dovecot - Sep 2015 - Dovecot does not accept new connection with error "imap-login: Error: read(anvil) failed: EOF"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

First of all, thank you for the work the contributors are doing with
Dovecot ! Dovecot is doing a great job !

I am encountering a problem with a configuration and, despite my
search on the web, I do not find any solution for this problem.

Dovecot seems to stop accepting new connection. The users :

- - can not save sent messages to "Sent" folder (using Thunderbird) ;
- - can not connect or retrieve message from webmail (using sogo or
roundcube)

In the log, I see this error :

> Jun 30 13:54:53 mail dovecot: imap-login: Error: read(anvil)
> failed: EOF Jun 30 13:54:53 mail dovecot: message repeated 2 times:
> [ imap-login: Error: read(anvil) failed: EOF]
(the message may be repeated more than 2 times)

It happens... sometimes. Manually restarting the dovecot service make
the software working again.

By searching on the web, I regularly see this statement in logs :

> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
like here : http://www.dovecot.org/list/dovecot/2010-November/054694.htm
l

But it doesn't seem to be the same problem as mine (anvil /
anvil-auth-penalty).

The problem happens during peak load. Sometimes it happens twice a
week, sometimes it may spent two month without any problem (during
holidays, I did not had any problem).


My configuration :
> # doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux
> 3.13.0-49-generic x86_64 Ubuntu 14.04.3 LTS login_trusted_networks
> = 10.0.3.0/24 mail_location = mbox:~/mail:INBOX=/var/mail/%u 
> mail_plugins = quota acl managesieve_notify_capability = mailto 
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date ihave namespace { list = children location
> = maildir:/var/mail-data/vhosts/%%u:INDEX=~/shared/%%u prefix >
shared/%%u/ separator = / subscriptions = no type = shared }
> namespace inbox { inbox = yes location = mailbox Drafts { 
> special_use = \Drafts } mailbox Junk { special_use = \Junk } 
> mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { 
> special_use = \Sent } mailbox Trash { special_use = \Trash } prefix
> = separator = / type = private } passdb { driver = pam } passdb { 
> args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { 
> acl = vfile acl_shared_dict >
file:/var/mail-data/acl_db/shared-mailboxes quota = maildir:User
> quota quota_grace = 10%% quota_rule = *:storage=2G quota_rule2 >
Trash:storage=+100M sieve = ~/.dovecot.sieve sieve_dir = ~/sieve }
> postmaster_address = julienfastre at cvfe.be protocols = " imap lmtp
> sieve" service auth { unix_listener
> /var/spool/postfix/private/dovecot-auth { group = postfix mode > 0660
user = postfix } } service lmtp { unix_listener
> /var/spool/postfix/private/dovecot-lmtp { group = postfix mode > 0600
user = postfix } } ssl_ca = </etc/dovecot/certificates/ca.pem
> ssl_cert = </etc/dovecot/certificates/mail.cert.pem ssl_key >
</etc/dovecot/certificates/mail.key.nopass.pem userdb { driver > passwd }
userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver
> = ldap } protocol lmtp { mail_plugins = quota acl sieve } protocol
> imap { mail_max_userip_connections = 30 mail_plugins = quota acl
> imap_quota imap_acl }
As somes answer about anvil-auth-penalty may suggest it is linked with
proc capabilities, this is the limitation of the /proc
> root at mail:/home/ubuntu# ps -aux | grep anvil postfix   4568  0.0
> 0.0  27404  1596 ?        S    08:00   0:00 anvil -l -t unix -u -c 
> dovecot   5788  0.0  0.0   9280   956 ?        S    09:45   0:00
> dovecot/anvil root      5973  0.0  0.0  11748   928 pts/2    S+
> 09:57   0:00 grep --color=auto anvil root at mail:/home/ubuntu# cat
> /proc/5788/limits Limit                     Soft Limit
> Hard Limit           Units Max cpu time              unlimited
> unlimited            seconds Max file size             unlimited
> unlimited            bytes Max data size             268435456
> 268435456            bytes Max stack size            8388608
> unlimited            bytes Max core file size        0
> unlimited            bytes Max resident set          unlimited
> unlimited            bytes Max processes             257157
> 257157               processes Max open files            1024
> 4096                 files Max locked memory         65536
> 65536                bytes Max address space         268435456
> 268435456            bytes Max file locks            unlimited
> unlimited            locks Max pending signals       257157
> 257157               signals Max msgqueue size         819200
> 819200               bytes Max nice priority         0
> 0 Max realtime priority     0                    0
>  Max realtime timeout      unlimited            unlimited
> us
If it may help, dovecot is running inside an lxc container.

I would really appreciate any help. Thanks for your time !

Julien Fastr?

