Service unavailable, lots of idle dovecot-login processes
Aki Tuomi
aki.tuomi at open-xchange.com
Fri Feb 5 13:58:25 EET 2021
Can you try using https://repo.dovecot.org and see if it happens with 2.3.13 version?
Aki
> On 05/02/2021 13:42 Wolfgang <adminkram at tripelspark.de> wrote:
>
>
> Thx!
>
> It seems these processes are in state "dovecot/imap-login [1 pre-login]".
>
> Concerning logs, the only thing that seems suspicious to me is:
>
> Jan 31 00:33:05 static dovecot: imap-login: Disconnected (no auth
> attempts in 5 secs): user=<>, rip=91.232.28.82, lip=78.46.17.21, TLS
> handshaking: Connection closed, session=<QD/tiia6aKlb6BxS>
> Jan 31 00:33:05 static dovecot: imap-login: Disconnected (no auth
> attempts in 0 secs): user=<>, rip=91.232.28.82, lip=78.46.17.21, TLS
> handshaking: SSL_accept() failed: error:1408F09C:SSL
> routines:ssl3_get_record:http request, session=<OCruiia6fstb6BxS>
> Jan 31 00:33:06 static dovecot: imap-login: Disconnected (no auth
> attempts in 0 secs): user=<>, rip=91.232.28.82, lip=78.46.17.21, TLS
> handshaking: SSL_accept() failed: error:1408F09C:SSL
> routines:ssl3_get_record:http request, session=<SaPviia6HMxb6BxS>
>
> The IPs in question are not our own IPs.
>
> Since restarting (about 45 minutes), I have about a dozen of the
> "Disconnected (no auth attempts" and exactly 13 of the pre-login
> processes. In fact, the number of pre-login processes just jumped by 2
> and the log just shows 2 new "Disconnected (no auth attempts in 0 secs)"
>
> This might have something to do with it.
>
> Version is 2.3.4.1. It's a production system, I'd like to avoid having
> to compile my own version of dovecot unless there's no way around it.
>
> Greetings,
> Wolfgang
>
> On 2/5/21 10:51 AM, Aki Tuomi wrote:
> > Can you set
> >
> > verbose_proctitle = yes
> >
> > this should provide more information what the process is up to.
> >
> > Can you also check your logs?
> >
> > Aki
> >
> >> On 05/02/2021 11:46 Wolfgang <adminkram at tripelspark.de> wrote:
> >>
> >>
> >> Hi,
> >>
> >> Sorry, the problem is back! Not solved, again no change except that I
> >> lowered the limits again and restarted dovecot. Here is what it looks like:
> >>
> >> lsof -a -i4 -i6 -itcp | fgrep imap-logi | wc
> >> 9
> >>
> >> --> There are 9 TCP connections to imap-login.
> >>
> >> ps aux | fgrep imap-login | wc
> >> 81
> >> ps aux | fgrep imap | wc
> >> 90
> >>
> >> --> There are 90-81 = 9 IMAP worker processes (OK) and 81 imap-login
> >> processes (not OK). Thunderbird cannot connect again.
> >>
> >> ps auxf | fgrep dove
> >> root 28118 0.0 0.0 4200 2752 ? Ss Feb03 0:02
> >> /usr/sbin/dovecot -F
> >> dovecot 28138 0.0 0.0 4176 2224 ? S Feb03 0:01 \_
> >> dovecot/anvil
> >> root 28139 0.0 0.0 4172 2436 ? S Feb03 0:00 \_
> >> dovecot/log
> >> root 28140 0.0 0.0 6764 4636 ? S Feb03 0:05 \_
> >> dovecot/config
> >> dovecot 28143 0.0 0.0 5360 3584 ? S Feb03 0:01 \_
> >> dovecot/stats
> >> dovenull 28206 0.0 0.0 8200 4652 ? S Feb03 0:02 \_
> >> dovecot/imap-login
> >> USER2 28207 0.0 0.0 6356 3988 ? S Feb03 0:02 \_
> >> dovecot/imap
