[Kolab-devel] Kolab 2.1 - Possibile DOS?

Gunnar Wrobel wrobel at pardus.de
Fri Feb 16 08:25:16 CET 2007 

"gelpi at corona.it" <corona at gelpi.it> writes:

> Gunnar Wrobel wrote:
>
>>"gelpi at corona.it" <corona at gelpi.it> writes:
>>
>>  
>>
>>>Hi,
>>>    too often my kolab 2.1 beta 3 installation stop working.
>>>what happens is that during kolab daily cron activity some component 
>>>shut down and does not restart or ldap stop responding.
>>>
>>>The result is that mail server stops.
>>>
>>>This night I forget my thunderbird open and polling every 5 minutes 6 
>>>mailboxes.
>>>At midnight kolab stop working with a message error of temporary lookup 
>>>failure.
>>>In postfix.sum  I found this lines:
>>>
>>>        1   77F5C6C345: virtual_alias_maps map lookup problem for 
>>>gelpi at mydomain.it
>>>         1   dict_ldap_connect: Unable to bind to server 
>>>ldap://127.0.0.1:389 as cn=nobody,cn=internal,dc=mydomain,dc=it: -1 
>>>(Can't contact LDAP server)
>>>  pickup (total: 1)
>>>         1   maildrop/77FA76C33B: Error writing message file
>>>  postfix-script (total: 30)
>>>
>>>In the lines above I change the real domain.
>>>
>>>The solution is to restart kolab with /kolab/etc/rc all restart
>>>
>>>I try to cron the last command at 1 o'clock, but if there is a client 
>>>open it simply stop kolab.
>>>
>>>This problem aries upgrading from beta 1 to beta 2. I upgrade to beta 3 
>>>but this does not resolve it.
>>>
>>>I'll upgrade to beta 4 as soon as possible.
>>>
>>>I add also this information. My sasl log is full of lines
>>>
>>><debug> saslauthd[14596]: ldap_simple_bind() failed -1 (Can't contact LDAP server).
>>> <info> saslauthd[14596]: Retrying authentication
>>> <debug> saslauthd[14596]: ldap_simple_bind() failed -1 (Can't contact LDAP server).
>>> <info> saslauthd[14596]: Retrying authentication
>>> <debug> saslauthd[14588]: ldap_simple_bind() failed -1 (Can't contact LDAP server).
>>> <info> saslauthd[14588]: Retrying authentication
>>> <debug> saslauthd[14588]: ldap_simple_bind() failed -1 (Can't contact LDAP server).
>>> <info> saslauthd[14588]: Retrying authentication
>>> <debug> saslauthd[14596]: ldap_simple_bind() failed -1 (Can't contact LDAP server).
>>> <info> saslauthd[14596]: Retrying authentication
>>>
>>>I install kolab one year ago using the december 15 snapshot. After that I upgrade to beta 1, then to beta 2 and to beta 3.
>>>
>>>I urgently need some help to investigate this problem and find a solution.
>>>    
>>>
>>
>>Check if you have a problem with random number generation. See
>>http://wiki.kolab.org/index.php/Timeout_problems
>>
>>Cheers,
>>Gunnar
>>
>>  
>>
> I change /dev/random with /dev/urandom as indicated in the wiki document 
> above, but it does not solve my problem.
>
> I think I also discover another problem.
>
> If I run
>
> kolab/etc/rc all restart
>
> while messages are arriving postfix loose conctat with openldap and 
> doesn't work any more.
>
> Here are messages from postfix.log
>
> ----------------------------------------------------------------------- 
> cut 
> --------------------------------------------------------------------------
>
> Jan 27 02:55:36 dafnen <info> postfix/postfix-script[30016]: stopping 
> the Postfix mail system
> Jan 27 02:55:36 dafnen <info> postfix/master[16973]: terminating on 
> signal 15
> Jan 27 02:55:39 dafnen <warning> postfix/postfix-script[30166]: warning: 
> not owned by root: /kolab/etc/postfix/ldapdistlist
> .cf
> Jan 27 02:55:39 dafnen <warning> postfix/postfix-script[30167]: warning: 
> not owned by root: /kolab/etc/postfix/ldaptranspor
> t.cf
> Jan 27 02:55:39 dafnen <warning> postfix/postfix-script[30168]: warning: 
> not owned by root: /kolab/etc/postfix/ldapvirtual.
> cf
> Jan 27 02:55:39 dafnen <warning> postfix/postfix-script[30169]: warning: 
> not owned by root: /kolab/etc/postfix/main.cf
> Jan 27 02:55:39 dafnen <warning> postfix/postfix-script[30170]: warning: 
> not owned by root: /kolab/etc/postfix/master.cf
> Jan 27 02:55:39 dafnen <warning> postfix/postfix-script[30221]: warning: 
> not owned by root: /kolab/etc/postfix/ldapdistlist
> .cf
> Jan 27 02:55:39 dafnen <warning> postfix/postfix-script[30222]: warning: 
> not owned by root: /kolab/etc/postfix/ldaptranspor
> t.cf
> Jan 27 02:55:39 dafnen <warning> postfix/postfix-script[30223]: warning: 
> not owned by root: /kolab/etc/postfix/ldapvirtual.
> cf
> Jan 27 02:55:39 dafnen <warning> postfix/postfix-script[30224]: warning: 
> not owned by root: /kolab/etc/postfix/main.cf
> Jan 27 02:55:39 dafnen <warning> postfix/postfix-script[30225]: warning: 
> not owned by root: /kolab/etc/postfix/master.cf
> Jan 27 02:55:39 dafnen <info> postfix/postfix-script[30239]: starting 
> the Postfix mail system
> Jan 27 02:55:39 dafnen <info> postfix/master[30240]: daemon started -- 
