Hi,
in recent weeks I have notice a sudden increase in the load average of
our Dovecot (2.2.19) IMAP/POP servers (and consequently in the NFS
storage).
After an investigation I found some dovecot/imap processes in D state
and running UID FETCH or UID SORT from Webmail (Roundcube) without that
user was actually more connected to webmail. Some minutes after the
dovecot/imap processes stop to run FETCH/SORT but in "ps aux" I can
still see it.
If the user try to login in Webmail again the same process start again
to run FETCH/SORT (and it consumes a lot of I/O resources) but the
webmail does not load any message and return a "FETCH 1: UID
INTERNALDATE BODY.PEEK ..." error.
The only way to restore the webmail access is to kill the related
dovecot/imap process (or with doveadm kick username).
I noticed that these processes in D state had started many hours before.
Example, now are 17:30 (important, see the time of the dovecot/imap
processes) the user alessio@skye try to login in webmail without success
and close the webmail, processes are still running:
# doveadm who | grep alessio@skye
username # proto (pids) (ips)
alessio@skye 3 imap (10440 4624) (192.168.5.215)
# ps aux | grep SORT
vmail 4624 0.0 0.0 108792 16048 ? D 13:32 0:01 dovecot/imap
[alessio@skye 192.168.5.215 UID SORT]
vmail 10440 0.0 0.1 108520 17832 ? D 12:32 0:02 dovecot/imap
[alessio@skye 192.168.5.215 UID SORT]
# doveadm kick alessio@skye
kicked connections from the following users:
alessio@skye
Processes are now died, and user can login in Webmail easily.
Can be a "reusing processes" issue since I have set service_count=100
for imap and pop3 services or there may be other problems related to my
configuration?
Thanks
my configuration:
# 2.2.19.1 (16dc61d3dab3): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.9 (5d26f470efe6)
# OS: Linux 2.6.32-573.12.1.el6.x86_64 x86_64 CentOS release 6.7 (Final)
auth_cache_negative_ttl = 5 mins
auth_cache_size = 10 M
auth_cache_ttl = 20 mins
auth_master_user_separator = *
auth_worker_max_count = 50
deliver_log_format = msgid=%m, from=%f, subject="%s": %$
dict {
acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
expire = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
disable_plaintext_auth = no
first_valid_gid = 89
first_valid_uid = 89
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
tb-lsub-flags
imap_idle_notify_interval = 29 mins
imap_logout_format = in=%i out=%o session=<%{session}>
last_valid_gid = 89
last_valid_uid = 89
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
listen = 10.96.3.156
login_trusted_networks = 192.168.5.0/24
mail_fsync = always
mail_location = maildir:~/Maildir
mail_plugins = quota acl expire fts fts_solr zlib
maildir_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character subaddress comparator-i;ascii-numeric relational regex
imap4flags copy include variables body enotify environment mailbox date
index ihave duplicate vnd.dovecot.duplicate
mmap_disable = yes
namespace {
list = children
location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
prefix = shared/%%n/
separator = /
subscriptions = no
type = shared
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = /
}
passdb {
args = /etc/dovecot/dovecot-deny-sql.conf.ext
deny = yes
driver = sql
}
passdb {
args = /etc/dovecot/extra/master-users
driver = passwd-file
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
acl = vfile
acl_shared_dict = proxy::acl
antispam_backend = mailtrain
antispam_mail_notspam = --ham
antispam_mail_sendmail = /usr/bin/sa-learn
antispam_mail_spam = --spam
antispam_spam = Spam
antispam_trash = Trash
expire = Trash
expire2 = Spam
expire_dict = proxy::expire
fts = solr
fts_solr = url=http://10.0.0.5:8983/solr/
quota = maildir:UserQuota
quota2 = dict:Quota Usage::noenforcing:proxy::sqlquota
quota_grace = 10M
quota_rule2 = Trash:storage=+100M
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
sieve = ~/.dovecot.sieve
sieve_before = /etc/dovecot/sieve/before.sieve
sieve_dir = ~/sieve
sieve_extensions = +vnd.dovecot.duplicate -vacation
zlib_save = gz
zlib_save_level = 6
}
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s,
bytes=%i/%o, session=<%{session}>
protocols = imap pop3 sieve
sendmail_path = /bin/sendmail
service auth {
client_limit = 6524
unix_listener auth-userdb {
group = vmail
mode = 0660
user = vmail
}
}
service dict {
process_limit = 500
unix_listener dict {
group = vmail
mode = 0660
user = vmail
}
}
service imap-login {
process_min_avail = 4
service_count = 0
}
service imap-postlogin {
executable = script-login /etc/dovecot/imap-postlogin.sh
unix_listener imap-postlogin {
group = vmail
mode = 0660
user = vmail
}
user = vmail
}
service imap {
executable = imap imap-postlogin
process_limit = 5000
service_count = 100
vsz_limit = 384 M
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
service pop3-login {
process_min_avail = 4
service_count = 0
}
service pop3-postlogin {
executable = script-login /etc/dovecot/pop3-postlogin.sh
unix_listener pop3-postlogin {
group = vmail
mode = 0660
user = vmail
}
user = vmail
}
service pop3 {
executable = pop3 pop3-postlogin
process_limit = 1024
service_count = 100
}
service quota-warning {
executable = script /etc/dovecot/quota-warning.sh
unix_listener quota-warning {
user = vmail
}
user = vmail
}
service stats {
fifo_listener stats-mail {
group = vmail
mode = 0660
user = vmail
}
}
ssl_cert = </etc/dovecot/wildcard.pem
ssl_key = </etc/dovecot/wildcard.key
ssl_protocols = !SSLv2 !SSLv3
submission_host = 127.0.0.1
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
verbose_proctitle = yes
protocol lda {
mail_location = maildir:~/Maildir:INDEX=MEMORY
mail_plugins = quota acl expire fts fts_solr zlib sieve
}
protocol imap {
mail_max_userip_connections = 25
mail_plugins = quota acl expire fts fts_solr zlib imap_quota imap_acl
imap_zlib
}
protocol sieve {
mail_max_userip_connections = 2
}
--
Alessio Cecchi
Postmaster @ http://www.qboxmail.it
https://www.linkedin.com/in/alessice
