-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a Linux CentOS server, 4 Gb RAM, with 50 IMAP users. The server is connected to LAN via a firewall appliance, no filtering applied. Many users with different clients complain a lot of "server disconnected" errors. On the server side Doveco does not report any kind of error. I just ab an unusual rate of "IMAP(xxxxxx at xxxx): Disconnected: Logged out" entries. Given that I am NOT sure about the ethernet an firewall performance, how can I trace this problem? Dovecot is 1.1.10, configured with --with-mysql --with-ssl=openssl - --disable-ipv6 --sysconfdir=/etc --localstatedir=/var Userbase is mysql only. Ciao, luigi - -- / +--[Luigi Rosa]-- \ Too much blood in my alcohol system. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmIG1MACgkQ3kWu7Tfl6ZQaawCeJbF4hplK06BcSkNnjqg7Lq60 5wsAoJGLKo0+GUiLLPKbyXD0bAtxderl =LTpZ -----END PGP SIGNATURE-----
On 2/3/2009, Luigi Rosa (lists at luigirosa.com) wrote:> The server is connected to LAN via a firewall appliance, no filtering applied.Which one? -- Best regards, Charles
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 3 Feb 2009, Luigi Rosa wrote:> Many users with different clients complain a lot of "server disconnected" errors. > > On the server side Doveco does not report any kind of error. I just ab an > unusual rate of "IMAP(xxxxxx at xxxx): Disconnected: Logged out" entries.http://wiki.dovecot.org/Debugging/Rawlog won't work for disconnections.> Given that I am NOT sure about the ethernet an firewall performance, how can I > trace this problem?dump/trace the connection before and after the firewall to check out, what packets the clients sends and what are forwarded by the firewall. Also make sure you trace all connections from the client, maybe the firewall drops if there are more than x connections. If the connections breaks at "STARTTLS" command, try switching to SSL. Bye, - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSYg6e3WSIuGy1ktrAQLHnAgApeWaaymNoB4hIOzfgJnSvEU6hZaYuDnm 11TaEbcJBCe93nB8SD6DlHlqZtm4MZSqLPSvI81hEGTeIqdvUQ8EqE/kUBdpKjJ8 uEW2fp6imo88elwcj9oG4c28ohZ5MLy1Jy7gN4oWA9kIBEjnCN+xTUJQ4rFmNN0O uX1ZlEiHVHaW4qKeWpzcj4VLX+ywq1J9rKkPE8tTyOSsitaohEotfzddptTRvkh4 2PHJ3dvPosn0ykmhdfPKKQLKKeZFE9g0VBRLyKeGnbvdyNPQWN7RWMWjJqtYLUOQ dKrhH8Z1JMGN1O+jnMMyKH4Ga0pvB3L1LGGubY/fPIippCKyd68xyQ==UD35 -----END PGP SIGNATURE-----
On Feb 3, 2009, at 5:24 AM, Luigi Rosa wrote:> On the server side Doveco does not report any kind of error. I just > ab an > unusual rate of "IMAP(xxxxxx at xxxx): Disconnected: Logged out" entries."Logged out" means that client issued a LOGOUT command. Do you get any other kinds of Disconnected: reasons?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Luigi Rosa said the following on 03/02/09 11:24:> I have a Linux CentOS server, 4 Gb RAM, with 50 IMAP users. > The server is connected to LAN via a firewall appliance, no filtering applied. > > Many users with different clients complain a lot of "server disconnected" errors. > > On the server side Doveco does not report any kind of error. I just ab an > unusual rate of "IMAP(xxxxxx at xxxx): Disconnected: Logged out" entries.For the records: the problem was the network filtering (not email filtering!) of Kaspersky antivirus. Disabling network filtering on port 143 solved this issue. Ciao, luigi - -- / +--[Luigi Rosa]-- \ All animals are equal, but some animals are more equal than others. --George Orwell, "Animals' Farm" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmLFoUACgkQ3kWu7Tfl6ZTbbQCgv8FlXoFugIH6OK8HO4+HoVXf uo0AnjYyFPsdl+cxjFMnkvSWz1AP7BNa =ALUV -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 5 Feb 2009, Luigi Rosa wrote:> For the records: the problem was the network filtering (not email filtering!) of > Kaspersky antivirus. Disabling network filtering on port 143 solved this issue.Switch from STARTTLS to SSL (port 993), KAV6 ignores this port. This bug is in KAV6 since some time, but they seem to ignore it. Bye, - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSYvuh3WSIuGy1ktrAQLcbgf9GTZiffhIlYTxsqC3+XztYI0oUMVz4Iqk 4rpELSvj33ZJXzBLuNkaW2PRD3M49yMv2MoubIAkU2JqOC7UufKTAiG9JPVv3jff 6Nqf7iGDoylNFeg2JeiNWEUqVuUSbEgdLIv3atJnC3iPK+oVhmyaYEaLGiwuPaAm 2R/erORj1qtXqW3ccBE4pym0i7a8YB3ySeRn7WGk+jfWJKFS4WfiIa4YVN2MOrCm d1hC6Jtmx9dee8hQWBXuYJCqAiMVgckukgNlHJ+R3BsKyMxQnUIJ7rEqrMM/W/h7 D1rK0KxJ8KNA8yNc4EQ5AAASdmCoS+iYb0L7KpSjpTnRtX3oi8JX1Q==YxqR -----END PGP SIGNATURE-----