I have limited information at the moment (currently distracted by other
projects) but I'm hoping that someone has already found and solved this
problem.
I have a v1.2.1 installed on my development box waiting for me to tinker
with the configuration. On several occasions, I have noticed that all
the dovecot processes are listed as "defunct". I don't recall
seeing
anything significant in the logs the last time I checked. The system is
not under any load.
Has anyone else encountered this before? If not, I will dig deeper. BTW,
ignore the fd limit warning below; limits are set in the init script.
# /local/bin/dovecot -n
# 1.2.1: /local/pkg/dovecot-1.2.1/root/etc/dovecot.conf
Warning: fd limit 1024 is lower than what Dovecot can use under full
load (more than 10240). Either grow the limit or change
login_max_processes_count and max_mail_processes settings
# OS: Linux 2.4.21-58.ELsmp i686 Red Hat Enterprise Linux AS release 3
(Taroon Update 9)
listen: localhost
ssl_listen: *
ssl_cert_file: /usr/share/ssl/certs/mail.encs.pem
ssl_key_file: /usr/share/ssl/certs/mail.encs.pem
login_dir: /var/run/dovecot/login
login_executable: /local/pkg/dovecot-1.2.1/root/libexec/dovecot/imap-login
login_processes_count: 32
login_max_processes_count: 2048
max_mail_processes: 8192
first_valid_uid: 200
mail_location: mbox:~/mail:INBOX=/var/spool/mail/%1u/%
u:INDEX=/local/data/dovecot/indexes/mail/%1u/%u
namespace:
type: private
separator: /
inbox: yes
list: yes
subscriptions: yes
namespace:
type: private
separator: /
prefix: mail/
hidden: yes
list: no
subscriptions: yes
namespace:
type: private
separator: /
prefix: ~/mail/
hidden: yes
list: no
subscriptions: yes
namespace:
type: private
separator: /
prefix: ~%u/mail/
hidden: yes
list: no
subscriptions: yes
auth default:
passdb:
driver: pam
userdb:
driver: passwd
--
Chris O'Regan <chris at encs.concordia.ca>
Senior Unix Systems Administrator, Academic IT Services
Faculty of Engineering and Computer Science
Concordia University, Montreal, Canada
On Tue, 2009-07-21 at 14:45 -0400, Chris O'Regan wrote:> I have a v1.2.1 installed on my development box waiting for me to tinker > with the configuration. On several occasions, I have noticed that all > the dovecot processes are listed as "defunct". I don't recall seeing > anything significant in the logs the last time I checked. The system is > not under any load.What exactly is "all"? Do you mean just dovecot-auth processes, or do you really mean everything, including imap-login, dovecot-auth, imap, pop3, ..? If it's only dovecot-auth processes, it's probably a PAM issue. If it's more than dovecot-auth, is everything still anyway working? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20090721/ca353905/attachment-0002.bin>
On Tue, 2009-07-21 at 15:08 -0400, Timo Sirainen wrote:> On Tue, 2009-07-21 at 14:45 -0400, Chris O'Regan wrote: > > I have a v1.2.1 installed on my development box waiting for me to tinker > > with the configuration. On several occasions, I have noticed that all > > the dovecot processes are listed as "defunct". I don't recall seeing > > anything significant in the logs the last time I checked. The system is > > not under any load. > > What exactly is "all"? Do you mean just dovecot-auth processes, or do > you really mean everything, including imap-login, dovecot-auth, imap, > pop3, ..? > > If it's only dovecot-auth processes, it's probably a PAM issue. If it's > more than dovecot-auth, is everything still anyway working?It just happened again: root 2904 1 0 14:32 ? 00:00:00 /local/bin/dovecot root 2907 2904 0 14:32 ? 00:00:00 dovecot-auth root 2919 2904 0 14:32 ? 00:00:00 dovecot-auth -w dovecot 7026 2904 0 15:02 ? 00:00:00 [imap-login <defunct>] [and many other imap-login processes, all defunct] If I telnet to "imap", a connection is established but there is no greeting. I get "connection refused" if I try to access "imaps" from Thunderbird. No errors in the logs, except for some messages that I believe are related to an internal Nessus scan (repeated a few times): Jul 21 15:01:45 XXX dovecot: imap-login: Disconnected (no auth attempts): rip=XXX.XXX.XXX.XXX, lip=XXX.XXX.XXX.XXX, TLS handshaking: Disconnected Jul 21 15:02:20 XXX dovecot: imap-login: Disconnected (no auth attempts): rip=XXX.XXX.XXX.XXX, lip=XXX.XXX.XXX.XXX, TLS handshaking: SSL_accept() failed: error:1406B0CB:SSL routines:GET_CLIENT_MASTER_KEY:peer error no cipher Hrmmm...look at the time of the imap-login process...that can't be a coincidence. Nessus is scanning our production IMAP servers, too, but as I mentioned, they are running an older version of Dovecot, namely v1.1.14. -- Chris O'Regan <chris at encs.concordia.ca> Senior Unix Systems Administrator, Academic IT Services Faculty of Engineering and Computer Science Concordia University, Montreal, Canada