[Kolab-devel] Kolab 2.1 - Possibile DOS?

gelpi@corona.it corona at gelpi.it
Sat Jan 27 10:02:08 CET 2007


Gunnar Wrobel wrote:

>"gelpi at corona.it" <corona at gelpi.it> writes:
>
>  
>
>>Hi,
>>    too often my kolab 2.1 beta 3 installation stop working.
>>what happens is that during kolab daily cron activity some component 
>>shut down and does not restart or ldap stop responding.
>>
>>The result is that mail server stops.
>>
>>This night I forget my thunderbird open and polling every 5 minutes 6 
>>mailboxes.
>>At midnight kolab stop working with a message error of temporary lookup 
>>failure.
>>In postfix.sum  I found this lines:
>>
>>        1   77F5C6C345: virtual_alias_maps map lookup problem for 
>>gelpi at mydomain.it
>>         1   dict_ldap_connect: Unable to bind to server 
>>ldap://127.0.0.1:389 as cn=nobody,cn=internal,dc=mydomain,dc=it: -1 
>>(Can't contact LDAP server)
>>  pickup (total: 1)
>>         1   maildrop/77FA76C33B: Error writing message file
>>  postfix-script (total: 30)
>>
>>In the lines above I change the real domain.
>>
>>The solution is to restart kolab with /kolab/etc/rc all restart
>>
>>I try to cron the last command at 1 o'clock, but if there is a client 
>>open it simply stop kolab.
>>
>>This problem aries upgrading from beta 1 to beta 2. I upgrade to beta 3 
>>but this does not resolve it.
>>
>>I'll upgrade to beta 4 as soon as possible.
>>
>>I add also this information. My sasl log is full of lines
>>
>><debug> saslauthd[14596]: ldap_simple_bind() failed -1 (Can't contact LDAP server).
>> <info> saslauthd[14596]: Retrying authentication
>> <debug> saslauthd[14596]: ldap_simple_bind() failed -1 (Can't contact LDAP server).
>> <info> saslauthd[14596]: Retrying authentication
>> <debug> saslauthd[14588]: ldap_simple_bind() failed -1 (Can't contact LDAP server).
>> <info> saslauthd[14588]: Retrying authentication
>> <debug> saslauthd[14588]: ldap_simple_bind() failed -1 (Can't contact LDAP server).
>> <info> saslauthd[14588]: Retrying authentication
>> <debug> saslauthd[14596]: ldap_simple_bind() failed -1 (Can't contact LDAP server).
>> <info> saslauthd[14596]: Retrying authentication
>>
>>I install kolab one year ago using the december 15 snapshot. After that I upgrade to beta 1, then to beta 2 and to beta 3.
>>
>>I urgently need some help to investigate this problem and find a solution.
>>    
>>
>
>Check if you have a problem with random number generation. See
>http://wiki.kolab.org/index.php/Timeout_problems
>
>Cheers,
>Gunnar
>
>  
>
I change /dev/random with /dev/urandom as indicated in the wiki document 
above, but it does not solve my problem.

I think I also discover another problem.

If I run

kolab/etc/rc all restart

while messages are arriving postfix loose conctat with openldap and 
doesn't work any more.

Here are messages from postfix.log

----------------------------------------------------------------------- 
cut 
--------------------------------------------------------------------------

