Dovecot eBook
Hi Timo I have a strange question. I bought the Dovecot Book off Amazon. I can easily prove it with a picture and/or my receipt off Amazon. I still have it o my library but I don’t like to travel around with it. Is there a way for me to get a PDF copy? I just checked Amazon and there is still no PDF version available there. Regards SI Sent from Mail for Windows 10
Re: Dovecot 2.3.6 on Solaris10: build issues, segfaults
Looking further into this segfault at settings-parser.c:setting_copy():1519 *dest_size = *src_size; *src_size points to type size_t (typedef unsigned long), a 4-byte aligned value consistent with a 32-bit build. This is mismatched with declared type (gdb) whatis src_size type = const uoff_t * (gdb) whatis uoff_t type = unsigned long long (gdb) p sizeof(uoff_t) $1 = 8 resulting in the segfault when *src_size is dereferened. The implied condition of this code segment is typeof(uoff_t)==typeof(size_t) which is clearly not the case. I'm not sure how/if uoff_t is defined, but configure reports checking for uoff_t... no checking type of off_t... long long The latter is weird, because if I compile and run using the same compiler flags #include int main(void) { printf("%d %d\n",sizeof(long long),sizeof(off_t)); } the output is "8 4". Joseph Tam
Re: Address family not supported by protocol
On 19/07/2019 20:04 Elias Hamaz via dovecot wrote: Hello, I am trying to run Dovecot on Arch Linux ARM on a Raspberry Pi, and there is an error when calling dovecot. Related information is listed below. Does anybody know if this is a code issue or a configuration issue? Regards, Elias Hamaz You have ipv6 disabled but is set to listen :: in config. Set listen=0.0.0.0 --- Aki Tuomi
Address family not supported by protocol
Hello, I am trying to run Dovecot on Arch Linux ARM on a Raspberry Pi, and there is an error when calling dovecot. Related information is listed below. Does anybody know if this is a code issue or a configuration issue? Regards, Elias Hamaz $ sudo dovecot: Error: socket() failed: Address family not supported by protocol Error: service(pop3-login): listen(::, 110) failed: Address family not supported by protocol Error: socket() failed: Address family not supported by protocol Error: service(pop3-login): listen(::, 995) failed: Address family not supported by protocol Error: socket() failed: Address family not supported by protocol Error: service(imap-login): listen(::, 143) failed: Address family not supported by protocol Error: socket() failed: Address family not supported by protocol Error: service(imap-login): listen(::, 993) failed: Address family not supported by protocol Fatal: Failed to start listeners $ df -Th: Filesystem Type Size Used Avail Use% Mounted on /dev/root ext4 15G 13G 1.1G 93% / devtmpfs devtmpfs 211M 0 211M 0% /dev tmpfs tmpfs 215M 0 215M 0% /dev/shm tmpfs tmpfs 215M 280K 215M 1% /run tmpfs tmpfs 215M 0 215M 0% /sys/fs/cgroup tmpfs tmpfs 215M 0 215M 0% /tmp /dev/mmcblk0p1 vfat 90M 49M 41M 55% /boot tmpfs tmpfs 43M 0 43M 0% /run/user/1000 $ lscpu: Architecture:armv6l Byte Order: Little Endian CPU(s): 1 On-line CPU(s) list: 0 Thread(s) per core: 1 Core(s) per socket: 1 Socket(s): 1 Vendor ID: ARM Model: 7 Model name: ARM1176 Stepping:r0p7 CPU max MHz: 700. CPU min MHz: 700. BogoMIPS:697.95 Flags: half thumb fastmult vfp edsp java tls $ dovecot -n: # 2.3.7 (494d20bdc): /etc/dovecot/dovecot.conf # OS: Linux 4.14.50-2-ARCH armv6l # Hostname: alarmpi doveconf: Error: t_readlink(/var/run/dovecot/dovecot.conf) failed: readlink() failed: No such file or directory namespace { inbox = yes location = mailbox { special_use = \Drafts name = Drafts } mailbox { special_use = \Junk name = Junk } mailbox { special_use = \Sent name = Sent } mailbox { special_use = \Sent name = Sent Messages } mailbox { special_use = \Trash name = Trash } prefix = name = inbox } passdb { driver = pam } service replication-notify-fifo { name = aggregator } service anvil-auth-penalty { name = anvil } service auth-worker { name = auth-worker } service auth-client { name = auth } service config { name = config } service dict-async { name = dict-async } service dict { name = dict } service