Simone Lazzaris
2018-Sep-07 07:13 UTC
Auth process sometimes stop responding after upgrade
Hi all;
I've upgraded a ring of dovecot directors from 2.2.15 to 2.2.36. After the
upgrade I've got some instability: a few time per day per server, seemly at
random, the auth process stop responding and the clients cannot authenticate
any more:
Sep 6 14:45:51 imap-front13 dovecot: pop3-login: Warning: Auth process not
responding, delayed sending initial response (greeting): user=<>,
rip=xx.xx.xx.xx, lip=xx.xx.xx.xx, TLS, session=<1HVqRTN10MNTie+S>
I can't figure it out.... Any hints?
This is my configuration:
# 2.2.36 (1f10bfa63): /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-686-pae i686 Debian 7.11
# Hostname: imap-front13.mailfarm.interac.it
auth_mechanisms = plain login digest-md5 cram-md5 apop scram-sha-1
auth_verbose = yes
auth_verbose_passwords = plain
auth_worker_max_count = 50
base_dir = /var/run/dovecot/
default_login_user = nobody
director_doveadm_port = 9091
director_mail_servers = 192.168.1.142 192.168.1.143 192.168.1.144
192.168.1.145 192.168.1.216 192.168.1.217 192.168.1.218 192.168.1.219
director_servers = 212.183.164.157 212.183.164.158 212.183.164.159
212.183.164.160
listen = *
passdb {
args = /usr/local/etc/dovecot/sql.conf
driver = sql
}
protocols = imap pop3
service director {
fifo_listener login/proxy-notify {
mode = 0666
}
inet_listener {
port = 9090
}
unix_listener director-userdb {
mode = 0600
}
unix_listener login/director {
mode = 0666
}
}
service imap-login {
executable = imap-login director
service_count = 0
vsz_limit = 128 M
}
service pop3-login {
executable = pop3-login director
service_count = 0
vsz_limit = 128 M
}
ssl_cert = </usr/local/etc/dovecot/qcom.wildcard.pem
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-
SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-
AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-
SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-
SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-
SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-
AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-
SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-
SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!
MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
ssl_dh_parameters_length = 2048
ssl_key = # hidden, use -P to show it
ssl_parameters_regenerate = 1 weeks
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSlv2 !SSLv3
syslog_facility = local5
userdb {
driver = prefetch
}
--
*Simone Lazzaris*
*Qcom S.p.A.*
Do you see anything else in logs??
---Aki TuomiDovecot oy
-------- Original message --------From: Simone Lazzaris <s.lazzaris at
interactive.eu> Date: 07/09/2018 10:13 (GMT+02:00) To: dovecot at
dovecot.org Subject: Auth process sometimes stop responding after upgrade
Hi all;
I've upgraded a ring of dovecot directors from 2.2.15 to 2.2.36. After the
upgrade I've got some instability: a few time per day per server, seemly at
random, the auth process stop responding and the clients cannot authenticate
any more:
Sep? 6 14:45:51 imap-front13 dovecot: pop3-login: Warning: Auth process not
responding, delayed sending initial response (greeting): user=<>,
rip=xx.xx.xx.xx, lip=xx.xx.xx.xx, TLS, session=<1HVqRTN10MNTie+S>
I can't figure it out.... Any hints?
This is my configuration:
# 2.2.36 (1f10bfa63): /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-686-pae i686 Debian 7.11
# Hostname: imap-front13.mailfarm.interac.it
auth_mechanisms = plain login digest-md5 cram-md5 apop scram-sha-1
auth_verbose = yes
auth_verbose_passwords = plain
auth_worker_max_count = 50
base_dir = /var/run/dovecot/
default_login_user = nobody
director_doveadm_port = 9091
director_mail_servers = 192.168.1.142 192.168.1.143 192.168.1.144
192.168.1.145 192.168.1.216 192.168.1.217 192.168.1.218 192.168.1.219
director_servers = 212.183.164.157 212.183.164.158 212.183.164.159
212.183.164.160
listen = *
passdb {
? args = /usr/local/etc/dovecot/sql.conf
? driver = sql
}
protocols = imap pop3
service director {
? fifo_listener login/proxy-notify {
??? mode = 0666
? }
? inet_listener {
??? port = 9090
? }
? unix_listener director-userdb {
??? mode = 0600
? }
? unix_listener login/director {
??? mode = 0666
? }
}
service imap-login {
? executable = imap-login director
? service_count = 0
? vsz_limit = 128 M
}
service pop3-login {
? executable = pop3-login director
? service_count = 0
? vsz_limit = 128 M
}
ssl_cert = </usr/local/etc/dovecot/qcom.wildcard.pem
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-
SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-
AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-
SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-
SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-
SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-
AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-
SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-
SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!
MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
ssl_dh_parameters_length = 2048
ssl_key =? # hidden, use -P to show it
ssl_parameters_regenerate = 1 weeks
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSlv2 !SSLv3
syslog_facility = local5
userdb {
? driver = prefetch
}
--
*Simone Lazzaris*
*Qcom S.p.A.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20180907/e3dbd2ae/attachment.html>