R: Dovecot 2.3 shared namespace issues
Hello, My bad, the OS was ubuntu 20.04 and not 22.04 . After further tinkering\testing, it seems that removing the " acl_ignore_namespace = shared/* " setting did the trick, now we're getting the correct ACL on client side . Without it we can see the folder with the right permissions : Logging as user01 : shared\Sharer01\INBOX : '[NONEXISTENT] Mailbox doesn't exist: shared/test.imapshare...@td01.testdomain.it/INBOX'' shared\Sharer01\subfolder01 ( RW ) : 'shared/test.imapshare...@td01.testdomain.it/subfolder01 test.imapuse...@td01.testdomain.it akxeilprwtscd '] shared\Sharer01\subfolder02ro ( RO ) : '[NOPERM] You lack administrator privileges on this mailbox' Logging on Thunderbird and other IMAP clients ( sylpheed\claws ) as user01 : - It list correctly the shared folders as subscribed folders ; - can't view the mail contents of the sharer INBOX, as desired ; - show the total elements of the sharer INBOX, even if the user01 didnt have access ; If the config is correct, this is somehow what we're trying to accomplish, i have some concerns regarding how it is possible to show the total messages of the remote INBOX without having any privileges . Maybe is something related to the index of that INBOX folder that is somewhat read by the accessing user even if IMAP-wise didnt have any ACL \ rights . I still dont understand why enabling the acl_ignore_namespace setting, results in a : - remote INBOX full control, even if it was not defined in any acl ; - subfolders ACL applied correctly Hope that someone can shed a light on it . Thanks Stefano
Dovecot 2.3 shared namespace issues
Hello, We're trying to configure the shared mailbox feature\namespace on a dovecot 2.3 installation . OS : Ubuntu 22.04 x64 Dovecot : 2:2.3.19.1-2+ubuntu20.04 Our test enviroment is based on a dovecot frontend ( director + proxy ) and a dovecot backend ( auth and storage ), later we will think about increasing the number of backends and frontends ( if we got it right, as we plan to use multiple backends, we should use imapc in order to bind the sharer and the accessing user to the same backend ) . On dovecot backend we've configured the new shared namespace, as stated in the documentation ( https://doc.dovecot.org/configuration_manual/shared_mailboxes/shared_mailbox es/#user-shared-mailboxes ) : -- Dovecot conf # Maildir's location is under home dir, which is returned by userdb. mail_location = maildir:~/Maildir:VOLATILEDIR=/tmp_lock/%2.256Nu/%u # Quota, mail_log plugins enabled everywhere mail_plugins = quota notify acl fts fts_lucene mail_log mailbox_alias virtual # Default namespace namespace { hidden = no inbox = yes location = prefix = separator = / type = private mailbox Sent { special_use = \Sent auto = create } mailbox Trash { special_use = \Trash auto = create } mailbox Drafts { special_use = \Drafts auto = create } mailbox SPAM { special_use = \Junk auto = create } } # namespace used by virtual search namespace { prefix = VrtSearch. separator = / location = virtual:/etc/dovecot-common-backend/virtual:INDEX=~/virtual hidden = yes subscriptions = no inbox = no list = no } # IMAP SHARING FEATURE service dict { unix_listener dict { mode = 0600 user = vpopmail group = vchkpw } } plugin { acl = vfile acl_ignore_namespace = shared/* acl_shared_dict = proxy::acl-mysql } dict { acl-mysql = mysql:/etc/dovecot-common-backend/dovecot-dict-sql.conf.ext } # namespace used for IMAP sharing feature namespace { type = shared separator = / prefix = shared/%%u/ location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u list = children subscriptions = no } -- Dovecot dict sql # IMAP SHARING FEATURE connect = host=x.x.x.x dbname=xx user=xx password=xx map { pattern = shared/shared-boxes/user/$to/$from table = imap_user_shares value_field = dummy fields { from_user = $from to_user = $to } } map { pattern = shared/shared-boxes/anyone/$from table = imap_anyone_shares value_field = dummy fields { from_user = $from } } -- Dict DB contents mysql> select * from imap_user_shares; +--+ +---+ | from_user| to_user | dummy | +--+ +---+ | test.imapshare...@td01.testdomain.it | test.imapuse...@td01.testdomain.it | 1 | +--+ +---+ For our tests, we've : - created two users test.imapshare...@td01.testdomain.it test.imapuse...@td01.testdomain.it - Created two INBOX subfolders on the sharer01 user, giving user01 those permissions : subfolder01 giving to user01 Full control subfolder02ro giving to user01 list and read - logging as user01 with thunderbird, we see the shared namespace tree : shared test.imapshare...@td01.testdomain.it subfolder01 subfolder02 we're able to see the contents of each folder, even the INBOX . Checking the folder properties, thunderbird reports that the user01 has full control on the INBOX of shared01 . If we try to check the ACL via python script ( imaplib.gestacl ) or via doveadm, we can see that the sharer01 INBOX has no rights for user01 . But via thunderbird ( or other email clients ) we can delete emails . ACL - sharer01 accessing its folder ('OK', [b'INBOX test.imapshare...@td01.testdomain.it lrwstipekxacd']) ('OK', [b'subfolder01 test.imapuse...@td01.testdomain.it akxeilprwtscd test.imapshare...@td01.testdomain.it lrwstipekxacd']) ('OK', [b'subfolder02ro test.imapuse...@td01.testdomain.it lr test.imapshare...@td01.testdomain.it lrwstipekxacd']) ACL - user01 accessing sharer01 folders ('OK', [b'shared/test.imapshare...@td01.testdomain.it/INBOX']) ('OK', [b'shared/test.imapshare...@td01.testdomain.it/subfolder01 test.imapuse...@td01.testdomain.it akxeilprwtscd']) ('OK', [b'shared/test.imapshare...@td01.testdomain.it/subfolder02ro test.imapuse...@td01.testdomain.it lr']) Testing with doveadm shows
Re: dovecot-2.3-pigeonhole-0.5.18 : Freebsd Will not build
You need to upgrade dovecot to 2.3.18. On Sun, Feb 20, 2022 at 10:43 PM Paul Kudla (Scom.ca Internet Services Inc.) wrote: > dovecot version : dovecot-2.3.14 > > > -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larry...@gmail.com US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
Re: Support of INDEXPVT in Dovecot 2.3 with replication
Thanks Aki :) Am 29.10.20 um 13:47 schrieb Aki Tuomi: > At the moment the correct way to use shared folders in a replication pair is > to access them with imapc from the other pair. Can you please elaborate a bit more? In 2.2 I could understand how that works, as INDEXPVT was not replicated, but worked, so using eg. Node A as primary and Node B accessing it via imapc would give the same result, as long as both nodes are up and running. For me, that was the referenced mail from August, INDEXPVT stopped working in 2.3 with replication enabled. Ralf >> On 29/10/2020 14:43 Ralf Becker wrote: >> >> >> In reference to an earlier mail from me, I'd like to ask: >> >> Have there been any changes in regard to INDEXPVT and replication or are >> there any plans in that direction? >> >> Thanks :) >> >> Ralf >> >> >> On 03.08.20 at 11:20 Ralf Becker wrote: >>> So far the only thing we noticed: private seen flags on shared user >>> folders (which were never supported for replication!) seem to be not >>> functioning any more in 2.3. Not functioning means, if they are >>> configured you can not set a mail to seen in a shared user folder. After >>> removing this configuration: >>> >>> location = mdbox:%%h/mdbox:INDEXPVT=~/shared/%%u --> mdbox:%%h/mdbox >>> >>> seen flags behave as expected / are identical now if you access the >>> mailbox direct or via the shared user folder, and the are identical on >>> both backends. >>> >>> Ralf >> -- >> Ralf Becker >> EGroupware GmbH [www.egroupware.org] >> Handelsregister HRB Kaiserslautern 3587 >> Geschäftsführer Birgit und Ralf Becker >> Leibnizstr. 17, 67663 Kaiserslautern, Germany >> Telefon +49 631 31657-0 -- Ralf Becker EGroupware GmbH [www.egroupware.org] Handelsregister HRB Kaiserslautern 3587 Geschäftsführer Birgit und Ralf Becker Leibnizstr. 17, 67663 Kaiserslautern, Germany Telefon +49 631 31657-0
Re: Support of INDEXPVT in Dovecot 2.3 with replication
At the moment the correct way to use shared folders in a replication pair is to access them with imapc from the other pair. Aki > On 29/10/2020 14:43 Ralf Becker wrote: > > > In reference to an earlier mail from me, I'd like to ask: > > Have there been any changes in regard to INDEXPVT and replication or are > there any plans in that direction? > > Thanks :) > > Ralf > > > On 03.08.20 at 11:20 Ralf Becker wrote: > > So far the only thing we noticed: private seen flags on shared user > > folders (which were never supported for replication!) seem to be not > > functioning any more in 2.3. Not functioning means, if they are > > configured you can not set a mail to seen in a shared user folder. After > > removing this configuration: > > > > location = mdbox:%%h/mdbox:INDEXPVT=~/shared/%%u --> mdbox:%%h/mdbox > > > > seen flags behave as expected / are identical now if you access the > > mailbox direct or via the shared user folder, and the are identical on > > both backends. > > > > Ralf > > -- > Ralf Becker > EGroupware GmbH [www.egroupware.org] > Handelsregister HRB Kaiserslautern 3587 > Geschäftsführer Birgit und Ralf Becker > Leibnizstr. 17, 67663 Kaiserslautern, Germany > Telefon +49 631 31657-0
Support of INDEXPVT in Dovecot 2.3 with replication
In reference to an earlier mail from me, I'd like to ask: Have there been any changes in regard to INDEXPVT and replication or are there any plans in that direction? Thanks :) Ralf On 03.08.20 at 11:20 Ralf Becker wrote: > So far the only thing we noticed: private seen flags on shared user > folders (which were never supported for replication!) seem to be not > functioning any more in 2.3. Not functioning means, if they are > configured you can not set a mail to seen in a shared user folder. After > removing this configuration: > > location = mdbox:%%h/mdbox:INDEXPVT=~/shared/%%u --> mdbox:%%h/mdbox > > seen flags behave as expected / are identical now if you access the > mailbox direct or via the shared user folder, and the are identical on > both backends. > > Ralf -- Ralf Becker EGroupware GmbH [www.egroupware.org] Handelsregister HRB Kaiserslautern 3587 Geschäftsführer Birgit und Ralf Becker Leibnizstr. 17, 67663 Kaiserslautern, Germany Telefon +49 631 31657-0
Re: Best prometheus exporter for Dovecot 2.3 with the new metrics/stats module
> On 22/10/2020 12:18 Sidsel Jensen wrote: > > > Hi ppl. > > I am trying to locate the best prometheus exporter for use with Dovecot 2.3 > in connection with the new metrics/stats module. > Any pointers in the right direction will be appreciated - seems like there is > a bunch out there which all works with the old stats module. > > Anybody have something “in the works” for 2.3 ? > > Kind Regards, > Sidsel Jensen > > I'd say the best is the one in-built to dovecot. https://doc.dovecot.org/configuration_manual/stats/openmetrics/ Aki
Best prometheus exporter for Dovecot 2.3 with the new metrics/stats module
Hi ppl. I am trying to locate the best prometheus exporter for use with Dovecot 2.3 in connection with the new metrics/stats module. Any pointers in the right direction will be appreciated - seems like there is a bunch out there which all works with the old stats module. Anybody have something “in the works” for 2.3 ? Kind Regards, Sidsel Jensen signature.asc Description: Message signed with OpenPGP
Re: Apple Mail Since upgrade to dovecot 2.3.x unable to connect
On Mon, 17 Aug 2020, Johannes Rohr wrote: You need to set ssl_min_protocol = TLSv1.2 # or TLSv1 Thanks, tried both, but unsuccessfully. Don't give up too easily/early on this. I said this before, but MacOSX Mail behaves weirdly. I've more than once changed a server setting, without apparent effect, only to have MacOSX Mail mysteriously start working again after some time. Maybe it caches settings. Also, disable "Automatic manage connection" as failure to establish a successful session will cause your client to do some auto-wandering to discover settings, which could really do your head in. Joseph Tam
Re: Apple Mail Since upgrade to dovecot 2.3.x unable to connect
On 17 Aug 2020, at 05:10, Gerald Galster wrote: > I don't know how detailed this is in older Apple Mail versions I don't think the detail has changed in many many years, if at all. I remember using the logs to troubleshoot security issues 15 years ago. Mac OS 10.11 El Capitan was released in 2015, not 2016, but I don't think that makes any difference. El Capitan uses outdate versions of openssl (0.9.9). Sierra (10.12) and High Sierra (10.13) have an updated stack and work fine with TLSv1.2. Because the issue is the unix level tools, this is not generally something you can work around with a third-arty client unless you find one with its own stack. Webmail would be the solution if someone refuses or is unable to update. Any machine that is less than about 10-12 years old can update to 10.13 at no cost though. -- I said pretend you've got no money, she just laughed and said, 'Eh you're so funny.' I said, 'Yeah? Well I can't see anyone else smiling in here.'
Re: Apple Mail Since upgrade to dovecot 2.3.x unable to connect
Am 17.08.20 um 13:10 schrieb Gerald Galster: >>> You need to set >>> >>> ssl_min_protocol = TLSv1.2 # or TLSv1 >> Thanks, tried both, but unsuccessfully. Again, is there any debug >> setting that allows me to see what SSL version was requested? Without >> this, this is fumbling in the dark. > In the german version of Apple Mail go to menu "Fenster" / "Verbindug prüfen". > > There you can check the connection and log all transactions. > > I don't know how detailed this is in older Apple Mail versions, but you could > try. > > READ Aug 17 13:05:32.041 [kCFStreamSocketSecurityLevelTLSv1_2] -- > host:mail.server.com -- port:587 -- socket:0x65ff1980 -- > thread:0x6e5cb340 > 235 2.7.0 Authentication successful Thanks Gerald, I'll try that. Strange though that the info isn't in the dovecot debug log. Cheers, Johannes > > > Best regards > Gerald signature.asc Description: OpenPGP digital signature
Re: Apple Mail Since upgrade to dovecot 2.3.x unable to connect
ssl_cert = This is wrong, it should be: ssl_cert = The address idaweb-mail.rooot.de does not resolve. There is a webmail.rooot.de , but its certificate is for mail.rooot.de , which is wrong. There is also a mail.rooot.de , whose certificate is also for mail.rooot.de , which is okay. Yet another possibility (but it seems less likely given that an Apple Mail from 2016 is a reasonably recent mail client) is that it does not support recent enough SSL protocols, which were enforced by your server upgrade. See the entries for MinProtocol and CipherString in the openssl.cnf file on the server. Gregory
Re: Apple Mail Since upgrade to dovecot 2.3.x unable to connect
>> You need to set >> >> ssl_min_protocol = TLSv1.2 # or TLSv1 > > Thanks, tried both, but unsuccessfully. Again, is there any debug > setting that allows me to see what SSL version was requested? Without > this, this is fumbling in the dark. In the german version of Apple Mail go to menu "Fenster" / "Verbindug prüfen". There you can check the connection and log all transactions. I don't know how detailed this is in older Apple Mail versions, but you could try. READ Aug 17 13:05:32.041 [kCFStreamSocketSecurityLevelTLSv1_2] -- host:mail.server.com -- port:587 -- socket:0x65ff1980 -- thread:0x6e5cb340 235 2.7.0 Authentication successful Best regards Gerald
Re: Apple Mail Since upgrade to dovecot 2.3.x unable to connect
Am 17.08.20 um 12:16 schrieb Aki Tuomi: > You need to set > > ssl_min_protocol = TLSv1.2 # or TLSv1 Thanks, tried both, but unsuccessfully. Again, is there any debug setting that allows me to see what SSL version was requested? Without this, this is fumbling in the dark. Cheers, Johannes signature.asc Description: OpenPGP digital signature
Re: Apple Mail Since upgrade to dovecot 2.3.x unable to connect
> On 17/08/2020 12:51 Johannes Rohr wrote: > > > |Dear all,| > > |a couple of days ago I upgraded our server from Ubuntu 18.04 to 20.04, > thereby upgrading dovecot from 2.2.x to 2.3.x. > | > > |Since then, some older versions of apple's mail.app (bundled with el > Capitano, released in 2016) no longer connect. When I turn on SSL > debugging, I see:| > > |Debug: SSL error: SSL_accept() failed: error:14209102:SSL > routines:tls_early_post_process_client_hello:unsupported protocol > imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument| > > || > > |Unfortunately, it doesn't reveal the name of the unsupported protocol. > Also, what about the failed syscall? Does dovecot try and fail to open > some file?| > > |Here are the contents of /etc/dovecot/conf.d/10-ssl.conf:| > > | ssl = yes > ssl_cert = ssl_key = ssl_ca = ssl_client_ca_dir = /etc/ssl/certs > ssl_dh = | > > |I would greatly appreciate any hints! > | > > |Cheers,| > > |Johannes > | > > | > | > > || You need to set ssl_min_protocol = TLSv1.2 # or TLSv1 Aki
Apple Mail Since upgrade to dovecot 2.3.x unable to connect
|Dear all,| |a couple of days ago I upgraded our server from Ubuntu 18.04 to 20.04, thereby upgrading dovecot from 2.2.x to 2.3.x. | |Since then, some older versions of apple's mail.app (bundled with el Capitano, released in 2016) no longer connect. When I turn on SSL debugging, I see:| |Debug: SSL error: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument| || |Unfortunately, it doesn't reveal the name of the unsupported protocol. Also, what about the failed syscall? Does dovecot try and fail to open some file?| |Here are the contents of /etc/dovecot/conf.d/10-ssl.conf:| | ssl = yes ssl_cert =
Apple Mail Since upgrade to dovecot 2.3.x unable to connect
|Dear all,| |a couple of days ago I upgraded our server from Ubuntu 18.04 to 20.04, thereby upgrading dovecot from 2.2.x to 2.3.x. | |Since then, some older versions of apple's mail.app (bundled with el Capitano, released in 2016) no longer connect. When I turn on SSL debugging, I see:| |Debug: SSL error: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument| || |Unfortunately, it doesn't reveal the name of the unsupported protocol. Also, what about the failed syscall? Does dovecot try and fail to open some file?| |Here are the contents of /etc/dovecot/conf.d/10-ssl.conf:| | ssl = yes ssl_cert = signature.asc Description: OpenPGP digital signature
Re: Director with dovecot 2.3 and Panic/Fatal error
> On 19/03/2020 17:02 Alessio Cecchi wrote: > > > > Hi, > > after the upgrade to Dovecot 2.3 for our director ring we found some times > in the log errors like this: > > Mar 18 14:22:51 Panic: imap-login: file iostream-openssl.c: line 599 > (openssl_iostream_handle_error): assertion failed: (errno != 0) > Mar 18 14:22:51 Fatal: imap-login: master: service(imap-login): child 1726 > killed with signal 6 (core dumps disabled - > https://dovecot.org/bugreport.html#coredumps) > > Backend is still Dovecot 2.2.36 and Director is 2.3.10. > I hope it can be fixed. > > Thanks > > > -- > Alessio Cecchi > Postmaster @ http://www.qboxmail.it > https://www.linkedin.com/in/alessice Hi! This is fixed in master already, https://github.com/dovecot/core/commit/f41874b3dec541478a85275698a91f089f537df2 This will be part of next release. Aki
Director with dovecot 2.3 and Panic/Fatal error
Hi, after the upgrade to Dovecot 2.3 for our director ring we found some times in the log errors like this: Mar 18 14:22:51 Panic: imap-login: file iostream-openssl.c: line 599 (openssl_iostream_handle_error): assertion failed: (errno != 0) Mar 18 14:22:51 Fatal: imap-login: master: service(imap-login): child 1726 killed with signal 6 (core dumps disabled - https://dovecot.org/bugreport.html#coredumps) Backend is still Dovecot 2.2.36 and Director is 2.3.10. I hope it can be fixed. Thanks -- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice
Re: Dovecot 2.3 repo for CentOS 8.
