Hello,
We have two (load balanced) director servers in front of 4 dovecot
backend servers.
Yesterday we had a problem at backend servers for some users (our SSO
was down, so IMAP users couldn't authenticate) and this triggered a
problem in director servers where almost nobody could open a new session.
In our director's logs I could see errors like this:
Mar 20 20:52:47 myotis41 dovecot: imap-login: proxy(<user>): Login
failed to 155.54.211.162:143: [UNAVAILABLE] Temporary authentication
failure. [myotis32:2013-03-20 19:52:47]
So, it seems it was trying to authenticate for 1 hour, after that it
timed out the login.
But this timeout is too long. Is this a director timeout? Or a backend
timeout? How can I reduce it?
--
Angel L. Mateo Mart?nez
Secci?n de Telem?tica
?rea de Tecnolog?as de la Informaci?n
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868889150
Fax: 868888337
-------------- next part --------------
# 2.1.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.19um1 x86_64 Ubuntu 12.04.2 LTS
auth_cache_size = 20 M
auth_cache_ttl = 1 days
auth_master_user_separator = *
auth_verbose = yes
default_process_limit = 1024
disable_plaintext_auth = no
log_timestamp = %Y-%m-%d %H:%M:%S
login_trusted_networks = 155.54.211.176/28
mail_access_groups = vmail
mail_gid = vmail
mail_location = maildir:~/Maildir:INDEX=/var/indexes/%2Ln/%Ln
mail_plugins = quota zlib lazy_expunge acl
mail_privileged_group = mail
maildir_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
mdbox_rotate_size = 20 M
namespace {
inbox = yes
location =
prefix =
separator = .
}
namespace {
hidden = yes
list = no
location = maildir:~/Maildir/expunged
prefix = BORRADOS.
separator = .
}
namespace {
list = children
location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
prefix = shared.%%u.
separator = .
subscriptions = no
type = shared
}
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
passdb {
args = session=yes cache_key=%Ln dovecot
driver = pam
}
plugin {
acl = vfile:/etc/dovecot/global-acls:cache_secs=3600
lazy_expunge = BORRADOS.
quota = dict:User quota::file:%h/Maildir/dovecot.quota
quota_rule = *:storage=10G
quota_rule2 = Trash:storage=+1G
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_max_redirects = 15
zlib_save = gz
zlib_save_level = 6
}
postmaster_address = postmaster at um.es
protocols = imap pop3 lmtp sieve
service anvil {
client_limit = 3075
}
service auth {
client_limit = 4096
unix_listener auth-userdb {
mode = 0777
}
}
service doveadm {
inet_listener {
port = 24245
}
}
service imap {
process_limit = 5120
process_min_avail = 6
vsz_limit = 512 M
}
service ipc {
unix_listener ipc {
user = dovecot
}
}
service lmtp {
inet_listener lmtp {
port = 24
}
process_min_avail = 10
vsz_limit = 512 M
}
service pop3 {
process_min_avail = 6
}
ssl = no
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocol lda {
mail_plugins = quota zlib lazy_expunge acl sieve
}
protocol imap {
mail_plugins = quota zlib lazy_expunge acl imap_quota imap_acl
}
protocol lmtp {
mail_plugins = quota zlib lazy_expunge acl sieve
}
protocol pop3 {
pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, in=%i, out=%o
}
local 155.54.211.160/27/27 {
doveadm_password = <password>
}
-------------- next part --------------
# 2.1.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-24-generic x86_64 Ubuntu 12.04.2 LTS
auth_cache_size = 20 M
auth_cache_ttl = 1 days
auth_master_user_separator = *
auth_username_format = %Ln
auth_verbose = yes
default_process_limit = 1024
director_mail_servers = 155.54.211.161-155.54.211.164
director_servers = 155.54.211.185 155.54.211.186
director_username_hash = %Ln
disable_plaintext_auth = no
doveadm_proxy_port = 24245
lmtp_proxy = yes
log_timestamp = %Y-%m-%d %H:%M:%S
mail_plugins = quota
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
default_fields = proxy=y nopassword=y proxy_timeout=600
driver = ldap
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_max_redirects = 15
}
protocols = imap pop3 lmtp sieve
service anvil {
client_limit = 3075
}
service auth {
client_limit = 4096
unix_listener auth-userdb {
mode = 0777
}
}
service director {
fifo_listener login/proxy-notify {
mode = 0666
}
inet_listener {
port = 9090
}
unix_listener director-userdb {
mode = 0600
}
unix_listener login/director {
mode = 0666
}
}
service doveadm {
inet_listener {
port = 24245
}
}
service imap-login {
client_limit = 2206
executable = imap-login director
process_limit = 6
process_min_avail = 6
service_count = 0
}
service imap {
process_limit = 5120
process_min_avail = 6
vsz_limit = 512 M
}
service ipc {
unix_listener ipc {
user = dovecot
}
}
service lmtp {
inet_listener lmtp {
port = 24
}
process_min_avail = 10
vsz_limit = 512 M
}
service managesieve-login {
executable = managesieve-login director
}
service pop3-login {
client_limit = 833
executable = pop3-login director
process_limit = 6
process_min_avail = 6
service_count = 0
}
service pop3 {
process_min_avail = 6
}
ssl = no
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocol lmtp {
auth_socket_path = director-userdb
}
protocol doveadm {
auth_socket_path = director-userdb
}
local 155.54.211.160/27/27 {
doveadm_password = <password>
}
