Re: [Dovecot] Connection refused with auth-master after upgrading to Dovecot 1.0 rc 28
Timo, I really want to thank you for taking the time to look at this. I'm a newbie with a little Linux experience, so I'm in charge of the mail server. It makes it nice to deal with someone who really knows what they are doing. -Original Message- From: Timo Sirainen [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 10, 2007 8:46 AM To: Jason Warner Cc: 'Jason Warner'; dovecot@dovecot.org Subject: Re: [Dovecot] Connection refused with auth-master after upgradingto Dovecot 1.0 rc 28 On Mon, 2007-04-09 at 08:45 -0600, Jason Warner wrote: Apr 2 12:56:32 mail deliver([EMAIL PROTECTED]): net_connect(/var/run/dovecot/auth-master) failed: Connection refused Delete this file. Restart Dovecot. Does it get recreated? When I delete the file and restart Dovecot it is recreated. Does this then happen every time when running deliver? Does netstat show that dovecot-auth is listening in that path? When running deliver from the command line, I do not get the error. The error only appears when deliver is run from Postfix. And you gave deliver -d parameter when running from command line? If it works from there but not from Postfix, then the problem has something to do with how deliver is started. Did you try running as the same user as what Postfix runs it with? When I run deliver with the -d parameter, it does deliver a message to the intended user. I've tried just about everything I know how to do with the Dovecot LDA in the master.cf config file for Postfix. Here is the line as it stands now: # Dovecot LDA dovecot unix - n n - - pipe flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient} That line worked just fine up until the update. After some looking, we were running 1.0 rc 15 so this step up to 28 was quite a move. Fortunately, the mail server is working with our virtual setup, but our vacation message setup relied on the sieve portions of the Dovecot LDA. Thanks again for taking a look at this. Netstat shows the following when running. unix 2 [ ACC ] STREAM LISTENING 255526 private/dovecot unix 2 [ ACC ] STREAM LISTENING 1176428 /var/run/dovecot/auth-master So it should be accepting connections. It appears that the auth-master is running. How would I check to make sure that it is listening and responding properly to requests? There really isn't any other way than to run deliver. auth_debug=yes will also log something whenever deliver is run and dovecot-auth sees something.
Re: [Dovecot] Connection refused with auth-master after upgradingto Dovecot 1.0 rc 28
-Original Message- From: Timo Sirainen [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 10, 2007 9:24 AM To: Jason Warner Cc: 'Jason Warner'; dovecot@dovecot.org Subject: RE: [Dovecot] Connection refused with auth-master after upgradingto Dovecot 1.0 rc 28 On Tue, 2007-04-10 at 09:11 -0600, Jason Warner wrote: When I run deliver with the -d parameter, it does deliver a message to the intended user. I've tried just about everything I know how to do with the Dovecot LDA in the master.cf config file for Postfix. Here is the line as it stands now: # Dovecot LDA dovecot unix - n n - - pipe flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient} So what about running deliver as vmail? sudo su vmail -s /usr/libexec/dovecot/deliver -d [EMAIL PROTECTED] What OS do you use? Do you use SELinux or anything like that? Sorry, I forgot to mention that when I tried the -d parameter, I was running as the vmail user and everything went just fine. We're running Fedora Core 6. I've disabled SELinux on our mail box. There have been SELinux updates recently. I'm not sure if they would affect our mail server with SELinux disabled.
Re: [Dovecot] Connection refused with auth-master afterupgradingto Dovecot 1.0 rc 28
On 10.4.2007, at 19.30, Jason Warner wrote: write(6, [EMAIL PROTECTED]..., 55) = 55 .. write(6, [EMAIL PROTECTED]..., 54) = 54 Your original error was: net_connect(/var/run/dovecot/auth-master) failed: Connection refused. However here both of them were successfully connected to, and this shows that the authentication handshake was successfully sent. So I think it wrote a different error message to Dovecot's logs this time. I'm afraid that I've tampered with stuff so much on this server that things have changed from when I originally posted. Apr 10 10:12:14 mail postfix/smtpd[562]: A7F1B168734: client=mail.domain.com[127.0.0.1] Apr 10 10:12:14 mail postfix/cleanup[496]: A7F1B168734: message-id=[EMAIL PROTECTED] Apr 10 10:12:14 mail postfix/qmgr[452]: A7F1B168734: from=[EMAIL PROTECTED], size=2600, nrcpt=1 (queue active) Apr 10 10:12:14 mail postfix/smtp[464]: E4B351686E4: to=[EMAIL PROTECTED], relay=127.0.0.1[127.0.0.1]:10024, delay=7, delays=0.22/0/0.01/6.8, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=31657-06, from MTA: 250 2.0.0 Ok: queued as A7F1B168734) Apr 10 10:12:15 mail dovecot: auth(default): file auth-request.c: line 474 (auth_request_lookup_credentials_callback): assertion failed: (request-state == AUTH_REQUEST_STATE_PASSDB) Apr 10 10:12:15 mail dovecot: auth(default): Raw backtrace: dovecot-auth [0x806bb91] - dovecot-auth [0x806baac] - dovecot-auth [0x80552ce] - dovecot-auth [0x805f2bd] - dovecot-auth [0x805f684] - dovecot-auth [0x805906b] - dovecot-auth(io_loop_handler_run+0x110) [0x806ef30] - dovecot-auth(io_loop_run+0x1c) [0x806e27c] - dovecot-auth(main+0x2fe) [0x805a51e] - /lib/libc.so.6(__libc_start_main+0xdc) [0x673f2c] - dovecot-auth {0x8050ba1] Apr 10 10:12:15 mail dovecot: child 31532 (auth) killed with signal 6 Apr 10 10:12:15 mail postfix/pipe[563]: A7F1B168734: to=[EMAIL PROTECTED], relay=dovecot, delay=0.75, delays=0.24/0.06/0/0.45, dsn=4.3.0, status=deferred (temporary failure) This looks like the auth fails due to some error, but I'm not sure what. Apr 10 10:13:55 mail postfix/qmgr[864]: A7F1B168734: from=[EMAIL PROTECTED], size=2600, nrcpt=1 (queue active) Apr 10 10:13:55 mail postfix/pipe[890]: A7F1B168734: to=[EMAIL PROTECTED], relay=dovecot, delay=101, delays=101/0.02/0/0.11, dsn=2.0.0, status=sent (delivered via dovecot service) Apr 10 10:13:55 mail postfix/qmgr[864]: A7F1B168734: removed At this point, it looks like there was a retry and the dovecot service delivers the mail, but the mail disappears into thin air. The problem is that I have a ton of mail flooding the server and errors are overwritten before I can take a look at them. I wasn't even able to compare the same mail being sent in the delivery logs because by the time I stopped the logging more mail had come into the system.
Re: [Dovecot] Connection refused with auth-master afterupgradingto Dovecot 1.0 rc 28
-Original Message- From: Timo Sirainen [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 10, 2007 11:45 AM To: Dovecot Mailing List Cc: Jason Warner; 'Jason Warner' Subject: Re: [Dovecot] Connection refused with auth-master afterupgradingto Dovecot 1.0 rc 28 On 10.4.2007, at 20.35, Timo Sirainen wrote: On 10.4.2007, at 20.22, Jason Warner wrote: Apr 10 10:12:15 mail dovecot: auth(default): file auth-request.c: line 474 (auth_request_lookup_credentials_callback): assertion failed: (request-state == AUTH_REQUEST_STATE_PASSDB) Oh. So the connection refused happens because dovecot-auth crashes. Now this is beginning to make sense. The easiest way to fix this is to add allow_all_users to userdb static's args. I'll try to figure out why this crash is happening. Adding allow_all_users to my userdb static args gets rid of the previous error message, but now the logs contain this message: Apr 10 11:48:28 mail deliver([EMAIL PROTECTED]): setgid(999) failed: Operation not permitted Apr 10 11:48:28 mail postfix/pipe[17576]: 95FC916872D: to=[EMAIL PROTECTED], relay=dovecot, delay=0.31, delays=0.26/0.02/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service) 999 is the gid of my vmail user. Do you have core file in Dovecot's base_dir (/var/run/dovecot/ or / usr/local/var/run/dovecot/ probably)? If so, could you do: gdb /path/to/dovecot-auth /path/to/core bt full fr 4 p *request (I think fr 4 is correct to give a usable output for p *request, if it just says No symbol try with different fr numbers. It's anyway the one that bt full shows auth_request_lookup_credentials_callback() being in) I couldn't find a core dump file in the base_dir (/var/run/dovecot). Is there a way to force a core dump?
Re: [Dovecot] Connection refused with auth-master afterupgradingto Dovecot 1.0 rc 28
On 10.4.2007, at 21.33, Jason Warner wrote: I still didn't get a core dump in /var/run/dovecot. Should I be looking somewhere else? That is the directory that the base_dir variable is set to in my dovecot.conf file. Well, another way would be to attach gdb directly into dovecot-auth while it's still running: gdb attach `pidof dovecot-auth` cont (wait for crash) bt full fr 4 p *request Anyway I should be able to figure out the assert by looking at the code too. Just a bit more difficult, since a couple of minutes wasn't enough. :) Here's the best I could do: (gdb) bt full #0 0x004b9402 in __kernel_vsyscall () No symbol table info available. #1 0x00686d40 in raise () from /lib/libc.so.6 No symbol table info available. #2 0x00688591 in abort () from /lib/libc.so.6 No symbol table info available. #3 0x0806bb9a in i_error () No symbol table info available. #4 0x0806baac in i_panic () No symbol table info available. #5 0x080552ce in auth_request_lookup_credentials_callback () No symbol table info available. #6 0x0805f2bd in passdb_cache_init () No symbol table info available. #7 0x0805f684 in passdb_cache_init () No symbol table info available. #8 0x0805906b in db_ldap_connect () No symbol table info available. #9 0x0806ef30 in io_loop_handler_run () No symbol table info available. #10 0x0806e27c in io_loop_run () No symbol table info available. #11 0x0805a51e in main () No symbol table info available. It looks like a stack trace, but the p *request just gives No symbol table info available for all 11 integers. I tried this with both the allow_all_users set and without it set. That was the fix though. By adding allow_all_users to my userdb static args, everything is running just fine. Only problem with that is that it doesn't know if the user exists or not. So depending on how you've set up permissions, it's possible that it delivers mails to unknown users as well, creating the directories if needed.. That is a problem. I'll go back to Postfix's virtual delivery method until I don't have to use the allow_all_users flag.
