View previous topic :: View next topic |
Author |
Message |
baboo Senior Member
Joined: 04 Sep 2007 Posts: 676
|
Posted: Fri Feb 25, 2011 6:22 am Post subject: system time and imap |
|
|
My system time is drifting by up to 10 minutes. Dovecot kills itself when the time drifts more than a couple of minutes.
any suggestions?
thanks |
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Fri Feb 25, 2011 6:53 am Post subject: |
|
|
Are you using ntpd?
What you drift file says? /etc/ntp/drift
gerasimos_h _________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
baboo Senior Member
Joined: 04 Sep 2007 Posts: 676
|
Posted: Fri Feb 25, 2011 7:29 am Post subject: |
|
|
no such file 'drift'. The time is off by about 8-10 minutes. Logs don't show anything. |
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Fri Feb 25, 2011 8:11 am Post subject: |
|
|
If you are not using ntpd make /etc/rc.d/rc.ntpd executable
and add /etc/ntp directory if it's not exist and uncomment drift option at
/etc/ntpd.conf and add a server.
Start /etc/rc.d/rc./ntpd.
gerasimos_h _________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
baboo Senior Member
Joined: 04 Sep 2007 Posts: 676
|
Posted: Fri Feb 25, 2011 5:06 pm Post subject: |
|
|
thanks. The drift file did not exist. Have corrected.
thanks again |
|
Back to top |
|
internetonly Junior Member
Joined: 25 Jul 2010 Posts: 4
|
Posted: Wed Mar 02, 2011 1:04 am Post subject: |
|
|
- My personal experience :
- In /var/spool/cron/crontabs/root I have :
55 4 * * * /usr/sbin/ntpdate -u -s pool.ntp.org pool.ntp.org
29,59 * * * * /etc/./dovecot_dead_or_alive_110.txt
- In /etc/./dovecot_dead_or_alive_110.txt I have :
###
#!/bin/sh
chk=`netstat -an | grep -c :110`
if [ "$chk" = "0" ]
then
echo "...SHIT !!!... DOVECOT ON PORT 110 is down, Restarting, NOW !!!...";
/etc/rc.d/./rc.dovecot stop
/etc/rc.d/./rc.dovecot stop
/etc/rc.d/./rc.dovecot stop
/etc/rc.d/./rc.dovecot start
fi
###
- Inspired from here : http://wiki.dovecot.org/TimeMovedBackwards |
|
Back to top |
|
internetonly Junior Member
Joined: 25 Jul 2010 Posts: 4
|
Posted: Wed Mar 02, 2011 1:14 am Post subject: |
|
|
- Please observe the difference here (taken from /var/log/dovecot.log) :
...
Feb 15 04:54:56 dovecot: Fatal: Time just moved backwards by 6 seconds. This might cause a lot of problems, so I'll just kill myself now.
...
Feb 16 04:55:02 dovecot: Error: Time just moved backwards by 4 seconds. I'll sleep now until we're back in present.
... |
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Wed Mar 02, 2011 7:11 am Post subject: |
|
|
As dovecot's wiki says, try not to use ntpdate but ntpd instead.
Dovecot 2.0 handle this better and it is available in testing,
sooner or later we will switch to version 2.0, as version 1.x.x has some I/O leaks that might not get fixed at all.
I could add a cron script to check if dovecot is running, although those errors are very specific.
Why you stop dovecot 3 times before start it again?
gerasimos_h _________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
keopp Senior Member
Joined: 08 Nov 2008 Posts: 166 Location: Romania
|
Posted: Wed Mar 02, 2011 8:56 am Post subject: |
|
|
Hello all,
I use ntpd to maintain system time accuracy. However, ocazionally, happens unexpected time changes(maybe BIOS battery) causing dovecot to kill himself. I solved this using a fail2ban jail/filter/action in a similar way I did in this post. |
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Wed Mar 02, 2011 2:16 pm Post subject: |
|
|
One way is by using a cron job like
Code: | #!/bin/sh
HOST='localhost'
PORT=110
#PORT=143
#HP=@$HOST:$PORT
HP=:$PORT
echo 'Checking to see if Dovecot is up...'
if ( /usr/bin/lsof -Pni $HP | grep "$PORT (LISTEN)" 2>&1 >/dev/null ); then
echo 'Dovecot is up';
else
echo 'Dovecot is down, restarting...';
/etc/rc.d/rc.dovecot start
fi |
or
Code: | #!/bin/sh
chk=`netstat -an | grep -c :110`
if [ "$chk" = "0" ]
then
echo "Dovecot is down, Restarting...";
/etc/rc.d/rc.dovecot start
fi |
As for fail2ban you can try by creating the files
Code: | root@sms:~# cat /etc/fail2ban/action.d/dovecot.conf
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = /etc/rc.d/rc.dovecot start
actionunban =
|
Code: | root@sms:~# cat /etc/fail2ban/filter.d/dovecot.conf
[Definition]
# to test set up use this
# /usr/bin/fail2ban-regex /var/log/dovecot.log /etc/fail2ban/filter.d/dovecot.conf
failregex = dovecot: Fatal: Time just moved backwards by .* <HOST>
ignoreregex =
|
and add in /etc/fail2ban/jail.conf
Code: | [dovecot-restart]
enabled = true
filter = dovecot
action = dovecot
sendmail-whois[name=dovecot, dest=root@localhost]
logpath = /var/log/dovecot.log
maxretry = 1
ignoreip =
bantime = 600 |
gerasimos_h _________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
keopp Senior Member
Joined: 08 Nov 2008 Posts: 166 Location: Romania
|
Posted: Wed Mar 02, 2011 3:40 pm Post subject: |
|
|
I sugest bantime = 1
here:
Code: |
[dovecot-restart]
enabled = true
filter = dovecot
action = dovecot
sendmail-whois[name=dovecot, dest=root@localhost]
logpath = /var/log/dovecot.log
maxretry = 1
ignoreip =
#bantime = 600
bantime = 1
|
|
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Wed Mar 02, 2011 3:58 pm Post subject: |
|
|
I found "bantime =1" excessive, but it's an option, maybe 30 or 60 too.
I may add a few dovecot rules for authentication failures in fail2ban too.
Do you use dovecot rules?
gerasimos_h _________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
keopp Senior Member
Joined: 08 Nov 2008 Posts: 166 Location: Romania
|
Posted: Wed Mar 02, 2011 4:13 pm Post subject: |
|
|
Yes I made some dovecot rules because I recently found several attacks. I have the impression the attack's rate is increasing since middle of feb.
This are the rules in my dovecot-attacks.conf filter:
Code: |
failregex = \(auth failed.*rip=<HOST>
\[<HOST>\].*authentication failed
warning: <HOST>.*verification failed
lost connection after.*\[<HOST>\]
|
|
|
Back to top |
|
baboo Senior Member
Joined: 04 Sep 2007 Posts: 676
|
Posted: Wed Mar 02, 2011 7:03 pm Post subject: |
|
|
thanks everyone for your replies. I have learned alot from this dialog. Time is working well now and I am testing each of your suggestions.
thanks |
|
Back to top |
|
keopp Senior Member
Joined: 08 Nov 2008 Posts: 166 Location: Romania
|
Posted: Wed Mar 02, 2011 7:14 pm Post subject: |
|
|
Good luck then.
We're waiting for your comments. |
|
Back to top |
|
|