On 14 Feb 2020, at 10:59, Peter wrote: On 14/02/20 10:10 pm, Tobias Kirchhofer wrote: would it be useful/advisable to use this repo for productive operation? An official repo is still not available for CentOS 8 https://repo.dovecot.org/ We would like to set up our new mail server on CentOS 8 and are waiting… :) What is your advice? As others have mentioned there are missing -devel packages in CentOS 8, which is because there are missing -devel packages in RHEL 8, most notably in this case is quota-devel. tcp wrappers is also missing but that's because they are deprecated in CentOS 8 so building without tcp wrapper support is not a big deal, but I would assume that a lot of people will want quota support, so I wouldn't want to build a dovecot package without it. Personally I'm trying to get the GhettoForge build system modified so it can get missing -devel packages by rebuilding the source rpms for them, this is a work in progress. There is also work on the CentOS side to build and offer up the missing -devel packages. At the end of the day nobody will be able to build decent dovecot packages until one of these things happens. For now you can use the stock dovecot 2.2.36 that comes with CentOS or you can wait. CentOS and Red Hat have not made this easy so it is going to take time. Okay, will try 2.2.36. Our protoype is on Debian 10 with the latest Dovecot. Don’t know yet if we rely on features from the latest version. Will see. Thank you. Also on a personal note, I think that pushing out any production server on CentOS 8 at this time is premature. CentOS 8 simply is not ready yet, imo. We have CentOS 8.1 VMs productive with either of nginx, PostgreSQL, MariaDB, Node.js. No problems so far. Cross your fingers! :-) Peter -- collect@shift.agency
Re: Dovecot 2.3 repo for CentOS 8.
On 14/02/20 10:10 pm, Tobias Kirchhofer wrote: would it be useful/advisable to use this repo for productive operation? An official repo is still not available for CentOS 8 https://repo.dovecot.org/ We would like to set up our new mail server on CentOS 8 and are waiting… :) What is your advice? As others have mentioned there are missing -devel packages in CentOS 8, which is because there are missing -devel packages in RHEL 8, most notably in this case is quota-devel. tcp wrappers is also missing but that's because they are deprecated in CentOS 8 so building without tcp wrapper support is not a big deal, but I would assume that a lot of people will want quota support, so I wouldn't want to build a dovecot package without it. Personally I'm trying to get the GhettoForge build system modified so it can get missing -devel packages by rebuilding the source rpms for them, this is a work in progress. There is also work on the CentOS side to build and offer up the missing -devel packages. At the end of the day nobody will be able to build decent dovecot packages until one of these things happens. For now you can use the stock dovecot 2.2.36 that comes with CentOS or you can wait. CentOS and Red Hat have not made this easy so it is going to take time. Also on a personal note, I think that pushing out any production server on CentOS 8 at this time is premature. CentOS 8 simply is not ready yet, imo. Peter
Re: Dovecot 2.3 repo for CentOS 8.
Hi Filip, On 12 Dec 2019, at 12:01, fil...@centrum.cz wrote: > Hello, > I have builded some dovecot packages for CentOS 8 in my personal > repository: > http://repo.joomhosting.eu/centos/8/x86_64/ > and SRPMS are in > http://repo.joomhosting.eu/centos/8/SRPMS/ > > I you want you can try it. > > With best regards, > Filip Bartmann would it be useful/advisable to use this repo for productive operation? An official repo is still not available for CentOS 8 https://repo.dovecot.org/ We would like to set up our new mail server on CentOS 8 and are waiting… :) What is your advice? Tobias > On Thu, 12 Dec 2019 12:31:45 +0200 > Reio Remma wrote: > >> On 09/12/2019 17:25, Aki Tuomi via dovecot wrote: On 09/12/2019 17:20 Reio Remma via dovecot wrote: Hello! Are there any plans for an official Dovecot repo for CentOS 8? Thanks, Reio >>> (sorry for duplicate, user error in earlier one...) >>> >>> Yes. There are plans for the repo, unfortunately there are still >>> technical problems due to how CentOS8 repositories are organized. >>> But soon. >>> >>> Aki >> >> I tried rebuilding the RPM for CentOS 8 but I see it's missing some >> notable required packages like tcp wrappers and quota-devel. Managed >> to rebuild by switching these off in the spec file >> (--without-libwrap), but that's probably not a good idea. :) >> >> Reio -- collect@shift.agency
Re: Dovecot 2.3 repo for CentOS 8.
Agree > Il giorno 12 dic 2019, alle ore 10:47, Alexander Dalloz > ha scritto: > > Am 12.12.2019 um 11:31 schrieb Reio Remma: >> On 09/12/2019 17:25, Aki Tuomi via dovecot wrote: > On 09/12/2019 17:20 Reio Remma via dovecot wrote: >> >> [ ... ] >> >> I tried rebuilding the RPM for CentOS 8 but I see it's missing some notable >> required packages like tcp wrappers and quota-devel. Managed to rebuild by >> switching these off in the spec file (--without-libwrap), but that's >> probably not a good idea. :) >> Reio > > TCP wrappers got dropped for RHEL 8 by purpose, following that step of fedora. > > https://fedoraproject.org//wiki/Changes/Deprecate_TCP_wrappers > > There is no real need nowadays and from my experience not many admins make > use of it. > > Alexander
Re: Dovecot 2.3 repo for CentOS 8.
Am 12.12.2019 um 11:31 schrieb Reio Remma: On 09/12/2019 17:25, Aki Tuomi via dovecot wrote: On 09/12/2019 17:20 Reio Remma via dovecot wrote: [ ... ] I tried rebuilding the RPM for CentOS 8 but I see it's missing some notable required packages like tcp wrappers and quota-devel. Managed to rebuild by switching these off in the spec file (--without-libwrap), but that's probably not a good idea. :) Reio TCP wrappers got dropped for RHEL 8 by purpose, following that step of fedora. https://fedoraproject.org//wiki/Changes/Deprecate_TCP_wrappers There is no real need nowadays and from my experience not many admins make use of it. Alexander
Re: Dovecot 2.3 repo for CentOS 8.
On 12/12/2019 13:01, fil...@centrum.cz wrote: Hello, I have builded some dovecot packages for CentOS 8 in my personal repository: http://repo.joomhosting.eu/centos/8/x86_64/ and SRPMS are in http://repo.joomhosting.eu/centos/8/SRPMS/ I you want you can try it. With best regards, Filip Bartmann Thanks! Will have a look. :) Reio On Thu, 12 Dec 2019 12:31:45 +0200 Reio Remma wrote: On 09/12/2019 17:25, Aki Tuomi via dovecot wrote: On 09/12/2019 17:20 Reio Remma via dovecot wrote: Hello! Are there any plans for an official Dovecot repo for CentOS 8? Thanks, Reio (sorry for duplicate, user error in earlier one...) Yes. There are plans for the repo, unfortunately there are still technical problems due to how CentOS8 repositories are organized. But soon. Aki I tried rebuilding the RPM for CentOS 8 but I see it's missing some notable required packages like tcp wrappers and quota-devel. Managed to rebuild by switching these off in the spec file (--without-libwrap), but that's probably not a good idea. :) Reio -- Tervitades Reio Remma MR Stuudio 25 aastat *MR Stuudio OÜ* Tondi 17b, 11316, Tallinn Tel +372 650 4808 Mob +372 56 22 00 33 r...@mrstuudio.ee www.mrstuudio.ee
Re: Dovecot 2.3 repo for CentOS 8.
Hello, I have builded some dovecot packages for CentOS 8 in my personal repository: http://repo.joomhosting.eu/centos/8/x86_64/ and SRPMS are in http://repo.joomhosting.eu/centos/8/SRPMS/ I you want you can try it. With best regards, Filip Bartmann On Thu, 12 Dec 2019 12:31:45 +0200 Reio Remma wrote: > On 09/12/2019 17:25, Aki Tuomi via dovecot wrote: > >> On 09/12/2019 17:20 Reio Remma via dovecot > >> wrote: > >> > >> > >> Hello! > >> > >> Are there any plans for an official Dovecot repo for CentOS 8? > >> > >> Thanks, > >> Reio > > (sorry for duplicate, user error in earlier one...) > > > > Yes. There are plans for the repo, unfortunately there are still > > technical problems due to how CentOS8 repositories are organized. > > But soon. > > > > Aki > > I tried rebuilding the RPM for CentOS 8 but I see it's missing some > notable required packages like tcp wrappers and quota-devel. Managed > to rebuild by switching these off in the spec file > (--without-libwrap), but that's probably not a good idea. :) > > Reio
Re: Dovecot 2.3 repo for CentOS 8.
On 09/12/2019 17:25, Aki Tuomi via dovecot wrote: On 09/12/2019 17:20 Reio Remma via dovecot wrote: Hello! Are there any plans for an official Dovecot repo for CentOS 8? Thanks, Reio (sorry for duplicate, user error in earlier one...) Yes. There are plans for the repo, unfortunately there are still technical problems due to how CentOS8 repositories are organized. But soon. Aki I tried rebuilding the RPM for CentOS 8 but I see it's missing some notable required packages like tcp wrappers and quota-devel. Managed to rebuild by switching these off in the spec file (--without-libwrap), but that's probably not a good idea. :) Reio
Re: Dovecot 2.3 repo for CentOS 8.
> On 09/12/2019 17:20 Reio Remma via dovecot wrote: > > > Hello! > > Are there any plans for an official Dovecot repo for CentOS 8? > > Thanks, > Reio (sorry for duplicate, user error in earlier one...) Yes. There are plans for the repo, unfortunately there are still technical problems due to how CentOS8 repositories are organized. But soon. Aki
Re: Dovecot 2.3 repo for CentOS 8.
> On 09/12/2019 17:20 Reio Remma via dovecot wrote: > > > Hello! > > Are there any plans for an official Dovecot repo for CentOS 8? > > Thanks, > Reio
Dovecot 2.3 repo for CentOS 8.
Hello! Are there any plans for an official Dovecot repo for CentOS 8? Thanks, Reio
Re: lmtp with non ASCII Parameters changed in dovecot 2.3
> mail from: > 500 5.5.2 Invalid command syntax this was a bad example. the problem is more common on rcpt to: if you deliver to usernames or special folders rcpt to:<üser> or rcpt to:
lmtp with non ASCII Parameters changed in dovecot 2.3
Hi, I updated from 2.2 to 2.3 and noticed lmtp rejects parameters containing non ASCII now. this worked with dovecot-2.2 lmtp. the string is already denied after reading in "smtp_command_parse_parameters()" mail from: 500 5.5.2 Invalid command syntax is there a plan to change this behaviour, or to implement the SMTPUTF8 extension in lib-smtp? I guess thie would fix Michals "Dovecot LMTP rejecting mail from address with apostrophe" Problem too. Greetz Matze
Re: Dovecot 2.3 error, FreeBSD 12 in a jail
On Sat, 15 Jun 2019 at 07:12, David Mehler via dovecot wrote: > Hello, > > I'm trying to get Dovecot going on my system. It's a FreeBSD > 12.0-RELEASE system and it's running dovecot 2.3 via ports in a jail. > I'm getting the same error message(s) as in this bug report, which has > been marked as closed: > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225078 > > Dovecot is not starting at all in this jail when starting with service > dovecot start. A service dovecot status also reveals the error message > about /var/run/dovecot/dovecot.conf file, but a doveconf -n does not > reveal any configuration file issues. I did put a symlink in > /var/run/dovecot to /usr/local/etc/dovecot/dovecot.conf, this did not > correct the issue. > > Any suggestions welcome. > Thanks. > Dave. > Hi David, Your problem must be something to do with your jails on FreeBSD, IMHO. The FreeBSD port maintainer (Larry Rosenman) is here. Perhaps he'll be willing to help troubleshoot the jail issue. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-)
Dovecot 2.3 error, FreeBSD 12 in a jail
Hello, I'm trying to get Dovecot going on my system. It's a FreeBSD 12.0-RELEASE system and it's running dovecot 2.3 via ports in a jail. I'm getting the same error message(s) as in this bug report, which has been marked as closed: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225078 Dovecot is not starting at all in this jail when starting with service dovecot start. A service dovecot status also reveals the error message about /var/run/dovecot/dovecot.conf file, but a doveconf -n does not reveal any configuration file issues. I did put a symlink in /var/run/dovecot to /usr/local/etc/dovecot/dovecot.conf, this did not correct the issue. Any suggestions welcome. Thanks. Dave.
CVE-2019-10691: JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters.
Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. You can find binary packages at https://repo.dovecot.org/ Yours sincerely, Aki Tuomi Open-Xchange Oy Open-Xchange Security Advisory 2019-04-18 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-3173 (Bug ID) Vulnerability type: CWE-176 Vulnerable version: 2.3.0 - 2.3.5.1 Vulnerable component: json encoder Report confidence: Confirmed Researcher credits: cPanel L.L.C. Solution status: Fixed by Vendor Fixed version: 2.3.5.2 Vendor notification: 2019-04-02 Solution date: 2019-04-11 Public disclosure: 2019-04-18 CVE reference: CVE-2019-10691 CVSS: 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Vulnerability Details: JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters. This can be used to crash dovecot in two ways. Attacker can repeatedly crash Dovecot authentication process by logging in using invalid UTF-8 sequence in username. This requires that auth policy is enabled. Crash can also occur if OX push notification driver is enabled and an email is delivered with invalid UTF-8 sequence in From or Subject header. In 2.2, malformed UTF-8 sequences are forwarded "as-is", and thus do not cause problems in Dovecot itself. Target systems should be checked for possible problems in dealing with such sequences. See https://wiki.dovecot.org/Authentication/Policy for details on auth policy support. Risk: Determined attacker can prevent authentication process from staying up by keeping on attempting to log in with username containing invalid UTF-8 sequence. Steps to reproduce: Configure dovecot with auth_policy_server_url and auth_policy_hash_nonce set. Attempt to log in with username containing an invalid UTF-8 sequence Observe assert-crash in dovecot logs. Solution: Operators should update to the latest Patch Release or disable auth policy support. signature.asc Description: OpenPGP digital signature
Re: Dovecot 2.3 no longer accepts ssl_key_password
Op 15/01/2019 om 08:08 schreef Aki Tuomi: On 10.1.2019 6.53, Chris Kiakas wrote: Hit a little problem when I upgraded a system from FreeBSD 10.3 to 11.2. I did not receive any errors in the upgrade. The system is running 4 jails and everything seems to work except in Dovecot dovecot-2.3.4_5 where when using the exact same configuration which worked in 10.3 with the same password protected certificate key. (doveconf -n -P shows the correct password.) ssl_ca = Thanks for reporting this, we'll look into it. Tracking internally as DOP-851. Regards, Stephan.