> >> dovenull 28234 0.0 0.0 8200 4712 ? S Feb03 0:02 \_
> >> dovecot/imap-login
> >> USER1 28235 0.0 0.0 6356 2924 ? S Feb03 0:02 \_
> >> dovecot/imap
> >> dovenull 28275 0.0 0.0 8200 4716 ? S Feb03 0:02 \_
> >> dovecot/imap-login
> >> USER1 28276 0.0 0.0 9416 7308 ? S Feb03 0:03 \_
> >> dovecot/imap
> >> dovenull 19673 0.0 0.0 8212 6380 ? S Feb04 0:00 \_
> >> dovecot/imap-login
> >> USER3 19674 0.0 0.0 14220 7680 ? S Feb04 0:01 \_
> >> dovecot/imap
> >> dovenull 21688 0.0 0.0 8200 6416 ? S Feb04 0:01 \_
> >> dovecot/imap-login
> >> USER2 21690 0.0 0.0 9604 8504 ? S Feb04 0:01 \_
> >> dovecot/imap
> >> dovenull 22398 0.0 0.0 8200 6440 ? S Feb04 0:00 \_
> >> dovecot/imap-login
> >> dovenull 22400 0.0 0.0 8200 6384 ? S Feb04 0:00 \_
> >> dovecot/imap-login
> >> dovenull 22593 0.0 0.0 8200 6292 ? S Feb04 0:00 \_
> >> dovecot/imap-login
> >> dovenull 22595 0.0 0.0 8200 6312 ? S Feb04 0:00 \_
> >> dovecot/imap-login
> >> dovenull 22814 0.0 0.0 8200 6324 ? S Feb04 0:00 \_
> >> dovecot/imap-login
> >> dovenull 22816 0.0 0.0 8200 6312 ? S Feb04 0:00 \_
> >> dovecot/imap-login
> >> dovenull 23026 0.0 0.0 8200 6384 ? S Feb04 0:00 \_
> >> dovecot/imap-login
> >> dovenull 23028 0.0 0.0 8200 6340 ? S Feb04 0:00 \_
> >> dovecot/imap-login
> >> .......(skipped some lines of imap-login)........
> >> dovenull 23179 0.0 0.0 8200 6412 ? S Feb04 0:00 \_
> >> dovecot/imap-login
> >> dovenull 23181 0.0 0.0 8200 6368 ? S Feb04 0:00 \_
> >> dovecot/imap-login
> >> dovenull 23421 0.0 0.0 8200 6284 ? S Feb04 0:00 \_
> >> dovecot/imap-login
> >> dovenull 23423 0.0 0.0 8200 6412 ? S Feb04 0:00 \_
> >> dovecot/imap-login
> >> dovenull 23611 0.0 0.0 8200 6380 ? S Feb04 0:00 \_
> >> dovecot/imap-login
> >> dovenull 23613 0.0 0.0 8200 6296 ? S Feb04 0:00 \_
> >> dovecot/imap-login
> >> dovenull 23797 0.0 0.0 8200 6464 ? S Feb04 0:00 \_
> >> dovecot/imap-login
> >> dovenull 23799 0.0 0.0 8200 6296 ? S Feb04 0:00 \_
> >> dovecot/imap-login
> >> dovenull 24029 0.0 0.0 8200 6300 ? S Feb04 0:00 \_
> >> dovecot/imap-login
> >> dovenull 24031 0.0 0.0 8200 6188 ? S Feb04 0:00 \_
> >> dovecot/imap-login
> >> dovenull 24205 0.0 0.0 8200 6340 ? S Feb04 0:00 \_
> >> dovecot/imap-login
> >> dovenull 24207 0.0 0.0 8200 6320 ? S Feb04 0:00 \_
> >> dovecot/imap-login
> >> dovenull 5628 0.0 0.0 8212 6408 ? S 08:59 0:00 \_
> >> dovecot/imap-login
> >> USER1 5629 0.0 0.0 7844 6460 ? S 08:59 0:00 \_
> >> dovecot/imap
> >> optores 5630 0.0 0.0 6356 4444 ? S 08:59 0:00 \_
> >> dovecot/imap
> >> USER1 5631 0.0 0.0 6372 4568 ? S 08:59 0:00 \_
> >> dovecot/imap
> >> dovenull 6373 0.0 0.0 8200 6224 ? S 09:43 0:00 \_
> >> dovecot/imap-login
> >> USER1 6375 0.0 0.0 7052 5900 ? S 09:43 0:00 \_
> >> dovecot/imap
> >>
> >> The config is the same as last time except for this:
> >>
> >> auth_worker_max_count = 100
> >> default_process_limit = 80
> >>
> >> Which should be more than enough.
> >>
> >> Any ideas?
> >> Wolfgang
> >>
> >> On 2/3/21 8:19 PM, Wolfgang wrote:
> >>> Hi,
> >>>
> >>>> But as Aki said, doveconf -n is crucial, especially since you upgraded
> >>> from an older version.
