Dovecot-auth doesn't close sockets

Which version are you running?

Regards
chuck

We're running:

ii dovecot-common 1:1.0.10-1ubuntu5.2
             secure mail server that supports mbox and maildir mailboxes
ii dovecot-dev 1:1.0.10-1ubuntu5.2
             header files for the dovecot mail server
ii dovecot-imapd 1:1.0.10-1ubuntu5.2
             secure IMAP server that supports mbox and maildir mailboxes
ii dovecot-pop3d 1:1.0.10-1ubuntu5.2
             secure POP3 server that supports mbox and maildir mailboxes

-Gaylord

Chuck Short wrote:
> Which version are you running?
>
> Regards
> chuck
>
> ** Changed in: dovecot (Ubuntu)
> Importance: Undecided => Medium
>
> ** Changed in: dovecot (Ubuntu)
> Status: New => Incomplete
>

Please attach your dovecot configuration file.

Regards
chuck

Done.

Chuck Short wrote:
> Please attach your dovecot configuration file.
>
> Regards
> chuck
>

From http://wiki.dovecot.org/PasswordDatabase/PAM#head-71368e6eb385969ff27fcda066555b9c05822c09:

Limiting the number of PAM lookups

Dovecot v1.1+ or v1.0 with blocking=yes enabled uses auth worker processes to do PAM lookups. Usually PAM is used to do only a single lookup in a process, so this may cause memory leaks in PAM plugins or maybe other problems. If you notice that PAM authentication stops working after some time, you can limit the number of lookups done by the auth worker process before it dies:

# v1.1+: Set to non-zero to limit the number of lookups
auth_worker_max_request_count = 0

Note that this applies to all lookups, not just PAM lookups. So for example if you've configured Dovecot to use both PAM and MySQL, both of the lookups are done in the same auth worker processes and both of them are counted as requests.

so if I set
auth_worker_max_request_count = 5

dovecot-auth will do 5 authorization lookup and exit, spawning a new
dovecat-auth process?

Any recommendations on the count?

-Gaylord

Chuck Short wrote:
>>From http://wiki.dovecot.org/PasswordDatabase/PAM#head-
> 71368e6eb385969ff27fcda066555b9c05822c09:
>
> Limiting the number of PAM lookups
>
> Dovecot v1.1+ or v1.0 with blocking=yes enabled uses auth worker
> processes to do PAM lookups. Usually PAM is used to do only a single
> lookup in a process, so this may cause memory leaks in PAM plugins or
> maybe other problems. If you notice that PAM authentication stops
> working after some time, you can limit the number of lookups done by the
> auth worker process before it dies:
>
> # v1.1+: Set to non-zero to limit the number of lookups
> auth_worker_max_request_count = 0
>
> Note that this applies to all lookups, not just PAM lookups. So for
> example if you've configured Dovecot to use both PAM and MySQL, both of
> the lookups are done in the same auth worker processes and both of them
> are counted as requests.
>
> ** Changed in: dovecot (Ubuntu)
> Status: Incomplete => Confirmed
>

I dont have a recommendation on the count, I guess you have to adjust it for your setup.

Regards
chuck

Chuck,

sorry for the long turn around on this, but I've finally tried setting:

auth_worker_max_request_count = 30

in /etc/dovecot/dovecot.conf.

When I restart, I get:

* Restarting IMAP/POP3 mail server dovecot
        Error: Error in configuration file /etc/dovecot/dovecot.conf
line 650: Unknown setting: worker_max_request_count

dpkg is showing:
ii dovecot-imapd 1:1.0.10-1ubuntu5.2
             secure IMAP server that supports mbox and maildir mailboxes

Any additional thoughts?
-Gaylord

Chuck Short wrote:
>>From http://wiki.dovecot.org/PasswordDatabase/PAM#head-
> 71368e6eb385969ff27fcda066555b9c05822c09:
>
> Limiting the number of PAM lookups
>
> Dovecot v1.1+ or v1.0 with blocking=yes enabled uses auth worker
> processes to do PAM lookups. Usually PAM is used to do only a single
> lookup in a process, so this may cause memory leaks in PAM plugins or
> maybe other problems. If you notice that PAM authentication stops
> working after some time, you can limit the number of lookups done by the
> auth worker process before it dies:
>
> # v1.1+: Set to non-zero to limit the number of lookups
> auth_worker_max_request_count = 0
>
> Note that this applies to all lookups, not just PAM lookups. So for
> example if you've configured Dovecot to use both PAM and MySQL, both of
> the lookups are done in the same auth worker processes and both of them
> are counted as requests.
>
> ** Changed in: dovecot (Ubuntu)
> Status: Incomplete => Confirmed
>

Chuck,

Sorry for the delay replying to this.