Re: Dovecot 2.3 no longer accepts ssl_key_password
On 10.1.2019 6.53, Chris Kiakas wrote: > Hit a little problem when I upgraded a system from FreeBSD 10.3 to 11.2. I > did not receive any errors in the upgrade. The system is running 4 jails and > everything seems to work except in Dovecot dovecot-2.3.4_5 where when using > the exact same configuration which worked in 10.3 with the same password > protected certificate key. (doveconf -n -P shows the correct password.) > > > ssl_ca = ssl_cert = ssl_dh = ssl_key = ssl_key_password = keypassword > > The password works with openssl. Changing the password on the key has no > effect. Removing the password on the cert with openssl and running dovecot > with the new key works. > > I installed on another system and I am experiencing the same results. The > issue persists whether I install dovecot from ports or pkg. I can't see where > the problem is. It seems that Dovecot is unable to read the key when password > protected even though it has the correct password. Has anyone experienced > this? > > > > Chris Hi! Thanks for reporting this, we'll look into it. Aki
Dovecot 2.3 no longer accepts ssl_key_password
Hit a little problem when I upgraded a system from FreeBSD 10.3 to 11.2. I did not receive any errors in the upgrade. The system is running 4 jails and everything seems to work except in Dovecot dovecot-2.3.4_5 where when using the exact same configuration which worked in 10.3 with the same password protected certificate key. (doveconf -n -P shows the correct password.) ssl_ca =
Re: dovecot 2.2/openssl 1.0 vs dovecot 2.3/openssl 1.1.1 ssl regression
> On 15 November 2018 at 17:53 Hauke Fath wrote: > > > On 11/13/18 19:58, Aki Tuomi wrote: > > On 13 November 2018 at 20:53 Arkadiusz Miśkiewicz wrote: > >> I'm considering dovecot migration from 2.2.36 run with openssl 1.0.2o to > >> dovecot 2.3.3 run with openssl 1.1.1. > >> > >> Currently I have both variants running with identical configs and certs > >> (the only differences are due to config syntax changes in dovecot 2.3), > >> so for example on both I have: > >> > >> ssl_ca = >> (this file contains single intermediate certificate of my CA) > >> > >> ssl_cert = >> (this contains single cerificate for my *.example.com domain) > > [dovecot 2.3+ does not provide intermediate CA cert to clients any more] > > >> 2.3.x announcements and upgrade wiki mention no such behaviour change, > >> so I assume it is a regression. > >> > >> Now doing > >> cat wildcard_ca.pem >> wildcard_crt.pem > >> solves the problem and dovecot starts providing both certs to clients > >> but if that's the proper way of solving this issue then what's the point > >> of having ssl_ca config setting? > > > > Including ssl_ca with cert is not actually a good idea, but perhaps this > > should > > indeed be mentioned in the upgrading page. Not a regression in any case. > > Aki, > > when I brought up this very issue in > <https://dovecot.org/list/dovecot/2018-January/110638.html> ff., you > told me that "ssl_ca", despite the name, was for client certificates > only, and that I was supposed to append the CA certificate(s) to the > server certificate file. > > I am glad to hear you consider this a bad idea now. ;) > Eventually realized it too, and now it's been fixed. =) Aki > Cheerio, > Hauke > > -- > The ASCII Ribbon CampaignHauke Fath > () No HTML/RTF in email Institut für Nachrichtentechnik > /\ No Word docs in email TU Darmstadt > Respect for open standards Ruf +49-6151-16-21344
Re: dovecot 2.2/openssl 1.0 vs dovecot 2.3/openssl 1.1.1 ssl regression
On 11/13/18 19:58, Aki Tuomi wrote: On 13 November 2018 at 20:53 Arkadiusz Miśkiewicz wrote: I'm considering dovecot migration from 2.2.36 run with openssl 1.0.2o to dovecot 2.3.3 run with openssl 1.1.1. Currently I have both variants running with identical configs and certs (the only differences are due to config syntax changes in dovecot 2.3), so for example on both I have: ssl_ca = [dovecot 2.3+ does not provide intermediate CA cert to clients any more] 2.3.x announcements and upgrade wiki mention no such behaviour change, so I assume it is a regression. Now doing cat wildcard_ca.pem >> wildcard_crt.pem solves the problem and dovecot starts providing both certs to clients but if that's the proper way of solving this issue then what's the point of having ssl_ca config setting? > Including ssl_ca with cert is not actually a good idea, but perhaps this should indeed be mentioned in the upgrading page. Not a regression in any case. Aki, when I brought up this very issue in <https://dovecot.org/list/dovecot/2018-January/110638.html> ff., you told me that "ssl_ca", despite the name, was for client certificates only, and that I was supposed to append the CA certificate(s) to the server certificate file. I am glad to hear you consider this a bad idea now. ;) Cheerio, Hauke -- The ASCII Ribbon CampaignHauke Fath () No HTML/RTF in email Institut für Nachrichtentechnik /\ No Word docs in email TU Darmstadt Respect for open standards Ruf +49-6151-16-21344
Re: dovecot 2.2/openssl 1.0 vs dovecot 2.3/openssl 1.1.1 ssl regression
On 13 November 2018 at 20:53 Arkadiusz Miśkiewicz < ar...@maven.pl> wrote: Hi. I'm considering dovecot migration from 2.2.36 run with openssl 1.0.2o to dovecot 2.3.3 run with openssl 1.1.1. Currently I have both variants running with identical configs and certs (the only differences are due to config syntax changes in dovecot 2.3), so for example on both I have: ssl_ca = (this file contains single intermediate certificate of my CA) ssl_cert = (this contains single cerificate for my *.example.com domain) ssl_key = # hidden, use -P to show it (and one key) No alt certs in use. Chain is: - CA trusted by clients (this certificate isn't provided by my dovecot, it's not needed) - wildcard_ca.pem - intermediate CA - wildcard_crt.pem - wildcard certificate for my *.example.com domain dovecot 2.2.36 behaviour is to provide wildcard_ca.pem and wildcard_crt.pem to the client - that behaviour is OK. Client has full trust chain. dovecot 2.3.3 provides only wildcard_crt.pem certificate to the client which is a big problem because missing wildcard_ca.pem (intermediate certificate) breaks chain and client is not able to verify trust chain. Testing is done with simple: openssl s_client -connect my.example.com:143 -starttls imap -servername my.example.com -showcerts 2.3.x announcements and upgrade wiki mention no such behaviour change, so I assume it is a regression. Now doing cat wildcard_ca.pem >> wildcard_crt.pem solves the problem and dovecot starts providing both certs to clients but if that's the proper way of solving this issue then what's the point of having ssl_ca config setting? Ideas? -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) Including ssl_ca with cert is not actually a good idea, but perhaps this should indeed be mentioned in the upgrading page. Not a regression in any case. --- Aki Tuomi
dovecot 2.2/openssl 1.0 vs dovecot 2.3/openssl 1.1.1 ssl regression
Hi. I'm considering dovecot migration from 2.2.36 run with openssl 1.0.2o to dovecot 2.3.3 run with openssl 1.1.1. Currently I have both variants running with identical configs and certs (the only differences are due to config syntax changes in dovecot 2.3), so for example on both I have: ssl_ca = > wildcard_crt.pem solves the problem and dovecot starts providing both certs to clients but if that's the proper way of solving this issue then what's the point of having ssl_ca config setting? Ideas? -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
Re: Reproducible SIGSEGV when Dovecot 2.3 compiled against glibc-2.28
On 08.08.2018 10:55, Reuben Farrelly wrote: > > On 8/08/2018 5:29 pm, Thore Bödecker wrote: >> Hey, >> >> you mentioned that dovecot builds fine, but does "make check" also >> complete successfully with a glibc-2.28 build on a glibc-2.28 system? >> >> We have been seeing segfaults during "make check" and it seems the >> following >> patch was able to make the testsuite run successfully. > > >> Just out of curiosity, could you try this patch and see if this fixes >> the issues you're experiencing? >> >> >> include-crypt-h.patch: >> 8< >> diff -up dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt >> dovecot-2.3.0.1/src/auth/mycrypt.c >> --- dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt 2018-02-28 >> 15:28:58.0 +0100 >> +++ dovecot-2.3.0.1/src/auth/mycrypt.c 2018-03-27 10:57:38.447769201 >> +0200 >> @@ -14,6 +14,7 @@ >> # define _XPG6 /* Some Solaris versions require this, some break >> with this */ >> #endif >> #include >> +#include >> >> #include "mycrypt.h" >> >> >8 > > Ok, wellafter running 'make check' I also saw a failure due to a > segfault. It's the same crash Thore is seeing: > > /bin/sh ../../libtool --tag=CC --mode=link x86_64-pc-linux-gnu-gcc > -std=gnu99 -O0 -g -pipe -march=native -mtune=native -ggdb > -fstack-protector-strong -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 > -mfunction-return=thunk -mindirect-branch=thunk -Wall -W > -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith > -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime > -Wstrict-aliasing=2 -module -avoid-version -Wl,-O1 -Wl,--as-needed -o > libauthdb_imap.la -rpath /usr/lib64/dovecot/auth > libauthdb_imap_la-passdb-imap.lo ../lib-imap-client/libimap_client.la > ../../src/lib-dovecot/libdovecot.la -export-dynamic -ldl > libtool: link: x86_64-pc-linux-gnu-gcc -shared -fPIC -DPIC > .libs/libauthdb_imap_la-passdb-imap.o -Wl,--whole-archive > ../lib-imap-client/.libs/libimap_client.a -Wl,--no-whole-archive > -Wl,-rpath > -Wl,/home/portage/portage/net-mail/dovecot-_p20180807/work/dovecot-_p20180807/src/lib-dovecot/.libs > -Wl,-rpath -Wl,/usr/lib64/dovecot -Wl,--as-needed > ../../src/lib-dovecot/.libs/libdovecot.so -ldl -O0 -g -march=native > -mtune=native -ggdb -fstack-protector-strong -mfunction-return=thunk > -mindirect-branch=thunk -Wl,-O1 -Wl,-soname -Wl,libauthdb_imap.so -o > .libs/libauthdb_imap.so > libtool: link: ( cd ".libs" && rm -f "libauthdb_imap.la" && ln -s > "../libauthdb_imap.la" "libauthdb_imap.la" ) > make check-local > make[3]: Entering directory > '/home/portage/portage/net-mail/dovecot-_p20180807/work/dovecot-_p20180807/src/auth' > for bin in test-libpassword test-auth-cache test-auth; do \ > if ! ./$bin; then exit 1; fi; \ > done > /bin/sh: line 1: 31821 Segmentation fault ./$bin > make[3]: *** [Makefile:1924: check-local] Error 1 > make[3]: Leaving directory > '/home/portage/portage/net-mail/dovecot-_p20180807/work/dovecot-_p20180807/src/auth' > make[2]: *** [Makefile:1579: check-am] Error 2 > > > However by applying the patch to include crypt.h (as above) it not > only fixed the make test but also has fixed the glibc runtime problem > too. > > In other words - rebuild on glibc-2.28 just now and executed on > glibc-2.28 based system resulted in a successful and usable auth binary. > > Thanks Thore! > > Reuben > I can also confirm that the patch fixes things, thank you! Aki
Re: Reproducible SIGSEGV when Dovecot 2.3 compiled against glibc-2.28
On 8/08/2018 5:29 pm, Thore Bödecker wrote: Hey, you mentioned that dovecot builds fine, but does "make check" also complete successfully with a glibc-2.28 build on a glibc-2.28 system? We have been seeing segfaults during "make check" and it seems the following patch was able to make the testsuite run successfully. > Just out of curiosity, could you try this patch and see if this fixes the issues you're experiencing? include-crypt-h.patch: 8< diff -up dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt dovecot-2.3.0.1/src/auth/mycrypt.c --- dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt 2018-02-28 15:28:58.0 +0100 +++ dovecot-2.3.0.1/src/auth/mycrypt.c 2018-03-27 10:57:38.447769201 +0200 @@ -14,6 +14,7 @@ # define _XPG6 /* Some Solaris versions require this, some break with this */ #endif #include +#include #include "mycrypt.h" >8 Ok, wellafter running 'make check' I also saw a failure due to a segfault. It's the same crash Thore is seeing: /bin/sh ../../libtool --tag=CC --mode=link x86_64-pc-linux-gnu-gcc -std=gnu99 -O0 -g -pipe -march=native -mtune=native -ggdb -fstack-protector-strong -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -mfunction-return=thunk -mindirect-branch=thunk -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -module -avoid-version -Wl,-O1 -Wl,--as-needed -o libauthdb_imap.la -rpath /usr/lib64/dovecot/auth libauthdb_imap_la-passdb-imap.lo ../lib-imap-client/libimap_client.la ../../src/lib-dovecot/libdovecot.la -export-dynamic -ldl libtool: link: x86_64-pc-linux-gnu-gcc -shared -fPIC -DPIC .libs/libauthdb_imap_la-passdb-imap.o -Wl,--whole-archive ../lib-imap-client/.libs/libimap_client.a -Wl,--no-whole-archive -Wl,-rpath -Wl,/home/portage/portage/net-mail/dovecot-_p20180807/work/dovecot-_p20180807/src/lib-dovecot/.libs -Wl,-rpath -Wl,/usr/lib64/dovecot -Wl,--as-needed ../../src/lib-dovecot/.libs/libdovecot.so -ldl -O0 -g -march=native -mtune=native -ggdb -fstack-protector-strong -mfunction-return=thunk -mindirect-branch=thunk -Wl,-O1 -Wl,-soname -Wl,libauthdb_imap.so -o .libs/libauthdb_imap.so libtool: link: ( cd ".libs" && rm -f "libauthdb_imap.la" && ln -s "../libauthdb_imap.la" "libauthdb_imap.la" ) make check-local make[3]: Entering directory '/home/portage/portage/net-mail/dovecot-_p20180807/work/dovecot-_p20180807/src/auth' for bin in test-libpassword test-auth-cache test-auth; do \ if ! ./$bin; then exit 1; fi; \ done /bin/sh: line 1: 31821 Segmentation fault ./$bin make[3]: *** [Makefile:1924: check-local] Error 1 make[3]: Leaving directory '/home/portage/portage/net-mail/dovecot-_p20180807/work/dovecot-_p20180807/src/auth' make[2]: *** [Makefile:1579: check-am] Error 2 However by applying the patch to include crypt.h (as above) it not only fixed the make test but also has fixed the glibc runtime problem too. In other words - rebuild on glibc-2.28 just now and executed on glibc-2.28 based system resulted in a successful and usable auth binary. Thanks Thore! Reuben
Re: Reproducible SIGSEGV when Dovecot 2.3 compiled against glibc-2.28
Hey, you mentioned that dovecot builds fine, but does "make check" also complete successfully with a glibc-2.28 build on a glibc-2.28 system? We have been seeing segfaults during "make check" and it seems the following patch was able to make the testsuite run successfully. Just out of curiosity, could you try this patch and see if this fixes the issues you're experiencing? include-crypt-h.patch: 8< diff -up dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt dovecot-2.3.0.1/src/auth/mycrypt.c --- dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt 2018-02-28 15:28:58.0 +0100 +++ dovecot-2.3.0.1/src/auth/mycrypt.c 2018-03-27 10:57:38.447769201 +0200 @@ -14,6 +14,7 @@ # define _XPG6 /* Some Solaris versions require this, some break with this */ #endif #include +#include #include "mycrypt.h" >8 Cheers, Thore PS: Sorry Reuben for duplicate mail, forgot to Cc the list... -- Thore Bödecker GPG ID: 0xD622431AF8DB80F3 GPG FP: 0F96 559D 3556 24FC 2226 A864 D622 431A F8DB 80F3 signature.asc Description: PGP signature
Re: Reproducible SIGSEGV when Dovecot 2.3 compiled against glibc-2.28
