dovecot - Nov 2007 - dovecot imap hangs

All,

I recently did a fresh install/setup on centos 5 to replace my older 
courier-imap and all seemed to go well until today I started to notice 
that it simply hangs. I use thunderbird and squirrel mail and after a 
while it seems like I"m simply rejected. I'm almost guessing that it
has
to do with the session timing out and then dovecot is unwilling or 
unable to renew the session. I can't login and there is little or no 
information in the logs. I've set up a cron job to restart dovecot every 
5 minutes to deal with this for now.

I'm new to dovecot, what sort of info should I send to you guys?

I'm using centos 5, qmail-ldap and Maildir for my mail format.

OpenLDAP: slapd 2.3.27
dovecot-1.0-1.2.rc15.el5

my /etc/dovecot.conf
==================mail_location = maildir:%h
namespace private {
  prefix = INBOX.
  inbox = yes
}
mail_debug = yes
maildir_copy_with_hardlinks = yes
auth default {
 mechanisms = plain
 passdb ldap {
    # Path for LDAP configuration file, see doc/dovecot-ldap.conf for 
example
    args = /etc/dovecot-ldap.conf
  }
 userdb ldap {
        args = /etc/dovecot-ldap.conf
  }
}
==================my dovecot-ldap.conf
==================
# This file is opened as root, so it should be owned by root and mode 0600.
#
# NOTE: If you're not using authentication binds, you'll need to give
# dovecot-auth read access to userPassword field in the LDAP server.
# With OpenLDAP this is done by modifying /etc/ldap/slapd.conf. There should
# already be something like this:

# access to attribute=userPassword
#        by dn="<dovecot's dn>" read # add this
#        by anonymous auth
#        by self write
#        by * none

# Space separated list of LDAP hosts to use. host:port is allowed too.
hosts =127.0.0.1:389

# LDAP URIs to use. You can use this instead of hosts list. Note that this
# setting isn't supported by all LDAP libraries.
#uris = 

# Distinguished Name - the username used to login to the LDAP server
#dn = 
dn=cn=Manager,dc=cttechhosting,dc=net
dnpass=secret

# Password for LDAP server
#dnpass = 

# Use SASL binding instead of the simple binding. Note that this changes
# ldap_version automatically to be 3 if it's lower. Also note that SASL
binds
# and auth_bind=yes don't work together.
#sasl_bind = no
# SASL mechanism name to use.
#sasl_mech # SASL realm to use.
#sasl_realm # SASL authorization ID, ie. the dnpass is for this "master
user", but the
# dn is still the logged in user. Normally you want to keep this empty.
#sasl_authz_id 
# Use authentication binding for verifying password's validity. This works
by
# logging into LDAP server using the username and password given by client.
# The pass_filter is used to find the DN for the user. Note that the pass_attrs
# is still used, only the password field is ignored in it. Before doing any
# search, the binding is switched back to the default DN.
auth_bind = yes

# If authentication binding is used, you can save one LDAP request per login
# if users' DN can be specified with a common template. The template can use
# the standard %variables (see user_filter). Note that you can't
# use any pass_attrs if you use this setting.
#
# If you use this setting, it's a good idea to use a different
# dovecot-ldap.conf for userdb (it can even be a symlink, just as long as the
# filename is different in userdb's args). That way one connection is used
only
# for LDAP binds and another connection is used for user lookups. Otherwise
# the binding is changed to the default DN before each user lookup.
#
# For example:
#   auth_bind_userdn = cn=%u,ou=people,o=org
#
auth_bind_userdn = uid=%u,ou=accounts,dc=cttechhosting,dc=net

# LDAP protocol version to use. Likely 2 or 3.
#ldap_version = 2
ldap_version=3

# LDAP base. %variables can be used here.
base = ou=accounts,dc=cttechhosting,dc=net

# Dereference: never, searching, finding, always
#deref = never

# Search scope: base, onelevel, subtree
#scope = subtree

# User attributes are given in LDAP-name=dovecot-internal-name list. The
# internal names are:
#   uid - System UID
#   gid - System GID
#   home - Home directory
#   mail - Mail location
#
# There are also other special fields which can be returned, see
# http://wiki.dovecot.org/UserDatabase/ExtraFields
user_attrs =
mailMessageStore=home,qmailUID=uid,qmailGID=gid,mailMessageStore=mail

# Filter for user lookup. Some variables can be used (see
# http://wiki.dovecot.org/Variables for full list):
#   %u - username
#   %n - user part in user at domain, same as %u if there's no domain
#   %d - domain part in user at domain, empty if user there's no domain
user_filter = (&(objectClass=qmailUser)(uid=%u))

