dovecot - Jun 2021 - 2.3.14: stale imap-login processes due to bogus user setup tying up process limit

> On 01/06/2021 10:59 Volker Stolz <vs at foldr.org> wrote:
> 
>  
> I just dealt with an interesting Dovecot issue on our small server, and
thought I might share it. I also feel that although in the end it was a
configuration error, Dovecot should somehow avoid leaving this processes around
and hence filling up the process limit quickly.
> 
> - set up Dovecot IMAP on Debian buster (either with the older 2.3.x Debian
package, or 2.3.14 from the dovecot-repo)
> - config:
> ...
> namespace inbox {
>   inbox = yes
>   location = 
>   ... default settings ...
> ...
> passdb {
>   args = scheme=HMAC-MD5 username_format=%u /etc/dovecot/users
>   driver = passwd-file
> }
> protocols = " imap"
> ...
> userdb {
>   args = blocking=no
>   driver = passwd
> }
> ...
> - secret sauce: have a user in the passdb that doesn't have a physical
account on the system yet (we were migrating to a new machine).
> 
> The log-file shows successful authentication for that user (after we
flipped DNS to point to this new machine), but over time (2-3 times/day) we were
left with an increasing number of `imap-login` processes in state `pre-login`,
eventually requiring a dovecot restart. Dialling up process_limits didn't
seem to help, we'd just get more of these stale processes.
> 
> After creating the user on the system, the behaviour reverted to normal, no
more stale processes. I do not know what error message that user received on
their end, but since we announced we were migrating, they probably just ignored
it and thought it as part of the transition.
> 
> Best,
>    Volker (a happy & long Dovecot user)
Hi Volker,

can you please post full `doveconf -n` output, please?

Aki

> On 1 Jun 2021, at 10:59, Aki Tuomi <aki.tuomi at open-xchange.com>
wrote:
> 
> Hi Volker,
> 
> can you please post full `doveconf -n` output, please?
vs at new:~$ doveconf -n
# 2.3.14 (cee3cbc0d): /etc/dovecot/dovecot.conf
# OS: Linux 4.19.0-13-amd64 x86_64 Debian 10.9 
# Hostname: new.foldr.org
auth_mechanisms = plain login cram-md5
default_process_limit = 200
mail_location = mbox:~/mail:INBOX=/var/mail/%u
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
}
passdb {
  args = scheme=HMAC-MD5 username_format=%u /etc/dovecot/users
  driver = passwd-file
}
protocols = " imap"
ssl_cert = </etc/letsencrypt/live/imap.new.foldr.org/fullchain.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
  args = blocking=no
  driver = passwd
}
verbose_proctitle = yes

Here you go!

   -Volker