<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi,</p>
<p>We have growing imap-login processes until we reach the max
processes.<br>
</p>
<p>This occurs when a particular user have a login error due to our
LDAP misconfiguration:</p>
<p>---<br>
<font face="monospace">Mar 4 14:59:33 hera dovecot[2226963]:
auth: Error:
plain(john.doe,XX.XX.XX.XX,<13C0eBP2354lqXpO>): user not
found from any userdbs <br>
Mar 4 14:59:33 hera dovecot[2226963]: imap: Error: auth-master:
login: request [1001652225]: Login auth request failed:
Authenticated user not found from <br>
userdb, auth lookup id=1001652225 (auth connected 2 msecs ago,
request took 1 msecs, client-pid=2235348
client-id=1) <br>
Mar 4 14:59:33 hera dovecot[2226963]: imap-login: Internal
login failure (pid=2235348 id=1): user=<ohn.doe>,
method=PLAIN, rip=XX.XX.XX.XX, lip=18<br>
5.233.100.1, mpid=2235359, TLS, session=<13C0eBP2354lqXpO><br>
---</font><br>
</p>
<p>The origin of is issue is when <span
style="font-family:monospace"><span
style="color:#000000;background-color:#ffffff;">passdb finds
the user and userdb not.</span> The result is imap-login
processes with no timeout growing until we reach the max
processes.</span></p>
<ul>
<li>OS version</li>
</ul>
<p>Debian stable - Bullseye</p>
<ul>
<li>Dovecot version<br>
</li>
</ul>
<p><span style="font-family:monospace"><span
style="color:#000000;background-color:#ffffff;">dpkg -l |grep
dovecot
</span><br>
ii dovecot-antispam 2.0+20171229-1+b7
amd64 Dovecot plugins for training
spam filters
<br>
ii dovecot-common 1:2.1.7-7+deb7u1
all Transitional package for
dovecot
<br>
ii dovecot-core 1:2.3.13+dfsg1-2+deb11u1
amd64 secure POP3/IMAP server - core files
<br>
ii dovecot-core-dbgsym 1:2.3.13+dfsg1-2+deb11u1
amd64 debug symbols for dovecot-core
<br>
ii dovecot-imapd 1:2.3.13+dfsg1-2+deb11u1
amd64 secure POP3/IMAP server - IMAP daemon
<br>
ii dovecot-imapd-dbgsym 1:2.3.13+dfsg1-2+deb11u1
amd64 debug symbols for dovecot-imapd
<br>
ii dovecot-ldap 1:2.3.13+dfsg1-2+deb11u1
amd64 secure POP3/IMAP server - LDAP support
<br>
ii dovecot-managesieved 1:2.3.13+dfsg1-2+deb11u1
amd64 secure POP3/IMAP server - ManageSieve
server
<br>
ii dovecot-mysql 1:2.3.13+dfsg1-2+deb11u1
amd64 secure POP3/IMAP server - MySQL
support
<br>
ii dovecot-pop3d 1:2.3.13+dfsg1-2+deb11u1
amd64 secure POP3/IMAP server - POP3 daemon
<br>
ii dovecot-sieve 1:2.3.13+dfsg1-2+deb11u1
amd64 secure POP3/IMAP server - Sieve
filters support<br>
<br>
</span></p>
<ul>
<li><span style="font-family:monospace"><span
style="color:#000000;background-color:#ffffff;">doveconf -n<br>
</span></span></li>
</ul>
<p><span style="font-family:monospace">---<br>
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
<br>
# Pigeonhole version 0.5.13 (cdd19fe3)
<br>
doveconf: Warning: service auth { client_limit=1000 } is lower
than required under max. load (4096)
<br>
doveconf: Warning: service anvil { client_limit=1000 } is lower
than required under max. load (4099)
<br>
# OS: Linux 5.10.0-21-cloud-amd64 x86_64 Debian 11.6 ext4
<br>
# Hostname: XXX<br>
auth_mechanisms = plain login
<br>
default_process_limit = 1024
<br>
first_valid_gid = 8
<br>
first_valid_uid = 109
<br>
last_valid_gid = 8
<br>
last_valid_uid = 109
<br>
login_greeting = XXX listening.
