=mail,dc=domain,dc=com
ldap_version = 3
base = ou=mail,dc=domain,dc=com
dn = cn=Manager,dc=domain,dc=com
dnpass = secret
deref = never
scope = subtree
pass_attrs = mail=user,userPassword=password
user_filter = (&(objectClass=VirtualMailAccount)(accountActive=TRUE)(mail=%u))
pass_filter = (&(objectClass=VirtualMailAccount)(accountActive=TRUE)(mail=%u))
user_global_uid = 1001
user_global_gid = 1001

---end---


More information about the dovecot mailing list