[Dovecot] Proxy login failures

Timo Sirainen tss at iki.fi
Tue Jan 10 00:39:00 EET 2012


On 9.1.2012, at 22.23, Urban Loesch wrote:

>>> I'm using two dovecot pop3/imap proxies in front of our dovecot servers.
>>> Since some days I see many of the following errors in the logs of the two proxy-servers:
>>> 
>>> dovecot: pop3-login: Error: proxy: Remote "IPV6-IP":110 disconnected: Connection closed: Connection reset by peer (state=0): user=<myuser>, method=PLAIN, rip=remote-ip, lip=localip
>>> 
>>> When this happens the Client gets the following error from the proxy:
>>> -ERR [IN-USE] Account is temporarily unavailable.
>> The connection to remote server dies before authentication finishes. The reason for why that happens should be logged by the backend server. Sounds like it crashes. Check for ANY error messages in backend servers.
>> 
> 
> I still did that, but I found nothing in the logs.

It's difficult to guess then. At the very least there should be an "Info" message about a new connection at the time when this failure happened. If there's not even that, then maybe the problem is network related.

> The only thing I could think about is that all 7 backend servers are virtual servers (using technology from http://linux-vserver.org) and they all are running
> on the same physical machine (DELL PER610 with 32GB RAM, RAID 10 SAS - load between 0.5 and 2.0, iowait about 1-5%). So they are sharing the same kernel.

For testing, or what's the point in doing that? :) But the load is low enough that I doubt it has anything to do with it.

> Also all servers are connected to a mysql server, running on a different machine in the same subnet. Could it be that either the kernel needs some tcp tuning ore perhaps the answers from the remote mysql server
> could be to slow in some cases?

MySQL server problem would show up with a different error message. TCP tuning is also unlikely to help, since the connection probably dies within a second. Actually it would be a good idea to log the duration. This patch adds it:
http://hg.dovecot.org/dovecot-2.0/raw-rev/8438f66433a6

These are the only explanations that I can think of for the error:

 * Remote Dovecot crashes / kills the connection (it would log an error message)
 * Remote Dovecot server is full of handling existing connections (It would log a warning)
 * Network trouble, something in the middle disconnecting the connection
 * Source/destination OS trouble, disconnecting the connection
 * Some hang that results in eventual disconnection. The duration patch would show if this is the case.




More information about the dovecot mailing list