> >>>>
> >>>
> >>> Thank you for your response. Unfortunately, I missed the first e-mail a
> >>> few days ago.
> >>>
> >>> Interestingly it does no longer happen since a few days. We're seeing
> >>> one IMAP and one IMAP-LOGIN process per connection now which is the
> >>> expected behavior.
> >>>
> >>> It's completely unclear to me why this does not longer happen now.
> >>>
> >>> Anyway, here's the doveconf output in case you spot something.
> >>>
> >>> Thank you,
> >>> Wolfgang
> >>>
> >>> # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
> >>> # Pigeonhole version 0.5.4 ()
> >>> # OS: Linux 4.19.0-11-amd64 x86_64 Debian 10.7
> >>> # Hostname: static......
> >>> auth_mechanisms = scram-sha-1 digest-md5 cram-md5 plain
> >>> auth_worker_max_count = 300
> >>> default_process_limit = 200
> >>> first_valid_uid = 1000
> >>> hostname = .......
> >>> log_timestamp = "%Y-%m-%d %H:%M:%S "
> >>> mail_location = maildir:~/Maildir
> >>> mail_plugins = quota acl
> >>> mail_privileged_group = mail
> >>> mail_server_admin = postmaster at .......
> >>> managesieve_notify_capability = mailto
> >>> managesieve_sieve_capability = fileinto reject envelope
> >>> encoded-character vacation subaddress comparator-i;ascii-numeric
> >>> relational regex imap4flags copy include variables body enotify
> >>> environment mailbox date index ihave duplicate mime foreverypart
> >>> extracttext editheader
> >>> namespace inbox {
> >>> inbox = yes
> >>> location =
> >>> mailbox Drafts {
> >>> special_use = \Drafts
> >>> }
> >>> mailbox Junk {
> >>> special_use = \Junk
> >>> }
> >>> mailbox Sent {
> >>> special_use = \Sent
> >>> }
> >>> mailbox "Sent Messages" {
> >>> special_use = \Sent
> >>> }
> >>> mailbox Trash {
> >>> special_use = \Trash
> >>> }
> >>> prefix =
> >>> separator = /
> >>> type = private
> >>> }
> >>> namespace zzzzz {
> >>> list = children
> >>> location = maildir:%%h/Maildir-xxx:INDEX=~/index_shared/%%u
> >>> prefix = shared/%%u/
> >>> separator = /
> >>> subscriptions = no
> >>> type = shared
> >>> }
> >>> passdb {
> >>> args = /etc/dovecot/shadow
> >>> driver = passwd-file
> >>> }
> >>> plugin {
> >>> acl = vfile
> >>> acl_shared_dict = file:/var/mail/shared-%d/shared-mailboxes
> >>> quota = maildir:User quota
> >>> quota_rule = *:storage=1G
> >>> quota_warning = storage=90%% quota-warning 90 %u
> >>> sieve = file:~/sieve;active=~/dovecot.sieve
> >>> sieve_extensions = +editheader
> >>> }
> >>> postmaster_address = postmaster at xxxxxxx.de
> >>> protocols = " imap sieve sieve"
> >>> service auth-worker {
> >>> chroot = yes
> >>> user = $default_internal_user
> >>> }
> >>> service auth {
> >>> unix_listener /var/spool/postfix/private/auth {
> >>> group = postfix
> >>> mode = 0660
> >>> user = postfix
> >>> }
> >>> }
> >>> service imap-login {
> >>> vsz_limit = 64 M
> >>> }
> >>> service managesieve-login {
> >>> inet_listener sieve {
> >>> port = 4190
> >>> }
> >>> inet_listener sieve_deprecated {
> >>> port = 2000
> >>> }
> >>> }
> >>> ssl_cert = </etc/letsencrypt/live/..../fullchain.pem
> >>> ssl_client_ca_dir = /etc/ssl/certs
> >>> ssl_dh = # hidden, use -P to show it
> >>> ssl_key = # hidden, use -P to show it
> >>> userdb {
> >>> args = /etc/dovecot/passwd
> >>> default_fields = quota_rule=*:storage=1G
> >>> driver = passwd-file
> >>> }
> >>> protocol lda {
> >>> mail_plugins = quota acl sieve
> >>> }
> >>> protocol imap {
> >>> mail_max_userip_connections = 32
> >>> mail_plugins = quota acl imap_quota imap_acl
> >>> }
> >>>
> >
More information about the dovecot
mailing list