auth service stops responding

Michael Redert michael.redert at web.de
Thu Apr 2 19:25:12 EEST 2020


Hi all,
I am running postfix with dovecot configured for local mail delivery.
Everything works as expected for a while, but after successfully
delivering ~250 mails, dovecot does not accept requests anymore and
mails start queueing up in the postfix mailqueue. After restarting
dovecot, another ~250 mails are processed and the problem occurs again.

The server is running ubuntu 18.04 with dovecot 2.2.33.2 and postfix
3.3.0 installed. Users are stored locally in /etc/dovecot/users.

Based on the log messages below and the output of netstat, it seems to
me, that the auth service is not accepting any requests on the
corresponding socket anymore.


Any help is very much appreciated!

Kind regards,
Michael


--- postfix error messages ---
Mar 28 09:36:13 srv postfix/lmtp[3850]: 2423F7A21C:
to=<system at mydomain.de>, relay=srv.mydomain.de[private/dovecot-lmtp],
delay=155, delays=0.01/0/0/155, dsn=4.3.0, status=deferred (host
srv.mydomain.de[private/dovecot-lmtp] said: 451 4.3.0
<system at mydomain.de>Internal error occurred. Refer to server log for
more information. (in reply to RCPT TO command))
Mar 28 09:38:48 srv postfix/lmtp[3850]: 45A0C7A2B5:
to=<system at mydomain.de>, relay=srv.mydomain.de[private/dovecot-lmtp],
delay=308, delays=0.01/153/0.02/155, dsn=4.3.0, status=deferred (host
srv.mydomain.de[private/dovecot-lmtp] said: 451 4.3.0
<system at mydomain.de>Internal error occurred. Refer to server log for
more information. (in reply to RCPT TO command))

-- dovecot error messages ---
Mar 28 09:36:13 lmtp(2631): user-lookup(system at mydomain.de)Error: userdb
lookup(system at mydomain.de): Request timed out
Mar 28 09:36:14 lmtp(2623): user-lookup(system at mydomain.de)Error: userdb
lookup(system at mydomain.de): Request timed out
Mar 28 09:38:48 lmtp(2631): user-lookup(system at mydomain.de)Error: userdb
lookup(system at mydomain.de): Connecting timed out
Mar 28 09:38:49 lmtp(2623): user-lookup(system at mydomain.de)Error: userdb
lookup(system at mydomain.de): Connecting timed out
Mar 28 09:41:23 lmtp(system at mydomain.de): Error: userdb
lookup(system at mydomain.de): Connecting timed out
Mar 28 09:41:24 lmtp(system at mydomain.de): Error: userdb
lookup(system at mydomain.de): Connecting timed out

--- relevant netstat output when dovecot hangs ----
root at srv:~# netstat | grep dovecot | sort
unix  2      [ ]         STREAM     CONNECTED     1449174
/var/run/dovecot/auth-userdb
unix  2      [ ]         STREAM     CONNECTED     1449995
/var/run/dovecot/auth-userdb
unix  2      [ ]         STREAM     CONNECTING    0
/var/run/dovecot/auth-userdb
unix  2      [ ]         STREAM     CONNECTING    0
/var/run/dovecot/auth-userdb
unix  2      [ ]         STREAM     CONNECTING    0
/var/run/dovecot/auth-userdb
unix  2      [ ]         STREAM     CONNECTING    0
/var/run/dovecot/auth-userdb
unix  2      [ ]         STREAM     CONNECTING    0
/var/run/dovecot/auth-userdb
unix  2      [ ]         STREAM     CONNECTING    0
/var/run/dovecot/auth-userdb
unix  2      [ ]         STREAM     CONNECTING    0
/var/run/dovecot/auth-userdb
unix  2      [ ]         STREAM     CONNECTING    0
/var/run/dovecot/auth-userdb
unix  2      [ ]         STREAM     CONNECTING    0
/var/run/dovecot/auth-userdb
unix  2      [ ]         STREAM     CONNECTING    0
/var/run/dovecot/auth-userdb
unix  3      [ ]         STREAM     CONNECTED     1468180
/var/run/dovecot/config
unix  3      [ ]         STREAM     CONNECTED     1468267
/var/run/dovecot/config
unix  3      [ ]         STREAM     CONNECTED     1468271
/var/run/dovecot/config
unix  3      [ ]         STREAM     CONNECTED     1469651
/var/run/dovecot/config
unix  3      [ ]         STREAM     CONNECTED     1470606
/var/spool/postfix/private/dovecot-lmtp
unix  3      [ ]         STREAM     CONNECTED     1470614
/var/spool/postfix/private/dovecot-lmtp
unix  3      [ ]         STREAM     CONNECTING    0
/var/run/dovecot/auth-userdb
unix  3      [ ]         STREAM     CONNECTING    0
/var/run/dovecot/auth-userdb