- -- 
Julien Fastr?
Champs Libres
http://www.champs-libres.coop
+32 486 540 660

Champs Libres Cooperative SCRLFS
Rue Jean Bury 23 - 4000 Li?ge - Belgique
BE0541.427.670
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJV9n6KAAoJEL+8y7VSV380BtoQALEFOmb2llnlgRrpbHIUuFRY
g+dDRYETAmjVTsPoNVR45x5n/CcT6sOY5iZw7r3O2vBtVtyr8T2iF/6d+xKxvRj+
zM76+Cdd27ydkPEI83fDGH0ckXhjRgd1MU8xEi4RjdbgE3LCMlD0TtGImPniPFM9
POY8U3psEGUaiIrd3s6DwHVamYG+8ackvHgKua0L83r4turf6AI/0kdioCStxurE
IKkdPTew8W92O3QiVJ0//6A5BC6HT+hTICgUqAx4mAgCVR1PIvRAMywUy08JFJtD
A/RmZj2350ApY8oKukhbKfLSamTcP+UApYt6C0PfPjPpSQUVgEkI/zWA2NH+6Pjg
XA311MK9+lYcjNqM6AAAjM2H012sh6AC/u17S1t8x85HY0KUk1YldfyLUeHgRg9Y
4JBFxKP7u4exIu1Us5R1qDPOkbE3e4zzUtI57Ae/QhzTiwpWdJkQ/4hdJhwbDcGp
X5RTBNldd4mFqdhPeRXN5Vh2OL9HkboA3XIMac2ZrNJC3DEl2GZJRa+Zay/OJCaj
6eppyTxYr0J2shOkvYEz/BbUYLdAX1MkkOM8bWc5rcIsvvUZhe9lX7HMNCZoNTJq
Y01l9o/qzu3feIssZ0tJ4FL6hYA6TirO9i/H7NG0cVBsgCccxFtFIDsZBTIW6Gqw
Nsf4SLNo7GhADcbAeeOm
=2mKN
-----END PGP SIGNATURE-----

Without any gpg signature, the doveconf -n may be more readable :
> # doveconf -n
> # 2.2.9: /etc/dovecot/dovecot.conf
> # OS: Linux 3.13.0-49-generic x86_64 Ubuntu 14.04.3 LTS 
> login_trusted_networks = 10.0.3.0/24
> mail_location = mbox:~/mail:INBOX=/var/mail/%u
> mail_plugins = quota acl
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
> namespace {
>   list = children
>   location = maildir:/var/mail-data/vhosts/%%u:INDEX=~/shared/%%u
>   prefix = shared/%%u/
>   separator = /
>   subscriptions = no
>   type = shared
> }
> namespace inbox {
>   inbox = yes
>   location = 
>   mailbox Drafts {
>     special_use = \Drafts
>   }
>   mailbox Junk {
>     special_use = \Junk
>   }
>   mailbox Sent {
>     special_use = \Sent
>   }
>   mailbox "Sent Messages" {
>     special_use = \Sent
>   }
>   mailbox Trash {
>     special_use = \Trash
>   }
>   prefix = 
>   separator = /
>   type = private
> }
> passdb {
>   driver = pam
> }
> passdb {
>   args = /etc/dovecot/dovecot-ldap.conf.ext
>   driver = ldap
> }
> plugin {
>   acl = vfile
>   acl_shared_dict = file:/var/mail-data/acl_db/shared-mailboxes
>   quota = maildir:User quota
>   quota_grace = 10%%
>   quota_rule = *:storage=2G
>   quota_rule2 = Trash:storage=+100M
>   sieve = ~/.dovecot.sieve
>   sieve_dir = ~/sieve
> }
> postmaster_address = julienfastre at cvfe.be
> protocols = " imap lmtp sieve"
> service auth {
>   unix_listener /var/spool/postfix/private/dovecot-auth {
>     group = postfix
>     mode = 0660
>     user = postfix
>   }
> }
> service lmtp {
>   unix_listener /var/spool/postfix/private/dovecot-lmtp {
>     group = postfix
>     mode = 0600
>     user = postfix
>   }
> }
> ssl_ca = </etc/dovecot/certificates/ca.pem
> ssl_cert = </etc/dovecot/certificates/mail.cert.pem
> ssl_key = </etc/dovecot/certificates/mail.key.nopass.pem
> userdb {
>   driver = passwd
> }
> userdb {
>   args = /etc/dovecot/dovecot-ldap.conf.ext
>   driver = ldap
> }
> protocol lmtp {
>   mail_plugins = quota acl sieve
> }
> protocol imap {
>   mail_max_userip_connections = 30
>   mail_plugins = quota acl imap_quota imap_acl
> }

