auth service stops responding
Michael Redert
michael.redert at web.de
Thu Apr 2 19:25:12 EEST 2020
Hi all,
I am running postfix with dovecot configured for local mail delivery.
Everything works as expected for a while, but after successfully
delivering ~250 mails, dovecot does not accept requests anymore and
mails start queueing up in the postfix mailqueue. After restarting
dovecot, another ~250 mails are processed and the problem occurs again.
The server is running ubuntu 18.04 with dovecot 2.2.33.2 and postfix
3.3.0 installed. Users are stored locally in /etc/dovecot/users.
Based on the log messages below and the output of netstat, it seems to
me, that the auth service is not accepting any requests on the
corresponding socket anymore.
Any help is very much appreciated!
Kind regards,
Michael
--- postfix error messages ---
Mar 28 09:36:13 srv postfix/lmtp[3850]: 2423F7A21C:
to=<system at mydomain.de>, relay=srv.mydomain.de[private/dovecot-lmtp],
delay=155, delays=0.01/0/0/155, dsn=4.3.0, status=deferred (host
srv.mydomain.de[private/dovecot-lmtp] said: 451 4.3.0
<system at mydomain.de>Internal error occurred. Refer to server log for
more information. (in reply to RCPT TO command))
Mar 28 09:38:48 srv postfix/lmtp[3850]: 45A0C7A2B5:
to=<system at mydomain.de>, relay=srv.mydomain.de[private/dovecot-lmtp],
delay=308, delays=0.01/153/0.02/155, dsn=4.3.0, status=deferred (host
srv.mydomain.de[private/dovecot-lmtp] said: 451 4.3.0
<system at mydomain.de>Internal error occurred. Refer to server log for
more information. (in reply to RCPT TO command))
-- dovecot error messages ---
Mar 28 09:36:13 lmtp(2631): user-lookup(system at mydomain.de)Error: userdb
lookup(system at mydomain.de): Request timed out
Mar 28 09:36:14 lmtp(2623): user-lookup(system at mydomain.de)Error: userdb
lookup(system at mydomain.de): Request timed out
Mar 28 09:38:48 lmtp(2631): user-lookup(system at mydomain.de)Error: userdb
lookup(system at mydomain.de): Connecting timed out
Mar 28 09:38:49 lmtp(2623): user-lookup(system at mydomain.de)Error: userdb
lookup(system at mydomain.de): Connecting timed out
Mar 28 09:41:23 lmtp(system at mydomain.de): Error: userdb
lookup(system at mydomain.de): Connecting timed out
Mar 28 09:41:24 lmtp(system at mydomain.de): Error: userdb
lookup(system at mydomain.de): Connecting timed out
--- relevant netstat output when dovecot hangs ----
root at srv:~# netstat | grep dovecot | sort
unix 2 [ ] STREAM CONNECTED 1449174
/var/run/dovecot/auth-userdb
unix 2 [ ] STREAM CONNECTED 1449995
/var/run/dovecot/auth-userdb
unix 2 [ ] STREAM CONNECTING 0
/var/run/dovecot/auth-userdb
unix 2 [ ] STREAM CONNECTING 0
/var/run/dovecot/auth-userdb
unix 2 [ ] STREAM CONNECTING 0
/var/run/dovecot/auth-userdb
unix 2 [ ] STREAM CONNECTING 0
/var/run/dovecot/auth-userdb
unix 2 [ ] STREAM CONNECTING 0
/var/run/dovecot/auth-userdb
unix 2 [ ] STREAM CONNECTING 0
/var/run/dovecot/auth-userdb
unix 2 [ ] STREAM CONNECTING 0
/var/run/dovecot/auth-userdb
unix 2 [ ] STREAM CONNECTING 0
/var/run/dovecot/auth-userdb
unix 2 [ ] STREAM CONNECTING 0
/var/run/dovecot/auth-userdb
unix 2 [ ] STREAM CONNECTING 0
/var/run/dovecot/auth-userdb
unix 3 [ ] STREAM CONNECTED 1468180
/var/run/dovecot/config
unix 3 [ ] STREAM CONNECTED 1468267
/var/run/dovecot/config
unix 3 [ ] STREAM CONNECTED 1468271
/var/run/dovecot/config
unix 3 [ ] STREAM CONNECTED 1469651
/var/run/dovecot/config
unix 3 [ ] STREAM CONNECTED 1470606
/var/spool/postfix/private/dovecot-lmtp
unix 3 [ ] STREAM CONNECTED 1470614
/var/spool/postfix/private/dovecot-lmtp
unix 3 [ ] STREAM CONNECTING 0
/var/run/dovecot/auth-userdb
unix 3 [ ] STREAM CONNECTING 0
/var/run/dovecot/auth-userdb
--- dovecot configuration ----
root at srv:~# dovecot -n
# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
doveconf: Warning: SSLv2 not supported by OpenSSL. Please consider
removing it from ssl_protocols.
