One of the most common problems I’m seeing lately is specific to cPanel servers, wherein a user accesses webmail on a server that wouldn’t be considered busy or loaded. Shortly after login Webmail then logs them out. Every time, it’s related to LFD killing dovecot’s processes.
So, if you are seeing this symptom, and not seeing any helpful errors logged anywhere, check your LFD (or other process killer/resource manager) logs. You can see here that the most recently killed processes were very recent (since the ‘tail’ command only shows the last 10 lines of a file by default):
[root@host ~]# tail /var/log/lfd.log | grep dovecot
May 26 03:01:21 server lfd[14571]: *User Processing* PID:8111 Kill:0 User:dovecot Time:70897 EXE:/usr/libexec/dovecot/anvil CMD:dovecot/anvil
May 26 03:01:21 server lfd[14571]: *User Processing* PID:19419 Kill:0 User:dovecot Time:28536 EXE:/usr/libexec/dovecot/auth CMD:dovecot/auth
You can also see, with this command, how many dovecot processes were killed:
[root@host ~]# grep dovecot /var/log/lfd.log | grep -c Kill
136
In this case, the best option was to whitelist dovecot processes in the CSF pignore file, here:
[root@host ~]# ls -lah /etc/csf/csf.pignore
-rw------- 1 root root 3.1K Jul 5 2013 /etc/csf/csf.pignore
Adding these two lines to the file prevented LFD from killing the valid Dovecot processes, and corrected the logout issues we were seeing:
exe:/usr/libexec/dovecot/anvil
exe:/usr/libexec/dovecot/auth
If you see this problem, and this isn’t the answer for you, post your answer below so we can all learn!