Re: bug report: imap-login not killed
Hi, Does this happen with latest 2.3.20 too? You can find packages at https://repo.dovecot.org/ Yes it is, thanks \ò/ Sacha.
Re: bug report: imap-login not killed
On 04/03/2023 17:10 EET Sacha wrote:
Hi,
We have growing imap-login processes until we reach the max processes.
This occurs when a particular user have a login error due to our LDAP misconfiguration:
---Mar 4 14:59:33 hera dovecot[2226963]: auth: Error: plain(john.doe,XX.XX.XX.XX,<13C0eBP2354lqXpO>): user not found from any userdbs Mar 4 14:59:33 hera dovecot[2226963]: imap: Error: auth-master: login: request [1001652225]: Login auth request failed: Authenticated user not found from userdb, auth lookup id=1001652225 (auth connected 2 msecs ago, request took 1 msecs, client-pid=2235348 client-id=1) Mar 4 14:59:33 hera dovecot[2226963]: imap-login: Internal login failure (pid=2235348 id=1): user=, method=PLAIN, rip=XX.XX.XX.XX, lip=185.233.100.1, mpid=2235359, TLS, session=<13C0eBP2354lqXpO>---
The origin of is issue is when passdb finds the user and userdb not. The result is imap-login processes with no timeout growing until we reach the max processes.
OS version
Debian stable - Bullseye
Dovecot version
dpkg -l |grep dovecot ii dovecot-antispam 2.0+20171229-1+b7 amd64 Dovecot plugins for training spam filters ii dovecot-common 1:2.1.7-7+deb7u1 all Transitional package for dovecot ii dovecot-core 1:2.3.13+dfsg1-2+deb11u1 amd64 secure POP3/IMAP server - core files ii dovecot-core-dbgsym 1:2.3.13+dfsg1-2+deb11u1 amd64 debug symbols for dovecot-core ii dovecot-imapd 1:2.3.13+dfsg1-2+deb11u1 amd64 secure POP3/IMAP server - IMAP daemon ii dovecot-imapd-dbgsym 1:2.3.13+dfsg1-2+deb11u1 amd64 debug symbols for dovecot-imapd ii dovecot-ldap 1:2.3.13+dfsg1-2+deb11u1 amd64 secure POP3/IMAP server - LDAP support ii dovecot-managesieved 1:2.3.13+dfsg1-2+deb11u1 amd64 secure POP3/IMAP server - ManageSieve server ii dovecot-mysql 1:2.3.13+dfsg1-2+deb11u1 amd64 secure POP3/IMAP server - MySQL support ii dovecot-pop3d 1:2.3.13+dfsg1-2+deb11u1 amd64 secure POP3/IMAP server - POP3 daemon ii dovecot-sieve 1:2.3.13+dfsg1-2+deb11u1 amd64 secure POP3/IMAP server - Sieve filters support
doveconf -n
---# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.13 (cdd19fe3) doveconf: Warning: service auth { client_limit=1000 } is lower than required under max. load (4096) doveconf: Warning: service anvil { client_limit=1000 } is lower than required under max. load (4099) # OS: Linux 5.10.0-21-cloud-amd64 x86_64 Debian 11.6 ext4 # Hostname: XXXauth_mechanisms = plain login default_process_limit = 1024 first_valid_gid = 8 first_valid_uid = 109 last_valid_gid = 8 last_valid_uid = 109 login_greeting = XXX listening. mail_access_groups = mail mail_gid = 8 mail_location = maildir:/srv/vmail/%d/%n mail_privileged_group = mail mail_uid = 109 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify imapsieve vnd.dovecot.imapsievevnd.dovecot.filter namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } passdb { args = /etc/dovecot/dovecot-ldap-girondix.conf driver = ldap } passdb { args = /etc/dovecot/dovecot-oauth2.conf.ext driver = oauth2 mechanisms = xoauth2 oauthbearer } plugin { quota_rule = *:storage=100M quota_rule2 = Trash:storage=10%% recipient_delimiter = + sieve = /srv/vmail/%d/%n/dovecot.sieve sieve_default = /var/lib/dovecot/sieve/default.sieve sieve_dir = /srv/vmail/%d/%n/sieve sieve_extensions = +notify +imapflags +vnd.dovecot.filter sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter sieve_global_extensions = +vnd.dovecot.pipe sieve_max_script_size = 1M sieve_pipe_bin_dir = /etc/dovecot/sieve sieve_pipe_socket_dir = sieve-pipe sieve_plugins = sieve_imapsieve sieve_extprograms sieve_redirect_envelope_from = orig_recipient } protocols = imap pop3 sieve service auth { unix_listener /var/spool/postfix/private/auth { group = mail mode = 0600 user = postfix } unix_listener auth-master {
bug report: imap-login not killed
Hi,
We have growing imap-login processes until we reach the max processes.