I finally tried your suggestion, setting:
auth_worker_max_request_count = 10
in dovecot.conf.

I get the following on restart:

* Restarting IMAP/POP3 mail server dovecot
        Error: Error in configuration file /etc/dovecot/dovecot.conf
line 650: Unknown setting: worker_max_request_count
Fatal: Invalid configuration in /etc/dovecot/dovecot.conf

dpkg shows:

ii dovecot-imapd 1:1.0.10-1ubuntu5.2
             secure IMAP server that supports mbox and maildir mailboxes

Any ideas?
-Gaylord

Chuck Short wrote:
>>From http://wiki.dovecot.org/PasswordDatabase/PAM#head-
> 71368e6eb385969ff27fcda066555b9c05822c09:
>
> Limiting the number of PAM lookups
>
> Dovecot v1.1+ or v1.0 with blocking=yes enabled uses auth worker
> processes to do PAM lookups. Usually PAM is used to do only a single
> lookup in a process, so this may cause memory leaks in PAM plugins or
> maybe other problems. If you notice that PAM authentication stops
> working after some time, you can limit the number of lookups done by the
> auth worker process before it dies:
>
> # v1.1+: Set to non-zero to limit the number of lookups
> auth_worker_max_request_count = 0
>
> Note that this applies to all lookups, not just PAM lookups. So for
> example if you've configured Dovecot to use both PAM and MySQL, both of
> the lookups are done in the same auth worker processes and both of them
> are counted as requests.
>
> ** Changed in: dovecot (Ubuntu)
> Status: Incomplete => Confirmed
>

I've only managed to use this parameter with Ubuntu > 8.04 . Otherwise, the error above is thrown.

Hmmm, the default shipped with 8.10 is

dovecot-imapd 1:1.1.4-0ubuntu1.3

but an updated 8.04 has

dovecot-imapd 1:1.2.9-1ubuntu3

Why does this parameter work with the older version?

And @Gaylord, why aren't you running the latest available with 8.04 anyway?

Weird.

According to packages.ubuntu.com 1:1.0.10-1ubuntu5.2 is the latest for
dovecot.

What repository should I be using?

-Gaylord

Peter Matulis wrote:
> Hmmm, the default shipped with 8.10 is
>
> dovecot-imapd 1:1.1.4-0ubuntu1.3
>
> but an updated 8.04 has
>
> dovecot-imapd 1:1.2.9-1ubuntu3
>
> Why does this parameter work with the older version?
>
> And @Gaylord, why aren't you running the latest available with 8.04
> anyway?
>

According to Chuck Short, the parameter should be in dovecot 1.1+, so I
would not have thought the OS level would matter.

Doesn't Ubuntu track debian packaging?

-Gaylord

Peter Matulis wrote:
> I've only managed to use this parameter with Ubuntu > 8.04 . Otherwise,
> the error above is thrown.
>

Strange. I built a Hardy virtual machine and 1.2.9 was installed. Indeed, the archives do say 1.0.10. I'll have to determine what happened with my VM. At any rate, if the error is thrown then that version doesn't support the parameter.

Would there be a reasonable way to add the archives for jaunty and
rebuild the 1.2.9 version from the src package?

-Gaylord

Peter Matulis wrote:
> Strange. I built a Hardy virtual machine and 1.2.9 was installed.
> Indeed, the archives do say 1.0.10. I'll have to determine what
> happened with my VM. At any rate, if the error is thrown then that
> version doesn't support the parameter.
>

I may be able to build a package for you from the Intrepid sources. This gives the following version which has provided me the parameter in question:

dovecot-imapd 1:1.1.4-0ubuntu1.3

I'll test this on my side and let you know if it will work.

It's been 10 years since the last comment, however it appears from the historical discussion that the issue was resolved with a parameter added to a newer version of dovecot. All currently supported Ubuntu LTS versions have even newer versions of Dovecot, so presumably this issue is now long since fixed.

If this issue, or a similar issue, is still a problem in more recent dovecot versions, please file a new bug report and we'll go from there.