After a few hours of running, I get tons of the following errors in my logs: dovecot: Oct 08 07:41:50 Error: auth(default): ldap(user at domain,x.x.x.x): Request queue is full I removed the username and IP, obviously. Any idea how to stop this? I have about 5 Thousand users using horde that login ever 1-5 minutes to refresh their page. I assume it is a setting, but I am confused as to why it doesn't happen almost right away. It seems to take some time to build up. Please help! This is taking my webmail system down hourly.
On Oct 8, 2008, at 8:01 AM, David Cunningham wrote:> > After a few hours of running, I get tons of the following errors in > my logs: > > dovecot: Oct 08 07:41:50 Error: auth(default): > ldap(user at domain,x.x.x.x): Request queue is full > > I removed the username and IP, obviously. > > Any idea how to stop this? > > I have about 5 Thousand users using horde that login ever 1-5 > minutes to refresh their page. I assume it is a setting, but I am > confused as to why it doesn't happen almost right away. It seems to > take some time to build up. > > Please help! This is taking my webmail system down hourly.dovecot -n? Hunch is login_max_processes_count is too low. http://wiki.dovecot.org/LoginProcess hth, JL -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2429 bytes Desc: not available URL: <http://dovecot.org/pipermail/dovecot/attachments/20081008/7bfc8458/attachment-0002.bin>
Here is my dovecot -n:
# 1.1.3: /etc/dovecot.conf
log_path: /var/log/dovecot
info_log_path: /var/log/dovecot-info
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
login_greeting: MECnet Mail System, Authorized Use Only, Please Log In.
login_process_per_connection: no
login_process_size: 1024
login_max_processes_count: 1024
login_max_connections: 1024
max_mail_processes: 50000
verbose_proctitle: yes
first_valid_uid: 50
mail_uid: 93
mail_gid: 12
mail_location: maildir:/var/spool/maildirs/%d/%n/Maildir
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_process_size: 1024
mail_plugins(default): quota imap_quota
mail_plugins(imap): quota imap_quota
mail_plugins(pop3):
mail_plugin_dir(default): /usr/lib64/dovecot/imap
mail_plugin_dir(imap): /usr/lib64/dovecot/imap
mail_plugin_dir(pop3): /usr/lib64/dovecot/pop3
namespace:
type: private
prefix: INBOX.
inbox: yes
list: yes
subscriptions: yes
auth default:
verbose: yes
passdb:
driver: ldap
args: /etc/dovecot-ldap.conf
plugin:
quota: maildir
My buddy and I found
#define DB_LDAP_MAX_QUEUE_SIZE 1024
in the db-ldap.h file in the source.
We believe we hitting this threshold for some reason. So, we are
looking to increase this to 8192. However, when trying to build the
RPM source from atrpms, I get this:
# rpmbuild -ba dovecot.spec
error: line 1: Unknown tag: %bcond_without inotify
Any help?
Dave
Quoting Jurvis LaSalle <lasalle at idi.harvard.edu>:
>
> On Oct 8, 2008, at 8:01 AM, David Cunningham wrote:
>
>>
>> After a few hours of running, I get tons of the following errors in
>> my logs:
>>
>> dovecot: Oct 08 07:41:50 Error: auth(default):
>> ldap(user at domain,x.x.x.x): Request queue is full
>>
>> I removed the username and IP, obviously.
>>
>> Any idea how to stop this?
>>
>> I have about 5 Thousand users using horde that login ever 1-5
>> minutes to refresh their page. I assume it is a setting, but I am
>> confused as to why it doesn't happen almost right away. It seems
>> to take some time to build up.
>>
>> Please help! This is taking my webmail system down hourly.
>
>
> dovecot -n?
>
> Hunch is login_max_processes_count is too low.
> http://wiki.dovecot.org/LoginProcess
>
> hth,
> JL
David Cunningham wrote:> I have about 5 Thousand users using horde that login ever 1-5 minutes to > refresh their page. I assume it is a setting, but I am confused as toThis may not related to the real reason of your problem, but I recommend up-imapproxy (http://www.imapproxy.org/) for such setups, which caches connections (and therefore logins). You could try to enable dovecot's auth_cache instead.