Le 14/09/15 10:00, Julien Fastr? a ?crit :
> Hi,
> 
> First of all, thank you for the work the contributors are doing with
> Dovecot ! Dovecot is doing a great job !
> 
> I am encountering a problem with a configuration and, despite my
> search on the web, I do not find any solution for this problem.
> 
> Dovecot seems to stop accepting new connection. The users :
> 
> - can not save sent messages to "Sent" folder (using Thunderbird)
;
> - can not connect or retrieve message from webmail (using sogo or
> roundcube)
> 
> In the log, I see this error :
> 
> 
>> Jun 30 13:54:53 mail dovecot: imap-login: Error: read(anvil)
>> failed: EOF Jun 30 13:54:53 mail dovecot: message repeated 2 times:
>> [ imap-login: Error: read(anvil) failed: EOF]
> 
> (the message may be repeated more than 2 times)
> 
> It happens... sometimes. Manually restarting the dovecot service make
> the software working again.
> 
> By searching on the web, I regularly see this statement in logs :
> 
> 
>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
> 
> like here : http://www.dovecot.org/list/dovecot/2010-November/054694.htm
> l
> 
> But it doesn't seem to be the same problem as mine (anvil /
> anvil-auth-penalty).
> 
> The problem happens during peak load. Sometimes it happens twice a
> week, sometimes it may spent two month without any problem (during
> holidays, I did not had any problem).
> 
> 
> My configuration :
> 
>> # doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux
>> 3.13.0-49-generic x86_64 Ubuntu 14.04.3 LTS login_trusted_networks
>> = 10.0.3.0/24 mail_location = mbox:~/mail:INBOX=/var/mail/%u
>> mail_plugins = quota acl managesieve_notify_capability = mailto
>> managesieve_sieve_capability = fileinto reject envelope
>> encoded-character vacation subaddress comparator-i;ascii-numeric
>> relational regex imap4flags copy include variables body enotify
>> environment mailbox date ihave namespace { list = children location
>> = maildir:/var/mail-data/vhosts/%%u:INDEX=~/shared/%%u prefix >>
shared/%%u/ separator = / subscriptions = no type = shared }
>> namespace inbox { inbox = yes location = mailbox Drafts {
>> special_use = \Drafts } mailbox Junk { special_use = \Junk }
>> mailbox Sent { special_use = \Sent } mailbox "Sent Messages"
{
>> special_use = \Sent } mailbox Trash { special_use = \Trash } prefix
>> = separator = / type = private } passdb { driver = pam } passdb {
>> args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin {
>> acl = vfile acl_shared_dict >>
file:/var/mail-data/acl_db/shared-mailboxes quota = maildir:User
>> quota quota_grace = 10%% quota_rule = *:storage=2G quota_rule2 >>
Trash:storage=+100M sieve = ~/.dovecot.sieve sieve_dir = ~/sieve }
>> postmaster_address = julienfastre at cvfe.be protocols = " imap
lmtp
>> sieve" service auth { unix_listener
>> /var/spool/postfix/private/dovecot-auth { group = postfix mode >>
0660 user = postfix } } service lmtp { unix_listener
>> /var/spool/postfix/private/dovecot-lmtp { group = postfix mode >>
0600 user = postfix } } ssl_ca = </etc/dovecot/certificates/ca.pem
>> ssl_cert = </etc/dovecot/certificates/mail.cert.pem ssl_key >>
</etc/dovecot/certificates/mail.key.nopass.pem userdb { driver >>
passwd } userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver
>> = ldap } protocol lmtp { mail_plugins = quota acl sieve } protocol
>> imap { mail_max_userip_connections = 30 mail_plugins = quota acl
>> imap_quota imap_acl }
> 
> As somes answer about anvil-auth-penalty may suggest it is linked with
> proc capabilities, this is the limitation of the /proc
> 
>> root at mail:/home/ubuntu# ps -aux | grep anvil postfix   4568  0.0
>> 0.0  27404  1596 ?        S    08:00   0:00 anvil -l -t unix -u -c
>> dovecot   5788  0.0  0.0   9280   956 ?        S    09:45   0:00
>> dovecot/anvil root      5973  0.0  0.0  11748   928 pts/2    S+
>> 09:57   0:00 grep --color=auto anvil root at mail:/home/ubuntu# cat
>> /proc/5788/limits Limit                     Soft Limit
>> Hard Limit           Units Max cpu time              unlimited
>> unlimited            seconds Max file size             unlimited
>> unlimited            bytes Max data size             268435456
>> 268435456            bytes Max stack size            8388608
>> unlimited            bytes Max core file size        0
>> unlimited            bytes Max resident set          unlimited
>> unlimited            bytes Max processes             257157
>> 257157               processes Max open files            1024
>> 4096                 files Max locked memory         65536
>> 65536                bytes Max address space         268435456
>> 268435456            bytes Max file locks            unlimited
>> unlimited            locks Max pending signals       257157
>> 257157               signals Max msgqueue size         819200
>> 819200               bytes Max nice priority         0
>> 0 Max realtime priority     0                    0
>>  Max realtime timeout      unlimited            unlimited
>> us
> 
> If it may help, dovecot is running inside an lxc container.
> 
> I would really appreciate any help. Thanks for your time !
> 
> Julien Fastr?
> 
> 
-- 
Julien Fastr?
Champs Libres
http://www.champs-libres.coop
+32 486 540 660

Champs Libres Cooperative SCRLFS
Rue Jean Bury 23 - 4000 Li?ge - Belgique
BE0541.427.670