too much logging

Bron Gondwana brong at fastmail.fm
Thu Apr 30 09:10:08 EDT 2015


You can't remove the db file from under a rubbing instance, only while it is shut down.
On Thu, Apr 30, 2015, at 06:37 PM, hw wrote:
> 
> 
> Am 29.04.2015 um 20:24 schrieb Dan White:
> > On 04/29/15 18:35 +0200, hw wrote:
> >>
> >>
> >> Am 29.04.2015 um 18:15 schrieb Dan White:
> >>
> >>>> Does this mean that before 2.5.1, the database is being opened and
> >>>> closed all the time, yielding a log message?
> >>>
> >>> Correct. But that was an error produced if the user_deny.db file didn't
> >>> exist, and ended up flooding syslog. That's a different syslog entry
> >>> from
> >>> what you're seeing.
> >>>
> >>> You might have to modify your syslog config to get rid of them:
> >>>
> >>> http://cyrusimap.org/docs/cyrus-imapd/2.5.1/install-configure.php
> >>
> >> That is precisely what I do not want to do.  There is no point in
> >> generating useless log messages, and it should be possible to turn
> >> these messages off.
> >>
> >> They are usually somewhat harmless, though.  When there are thousands
> >> or millions of them generated, it might indicate that there is some
> >> issue that needs to be fixed.  Not all imaps processes create so many
> >> messages.  In this sense, the messages are not useless.
> >>
> >> But what might cause so many of these messages to be generated within
> >> a short time, all day long?
> >
> > user_deny is used to selectively deny access to services for certain users.
> > It's called within the main cmdloop within the imapd code, among other
> > places (pop3, nntpd, lmtpd, and httpd). Each imapd connection could result
> > in many syslog entries depending on what activity the client is performing.
> >
> > The syslog entry is generated with this code:
> >
> >     if (!denydb) denydb_open(/*create*/0);
> >     if (!denydb) return 0;
> >
> >     memset(&tok, 0, sizeof(tok));
> >
> >     /* fetch entry for user */
> >     syslog(LOG_DEBUG, "fetching user_deny.db entry for '%s'", user);
> >
> > If cyrusdb_open cannot successfully open or create the entry (such as a
> > permissions error), then that would effectively stop the syslog entries
> > from being generated.
> >
> > So, setting a bogus value for 'userdeny_db' and/or 'userdeny_db_path'
> > should do what you want in a round about way. That's assuming you're not
> > actually using userdeny of course.
> >
> 
> In the process of setting up cyrus, I created the file with 'touch' 
> because I got error messages about it in the log file.  Now when I 
> remove it, I'm getting even more log messages than I get when the file 
> exists:
> 
> 
> imaps[28382]: IOERROR: stating flat /var/imap/user_deny.db: No such file 
> or directory
> imaps[28382]: DENYDB_ERROR: error reading entry 'fax': cyrusdb error
> 
> 
> So I guess I'm not using it; I don't even know what this feature is or 
> does.  The manpage of imapd doesn't show any way to turn this feature off.
> 
> This kind of logging is actually a bug because it's a security issue by 
> supporting DOS attacks.  Just imagine 1000 users doing something that 
> causes the message to be logged 20 times per second and the system 
> logger having to deal with 20k log messages per second.
> 
> It seems I'd have to comment out the line and recompile cyrus because 
> that's the only way to disable the message.  I'll have to figure out how 
> to do that on Gentoo.
> 
> Thank you very much for your help!
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


-- 
  Bron Gondwana
  brong at fastmail.fm


More information about the Info-cyrus mailing list