Unfortantely, it just happened again! <sigh> I am going to implement my increased queue change and see what happens. Dave Quoting Jurvis LaSalle <lasalle at idi.harvard.edu>:> > On Oct 8, 2008, at 8:01 AM, David Cunningham wrote: > >> >> After a few hours of running, I get tons of the following errors in >> my logs: >> >> dovecot: Oct 08 07:41:50 Error: auth(default): >> ldap(user at domain,x.x.x.x): Request queue is full >> >> I removed the username and IP, obviously. >> >> Any idea how to stop this? >> >> I have about 5 Thousand users using horde that login ever 1-5 >> minutes to refresh their page. I assume it is a setting, but I am >> confused as to why it doesn't happen almost right away. It seems >> to take some time to build up. >> >> Please help! This is taking my webmail system down hourly. > > > dovecot -n? > > Hunch is login_max_processes_count is too low. > http://wiki.dovecot.org/LoginProcess > > hth, > JL
On Wed, 2008-10-08 at 08:01 -0400, David Cunningham wrote:> After a few hours of running, I get tons of the following errors in my logs: > > dovecot: Oct 08 07:41:50 Error: auth(default): > ldap(user at domain,x.x.x.x): Request queue is fullBTW. I improved this error message slightly to also tell how many seconds old data is in the queue. http://hg.dovecot.org/dovecot-1.1/rev/0329dc4df5ed I guess you're using auth binds? If you weren't, I think it wouldn't be possible to fill the queue. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20081009/7c0cd296/attachment-0002.bin>
Well, most of my issues are gone with adding auth cache. However, I am having an issue. Sometimes, even though cache incorrect passwords is disabled, new passwords do not work. It would seem that once a user logs in with one password successfully the cache does not automatically retry if the user tries a different passwords. I would think that the auth cache should check to see if the password changed on the ldap server if something other than the cached password is entered. Is this something wrong with my configuraiton, or the auth code itself? Thanks, Dave Quoting Timo Sirainen <tss at iki.fi>:> On Wed, 2008-10-08 at 08:01 -0400, David Cunningham wrote: >> After a few hours of running, I get tons of the following errors in my logs: >> >> dovecot: Oct 08 07:41:50 Error: auth(default): >> ldap(user at domain,x.x.x.x): Request queue is full > > BTW. I improved this error message slightly to also tell how many > seconds old data is in the queue. > http://hg.dovecot.org/dovecot-1.1/rev/0329dc4df5ed > > I guess you're using auth binds? If you weren't, I think it wouldn't be > possible to fill the queue. > >
Yes, i telnet to port 143 and enter everything manually. Dave Quoting Charles Marcus <CMarcus at Media-Brokers.com>:> On 11/19/2008 10:17 PM, David Cunningham wrote: >> Well, most of my issues are gone with adding auth cache. However, I am >> having an issue. Sometimes, even though cache incorrect passwords is >> disabled, new passwords do not work. It would seem that once a user >> logs in with one password successfully the cache does not automatically >> retry if the user tries a different passwords. I would think that the >> auth cache should check to see if the password changed on the ldap >> server if something other than the cached password is entered. >> >> Is this something wrong with my configuraiton, or the auth code itself? > > Maybe it is the mail client doing the caching... have you tested this on > the command line? > > -- > > Best regards, > > Charles >
No one else with opinions on this? Dave Quoting David Cunningham <davec at mecnet.net>:> Yes, i telnet to port 143 and enter everything manually. > > Dave > > Quoting Charles Marcus <CMarcus at Media-Brokers.com>: > >> On 11/19/2008 10:17 PM, David Cunningham wrote: >>> Well, most of my issues are gone with adding auth cache. However, I am >>> having an issue. Sometimes, even though cache incorrect passwords is >>> disabled, new passwords do not work. It would seem that once a user >>> logs in with one password successfully the cache does not automatically >>> retry if the user tries a different passwords. I would think that the >>> auth cache should check to see if the password changed on the ldap >>> server if something other than the cached password is entered. >>> >>> Is this something wrong with my configuraiton, or the auth code itself? >> >> Maybe it is the mail client doing the caching... have you tested this on >> the command line? >> >> -- >> >> Best regards, >> >> Charles >>