Re: imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
On 20/03/2015 18:24, Timo Sirainen wrote: Connecting to dovecot with ssl3 causes imap-login to die: Mar 20 11:30:35 MAILHOST dovecot: [ID 583609 mail.crit] imap-login: Fatal: master: service(imap-login): child 21918 killed with signal 11 (core dumped) [last ip=127.0.0.1] I can't reproduce it. I tried it with the same ssl_* settings you had. Can you get a gdb backtrace from the crash? It says core dumped, so I guess there should be a core file somewhere. http://dovecot.org/bugreport.html has some more info on how to get it. Thank you for your interest, here is a dbx trace. This was with OpenSSL 1.0.2a. (dbx) where =[1] ssl3_get_client_hello(s = 0x809b2a0) (optimized), at 0xfe9db0d5 (line ~1362) in s3_srvr.c [2] ssl3_accept(s = 0x809b2a0) (optimized), at 0xfe9d9892 (line ~357) in s3_srvr.c [3] SSL_accept(s = 0x809b2a0) (optimized), at 0xfea09f07 (line ~990) in ssl_lib.c [4] ssl_handshake(proxy = 0x809ba38) (optimized), at 0xfee35c18 (line ~481) in ssl-proxy-openssl.c [5] ssl_step(proxy = 0x809ba38) (optimized), at 0xfee35ee0 (line ~545) in ssl-proxy-openssl.c [6] ssl_proxy_flush(proxy = 0x809ba38) (optimized), at 0xfee3680c (line ~817) in ssl-proxy-openssl.c [7] ssl_proxy_destroy(proxy = 0x809ba38) (optimized), at 0xfee3686b (line ~825) in ssl-proxy-openssl.c [8] ssl_handle_error(proxy = 0x809ba38, ret = -1, func_name = 0xfee3b2d8 SSL_accept()) (optimized), at 0xfee35bc0 (line ~465) in ssl-proxy-openssl.c [9] ssl_handshake(proxy = 0x809ba38) (optimized), at 0xfee35cc9 (line ~483) in ssl-proxy-openssl.c [10] ssl_step(proxy = 0x809ba38) (optimized), at 0xfee35ee0 (line ~545) in ssl-proxy-openssl.c [11] ssl_proxy_start(proxy = 0x809ba38) (optimized), at 0xfee36341 (line ~685) in ssl-proxy-openssl.c [12] client_connected_finish(conn = 0x8047ae0) (optimized), at 0xfee31d62 (line ~151) in main.c [13] client_connected(conn = 0x8047ae0) (optimized), at 0xfee32148 (line ~246) in main.c [14] master_service_listen(l = 0x8096b30) (optimized), at 0xfecfac7e (line ~837) in master-service.c [15] io_loop_call_io(io = 0x8096bd0) (optimized), at 0xfeda764b (line ~501) in ioloop.c [16] io_loop_handler_run_internal(ioloop = 0x8071d70) (optimized), at 0xfedaa419 (line ~211) in ioloop-poll.c [17] io_loop_handler_run(ioloop = 0x8071d70) (optimized), at 0xfeda77be (line ~548) in ioloop.c [18] io_loop_run(ioloop = 0x8071d70) (optimized), at 0xfeda7711 (line ~525) in ioloop.c [19] master_service_run(service = 0x8071cb8, callback = 0xfee32040 = `libdovecot-login.so.0.0.0`main.c`client_connected(struct master_service_connection *conn)) (optimized), at 0xfecfa3d7 (line ~569) in master-service.c [20] login_binary_run(binary = 0x8068c50, argc = 2, argv = 0x8047d4c) (optimized), at 0xfee3294a (line ~470) in main.c [21] main(argc = 2, argv = 0x8047d4c) (optimized), at 0x8054de7 (line ~706) in client.c dovecot.conf had: ssl_protocols = !SSLv2 !SSLv3 removing that line stops the core dump and syslog then shows: Mar 20 11:36:25 MAILHOST dovecot: [ID 583609 mail.info] imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=, rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:14076102:SSL routines:SSL23_GET_CLIENT_HELLO:unsupported protocol, session=eqr1ubYRWgB/AAAB the SSL23_GET_CLIENT_HELLO:unsupported protocol seems to do what I thought the ssl_protocols setting did. Do I still need, if I ever needed, the ssl_protocols = setting? All these ssl_* settings just go to OpenSSL without Dovecot (or I) knowing all that much about them. I think you still need it, but maybe it's because your ssl_cipher_list is so limited that it fails the session anyway (just my guess). I admit I just copied from somewhere else without full understanding. Please if someone can advise me on settings for ssl_protocols and ssl_cipher_list then I'll use. Removing ssl_cipher_list = , so using the default, does not cure the problem. James.