login/proxy-notify { name = director } service dns-client { name = dns_client } service doveadm-server { name = doveadm } service imap-hibernate { name = imap-hibernate } service imap { name = imap-login } service imap-urlauth { name = imap-urlauth-login } service imap-urlauth-worker { name = imap-urlauth-worker } service token-login/imap-urlauth { name = imap-urlauth } service imap-master { name = imap } service indexer-worker { name = indexer-worker } service indexer { name = indexer } service ipc { name = ipc } service lmtp { name = lmtp } service log-errors { name = log } service old-stats-mail { name = old-stats } service pop3 { name = pop3-login } service login/pop3 { name = pop3 } service replicator-doveadm { name = replicator } service stats-reader { name = stats } service submission { name = submission-login } service login/submission { name = submission } ssl_cert =
Address family not supported by protocol
Hello,I am trying to run Dovecot on Arch Linux ARM on a Raspberry Pi, and there is an error when calling dovecot.Related information is listed below.Does anybody know if this is a code issue or a configuration issue?Regards,Elias Hamaz$ sudo dovecot:Error: socket() failed: Address family not supported by protocolError: service(pop3-login): listen(::, 110) failed: Address family not supported by protocolError: socket() failed: Address family not supported by protocolError: service(pop3-login): listen(::, 995) failed: Address family not supported by protocolError: socket() failed: Address family not supported by protocolError: service(imap-login): listen(::, 143) failed: Address family not supported by protocolError: socket() failed: Address family not supported by protocolError: service(imap-login): listen(::, 993) failed: Address family not supported by protocolFatal: Failed to start listeners$ df -Th:Filesystem Type Size Used Avail Use% Mounted on/dev/root ext4 15G 13G 1.1G 93% /devtmpfs devtmpfs 211M 0 211M 0% /devtmpfs tmpfs 215M 0 215M 0% /dev/shmtmpfs tmpfs 215M 280K 215M 1% /runtmpfs tmpfs 215M 0 215M 0% /sys/fs/cgrouptmpfs tmpfs 215M 0 215M 0% /tmp/dev/mmcblk0p1 vfat 90M 49M 41M 55% /boottmpfs tmpfs 43M 0 43M 0% /run/user/1000$ lscpu:Architecture: armv6lByte Order: Little EndianCPU(s): 1On-line CPU(s) list: 0Thread(s) per core: 1Core(s) per socket: 1Socket(s): 1Vendor ID: ARMModel: 7Model name: ARM1176Stepping: r0p7CPU max MHz: 700.CPU min MHz: 700.BogoMIPS: 697.95Flags: half thumb fastmult vfp edsp java tls$ dovecot -n:# 2.3.7 (494d20bdc): /etc/dovecot/dovecot.conf# OS: Linux 4.14.50-2-ARCH armv6l # Hostname: alarmpidoveconf: Error: t_readlink(/var/run/dovecot/dovecot.conf) failed: readlink() failed: No such file or directorynamespace { inbox = yes location = mailbox { special_use = \Drafts name = Drafts } mailbox { special_use = \Junk name = Junk } mailbox { special_use = \Sent name = Sent } mailbox { special_use = \Sent name = Sent Messages } mailbox { special_use = \Trash name = Trash } prefix = name = inbox}passdb { driver = pam}service replication-notify-fifo { name = aggregator}service anvil-auth-penalty { name = anvil}service auth-worker { name = auth-worker}service auth-client { name = auth}service config { name = config}service dict-async { name = dict-async}service dict { name = dict}service login/proxy-notify { name = director}service dns-client { name = dns_client}service doveadm-server { name = doveadm}service imap-hibernate { name = imap-hibernate}service imap { name = imap-login}service imap-urlauth { name = imap-urlauth-login}service imap-urlauth-worker { name = imap-urlauth-worker}service token-login/imap-urlauth { name = imap-urlauth}service imap-master { name = imap}service indexer-worker { name = indexer-worker}service indexer { name = indexer}service ipc { name = ipc}service lmtp { name = lmtp}service log-errors { name = log}service old-stats-mail { name = old-stats}service pop3 { name = pop3-login}service login/pop3 { name = pop3}service replicator-doveadm { name = replicator}service stats-reader { name = stats}service submission { name = submission-login}service login/submission { name = submission}ssl_cert = ssl_key = # hidden, use -P to show