This occurs when a particular user have a login error due to our LDAP
misconfiguration:
---
Mar 4 14:59:33 hera dovecot[2226963]: auth: Error:
plain(john.doe,XX.XX.XX.XX,<13C0eBP2354lqXpO>): user not found from any
userdbs
Mar 4 14:59:33 hera dovecot[2226963]: imap: Error: auth-master: login:
request [1001652225]: Login auth request failed: Authenticated user not
found from
userdb, auth lookup id=1001652225 (auth connected 2 msecs ago, request
took 1 msecs, client-pid=2235348 client-id=1)
Mar 4 14:59:33 hera dovecot[2226963]: imap-login: Internal login
failure (pid=2235348 id=1): user=, method=PLAIN,
rip=XX.XX.XX.XX, lip=18
5.233.100.1, mpid=2235359, TLS, session=<13C0eBP2354lqXpO>
---
The origin of is issue is when passdb finds the user and userdb not. The
result is imap-login processes with no timeout growing until we reach
the max processes.
* OS version
Debian stable - Bullseye
* Dovecot version
dpkg -l |grep dovecot
ii dovecot-antispam 2.0+20171229-1+b7
amd64 Dovecot plugins for training spam filters
ii dovecot-common 1:2.1.7-7+deb7u1
all Transitional package for dovecot
ii dovecot-core 1:2.3.13+dfsg1-2+deb11u1
amd64 secure POP3/IMAP server - core files
ii dovecot-core-dbgsym 1:2.3.13+dfsg1-2+deb11u1
amd64 debug symbols for dovecot-core
ii dovecot-imapd 1:2.3.13+dfsg1-2+deb11u1
amd64 secure POP3/IMAP server - IMAP daemon
ii dovecot-imapd-dbgsym 1:2.3.13+dfsg1-2+deb11u1
amd64 debug symbols for dovecot-imapd
ii dovecot-ldap 1:2.3.13+dfsg1-2+deb11u1
amd64 secure POP3/IMAP server - LDAP support
ii dovecot-managesieved 1:2.3.13+dfsg1-2+deb11u1
amd64 secure POP3/IMAP server - ManageSieve server
ii dovecot-mysql 1:2.3.13+dfsg1-2+deb11u1
amd64 secure POP3/IMAP server - MySQL support
ii dovecot-pop3d 1:2.3.13+dfsg1-2+deb11u1
amd64 secure POP3/IMAP server - POP3 daemon
ii dovecot-sieve 1:2.3.13+dfsg1-2+deb11u1
amd64 secure POP3/IMAP server - Sieve filters support
* doveconf -n
---
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
doveconf: Warning: service auth { client_limit=1000 } is lower than
required under max. load (4096)
doveconf: Warning: service anvil { client_limit=1000 } is lower than
required under max. load (4099)
# OS: Linux 5.10.0-21-cloud-amd64 x86_64 Debian 11.6 ext4
# Hostname: XXX
auth_mechanisms = plain login
default_process_limit = 1024
first_valid_gid = 8
first_valid_uid = 109
last_valid_gid = 8
last_valid_uid = 109
login_greeting = XXX listening.
mail_access_groups = mail
mail_gid = 8
mail_location = maildir:/srv/vmail/%d/%n
mail_privileged_group = mail
mail_uid = 109
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy i
nclude variables body enotify environment mailbox date index ihave
duplicate mime foreverypart extracttext imapflags notify imapsieve
vnd.dovecot.imapsieve
vnd.dovecot.filter
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
passdb {
args = /etc/dovecot/dovecot-ldap-girondix.conf
driver = ldap
}
passdb {
args = /etc/dovecot/dovecot-oauth2.conf.ext
driver = oauth2
mechanisms = xoauth2 oauthbearer
}
plugin {
quota_rule = *:storage=100M
quota_rule2 = Trash:storage=10%%
recipient_delimiter = +
sieve = /srv/vmail/%d/%n/dovecot.sieve
sieve_default = /var/lib/dovecot/sieve/default.sieve
sieve_dir = /srv/vmail/%d/%n/sieve
sieve_extensions = +notify +imapflags +vnd.dovecot.filter
sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
sieve_global_extensions = +vnd.dovecot.pipe
sieve_max_script_size = 1M
sieve_pipe_bin_dir = /etc/dovecot/sieve
sieve_pipe_socket_dir = sieve-pipe
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve_redirect_envelope_from = orig_recipient
}
protocols = imap pop3 sieve
service auth {
unix_listener /var/spool/postfix/private/auth {
group = mail
mode = 0600
user = postfix
}
unix_listener auth-master {
group = mail
mode = 0660
user = vmail
}
unix_listener auth-userdb {
group = mail
mode = 0600
user = vmail
}
}
service imap-login {
inet_listener imap {