Was able to find a way to get glibc-2.28 and it seems that they have changed how crypt return value behaves. I am not sure if this is intentional or not, but it appears that the return value becomes invalidated as soon as function ends. Dovecot calls crypt inside mycrypt. While in mycrypt, the pointer is valid. Once mycrypt returns, the pointer suddenly becomes invalidated and causes crash. This can be fixed by duplicating the value before return, but I am not sure if this is the correct way to deal with this or not, you should probably open issue with glibc developers. Aki On 08.08.2018 09:42, Reuben Farrelly wrote: > Hi, > > The link to the release notes seems should have an 'l' on the end: > > Try: https://www.sourceware.org/ml/libc-alpha/2018-08/msg3.html > > This with gdb: > > thunderstorm /usr/src/dovecot/dovecot-2.3/src/auth # gdb > /root/dovecot-auth-crash/auth /root/dovecot-auth-crash/core.auth.29667 > GNU gdb (Gentoo 8.1.1 p1) 8.1.1 > Copyright (C) 2018 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later > <http://gnu.org/licenses/gpl.html> > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show > copying" > and "show warranty" for details. > This GDB was configured as "x86_64-pc-linux-gnu". > Type "show configuration" for configuration details. > For bug reporting instructions, please see: > <https://bugs.gentoo.org/>. > Find the GDB manual and other documentation resources online at: > <http://www.gnu.org/software/gdb/documentation/>. > For help, type "help". > Type "apropos word" to search for commands related to "word"... > Reading symbols from /root/dovecot-auth-crash/auth...done. > > warning: exec file is newer than core file. > [New LWP 29667] > [Thread debugging using libthread_db enabled] > Using host libthread_db library "/lib64/libthread_db.so.1". > Core was generated by `dovecot/auth'. > Program terminated with signal SIGSEGV, Segmentation fault. > #0 __strcmp_sse2_unaligned () at > ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S:31 > 31 ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S: No such > file or directory. > (gdb) bt full > #0 __strcmp_sse2_unaligned () at > ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S:31 > No locals. > #1 0x562d7a9d8dcf in password_scheme_register_crypt () at > password-scheme-crypt.c:191 > i = 0 > crypted = 0xf6e4b200 address 0xf6e4b200> > __func__ = > #2 0x562d7a9d87cb in password_schemes_init () at > password-scheme.c:874 > i = 27 > #3 0x562d7a9a082a in main_preinit () at main.c:185 > mod_set = {abi_version = 0xf74856c0 memory at address 0xf74856c0>, > binary_name = 0x6f6c0d52e61baf00 memory at address 0x6f6c0d52e61baf00>, > setting_name = 0x7fa9f6e97011 <__x86_return_thunk+5> > "\363\220\017\256\350\353\371H\215d$\b\303\350\a", > filter_callback = 0x7fa9f6ecd029 , > filter_context = 0x7fa9f6e97011 <__x86_return_thunk+5>, > require_init_funcs = false, debug = false, > ignore_dlopen_errors = false, ignore_missing = false} > services = 0x562d7b4d9fa0 > #4 0x562d7a9a0ef5 in main (argc=1, argv=0x562d7b4d9ae0) at > main.c:392 > c = -1 > (gdb) p sample[i].key > No symbol "i" in current context. > (gdb) p sample[i].salt > No symbol "i" in current context. > (gdb) > > However: > > (gdb) p sample[0].key > $1 = 0x562d7a9f2f1e "08/15!test~4711" > (gdb) p sample[1].key > $2 = 0x562d7a9f2f1e "08/15!test~4711" > (gdb) p sample[2].key > $3 = 0x562d7a9f2f1e "08/15!test~4711" > (gdb) p sample[0].salt > $4 = 0x562d7a9f2f2e "JB" > (gdb) p sample[1].salt > $5 = 0x562d7a9f2f40 "$5$rounds=1000$0123456789abcdef" > (gdb) p sample[2].salt > $6 = 0x562d7a9f2fb0 "$6$rounds=1000$0123456789abcdef" > (gdb) > > > (Different core file to earlier but the trace looks the same) > > I haven't experienced any problems with any other apps (yet). > > Thanks, > Reuben > > > On 8/08/2018 4:13 pm, Aki Tuomi wrote: >> Hi! >> >> Thank you for the report, few points though: >> >> - The link you provided is broken >> >> - getting glibc-2.28 prebuilt seems to be bit problematic, and what I >> read from their changelog, the crypt function should work as normal. >> That said, it would be somewhat helpful if you could use gdb to find out >> what was passed to crypt >
Re: Reproducible SIGSEGV when Dovecot 2.3 compiled against glibc-2.28
Hi, The link to the release notes seems should have an 'l' on the end: Try: https://www.sourceware.org/ml/libc-alpha/2018-08/msg3.html This with gdb: thunderstorm /usr/src/dovecot/dovecot-2.3/src/auth # gdb /root/dovecot-auth-crash/auth /root/dovecot-auth-crash/core.auth.29667 GNU gdb (Gentoo 8.1.1 p1) 8.1.1 Copyright (C) 2018 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-pc-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <https://bugs.gentoo.org/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /root/dovecot-auth-crash/auth...done. warning: exec file is newer than core file. [New LWP 29667] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `dovecot/auth'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strcmp_sse2_unaligned () at ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S:31 31 ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S: No such file or directory. (gdb) bt full #0 __strcmp_sse2_unaligned () at ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S:31 No locals. #1 0x562d7a9d8dcf in password_scheme_register_crypt () at password-scheme-crypt.c:191 i = 0 crypted = 0xf6e4b200 address 0xf6e4b200> __func__ = #2 0x562d7a9d87cb in password_schemes_init () at password-scheme.c:874 i = 27 #3 0x562d7a9a082a in main_preinit () at main.c:185 mod_set = {abi_version = 0xf74856c0 memory at address 0xf74856c0>, binary_name = 0x6f6c0d52e61baf00 at address 0x6f6c0d52e61baf00>, setting_name = 0x7fa9f6e97011 <__x86_return_thunk+5> "\363\220\017\256\350\353\371H\215d$\b\303\350\a", filter_callback = 0x7fa9f6ecd029 , filter_context = 0x7fa9f6e97011 <__x86_return_thunk+5>, require_init_funcs = false, debug = false, ignore_dlopen_errors = false, ignore_missing = false} services = 0x562d7b4d9fa0 #4 0x562d7a9a0ef5 in main (argc=1, argv=0x562d7b4d9ae0) at main.c:392 c = -1 (gdb) p sample[i].key No symbol "i" in current context. (gdb) p sample[i].salt No symbol "i" in current context. (gdb) However: (gdb) p sample[0].key $1 = 0x562d7a9f2f1e "08/15!test~4711" (gdb) p sample[1].key $2 = 0x562d7a9f2f1e "08/15!test~4711" (gdb) p sample[2].key $3 = 0x562d7a9f2f1e "08/15!test~4711" (gdb) p sample[0].salt $4 = 0x562d7a9f2f2e "JB" (gdb) p sample[1].salt $5 = 0x562d7a9f2f40 "$5$rounds=1000$0123456789abcdef" (gdb) p sample[2].salt $6 = 0x562d7a9f2fb0 "$6$rounds=1000$0123456789abcdef" (gdb) (Different core file to earlier but the trace looks the same) I haven't experienced any problems with any other apps (yet). Thanks, Reuben On 8/08/2018 4:13 pm, Aki Tuomi wrote: Hi! Thank you for the report, few points though: - The link you provided is broken - getting glibc-2.28 prebuilt seems to be bit problematic, and what I read from their changelog, the crypt function should work as normal. That said, it would be somewhat helpful if you could use gdb to find out what was passed to crypt p sample[i].key p sample[i].salt the return value is, for some reason, an invalid pointer, which it really should not be. So you probably might want to raise this up with glibc developers too. Aki On 08.08.2018 06:54, Reuben Farrelly wrote: Hi, Dovecot 2.3 (release and current -git) versions compile, but fail to run when compiled against glibc-2.28. This is what is logged on startup: Aug 8 08:24:39 thunderstorm.reub.net dovecot[569]: master: Dovecot v2.3.2.1 (0719df592) starting up for imap, lmtp, sieve, submission, sieve Aug 8 08:24:39 thunderstorm.reub.net dovecot[569]: master: Error: service(auth): command startup failed, throttling for 2 secs Aug 8 08:24:39 thunderstorm.reub.net dovecot[574]: auth: Fatal: master: service(auth): child 582 killed with signal 11 (core dumped) Aug 8 08:24:39 thunderstorm.reub.net dovecot[574]: replicator: Error: userdb lookup: Disconnected unexpectedly Aug 8 08:24:52 thunderstorm.reub.net dovecot[569]: master: Warning: Killed with signal 15 (by pid=670 uid=0 code=kill) The issue is specifically with the 'auth' binary. Other components all appear to be unaffected. The 'auth'
Re: Reproducible SIGSEGV when Dovecot 2.3 compiled against glibc-2.28
Hi! Thank you for the report, few points though: - The link you provided is broken - getting glibc-2.28 prebuilt seems to be bit problematic, and what I read from their changelog, the crypt function should work as normal. That said, it would be somewhat helpful if you could use gdb to find out what was passed to crypt p sample[i].key p sample[i].salt the return value is, for some reason, an invalid pointer, which it really should not be. So you probably might want to raise this up with glibc developers too. Aki On 08.08.2018 06:54, Reuben Farrelly wrote: > Hi, > > Dovecot 2.3 (release and current -git) versions compile, but fail to > run when compiled against glibc-2.28. > > This is what is logged on startup: > > Aug 8 08:24:39 thunderstorm.reub.net dovecot[569]: master: Dovecot > v2.3.2.1 (0719df592) starting up for imap, lmtp, sieve, submission, sieve > Aug 8 08:24:39 thunderstorm.reub.net dovecot[569]: master: Error: > service(auth): command startup failed, throttling for 2 secs > Aug 8 08:24:39 thunderstorm.reub.net dovecot[574]: auth: Fatal: > master: service(auth): child 582 killed with signal 11 (core dumped) > Aug 8 08:24:39 thunderstorm.reub.net dovecot[574]: replicator: Error: > userdb lookup: Disconnected unexpectedly > Aug 8 08:24:52 thunderstorm.reub.net dovecot[569]: master: Warning: > Killed with signal 15 (by pid=670 uid=0 code=kill) > > The issue is specifically with the 'auth' binary. Other components > all appear to be unaffected. The 'auth' binary dies with a > Segmentation Fault when run as a standalone executable too. > As the auth binary is critical to many different parts of Dovecot, a > failure of this is catastrophic. > > This is a 100% reproducible problem. The platform is Gentoo x86_64. > > thunderstorm /usr/libexec/dovecot # ./auth-old > Segmentation fault > thunderstorm /usr/libexec/dovecot # > > [I've renamed the original binary to auth-old, and put in it's place a > working 'auth' binary built against glibc-2.27 in order to have a > functioning system] > > Problem matrix looks like this: > > Build on a glibc-2.27 system, run on a glibc-2.27 - OK > Build on a glibc-2.27 system, run on a glibc-2.28 - OK > Build on a glibc-2.28 system, run on a glibc-2.27 - SEGFAULT > Build on a glibc-2.28 system, run on a glibc-2.28 - SEGFAULT > > (All other components including gcc otherwise identical) > > ./configure --prefix=/usr --build=x86_64-pc-linux-gnu > --host=x86_64-pc-linux-gnu --mandir=/usr/share/man > --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc > --localstatedir=/var/lib --disable-dependency-tracking > --disable-silent-rules --docdir=/usr/share/doc/dovecot-_p20180807 > --htmldir=/usr/share/doc/dovecot-_p20180807/html > --libdir=/usr/lib64 --with-rundir=/run/dovecot > --with-statedir=/var/lib/dovecot --with-moduledir=/usr/lib64/dovecot > --without-stemmer --disable-rpath --without-libbsd --with-icu > --with-ssl --with-systemdsystemunitdir=/lib/systemd/system > --with-sodium --with-bzlib --without-libcap --without-gssapi > --without-lua --without-ldap --with-lucene --with-lz4 --with-lzma > --without-mysql --with-pam --without-pgsql --without-sqlite > --without-solr --with-libwrap --without-textcat --without-vpopmail > --with-zlib --disable-static > > > Strace: > > thunderstorm /usr/libexec/dovecot # strace ./auth-old > execve("./auth-old", ["./auth-old"], 0x7ffd17c804c0 /* 27 vars */) = 0 > brk(NULL) = 0x557e9dc28000 > access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or > directory) > openat(AT_FDCWD, > "/usr/lib64/dovecot/old-stats/tls/x86_64/x86_64/libstats_auth.so", > O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) > stat("/usr/lib64/dovecot/old-stats/tls/x86_64/x86_64", 0x7ffcc7973020) > = -1 ENOENT (No such file or directory) > openat(AT_FDCWD, > "/usr/lib64/dovecot/old-stats/tls/x86_64/libstats_auth.so", > O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) > stat("/usr/lib64/dovecot/old-stats/tls/x86_64", 0x7ffcc7973020) = -1 > ENOENT (No such file or directory) > openat(AT_FDCWD, > "/usr/lib64/dovecot/old-stats/tls/x86_64/libstats_auth.so", > O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) > stat("/usr/lib64/dovecot/old-stats/tls/x86_64", 0x7ffcc7973020) = -1 > ENOENT (No such file or directory) > openat(AT_FDCWD, "/usr/lib64/dovecot/old-stats/tls/libstats_auth.so", > O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) > stat("/usr/lib64/dovecot/old-stats/tls", 0x7ffcc7973020) = -1 ENOENT > (No such file or directory) > openat(AT_FDCWD, &g
Reproducible SIGSEGV when Dovecot 2.3 compiled against glibc-2.28
Hi, Dovecot 2.3 (release and current -git) versions compile, but fail to run when compiled against glibc-2.28. This is what is logged on startup: Aug 8 08:24:39 thunderstorm.reub.net dovecot[569]: master: Dovecot v2.3.2.1 (0719df592) starting up for imap, lmtp, sieve, submission, sieve Aug 8 08:24:39 thunderstorm.reub.net dovecot[569]: master: Error: service(auth): command startup failed, throttling for 2 secs Aug 8 08:24:39 thunderstorm.reub.net dovecot[574]: auth: Fatal: master: service(auth): child 582 killed with signal 11 (core dumped) Aug 8 08:24:39 thunderstorm.reub.net dovecot[574]: replicator: Error: userdb lookup: Disconnected unexpectedly Aug 8 08:24:52 thunderstorm.reub.net dovecot[569]: master: Warning: Killed with signal 15 (by pid=670 uid=0 code=kill) The issue is specifically with the 'auth' binary. Other components all appear to be unaffected. The 'auth' binary dies with a Segmentation Fault when run as a standalone executable too. As the auth binary is critical to many different parts of Dovecot, a failure of this is catastrophic. This is a 100% reproducible problem. The platform is Gentoo x86_64. thunderstorm /usr/libexec/dovecot # ./auth-old Segmentation fault thunderstorm /usr/libexec/dovecot # [I've renamed the original binary to auth-old, and put in it's place a working 'auth' binary built against glibc-2.27 in order to have a functioning system] Problem matrix looks like this: Build on a glibc-2.27 system, run on a glibc-2.27 - OK Build on a glibc-2.27 system, run on a glibc-2.28 - OK Build on a glibc-2.28 system, run on a glibc-2.27 - SEGFAULT Build on a glibc-2.28 system, run on a glibc-2.28 - SEGFAULT (All other components including gcc otherwise identical) ./configure --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --disable-dependency-tracking --disable-silent-rules --docdir=/usr/share/doc/dovecot-_p20180807 --htmldir=/usr/share/doc/dovecot-_p20180807/html --libdir=/usr/lib64 --with-rundir=/run/dovecot --with-statedir=/var/lib/dovecot --with-moduledir=/usr/lib64/dovecot --without-stemmer --disable-rpath --without-libbsd --with-icu --with-ssl --with-systemdsystemunitdir=/lib/systemd/system --with-sodium --with-bzlib --without-libcap --without-gssapi --without-lua --without-ldap --with-lucene --with-lz4 --with-lzma --without-mysql --with-pam --without-pgsql --without-sqlite --without-solr --with-libwrap --without-textcat --without-vpopmail --with-zlib --disable-static Strace: thunderstorm /usr/libexec/dovecot # strace ./auth-old execve("./auth-old", ["./auth-old"], 0x7ffd17c804c0 /* 27 vars */) = 0 brk(NULL) = 0x557e9dc28000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib64/dovecot/old-stats/tls/x86_64/x86_64/libstats_auth.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/lib64/dovecot/old-stats/tls/x86_64/x86_64", 0x7ffcc7973020) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib64/dovecot/old-stats/tls/x86_64/libstats_auth.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/lib64/dovecot/old-stats/tls/x86_64", 0x7ffcc7973020) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib64/dovecot/old-stats/tls/x86_64/libstats_auth.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/lib64/dovecot/old-stats/tls/x86_64", 0x7ffcc7973020) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib64/dovecot/old-stats/tls/libstats_auth.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/lib64/dovecot/old-stats/tls", 0x7ffcc7973020) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib64/dovecot/old-stats/x86_64/x86_64/libstats_auth.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/lib64/dovecot/old-stats/x86_64/x86_64", 0x7ffcc7973020) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib64/dovecot/old-stats/x86_64/libstats_auth.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/lib64/dovecot/old-stats/x86_64", 0x7ffcc7973020) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib64/dovecot/old-stats/x86_64/libstats_auth.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/lib64/dovecot/old-stats/x86_64", 0x7ffcc7973020) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib64/dovecot/old-stats/libstats_auth.so", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\t\0\0\0\0\0\0"..