# Password checking attributes:
#  user: Virtual user name (user at domain), if you wish to change the
#        user-given username to something else
#  password: Password, may optionally start with {type}, eg. {crypt}
# There are also other special fields which can be returned, see
# http://wiki.dovecot.org/PasswordDatabase/ExtraFields
pass_attrs = mail=user,userPassword=password

# If you wish to avoid two LDAP lookups (passdb + userdb), you can use
# userdb prefetch instead of userdb ldap in dovecot.conf. In that case
you'll
# also have to include user_attrs in pass_attrs field prefixed with
"userdb_"
# string. For example:
#pass_attrs =
uid=user,userPassword=password,homeDirectory=userdb_home,qmailUID=userdb_uid,qmailGID=userdb_gid

# Filter for password lookups
pass_filter = (&(objectClass=qmailUser)(uid=%u))

# Default password scheme. "{scheme}" before password overrides this.
# List of supported schemes is in: http://wiki.dovecot.org/Authentication
default_pass_scheme = LDAP-SHA

# You can use same UID and GID for all user accounts if you really want to.
# If the UID/GID is still found from LDAP reply, it overrides these values.
#user_global_uid = 
========================#user_global_gid = 

===================

It just happened again and Squirrelmail reported:

*ERROR: Connection dropped by IMAP server.

*I see no errors in /var/log/maillog and I get the same timeout 
happening in squirrelmail as well as thunderbird. Please help!!!

