deliver reports (/var/lib/imap/socket/lmtp) failed: Connection refused

Alain Spineux aspineux at gmail.com
Sat Sep 22 05:51:18 EDT 2007 

On 9/22/07, Gyorgy Knyihar <cyrus123 at syspro.hu> wrote:
> Hello Simon,
>
> I reconstructed all mailboxes but it did not help.
> I found that the service outages happen usually during nights.
> There were two backups run by cron every night which gzipped a lot of data.
> I disabled these CPU intensive backups and the cyrus processes are
> stable for more than 6 days now. I can understand why pop3s, imaps
> request timed out during the CPU sensitive backups but I still don't
> understand why only restart helped. I tried to run the backups with
> lower priority using nice but it did not help.
>
> Thanks for your help.

Hi
If you have TLS error, you could try to switch from /dev/random to /dev/urandom
TLS should use /dev/random to create session keys using self machine
entropy (activity on the machine) and block when the "entropy buffer"
is empty. Unblocking (u)random use also entropy buffer but switch to
predictable random number when entropy is empty and then never block.
Maybe you could try to make a link from random to urandom for testing.

# rm /dev/random
# ln /dev/urandom /dev/random

About you lmtp socket and chrooted postfix, why not to setup option
lmtpsocket in imapd.conf to point into postfix directory. Be careful
to the file and directory right!


>
> Regards, Gyorgy
>
> Idézet (Gyorgy Knyihar <cyrus123 at syspro.hu>):
>
> > Hello Simon,
> >
> > Thank you very much for your help.
> > Please see my answers below.
> >
> > Idezet (Simon Matter <simon.matter at invoca.ch>):
> >
> >>> Hello Simon,
> >>>
> >>> I tried you suggestion and there are no more
> >>> "Sep  3 07:45:59 srv1 deliver[20650]:
> >>> connect(/var/lib/imap/socket/lmtp) failed: Connection refused"
> >>> messages appearing in the error log file.
> >>>
> >>> Many thanks for your help.
> >>>
> >>> I run postfix chrooted so a hardlink pointing to
> >>> /var/lib/imap/socket/lmtp was required in
> >>> /var/spool/postfix/var/lib/imap/socket directory. This needs to be
> >>> refreshed every time cyrus is restarted.
> >>
> >> It's much easier to make lmtp not chrooted. Simply remove the chroot
> >> option from lmtp service in master.cf. I don't think that's a big security
> >> problem.
> >
> > Yes, this sounds easier, thanks.
> >
> >>
> >>>
> >>> But my collegaues told me that this is not the only problem. Cyrus
> >>> pop3, pop3s, imap and imaps services become unavailable time to time.
> >>> And only restart helps.
> >>> Delivery from postfix to cyrus mailboxes via this new setup (direct
> >>> lmtp) is OK during the outage of pop3, pop3s, imap, imaps service. The
> >>> services don't die at the same time. Sometimes imap dies but pop3
> >>> still works. Restart helps. It is really strange. It was a stable
> >>> system before and nothing was changed. I could find only the following
> >>> errormessages in the log files:
> >>>
> >>> Sep  8 01:35:00 srv1 pop3s[15591]: Fatal error: tls_start_servertls()
> >>> failed
> >>> Sep  8 01:37:09 srv1 imaps[15687]: Fatal error: tls_start_servertls()
> >>> failed
> >>
> >> Do you only have problems with pop3s and imaps, or also with pop3 and
> >> imap? If it's only SSL/TLS, there yould be a problem with /dev/random and
> >> you should try using /dev/urandom instead. Otherwise it could be that one
> >> or more of your cyrus databases are corrupt. Did you try a reconstruct on
> >> all you mailboxes?
> >
> > It is a problem with pop3 and imap as well. I monitor the services
> > with nagios running on the same machine and there are problems with
> > all services.
> > Time to time these services die and only restart helps.
> > I haven't tried to reconstruct mailboxes yet. I will try.
> > I don't know if it does matter but lot of users are over their quota.
> >
> > Thanks a lot for your help.
> >
> > Regards, Gyorgy
> >
> >>
> >> Simon
> >>
> >>>
> >>> and
> >>>
> >>> Sep  8 02:17:47 srv1 cyrus-master[20423]: pop3 has -5 workers?!?
> >>>
> >>> There are many of such messages. I can access my mailbox using TLS
> >>> without any problem.
> >>>
> >>> Any help would be appreciated.
> >>>
> >>> Thanks, Gyorgy
> >>>
> >>> IdÃ(c)zet (Simon Matter <simon.matter at invoca.ch>):
> >>>
> >>>>> Hello,
> >>>>>
> >>>>> We had a properly working postfix + cyrus-imap system till 23rd of
> >>>>> July. Then messages like the below one started to appear in the log
> >>>>> file.
> >>>>>
> >>>>> Sep  3 07:45:59 srv1 deliver[20650]:
> >>>>> connect(/var/lib/imap/socket/lmtp) failed: Connection refused
> >>>>>
> >>>>> The postfix log shows:
> >>>>>
> >>>>> Sep  3 07:45:59 srv1 postfix/pipe[19972]: B88D01DC8EF8: to=<xxx@
> >>>>> srv1.xxx.xx>, orig_to=<xxx at xxx.xx>, relay=cyrus-deliver, delay=2
> >>>>> 49424, status=deferred (temporary failure. Command output: couldn't
> >>>>> connect to l
> >>>>> mtpd: Connection refused_ 421 4.3.0 deliver: couldn't connect to lmtpd_
> >>>>> )
> >>>>>
> >>>>>
> >>>>> Do you have any ideas what could happen? It worked fine before.
> >>>>>
> >>>>>
> >>>>> cyrus.conf contains:
> >>>>>
> >>>>>    # at least one LMTP is required for delivery
> >>>>> #  lmtp         cmd="lmtpd" listen="lmtp" prefork=0
> >>>>>    lmtpunix      cmd="lmtpd" listen="/var/lib/imap/socket/lmtp"
> >>>>> prefork=5
> >>>>>
> >>>>>
> >>>>> postfix/master.cf contains:
> >>>>>
> >>>>> cyrus-deliver     unix  -       n       n       -       -       pipe
> >>>>>    user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
> >>>>> ${extension} ${user}
> >>>>>
> >>>>>
> >>>>> postfix/main.cf contains:
> >>>>>
> >>>>> mailbox_transport = cyrus-deliver
> >>>>
> >>>> Hi,
> >>>>
> >>>> I don't know why things suddenly fail but you shouldn't use the cyrus
> >>>> transport anymore. You should use lmtp as a mailtransport directly. If
> >>>> your postfix setup isn't somehow exotic you should be able to simply
> >>>> switch with this config:
> >>>> mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
> >>>>
> >>>> Maybe you could give it a try.
> >>>>
> >>>> Simon
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>> ----
> >>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> >>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> >>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> >>
> >
> >
> >
> > ----
> > Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
>
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


-- 
Alain Spineux
aspineux gmail com
May the sources be with you

More information about the Info-cyrus mailing list