Package: dovecot-core
Version: 1:2.2.31-1
Severity: important
Dear Maintainer,
==================================================================================================
* What led up to the situation?
During the upgrade from 1:2.2.27-3 to 1:2.2.31-1, the post-install script
produced the message
below and dovecot was not functional anymore:
Restarting IMAP/POP3 mail server: dovecotdoveconf: Fatal: Error in
configuration file /etc/dovecot/conf.d/10-ssl.conf line 13:
ssl_key: Can't open file /etc/dovecot/private/dovecot.key: No such file or
directory
failed!
* What exactly did you do (or not do) that was effective (or ineffective)?
To fix this, I changed /etc/dovecot/conf.d/10-ssl.conf with the lines:
# create symlinks in /etc/dovecot/private to default certificates:
## ssl-cert-snakeoil.key -> /etc/ssl/private/ssl-cert-snakeoil.key
## ssl-cert-snakeoil.pem -> /etc/ssl/certs/ssl-cert-snakeoil.pem
ssl_cert = </etc/dovecot/private/ssl-cert-snakeoil.pem
ssl_key = </etc/dovecot/private/ssl-cert-snakeoil.key
I think it is a serious packaging problem when an upgrade to a working dovecot
version fails
because now TLS is enabled by default but default certs are not installed.
dovecot-core should
check it there are valid certificates in /etc/dovecot/private matching
10-ssl.conf and, failing
that, create symlinks similar to the above, so that a plain upgrade from
a working dovecot version results in a working dovecot again.
==================================================================================================
-- Package-specific info:
dovecot configuration
---------------------
# 2.2.31 (65cde28): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.19 (e5c7051)
# OS: Linux 4.7.0-1-686-pae i686 Debian 9.0
default_vsz_limit = 2560 M
mail_location = mbox:~/mail:INBOX=/var/mail/%u
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = " imap lmtp sieve pop3"
ssl_cert = </etc/dovecot/private/ssl-cert-snakeoil.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_key = # hidden, use -P to show it
userdb {
driver = passwd
}
-- System Information:
Debian Release: 9.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 4.7.0-1-686-pae (SMP w/6 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages dovecot-core depends on:
ii adduser 3.115
ii init-system-helpers 1.48
ii libbz2-1.0 1.0.6-8.1
ii libc6 2.24-5
ii libexttextcat-2.0-0 3.4.4-2+b1
ii liblz4-1 0.0~r131-2+b1
ii liblzma5 5.2.2-1.2+b1
ii libpam-runtime 1.1.8-3.5
ii libpam0g 1.1.8-3.5
ii libssl1.1 1.1.0f-3
ii libstemmer0d 0+svn585-1+b2
ii libwrap0 7.6.q-26
ii lsb-base 9.20161125
ii openssl 1.1.0f-3
ii ssl-cert 1.0.39
ii ucf 3.0036
ii zlib1g 1:1.2.8.dfsg-5
dovecot-core recommends no packages.
Versions of packages dovecot-core suggests:
ii dovecot-gssapi 1:2.2.31-1
ii dovecot-imapd 1:2.2.31-1
ii dovecot-ldap 1:2.2.31-1
ii dovecot-lmtpd 1:2.2.31-1
pn dovecot-lucene <none>
ii dovecot-managesieved 1:2.2.31-1
ii dovecot-mysql 1:2.2.31-1
ii dovecot-pgsql 1:2.2.31-1
ii dovecot-pop3d 1:2.2.31-1
ii dovecot-sieve 1:2.2.31-1
ii dovecot-solr 1:2.2.31-1
ii dovecot-sqlite 1:2.2.31-1
pn ntp <none>
Versions of packages dovecot-core is related to:
ii dovecot-core [dovecot-common] 1:2.2.31-1
pn dovecot-dbg <none>
ii dovecot-dev 1:2.2.31-1
ii dovecot-gssapi 1:2.2.31-1
ii dovecot-imapd 1:2.2.31-1
ii dovecot-ldap 1:2.2.31-1
ii dovecot-lmtpd 1:2.2.31-1
ii dovecot-managesieved 1:2.2.31-1
ii dovecot-mysql 1:2.2.31-1
ii dovecot-pgsql 1:2.2.31-1
ii dovecot-pop3d 1:2.2.31-1
ii dovecot-sieve 1:2.2.31-1
ii dovecot-sqlite 1:2.2.31-1
-- Configuration Files:
/etc/init.d/dovecot changed:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DESC="IMAP/POP3 mail server"
NAME=dovecot
DAEMON=/usr/sbin/dovecot
DAEMON_ARGS=""
SCRIPTNAME=/etc/init.d/$NAME
CONF=/etc/dovecot/${NAME}.conf
NICE="-N 8"
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
[ -x "$DAEMON" ] || exit 0
[ -f "$CONF" ] || exit 0
[ "$ENABLED" != "0" ] || exit 0
[ "$ALLOW_COREDUMPS" != "1" ] || ulimit -c unlimited
. /lib/lsb/init-functions
if [ ! -r ${CONF} ]; then
log_daemon_msg "${CONF}: not readable" "$NAME" && log_end_msg 1;
exit 1;
fi
if [ -f /etc/inetd.conf ]; then
# The init script should do nothing if dovecot or another imap/pop3 server
# is being run from inetd, and dovecot is configured to run as an imap or
# pop3 service
for p in `sed -r "s/^ *(([^:]+|\[[^]]+]|\*):)?(pop3s?|imaps?)[ \t].*/\3/;t;d"
\
/etc/inetd.conf`
do
for q in `doveconf -n -h protocols`
do
if [ $p = $q ]; then
log_daemon_msg "protocol ${p} configured both in inetd and in dovecot"
"$NAME" && log_end_msg 1
exit 0
fi
done
done
fi
PIDBASE=${PIDBASE:-`doveconf -n -c ${CONF} -h base_dir`}
PIDFILE=${PIDBASE:-/var/run/dovecot}/master.pid
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON $NICE
--test -- -c ${CONF} > /dev/null \
|| return 1
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON $NICE
-- -c ${CONF} \
$DAEMON_ARGS \
|| return 2
}
do_stop()
{
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE
--name ${DAEMON##*/}
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
# and if the daemon is only ever run from this initscript.
# If the above conditions are not satisfied then add some other code
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --pidfile
$PIDFILE --name ${DAEMON##*/}
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
return "$RETVAL"
}
do_reload() {
#
# If the daemon can reload its configuration without
# restarting (for example, when it is sent a SIGHUP),
# then implement that here.
#
start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE $NICE
--name $NAME
return 0
}
case "$1" in
start)
log_daemon_msg "Starting $DESC" "$NAME"
do_start
case "$?" in
0|1) log_end_msg 0 ;;
2) log_end_msg 1 ;;
esac
;;
stop)
log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) log_end_msg 0 ;;
2) log_end_msg 1 ;;
esac
;;
reload|force-reload)
log_daemon_msg "Reloading $DESC" "$NAME"
do_reload
log_end_msg $?
;;
restart)
#
# If the "reload" option is implemented then remove the
# 'force-reload' alias
#
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process is still running
*) log_end_msg 1 ;; # Failed to start
esac
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
status)
status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $?
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload|status}" >&2
exit 3
;;
esac
-- debconf information:
dovecot-core/create-ssl-cert: false
dovecot-core/ssl-cert-name: localhost
dovecot-core/ssl-cert-exists:
