Hi all,
I am running postfix with dovecot configured for local mail delivery.
Everything works as expected for a while, but after successfully
delivering ~250 mails, dovecot does not accept requests anymore and
mails start queueing up in the postfix mailqueue. After restarting
dovecot, another ~250 mails are processed and the problem occurs again.
The server is running ubuntu 18.04 with dovecot 2.2.33.2 and postfix
3.3.0 installed. Users are stored locally in /etc/dovecot/users.
Based on the log messages below and the output of netstat, it seems to
me, that the auth service is not accepting any requests on the
corresponding socket anymore.
Any help is very much appreciated!
Kind regards,
Michael
--- postfix error messages ---
Mar 28 09:36:13 srv postfix/lmtp[3850]: 2423F7A21C:
to=<system at mydomain.de>, relay=srv.mydomain.de[private/dovecot-lmtp],
delay=155, delays=0.01/0/0/155, dsn=4.3.0, status=deferred (host
srv.mydomain.de[private/dovecot-lmtp] said: 451 4.3.0
<system at mydomain.de>Internal error occurred. Refer to server log for
more information. (in reply to RCPT TO command))
Mar 28 09:38:48 srv postfix/lmtp[3850]: 45A0C7A2B5:
to=<system at mydomain.de>, relay=srv.mydomain.de[private/dovecot-lmtp],
delay=308, delays=0.01/153/0.02/155, dsn=4.3.0, status=deferred (host
srv.mydomain.de[private/dovecot-lmtp] said: 451 4.3.0
<system at mydomain.de>Internal error occurred. Refer to server log for
more information. (in reply to RCPT TO command))
-- dovecot error messages ---
Mar 28 09:36:13 lmtp(2631): user-lookup(system at mydomain.de)Error: userdb
lookup(system at mydomain.de): Request timed out
Mar 28 09:36:14 lmtp(2623): user-lookup(system at mydomain.de)Error: userdb
lookup(system at mydomain.de): Request timed out
Mar 28 09:38:48 lmtp(2631): user-lookup(system at mydomain.de)Error: userdb
lookup(system at mydomain.de): Connecting timed out
Mar 28 09:38:49 lmtp(2623): user-lookup(system at mydomain.de)Error: userdb
lookup(system at mydomain.de): Connecting timed out
Mar 28 09:41:23 lmtp(system at mydomain.de): Error: userdb
lookup(system at mydomain.de): Connecting timed out
Mar 28 09:41:24 lmtp(system at mydomain.de): Error: userdb
lookup(system at mydomain.de): Connecting timed out
--- relevant netstat output when dovecot hangs ----
root at srv:~# netstat | grep dovecot | sort
unix? 2????? [ ]???????? STREAM???? CONNECTED???? 1449174
/var/run/dovecot/auth-userdb
unix? 2????? [ ]???????? STREAM???? CONNECTED???? 1449995
/var/run/dovecot/auth-userdb
unix? 2????? [ ]???????? STREAM???? CONNECTING??? 0
/var/run/dovecot/auth-userdb
unix? 2????? [ ]???????? STREAM???? CONNECTING??? 0
/var/run/dovecot/auth-userdb
unix? 2????? [ ]???????? STREAM???? CONNECTING??? 0
/var/run/dovecot/auth-userdb
unix? 2????? [ ]???????? STREAM???? CONNECTING??? 0
/var/run/dovecot/auth-userdb
unix? 2????? [ ]???????? STREAM???? CONNECTING??? 0
/var/run/dovecot/auth-userdb
unix? 2????? [ ]???????? STREAM???? CONNECTING??? 0
/var/run/dovecot/auth-userdb
unix? 2????? [ ]???????? STREAM???? CONNECTING??? 0
/var/run/dovecot/auth-userdb
unix? 2????? [ ]???????? STREAM???? CONNECTING??? 0
/var/run/dovecot/auth-userdb
unix? 2????? [ ]???????? STREAM???? CONNECTING??? 0
/var/run/dovecot/auth-userdb
unix? 2????? [ ]???????? STREAM???? CONNECTING??? 0
/var/run/dovecot/auth-userdb
unix? 3????? [ ]???????? STREAM???? CONNECTED???? 1468180
/var/run/dovecot/config
unix? 3????? [ ]???????? STREAM???? CONNECTED???? 1468267
