Package: dovecot-common
Version: 1:1.1.11-2
Severity: wishlist
Tags: patch
File: /etc/init.d/dovecot
Hello. This report is about the same problem described in bugs #432723
and #511060, but with a suggestion which should reduce the chance of
getting hit by it.
In short, the problem is that Dovecot will kill itself if the system
clock is moved backwards while Dovecot is running. This can happen if
the hardware clock is severely out of sync at boot time, in which case
ntpd will step system time (backwards in the problematic case). This
was addressed in version 1:1.0.3-1 by making sure that Dovecot is
started after ntpd at boot time. However, even though ntpd is started
before Dovecot at boot time, it can happen and I think it's quite
likely, that ntpd don't get the chance to synchronize with another
NTP server before Dovecot is started. Thus, if the clock is too much
ahead of time, Dovecot will terminate when ntpd finally synchronizes
it.
To reduce the chance for this to happen, the following wiki page,
which is referred to by the error message Dovecot prints when it
kills itself, suggests that ntp-wait is called before Dovecot
is started.
http://wiki.dovecot.org/TimeMovedBackwards
The ntp-wait command simply will wait and do nothing until ntpd is
synchronized with another NTP server or it times out. So, I have
attached a simple patch against /etc/init.d/dovecot which will call
ntp-wait before Dovecot is started.
Specifically I've experienced this problem on a Xen guest running
lenny and Dovecot version 1:1.0.15-2.3, as can be seen in the
following excerpt from the syslog, but I think the problem can happen
with the current version in unstable as well. (The best solution would
of course be to not run ntpd on the guest and have the Xen host use
NTP to synchronize the time, but I don't control the host, and even if
I ask the admins to adjust the clock I can't be sure that the clock
won't run out of sync and this happen again.)
Feb 28 04:40:05 vps ntpd[1152]: ntpd 4.2....@1.1520-o Wed Jan 7 18:06:29 UTC
2009 (1)
Feb 28 04:40:05 vps ntpd[1153]: precision = 1.000 usec
Feb 28 04:40:05 vps ntpd[1153]: Listening on interface #0 wildcard, 0.0.0.0#123
Disabled
Feb 28 04:40:05 vps ntpd[1153]: Listening on interface #1 wildcard, ::#123
Disabled
Feb 28 04:40:05 vps ntpd[1153]: Listening on interface #2 lo, ::1#123 Enabled
Feb 28 04:40:05 vps ntpd[1153]: Listening on interface #3 eth0,
fe80::a800:5dff:feea:f501#123 Enabled
Feb 28 04:40:05 vps ntpd[1153]: Listening on interface #4 lo, 127.0.0.1#123
Enabled
Feb 28 04:40:05 vps ntpd[1153]: Listening on interface #5 eth0,
78.110.170.221#123 Enabled
Feb 28 04:40:05 vps ntpd[1153]: kernel time sync status 0040
Feb 28 04:40:05 vps ntpd[1153]: frequency initialized -180.642 PPM from
/var/lib/ntp/ntp.drift
Feb 28 04:40:05 vps dovecot: Dovecot v1.0.15 starting up
Feb 28 04:40:06 vps /usr/sbin/cron[1194]: (CRON) INFO (pidfile fd = 3)
Feb 28 04:40:06 vps /usr/sbin/cron[1198]: (CRON) STARTUP (fork ok)
Feb 28 04:40:06 vps /usr/sbin/cron[1198]: (CRON) INFO (Running @reboot jobs)
Feb 28 04:13:05 vps ntpd[1153]: synchronized to 141.40.103.103, stratum 2
Feb 28 04:13:05 vps ntpd[1153]: time reset -1627.861225 s
Feb 28 04:13:05 vps ntpd[1153]: kernel time sync status change 0001
Feb 28 04:13:05 vps dovecot: Time just moved backwards by 1627 seconds. This
might cause a lot of problems, so I'll just kill myself now.
http://wiki.dovecot.org/TimeMovedBackwards
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages dovecot-common depends on:
ii adduser 3.110 add and remove users and groups
ii libbz2-1.0 1.0.5-1 high-quality block-sorting file co
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libcomerr2 1.41.3-1 common error description library
ii libkrb53 1.6.dfsg.4~beta1-6 MIT Kerberos runtime libraries
ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries
ii libmysqlclient15off 5.0.75-1 MySQL database client library
ii libpam-runtime 1.0.1-5 Runtime support for the PAM librar
ii libpam0g 1.0.1-5 Pluggable Authentication Modules l
ii libpq5 8.3.6-1 PostgreSQL C client library
ii libsqlite3-0 3.5.9-6 SQLite 3 shared library
ii libssl0.9.8 0.9.8g-15 SSL shared libraries
ii openssl 0.9.8g-15 Secure Socket Layer (SSL) binary a
ii ucf 3.0016 Update Configuration File: preserv
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
dovecot-common recommends no packages.
Versions of packages dovecot-common suggests:
ii ntp 1:4.2.4p4+dfsg-8 Network Time Protocol daemon and u
ii ntpdate 1:4.2.4p4+dfsg-8 client for setting system time fro
-- no debconf information
--- a/debian/dovecot-common.init 2009-03-01 15:33:13.000000000 +0000
+++ b/debian/dovecot-common.init 2009-03-02 00:10:56.000000000 +0000
@@ -132,6 +132,14 @@
case "$1" in
start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+ # Dovecot will kill itself if the system clock moves backwards
+ # while Dovecot is running, and this can happen if the hardware
+ # clock is severely out of sync at boot time, and then ntpd is
+ # used to synchronize the system clock. So, if the machine also
+ # runs ntpd, we call ntp-wait to make sure that ntpd has had a
+ # chance to synchronize the system clock before Dovecot is
+ # started.
+ test -x /usr/sbin/ntp-wait && ntp-wait -n 2 || true
do_start
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
