Package: dovecot-common Version: 1:1.1.11-2 Severity: wishlist Tags: patch File: /etc/init.d/dovecot
Hello. This report is about the same problem described in bugs #432723 and #511060, but with a suggestion which should reduce the chance of getting hit by it. In short, the problem is that Dovecot will kill itself if the system clock is moved backwards while Dovecot is running. This can happen if the hardware clock is severely out of sync at boot time, in which case ntpd will step system time (backwards in the problematic case). This was addressed in version 1:1.0.3-1 by making sure that Dovecot is started after ntpd at boot time. However, even though ntpd is started before Dovecot at boot time, it can happen and I think it's quite likely, that ntpd don't get the chance to synchronize with another NTP server before Dovecot is started. Thus, if the clock is too much ahead of time, Dovecot will terminate when ntpd finally synchronizes it. To reduce the chance for this to happen, the following wiki page, which is referred to by the error message Dovecot prints when it kills itself, suggests that ntp-wait is called before Dovecot is started. http://wiki.dovecot.org/TimeMovedBackwards The ntp-wait command simply will wait and do nothing until ntpd is synchronized with another NTP server or it times out. So, I have attached a simple patch against /etc/init.d/dovecot which will call ntp-wait before Dovecot is started. Specifically I've experienced this problem on a Xen guest running lenny and Dovecot version 1:1.0.15-2.3, as can be seen in the following excerpt from the syslog, but I think the problem can happen with the current version in unstable as well. (The best solution would of course be to not run ntpd on the guest and have the Xen host use NTP to synchronize the time, but I don't control the host, and even if I ask the admins to adjust the clock I can't be sure that the clock won't run out of sync and this happen again.) Feb 28 04:40:05 vps ntpd[1152]: ntpd 4.2....@1.1520-o Wed Jan 7 18:06:29 UTC 2009 (1) Feb 28 04:40:05 vps ntpd[1153]: precision = 1.000 usec Feb 28 04:40:05 vps ntpd[1153]: Listening on interface #0 wildcard, 0.0.0.0#123 Disabled Feb 28 04:40:05 vps ntpd[1153]: Listening on interface #1 wildcard, ::#123 Disabled Feb 28 04:40:05 vps ntpd[1153]: Listening on interface #2 lo, ::1#123 Enabled Feb 28 04:40:05 vps ntpd[1153]: Listening on interface #3 eth0, fe80::a800:5dff:feea:f501#123 Enabled Feb 28 04:40:05 vps ntpd[1153]: Listening on interface #4 lo, 127.0.0.1#123 Enabled Feb 28 04:40:05 vps ntpd[1153]: Listening on interface #5 eth0, 78.110.170.221#123 Enabled Feb 28 04:40:05 vps ntpd[1153]: kernel time sync status 0040 Feb 28 04:40:05 vps ntpd[1153]: frequency initialized -180.642 PPM from /var/lib/ntp/ntp.drift Feb 28 04:40:05 vps dovecot: Dovecot v1.0.15 starting up Feb 28 04:40:06 vps /usr/sbin/cron[1194]: (CRON) INFO (pidfile fd = 3) Feb 28 04:40:06 vps /usr/sbin/cron[1198]: (CRON) STARTUP (fork ok) Feb 28 04:40:06 vps /usr/sbin/cron[1198]: (CRON) INFO (Running @reboot jobs) Feb 28 04:13:05 vps ntpd[1153]: synchronized to 141.40.103.103, stratum 2 Feb 28 04:13:05 vps ntpd[1153]: time reset -1627.861225 s Feb 28 04:13:05 vps ntpd[1153]: kernel time sync status change 0001 Feb 28 04:13:05 vps dovecot: Time just moved backwards by 1627 seconds. This might cause a lot of problems, so I'll just kill myself now. http://wiki.dovecot.org/TimeMovedBackwards -- System Information: Debian Release: 5.0 APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages dovecot-common depends on: ii adduser 3.110 add and remove users and groups ii libbz2-1.0 1.0.5-1 high-quality block-sorting file co ii libc6 2.7-18 GNU C Library: Shared libraries ii libcomerr2 1.41.3-1 common error description library ii libkrb53 1.6.dfsg.4~beta1-6 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries ii libmysqlclient15off 5.0.75-1 MySQL database client library ii libpam-runtime 1.0.1-5 Runtime support for the PAM librar ii libpam0g 1.0.1-5 Pluggable Authentication Modules l ii libpq5 8.3.6-1 PostgreSQL C client library ii libsqlite3-0 3.5.9-6 SQLite 3 shared library ii libssl0.9.8 0.9.8g-15 SSL shared libraries ii openssl 0.9.8g-15 Secure Socket Layer (SSL) binary a ii ucf 3.0016 Update Configuration File: preserv ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime dovecot-common recommends no packages. Versions of packages dovecot-common suggests: ii ntp 1:4.2.4p4+dfsg-8 Network Time Protocol daemon and u ii ntpdate 1:4.2.4p4+dfsg-8 client for setting system time fro -- no debconf information
--- a/debian/dovecot-common.init 2009-03-01 15:33:13.000000000 +0000 +++ b/debian/dovecot-common.init 2009-03-02 00:10:56.000000000 +0000 @@ -132,6 +132,14 @@ case "$1" in start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + # Dovecot will kill itself if the system clock moves backwards + # while Dovecot is running, and this can happen if the hardware + # clock is severely out of sync at boot time, and then ntpd is + # used to synchronize the system clock. So, if the machine also + # runs ntpd, we call ntp-wait to make sure that ntpd has had a + # chance to synchronize the system clock before Dovecot is + # started. + test -x /usr/sbin/ntp-wait && ntp-wait -n 2 || true do_start case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;