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
>> That is one of the reasons I do not bother since long with public CAs >> but rather deploy my own, including own OSCP responder. > May I ask, how you create a CA which is valid for clients without them > having to install your root cert? > > and CA trust in clients. Latter though could be easily overcome if browser and email clients were to support DNSSEC/DANE validation. That is where DANE/TLSA comes in but it requires DNSSEC/DANE validation in the client and of course DNSSEC and TLSA records in the domain's DNS. Notwithstanding that the upstream DNS resolvers utilized by clients need to support DNSSEC queries/answers as well. Whatever the reasons for lacking such validation support in most of the clients (incl. web browsers) one speculative is that it would kill commercial CAs (as such Let's Encrypt is one too through their sponsors), or at least has the potential to diminish their business (model). Suppose we are not hijacking this thread furthermore and avoid earning a discontent eventually ... ;)
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
On 2018-07-30 19:45, ѽ҉ᶬḳ℠ wrote: > That is one of the reasons I do not bother since long with public CAs > but rather deploy my own, including own OSCP responder. May I ask, how you create a CA which is valid for clients without them having to install your root cert? Cheers, K. C. -- regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944 Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944 /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */ signature.asc Description: OpenPGP digital signature
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
That is one of the reasons I do not bother since long with public CAs but rather deploy my own, including own OSCP responder. Which has of course has some drawbacks like redundancy, resilience, bandwidth provision, geographical spread, implementing CA security standards and CA trust in clients. Latter though could be easily overcome if browser and email clients were to support DNSSEC/DANE validation. It may not help you in the short term now but perhaps something to consider long term for the benefit of controlling the certificate handling/signing, depending on the CA scale. > Hello, > > I have discovered what I believe is the issue after hearing back from > Aquamail. And that is that android 7 which I'm running 7.0 that is, > only supports up to the p256 ecc curve. This brings up a question to > users of letsencrypt, when you revoke a certificate does it take it > out on the usage as well? I've got one domain that says i've issued to > many certificates for it and no more can be issued, thought I was > using the staging server. I'd like to get those certs off the > letsencrypt servers so I can make a new one using the p256 curve. Does > anyone know if this is doable? Using acme.sh I tried --revoke which > revoked one cert but letsencrypt still would not let me issue another. > > Thanks. > Dave. > > > On 7/30/18, Aki Tuomi wrote: >> I don't know how to get both RSA and ECC cert from letsencrypt. >> >> Aki >> >>> On 30 July 2018 at 20:43 David Mehler wrote: >>> >>> >>> Hello, >>> >>> What acme implementation do you use for your letsencrypt certificates? >>> If it's acme.sh how do you get both rsa and ecc certificates? What >>> configuration options are you using in your configuration of services >>> to allow access to both rsa and ecc? >>> >>> Thanks. >>> Dave. >>> >>> >>> On 7/30/18, David Mehler wrote: >>>> Hello, >>>> >>>> The client in question is the latest version of AquaMail running on >>>> android. >>>> >>>> Thanks. >>>> Dave. >>>> >>>> >>>> On 7/30/18, Aki Tuomi wrote: >>>>> You should, in practice, enable both. This gives best client >>>>> compability. >>>>> It >>>>> is possible you have clients that cannot understand ECC certificates? >>>>> You >>>>> can use ssl_alt_cert to provide RSA cert too. >>>>> >>>>> Aki >>>>> >>>>>> On 30 July 2018 at 20:05 David Mehler wrote: >>>>>> >>>>>> >>>>>> Hi, >>>>>> >>>>>> Thanks, good news is that worked. Bad news is it all looks good which >>>>>> means I do not know hwhy my remote clients can't get their email, >>>>>> looked like from the logs it was that. >>>>>> >>>>>> Would 143 be better or 993 for the external clients? >>>>>> >>>>>> Thanks. >>>>>> Dave. >>>>>> >>>>>> >>>>>> On 7/30/18, Aki Tuomi wrote: >>>>>>>> On 30 July 2018 at 19:16 David Mehler >>>>>>>> wrote: >>>>>>>> >>>>>>>> >>>>>>>> Hello, >>>>>>>> >>>>>>>> Does dovecot 2.3.x have any issues recognizing or using >>>>>>>> certificates >>>>>>>> that are ECC and wildcard? I'm trying to switch my letsencrypt >>>>>>>> implementation from acme-client which does not support either of >>>>>>>> those >>>>>>>> capabilities to acme.sh which does. Since then external clients >>>>>>>> checking their email has not worked. A manual telnet to >>>>>>>> mail.example.com 993 gives a connected message but then nothing no >>>>>>>> greeting or capabilities. >>>>>>>> >>>>>>>> The certificate is for example.com with an alt name of >>>>>>>> *.example.com >>>>>>>> if that's not right let me know, i'm not sure about that one, >>>>>>>> connecting to the web sites of these pages seems noticeably >>>>>>>> slower, >>>>>>>> I'm wondering if both of these issues aren't key related? >>>>>>>> >>>>>>>> Thanks. >>>>>>>> Dave. >>>>>>> These both should be fine. >>>>>>> >>>>>>> Port 993 is TLS encrypted, you should use openssl s_client -connect >>>>>>> server:993 >>>>>>> >>>>>>> Aki >>>>>>>
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
Revocation doesn’t remove the certificates; it just marks them as invalid when a TLS client bothers to check. -FG > On Jul 30, 2018, at 6:45 PM, David Mehler wrote: > > Hello, > > I have discovered what I believe is the issue after hearing back from > Aquamail. And that is that android 7 which I'm running 7.0 that is, > only supports up to the p256 ecc curve. This brings up a question to > users of letsencrypt, when you revoke a certificate does it take it > out on the usage as well? I've got one domain that says i've issued to > many certificates for it and no more can be issued, thought I was > using the staging server. I'd like to get those certs off the > letsencrypt servers so I can make a new one using the p256 curve. Does > anyone know if this is doable? Using acme.sh I tried --revoke which > revoked one cert but letsencrypt still would not let me issue another. > > Thanks. > Dave. > > > On 7/30/18, Aki Tuomi wrote: >> I don't know how to get both RSA and ECC cert from letsencrypt. >> >> Aki >> >>> On 30 July 2018 at 20:43 David Mehler wrote: >>> >>> >>> Hello, >>> >>> What acme implementation do you use for your letsencrypt certificates? >>> If it's acme.sh how do you get both rsa and ecc certificates? What >>> configuration options are you using in your configuration of services >>> to allow access to both rsa and ecc? >>> >>> Thanks. >>> Dave. >>> >>> >>> On 7/30/18, David Mehler wrote: >>>> Hello, >>>> >>>> The client in question is the latest version of AquaMail running on >>>> android. >>>> >>>> Thanks. >>>> Dave. >>>> >>>> >>>> On 7/30/18, Aki Tuomi wrote: >>>>> You should, in practice, enable both. This gives best client >>>>> compability. >>>>> It >>>>> is possible you have clients that cannot understand ECC certificates? >>>>> You >>>>> can use ssl_alt_cert to provide RSA cert too. >>>>> >>>>> Aki >>>>> >>>>>> On 30 July 2018 at 20:05 David Mehler wrote: >>>>>> >>>>>> >>>>>> Hi, >>>>>> >>>>>> Thanks, good news is that worked. Bad news is it all looks good which >>>>>> means I do not know hwhy my remote clients can't get their email, >>>>>> looked like from the logs it was that. >>>>>> >>>>>> Would 143 be better or 993 for the external clients? >>>>>> >>>>>> Thanks. >>>>>> Dave. >>>>>> >>>>>> >>>>>> On 7/30/18, Aki Tuomi wrote: >>>>>>> >>>>>>>> On 30 July 2018 at 19:16 David Mehler >>>>>>>> wrote: >>>>>>>> >>>>>>>> >>>>>>>> Hello, >>>>>>>> >>>>>>>> Does dovecot 2.3.x have any issues recognizing or using >>>>>>>> certificates >>>>>>>> that are ECC and wildcard? I'm trying to switch my letsencrypt >>>>>>>> implementation from acme-client which does not support either of >>>>>>>> those >>>>>>>> capabilities to acme.sh which does. Since then external clients >>>>>>>> checking their email has not worked. A manual telnet to >>>>>>>> mail.example.com 993 gives a connected message but then nothing no >>>>>>>> greeting or capabilities. >>>>>>>> >>>>>>>> The certificate is for example.com with an alt name of >>>>>>>> *.example.com >>>>>>>> if that's not right let me know, i'm not sure about that one, >>>>>>>> connecting to the web sites of these pages seems noticeably >>>>>>>> slower, >>>>>>>> I'm wondering if both of these issues aren't key related? >>>>>>>> >>>>>>>> Thanks. >>>>>>>> Dave. >>>>>>> >>>>>>> These both should be fine. >>>>>>> >>>>>>> Port 993 is TLS encrypted, you should use openssl s_client -connect >>>>>>> server:993 >>>>>>> >>>>>>> Aki >>>>>>> >>>>> >>>> >>
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
Hello, I have discovered what I believe is the issue after hearing back from Aquamail. And that is that android 7 which I'm running 7.0 that is, only supports up to the p256 ecc curve. This brings up a question to users of letsencrypt, when you revoke a certificate does it take it out on the usage as well? I've got one domain that says i've issued to many certificates for it and no more can be issued, thought I was using the staging server. I'd like to get those certs off the letsencrypt servers so I can make a new one using the p256 curve. Does anyone know if this is doable? Using acme.sh I tried --revoke which revoked one cert but letsencrypt still would not let me issue another. Thanks. Dave. On 7/30/18, Aki Tuomi wrote: > I don't know how to get both RSA and ECC cert from letsencrypt. > > Aki > >> On 30 July 2018 at 20:43 David Mehler wrote: >> >> >> Hello, >> >> What acme implementation do you use for your letsencrypt certificates? >> If it's acme.sh how do you get both rsa and ecc certificates? What >> configuration options are you using in your configuration of services >> to allow access to both rsa and ecc? >> >> Thanks. >> Dave. >> >> >> On 7/30/18, David Mehler wrote: >> > Hello, >> > >> > The client in question is the latest version of AquaMail running on >> > android. >> > >> > Thanks. >> > Dave. >> > >> > >> > On 7/30/18, Aki Tuomi wrote: >> >> You should, in practice, enable both. This gives best client >> >> compability. >> >> It >> >> is possible you have clients that cannot understand ECC certificates? >> >> You >> >> can use ssl_alt_cert to provide RSA cert too. >> >> >> >> Aki >> >> >> >>> On 30 July 2018 at 20:05 David Mehler wrote: >> >>> >> >>> >> >>> Hi, >> >>> >> >>> Thanks, good news is that worked. Bad news is it all looks good which >> >>> means I do not know hwhy my remote clients can't get their email, >> >>> looked like from the logs it was that. >> >>> >> >>> Would 143 be better or 993 for the external clients? >> >>> >> >>> Thanks. >> >>> Dave. >> >>> >> >>> >> >>> On 7/30/18, Aki Tuomi wrote: >> >>> > >> >>> >> On 30 July 2018 at 19:16 David Mehler >> >>> >> wrote: >> >>> >> >> >>> >> >> >>> >> Hello, >> >>> >> >> >>> >> Does dovecot 2.3.x have any issues recognizing or using >> >>> >> certificates >> >>> >> that are ECC and wildcard? I'm trying to switch my letsencrypt >> >>> >> implementation from acme-client which does not support either of >> >>> >> those >> >>> >> capabilities to acme.sh which does. Since then external clients >> >>> >> checking their email has not worked. A manual telnet to >> >>> >> mail.example.com 993 gives a connected message but then nothing no >> >>> >> greeting or capabilities. >> >>> >> >> >>> >> The certificate is for example.com with an alt name of >> >>> >> *.example.com >> >>> >> if that's not right let me know, i'm not sure about that one, >> >>> >> connecting to the web sites of these pages seems noticeably >> >>> >> slower, >> >>> >> I'm wondering if both of these issues aren't key related? >> >>> >> >> >>> >> Thanks. >> >>> >> Dave. >> >>> > >> >>> > These both should be fine. >> >>> > >> >>> > Port 993 is TLS encrypted, you should use openssl s_client -connect >> >>> > server:993 >> >>> > >> >>> > Aki >> >>> > >> >> >> > >
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
FWIW, it’s relatively straightforward to do this with my Perl ACME implementation, Net::ACME2. You’ll get your first certificate order using one key, then request another certificate with the other key. -FG > On Jul 30, 2018, at 1:49 PM, Aki Tuomi wrote: > > I don't know how to get both RSA and ECC cert from letsencrypt. > > Aki > >> On 30 July 2018 at 20:43 David Mehler wrote: >> >> >> Hello, >> >> What acme implementation do you use for your letsencrypt certificates? >> If it's acme.sh how do you get both rsa and ecc certificates? What >> configuration options are you using in your configuration of services >> to allow access to both rsa and ecc? >> >> Thanks. >> Dave. >> >> >> On 7/30/18, David Mehler wrote: >>> Hello, >>> >>> The client in question is the latest version of AquaMail running on >>> android. >>> >>> Thanks. >>> Dave. >>> >>> >>> On 7/30/18, Aki Tuomi wrote: >>>> You should, in practice, enable both. This gives best client compability. >>>> It >>>> is possible you have clients that cannot understand ECC certificates? You >>>> can use ssl_alt_cert to provide RSA cert too. >>>> >>>> Aki >>>> >>>>> On 30 July 2018 at 20:05 David Mehler wrote: >>>>> >>>>> >>>>> Hi, >>>>> >>>>> Thanks, good news is that worked. Bad news is it all looks good which >>>>> means I do not know hwhy my remote clients can't get their email, >>>>> looked like from the logs it was that. >>>>> >>>>> Would 143 be better or 993 for the external clients? >>>>> >>>>> Thanks. >>>>> Dave. >>>>> >>>>> >>>>> On 7/30/18, Aki Tuomi wrote: >>>>>> >>>>>>> On 30 July 2018 at 19:16 David Mehler wrote: >>>>>>> >>>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> Does dovecot 2.3.x have any issues recognizing or using certificates >>>>>>> that are ECC and wildcard? I'm trying to switch my letsencrypt >>>>>>> implementation from acme-client which does not support either of >>>>>>> those >>>>>>> capabilities to acme.sh which does. Since then external clients >>>>>>> checking their email has not worked. A manual telnet to >>>>>>> mail.example.com 993 gives a connected message but then nothing no >>>>>>> greeting or capabilities. >>>>>>> >>>>>>> The certificate is for example.com with an alt name of *.example.com >>>>>>> if that's not right let me know, i'm not sure about that one, >>>>>>> connecting to the web sites of these pages seems noticeably slower, >>>>>>> I'm wondering if both of these issues aren't key related? >>>>>>> >>>>>>> Thanks. >>>>>>> Dave. >>>>>> >>>>>> These both should be fine. >>>>>> >>>>>> Port 993 is TLS encrypted, you should use openssl s_client -connect >>>>>> server:993 >>>>>> >>>>>> Aki >>>>>> >>>> >>>
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
I don't know how to get both RSA and ECC cert from letsencrypt. Aki > On 30 July 2018 at 20:43 David Mehler wrote: > > > Hello, > > What acme implementation do you use for your letsencrypt certificates? > If it's acme.sh how do you get both rsa and ecc certificates? What > configuration options are you using in your configuration of services > to allow access to both rsa and ecc? > > Thanks. > Dave. > > > On 7/30/18, David Mehler wrote: > > Hello, > > > > The client in question is the latest version of AquaMail running on > > android. > > > > Thanks. > > Dave. > > > > > > On 7/30/18, Aki Tuomi wrote: > >> You should, in practice, enable both. This gives best client compability. > >> It > >> is possible you have clients that cannot understand ECC certificates? You > >> can use ssl_alt_cert to provide RSA cert too. > >> > >> Aki > >> > >>> On 30 July 2018 at 20:05 David Mehler wrote: > >>> > >>> > >>> Hi, > >>> > >>> Thanks, good news is that worked. Bad news is it all looks good which > >>> means I do not know hwhy my remote clients can't get their email, > >>> looked like from the logs it was that. > >>> > >>> Would 143 be better or 993 for the external clients? > >>> > >>> Thanks. > >>> Dave. > >>> > >>> > >>> On 7/30/18, Aki Tuomi wrote: > >>> > > >>> >> On 30 July 2018 at 19:16 David Mehler wrote: > >>> >> > >>> >> > >>> >> Hello, > >>> >> > >>> >> Does dovecot 2.3.x have any issues recognizing or using certificates > >>> >> that are ECC and wildcard? I'm trying to switch my letsencrypt > >>> >> implementation from acme-client which does not support either of > >>> >> those > >>> >> capabilities to acme.sh which does. Since then external clients > >>> >> checking their email has not worked. A manual telnet to > >>> >> mail.example.com 993 gives a connected message but then nothing no > >>> >> greeting or capabilities. > >>> >> > >>> >> The certificate is for example.com with an alt name of *.example.com > >>> >> if that's not right let me know, i'm not sure about that one, > >>> >> connecting to the web sites of these pages seems noticeably slower, > >>> >> I'm wondering if both of these issues aren't key related? > >>> >> > >>> >> Thanks. > >>> >> Dave. > >>> > > >>> > These both should be fine. > >>> > > >>> > Port 993 is TLS encrypted, you should use openssl s_client -connect > >>> > server:993 > >>> > > >>> > Aki > >>> > > >> > >
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
