Jaldhar H. Vyas wrote: > Bob Proulx wrote: > >Sorry. The above was captured by me with -7. But during my reinstall > >tests just a few minutes ago it was with the -8 package. No change. > >The ps listings I showed were from the -8 package. > > Drat.
:-) I know the feeling. > 1. Which version were you originally upgrading from? $ zgrep dovecot-core /var/log/dpkg.log* | awk '$3=="upgrade"' /var/log/dpkg.log-20140401.gz:2014-03-11 11:17:53 upgrade dovecot-core:amd64 1:2.2.9-1 1:2.2.10-1 /var/log/dpkg.log-20140401.gz:2014-03-24 16:15:55 upgrade dovecot-core:amd64 1:2.2.10-1 1:2.2.12-2 /var/log/dpkg.log-20140501.gz:2014-04-23 12:30:58 upgrade dovecot-core:amd64 1:2.2.12-2 1:2.2.12-3 /var/log/dpkg.log-20140601.gz:2014-05-12 13:11:12 upgrade dovecot-core:amd64 1:2.2.12-3 1:2.2.13~rc1-1 /var/log/dpkg.log-20140601.gz:2014-05-26 15:44:46 upgrade dovecot-core:amd64 1:2.2.13~rc1-1 1:2.2.13-1 /var/log/dpkg.log-20140701.gz:2014-06-30 15:03:51 upgrade dovecot-core:amd64 1:2.2.13-1 1:2.2.13-2 /var/log/dpkg.log-20140801.gz:2014-07-21 09:35:13 upgrade dovecot-core:amd64 1:2.2.13-2 1:2.2.13-3 /var/log/dpkg.log-20140801.gz:2014-07-31 18:44:39 upgrade dovecot-core:amd64 1:2.2.13-3 1:2.2.13-4 /var/log/dpkg.log-20141001.gz:2014-09-08 10:41:33 upgrade dovecot-core:amd64 1:2.2.13-4 1:2.2.13-5 /var/log/dpkg.log-20141101.gz:2014-10-27 12:05:00 upgrade dovecot-core:amd64 1:2.2.13-5 1:2.2.13-6 /var/log/dpkg.log-20141201:2014-11-28 15:14:56 upgrade dovecot-core:amd64 1:2.2.13-6 1:2.2.13-7 /var/log/dpkg.log:2014-12-03 14:38:45 upgrade dovecot-core:amd64 1:2.2.13-7 1:2.2.13-8 /var/log/dpkg.log:2014-12-03 21:58:59 upgrade dovecot-core:amd64 1:2.2.13-8 1:2.2.13-8 /var/log/dpkg.log:2014-12-03 22:28:26 upgrade dovecot-core:amd64 1:2.2.13-8 1:2.2.13-8 > 2. Did you edit /etc/dovecot/conf.d/10-ssl.conf at all (from any version.) Not that I recall. I haven't done anything with the dovecot configuration for quite a while now. > 3. Would you mind sending me the contents of that file? Attached. > 4. During the upgrade do you remember seeing any message about updating that > file? No. I pasted the output verbatim. > 5. This is a long shot but...do you have the ucf package installed? Yes. It is required by other packages. $ dpkg --status ucf Package: ucf Status: install ok installed Version: 3.0030 ... > Past my bedtime now but if you can answer these questions, I'll look into > this tomorrow. Hmm... It appears to leave it in a state that reconfiguring again succeeds. # dpkg --configure -a Setting up dovecot-core (1:2.2.13-8) ... Starting IMAP/POP3 mail server: dovecot. I see this in the syslog. Dec 3 22:28:27 despair dovecot: master: Warning: Killed with signal 15 (by pid=24051 uid=0 code=kill) Dec 3 22:28:41 despair dovecot: master: Dovecot v2.2.13 starting up for imap (core dumps disabled) But again if I --reinstall then the problem is recreated. It is repeatable on my system. I would be happy to test candidate packages or hacks or patches directly if you provide them to me. Since I have a system in the victim state and can test. This is not a production system but is my own desktop that I use for exactly this type of testing so that we can catch problems before it releases. Get some sleep! :-) Bob
## ## SSL settings ## # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> ssl = no # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf #ssl_cert = </etc/dovecot/dovecot.pem #ssl_key = </etc/dovecot/private/dovecot.pem # If key file is password protected, give the password here. Alternatively # give it when starting dovecot with -p parameter. Since this file is often # world-readable, you may want to place this setting instead to a different # root owned 0600 file by using ssl_key_password = <path. #ssl_key_password = # PEM encoded trusted certificate authority. Set this only if you intend to use # ssl_verify_client_cert=yes. The file should contain the CA certificate(s) # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem) #ssl_ca = # Require that CRL check succeeds for client certificates. #ssl_require_crl = yes # Directory and/or file for trusted SSL CA certificates. These are used only # when Dovecot needs to act as an SSL client (e.g. imapc backend). The # directory is usually /etc/ssl/certs in Debian-based systems and the file is # /etc/pki/tls/cert.pem in RedHat-based systems. #ssl_client_ca_dir = #ssl_client_ca_file = # Request client to send a certificate. If you also want to require it, set # auth_ssl_require_client_cert=yes in auth section. #ssl_verify_client_cert = no # Which field from certificate to use for username. commonName and # x500UniqueIdentifier are the usual choices. You'll also need to set # auth_ssl_username_from_cert=yes. #ssl_cert_username_field = commonName # DH parameters length to use. #ssl_dh_parameters_length = 1024 # SSL protocols to use #ssl_protocols = !SSLv2 # SSL ciphers to use #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL # Prefer the server's order of ciphers over client's. #ssl_prefer_server_ciphers = no # SSL crypto device to use, for valid values run "openssl engine" #ssl_crypto_device =
