Re: [Dovecot] Wait for interface to become available instead of dying?
Am 11.06.2013 09:24, schrieb Sebastian Arcus: > On 11/06/13 08:18, Robert Schetterer wrote: >> Am 11.06.2013 09:00, schrieb Sebastian Arcus: >>> At the moment, if one of the interfaces specified with "listen=" in >>> dovecot.conf is not up when Dovecot is started, >>> then Dovecot just refuses to start. Is there an option to make Dovecot >>> start anyway, and just use the interface >>> when it becomes available? It is inconvenient to have Dovecot refuse to >>> start during boot because some interface is >>> temporarily not available. >> >> try write some wrapper to the dovecot start script , checking your >> interfaces and perhaps echo some stuff in dovecot.conf, or simply use -c >> option for starting another dovecot.conf >> but i would not recommand this practises >> >> > Thanks Robert. That's an interesting idea. It probably isn't really > worth the hassle as the whole issue is not quite that important. I was > merely wondering if there is a configuration option for Dovecot to > ignore missing interfaces. > > Maybe coming from the other direction of the spectrum might also be a > good idea - something like a "nolisten" option - to prevent it from > listening on certain interfaces. That's the main reason I use the > "listen" option - to prevent Dovecot from ever listening on certain > interfaces, as an extra layer of protection in case the firewall ever > gets misconfigured. perhaps good idea , but i think it hasnt high prior, wait for Timos Statement Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: [Dovecot] Wait for interface to become available instead of dying?
On 11/06/13 08:18, Robert Schetterer wrote: Am 11.06.2013 09:00, schrieb Sebastian Arcus: At the moment, if one of the interfaces specified with "listen=" in dovecot.conf is not up when Dovecot is started, then Dovecot just refuses to start. Is there an option to make Dovecot start anyway, and just use the interface when it becomes available? It is inconvenient to have Dovecot refuse to start during boot because some interface is temporarily not available. try write some wrapper to the dovecot start script , checking your interfaces and perhaps echo some stuff in dovecot.conf, or simply use -c option for starting another dovecot.conf but i would not recommand this practises Thanks Robert. That's an interesting idea. It probably isn't really worth the hassle as the whole issue is not quite that important. I was merely wondering if there is a configuration option for Dovecot to ignore missing interfaces. Maybe coming from the other direction of the spectrum might also be a good idea - something like a "nolisten" option - to prevent it from listening on certain interfaces. That's the main reason I use the "listen" option - to prevent Dovecot from ever listening on certain interfaces, as an extra layer of protection in case the firewall ever gets misconfigured.
Re: [Dovecot] Wait for interface to become available instead of dying?
Am 11.06.2013 09:00, schrieb Sebastian Arcus: > At the moment, if one of the interfaces specified with "listen=" in > dovecot.conf is not up when Dovecot is started, > then Dovecot just refuses to start. Is there an option to make Dovecot > start anyway, and just use the interface > when it becomes available? It is inconvenient to have Dovecot refuse to > start during boot because some interface is > temporarily not available. try write some wrapper to the dovecot start script , checking your interfaces and perhaps echo some stuff in dovecot.conf, or simply use -c option for starting another dovecot.conf but i would not recommand this practises Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: [Dovecot] Wait for interface to become available instead of dying?
On 11/06/13 00:21, Reindl Harald wrote: Am 10.06.2013 21:04, schrieb Sebastian Arcus: On 10/06/13 13:14, Reindl Harald wrote: Am 10.06.2013 11:45, schrieb Sebastian Arcus: At the moment, if one of the interfaces specified with "listen=" in dovecot.conf is not up when Dovecot is started, then Dovecot just refuses to start. Is there an option to make Dovecot start anyway, and just use the interface when it becomes available? It is inconvenient to have Dovecot refuse to start during boot because some interface is temporarily not available. Then again, maybe there is some strong security reasoning behind the way Dovecot behaves at the moment? the main question is why do you not order the start of your services correctly how should a application bind to a specific interface if it is not up? The order of services is fine as it is. The problem is that if any of the interfaces Dovecot is supposed to be binding to is missing, Dovecot seems to refuse to start at all where i work and config servers *i want* the to fail if the config is wrong instead of just binding to what is available is not a predictable configuration if you specify ecplicit interfaces openvpn service for example might have been reconfigured on a different IP so why the hell to you not config dovecot with "address = *" if you want this Steady now. I was only asking a question. No need to burst a blood vessel over this. Some people prefer their systems to work slightly differently than others. It's the way of the world. Thank you for taking the time to answer.
Re: [Dovecot] Wait for interface to become available instead of dying?