Re: Deleting empty folders
With doveadm mailbox status -u ... messages* There is a list of folders and the number of messages and then with doveadm mailbox delete -u ... name to delete. Am 20.03.2015 um 21:18 schrieb Samuel Williams: So, along with the problem of lots of folders ending in 1 1 1 1, I'd like to have a strategy to delete these. I was trying to understand if it is possible to use http://linux.die.net/man/1/doveadm-expunge to delete empty folders, but without also deleting messages? Is this possible and if so what is the syntax? Kind regards, Samuel
IMAP ANNOTATE Extension RFC5257: priority on roadmap
Hi Timo, congrats to the merger with OX. Currently the implementation of RFC 5257, ANNOTATE-EXPERIMENT-1, has only low priority on http://wiki2.dovecot.org/Roadmap I want to explain a scenario that would benefit from annotation support to - maybe - increase the priority in your roadmap: I'm currently working on a project to publish bank customer related documents inside a banking webinterface (they call it 'postbox'). There are different requirements that would be satisfied very well by an IMAP server as data storage/provider for a long term email/document archive inside the bank. Annotations would be necessary to tag emails with customer numbers and document IDs to allow a delayed grouping of several emails by such identifiers (message IDs may not be available for references so annotations have to be used to compute references indirectly). Same for sorting and filtering by customer number or account number. I would highly appreciate if you at Dovecot could increase the priority of ANNOTATE in your roadmap. Best regards, Florian -- Agitos GmbH Emil-Geis-Straße 40 D-81379 München Telefon: +49-89-381 564 46-0 Telefax: +49-89-381 564 46-9 E-Mail: supp...@agitos.de Web: http://www.agitos.de Registergericht: Amtsgericht München, HRB 213590 Geschäftsführer: Dipl.-Inf. (Univ.) Florian Sager Ust-Identifikationsnummer: DE296114074
Re: Deleting empty folders
Thanks Hardy. I have 1600 folders to delete.. in the end I did find -type d -name * 1 -exec rm -r {} \; On 21 March 2015 at 21:22, Hardy Flor hf...@gmx.de wrote: With doveadm mailbox status -u ... messages* There is a list of folders and the number of messages and then with doveadm mailbox delete -u ... name to delete. Am 20.03.2015 um 21:18 schrieb Samuel Williams: So, along with the problem of lots of folders ending in 1 1 1 1, I'd like to have a strategy to delete these. I was trying to understand if it is possible to use http://linux.die.net/man/1/doveadm-expunge to delete empty folders, but without also deleting messages? Is this possible and if so what is the syntax? Kind regards, Samuel
Re: imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
On 21/03/2015 10:55, Reindl Harald wrote: well, remove that brickage of special compile I'm sorry but I did not understand your comment.
Re: imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
Am 21.03.2015 um 12:02 schrieb James: On 21/03/2015 10:55, Reindl Harald wrote: well, remove that brickage of special compile I'm sorry but I did not understand your comment why do you compile openssl that way? signature.asc Description: OpenPGP digital signature
Re: imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
On 21/03/2015 10:00, James wrote: the SSL23_GET_CLIENT_HELLO:unsupported protocol seems to do what I thought the ssl_protocols setting did. Do I still need, if I ever needed, the ssl_protocols = setting? All these ssl_* settings just go to OpenSSL without Dovecot (or I) knowing all that much about them. I think you still need it, but maybe it's because your ssl_cipher_list is so limited that it fails the session anyway (just my guess). I'd better add this PS, my openssl is compiled with no-ssl3 which is where the the SSL23 unsupported is coming from. I've remove the no-ssl3 from openssl indeed it accepts the connection, however, with ssl_protocols = !SSLv2 !SSLv3 in dovecot.conf imap-login still sig 11s. James.
Re: imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
On 21/03/2015 11:07, Reindl Harald wrote: well, remove that brickage of special compile I'm sorry but I did not understand your comment why do you compile openssl that way? What way? With or without ssl3? I've now done it both ways. Reading: https://wiki.openssl.org/index.php/Compilation_and_Installation no-ssl3 seems to be a popular and legitimate option.
Re: imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
On 21/03/2015 11:15, Reindl Harald wrote: that maybe all fine and true, but since others can't reproduce your problem it's likely your openssl build and not dovecot itself http://www.dovecot.org/bugreport.html Whenever Dovecot crashes, ... No matter how that happened, it's a bug and will be fixed ...
Re: FreeBSD ZFS maildir to mdbox
On 18-03-15 08:26, Toni Mattila wrote: Hi, On 18-Mar-15 00:09, Roland van Laar wrote: I'm converting my mailbox from Maildir to mdbox.. The Maildir is from an 1.2 server. The same conversion on a virtual ubuntu 14.04 box works with mentions of filename has the wrong S value and Corrupted index errors. You should fix the Maildir files first to have correct S= (size) on them. Older maildrops and qmail likes to create wrong sizes and newer dovecots rely on that S= to be correct. You can use http://www.dovecot.org/tools/maildir-size-fix.pl or similar script to fix your existing maildirs. That fixed it for me, the migration from maildir to mdbox is working now. I had trouble running the script at first, I added some extra information about the different kind of commandline options. Feel free to include them in the script on dovecot.org. LINE: 233 if (scalar @ARGV == 0) { print STDERR Usage: maildir-size-fix.pl /path/to/Maildir\n; print STDERR -c :Check if the files are compressed. Use the uncompressed size for S=size.\n; print STDERR -f :If S=size already exists, verify that it is correct.\n; print STDERR -n :If filename doesn't already have a S=size, add it.\n; print STDERR -p :If UIDLs are based on filename and no Puidl entry already \t exist for a message, write a Poriginal filename entry so it doesn't \t change when renaming a file.\n; print STDERR -r :Recursively scan the maildir for subdirectories.\n; print STDERR -v :Verbose logging.\n; exit 1 } Best Regards, Toni
Re: imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
Am 21.03.2015 um 11:51 schrieb James: On 21/03/2015 10:00, James wrote: the SSL23_GET_CLIENT_HELLO:unsupported protocol seems to do what I thought the ssl_protocols setting did. Do I still need, if I ever needed, the ssl_protocols = setting? All these ssl_* settings just go to OpenSSL without Dovecot (or I) knowing all that much about them. I think you still need it, but maybe it's because your ssl_cipher_list is so limited that it fails the session anyway (just my guess). I'd better add this PS, my openssl is compiled with no-ssl3 which is where the the SSL23 unsupported is coming from. I've remove the no-ssl3 from openssl indeed it accepts the connection, however, with ssl_protocols = !SSLv2 !SSLv3 in dovecot.conf imap-login still sig 11s well, remove that brickage of special compile signature.asc Description: OpenPGP digital signature
Re: imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
Am 21.03.2015 um 12:12 schrieb James: On 21/03/2015 11:07, Reindl Harald wrote: well, remove that brickage of special compile I'm sorry but I did not understand your comment why do you compile openssl that way? What way? With or without ssl3? I've now done it both ways. Reading: https://wiki.openssl.org/index.php/Compilation_and_Installation no-ssl3 seems to be a popular and legitimate option that maybe all fine and true, but since others can't reproduce your problem it's likely your openssl build and not dovecot itself signature.asc Description: OpenPGP digital signature
Transitioning from version 1 to version 2
I'm wrestling with transitioning from a 1.0.15 system to a 2.2.25 system. The old dovecot.conf cannot be dropped into position on the new system because so many config options and symbols have changed. It seems every time I change something to match the new formats, I break something else! Anyone out there have maybe half an hour to spare to look at my old and new files to help me whip them into shape?