Russ
> All,
>
> I recently did a fresh install/setup on centos 5 to replace my older 
> courier-imap and all seemed to go well until today I started to notice 
> that it simply hangs. I use thunderbird and squirrel mail and after a 
> while it seems like I"m simply rejected. I'm almost guessing that
it
> has to do with the session timing out and then dovecot is unwilling or 
> unable to renew the session. I can't login and there is little or no 
> information in the logs. I've set up a cron job to restart dovecot 
> every 5 minutes to deal with this for now.
>
> I'm new to dovecot, what sort of info should I send to you guys?
>
> I'm using centos 5, qmail-ldap and Maildir for my mail format.
>
> OpenLDAP: slapd 2.3.27
> dovecot-1.0-1.2.rc15.el5
>
> my /etc/dovecot.conf
> ==================> mail_location = maildir:%h
> namespace private {
>  prefix = INBOX.
>  inbox = yes
> }
> mail_debug = yes
> maildir_copy_with_hardlinks = yes
> auth default {
> mechanisms = plain
> passdb ldap {
>    # Path for LDAP configuration file, see doc/dovecot-ldap.conf for 
> example
>    args = /etc/dovecot-ldap.conf
>  }
> userdb ldap {
>        args = /etc/dovecot-ldap.conf
>  }
> }
> ==================> my dovecot-ldap.conf
> ==================>
> # This file is opened as root, so it should be owned by root and mode 
> 0600.
> #
> # NOTE: If you're not using authentication binds, you'll need to
give
> # dovecot-auth read access to userPassword field in the LDAP server.
> # With OpenLDAP this is done by modifying /etc/ldap/slapd.conf. There 
> should
> # already be something like this:
>
> # access to attribute=userPassword
> #        by dn="<dovecot's dn>" read # add this
> #        by anonymous auth
> #        by self write
> #        by * none
>
> # Space separated list of LDAP hosts to use. host:port is allowed too.
> hosts =127.0.0.1:389
>
> # LDAP URIs to use. You can use this instead of hosts list. Note that 
> this
> # setting isn't supported by all LDAP libraries.
> #uris > # Distinguished Name - the username used to login to the LDAP
server
> #dn = dn=cn=Manager,dc=cttechhosting,dc=net
> dnpass=secret
>
> # Password for LDAP server
> #dnpass > # Use SASL binding instead of the simple binding. Note that
this changes
> # ldap_version automatically to be 3 if it's lower. Also note that 
> SASL binds
> # and auth_bind=yes don't work together.
> #sasl_bind = no
> # SASL mechanism name to use.
> #sasl_mech > # SASL realm to use.
> #sasl_realm > # SASL authorization ID, ie. the dnpass is for this
"master user", but
> the
> # dn is still the logged in user. Normally you want to keep this empty.
> #sasl_authz_id >
> # Use authentication binding for verifying password's validity. This 
> works by
> # logging into LDAP server using the username and password given by 
> client.
> # The pass_filter is used to find the DN for the user. Note that the 
> pass_attrs
> # is still used, only the password field is ignored in it. Before 
> doing any
> # search, the binding is switched back to the default DN.
> auth_bind = yes
>
> # If authentication binding is used, you can save one LDAP request per 
> login
> # if users' DN can be specified with a common template. The template 
> can use
> # the standard %variables (see user_filter). Note that you can't
> # use any pass_attrs if you use this setting.
> #
> # If you use this setting, it's a good idea to use a different
> # dovecot-ldap.conf for userdb (it can even be a symlink, just as long 
> as the
> # filename is different in userdb's args). That way one connection is 
> used only
> # for LDAP binds and another connection is used for user lookups. 
> Otherwise
> # the binding is changed to the default DN before each user lookup.
> #
> # For example:
> #   auth_bind_userdn = cn=%u,ou=people,o=org
> #
> auth_bind_userdn = uid=%u,ou=accounts,dc=cttechhosting,dc=net
>
> # LDAP protocol version to use. Likely 2 or 3.
> #ldap_version = 2
> ldap_version=3
>
> # LDAP base. %variables can be used here.
> base = ou=accounts,dc=cttechhosting,dc=net
>
> # Dereference: never, searching, finding, always
> #deref = never
>
> # Search scope: base, onelevel, subtree
> #scope = subtree
>
> # User attributes are given in LDAP-name=dovecot-internal-name list. The
> # internal names are:
> #   uid - System UID
> #   gid - System GID
> #   home - Home directory
> #   mail - Mail location
> #
> # There are also other special fields which can be returned, see
> # http://wiki.dovecot.org/UserDatabase/ExtraFields
> user_attrs = 
> mailMessageStore=home,qmailUID=uid,qmailGID=gid,mailMessageStore=mail
>
> # Filter for user lookup. Some variables can be used (see
> # http://wiki.dovecot.org/Variables for full list):
> #   %u - username
> #   %n - user part in user at domain, same as %u if there's no domain
> #   %d - domain part in user at domain, empty if user there's no domain
> user_filter = (&(objectClass=qmailUser)(uid=%u))
>
> # Password checking attributes:
> #  user: Virtual user name (user at domain), if you wish to change the
> #        user-given username to something else
> #  password: Password, may optionally start with {type}, eg. {crypt}
> # There are also other special fields which can be returned, see
> # http://wiki.dovecot.org/PasswordDatabase/ExtraFields
> pass_attrs = mail=user,userPassword=password
>
> # If you wish to avoid two LDAP lookups (passdb + userdb), you can use
> # userdb prefetch instead of userdb ldap in dovecot.conf. In that case 
> you'll
> # also have to include user_attrs in pass_attrs field prefixed with 
> "userdb_"
> # string. For example:
> #pass_attrs = 
>
uid=user,userPassword=password,homeDirectory=userdb_home,qmailUID=userdb_uid,qmailGID=userdb_gid
>
>
> # Filter for password lookups
> pass_filter = (&(objectClass=qmailUser)(uid=%u))
>
> # Default password scheme. "{scheme}" before password overrides
this.
> # List of supported schemes is in: http://wiki.dovecot.org/Authentication
> default_pass_scheme = LDAP-SHA
>
> # You can use same UID and GID for all user accounts if you really 
> want to.
> # If the UID/GID is still found from LDAP reply, it overrides these 
> values.
> #user_global_uid = ========================> #user_global_gid >
==================>
>

On 11/26/2007, russ (russ at cttechhosting.net) wrote:
> dovecot-1.0-1.2.rc15.el5 
This is very old - please upgrade and see if it fixes it... too many 
fixes between the current version (1.0.7) and 1.0rc15 to even try to 
mention...

-- 

Best regards,

Charles

Charles Marcus wrote:
> On 11/26/2007, russ (russ at cttechhosting.net) wrote:
>> dovecot-1.0-1.2.rc15.el5 
>
> This is very old - please upgrade and see if it fixes it... too many 
> fixes between the current version (1.0.7) and 1.0rc15 to even try to 
> mention...
>
I just upgraded to the 1.0.7 rpm from 
http://atrpms.net/dist/el5/dovecot/ - will see if this helps.

Thanks,

Russ

> On 11/26/2007, russ (russ at cttechhosting.net) wrote:
>> dovecot-1.0-1.2.rc15.el5 
>
> This is very old - please upgrade and see if it fixes it... too many 
> fixes between the current version (1.0.7) and 1.0rc15 to even try to 
> mention...
>
I upgraded to dovecot-1.0.7-0_63.el5 and so far, dovecot is stable for 
me using openldap.

Thanks,

Russ