Hello, What acme implementation do you use for your letsencrypt certificates? If it's acme.sh how do you get both rsa and ecc certificates? What configuration options are you using in your configuration of services to allow access to both rsa and ecc? Thanks. Dave. On 7/30/18, David Mehler wrote: > Hello, > > The client in question is the latest version of AquaMail running on > android. > > Thanks. > Dave. > > > On 7/30/18, Aki Tuomi wrote: >> You should, in practice, enable both. This gives best client compability. >> It >> is possible you have clients that cannot understand ECC certificates? You >> can use ssl_alt_cert to provide RSA cert too. >> >> Aki >> >>> On 30 July 2018 at 20:05 David Mehler wrote: >>> >>> >>> Hi, >>> >>> Thanks, good news is that worked. Bad news is it all looks good which >>> means I do not know hwhy my remote clients can't get their email, >>> looked like from the logs it was that. >>> >>> Would 143 be better or 993 for the external clients? >>> >>> Thanks. >>> Dave. >>> >>> >>> On 7/30/18, Aki Tuomi wrote: >>> > >>> >> On 30 July 2018 at 19:16 David Mehler wrote: >>> >> >>> >> >>> >> Hello, >>> >> >>> >> Does dovecot 2.3.x have any issues recognizing or using certificates >>> >> that are ECC and wildcard? I'm trying to switch my letsencrypt >>> >> implementation from acme-client which does not support either of >>> >> those >>> >> capabilities to acme.sh which does. Since then external clients >>> >> checking their email has not worked. A manual telnet to >>> >> mail.example.com 993 gives a connected message but then nothing no >>> >> greeting or capabilities. >>> >> >>> >> The certificate is for example.com with an alt name of *.example.com >>> >> if that's not right let me know, i'm not sure about that one, >>> >> connecting to the web sites of these pages seems noticeably slower, >>> >> I'm wondering if both of these issues aren't key related? >>> >> >>> >> Thanks. >>> >> Dave. >>> > >>> > These both should be fine. >>> > >>> > Port 993 is TLS encrypted, you should use openssl s_client -connect >>> > server:993 >>> > >>> > Aki >>> > >> >
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
Hello, The client in question is the latest version of AquaMail running on android. Thanks. Dave. On 7/30/18, Aki Tuomi wrote: > You should, in practice, enable both. This gives best client compability. It > is possible you have clients that cannot understand ECC certificates? You > can use ssl_alt_cert to provide RSA cert too. > > Aki > >> On 30 July 2018 at 20:05 David Mehler wrote: >> >> >> Hi, >> >> Thanks, good news is that worked. Bad news is it all looks good which >> means I do not know hwhy my remote clients can't get their email, >> looked like from the logs it was that. >> >> Would 143 be better or 993 for the external clients? >> >> Thanks. >> Dave. >> >> >> On 7/30/18, Aki Tuomi wrote: >> > >> >> On 30 July 2018 at 19:16 David Mehler wrote: >> >> >> >> >> >> Hello, >> >> >> >> Does dovecot 2.3.x have any issues recognizing or using certificates >> >> that are ECC and wildcard? I'm trying to switch my letsencrypt >> >> implementation from acme-client which does not support either of those >> >> capabilities to acme.sh which does. Since then external clients >> >> checking their email has not worked. A manual telnet to >> >> mail.example.com 993 gives a connected message but then nothing no >> >> greeting or capabilities. >> >> >> >> The certificate is for example.com with an alt name of *.example.com >> >> if that's not right let me know, i'm not sure about that one, >> >> connecting to the web sites of these pages seems noticeably slower, >> >> I'm wondering if both of these issues aren't key related? >> >> >> >> Thanks. >> >> Dave. >> > >> > These both should be fine. >> > >> > Port 993 is TLS encrypted, you should use openssl s_client -connect >> > server:993 >> > >> > Aki >> > >
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
You should, in practice, enable both. This gives best client compability. It is possible you have clients that cannot understand ECC certificates? You can use ssl_alt_cert to provide RSA cert too. Aki > On 30 July 2018 at 20:05 David Mehler wrote: > > > Hi, > > Thanks, good news is that worked. Bad news is it all looks good which > means I do not know hwhy my remote clients can't get their email, > looked like from the logs it was that. > > Would 143 be better or 993 for the external clients? > > Thanks. > Dave. > > > On 7/30/18, Aki Tuomi wrote: > > > >> On 30 July 2018 at 19:16 David Mehler wrote: > >> > >> > >> Hello, > >> > >> Does dovecot 2.3.x have any issues recognizing or using certificates > >> that are ECC and wildcard? I'm trying to switch my letsencrypt > >> implementation from acme-client which does not support either of those > >> capabilities to acme.sh which does. Since then external clients > >> checking their email has not worked. A manual telnet to > >> mail.example.com 993 gives a connected message but then nothing no > >> greeting or capabilities. > >> > >> The certificate is for example.com with an alt name of *.example.com > >> if that's not right let me know, i'm not sure about that one, > >> connecting to the web sites of these pages seems noticeably slower, > >> I'm wondering if both of these issues aren't key related? > >> > >> Thanks. > >> Dave. > > > > These both should be fine. > > > > Port 993 is TLS encrypted, you should use openssl s_client -connect > > server:993 > > > > Aki > >
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
Hi, Thanks, good news is that worked. Bad news is it all looks good which means I do not know hwhy my remote clients can't get their email, looked like from the logs it was that. Would 143 be better or 993 for the external clients? Thanks. Dave. On 7/30/18, Aki Tuomi wrote: > >> On 30 July 2018 at 19:16 David Mehler wrote: >> >> >> Hello, >> >> Does dovecot 2.3.x have any issues recognizing or using certificates >> that are ECC and wildcard? I'm trying to switch my letsencrypt >> implementation from acme-client which does not support either of those >> capabilities to acme.sh which does. Since then external clients >> checking their email has not worked. A manual telnet to >> mail.example.com 993 gives a connected message but then nothing no >> greeting or capabilities. >> >> The certificate is for example.com with an alt name of *.example.com >> if that's not right let me know, i'm not sure about that one, >> connecting to the web sites of these pages seems noticeably slower, >> I'm wondering if both of these issues aren't key related? >> >> Thanks. >> Dave. > > These both should be fine. > > Port 993 is TLS encrypted, you should use openssl s_client -connect > server:993 > > Aki >
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
> On 30 July 2018 at 19:16 David Mehler wrote: > > > Hello, > > Does dovecot 2.3.x have any issues recognizing or using certificates > that are ECC and wildcard? I'm trying to switch my letsencrypt > implementation from acme-client which does not support either of those > capabilities to acme.sh which does. Since then external clients > checking their email has not worked. A manual telnet to > mail.example.com 993 gives a connected message but then nothing no > greeting or capabilities. > > The certificate is for example.com with an alt name of *.example.com > if that's not right let me know, i'm not sure about that one, > connecting to the web sites of these pages seems noticeably slower, > I'm wondering if both of these issues aren't key related? > > Thanks. > Dave. These both should be fine. Port 993 is TLS encrypted, you should use openssl s_client -connect server:993 Aki
dovecot 2.3.x, ECC and wildcard certificates, any issues
Hello, Does dovecot 2.3.x have any issues recognizing or using certificates that are ECC and wildcard? I'm trying to switch my letsencrypt implementation from acme-client which does not support either of those capabilities to acme.sh which does. Since then external clients checking their email has not worked. A manual telnet to mail.example.com 993 gives a connected message but then nothing no greeting or capabilities. The certificate is for example.com with an alt name of *.example.com if that's not right let me know, i'm not sure about that one, connecting to the web sites of these pages seems noticeably slower, I'm wondering if both of these issues aren't key related? Thanks. Dave.
Re: Lmtp issues on dovecot 2.3.x with big messages
Op 23-5-2018 om 7:48 schreef Reio Remma: On 17.04.2018 2:21, Stephan Bosch wrote: Op 16/04/2018 om 19:57 schreef Michael Tratz: Messages are being sent to dovecot LMTP by postfix. If I change this email to another server with dovecot 2.2.x the same message are delivered immediately. Confirmed. Starts to fail here around 30Mb. Tested with Swaks. Working on a fix... Problem found. It is an explicit limit of 40Mb (for the 30Mb I saw in my tests, there was also a base64 encoding I forgot about). Will fix both the unhelpful error and the fact that there should be no limit (currently) for LMTP. Stephan, I’m having the same issue with LMTP and large messages with dovecot 2.3.x. Can you tell me which commit fixes this issue? I looked through the GitHub commits, but it’s not clear to me which commit fixes this issue. I’d like to apply the patch and re-compile dovecot for my machines instead of having to downgrade to 2.2.35. This fix is currently pending: https://github.com/stephanbosch/dovecot-core/commits/lmtp-fix-msg-size-limit I'm seeing some CI issues still and I am waiting on some input from someone else. Regards, Stephan. Any news on when this fix might turn up in a release? Release schedule tells me it will be part of 2.3.2, which should roll out some time mid June. Regards, Stephan.
Re: Lmtp issues on dovecot 2.3.x with big messages
On 17.04.2018 2:21, Stephan Bosch wrote: Op 16/04/2018 om 19:57 schreef Michael Tratz: Messages are being sent to dovecot LMTP by postfix. If I change this email to another server with dovecot 2.2.x the same message are delivered immediately. Confirmed. Starts to fail here around 30Mb. Tested with Swaks. Working on a fix... Problem found. It is an explicit limit of 40Mb (for the 30Mb I saw in my tests, there was also a base64 encoding I forgot about). Will fix both the unhelpful error and the fact that there should be no limit (currently) for LMTP. Stephan, I’m having the same issue with LMTP and large messages with dovecot 2.3.x. Can you tell me which commit fixes this issue? I looked through the GitHub commits, but it’s not clear to me which commit fixes this issue. I’d like to apply the patch and re-compile dovecot for my machines instead of having to downgrade to 2.2.35. This fix is currently pending: https://github.com/stephanbosch/dovecot-core/commits/lmtp-fix-msg-size-limit I'm seeing some CI issues still and I am waiting on some input from someone else. Regards, Stephan. Any news on when this fix might turn up in a release? Thanks, Reio
dovecot 2.3 on Ubuntu 18.04 LTS
Hello, I'm running dovecot 2.3 from repo.dovecot.org <http://repo.dovecot.org/> on ubuntu 16.04 LTS, and I'm wondering if there is a scheduled date for the release of the bionic package in that repository. The Ubuntu mainstream version is based on the 2.2 branch, which prevent us to use it. Thanks.
Re: Lmtp issues on dovecot 2.3.x with big messages
Op 16/04/2018 om 19:57 schreef Michael Tratz: Messages are being sent to dovecot LMTP by postfix. If I change this email to another server with dovecot 2.2.x the same message are delivered immediately. Confirmed. Starts to fail here around 30Mb. Tested with Swaks. Working on a fix... Problem found. It is an explicit limit of 40Mb (for the 30Mb I saw in my tests, there was also a base64 encoding I forgot about). Will fix both the unhelpful error and the fact that there should be no limit (currently) for LMTP. Stephan, I’m having the same issue with LMTP and large messages with dovecot 2.3.x. Can you tell me which commit fixes this issue? I looked through the GitHub commits, but it’s not clear to me which commit fixes this issue. I’d like to apply the patch and re-compile dovecot for my machines instead of having to downgrade to 2.2.35. This fix is currently pending: https://github.com/stephanbosch/dovecot-core/commits/lmtp-fix-msg-size-limit I'm seeing some CI issues still and I am waiting on some input from someone else. Regards, Stephan.
Re: Lmtp issues on dovecot 2.3.x with big messages
> >> Messages are being sent to dovecot LMTP by postfix. If I change this email > >> to another server with dovecot 2.2.x the same message are delivered > >> immediately. > > Confirmed. Starts to fail here around 30Mb. Tested with Swaks. > > > > Working on a fix... > > Problem found. It is an explicit limit of 40Mb (for the 30Mb I saw in my > tests, there was also a base64 encoding I forgot about). > > Will fix both the unhelpful error and the fact that there should be no > limit (currently) for LMTP. > Stephan, I’m having the same issue with LMTP and large messages with dovecot 2.3.x. Can you tell me which commit fixes this issue? I looked through the GitHub commits, but it’s not clear to me which commit fixes this issue. I’d like to apply the patch and re-compile dovecot for my machines instead of having to downgrade to 2.2.35. Thanks, Michael
Re: Lmtp issues on dovecot 2.3.x with big messages
Op 4/4/2018 om 11:38 PM schreef Stephan Bosch: > Op 4/4/2018 om 8:26 PM schreef Ricardo Machini Barbosa: >> Hello, >> >> After update dovecot to version 2.3.x, LMTP stopped to receive big messages >> ( > 45 MB ). >> Messages are being sent to dovecot LMTP by postfix. If I change this email >> to another server with dovecot 2.2.x the same message are delivered >> immediately. > Confirmed. Starts to fail here around 30Mb. Tested with Swaks. > > Working on a fix... Problem found. It is an explicit limit of 40Mb (for the 30Mb I saw in my tests, there was also a base64 encoding I forgot about). Will fix both the unhelpful error and the fact that there should be no limit (currently) for LMTP. Regards, Stephan.
Re: Lmtp issues on dovecot 2.3.x with big messages
Op 4/4/2018 om 8:26 PM schreef Ricardo Machini Barbosa: > Hello, > > After update dovecot to version 2.3.x, LMTP stopped to receive big messages > ( > 45 MB ). > Messages are being sent to dovecot LMTP by postfix. If I change this email > to another server with dovecot 2.2.x the same message are delivered > immediately. Confirmed. Starts to fail here around 30Mb. Tested with Swaks. Working on a fix... Regards, Stephan.
Lmtp issues on dovecot 2.3.x with big messages
Hello, After update dovecot to version 2.3.x, LMTP stopped to receive big messages ( > 45 MB ). Messages are being sent to dovecot LMTP by postfix. If I change this email to another server with dovecot 2.2.x the same message are delivered immediately. Log with mail_debug = yes: Apr 4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= Apr 4 13:36:13 mailsrv01 dovecot: lmtp(190031): Connect from 10.0.5.3 Apr 4 13:36:13 mailsrv01 dovecot: lmtp(mailto:mailsr...@dominio.com.br)<190031>: Debug: Loading modules from directory: /usr/lib64/dovecot Apr 4 13:36:13 mailsrv01 dovecot: lmtp(mailto:mailsr...@dominio.com.br)<190031>: Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so Apr 4 13:36:13 mailsrv01 dovecot: lmtp(mailto:mailsr...@dominio.com.br)<190031>: Debug: Module loaded: /usr/lib64/dovecot/lib20_quota_clone_plugin.so Apr 4 13:36:13 mailsrv01 dovecot: lmtp(mailto:mailsr...@dominio.com.br)<190031>: Debug: Module loaded: /usr/lib64/dovecot/lib90_sieve_plugin.so Apr 4 13:36:13 mailsrv01 dovecot: lmtp(mailto:mailsr...@dominio.com.br)<190031>: Debug: auth USER input: mailto:mailsr...@dominio.com.br home=/mail/data/dovecot/mailbox/dominio.com.br/m/h4/mailsrv01 quota_rule=*:bytes=53687091200 Apr 4 13:36:13 mailsrv01 dovecot: lmtp(mailto:mailsr...@dominio.com.br)<190031>: Debug: Added userdb setting: plugin/quota_rule=*:bytes=53687091200 Apr 4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: Effective uid=1000, gid=1000, home=/mail/data/dovecot/mailbox/dominio.com.br/m/h4/mailsrv01 Apr 4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: Quota root: name=User quota backend=count args= Apr 4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: Quota rule: root=User quota mailbox=* bytes=53687091200 messages=0 Apr 4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: Quota rule: root=User quota mailbox=Itens Excluídos bytes=+209715200 messages=0 Apr 4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: Quota warning: bytes=51002736640 (95%) messages=0 reverse=no command=quota-warning 95 mailto:mailsr...@dominio.com.br Apr 4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: Quota warning: bytes=42949672960 (80%) messages=0 reverse=no command=quota-warning 80 mailto:mailsr...@dominio.com.br Apr 4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: Quota grace: root=User quota bytes=5368709120 (10%) Apr 4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: Namespace inbox: type=private, prefix=, sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:~/mdbox:ALT=/altstorage/mail/data/dovecot/mailbox/dominio.com .br/m/h4/mailsrv01/mdbox Apr 4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: fs: root=/mail/data/dovecot/mailbox/dominio.com.br/m/h4/mailsrv01/mdbox, index=, indexpvt=, control=, inbox=, alt=/altstorage/mail/data/dovecot/mailbox/dominio.com.br/m/h4/mailsrv01/mdbo x Apr 4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: quota: quota_over_flag check: quota_over_script unset - skipping Apr 4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: INBOX: Mailbox opened because: quota count Apr 4 13:36:14 mailsrv01 dovecot: lmtp(190031): Error: lmtp-server: conn 10.0.5.3:41579 [0]: Connection lost during data transfer: read(10.0.5.3:41579 [0]) failed: Apr 4 13:36:14 mailsrv01 dovecot: lmtp(190031): Disconnect from 10.0.5.3: Read failure (state = DATA) Strace on this process (final lines): 190074 read(15, "4SJuCeSNxH05pyfK+aO5hKKkrPY8n8TeBNH\r\ngvJ5LrV54YxgtG6Blkx0wfTIxWZ4Z1PU9R1a 7hs7YQadaqfMkPIc5wCP8Ko69eXE8GoRSySpCh2g\r\ns/UA8Hn8K6nwrpscXhd5Vupfttw/mqFX 5WTqCD6DvxUSxdTeTM5YSFvdVhmueK/7Mguba8mkmuY/\r\nlAC580Zxn6CuP8GeLrq31oWOhotx cXzYkVlGVj7n0yMn9Kf4h0LXZ7o393p8U1o5UnbMPnVsDIz2\r\n9R1617R8H/BWl2vhnxDfXUcF rqYnVYJBuJxySB6ZwPzonKMlZkU4SjscV4puNW1a/nkvWZPscZij\r\nUqR5YI569WP+FeWx+FUs oY573fCzjIJbdux3OD1r3zWPEVpYmRbyyS6WJljjkcbizsOOnQ8155q3\r\nhnWdVkkQMbKKF1fa w+6vpj19q3o01y3RhiPi1J9H8KwavaKn2mFFGwGUEEkH3PGOD9K9bvrzwvpk\r\neu29rrs"..., 8192) = 8192 190074 write(8, "4SJuCeSNxH05pyfK+aO5hKKkrPY8n8TeBNH\r\ngvJ5LrV54YxgtG6Blkx0wfTIxWZ4Z1PU9R1a 7hs7YQadaqfMkPIc5wCP8Ko69eXE8GoRSySpCh2g\r\ns/UA8Hn8K6nwrpscXhd5Vupfttw/mqFX 5WTqCD6DvxUSxdTeTM5YSFvdVhmueK/7Mguba8mkmuY/\r\nlAC580Zxn6CuP8GeLrq31oWOhotx cXzYkVlGVj7n0yMn9Kf4h0LXZ7o393p8U1o5UnbMPnVsDIz2\r\n9R1617R8H/BWl2vhnxDfXUcF rqYnVYJBuJxySB6ZwPzonKMlZkU4SjscV4puNW1a/nkvWZPscZij\r\nUqR5YI569WP+FeWx+FUs oY573fCzjIJbdux3OD1r3zWPEVpYmRbyyS6WJljjkcbizsOOnQ8155q3\r\nhnWdVkkQMbKKF1fa w+6vpj19q3o01y3RhiPi1J9H8KwavaKn2mFFGwGUEEkH3PGOD9K9bvrzwvpk\r\neu29rrs"..., 8192) = 8192 190074 read(15, "S5huvLRmJ+YBc8A8nI9/x5cXQxLfNS28t\r\nylCLVmfo3Yx/BdrhLHxbpXgiwexjAiNsEtnuXA /iJdWCtn5vmPXGK/HZfENnL8atQ8S6d4T0nwwh\r\nvHFz9ohKouSTuj+UdQRjqAcHNey6vH4wjg fWP+Fl6v8AbpY2juXFskrwRnkg7shznJ5FfPfjX4ly\r\nz29npvibXtE1S+tSFhvmkWM5IIGB/D 9O3A5r6PhaEnUlCoua/RnNivcjzRR6/wDFLx9BqKXV7f8A\r\njz+0tE07TxENOewK7GUHaHnJ+c k56DGNtfPngz4gazr1pa2XhN3tdbZwTE7FlgkJ/hVvlUFR745r\r\ngZPDWsapqF7/AGrL4g1TTb tlMdzBumjI6DbjIwMfoa1tc+C/xI8E2SfEX4fWl
