Score:2

Dovecot claims ports are in use, netstat disagrees

cn flag

Attempting to start dovecot gives me this:

Apr 28 13:37:00 master: Error: service(pop3-login): listen(*, 110) failed: Address already in use
Apr 28 13:37:00 master: Error: service(pop3-login): listen(*, 995) failed: Address already in use
Apr 28 13:37:00 master: Error: service(imap-login): listen(*, 143) failed: Address already in use
Apr 28 13:37:00 master: Error: service(imap-login): listen(*, 993) failed: Address already in use

And 'netstat -tulpn' displays this:

tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      3369/master
tcp        0      0 0.0.0.0:52125               0.0.0.0:*                   LISTEN      2396/rpc.statd
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      3244/mysqld
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      2375/rpcbind
tcp        0      0 :::22                       :::*                        LISTEN      2562/sshd
tcp        0      0 :::25                       :::*                        LISTEN      3369/master
tcp        0      0 :::443                      :::*                        LISTEN      3390/httpd
tcp        0      0 :::39631                    :::*                        LISTEN      2396/rpc.statd
tcp        0      0 :::111                      :::*                        LISTEN      2375/rpcbind
tcp        0      0 :::80                       :::*                        LISTEN      3390/httpd
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               2236/dhclient
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               2375/rpcbind
udp        0      0 10.0.82.190:123             0.0.0.0:*                               2589/ntpd
udp        0      0 127.0.0.1:123               0.0.0.0:*                               2589/ntpd
udp        0      0 0.0.0.0:123                 0.0.0.0:*                               2589/ntpd
udp        0      0 0.0.0.0:43243               0.0.0.0:*                               2396/rpc.statd
udp        0      0 0.0.0.0:854                 0.0.0.0:*                               2375/rpcbind
udp        0      0 127.0.0.1:876               0.0.0.0:*                               2396/rpc.statd
udp        0      0 :::111                      :::*                                    2375/rpcbind
udp        0      0 :::854                      :::*                                    2375/rpcbind
udp        0      0 :::54504                    :::*                                    2396/rpc.statd

Any idea what I'm missing here?

UPDATE:

selinux is disabled, and the distro is AWX Linux:

$ getenforce
Disabled

$ uname -a
Linux ip-10-0-82-190 4.14.268-139.500.amzn1.x86_64 #1 SMP Wed Mar 2 18:48:10 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Appleoddity avatar
ng flag
Is dovecot binding to the ports as root? Only root can bind to ports below 1024.
cn flag
I am running dovecot as root. Also, as stated the dovecot log says the ports are in use.
in flag
What distribution are you using? Selinux could also prevent it.
us flag
Rob
Check the effective configuration (after parsing dovecot.conf and all includes) with `dovecot -n` and maybe see: https://serverfault.com/a/1017158/960939
cn flag
It was portreserve! What a shifty piece of crap! Repost as an answer and I'll award the bounty.
Doug avatar
in flag
I hadn't looked at the link in Rob's comment when I wrote my answer, so I just took this as user646372 solving their own issue. Credit should really go to Rob, as I see now that his link was how we got there.
Score:3
in flag

dovecot would appear to not be aware of (compatible with) portreserve.

Check /etc/portreserve for configuration files that are reserving ports you need and remove them from scope (e.g. rename them with ~). Alternatively you can add portrelease to your dovecot init scripts to release the necessary ports just prior to starting dovecot.

It's worth noting this errata (https://access.redhat.com/errata/RHSA-2020:1062) which leads to this bug report ("Dovecot should use portrelease to avoid port conflicts with NFSv4 mounts" https://bugzilla.redhat.com/show_bug.cgi?id=1570283). These would appear to tie it closer to a portreseve defect which is antagonized by NFSv4. It is not clear to me that the errata actually fixes the problem as the bug report only provides some context and perhaps a workaround.

I don't think this can be fixed on dovecot side - and fixing portreserve should fix this. SUNRPC has known disadvantage of randomly assigning rpc ports 665-1023 (well - not completely randomly - it is something like 6XX+pid which results in regular issues with 993/995 ports on certain systems) - thus when NFSv4 is in-place and it has not static ports assigned, it can consume randomly 993/995 port.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.