[Dovecot] Slow authentication performance when switching folder

ra at rz.uni-frankfurt.de ra at rz.uni-frankfurt.de
Mon Jan 13 17:58:51 EET 2014 

Hello,

we have a problem with Dovecot 2.2.9 running on an AIX 7.1 and compiled
with xlc. At first we configured passdb to use our ldap directory via
pam and experienced an Internal login failure like the following one

Jan 13 16:20:02 imap-login: Info: Internal login failure (pid=29818948
id=1) (internal failure, 1 successful auths): user=<user>, method=PLAIN,
rip=xxx.xxx.xxx.xxx, lip=yyy.yyy.yyy.yyy, TLS, session=<r/P1m9vv5ACNAv6j>

I read that this error occurs if the last passdb returns a continue and
there is no other passdb to ask. We added two more passdb to rule out
that pam is the problem. We added ldap directly and as third a fallback
passwd file, but we still get the Internal login failure. As far as i
can see this only occurs if i switch to another folder and i´m being
reauthenticated. Are there any suggestions on what is going wrong? Any
push in the right direction would be appreciated.

kind regards

Manuel

PS: This is the dump of our dovecot configuration file:

doveconf: Warning: service auth { client_limit=1000 } is lower than
required under max. load (32768)
doveconf: Warning: service anvil { client_limit=1000 } is lower than
required under max. load (24579)
# OS: AIX 1 00F7B83D4C00
auth_debug = yes
auth_mechanisms = plain login
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890-
auth_username_format = %n
auth_username_translation =
AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz
auth_verbose = yes
base_dir = /var/run/dovecot-imap
default_process_limit = 8192
disable_plaintext_auth = no
first_valid_uid = 100
info_log_path = /mailbase/dovecot/2.2.9/log/dovecot_imap_debug.log
log_path = /mailbase/dovecot/2.2.9/log/dovecot_imap.log
login_greeting = University-Frankfurt-IMAP-Horde ready.
mail_access_groups = mhs
mail_debug = yes
mail_fsync = never
mail_location = mbox:~/:INBOX=/var/spool/mail/%u:INDEX=/var/mail-indexes/%u
mailbox_idle_check_interval = 90 secs
mbox_write_locks = fcntl
namespace {
  inbox = yes
  location =
  prefix =
  separator = /
  type = private
  name =
}
passdb {
  args = username_format=%u /mailbase/etc/passwd
  driver = passwd-file
}
passdb {
  args = %s
  driver = pam
}
plugin {
  stats_refresh = 30 secs
  stats_track_cmds = yes
}
service replication-notify-fifo {
  name = aggregator
}
service anvil-auth-penalty {
  name = anvil
}
service auth-worker {
  name = auth-worker
}
service auth-client {
  name = auth
}
service config {
  name = config
}
service dict {
  name = dict
}
service login/proxy-notify {
  name = director
}
service dns-client {
  name = dns_client
}
service doveadm-server {
  name = doveadm
}
service {
  inet_listener {
    address = *
    port = 0
    name = imap
  }
  inet_listener {
    address = *
    port = 993
    name = imaps
  }
  name = imap-login
}
service imap-urlauth {
  name = imap-urlauth-login
}
service imap-urlauth-worker {
  name = imap-urlauth-worker
}
service token-login/imap-urlauth {
  name = imap-urlauth
}
service login/imap {
  name = imap
}
service indexer-worker {
  name = indexer-worker
}
service indexer {
  name = indexer
}
service ipc {
  name = ipc
}
service lmtp {
  name = lmtp
}
service log-errors {
  name = log
}
service {
  inet_listener {
    address = 10.1.1.40
    port = 0
    name = pop3
  }
  inet_listener {
    address = *
    port = 0
    name = pop3s
  }
  name = pop3-login
}
service login/pop3 {
  name = pop3
}
service replicator-doveadm {
  name = replicator
}
service login/ssl-params {
  name = ssl-params
}
service stats-mail {
  name = stats
}
ssl_cert = </etc/ssl/certs/thot_mit_chain.crt
ssl_key = </etc/ssl/certs/private_key_thot.rz.pem
userdb {
  driver = passwd
}
userdb {
  args = /mailbase/dovecot/2.2.9/etc/dovecot/dovecot-ldap.conf
  driver = ldap
}
protocol imap {
  mail_plugins = " stats imap_stats"
  service replication-notify-fifo {
    name = aggregator
  }
  service anvil-auth-penalty {
    name = anvil
  }
  service auth-worker {
    name = auth-worker
  }
  service auth-client {
    name = auth
  }
  service config {
    name = config
  }
  service dict {
    name = dict
  }
  service login/proxy-notify {
    name = director
  }
  service dns-client {
    name = dns_client
  }
  service doveadm-server {
    name = doveadm
  }
  service imap {
    name = imap-login
  }
  service imap-urlauth {
    name = imap-urlauth-login
  }
  service imap-urlauth-worker {
    name = imap-urlauth-worker
  }
  service token-login/imap-urlauth {
    name = imap-urlauth
  }
  service login/imap {
    name = imap
  }
  service indexer-worker {
    name = indexer-worker
  }
  service indexer {
    name = indexer
  }
  service ipc {
    name = ipc
  }
  service lmtp {
    name = lmtp
  }
  service log-errors {
    name = log
  }
  service pop3 {
    name = pop3-login
  }
  service login/pop3 {
    name = pop3
  }
  service replicator-doveadm {
    name = replicator
  }
  service login/ssl-params {
    name = ssl-params
  }
  service stats-mail {
    name = stats
  }
}

More information about the dovecot mailing list