Re: Dovecot 2.3 panic
Hi! Can you install debugging symbols and try get core? A backtrace would help a lot! https://dovecot.org/bugreport.html Aki On 29.03.2018 00:50, Martynas Bendorius wrote: > Dovecot version: 2.3.1 (happens with 2.3.x too) > OS: CentOS 7 64-bit > > Mar 28 16:29:24 lmtp(30383): Panic: file lib-event.c: line 182 > (event_pop_global): assertion failed: (event != NULL) > Mar 28 16:29:24 lmtp(30383): Error: Raw backtrace: > /usr/lib/dovecot/libdovecot.so.0(+0xcc7a4) [0x7fac7f5177a4] -> > /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7fac7f5177ea] > -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fac7f48826b] -> > /usr/lib/dovecot/libdovecot.so.0(+0xe8392) [0x7fac7f533392] -> > /usr/lib/dovecot/libdovecot-storage.so.0(+0x4ffc8) [0x7fac7f814fc8] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_context_deactivate+0x5d) > [0x7fac7f52ec5d] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x85) > [0x7fac7f52f055] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) > [0x7fac7f53092f] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7fac7f52f132] > -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fac7f52f358] -> > /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fac7f4ab6e3] -> > dovecot/lmtp [local READY](main+0x229) [0x7fac7ff4a319] -> > /lib64/libc.so.6(__libc_start_main+0xf5) [0x7fac7f0a9c05] -> dovecot/lmtp > [local READY](+0x5445) [0x7fac7ff4a445] > Mar 28 16:30:03 lmtp(17330): Panic: file lib-event.c: line 182 > (event_pop_global): assertion failed: (event != NULL) > Mar 28 16:30:03 lmtp(17330): Error: Raw backtrace: > /usr/lib/dovecot/libdovecot.so.0(+0xcc7a4) [0x7f31e1b977a4] -> > /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7f31e1b977ea] > -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f31e1b0826b] -> > /usr/lib/dovecot/libdovecot.so.0(+0xe8392) [0x7f31e1bb3392] -> > /usr/lib/dovecot/libdovecot-storage.so.0(+0x4ffc8) [0x7f31e1e94fc8] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_context_deactivate+0x5d) > [0x7f31e1baec5d] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x85) > [0x7f31e1baf055] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) > [0x7f31e1bb092f] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7f31e1baf132] > -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f31e1baf358] -> > /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f31e1b2b6e3] -> > dovecot/lmtp [local READY](main+0x229) [0x7f31e25ca319] -> > /lib64/libc.so.6(__libc_start_main+0xf5) [0x7f31e1729c05] -> dovecot/lmtp > [local READY](+0x5445) [0x7f31e25ca445] > Mar 28 16:31:52 lmtp(883): Panic: file lib-event.c: line 182 > (event_pop_global): assertion failed: (event != NULL) > Mar 28 16:31:52 lmtp(883): Error: Raw backtrace: > /usr/lib/dovecot/libdovecot.so.0(+0xcc7a4) [0x7feb746127a4] -> > /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7feb746127ea] > -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7feb7458326b] -> > /usr/lib/dovecot/libdovecot.so.0(+0xe8392) [0x7feb7462e392] -> > /usr/lib/dovecot/libdovecot-storage.so.0(+0x4ffc8) [0x7feb7490ffc8] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_context_deactivate+0x5d) > [0x7feb74629c5d] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x85) > [0x7feb7462a055] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) > [0x7feb7462b92f] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7feb7462a132] > -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7feb7462a358] -> > /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7feb745a66e3] -> > dovecot/lmtp [local READY](main+0x229) [0x7feb75045319] -> > /lib64/libc.so.6(__libc_start_main+0xf5) [0x7feb741a4c05] -> dovecot/lmtp > [local READY](+0x5445) [0x7feb75045445] > > # 2.3.1 (8e2f634): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.5.1 (d9bc6dfe) > # OS: Linux 3.10.0-714.10.2.lve1.5.12.el7.x86_64 x86_64 CloudLinux release > 7.4 (Georgy Grechko) > # Hostname: XXX > auth_username_chars = > abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@& > auth_verbose = yes > default_client_limit = 12288 > default_login_user = dovecot > default_process_limit = 2048 > default_vsz_limit = 512 M > disable_plaintext_auth = no > listen = * > lmtp_rcpt_check_quota = yes > login_greeting = Dovecot ready. > mail_access_groups = mail > mail_location = maildir:~/Maildir > mail_max_userip_connections = 150 > mail_plugins = " quota" > maildir_copy_with_hardlinks = no > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date index ihave > duplicate mime foreverypart extracttext > passdb { > driver = shadow > username_filter = !*@* > }
Dovecot 2.3 panic
Dovecot version: 2.3.1 (happens with 2.3.x too) OS: CentOS 7 64-bit Mar 28 16:29:24 lmtp(30383): Panic: file lib-event.c: line 182 (event_pop_global): assertion failed: (event != NULL) Mar 28 16:29:24 lmtp(30383): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0xcc7a4) [0x7fac7f5177a4] -> /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7fac7f5177ea] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fac7f48826b] -> /usr/lib/dovecot/libdovecot.so.0(+0xe8392) [0x7fac7f533392] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x4ffc8) [0x7fac7f814fc8] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_context_deactivate+0x5d) [0x7fac7f52ec5d] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x85) [0x7fac7f52f055] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) [0x7fac7f53092f] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7fac7f52f132] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fac7f52f358] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fac7f4ab6e3] -> dovecot/lmtp [local READY](main+0x229) [0x7fac7ff4a319] -> /lib64/libc.so.6(__libc_start_main+0xf5) [0x7fac7f0a9c05] -> dovecot/lmtp [local READY](+0x5445) [0x7fac7ff4a445] Mar 28 16:30:03 lmtp(17330): Panic: file lib-event.c: line 182 (event_pop_global): assertion failed: (event != NULL) Mar 28 16:30:03 lmtp(17330): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0xcc7a4) [0x7f31e1b977a4] -> /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7f31e1b977ea] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f31e1b0826b] -> /usr/lib/dovecot/libdovecot.so.0(+0xe8392) [0x7f31e1bb3392] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x4ffc8) [0x7f31e1e94fc8] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_context_deactivate+0x5d) [0x7f31e1baec5d] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x85) [0x7f31e1baf055] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) [0x7f31e1bb092f] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7f31e1baf132] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f31e1baf358] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f31e1b2b6e3] -> dovecot/lmtp [local READY](main+0x229) [0x7f31e25ca319] -> /lib64/libc.so.6(__libc_start_main+0xf5) [0x7f31e1729c05] -> dovecot/lmtp [local READY](+0x5445) [0x7f31e25ca445] Mar 28 16:31:52 lmtp(883): Panic: file lib-event.c: line 182 (event_pop_global): assertion failed: (event != NULL) Mar 28 16:31:52 lmtp(883): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0xcc7a4) [0x7feb746127a4] -> /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7feb746127ea] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7feb7458326b] -> /usr/lib/dovecot/libdovecot.so.0(+0xe8392) [0x7feb7462e392] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x4ffc8) [0x7feb7490ffc8] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_context_deactivate+0x5d) [0x7feb74629c5d] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x85) [0x7feb7462a055] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) [0x7feb7462b92f] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7feb7462a132] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7feb7462a358] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7feb745a66e3] -> dovecot/lmtp [local READY](main+0x229) [0x7feb75045319] -> /lib64/libc.so.6(__libc_start_main+0xf5) [0x7feb741a4c05] -> dovecot/lmtp [local READY](+0x5445) [0x7feb75045445] # 2.3.1 (8e2f634): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.1 (d9bc6dfe) # OS: Linux 3.10.0-714.10.2.lve1.5.12.el7.x86_64 x86_64 CloudLinux release 7.4 (Georgy Grechko) # Hostname: XXX auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@& auth_verbose = yes default_client_limit = 12288 default_login_user = dovecot default_process_limit = 2048 default_vsz_limit = 512 M disable_plaintext_auth = no listen = * lmtp_rcpt_check_quota = yes login_greeting = Dovecot ready. mail_access_groups = mail mail_location = maildir:~/Maildir mail_max_userip_connections = 150 mail_plugins = " quota" maildir_copy_with_hardlinks = no managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext passdb { driver = shadow username_filter = !*@* } passdb { args = username_format=%n /etc/virtual/%d/passwd driver = passwd-file username_filter = *@* } plugin { quota = maildir sieve = file:~/sieve;active=~/.dovecot.sieve sieve_default = /var/lib/dovecot/sieve/default.sieve sieve_global = /var/lib/dovecot/sieve/global/ } protocols = imap pop3 lmtp sieve service auth { user = root } service
Re: Bug in dovecot 2.3 virtual plugin
Hi there! I compiled dovecot from git on 5.2.2018. The id of the last commit is: $ git log --format="%H" -n 1 83b1300b96e753206f9226e3738a7ad9f5428a75 From https://github.com/dovecot/core.git There is a new error, when i try to open a virtual folder for my archiv (almost 30.000 mails) in thunderbird, also in k9-mail on android. Feb 07 11:09:55 aldebaran dovecot[7455]: imap(jakob)<7472>: Panic: Leaked view for index /var/lib/dovecot/db/indexes/archiv/jakob/Archiv/2016/Mailinglisten/stvkr-a/dovecot.index: Opened in index-storage.c:336 Feb 07 11:09:55 aldebaran dovecot[7455]: imap(jakob)<7472>: Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc9431) [0x7f6edc3dd431] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc94fa) [0x7f6edc3dd4fa] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f6edc34fbe8] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf44f2) [0x7f6edc77b4f2] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_close+0x72) [0x7f6edc752d32] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) [0x7f6edc6d227a] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xa700) [0x7f6ed78e8700] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_open+0x2b) [0x7f6ed78e889b] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x12a9) [0x7f6ed78eba79] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x51) [0x7f6edc6d4781] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) [0x7f6edc6d4837] -> dovecot/imap [jakob 92.60.9.18 select](cmd_select_full+0x17e) [0x55bde8d2a08e] -> dovecot/imap [jakob 92.60.9.18 select](command_exec+0x64) [0x55bde8d318d4] -> dovecot/imap [jakob 92.60.9.18 select](+0x1bd82) [0x55bde8d2fd82] -> dovecot/imap [jakob 92.60.9.18 select](+0x1be1c) [0x55bde8d2fe1c] -> dovecot/imap [jakob 92.60.9.18 select](client_handle_input+0x1b5) [0x55bde8d30225] -> dovecot/imap [jakob 92.60.9.18 select](client_input+0xa4) [0x55bde8d30844] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7f6edc3f51c9] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x12e) [0x7f6edc3f6a3e] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x4c) [0x7f6edc3f52cc] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f6edc3f54d8] -> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f6edc3725d3] -> dovecot/imap [jakob 92.60.9.18 select](main+0x339) [0x55bde8d22599] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xea) [0x7f6edbf7ef2a] -> dovecot/imap [jakob 92.60.9.18 select](_start+0x2a) [0x55bde8d2277a] Feb 07 11:09:55 aldebaran dovecot[7455]: imap(jakob)<7472>: Fatal: master: service(imap): child 7472 killed with signal 6 (core not dumped) Feb 07 11:09:55 aldebaran dovecot[7455]: imap-login: Login: user=, method=CRAM-MD5, rip=1.2.3.4, lip=192.168.0.14, mpid=7474, TLS, session= Feb 07 11:09:56 aldebaran dovecot[7455]: imap(jakob)<7474>: Panic: Leaked view for index /var/lib/dovecot/db/indexes/archiv/jakob/Archiv/2016/Mailinglisten/stvkr-a/dovecot.index: Opened in index-storage.c:336 Feb 07 11:09:56 aldebaran dovecot[7455]: imap(jakob)<7474>: Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc9431) [0x7fc44d019431] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc94fa) [0x7fc44d0194fa] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fc44cf8bbe8] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf44f2) [0x7fc44d3b74f2] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_close+0x72) [0x7fc44d38ed32] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) [0x7fc44d30e27a] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xa700) [0x7fc448524700] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_open+0x2b) [0x7fc44852489b] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x12a9) [0x7fc448527a79] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x51) [0x7fc44d310781] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) [0x7fc44d310837] -> dovecot/imap [jakob 92.60.9.18 select](cmd_select_full+0x17e) [0x55770c32408e] -> dovecot/imap [jakob 92.60.9.18 select](command_exec+0x64) [0x55770c32b8d4] -> dovecot/imap [jakob 92.60.9.18 select](+0x1bd82) [0x55770c329d82] -> dovecot/imap [jakob 92.60.9.18 select](+0x1be1c) [0x55770c329e1c] -> dovecot/imap [jakob 92.60.9.18 select](client_handle_input+0x1b5) [0x55770c32a225] -> dovecot/imap [jakob 92.60.9.18 select](client_input+0xa4) [0x55770c32a844] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7fc44d0311c9] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x12e) [0x7fc44d032a3e] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x4c) [0x7fc44d0312cc] -> /usr/local/lib/dovecot/libdovecot.so.0(
Re: Bug in dovecot 2.3 virtual plugin
Yeah, sorry I forgot to report back, it's now fixed in https://github.com/dovecot/core/commit/5c1837529e6957da3e389683c43bd006859395e5.patch Aki On 05.02.2018 14:04, Marco Giunta wrote: > Hi, > did you have time to investigate about 'Panic: file unichar.c' bug ? > Because I have the same problem with a 2.3.0 installation without > virtual plugin. > > Thanks, > Marco > > > On 2018-01-03 16:52, Aki Tuomi wrote: >> This is not a bug in virtual plugin, but in some email which contains >> invalid unicode sequence somehow. Can you send me a core file? This >> should not have occured ofc but would be nice to know how it ended up >> here. >> >> Aki >> >>> On January 3, 2018 at 5:35 PM Jakobus Schürz >>> wrote: >>> >>> >>> Hi there! >>> >>> I compiled dovecot 2.3 from git. Because there is already a bug in >>> virtual-plugin, and i hoped, it get fixed... but it doesn't. So this >>> is the error-message from the log >>> >>> Jän 03 16:27:08 aldebaran dovecot[26460]: >>> indexer-worker(jakob)<26476>: >>> Panic: file unichar.c: line 160 (uni_ucs4_to_utf8_c): assertion >>> failed: (uni_is_valid_ucs4(chr)) >>> Jän 03 16:27:08 aldebaran dovecot[26460]: >>> indexer-worker(jakob)<26476>: >>> Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) >>> [0x7f8299f7a021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) >>> [0x7f8299f7a0ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) >>> [0x7f8299eec481] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(uni_ucs4_to_utf8_c+0xa0) >>> [0x7f8299fb1500] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xa75e0) >>> [0x7f8299f5b5e0] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(mail_html2text_more+0xc5) >>> [0x7f8299f5b775] -> >>> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0xcfcc) [0x7f82990aefcc] >>> -> /usr/local/lib/dovecot/lib20_fts_plugin.so(fts_parser_more+0x27) >>> [0x7f82990aeca7] -> >>> /usr/local/lib/dovecot/lib20_fts_plugin.so(fts_build_mail+0x5e9) >>> [0x7f82990acc39] -> >>> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x1122d) [0x7f82990b322d] >>> -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x916a) >>> [0x7f82958e316a] -> >>> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x10f5d) [0x7f82990b2f5d] >>> -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x916a) >>> [0x7f82958e316a] -> >>> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x10f5d) [0x7f82990b2f5d] >>> -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mail_precache+0x2e) >>> [0x7f829a2641be] -> dovecot/indexer-worker [jakob >>> Synoptic/AKTUELL](+0x2533) [0x562227882533] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) >>> [0x7f8299f91bf9] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) >>> >>> [0x7f8299f93499] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) >>> [0x7f8299f91d02] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) >>> [0x7f8299f91f18] -> >>> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) >>> [0x7f8299f0f1e3] -> dovecot/indexer-worker [jakob >>> Synoptic/AKTUELL](main+0xe7) [0x562227881f47] -> >>> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) >>> [0x7f8299b352b1] -> dovecot/indexer-worker [jakob >>> Synoptic/AKTUELL](_start+0x2a) [0x56222788201a] >>> Jän 03 16:27:08 aldebaran dovecot[26460]: indexer: Error: Indexer >>> worker disconnected, discarding 1 requests for jakob >>> Jän 03 16:27:08 aldebaran dovecot[26460]: >>> imap(jakob)<26472>: Error: indexer failed to index >>> mailbox Synoptic/AKTUELL >>> Jän 03 16:27:08 aldebaran dovecot[26460]: >>> indexer-worker(jakob)<26476>: >>> Fatal: master: service(indexer-worker): child 26476 killed with signal >>> 6 (core dumps disabled) >>> Jän 03 16:27:09 aldebaran dovecot[26460]: >>> indexer-worker(jakob)<26484>: >>> Error: lucene index >>> /var/lib/dovecot/db/indexes/Maildir/jakob/lucene-indexes: >>> IndexWriter() failed (#1): Lock obtain timed out >>> Jän 03 16:27:10 aldebaran dovecot[26460]: >>> indexer-worker(jakob)<26484>: >>> Error: Mailbox Synoptic/AKTUELL: Transaction commit failed: BUG: >>> Unknown internal error (attempted to index 1488 messages (UIDs >>