<br>
mail_access_groups = mail
<br>
mail_gid = 8
<br>
mail_location = maildir:/srv/vmail/%d/%n
<br>
mail_privileged_group = mail
<br>
mail_uid = 109
<br>
managesieve_notify_capability = mailto
<br>
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy i<br>
nclude variables body enotify environment mailbox date index
ihave duplicate mime foreverypart extracttext imapflags notify
imapsieve vnd.dovecot.imapsieve<br>
vnd.dovecot.filter
<br>
namespace inbox {
<br>
inbox = yes
<br>
location = <br>
mailbox Drafts {
<br>
special_use = \Drafts
<br>
}
<br>
mailbox Junk {
<br>
special_use = \Junk
<br>
}
<br>
mailbox Sent {
<br>
special_use = \Sent
<br>
}
<br>
mailbox "Sent Messages" {
<br>
special_use = \Sent
<br>
}
<br>
mailbox Trash {
<br>
special_use = \Trash
<br>
}
<br>
prefix = <br>
}
<br>
passdb {
<br>
args = /etc/dovecot/dovecot-ldap.conf
<br>
driver = ldap
<br>
}
<br>
passdb {
<br>
args = /etc/dovecot/dovecot-ldap-girondix.conf
<br>
driver = ldap
<br>
}
<br>
passdb {
<br>
args = /etc/dovecot/dovecot-oauth2.conf.ext
<br>
driver = oauth2
<br>
mechanisms = xoauth2 oauthbearer
<br>
}
<br>
plugin {
<br>
quota_rule = *:storage=100M
<br>
quota_rule2 = Trash:storage=10%%
<br>
recipient_delimiter = +
<br>
sieve = /srv/vmail/%d/%n/dovecot.sieve
<br>
sieve_default = /var/lib/dovecot/sieve/default.sieve
<br>
sieve_dir = /srv/vmail/%d/%n/sieve
<br>
sieve_extensions = +notify +imapflags +vnd.dovecot.filter
<br>
sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
<br>
sieve_global_extensions = +vnd.dovecot.pipe
<br>
sieve_max_script_size = 1M
<br>
sieve_pipe_bin_dir = /etc/dovecot/sieve
<br>
sieve_pipe_socket_dir = sieve-pipe
<br>
sieve_plugins = sieve_imapsieve sieve_extprograms
<br>
sieve_redirect_envelope_from = orig_recipient
<br>
}
<br>
protocols = imap pop3 sieve
<br>
service auth {
<br>
unix_listener /var/spool/postfix/private/auth {
<br>
group = mail
<br>
mode = 0600
<br>
user = postfix
<br>
}
<br>
unix_listener auth-master {
<br>
group = mail
<br>
mode = 0660
<br>
user = vmail
<br>
}
<br>
unix_listener auth-userdb {
<br>
group = mail
<br>
mode = 0600
<br>
user = vmail
<br>
}
<br>
}
<br>
service imap-login {
<br>
inet_listener imap {
<br>
port = 0
<br>
}
<br>
}
<br>
service imap {
<br>
vsz_limit = 1 G
<br>
}
<br>
service lmtp {
<br>
executable = lmtp -L
<br>
process_min_avail = 2
<br>
}
<br>
service pop3-login {
<br>
inet_listener pop3 {
<br>
port = 0
<br>
}
<br>
}
<br>
ssl_cert = </srv/letsencrypt/pem/mail.aquilenet.fr.pem
<br>
ssl_client_ca_dir = /etc/ssl/certs
<br>
ssl_dh = # hidden, use -P to show it
<br>
ssl_key = # hidden, use -P to show it
<br>
userdb {
<br>
args = /etc/dovecot/dovecot-ldap.conf
<br>
driver = ldap
<br>
}
<br>
userdb {
<br>
args = /etc/dovecot/dovecot-ldap-girondix.conf
<br>
driver = ldap
<br>
}
<br>
protocol lmtp {
<br>
auth_username_format = %n
<br>
info_log_path = /var/log/dovecot-lmtp.log
<br>
mail_plugins = " sieve"
<br>
}
<br>
protocol lda {
<br>
mail_plugins = " mailbox_alias sieve"
<br>
}
<br>
protocol imap {
<br>
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
<br>
imap_idle_notify_interval = 30 secs
<br>
mail_max_userip_connections = 50
<br>
mail_plugins = quota mailbox_alias imap_quota
<br>
}
<br>
protocol pop3 {
<br>
mail_plugins = quota mailbox_alias acl
<br>
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
<br>
}</span><br>
<span style="font-family:monospace"><span
style="font-family:monospace">---</span></span><span
style="font-family:monospace"></span></p>
</body>
</html>