ituserdb { driver = passwd}protocol lmtp { service replication-notify-fifo { name = aggregator } service anvil-auth-penalty { name = anvil } service auth-worker { name = auth-worker } service auth-client { name = auth } service config { name = config } service dict-async { name = dict-async } service dict { name = dict } service login/proxy-notify { name = director } service dns-client { name = dns_client } service doveadm-server { name = doveadm } service imap-hibernate { name = imap-hibernate } service imap { name = imap-login } service imap-urlauth { name = imap-urlauth-login } service imap-urlauth-worker { name = imap-urlauth-worker } service token-login/imap-urlauth { name = imap-urlauth } service imap-master { name = imap } service indexer-worker { name = indexer-worker } service indexer { name = indexer } service ipc { name = ipc } service lmtp { name = lmtp } service log-errors { name = log } service old-stats-mail { name = old-stats } service pop3 { name = pop3-login } service login/pop3 { name = pop3 } service replicator-doveadm { name = replicator } service stats-reader { name = stats } service submission { name = submission-login } service login/submission { name = submission }}protocol !indexer-worker { service replication-notify-fi
WARNING: using attachment_dir with plugin zlib can corrupt mails
Hello list, hello Dovecot developers, this week, I discovered a serious bug in Dovecot, that lead to several broken mails on our servers. The bug corrupts the first few characters of the mail header during saving. On our setup, it was almost always only the very first line of text, that was corrupted. Depending on the IMAP client (they seem to request different header fields, ... during mail access), the bug causes the imap process to hang up the TCP connection and log errors like this: imap(USERNAME)<4767>: Error: Corrupted record in index cache file /IMAP/mail/mailboxes/USERNAME/mdbox/mailboxes/Trash/dbox-Mails/dovecot.index.cache: UID 489113: Broken fields in mailbox Trash: read(attachments-connector(zlib(/IMAP/mail/mailboxes/USERNAME/mdbox/storage/m.813))): FETCH BODY[HEADER.FIELDS (RETURN-PATH SUBJECT)] got too little data: 2 vs 122 In our case that finally grabbed my attention, the client was the users iphone that did not display any new messages but his Thunderbird did. The bug seems to be triggered by a bad "interaction" of attachment_dir option and zlib plugin. If you use both, you most likely are affected, too, except you only use zlib plugin for reading previously compressed stored mails. That's also the workaround we use now: zlib plugin only enabled in mail_plugins but no plugin/zlib_save set. The bug occurs on very specific mails. Due to privacy reasons I could not provide sample mails here. Storing such mails seems to trigger the bug reproducible. I attached a very minimal doveconf -n config, that can be used to trigger the bug. If one of the developers is interested, I can try to generate an "anonymized" version of such a specific mail that still causes the issue. I discovered the bug on our productive systems, running latest Dovecot 2.2 release, but the latest 2.3 I used during debugging is affected, too. During debugging, I also found one hint, that might help find the bug: If you store a problematic mail with zlib_save=gz (or zlib_save=bz2) and then disable the zlib plugin in mail_plugins, you can call doveadm fetch -u test hdr all | grep -v ^hdr: | gzip --decompress on test's mailbox with only that one broken mail. This will display the beginning of the rfc822 mail text until gzip terminates with "gzip: stdin: unexpected end of file", approximately after twice the length of the mail HEADER. This might indicate, that dovecot stores the uncompressed size of the header in it's data structures although the mail is stored compressed. I also found a very efficient way to find all affected mails in our setup: doveadm -f flow fetch -A 'user guid mailbox uid seq flags hdr' all | \ grep -a "^[^ ]+ user=" | \ grep -avF ' hdr=Return-path: ' | \ grep -av '.