/var/run/dovecot/config
unix? 3????? [ ]???????? STREAM???? CONNECTED???? 1468271
/var/run/dovecot/config
unix? 3????? [ ]???????? STREAM???? CONNECTED???? 1469651
/var/run/dovecot/config
unix? 3????? [ ]???????? STREAM???? CONNECTED???? 1470606
/var/spool/postfix/private/dovecot-lmtp
unix? 3????? [ ]???????? STREAM???? CONNECTED???? 1470614
/var/spool/postfix/private/dovecot-lmtp
unix? 3????? [ ]???????? STREAM???? CONNECTING??? 0
/var/run/dovecot/auth-userdb
unix? 3????? [ ]???????? STREAM???? CONNECTING??? 0
/var/run/dovecot/auth-userdb
--- dovecot configuration ----
root at srv:~# dovecot -n
# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
doveconf: Warning: SSLv2 not supported by OpenSSL. Please consider
removing it from ssl_protocols.
# OS: Linux 4.19.75-meson64 aarch64 Ubuntu 18.04.4 LTS
auth_debug = yes
auth_username_format = %n
auth_verbose = yes
debug_log_path = /var/log/dovecot-info.log
default_client_limit = 16
default_process_limit = 32
first_valid_uid = 1000
hostname = mail.mydomain.de
info_log_path = /var/log/dovecot-info.log
lda_mailbox_autocreate = yes
listen = *
lock_method = dotlock
log_path = /var/log/dovecot.log
mail_debug = yes
mail_fsync = always
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
mmap_disable = yes
namespace {
? inbox = yes
? location ? mailbox {
??? special_use = \Drafts
??? name = Drafts
? }
? mailbox {
??? special_use = \Junk
??? name = Junk
? }
? mailbox {
??? special_use = \Sent
??? name = Sent
? }
? mailbox {
??? special_use = \Sent
??? name = Sent Messages
? }
? mailbox {
??? special_use = \Trash
??? name = Trash
? }
? prefix ? name = inbox
}
passdb {
? args = scheme=CRYPT username_format=%u /etc/dovecot/users
? driver = passwd-file
}
postmaster_address = postmaster at mydomain.de
protocols = " imap lmtp pop3"
service replication-notify-fifo {
? name = aggregator
}
service {
? client_limit = 102
? unix_listener {
??? mode = 00
??? path = anvil-auth-penalty
? }
? name = anvil
}
service auth-worker {
? user = root
? name = auth-worker
}
service {
? client_limit = 160
? name = auth
}
service config {
? name = config
}
service dict-async {
? name = dict-async
}
service dict {
? name = dict
}
service login/proxy-notify {
? name = director
}
service dns-client {
? name = dns_client
}
service doveadm-server {
? name = doveadm
}
service imap-hibernate {
? name = imap-hibernate
}
service {
? executable = imap-login -R rawlogs
? inet_listener {
??? port = 0
??? name = imap
? }
? service_count = 0
? vsz_limit = 256 M
? name = imap-login
}
service imap-urlauth {
? name = imap-urlauth-login
}
service imap-urlauth-worker {
? name = imap-urlauth-worker
}
service token-login/imap-urlauth {
? name = imap-urlauth
}
service {
? process_limit = 8
? name = imap
}
service indexer-worker {
? name = indexer-worker
}
service indexer {
? name = indexer
}
service ipc {
? name = ipc
}
service {
? unix_listener {
??? group = postfix
??? mode = 0660
??? user = postfix
??? path = /var/spool/postfix/private/dovecot-lmtp
? }
? name = lmtp
}
service log-errors {
? name = log
}
service {
? inet_listener {
??? port = 0
??? name = pop3
? }
? inet_listener {
??? port = 0
??? name = pop3s
? }
? name = pop3-login
}
service {
? process_limit = 4
? name = pop3
}
service replicator-doveadm {
? name = replicator
}
service login/ssl-params {
? name = ssl-params
}
service stats-mail {
? name = stats
}
ssl = required