--- dovecot configuration ----
root at srv:~# dovecot -n
# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
doveconf: Warning: SSLv2 not supported by OpenSSL. Please consider
removing it from ssl_protocols.
# OS: Linux 4.19.75-meson64 aarch64 Ubuntu 18.04.4 LTS
auth_debug = yes
auth_username_format = %n
auth_verbose = yes
debug_log_path = /var/log/dovecot-info.log
default_client_limit = 16
default_process_limit = 32
first_valid_uid = 1000
hostname = mail.mydomain.de
info_log_path = /var/log/dovecot-info.log
lda_mailbox_autocreate = yes
listen = *
lock_method = dotlock
log_path = /var/log/dovecot.log
mail_debug = yes
mail_fsync = always
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
mmap_disable = yes
namespace {
   inbox = yes
   location =
   mailbox {
     special_use = \Drafts
     name = Drafts
   }
   mailbox {
     special_use = \Junk
     name = Junk
   }
   mailbox {
     special_use = \Sent
     name = Sent
   }
   mailbox {
     special_use = \Sent
     name = Sent Messages
   }
   mailbox {
     special_use = \Trash
     name = Trash
   }
   prefix =
   name = inbox
}
passdb {
   args = scheme=CRYPT username_format=%u /etc/dovecot/users
   driver = passwd-file
}
postmaster_address = postmaster at mydomain.de
protocols = " imap lmtp pop3"
service replication-notify-fifo {
   name = aggregator
}
service {
   client_limit = 102
   unix_listener {
     mode = 00
     path = anvil-auth-penalty
   }
   name = anvil
}
service auth-worker {
   user = root
   name = auth-worker
}
service {
   client_limit = 160
   name = auth
}
service config {
   name = config
}
service dict-async {
   name = dict-async
}
service dict {
   name = dict
}
service login/proxy-notify {
   name = director
}
service dns-client {
   name = dns_client
}
service doveadm-server {
   name = doveadm
}
service imap-hibernate {
   name = imap-hibernate
}
service {
   executable = imap-login -R rawlogs
   inet_listener {
     port = 0
     name = imap
   }
   service_count = 0
   vsz_limit = 256 M
   name = imap-login
}
service imap-urlauth {
   name = imap-urlauth-login
}
service imap-urlauth-worker {
   name = imap-urlauth-worker
}
service token-login/imap-urlauth {
   name = imap-urlauth
}
service {
   process_limit = 8
   name = imap
}
service indexer-worker {
   name = indexer-worker
}
service indexer {
   name = indexer
}
service ipc {
   name = ipc
}
service {
   unix_listener {
     group = postfix
     mode = 0660
     user = postfix
     path = /var/spool/postfix/private/dovecot-lmtp
   }
   name = lmtp
}
service log-errors {
   name = log
}
service {
   inet_listener {
     port = 0
     name = pop3
   }
   inet_listener {
     port = 0
     name = pop3s
   }
   name = pop3-login
}
service {
   process_limit = 4
   name = pop3
}
service replicator-doveadm {
   name = replicator
}
service login/ssl-params {
   name = ssl-params
}
service stats-mail {
   name = stats
}
ssl = required
ssl_cert = </etc/ssl/certs/srv.mydomain.de.pem
ssl_cipher_list = ALL:HIGH:!SSLv2:!MEDIUM:!LOW:!EXP:!RC4:!MD5:!aNULL
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh_parameters_length = 2048
ssl_key =  # hidden, use -P to show it
ssl_protocols = !SSLv2 !SSLv3 !TLSv1
userdb {
   args = username_format=%u /etc/dovecot/users
   driver = passwd-file
}
verbose_ssl = yes
protocol lmtp {
   service replication-notify-fifo {
     name = aggregator
   }
   service anvil-auth-penalty {
     name = anvil
   }
   service auth-worker {
     name = auth-worker
   }
   service auth-client {
     name = auth
   }
   service config {
     name = config
   }
   service dict-async {
     name = dict-async
   }
   service dict {
     name = dict
   }
   service login/proxy-notify {
     name = director
   }
   service dns-client {
     name = dns_client
   }
   service doveadm-server {
     name = doveadm
   }
   service imap-hibernate {
     name = imap-hibernate
   }
   service imap {
     name = imap-login
   }
   service imap-urlauth {
     name = imap-urlauth-login
   }
   service imap-urlauth-worker {
     name = imap-urlauth-worker
   }
   service token-login/imap-urlauth {
     name = imap-urlauth
   }
   service imap-master {
     name = imap
   }
   service indexer-worker {
     name = indexer-worker
   }
   service indexer {
     name = indexer
   }
   service ipc {
     name = ipc
   }
   service lmtp {
     name = lmtp
   }
   service log-errors {
     name = log
   }
   service pop3 {
     name = pop3-login
   }
   service login/pop3 {
     name = pop3
   }
   service replicator-doveadm {
     name = replicator
   }
   service login/ssl-params {
     name = ssl-params
   }
   service stats-mail {
     name = stats
   }
}
protocol !indexer-worker {
   service replication-notify-fifo {
     name = aggregator
   }
   service anvil-auth-penalty {
     name = anvil
   }
   service auth-worker {
     name = auth-worker
   }
   service auth-client {
     name = auth
   }
   service config {
     name = config
   }
   service dict-async {
     name = dict-async
   }
   service dict {
     name = dict
   }
   service login/proxy-notify {
     name = director
   }