* hdr=[[:print:][:space:]]*$' (runtime for ~6M mails on our servers was 20-30min) This can be even more optimized if you have a powerful storage system with GNU parallel: doveadm user '*' | parallel "doveadm -f flow fetch -u '{}' 'user guid mailbox uid seq flags hdr' all | grep -a '^user=' | grep -avF ' hdr=Return-path: ' | grep -av '.* hdr=[[:print:][:space:]]*$' || true" (runtime for ~6M mails on our servers was ~4min) The command will give you a list of mails that possibly are affected, check the full output of doveadm fetch -u USERNAME hdr guid GUID | less to verify that the header is really broken. On our systems I found 39 mails within ~12M mails. I was able to recover these mails "manually" by reconstructing the Return-Path header line, importing the fixed mails and expunging the corrupt ones. Before importing, I had to disable zlib_save option obviously. Best regards, -- Patrick Cernko +49 681 9325 5815 Joint Administration: Information Services and Technology Max-Planck-Institute fuer Informatik & Softwaresysteme # 2.3.6.1 (d124cc84b): /etc/dovecot/dovecot.conf # OS: Linux 4.14.127.1.amd64-smp x86_64 Debian 9.9 # Hostname: adove.mpi-klsb.mpg.de listen = * mail_attachment_dir = /var/vmail/attachments mail_attachment_fs = posix mail_gid = nogroup mail_home = /var/vmail/%u mail_location = mdbox:~/mdbox mail_plugins = " zlib" mail_uid = nobody passdb { args = /etc/dovecot/userdb driver = passwd-file } plugin { zlib_save = gz } protocols = imap userdb { args = /etc/dovecot/userdb driver = passwd-file } smime.p7s Description: S/MIME Cryptographic Signature
index worker 2.3.7 undefined symbol errors
Suddenly I am getting undefined symbol errors having updated to 2.3.7. Jul 18 01:02:49 localhost dovecot: indexer-worker: Error: User lookup failed: Couldn't load required plugin /usr/lib/dovecot/modules/lib95_imap_sieve_plugin.so: dlopen() failed: /usr/lib/dovecot/modules/lib95_imap_sieve_plugin.so: undefined symbol: command_hook_register (I think I fixed this one by a config change) But I am left with this: Jul 19 14:09:52 localhost dovecot: indexer-worker: Error: User lookup failed: Couldn't load required plugin /usr/lib/dovecot/modules/lib90_sieve_plugin.so: dlopen() faile: /usr/lib/dovecot/modules/lib90_sieve_plugin.so: undefined symbol: mail_deliver_ctx_get_log_var_expand_table My (redacted) dovecot -n: # 2.3.7 (494d20bdc): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.7 (5a4e63b5) # OS: Linux 4.15.0-54-generic x86_64 Ubuntu 18.04.2 LTS # Hostname: localhost auth_verbose = yes first_valid_uid = 2000 imapc_features = rfc822.size fetch-headers imapc_host = mailman.tobit.co.uk imapc_port = 993 imapc_ssl = imaps imapc_ssl_verify = no imapc_user = %n lda_mailbox_autocreate = yes mail_attachment_dir = %h/attachments mail_attachment_min_size = 64 k mail_location = mdbox:%h:INBOX=%h/mail mail_plugins = mail_log notify replication fts fts_lucene sieve mail_prefetch_count = 20 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = # hidden driver = sql } plugin { fts = lucene fts_autoindex = yes fts_autoindex_exclude = \Junk fts_autoindex_exclude2 = \Trash fts_autoindex_exclude3 = \Deleted fts_lucene = whitespace_chars=@. imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Junk imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Junk imapsieve_mailbox2_name = * mail_log_events = delete undelete expunge copy save mailbox_delete mailbox_rename mailbox_create mail_log_fields = uid box msgid size sieve = file:~/sieve;active=~/.dovecot.sieve sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment sieve_pipe_bin_dir = /etc/dovecot/sieve sieve_plugins = sieve_imapsieve sieve_extprograms sieve_trace_dir = /tmp sieve_trace_level = matching } postmaster_address = postmas...@tobit.co.uk protocols = imap lmtp sieve service auth { unix_listener exim-auth { group = Debian-exim mode = 0660 user = Debian-exim } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service lmtp { inet_listener lmtp { address = 127.0.0.1 port = # hidden } unix_listener lmtp { mode = 0666 } user = vmail } service managesieve-login { inet_listener sieve { port = # hidden } process_min_avail = 0 service_count = 1 vsz_limit = 64 M } service managesieve { process_limit = 100 } ssl_cert = # hidden ssl_client_ca_dir = /etc/ssl/certs ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it userdb { args = # hidden driver = sql } protocol imap { mail_plugins = mail_log notify replication fts fts_lucene imap_sieve } protocol lmtp { mail_plugins = fts fts_lucene sieve }
