Re: too much logging

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Am 29.04.2015 um 20:24 schrieb Dan White:
> On 04/29/15 18:35 +0200, hw wrote:
>>
>>
>> Am 29.04.2015 um 18:15 schrieb Dan White:
>>
>>>> Does this mean that before 2.5.1, the database is being opened and
>>>> closed all the time, yielding a log message?
>>>
>>> Correct. But that was an error produced if the user_deny.db file didn't
>>> exist, and ended up flooding syslog. That's a different syslog entry
>>> from
>>> what you're seeing.
>>>
>>> You might have to modify your syslog config to get rid of them:
>>>
>>> http://cyrusimap.org/docs/cyrus-imapd/2.5.1/install-configure.php
>>
>> That is precisely what I do not want to do.  There is no point in
>> generating useless log messages, and it should be possible to turn
>> these messages off.
>>
>> They are usually somewhat harmless, though.  When there are thousands
>> or millions of them generated, it might indicate that there is some
>> issue that needs to be fixed.  Not all imaps processes create so many
>> messages.  In this sense, the messages are not useless.
>>
>> But what might cause so many of these messages to be generated within
>> a short time, all day long?
>
> user_deny is used to selectively deny access to services for certain users.
> It's called within the main cmdloop within the imapd code, among other
> places (pop3, nntpd, lmtpd, and httpd). Each imapd connection could result
> in many syslog entries depending on what activity the client is performing.
>
> The syslog entry is generated with this code:
>
>     if (!denydb) denydb_open(/*create*/0);
>     if (!denydb) return 0;
>
>     memset(&tok, 0, sizeof(tok));
>
>     /* fetch entry for user */
>     syslog(LOG_DEBUG, "fetching user_deny.db entry for '%s'", user);
>
> If cyrusdb_open cannot successfully open or create the entry (such as a
> permissions error), then that would effectively stop the syslog entries
> from being generated.
>
> So, setting a bogus value for 'userdeny_db' and/or 'userdeny_db_path'
> should do what you want in a round about way. That's assuming you're not
> actually using userdeny of course.
>

In the process of setting up cyrus, I created the file with 'touch' 
because I got error messages about it in the log file.  Now when I 
remove it, I'm getting even more log messages than I get when the file 
exists:


imaps[28382]: IOERROR: stating flat /var/imap/user_deny.db: No such file 
or directory
imaps[28382]: DENYDB_ERROR: error reading entry 'fax': cyrusdb error


So I guess I'm not using it; I don't even know what this feature is or 
does.  The manpage of imapd doesn't show any way to turn this feature off.

This kind of logging is actually a bug because it's a security issue by 
supporting DOS attacks.  Just imagine 1000 users doing something that 
causes the message to be logged 20 times per second and the system 
logger having to deal with 20k log messages per second.

It seems I'd have to comment out the line and recompile cyrus because 
that's the only way to disable the message.  I'll have to figure out how 
to do that on Gentoo.

Thank you very much for your help!
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus




[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux