VS: Dovecot stops responding when I update SSL certificate
Did you change dh parameter size as well? This causes dh generation which can take some time. ---Aki TuomiDovecot oy Alkuperäinen viesti Lähettäjä: HotSlots Webmaster Päivämäärä: 5.3.2016 4.10 (GMT+02:00) Saaja: dovecot@dovecot.org Aihe: Dovecot stops responding when I update SSL certificate Dovecot 2.2.18 CentOS 6.7 (x86_64) Plesk 12.5.30 I have had Dovecot working fine with SSL for nearly two years now. It's time to renew the SSL certificate, so I did (same CA). The new certificate works fine in Apache and Postfix. But when I update Dovecot to use the same certificate, and restart the server, Dovecot stops responding to connects. I have triple-checked that the ssl_cert and ssl_key files are correct - all I did was change the names in the conf file. There's nothing in the log. I have tried various SSL tests but either they don't work (unspecific error) or they tell me nothing is wrong (and show the correct certificate.) I am running out of time to find a solution to this - what else can I look for? The one difference for the certificates is that I opted for one with a SHA256 root rather than SHA1 root. I have separately used a tool to verify that the certificate and private key match. Here is the end of the dovecot -n file that mentions SSL: ssl = required ssl_cert =
Dovecot stops responding when I update SSL certificate
Dovecot 2.2.18 CentOS 6.7 (x86_64) Plesk 12.5.30 I have had Dovecot working fine with SSL for nearly two years now. It's time to renew the SSL certificate, so I did (same CA). The new certificate works fine in Apache and Postfix. But when I update Dovecot to use the same certificate, and restart the server, Dovecot stops responding to connects. I have triple-checked that the ssl_cert and ssl_key files are correct - all I did was change the names in the conf file. There's nothing in the log. I have tried various SSL tests but either they don't work (unspecific error) or they tell me nothing is wrong (and show the correct certificate.) I am running out of time to find a solution to this - what else can I look for? The one difference for the certificates is that I opted for one with a SHA256 root rather than SHA1 root. I have separately used a tool to verify that the certificate and private key match. Here is the end of the dovecot -n file that mentions SSL: ssl = required ssl_cert = ssl_cipher_list = EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EDH+SHA256+AES128:EDH+SHA256+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EDH+SHA1+AES128:EDH+SHA1+AES256:EECDH+HIGH:EDH+HIGH:AESGCM+AES128:AESGCM+AES256:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!KRB5:!aECDH:!EDH+3DES ssl_dh_parameters_length = 2048 ssl_key = (The !TLSv1 doesn't seem to be honored - I tried it with and without that. A problem for later.) Thanks for any help. Steve L
Re: VS: Re: v2.2.22 release candidate released
And you are normally only exposing doveadm functionality in internal, private networks. On 3/4/2016 11:27 AM, Aki Tuomi wrote: In future release we will add master authentication too. Now you can use api key or doveadm password which are essentially same thing. ---Aki TuomiDovecot oy Alkuperäinen viesti Lähettäjä: Peter Chiochetti Päivämäärä: 4.3.2016 20.20 (GMT+02:00) Saaja: dovecot@dovecot.org Aihe: Re: v2.2.22 release candidate released Am 2016-03-04 um 14:33 schrieb Timo Sirainen: + Added doveadm HTTP API: See http://wiki2.dovecot.org/Design/DoveadmProtocol/HTTP Hmm, so anybody who has the API key can send any doveadm commands? I guess something like /etc/sudoers for API keys would be good? Did I miss something?
Re: Ubuntu packages
Op 3/4/2016 om 9:18 PM schreef Peter Chiochetti: > Am 2016-03-04 um 21:03 schrieb Stephan Bosch: >> Op 3/4/2016 om 7:15 PM schreef Peter Chiochetti: >>> Since dovecot put up packages on their own repo, bigmichi stopped >>> providing his'. I guess this is not Stephan; Would the kind person >>> update ppa.launchpad.net/bigmichi1 ? >> >> The Xi packages are built for Ubuntu here: >> >> https://build.opensuse.org/project/repositories/home:sbosch:dovecot-2.2 >> > > Dear Stephan, in Ubuntu (12.04 here) /etc/init.d/dovecot is symlinked > to /lib/init/upstart-job - but its in your package too, so installing > your package might damage the upstart job. I remember having seen this > (in 2014). Then why doesn't anyone ever tell me? :) I'll give that a look at the next Xi revision, which will happen quite soon. Regards, Stephan.
Re: Ubuntu packages
Am 2016-03-04 um 21:03 schrieb Stephan Bosch: Op 3/4/2016 om 7:15 PM schreef Peter Chiochetti: Since dovecot put up packages on their own repo, bigmichi stopped providing his'. I guess this is not Stephan; Would the kind person update ppa.launchpad.net/bigmichi1 ? The Xi packages are built for Ubuntu here: https://build.opensuse.org/project/repositories/home:sbosch:dovecot-2.2 Dear Stephan, in Ubuntu (12.04 here) /etc/init.d/dovecot is symlinked to /lib/init/upstart-job - but its in your package too, so installing your package might damage the upstart job. I remember having seen this (in 2014). -- peter
RE: Dovecot & Pigeon w/ MySQL
Hi Stephan, Oh I see. Is there this feature request already to support the save on MySQL/database? Jorge, > -Original Message- > From: dovecot [mailto:dovecot-boun...@dovecot.org] On Behalf Of Stephan > Bosch > Sent: sexta-feira, 4 de Março de 2016 11:32 > To: Jorge Bastos; 'Dovecot Mailing List' > Subject: Re: Dovecot & Pigeon w/ MySQL > > Op 3/3/2016 om 4:03 PM schreef Jorge Bastos: > > Howdy, > > > > > > > > I'm looking for a good howto to have pigeon saving the sieve scripts > > on an mysql table. > > Pigeonhole can currently only retrieve Sieve scripts from a database, > not store them there; .e.g., from ManageSieve. > > > Can some point me to a good one? Dr. google doesn't show me much > about it. > > http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration > http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration/Dict > > Regards, > > Stephan.
Re: Ubuntu packages
Op 3/4/2016 om 7:15 PM schreef Peter Chiochetti: > Since dovecot put up packages on their own repo, bigmichi stopped > providing his'. I guess this is not Stephan; Would the kind person > update ppa.launchpad.net/bigmichi1 ? The Xi packages are built for Ubuntu here: https://build.opensuse.org/project/repositories/home:sbosch:dovecot-2.2 Regards, Stephan.
Re: Ubuntu packages
Am 2016-03-04 um 20:51 schrieb Robert Schetterer: Am 04.03.2016 um 19:15 schrieb Peter Chiochetti: Since dovecot put up packages on their own repo, bigmichi stopped providing his'. I guess this is not Stephan; Would the kind person update ppa.launchpad.net/bigmichi1 ? Thank You what wrong with http://wiki.dovecot.org/PrebuiltBinaries#Automatically_Built_Packages builds fine on ubuntu 14.04 Dear Robert, I tried a deb-package of those once (Jan 2014), but it badly messed with upstart files in /etc, which is not the same in ubuntu and debian -- peter
Re: Dovecort-2.2.22
On 04 Mar 2016, at 17:46, Ralf Zimmermann wrote: > > With Dovecot-2.2.22 and enabled virtual plugin I get following error messages: > > Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0x819f0) > [0x7f12330bf9f0] -> The raw backtrace isn't very helpful unfortunately. What was the panic log message before this? Also it could be helpful to have gdb backtrace: http://dovecot.org/bugreport.html
Re: Ubuntu packages
Am 04.03.2016 um 19:15 schrieb Peter Chiochetti: > Since dovecot put up packages on their own repo, bigmichi stopped > providing his'. I guess this is not Stephan; Would the kind person > update ppa.launchpad.net/bigmichi1 ? > > Thank You > what wrong with http://wiki.dovecot.org/PrebuiltBinaries#Automatically_Built_Packages builds fine on ubuntu 14.04 Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
VS: Re: v2.2.22 release candidate released
In future release we will add master authentication too. Now you can use api key or doveadm password which are essentially same thing. ---Aki TuomiDovecot oy Alkuperäinen viesti Lähettäjä: Peter Chiochetti Päivämäärä: 4.3.2016 20.20 (GMT+02:00) Saaja: dovecot@dovecot.org Aihe: Re: v2.2.22 release candidate released Am 2016-03-04 um 14:33 schrieb Timo Sirainen: > + Added doveadm HTTP API: See > http://wiki2.dovecot.org/Design/DoveadmProtocol/HTTP Hmm, so anybody who has the API key can send any doveadm commands? I guess something like /etc/sudoers for API keys would be good? Did I miss something? -- peter
Re: v2.2.22 release candidate released
Am 2016-03-04 um 14:33 schrieb Timo Sirainen: + Added doveadm HTTP API: See http://wiki2.dovecot.org/Design/DoveadmProtocol/HTTP Hmm, so anybody who has the API key can send any doveadm commands? I guess something like /etc/sudoers for API keys would be good? Did I miss something? -- peter
Ubuntu packages
Since dovecot put up packages on their own repo, bigmichi stopped providing his'. I guess this is not Stephan; Would the kind person update ppa.launchpad.net/bigmichi1 ? Thank You -- peter
Re: v2.2.22 release candidate released
On 04 Mar 2016, at 17:40, Miquel van Smoorenburg wrote: > > Question: some time ago you mentioned that you were going to work on > caldav/carddav support. What is the status of that, and will the > calendar/contacts database be available over JMAP as well? Initially JMAP will be email-only. The CalDAV/CardDAV plans have been postponed for now.
Dovecort-2.2.22
With Dovecot-2.2.22 and enabled virtual plugin I get following error messages:
Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0x819f0)
[0x7f12330bf9f0] -> /usr/local/lib/dovecot/libdovecot.so.0(+0x81adc)
[0x7f12330bfadc] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0)
[0x7f123306833d] ->
/usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_close+0x178)
[0x7f12320599f8] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x9f94)
[0x7f1232059f94] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x9fe9)
[0x7f1232059fe9] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a)
[0x7f12333825da] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_free+0x13)
[0x7f1233382663] -> dovecot/imap() [0x41870f] -> dovecot/imap() [0x423ce4] ->
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handle_timeouts+0xda)
[0x7f12330d28aa] ->
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x9c)
[0x7f12330d3cbc] ->
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x25)
[0x7f12330d2a65] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38)
[0x7f12330d2c08] ->
/usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13)
[0x7f123306da23] -> dovecot/imap(main+0x2d7) [0x40c3c7] ->
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f1232cb4b45] ->
dovecot/imap() [0x40c530]
I test it with this configuration on Debian Jessie 64-bit:
# dovecot.conf
mail_plugins = $mail_plugins acl quota zlib virtual
namespace {
prefix = virtual/
separator = /
location = virtual:~/Maildir/virtual
}
# ~/Maildir/virtual/unseen/dovecot-virtual
INBOX
unseen
Mit freundlichen Grüßen
Ralf Zimmermann
Senior Security Engineer
State Certified Engineer
SIEGNETZ.IT GmbH
Einheitsstrasse 2, D-57076 Siegen
Telefon: +4927168193130 Fax: +492716819329
Mobil : +491735360015
http://www.siegnetz.de
http://rz.siegnetz.de
Amtsgericht Siegen HRB4838
Geschäftsführer: Oliver Seitz
Sitz der Gesellschaft ist Siegen
signature.asc
Description: Message signed with OpenPGP using GPGMail
Re: v2.2.22 release candidate released
On 04/03/16 14:33, Timo Sirainen wrote: There are some larger changes here, especially to doveadm to make it support HTTP API. There's still time to do smaller tweaks to the API, so let us know if you have some improvement ideas. Note that the API was designed to look mostly like JMAP, which we're planning to implement also for v2.3. The plan is to fork v2.3 development tree soon. Let me say that I think it's really cool that you're adding support for JMAP. This will make it possible for front-end developers to build webmail or mail-aware applications right on top of dovecot, instead of first having to build a server-side middleware layer between IMAP and the application. Question: some time ago you mentioned that you were going to work on caldav/carddav support. What is the status of that, and will the calendar/contacts database be available over JMAP as well? Thanks, Mike.
Re: v2.2.22 release candidate released
Il 04/03/2016 14:33, Timo Sirainen ha scritto: let us know if you have some improvement ideas I think would be useful to have "doveadm auth cache flush" also per domain, example: doveadm auth cache flush *@domain.com like doveadm quota. -- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice
Re: Dsync Header Hashing
On 04 Mar 2016, at 07:47, Richard Laager wrote: > > Is there any way to disable the header hashing in dsync? > > I'm doing a one-time migration to Dovecot using imapc. The FETCHes for Date & > Message-ID take a non-trivial amount of time and it's not clear to me if they > have a function for a one-time migration. That would be nice, yes. Does the attached patch happen to work? Compiles, but untested for now. dsync.diff Description: Binary data
Reappearing emails
We have been running Dovecot 2.2.10 with a pair of CentOS 7 boxes with replications for the past year. We have been quite happy with the performance and reliability. Recently we received a report from an Android IMAP user that emails that he deleted without reading would often reappear in his INBOX. At first I thought it might be some quirky incompatibility with his email client, but I found that I could easily reproduce it in Roundcube by dragging an unread email to Trash. I have been monitoring this forum fairly religiously and don't recall seeing any similar reports. I plan to capture the IMAP wire interactions, but before doing that, I thought I would submit this to the IMAP gods to see if anyone had heard of this and/or if there is some newer version that might resolve the problem. This particular customer contacted his email vendor and asked them to analyze the problem. The actual log data is gigantic, so I just pasted in the vendor's narrative below in case it helps. Otherwise, as I said, I will capture a similar interaction at the wire level and follow up here. Vendor's narrative: You had 8 messages in the Inbox, and moved two to Trash. The server notified the app on the push connection (for Inbox) that there are now 6 messages. By the time the app got around to catch up with that (it did the Trash folder first), the server said "oh wait, there are 8 messages, not 6" (in the Inbox), and so the app synced them in, just as reported. app selecting the Inbox, server saying there are 8 messages there app moving UID 729 and 730 to Trash (push) server saying Trash now has 34 messages (push) server saying two messages gone from Inbox, 6 left (push) 6 messages left in Inbox becoming 8 (push) and here they are (the two new ones) Thanks, Ron
questions regarding zlib plugin
Hi, faced with a current space problem on our dovecot 2.2.18 server, I thought about using the zlib plugin. My questions: - is it really as simple as adding the options to the conf files as described in the docs :) ? http://wiki2.dovecot.org/Plugins/Zlib - As this just compresses new messages; dose anybody has a sort of simple cron or whatever script or best practice how to compress existing maildir mails? The doc is a bit complicated to me at that point... Thanks a lot and regards . Götz smime.p7s Description: S/MIME Cryptographic Signature
v2.2.22 release candidate released
http://dovecot.org/releases/2.2/rc/dovecot-2.2.22.rc1.tar.gz http://dovecot.org/releases/2.2/rc/dovecot-2.2.22.rc1.tar.gz.sig There are some larger changes here, especially to doveadm to make it support HTTP API. There's still time to do smaller tweaks to the API, so let us know if you have some improvement ideas. Note that the API was designed to look mostly like JMAP, which we're planning to implement also for v2.3. The plan is to fork v2.3 development tree soon. + Added doveadm HTTP API: See http://wiki2.dovecot.org/Design/DoveadmProtocol/HTTP + virtual plugin: Mailbox filtering can now be done based on the mailbox metadata. See http://wiki2.dovecot.org/Plugins/Virtual + stats: Added doveadm stats reset to reset global stats. + stats: Added authentication statistics if auth_stats=yes. + dsync, imapc, pop3c & pop3-migration: Many optimizations, improvements and error handling fixes. + doveadm: Most commands now stop soon after SIGINT/SIGTERM. - auth: Auth caching was done too aggressively when %variables were used in default_fields, override_fields or LDAP pass/user_attrs. userdb result_* were also ignored when user was found from cache. - imap: Fixed various assert-crashes caused v2.2.20+. Some of them caught actual hangs or otherwise unwanted behavior towards IMAP clients. - Expunges were forgotten in some situations, for example when pipelining multiple IMAP MOVE commands. - quota: Per-namespaces quota were broken for dict and count backends in v2.2.20+ - fts-solr: Search queries were using OR instead of AND as the separator for multi-token search queries in v2.2.20+.
Re: Dovecot & Pigeon w/ MySQL
Op 3/3/2016 om 4:03 PM schreef Jorge Bastos: > Howdy, > > > > I'm looking for a good howto to have pigeon saving the sieve scripts on an > mysql table. Pigeonhole can currently only retrieve Sieve scripts from a database, not store them there; .e.g., from ManageSieve. > Can some point me to a good one? Dr. google doesn't show me much about it. http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration/Dict Regards, Stephan.
