After a reboot, the server would run "dbrecover" on start, which checks
the consistency of pwdb (password database that is used for all users
except for 'admin' and 'root').
You can manually run:
I've noticed if there is an issue with pwdb, it is usually not failing
authentication (drop the thick-client for troubleshooting and use
'telnet <server> pop3') but extremely slow authentication (30-60+
seconds, which is the reason for the errors).
I've also noticed on high-traffic POP3 servers, you may this similar
issue as dictionary-attacks.
You will want to stop dovecot (or any service that might affected by
this, like xinetd [ftp] or admserv [httpd.admsrv]). Then kill any
processes that might be hung (usually 'dovecot-auth'). Then run
dbrecover, which may take a minute or two to run. Finally restart any
service you stopped. This usually fixes the issue without the need of a
From: Darrell D. Mobley [mailto:dmobley (at mark) uhostme.net]
Sent: Friday, March 09, 2007 5:26 PM
To: coba-e (at mark) bluequartz.org
Subject: [coba-e:09068] Dovecot/POP3 Flood
I started getting POP3 authentication errors on my server today, so I
logged on and tailed the maillog to see a POP3 flood using a dictionary
attack. I blocked the offending source IP address in iptables, then
stopped dovecot to allow the server load to subside and then restarted
it. It restarted normally, but I couldn't connect from my mail client
via POP3, the authentication continued to fail. I ended up stopping and
restarting sendmail and saslauthd, thinking perhaps those needed
restarting. No joy. I tried stopping and restarting all the mail
server services in the GUI. Still no joy. I ended up rebooting the
server and everything came back up fine.
What sequence should I have used to stop and restart the mail services
correctly to avoid the reboot?