   service dns-client {
     name = dns_client
   }
   service doveadm-server {
     name = doveadm
   }
   service imap-hibernate {
     name = imap-hibernate
   }
   service imap {
     name = imap-login
   }
   service imap-urlauth {
     name = imap-urlauth-login
   }
   service imap-urlauth-worker {
     name = imap-urlauth-worker
   }
   service token-login/imap-urlauth {
     name = imap-urlauth
   }
   service imap-master {
     name = imap
   }
   service indexer-worker {
     name = indexer-worker
   }
   service indexer {
     name = indexer
   }
   service ipc {
     name = ipc
   }
   service lmtp {
     name = lmtp
   }
   service log-errors {
     name = log
   }
   service pop3 {
     name = pop3-login
   }
   service login/pop3 {
     name = pop3
   }
   service replicator-doveadm {
     name = replicator
   }
   service login/ssl-params {
     name = ssl-params
   }
   service stats-mail {
     name = stats
   }
}
protocol lda {
   service replication-notify-fifo {
     name = aggregator
   }
   service anvil-auth-penalty {
     name = anvil
   }
   service auth-worker {
     name = auth-worker
   }
   service auth-client {
     name = auth
   }
   service config {
     name = config
   }
   service dict-async {
     name = dict-async
   }
   service dict {
     name = dict
   }
   service login/proxy-notify {
     name = director
   }
   service dns-client {
     name = dns_client
   }
   service doveadm-server {
     name = doveadm
   }
   service imap-hibernate {
     name = imap-hibernate
   }
   service imap {
     name = imap-login
   }
   service imap-urlauth {
     name = imap-urlauth-login
   }
   service imap-urlauth-worker {
     name = imap-urlauth-worker
   }
   service token-login/imap-urlauth {
     name = imap-urlauth
   }
   service imap-master {
     name = imap
   }
   service indexer-worker {
     name = indexer-worker
   }
   service indexer {
     name = indexer
   }
   service ipc {
     name = ipc
   }
   service lmtp {
     name = lmtp
   }
   service log-errors {
     name = log
   }
   service pop3 {
     name = pop3-login
   }
   service login/pop3 {
     name = pop3
   }
   service replicator-doveadm {
     name = replicator
   }
   service login/ssl-params {
     name = ssl-params
   }
   service stats-mail {
     name = stats
   }
}
protocol imap {
   service replication-notify-fifo {
     name = aggregator
   }
   service anvil-auth-penalty {
     name = anvil
   }
   service auth-worker {
     name = auth-worker
   }
   service auth-client {
     name = auth
   }
   service config {
     name = config
   }
   service dict-async {
     name = dict-async
   }
   service dict {
     name = dict
   }
   service login/proxy-notify {
     name = director
   }
   service dns-client {
     name = dns_client
   }
   service doveadm-server {
     name = doveadm
   }
   service imap-hibernate {
     name = imap-hibernate
   }
   service imap {
     name = imap-login
   }
   service imap-urlauth {
     name = imap-urlauth-login
   }
   service imap-urlauth-worker {
     name = imap-urlauth-worker
   }
   service token-login/imap-urlauth {
     name = imap-urlauth
   }
   service imap-master {
     name = imap
   }
   service indexer-worker {
     name = indexer-worker
   }
   service indexer {
     name = indexer
   }
   service ipc {
     name = ipc
   }
   service lmtp {
     name = lmtp
   }
   service log-errors {
     name = log
   }
   service pop3 {
     name = pop3-login
   }
   service login/pop3 {
     name = pop3
   }
   service replicator-doveadm {
     name = replicator
   }
   service login/ssl-params {
     name = ssl-params
   }
   service stats-mail {
     name = stats
   }
}
protocol pop3 {
   service replication-notify-fifo {
     name = aggregator
   }
   service anvil-auth-penalty {
     name = anvil
   }
   service auth-worker {
     name = auth-worker
   }
   service auth-client {
     name = auth
   }
   service config {
     name = config
   }
   service dict-async {
     name = dict-async
   }
   service dict {
     name = dict
   }
   service login/proxy-notify {
     name = director
   }
   service dns-client {
     name = dns_client
   }
   service doveadm-server {
     name = doveadm
   }
   service imap-hibernate {
     name = imap-hibernate
   }
   service imap {
     name = imap-login
   }
   service imap-urlauth {
     name = imap-urlauth-login
   }
   service imap-urlauth-worker {
     name = imap-urlauth-worker
   }
   service token-login/imap-urlauth {
     name = imap-urlauth
   }
   service imap-master {
     name = imap
   }
   service indexer-worker {
     name = indexer-worker
   }
   service indexer {
     name = indexer
   }
   service ipc {
     name = ipc
   }
   service lmtp {
     name = lmtp
   }
   service log-errors {
     name = log
   }
   service pop3 {
     name = pop3-login
   }
   service login/pop3 {
     name = pop3
   }
   service replicator-doveadm {
     name = replicator
   }
   service login/ssl-params {
     name = ssl-params
   }
   service stats-mail {
     name = stats
   }
}



More information about the dovecot mailing list