# OS: Linux 4.19.75-meson64 aarch64 Ubuntu 18.04.4 LTS
auth_debug = yes
auth_username_format = %n
auth_verbose = yes
debug_log_path = /var/log/dovecot-info.log
default_client_limit = 16
default_process_limit = 32
first_valid_uid = 1000
hostname = mail.mydomain.de
info_log_path = /var/log/dovecot-info.log
lda_mailbox_autocreate = yes
listen = *
lock_method = dotlock
log_path = /var/log/dovecot.log
mail_debug = yes
mail_fsync = always
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
mmap_disable = yes
namespace {
inbox = yes
location =
mailbox {
special_use = \Drafts
name = Drafts
}
mailbox {
special_use = \Junk
name = Junk
}
mailbox {
special_use = \Sent
name = Sent
}
mailbox {
special_use = \Sent
name = Sent Messages
}
mailbox {
special_use = \Trash
name = Trash
}
prefix =
name = inbox
}
passdb {
args = scheme=CRYPT username_format=%u /etc/dovecot/users
driver = passwd-file
}
postmaster_address = postmaster at mydomain.de
protocols = " imap lmtp pop3"
service replication-notify-fifo {
name = aggregator
}
service {
client_limit = 102
unix_listener {
mode = 00
path = anvil-auth-penalty
}
name = anvil
}
service auth-worker {
user = root
name = auth-worker
}
service {
client_limit = 160
name = auth
}
service config {
name = config
}
service dict-async {
name = dict-async
}
service dict {
name = dict
}
service login/proxy-notify {
name = director
}
service dns-client {
name = dns_client
}
service doveadm-server {
name = doveadm
}
service imap-hibernate {
name = imap-hibernate
}
service {
executable = imap-login -R rawlogs
inet_listener {
port = 0
name = imap
}
service_count = 0
vsz_limit = 256 M
name = imap-login
}
service imap-urlauth {
name = imap-urlauth-login
}
service imap-urlauth-worker {
name = imap-urlauth-worker
}
service token-login/imap-urlauth {
name = imap-urlauth
}
service {
process_limit = 8
name = imap
}
service indexer-worker {
name = indexer-worker
}
service indexer {
name = indexer
}
service ipc {
name = ipc
}
service {
unix_listener {
group = postfix
mode = 0660
user = postfix
path = /var/spool/postfix/private/dovecot-lmtp
}
name = lmtp
}
service log-errors {
name = log
}
service {
inet_listener {
port = 0
name = pop3
}
inet_listener {
port = 0
name = pop3s
}
name = pop3-login
}
service {
process_limit = 4
name = pop3
}
service replicator-doveadm {
name = replicator
}
service login/ssl-params {
name = ssl-params
}
service stats-mail {
name = stats
}
ssl = required
ssl_cert = </etc/ssl/certs/srv.mydomain.de.pem
ssl_cipher_list = ALL:HIGH:!SSLv2:!MEDIUM:!LOW:!EXP:!RC4:!MD5:!aNULL
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh_parameters_length = 2048
ssl_key = # hidden, use -P to show it
ssl_protocols = !SSLv2 !SSLv3 !TLSv1
userdb {
args = username_format=%u /etc/dovecot/users
driver = passwd-file
}
verbose_ssl = yes
protocol lmtp {
service replication-notify-fifo {
name = aggregator
}
service anvil-auth-penalty {
name = anvil
}
service auth-worker {
name = auth-worker
}
service auth-client {
name = auth
}
service config {
name = config
}
service dict-async {
name = dict-async
}
service dict {
name = dict
}
service login/proxy-notify {
name = director
}
service dns-client {
name = dns_client
}
service doveadm-server {
name = doveadm
}
service imap-hibernate {
name = imap-hibernate
}
service imap {
name = imap-login
}
service imap-urlauth {
name = imap-urlauth-login
}
service imap-urlauth-worker {
name = imap-urlauth-worker
}
service token-login/imap-urlauth {
name = imap-urlauth
}
service imap-master {
name = imap
}
service indexer-worker {
name = indexer-worker
}
service indexer {
name = indexer
}
service ipc {
name = ipc
}
service lmtp {
name = lmtp
}
service log-errors {
name = log
}
service pop3 {
name = pop3-login
}
service login/pop3 {
name = pop3
}
service replicator-doveadm {
name = replicator
}
service login/ssl-params {
name = ssl-params
}
service stats-mail {
name = stats
}
}
protocol !indexer-worker {
service replication-notify-fifo {
name = aggregator
}
service anvil-auth-penalty {
name = anvil
}
service auth-worker {
name = auth-worker
}
service auth-client {
name = auth
}
service config {
name = config
}
service dict-async {
name = dict-async