ssl_cert = </etc/ssl/certs/srv.mydomain.de.pem
ssl_cipher_list = ALL:HIGH:!SSLv2:!MEDIUM:!LOW:!EXP:!RC4:!MD5:!aNULL
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh_parameters_length = 2048
ssl_key =? # hidden, use -P to show it
ssl_protocols = !SSLv2 !SSLv3 !TLSv1
userdb {
? args = username_format=%u /etc/dovecot/users
? driver = passwd-file
}
verbose_ssl = yes
protocol lmtp {
? service replication-notify-fifo {
??? name = aggregator
? }
? service anvil-auth-penalty {
??? name = anvil
? }
? service auth-worker {
??? name = auth-worker
? }
? service auth-client {
??? name = auth
? }
? service config {
??? name = config
? }
? service dict-async {
??? name = dict-async
? }
? service dict {
??? name = dict
? }
? service login/proxy-notify {
??? name = director
? }
? service dns-client {
??? name = dns_client
? }
? service doveadm-server {
??? name = doveadm
? }
? service imap-hibernate {
??? name = imap-hibernate
? }
? service imap {
??? name = imap-login
? }
? service imap-urlauth {
??? name = imap-urlauth-login
? }
? service imap-urlauth-worker {
??? name = imap-urlauth-worker
? }
? service token-login/imap-urlauth {
??? name = imap-urlauth
? }
? service imap-master {
??? name = imap
? }
? service indexer-worker {
??? name = indexer-worker
? }
? service indexer {
??? name = indexer
? }
? service ipc {
??? name = ipc
? }
? service lmtp {
??? name = lmtp
? }
? service log-errors {
??? name = log
? }
? service pop3 {
??? name = pop3-login
? }
? service login/pop3 {
??? name = pop3
? }
? service replicator-doveadm {
??? name = replicator
? }
? service login/ssl-params {
??? name = ssl-params
? }
? service stats-mail {
??? name = stats
? }
}
protocol !indexer-worker {
? service replication-notify-fifo {
??? name = aggregator
? }
? service anvil-auth-penalty {
??? name = anvil
? }
? service auth-worker {
??? name = auth-worker
? }
? service auth-client {
??? name = auth
? }
? service config {
??? name = config
? }
? service dict-async {
??? name = dict-async
? }
? service dict {
??? name = dict
? }
? service login/proxy-notify {
??? name = director
? }
? service dns-client {
??? name = dns_client
? }
? service doveadm-server {
??? name = doveadm
? }
? service imap-hibernate {
??? name = imap-hibernate
? }
? service imap {
??? name = imap-login
? }
? service imap-urlauth {
??? name = imap-urlauth-login
? }
? service imap-urlauth-worker {
??? name = imap-urlauth-worker
? }
? service token-login/imap-urlauth {
??? name = imap-urlauth
? }
? service imap-master {
??? name = imap
? }
? service indexer-worker {
??? name = indexer-worker
? }
? service indexer {
??? name = indexer
? }
? service ipc {
??? name = ipc
? }
? service lmtp {
??? name = lmtp
? }
? service log-errors {
??? name = log
? }
? service pop3 {
??? name = pop3-login
? }
? service login/pop3 {
??? name = pop3
? }
? service replicator-doveadm {
??? name = replicator
? }
? service login/ssl-params {
??? name = ssl-params
? }
? service stats-mail {
??? name = stats
? }
}
protocol lda {
? service replication-notify-fifo {
??? name = aggregator
? }
? service anvil-auth-penalty {
??? name = anvil
? }
? service auth-worker {
??? name = auth-worker
? }
? service auth-client {
??? name = auth
? }
? service config {
??? name = config
? }
? service dict-async {
??? name = dict-async
? }
? service dict {
??? name = dict
? }
? service login/proxy-notify {
??? name = director
? }
? service dns-client {
??? name = dns_client
? }
