[Dovecot] [IDEA] Re: wierd ssl-parameters.dat regeneration error

Kyle Wheeler kyle-dovecot at memoryhole.net
Mon May 7 21:46:52 EEST 2007 

On Monday, May  7 at 07:55 AM, quoth Kyle Wheeler:
>>     dovecot: Error: ssl-build-param:
>>          rename(/usr/local/var/lib/dovecot/ssl-parameters.dat.tmp,
>>          /usr/local/var/lib/dovecot/ssl-parameters.dat) failed: No
>>          such file or directory
>>     dovecot: Error: child 30689 (ssl-build-param) returned error 89
>>
>> And thereafter, all login attempts resulted in this:
>>
>>     dovecot: Error: imap-login: read(ssl-parameters.dat) failed:     
>> Unexpected EOF
>>     dovecot: Error: child 19036 (login) returned error 89

Ahhh, I think I figured out what's going on.

I run several different instances of dovecot, one for each of my 
domains (i.e. each one has a different SSL key, and a different 
auth_default_realm, and a different base_dir, but otherwise the config 
files are identical).

When Dovecot regenerates its ssl-parameters.dat file, there is a race 
condition between the multiple instances of dovecot, because they all 
regenerate the file in the same compile-time-defined $statedir 
directory: /usr/local/var/lib/dovecot. Because of that, the 
ssl-parameters.dat gets stolen by one of the dovecot instances, and so 
the other dovecot instances end up wondering what happened to their 
ssl-parameters.dat file.

Take, for example, this timeline:

     Dovecot1                        Dovecot2
     create ssl-parameters.dat.tmp
                                     create ssl-parameters.dat.tmp
     rename to ssl-parameters.dat
                                     rename to ssl-parameters.dat
                                     ERROR: tmp file missing!

Now, in old 0.99 versions of dovecot, I understand that you could, in 
the config file, change the name of the ssl-parameters.dat file. If I  
could still do that, I think it would fix my issue. Or, if I could 
change the $statedir in the config file.

Does anyone have any good solutions? Is my only option to maintain 
separate compiled versions of dovecot for every domain? (This seems 
idiotic, not to mention a lot of hassle.)

~Kyle
-- 
I believe that every human has a finite number of heart-beats. I don't 
intend to waste any of mine running around doing exercises.
                                                      -- Neil Armstrong
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20070507/3aa30403/attachment.pgp

More information about the dovecot mailing list