Re: Deleting empty folders
Hello Samuel, with mdbox as Maildir no direct file operations should beperforms. For empty mailboxes that will ever happen, the doveadm mailbox delete deletes the emails, if required in the mailbox. Hardy Am 21.03.2015 um 11:48 schrieb Samuel Williams: Thanks Hardy. I have 1600 folders to delete.. in the end I did find -type d -name * 1 -exec rm -r {} \;
2.2.16 link failure on FreeBSD 10.1, with patch
Hi, Compiling on FreeBSD 10.1 gives linker errors when linking test-message-snippet. The underlying problem is that libiconv appears on the actual linker line after libcharset.a, which leads to unresolved libiconv symbols. This build process worked fine with 2.2.15. The patch below to src/lib-charset/Makefile.in resolves the problem for me and seems broadly correct. libcharset.a does depend on libiconv so it should probably be declared that way. There is probably a more correct way to make the patch to Makefile.am, but I don't really use automake. Hopefully helpful to someone. Jan Mikkelsen. Patch: --- dovecot-2.2.16/src/lib-charset/Makefile.in 2015-03-13 02:41:16.0 +1100 +++ dovecot-2.2.16.new/src/lib-charset/Makefile.in 2015-03-21 13:58:21.951293274 +1100 @@ -92,7 +92,7 @@ CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = LTLIBRARIES = $(noinst_LTLIBRARIES) -libcharset_la_LIBADD = +libcharset_la_LIBADD = $(LTLIBICONV) am_libcharset_la_OBJECTS = charset-iconv.lo charset-utf8.lo libcharset_la_OBJECTS = $(am_libcharset_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) Error messages: libtool: link: cc -std=gnu99 -I/usr/local/include -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wno-duplicate-decl-specifier -Wstrict-aliasing=2 -Wl,--as-needed -o test-message-snippet test-message-snippet.o .libs/message-snippet.o .libs/mail-html2text.o .libs/message-decoder.o .libs/quoted-printable.o .libs/rfc822-parser.o .libs/rfc2231-parser.o /usr/local/lib/libiconv.so -Wl,-rpath -Wl,/usr/local/lib .libs/message-parser.o .libs/message-header-parser.o .libs/message-header-decode.o .libs/message-size.o -L/usr/local/lib ../lib-charset/.libs/libcharset.a ../lib-test/.libs/libtest.a ../lib/.libs/liblib.a ../lib-charset/.libs/libcharset.a(charset-iconv.o): In function `charset_to_utf8_begin': charset-iconv.c:(.text+0x49): undefined reference to `libiconv_open' ../lib-charset/.libs/libcharset.a(charset-iconv.o): In function `charset_to_utf8_end': charset-iconv.c:(.text+0x151): undefined reference to `libiconv_close' ../lib-charset/.libs/libcharset.a(charset-iconv.o): In function `charset_to_utf8_reset': charset-iconv.c:(.text+0x211): undefined reference to `libiconv' ../lib-charset/.libs/libcharset.a(charset-iconv.o): In function `charset_to_utf8_try': charset-iconv.c:(.text+0x425): undefined reference to `libiconv' cc: error: linker command failed with exit code 1 (use -v to see invocation) ../lib-charset/.libs/libcharset.a(charset-iconv.o): In function `charset_to_utf8_begin': charset-iconv.c:(.text+0x49): undefined reference to `libiconv_open' ../lib-charset/.libs/libcharset.a(charset-iconv.o): In function `charset_to_utf8_end': charset-iconv.c:(.text+0x151): undefined reference to `libiconv_close' ../lib-charset/.libs/libcharset.a(charset-iconv.o): In function `charset_to_utf8_reset': charset-iconv.c:(.text+0x211): undefined reference to `libiconv' ../lib-charset/.libs/libcharset.a(charset-iconv.o): In function `charset_to_utf8_try': charset-iconv.c:(.text+0x425): undefined reference to `libiconv'