Jack Stewart wrote:
Yes, the indexes are also on NFS.
The locking is fcntl() - the default.
I'm guessing that's the problem. NFS locking seems to break/hang
randomly sometimes. Can you somehow restart the NFS server locking
daemon?
I changed the /etc/hosts.allow so that any connection from the server is
allowed (i.e. ALL: server_ip). This may only be specific to redhat
enterprise 5. Since making this change the error message in the log
files has gone away - not only for our IMAP servers but also for some
Xen servers that were logging the same errors.
The core problem appears to be that portmapper/nlockmgr uses tcpwrappers
or /etc/hosts.allow to determine if connections are accepted.
On occasion, the NFS server initiates a connection to nlockmgr on the
client. It appears this communication is used to make sure locking
information is accurate.
I have not found a bullet proof method of restricting the ports for
nlockmgr so 'ALL: server_ip' ensures that a communication to nlockmgr is
possible. IP Tables still apply so the risk to the system is minimal.
A strange problem, but I figure that people should know. Not as annoying
as the out of the box telnet vulnerability in Solaris 10, but close.
---Jack