? service doveadm-server {
??? name = doveadm
? }
? service imap-hibernate {
??? name = imap-hibernate
? }
? service imap {
??? name = imap-login
? }
? service imap-urlauth {
??? name = imap-urlauth-login
? }
? service imap-urlauth-worker {
??? name = imap-urlauth-worker
? }
? service token-login/imap-urlauth {
??? name = imap-urlauth
? }
? service imap-master {
??? name = imap
? }
? service indexer-worker {
??? name = indexer-worker
? }
? service indexer {
??? name = indexer
? }
? service ipc {
??? name = ipc
? }
? service lmtp {
??? name = lmtp
? }
? service log-errors {
??? name = log
? }
? service pop3 {
??? name = pop3-login
? }
? service login/pop3 {
??? name = pop3
? }
? service replicator-doveadm {
??? name = replicator
? }
? service login/ssl-params {
??? name = ssl-params
? }
? service stats-mail {
??? name = stats
? }
}
protocol imap {
? service replication-notify-fifo {
??? name = aggregator
? }
? service anvil-auth-penalty {
??? name = anvil
? }
? service auth-worker {
??? name = auth-worker
? }
? service auth-client {
??? name = auth
? }
? service config {
??? name = config
? }
? service dict-async {
??? name = dict-async
? }
? service dict {
??? name = dict
? }
? service login/proxy-notify {
??? name = director
? }
? service dns-client {
??? name = dns_client
? }
? service doveadm-server {
??? name = doveadm
? }
? service imap-hibernate {
??? name = imap-hibernate
? }
? service imap {
??? name = imap-login
? }
? service imap-urlauth {
??? name = imap-urlauth-login
? }
? service imap-urlauth-worker {
??? name = imap-urlauth-worker
? }
? service token-login/imap-urlauth {
??? name = imap-urlauth
? }
? service imap-master {
??? name = imap
? }
? service indexer-worker {
??? name = indexer-worker
? }
? service indexer {
??? name = indexer
? }
? service ipc {
??? name = ipc
? }
? service lmtp {
??? name = lmtp
? }
? service log-errors {
??? name = log
? }
? service pop3 {
??? name = pop3-login
? }
? service login/pop3 {
??? name = pop3
? }
? service replicator-doveadm {
??? name = replicator
? }
? service login/ssl-params {
??? name = ssl-params
? }
? service stats-mail {
??? name = stats
? }
}
protocol pop3 {
? service replication-notify-fifo {
??? name = aggregator
? }
? service anvil-auth-penalty {
??? name = anvil
? }
? service auth-worker {
??? name = auth-worker
? }
? service auth-client {
??? name = auth
? }
? service config {
??? name = config
? }
? service dict-async {
??? name = dict-async
? }
? service dict {
??? name = dict
? }
? service login/proxy-notify {
??? name = director
? }
? service dns-client {
??? name = dns_client
? }
? service doveadm-server {
??? name = doveadm
? }
? service imap-hibernate {
??? name = imap-hibernate
? }
? service imap {
??? name = imap-login
? }
? service imap-urlauth {
??? name = imap-urlauth-login
? }
? service imap-urlauth-worker {
??? name = imap-urlauth-worker
? }
? service token-login/imap-urlauth {
??? name = imap-urlauth
? }
? service imap-master {
??? name = imap
? }
? service indexer-worker {
??? name = indexer-worker
? }
? service indexer {
??? name = indexer
? }
? service ipc {
??? name = ipc
? }
? service lmtp {
??? name = lmtp
? }
? service log-errors {
??? name = log
? }
? service pop3 {
??? name = pop3-login
? }
? service login/pop3 {
??? name = pop3
? }
? service replicator-doveadm {
??? name = replicator
? }
? service login/ssl-params {
??? name = ssl-params
? }
? service stats-mail {
??? name = stats
? }
}