Jan 27 02:55:36 dafnen <info> postfix/postfix-script[30016]: stopping 
the Postfix mail system
Jan 27 02:55:36 dafnen <info> postfix/master[16973]: terminating on 
signal 15
Jan 27 02:55:39 dafnen <warning> postfix/postfix-script[30166]: warning: 
not owned by root: /kolab/etc/postfix/ldapdistlist
.cf
Jan 27 02:55:39 dafnen <warning> postfix/postfix-script[30167]: warning: 
not owned by root: /kolab/etc/postfix/ldaptranspor
t.cf
Jan 27 02:55:39 dafnen <warning> postfix/postfix-script[30168]: warning: 
not owned by root: /kolab/etc/postfix/ldapvirtual.
cf
Jan 27 02:55:39 dafnen <warning> postfix/postfix-script[30169]: warning: 
not owned by root: /kolab/etc/postfix/main.cf
Jan 27 02:55:39 dafnen <warning> postfix/postfix-script[30170]: warning: 
not owned by root: /kolab/etc/postfix/master.cf
Jan 27 02:55:39 dafnen <warning> postfix/postfix-script[30221]: warning: 
not owned by root: /kolab/etc/postfix/ldapdistlist
.cf
Jan 27 02:55:39 dafnen <warning> postfix/postfix-script[30222]: warning: 
not owned by root: /kolab/etc/postfix/ldaptranspor
t.cf
Jan 27 02:55:39 dafnen <warning> postfix/postfix-script[30223]: warning: 
not owned by root: /kolab/etc/postfix/ldapvirtual.
cf
Jan 27 02:55:39 dafnen <warning> postfix/postfix-script[30224]: warning: 
not owned by root: /kolab/etc/postfix/main.cf
Jan 27 02:55:39 dafnen <warning> postfix/postfix-script[30225]: warning: 
not owned by root: /kolab/etc/postfix/master.cf
Jan 27 02:55:39 dafnen <info> postfix/postfix-script[30239]: starting 
the Postfix mail system
Jan 27 02:55:39 dafnen <info> postfix/master[30240]: daemon started -- 
version 2.2.5, configuration /kolab/etc/postfix
Jan 27 02:56:29 dafnen <warning> postfix/smtpd[31279]: warning: 
66.63.179.156: hostname m1-4.aitmil.com verification failed
: Name or service not known
Jan 27 02:56:29 dafnen <info> postfix/smtpd[31279]: connect from 
unknown[66.63.179.156]
Jan 27 02:56:30 dafnen <warning> postfix/trivial-rewrite[31282]: 
warning: dict_ldap_connect: Unable to bind to server ldap:
//127.0.0.1:389 as cn=nobody,cn=internal,dc=gelpi,dc=it: -1 (Can't 
contact LDAP server)
Jan 27 02:56:30 dafnen <warning> postfix/trivial-rewrite[31282]: 
warning: dict_ldap_connect: Unable to bind to server ldap:
//127.0.0.1:389 as cn=nobody,cn=internal,dc=gelpi,dc=it: -1 (Can't 
contact LDAP server)
Jan 27 02:56:30 dafnen <warning> postfix/trivial-rewrite[31282]: 
warning: dict_ldap_connect: Unable to bind to server ldap:
//127.0.0.1:389 as cn=nobody,cn=internal,dc=gelpi,dc=it: -1 (Can't 
contact LDAP server)
Jan 27 02:56:30 dafnen <critical> postfix/trivial-rewrite[31282]: fatal: 
ldap:/kolab/etc/postfix/ldapdistlist.cf(0,100): ta
ble lookup problem
Jan 27 02:56:31 dafnen <warning> postfix/smtpd[31279]: warning: 
premature end-of-input on private/rewrite socket while read
ing input attribute name
Jan 27 02:56:31 dafnen <warning> postfix/smtpd[31279]: warning: problem 
talking to service rewrite: Success
Jan 27 02:56:31 dafnen <warning> postfix/master[30240]: warning: process 
/kolab/libexec/postfix/trivial-rewrite pid 31282 e
xit status 1
Jan 27 02:56:32 dafnen <warning> postfix/trivial-rewrite[31283]: 
warning: dict_ldap_connect: Unable to bind to server ldap:
//127.0.0.1:389 as cn=nobody,cn=internal,dc=gelpi,dc=it: -1 (Can't 
contact LDAP server)
Jan 27 02:56:32 dafnen <warning> postfix/trivial-rewrite[31283]: 
warning: dict_ldap_connect: Unable to bind to server ldap:
//127.0.0.1:389 as cn=nobody,cn=internal,dc=gelpi,dc=it: -1 (Can't 
contact LDAP server)
Jan 27 02:56:32 dafnen <warning> postfix/trivial-rewrite[31283]: 
warning: dict_ldap_connect: Unable to bind to server ldap:
//127.0.0.1:389 as cn=nobody,cn=internal,dc=gelpi,dc=it: -1 (Can't 
contact LDAP server)
Jan 27 02:56:32 dafnen <critical> postfix/trivial-rewrite[31283]: fatal: 
ldap:/kolab/etc/postfix/ldapdistlist.cf(0,100): ta
ble lookup problem
Jan 27 02:56:33 dafnen <warning> postfix/smtpd[31279]: warning: 
premature end-of-input on private/rewrite socket while read
ing input attribute name
Jan 27 02:56:33 dafnen <warning> postfix/smtpd[31279]: warning: problem 
talking to service rewrite: Success
Jan 27 02:56:33 dafnen <warning> postfix/master[30240]: warning: process 
/kolab/libexec/postfix/trivial-rewrite pid 31283 e
xit status 1
Jan 27 02:56:33 dafnen <warning> postfix/master[30240]: warning: 
/kolab/libexec/postfix/trivial-rewrite: bad command startu
p -- throttling
Jan 27 02:57:33 dafnen <warning> postfix/trivial-rewrite[31284]: 
warning: dict_ldap_connect: Unable to bind to server ldap:
//127.0.0.1:389 as cn=nobody,cn=internal,dc=gelpi,dc=it: -1 (Can't 
contact LDAP server)

-------------------------------------------------------------------- cut 
--------------------------------------------------------------------------------

Postfix cannot talk to ldap any more. I need to stop kolab and then 
start it again.

I think it will be neccessary to change the way all kolab components are 
restarted.
Now rc stop and start one component at a time.
Is better to stop all components and then start all again, isn't it?

I have 2 kolab in use. This one was installed from 2005-12-15 snapshot 
and then upgraded to beta 1, beta 2, and beta 3.
The other was installed from beta 2 and then upgraded to beta 3, but it 
doesn't stop. I have one problem in three month after a user received 
250MByte of messages during a night.

I suspect the problem is connected with changes introduced with beta 2.

Can you give me some advices to debug the situation?

-- 
Gelpi ing. Andrea
--------------------------------------------------------------
It took the computing power of three C-64s to fly to the Moon.
It takes a 486 to run Windows 95. Something is wrong here.
--------------------------------------------------------------




More information about the devel mailing list