Re: [Dovecot] Connection refused with auth-master after upgrading to Dovecot 1.0 rc 28
Timo, Thanks for your time. On 4/2/07, Timo Sirainen [EMAIL PROTECTED] wrote: On Mon, 2007-04-02 at 13:10 -0600, Jason Warner wrote: Fedora pushed out an update to Dovecot 1.0 rc 28 today. After upgrading, mail isn't delivered to local recipients. My log file is full of error messages similar to the following: Apr 2 12:56:32 mail deliver([EMAIL PROTECTED]): net_connect(/var/run/dovecot/auth-master) failed: Connection refused Delete this file. Restart Dovecot. Does it get recreated? When I delete the file and restart Dovecot it is recreated. I'm including some snippets from my dovecot.conf file that pertain to the auth-master file: dovecot -n shows what Dovecot really uses. It might show something different than what you thought you had. Here is the output from dovecot -n: [EMAIL PROTECTED] dovecot]# /usr/local/sbin/dovecot -c /etc/dovecot.conf -n # /etc/dovecot.conf protocols: imap imaps pop3 pop3s ssl_cert_file: /etc/pki/dovecot/certs/pop3.pem ssl_key_file: /etc/pki/dovecot/private/pop3.pem login_dir: /usr/local/var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login default_mail_env: maildir:/home/vmail/mail/%n mail_location: maildir:/home/vmail/mail/%n mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 pop3_uidl_format(default): pop3_uidl_format(imap): pop3_uidl_format(pop3): %08Xu%08Xv auth default: passdb: driver: ldap args: /etc/dovecot-ldap.conf userdb: driver: static args: uid=502 gid=502 home=/home/vmail/mail/%n mail=maildir:/home/vmail/mail/%n/ socket: type: listen client: master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: mail Some other information that I've learned might be helpful in helping to troubleshoot this problem: 1. I'm using Postfix and delivering mail to virtual users. 2. The problem presents itself when using the Dovecot LDA. If I go back to my old virtual settings (not using the Dovecot LDA) then mail is delivered again. 3. The Dovecot LDA is added with this line in my master.cf for Postfix: # Dovecot LDA dovecot unix - n n - - pipe flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient}
[Dovecot] Connection refused with auth-master after upgrading to Dovecot 1.0 rc 28
Fedora pushed out an update to Dovecot 1.0 rc 28 today. After upgrading, mail isn't delivered to local recipients. My log file is full of error messages similar to the following: Apr 2 12:56:32 mail deliver([EMAIL PROTECTED]): net_connect(/var/run/dovecot/auth-master) failed: Connection refused I'm including some snippets from my dovecot.conf file that pertain to the auth-master file: protocol lda { # Address to use when sending rejection mails. postmaster_address = [EMAIL PROTECTED] mail = maildir:/home/vmail/mail/%n # Hostname to use in various parts of sent mails, eg. in Message-Id. # Default is the system's real hostname. #hostname = # Support for dynamically loadable plugins. mail_plugins is a space separated # list of plugins to load. #mail_plugins = #mail_plugin_dir = /usr/lib/dovecot/lda mail_plugins = cmusieve mail_plugin_dir = /usr/lib/dovecot/lda # Binary to use for sending mails. #sendmail_path = /usr/lib/sendmail # UNIX socket path to master authentication server to find users. auth_socket_path = /var/run/dovecot/auth-master #auth_socket_path = /home/vmail/mail/auth-master } socket listen { master { # Master socket provides access to userdb information. It's typically # used to give Dovecot's local delivery agent access to userdb so it # can find mailbox locations. path = /var/run/dovecot/auth-master #path = /home/vmail/mail/auth-master mode = 0600 # Default user/group is the one who started dovecot-auth (root) user = vmail group = mail } #client { # The client socket is generally safe to export to everyone. Typical use # is to export it to your SMTP server so it can do SMTP AUTH lookups # using it. #path = /var/run/dovecot/auth-client #mode = 0660 #} } I have been beating my head against this trying to change the permissions to 0777, changing the directory of the socket, changing the auth user, and just about anything else I can find in any thread that relates to this error. Any help would be greatly appreciated.