Am 10.06.2013 21:04, schrieb Sebastian Arcus: > On 10/06/13 13:14, Reindl Harald wrote: >> >> Am 10.06.2013 11:45, schrieb Sebastian Arcus: >>> At the moment, if one of the interfaces specified with "listen=" in >>> dovecot.conf is not up when Dovecot is started, >>> then Dovecot just refuses to start. Is there an option to make Dovecot >>> start anyway, and just use the interface >>> when it becomes available? It is inconvenient to have Dovecot refuse to >>> start during boot because some interface is >>> temporarily not available. >>> >>> Then again, maybe there is some strong security reasoning behind the way >>> Dovecot behaves at the moment? >> >> the main question is why do you not order the start of your services >> correctly >> how should a application bind to a specific interface if it is not up? > > The order of services is fine as it is. The problem is that if any of the > interfaces Dovecot is supposed to be > binding to is missing, Dovecot seems to refuse to start at all where i work and config servers *i want* the to fail if the config is wrong > instead of just binding to what is available is not a predictable configuration if you specify ecplicit interfaces > openvpn service for example might have been reconfigured on a different IP so why the hell to you not config dovecot with "address = *" if you want this > On next reboot, there is no imap server available for any interface which is good because you recognize something goes wrong and if you want it to listen to "whatis available" avoid configs with specific interfaces > One of the network cards might go faulty. On next reboot - not imap server. so what - if hardware dies you normally want to know it instead hav eit somehow masqueraded > Exim seems to be happy to start regardless of what is available dovecot too as any other service if you configure it not explicitly for specific interfaces signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Wait for interface to become available instead of dying?
On 10/06/13 13:14, Reindl Harald wrote: Am 10.06.2013 11:45, schrieb Sebastian Arcus: At the moment, if one of the interfaces specified with "listen=" in dovecot.conf is not up when Dovecot is started, then Dovecot just refuses to start. Is there an option to make Dovecot start anyway, and just use the interface when it becomes available? It is inconvenient to have Dovecot refuse to start during boot because some interface is temporarily not available. Then again, maybe there is some strong security reasoning behind the way Dovecot behaves at the moment? the main question is why do you not order the start of your services correctly how should a application bind to a specific interface if it is not up? The order of services is fine as it is. The problem is that if any of the interfaces Dovecot is supposed to be binding to is missing, Dovecot seems to refuse to start at all - instead of just binding to what is available. The openvpn service for example might have been reconfigured on a different IP. On next reboot, there is no imap server available for any interface. One of the network cards might go faulty. On next reboot - not imap server. Exim seems to be happy to start regardless of what is available - but I'm not sure of the intricacies of how they do it.
Re: [Dovecot] Wait for interface to become available instead of dying?
On 2013-06-10 02:45, Sebastian Arcus wrote: > At the moment, if one of the interfaces specified with "listen=" in > dovecot.conf is not up when Dovecot is started, then Dovecot just > refuses to start. Is there an option to make Dovecot start anyway, and > just use the interface when it becomes available? It is inconvenient to > have Dovecot refuse to start during boot because some interface is > temporarily not available. > > Then again, maybe there is some strong security reasoning behind the way > Dovecot behaves at the moment? Depending on platform, but on Linux: sysctl -w net.ipv4.ip_nonlocal_bind = 1 And presto. Do note that figuring out that some applications are then misconfigured is a lot of fun, though 'netstat -anp' will help with that. (-p only as root on again Linuxes) Greets, Jeroen
Re: [Dovecot] Wait for interface to become available instead of dying?
Am 10.06.2013 11:45, schrieb Sebastian Arcus: > At the moment, if one of the interfaces specified with "listen=" in > dovecot.conf is not up when Dovecot is started, > then Dovecot just refuses to start. Is there an option to make Dovecot start > anyway, and just use the interface > when it becomes available? It is inconvenient to have Dovecot refuse to start > during boot because some interface is > temporarily not available. > > Then again, maybe there is some strong security reasoning behind the way > Dovecot behaves at the moment? the main question is why do you not order the start of your services correctly how should a application bind to a specific interface if it is not up? listening on * is no problem in this case but you can hardly bind to a non existing interface signature.asc Description: OpenPGP digital signature
[Dovecot] Wait for interface to become available instead of dying?
At the moment, if one of the interfaces specified with "listen=" in dovecot.conf is not up when Dovecot is started, then Dovecot just refuses to start. Is there an option to make Dovecot start anyway, and just use the interface when it becomes available? It is inconvenient to have Dovecot refuse to start during boot because some interface is temporarily not available. Then again, maybe there is some strong security reasoning behind the way Dovecot behaves at the moment?