Re: Dovecot 2.3.0 TLS
> Le 18 juil. 2019 à 11:21, Alexandre Urban via dovecot a > écrit : > > Hello, > > I don’t know who will read this message, but I found this thread: > https://www.mail-archive.com/search?l=dovecot@dovecot.org&q=subject:%22Dovecot+2.3.0+TLS%22&o=newest > And I’m expected the same issue, I will try to explain to you (english is not > my native language, sorry) > > Since Buster update, so Dovecot update too, I’m not able to connect to my > mail server from my iOS mail client (12.2) > Thunderbird just work fine. > > Here is my configuration: > > Debian Buster (amd64) > Dovecot: 2.3.4.1 > Postfix : 3.4.5 > OpenSSL: 1.1.1c > > Dovecot configuration file: > > ssl_min_protocol = TLSv1.2 (I tried different version) > > When I tried to connect with command line: openssl s_client -showcerts > -connect server:993 > > No client certificate CA names sent > Peer signing digest: SHA256 > Peer signature type: RSA-PSS > Server Temp Key: X25519, 253 bits > --- > SSL handshake has read 2322 bytes and written 392 bytes > Verification error: unable to verify the first certificate > --- > New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 > Server public key is 2048 bit > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > Early data was not sent > Verify return code: 21 (unable to verify the first certificate) > > When I tried to connect with command line: openssl s_client -showcerts > -no_tls1_3 -connect server:993 > > No client certificate CA names sent > Peer signing digest: SHA256 > Peer signature type: RSA-PSS > Server Temp Key: X25519, 253 bits > --- > SSL handshake has read 2423 bytes and written 310 bytes > Verification error: unable to verify the first certificate > --- > New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 > Server public key is 2048 bit > Secure Renegotiation IS supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > SSL-Session: > Protocol : TLSv1.2 > Cipher: ECDHE-RSA-AES256-GCM-SHA384 > > I think the “Secure Renegotiation IS NOT supported” with tls 1.3 could be an > issue, but I don’t what to do to fix the issue ? > > Could you help me ? > Let me know if you need more informations. > I would rather look at the "Verify return code: 21 (unable to verify the first certificate)" error. Is your TLS certificat valid and trusted on your iOS device ? IIRC, "Secure Renegotiation" is explicitly not supported by TLS1.3 (TLS1.3 forbids any renegotiation).
Re: Dovecot 2.3.0 TLS
Hello, I don't know who will read this message, but I found this thread: https://www.mail-archive.com/search?l=dovecot@dovecot.org&q=subject:%22Dovecot+2.3.0+TLS%22&o=newest And I'm expected the same issue, I will try to explain to you (english is not my native language, sorry) Since Buster update, so Dovecot update too, I'm not able to connect to my mail server from my iOS mail client (12.2) Thunderbird just work fine. Here is my configuration: Debian Buster (amd64) Dovecot: 2.3.4.1 Postfix : 3.4.5 OpenSSL: 1.1.1c Dovecot configuration file: ssl_min_protocol = TLSv1.2 (I tried different version) When I tried to connect with command line: openssl s_client -showcerts -connect server:993 No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 2322 bytes and written 392 bytes Verification error: unable to verify the first certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 21 (unable to verify the first certificate) When I tried to connect with command line: openssl s_client -showcerts -no_tls1_3 -connect server:993 No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 2423 bytes and written 310 bytes Verification error: unable to verify the first certificate --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher: ECDHE-RSA-AES256-GCM-SHA384 I think the "Secure Renegotiation IS NOT supported" with tls 1.3 could be an issue, but I don't what to do to fix the issue ? Could you help me ? Let me know if you need more informations. Thank you. Regards, Alex