> version 2.2.5, configuration /kolab/etc/postfix
> Jan 27 02:56:29 dafnen <warning> postfix/smtpd[31279]: warning: 
> 66.63.179.156: hostname m1-4.aitmil.com verification failed
> : Name or service not known
> Jan 27 02:56:29 dafnen <info> postfix/smtpd[31279]: connect from 
> unknown[66.63.179.156]
> Jan 27 02:56:30 dafnen <warning> postfix/trivial-rewrite[31282]: 
> warning: dict_ldap_connect: Unable to bind to server ldap:
> //127.0.0.1:389 as cn=nobody,cn=internal,dc=gelpi,dc=it: -1 (Can't 
> contact LDAP server)
> Jan 27 02:56:30 dafnen <warning> postfix/trivial-rewrite[31282]: 
> warning: dict_ldap_connect: Unable to bind to server ldap:
> //127.0.0.1:389 as cn=nobody,cn=internal,dc=gelpi,dc=it: -1 (Can't 
> contact LDAP server)
> Jan 27 02:56:30 dafnen <warning> postfix/trivial-rewrite[31282]: 
> warning: dict_ldap_connect: Unable to bind to server ldap:
> //127.0.0.1:389 as cn=nobody,cn=internal,dc=gelpi,dc=it: -1 (Can't 
> contact LDAP server)
> Jan 27 02:56:30 dafnen <critical> postfix/trivial-rewrite[31282]: fatal: 
> ldap:/kolab/etc/postfix/ldapdistlist.cf(0,100): ta
> ble lookup problem
> Jan 27 02:56:31 dafnen <warning> postfix/smtpd[31279]: warning: 
> premature end-of-input on private/rewrite socket while read
> ing input attribute name
> Jan 27 02:56:31 dafnen <warning> postfix/smtpd[31279]: warning: problem 
> talking to service rewrite: Success
> Jan 27 02:56:31 dafnen <warning> postfix/master[30240]: warning: process 
> /kolab/libexec/postfix/trivial-rewrite pid 31282 e
> xit status 1
> Jan 27 02:56:32 dafnen <warning> postfix/trivial-rewrite[31283]: 
> warning: dict_ldap_connect: Unable to bind to server ldap:
> //127.0.0.1:389 as cn=nobody,cn=internal,dc=gelpi,dc=it: -1 (Can't 
> contact LDAP server)
> Jan 27 02:56:32 dafnen <warning> postfix/trivial-rewrite[31283]: 
> warning: dict_ldap_connect: Unable to bind to server ldap:
> //127.0.0.1:389 as cn=nobody,cn=internal,dc=gelpi,dc=it: -1 (Can't 
> contact LDAP server)
> Jan 27 02:56:32 dafnen <warning> postfix/trivial-rewrite[31283]: 
> warning: dict_ldap_connect: Unable to bind to server ldap:
> //127.0.0.1:389 as cn=nobody,cn=internal,dc=gelpi,dc=it: -1 (Can't 
> contact LDAP server)
> Jan 27 02:56:32 dafnen <critical> postfix/trivial-rewrite[31283]: fatal: 
> ldap:/kolab/etc/postfix/ldapdistlist.cf(0,100): ta
> ble lookup problem
> Jan 27 02:56:33 dafnen <warning> postfix/smtpd[31279]: warning: 
> premature end-of-input on private/rewrite socket while read
> ing input attribute name
> Jan 27 02:56:33 dafnen <warning> postfix/smtpd[31279]: warning: problem 
> talking to service rewrite: Success
> Jan 27 02:56:33 dafnen <warning> postfix/master[30240]: warning: process 
> /kolab/libexec/postfix/trivial-rewrite pid 31283 e
> xit status 1
> Jan 27 02:56:33 dafnen <warning> postfix/master[30240]: warning: 
> /kolab/libexec/postfix/trivial-rewrite: bad command startu
> p -- throttling
> Jan 27 02:57:33 dafnen <warning> postfix/trivial-rewrite[31284]: 
> warning: dict_ldap_connect: Unable to bind to server ldap:
> //127.0.0.1:389 as cn=nobody,cn=internal,dc=gelpi,dc=it: -1 (Can't 
> contact LDAP server)
>
> -------------------------------------------------------------------- cut 
> --------------------------------------------------------------------------------
>
> Postfix cannot talk to ldap any more. I need to stop kolab and then 
> start it again.
>
> I think it will be neccessary to change the way all kolab components are 
> restarted.
> Now rc stop and start one component at a time.
> Is better to stop all components and then start all again, isn't it?

I guess that will only be necessary in problematic situations like
yours. In a normal situation the current behaviour reduces the
downtime and usually works fine.

> I have 2 kolab in use. This one was installed from 2005-12-15 snapshot 
> and then upgraded to beta 1, beta 2, and beta 3.
> The other was installed from beta 2 and then upgraded to beta 3, but it 
> doesn't stop. I have one problem in three month after a user received 
> 250MByte of messages during a night.
>
> I suspect the problem is connected with changes introduced with beta 2.
>
> Can you give me some advices to debug the situation?

If the problem is really the LDAP server then you should debug that
server.  There are some hints how to do that here:
http://wiki.kolab.org/index.php/Kolab2_Server_Troubleshooting_-_LDAP

Once you run LDAP in verbose debugging mode you should get tons of
information that hopefully guide you to the source of the error.

Cheers, 

Gunnar

-- 
____ http://www.pardus.de _________________ http://gunnarwrobel.de _

    >> Mail at ease - Rent a kolab groupware server at p at rdus <<

p at rdus Kolab work is funded in part by KDAB and the Kolab Konsortium

More information about the devel mailing list