}
service dict {
name = dict
}
service login/proxy-notify {
name = director
}
service dns-client {
name = dns_client
}
service doveadm-server {
name = doveadm
}
service imap-hibernate {
name = imap-hibernate
}
service imap {
name = imap-login
}
service imap-urlauth {
name = imap-urlauth-login
}
service imap-urlauth-worker {
name = imap-urlauth-worker
}
service token-login/imap-urlauth {
name = imap-urlauth
}
service imap-master {
name = imap
}
service indexer-worker {
name = indexer-worker
}
service indexer {
name = indexer
}
service ipc {
name = ipc
}
service lmtp {
name = lmtp
}
service log-errors {
name = log
}
service pop3 {
name = pop3-login
}
service login/pop3 {
name = pop3
}
service replicator-doveadm {
name = replicator
}
service login/ssl-params {
name = ssl-params
}
service stats-mail {
name = stats
}
}
protocol lda {
service replication-notify-fifo {
name = aggregator
}
service anvil-auth-penalty {
name = anvil
}
service auth-worker {
name = auth-worker
}
service auth-client {
name = auth
}
service config {
name = config
}
service dict-async {
name = dict-async
}
service dict {
name = dict
}
service login/proxy-notify {
name = director
}
service dns-client {
name = dns_client
}
service doveadm-server {
name = doveadm
}
service imap-hibernate {
name = imap-hibernate
}
service imap {
name = imap-login
}
service imap-urlauth {
name = imap-urlauth-login
}
service imap-urlauth-worker {
name = imap-urlauth-worker
}
service token-login/imap-urlauth {
name = imap-urlauth
}
service imap-master {
name = imap
}
service indexer-worker {
name = indexer-worker
}
service indexer {
name = indexer
}
service ipc {
name = ipc
}
service lmtp {
name = lmtp
}
service log-errors {
name = log
}
service pop3 {
name = pop3-login
}
service login/pop3 {
name = pop3
}
service replicator-doveadm {
name = replicator
}
service login/ssl-params {
name = ssl-params
}
service stats-mail {
name = stats
}
}
protocol imap {
service replication-notify-fifo {
name = aggregator
}
service anvil-auth-penalty {
name = anvil
}
service auth-worker {
name = auth-worker
}
service auth-client {
name = auth
}
service config {
name = config
}
service dict-async {
name = dict-async
}
service dict {
name = dict
}
service login/proxy-notify {
name = director
}
service dns-client {
name = dns_client
}
service doveadm-server {
name = doveadm
}
service imap-hibernate {
name = imap-hibernate
}
service imap {
name = imap-login
}
service imap-urlauth {
name = imap-urlauth-login
}
service imap-urlauth-worker {
name = imap-urlauth-worker
}
service token-login/imap-urlauth {
name = imap-urlauth
}
service imap-master {
name = imap
}
service indexer-worker {
name = indexer-worker
}
service indexer {
name = indexer
}
service ipc {
name = ipc
}
service lmtp {
name = lmtp
}
service log-errors {
name = log
}
service pop3 {
name = pop3-login
}
service login/pop3 {
name = pop3
}
service replicator-doveadm {
name = replicator
}
service login/ssl-params {
name = ssl-params
}
service stats-mail {
name = stats
}
}
protocol pop3 {
service replication-notify-fifo {
name = aggregator
}
service anvil-auth-penalty {
name = anvil
}
service auth-worker {
name = auth-worker
}
service auth-client {
name = auth
}
service config {
name = config
}
service dict-async {
name = dict-async
}
service dict {
name = dict
}
service login/proxy-notify {
name = director
}
service dns-client {
name = dns_client
}
service doveadm-server {
name = doveadm
}
service imap-hibernate {
name = imap-hibernate
}
service imap {
name = imap-login
}
service imap-urlauth {
name = imap-urlauth-login
}
service imap-urlauth-worker {
name = imap-urlauth-worker
}
service token-login/imap-urlauth {
name = imap-urlauth
}
service imap-master {
name = imap
}
service indexer-worker {
name = indexer-worker
}
service indexer {
name = indexer
}
service ipc {
name = ipc
}
service lmtp {
name = lmtp
}
service log-errors {
name = log
}
service pop3 {
name = pop3-login
}
service login/pop3 {
name = pop3
}
service replicator-doveadm {
name = replicator
}
service login/ssl-params {
name = ssl-params
}
service stats-mail {
name = stats
}
}
More information about the dovecot
mailing list