[Dovecot] Restarting dovecot-auth stops authentication

Attila Nagy bra at fsn.hu
Wed Nov 17 14:45:03 EET 2010 

On 11/16/10 18:29, Timo Sirainen wrote:
> On Tue, 2010-11-16 at 14:52 +0100, Attila Nagy wrote:
>>> Nov 16 14:32:40 be dovecot: imap: Error: net_connect_unix(auth-master)
>>> failed: No such file or directory
>> Of course I forgot to tell it's 2.0.6.
> 2.0.7 fixed this.
Thanks, I've upgraded to it.

BTW, I have these in batches:
Nov 17 11:42:10 be dovecot: pop3-login: Internal login failure (auth 
failed, 1 attempts): user=<user1>, method=PLAIN, rip=172.28.16.20, 
lip=172.16.253.13
Nov 17 11:42:10 be dovecot: pop3-login: Internal login failure (auth 
failed, 1 attempts): user=<user2>, method=PLAIN, rip=172.28.16.20, 
lip=172.16.253.13
[...]
22 from this in the same second, then nothing for hours. This time this 
wasn't because the auth process disappeared.
I suspected LDAP errors, but Dovecot is so effective in LDAP caching 
that there are no 22 LDAP queries in the same second. How could I figure 
out what causes these errors? I don't see any more verbosity in the 
source code in the place, where this comes from, and I have pretty much 
connections, so doing a verbose log for days isn't an option...
Config:
# 2.0.7: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 8.1-STABLE amd64
auth_cache_negative_ttl = 0
auth_cache_size = 100 M
auth_cache_ttl = 1 days
default_process_limit = 2000
disable_plaintext_auth = no
mail_fsync = never
mail_gid = 999
mail_location = maildir:~/Maildir
mail_plugins = " quota"
mail_uid = 999
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date
passdb {
   args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext
   driver = ldap
}
plugin {
   autocreate = INBOX.Trash
   autocreate2 = INBOX.Drafts
   autocreate3 = INBOX.Sent
   autocreate4 = INBOX.Spam
   autosubscribe = INBOX.Trash
   autosubscribe2 = INBOX.Drafts
   autosubscribe3 = INBOX.Sent
   autosubscribe4 = INBOX.Spam
   mail_log_events = delete undelete expunge copy mailbox_delete 
mailbox_rename flag_change save mailbox_create
   mail_log_fields = uid box msgid size flags vsize from subject
   quota = maildir:User quota
}
protocols = pop3 imap lmtp
service anvil {
   client_limit = 8192
}
service auth {
   client_limit = 8192
   unix_listener auth-userdb {
     mode = 0600
     user = qmailldap
   }
}
service imap-login {
   client_limit = 8
   process_min_avail = 16
   service_count = 0
   vsz_limit = 64 M
}
service imap {
   client_limit = 8
   process_min_avail = 16
   service_count = 0
}
service lmtp {
   inet_listener lmtp {
     port = 24
   }
   user = qmailldap
}
service pop3-login {
   client_limit = 8
   process_min_avail = 16
   service_count = 0
}
service pop3 {
   client_limit = 8
   process_min_avail = 16
   service_count = 0
}
ssl = no
userdb {
   driver = prefetch
}
userdb {
   args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext
   driver = ldap
}
protocol lmtp {
   mail_plugins = " quota mail_log notify"
}
protocol imap {
   mail_max_userip_connections = 1024
   mail_plugins = " quota imap_quota autocreate"
}
protocol pop3 {
   mail_max_userip_connections = 1024
   mail_plugins = " quota autocreate"
}
but the process' size barely grows, regardless the large number of 
connections and users:
dovecot   21600  0.9  0.0 32304 14604  ??  S     9:24PM   6:06.91 
dovecot/auth


>> BTW, sending SIGUSR2 to dovecot/auth doesn't lot anything, while sending
>> SIGHUP logs the "clearing cache" message. The wiki says on USR2 it
>> should log cache statistics.
> Works here:
>
> Nov 16 17:26:25 auth: Info: Authentication cache hits 0/2 (0%)
> Nov 16 17:26:25 auth: Info: Authentication cache inserts: positive: 2 95B, negative: 0 0B
>
> So .. Since SIGHUP works, I don't really know. They should be using
> exactly the same code right next to each others. I guess something could
> disable SIGUSR2 somewhere somehow. What passdb/userdb do you use?
>
LDAP.
procstat -i says it's OK:
   PID COMM             SIG     FLAGS
21600 auth             HUP      --C
21600 auth             INT      --C
21600 auth             QUIT     ---
21600 auth             ILL      ---
21600 auth             TRAP     ---
21600 auth             ABRT     ---
[...]
21600 auth             USR1     ---
21600 auth             USR2     --C

More information about the dovecot mailing list