Re: Re: Bug in dovecot 2.3 virtual plugin
Hi, did you have time to investigate about 'Panic: file unichar.c' bug ? Because I have the same problem with a 2.3.0 installation without virtual plugin. Thanks, Marco On 2018-01-03 16:52, Aki Tuomi wrote: This is not a bug in virtual plugin, but in some email which contains invalid unicode sequence somehow. Can you send me a core file? This should not have occured ofc but would be nice to know how it ended up here. Aki On January 3, 2018 at 5:35 PM Jakobus Schürz wrote: Hi there! I compiled dovecot 2.3 from git. Because there is already a bug in virtual-plugin, and i hoped, it get fixed... but it doesn't. So this is the error-message from the log Jän 03 16:27:08 aldebaran dovecot[26460]: indexer-worker(jakob)<26476>: Panic: file unichar.c: line 160 (uni_ucs4_to_utf8_c): assertion failed: (uni_is_valid_ucs4(chr)) Jän 03 16:27:08 aldebaran dovecot[26460]: indexer-worker(jakob)<26476>: Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f8299f7a021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7f8299f7a0ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f8299eec481] -> /usr/local/lib/dovecot/libdovecot.so.0(uni_ucs4_to_utf8_c+0xa0) [0x7f8299fb1500] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xa75e0) [0x7f8299f5b5e0] -> /usr/local/lib/dovecot/libdovecot.so.0(mail_html2text_more+0xc5) [0x7f8299f5b775] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0xcfcc) [0x7f82990aefcc] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(fts_parser_more+0x27) [0x7f82990aeca7] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(fts_build_mail+0x5e9) [0x7f82990acc39] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x1122d) [0x7f82990b322d] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x916a) [0x7f82958e316a] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x10f5d) [0x7f82990b2f5d] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x916a) [0x7f82958e316a] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x10f5d) [0x7f82990b2f5d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mail_precache+0x2e) [0x7f829a2641be] -> dovecot/indexer-worker [jakob Synoptic/AKTUELL](+0x2533) [0x562227882533] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7f8299f91bf9] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) [0x7f8299f93499] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7f8299f91d02] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f8299f91f18] -> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f8299f0f1e3] -> dovecot/indexer-worker [jakob Synoptic/AKTUELL](main+0xe7) [0x562227881f47] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f8299b352b1] -> dovecot/indexer-worker [jakob Synoptic/AKTUELL](_start+0x2a) [0x56222788201a] Jän 03 16:27:08 aldebaran dovecot[26460]: indexer: Error: Indexer worker disconnected, discarding 1 requests for jakob Jän 03 16:27:08 aldebaran dovecot[26460]: imap(jakob)<26472>: Error: indexer failed to index mailbox Synoptic/AKTUELL Jän 03 16:27:08 aldebaran dovecot[26460]: indexer-worker(jakob)<26476>: Fatal: master: service(indexer-worker): child 26476 killed with signal 6 (core dumps disabled) Jän 03 16:27:09 aldebaran dovecot[26460]: indexer-worker(jakob)<26484>: Error: lucene index /var/lib/dovecot/db/indexes/Maildir/jakob/lucene-indexes: IndexWriter() failed (#1): Lock obtain timed out Jän 03 16:27:10 aldebaran dovecot[26460]: indexer-worker(jakob)<26484>: Error: Mailbox Synoptic/AKTUELL: Transaction commit failed: BUG: Unknown internal error (attempted to index 1488 messages (UIDs 15214..16775)) Jän 03 16:27:10 aldebaran dovecot[26460]: imap(jakob)<26480>: Error: indexer failed to index mailbox Synoptic/AKTUELL Jän 03 16:27:11 aldebaran dovecot[26460]: imap(jakob)<26472>: Panic: file mail-index.c: line 793 (mail_index_close): assertion failed: (index->open_count > 0) Jän 03 16:27:11 aldebaran dovecot[26460]: imap(jakob)<26472>: Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7fb0fbd3a021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7fb0fbd3a0ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fb0fbcac481] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf39a8) [0x7fb0fc0d99a8] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd92d1) [0x7fb0fc0bf2d1] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd9363) [0x7fb0fc0bf363] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_free+0x9) [0x7fb0fc0b0f39] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd05a4) [0x7fb0fc0b65a4] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_free+0x19) [0x7fb0fc030c99] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xabdc) [0x7fb0f729bbdc] -> /usr/local/lib/dovecot/lib20_virtual_plugin
Re: Dovecot 2.3 on CentOS 7.
On Fri, February 2, 2018 8:58 am, Reio Remma wrote: > What would be the preferred directory for storing all virtual mail > without modification to system files? on my Centos 7 Dovecit 2.2.32, as well as prior versions, I've always used /var/vmail/vmail1/dom.tld don't know about 'preferred', but, that works fine for me -- Voytek
Re: Dovecot 2.3 on CentOS 7.
--On Thursday, February 01, 2018 11:58 PM +0200 Reio Remma wrote: What would be the preferred directory for storing all virtual mail without modification to system files? I would guess something under /var/lib. If you plan to host multiple virtual servers, /srv might be a better place to locate it.
Re: Dovecot 2.3 on CentOS 7.
Thanks for the pointer! That didn't work though, but what worked was: [Service] ReadWriteDirectories=/home/dovecot What would be the preferred directory for storing all virtual mail without modification to system files? Thanks! Reio On 01.02.2018 21:57, Aki Tuomi wrote: /etc/systemd/system/dovecot.service.d/writable-home.conf [Service] ProtectHome=false maybe this helps? --- Aki Tuomi Dovecot oy Original message From: Reio Remma Date: 01/02/2018 21:44 (GMT+02:00) To: dovecot@dovecot.org Subject: Dovecot 2.3 on CentOS 7. Greetings! I'm having a bit of trouble trying out Dovecot 2.3 on CentOS 7. Dovecot 2.2.33 works fine on the same system (same config as well, minus the SSL changes) but after upgrading to 2.3 I'm getting the following errors: Feb 1 21:30:18 localhost dovecot: imap(r...@bwo.mrstuudio.ee)<3566>: Debug: INBOX.Templates: Mailbox opened because: STATUS Feb 1 21:30:18 localhost dovecot: Error: imap(r...@bwo.mrstuudio.ee)<3566>: open() failed with file /home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot.index.log: Read-only file system Feb 1 21:30:18 localhost dovecot: imap(r...@bwo.mrstuudio.ee)<3566>: Error: open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist.lock) failed: Read-only file system Feb 1 21:30:18 localhost dovecot: Error: imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox INBOX.Templates: file_dotlock_create(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) failed: Read-only file system Feb 1 21:30:18 localhost dovecot: Error: imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox INBOX.Templates: open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) failed: Read-only file system So far I've tried running it with SELinux enforce off and giving the directories 777 permissions to no avail. Is anyone else running 2.3 on CentOS 7? Thanks and good luck! Reio
Re: Dovecot 2.3 on CentOS 7.
/etc/systemd/system/dovecot.service.d/writable-home.conf [Service]ProtectHome=false maybe this helps? ---Aki TuomiDovecot oy Original message From: Reio Remma Date: 01/02/2018 21:44 (GMT+02:00) To: dovecot@dovecot.org Subject: Dovecot 2.3 on CentOS 7. Greetings! I'm having a bit of trouble trying out Dovecot 2.3 on CentOS 7. Dovecot 2.2.33 works fine on the same system (same config as well, minus the SSL changes) but after upgrading to 2.3 I'm getting the following errors: Feb 1 21:30:18 localhost dovecot: imap(r...@bwo.mrstuudio.ee)<3566>: Debug: INBOX.Templates: Mailbox opened because: STATUS Feb 1 21:30:18 localhost dovecot: Error: imap(r...@bwo.mrstuudio.ee)<3566>: open() failed with file /home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot.index.log: Read-only file system Feb 1 21:30:18 localhost dovecot: imap(r...@bwo.mrstuudio.ee)<3566>: Error: open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist.lock) failed: Read-only file system Feb 1 21:30:18 localhost dovecot: Error: imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox INBOX.Templates: file_dotlock_create(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) failed: Read-only file system Feb 1 21:30:18 localhost dovecot: Error: imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox INBOX.Templates: open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) failed: Read-only file system So far I've tried running it with SELinux enforce off and giving the directories 777 permissions to no avail. Is anyone else running 2.3 on CentOS 7? Thanks and good luck! Reio
Dovecot 2.3 on CentOS 7.
Greetings! I'm having a bit of trouble trying out Dovecot 2.3 on CentOS 7. Dovecot 2.2.33 works fine on the same system (same config as well, minus the SSL changes) but after upgrading to 2.3 I'm getting the following errors: Feb 1 21:30:18 localhost dovecot: imap(r...@bwo.mrstuudio.ee)<3566>: Debug: INBOX.Templates: Mailbox opened because: STATUS Feb 1 21:30:18 localhost dovecot: Error: imap(r...@bwo.mrstuudio.ee)<3566>: open() failed with file /home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot.index.log: Read-only file system Feb 1 21:30:18 localhost dovecot: imap(r...@bwo.mrstuudio.ee)<3566>: Error: open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist.lock) failed: Read-only file system Feb 1 21:30:18 localhost dovecot: Error: imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox INBOX.Templates: file_dotlock_create(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) failed: Read-only file system Feb 1 21:30:18 localhost dovecot: Error: imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox INBOX.Templates: open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) failed: Read-only file system So far I've tried running it with SELinux enforce off and giving the directories 777 permissions to no avail. Is anyone else running 2.3 on CentOS 7? Thanks and good luck! Reio
Re: Error in virtual mailbox dovecot 2.3-devel maybe in mailcount
Hi! I didn't hear anything about this issue... the problem still persists (last build was 27.1.2018 from git ressources) Do you need more informations? jakob Am 12.01.2018 um 11:04 schrieb Jakobus Schürz: Hi there! I splitted my Mailarchiv to an extra namespace. Because i have some Problems with the Archiv. I can open all Folders from Mailarchiv with dovecot. But i want to have a "all archives" Mailbox to search in all messages in only one virtual mailbox. Trying to open this virtual folder from thunderbird, I get in a big archiv this error in logs from dovecot: Jän 12 10:54:41 aldebaran dovecot[839]: imap(jakob)<11302><9ILYQJFipPlcPAkS>: Error: virtual index /var/mail/virtual/ARCHIV: Broken mailbox_count header Jän 12 10:54:41 aldebaran dovecot[839]: imap(jakob)<11302><9ILYQJFipPlcPAkS>: Error: virtual index /var/mail/virtual/ARCHIV: Broken mailbox_count header Jän 12 10:54:41 aldebaran dovecot[839]: imap(jakob)<11302><9ILYQJFipPlcPAkS>: Panic: Leaked view for index /var/lib/dovecot/db/indexes/archiv/jakob/Archiv/2016/Mailinglisten/stvkr-a/dovecot.index: Opened in index-storage.c:336 Jän 12 10:54:41 aldebaran dovecot[839]: imap(jakob)<11302><9ILYQJFipPlcPAkS>: Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f391bf02021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7f391bf020ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f391be74481] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf3942) [0x7f391c2a1942] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_close+0x72) [0x7f391c278ec2] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) [0x7f391c1f8c0a] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xa7e0) [0x7f39174637e0] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_open+0x2b) [0x7f391746397b] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x1026) [0x7f3917466926] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d) [0x7f391c1fb05d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) [0x7f391c1fb117] -> dovecot/imap [jakob 92.60.9.18 select](cmd_select_full+0x171) [0x55759e0911a1] -> dovecot/imap [jakob 92.60.9.18 select](command_exec+0x64) [0x55759e098ca4] -> dovecot/imap [jakob 92.60.9.18 select](+0x1b0b2) [0x55759e0970b2] -> dovecot/imap [jakob 92.60.9.18 select](+0x1b13c) [0x55759e09713c] -> dovecot/imap [jakob 92.60.9.18 select](client_handle_input+0x1a5) [0x55759e097565] -> dovecot/imap [jakob 92.60.9.18 select](client_input+0x82) [0x55759e097be2] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7f391bf19c09] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) [0x7f391bf1b4a9] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7f391bf19d12] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f391bf19f28] -> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f391be971e3] -> dovecot/imap [jakob 92.60.9.18 select](main+0x328) [0x55759e089768] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f391babd2b1] -> dovecot/imap [jakob 92.60.9.18 select](_start+0x2a) [0x55759e08994a] Jän 12 10:54:41 aldebaran dovecot[839]: imap(jakob)<11302><9ILYQJFipPlcPAkS>: Fatal: master: service(imap): child 11302 killed with signal 6 (core not dumped) and if i search the virtual mailbox with doveadm i get almost the same error. The "Broken mailbox_count_header" is missing there. The full amount of emails in archiv is about 28000 # ulimit -n 256000 # doveadm search -u jakob mailbox Real/Archiv all doveadm(jakob): Panic: Leaked view for index /var/lib/dovecot/db/indexes/archiv/jakob/Archiv/2016/Diverses/Standard-foren/dovecot.index: Opened in index-storage.c:336 doveadm(jakob): Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f8259fe6021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc6079) [0x7f8259fe6079] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f8259f58481] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf3942) [0x7f825a385942] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_close+0x72) [0x7f825a35cec2] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) [0x7f825a2dcc0a] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xa7e0) [0x7f82559507e0] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_open+0x2b) [0x7f825595097b] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x1026) [0x7f8255953926] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d) [0x7f825a2df05d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) [0x7f825a2df117] -> doveadm(doveadm_mail_iter_init+0x94) [0x56303334be94] -> doveadm(+0x33715) [0x56303334f715] -> doveadm(+0x29a88) [0x563033345a88] -> do
Error in virtual mailbox dovecot 2.3-devel maybe in mailcount
Hi there! I splitted my Mailarchiv to an extra namespace. Because i have some Problems with the Archiv. I can open all Folders from Mailarchiv with dovecot. But i want to have a "all archives" Mailbox to search in all messages in only one virtual mailbox. Trying to open this virtual folder from thunderbird, I get in a big archiv this error in logs from dovecot: Jän 12 10:54:41 aldebaran dovecot[839]: imap(jakob)<11302><9ILYQJFipPlcPAkS>: Error: virtual index /var/mail/virtual/ARCHIV: Broken mailbox_count header Jän 12 10:54:41 aldebaran dovecot[839]: imap(jakob)<11302><9ILYQJFipPlcPAkS>: Error: virtual index /var/mail/virtual/ARCHIV: Broken mailbox_count header Jän 12 10:54:41 aldebaran dovecot[839]: imap(jakob)<11302><9ILYQJFipPlcPAkS>: Panic: Leaked view for index /var/lib/dovecot/db/indexes/archiv/jakob/Archiv/2016/Mailinglisten/stvkr-a/dovecot.index: Opened in index-storage.c:336 Jän 12 10:54:41 aldebaran dovecot[839]: imap(jakob)<11302><9ILYQJFipPlcPAkS>: Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f391bf02021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7f391bf020ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f391be74481] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf3942) [0x7f391c2a1942] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_close+0x72) [0x7f391c278ec2] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) [0x7f391c1f8c0a] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xa7e0) [0x7f39174637e0] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_open+0x2b) [0x7f391746397b] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x1026) [0x7f3917466926] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d) [0x7f391c1fb05d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) [0x7f391c1fb117] -> dovecot/imap [jakob 92.60.9.18 select](cmd_select_full+0x171) [0x55759e0911a1] -> dovecot/imap [jakob 92.60.9.18 select](command_exec+0x64) [0x55759e098ca4] -> dovecot/imap [jakob 92.60.9.18 select](+0x1b0b2) [0x55759e0970b2] -> dovecot/imap [jakob 92.60.9.18 select](+0x1b13c) [0x55759e09713c] -> dovecot/imap [jakob 92.60.9.18 select](client_handle_input+0x1a5) [0x55759e097565] -> dovecot/imap [jakob 92.60.9.18 select](client_input+0x82) [0x55759e097be2] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7f391bf19c09] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) [0x7f391bf1b4a9] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7f391bf19d12] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f391bf19f28] -> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f391be971e3] -> dovecot/imap [jakob 92.60.9.18 select](main+0x328) [0x55759e089768] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f391babd2b1] -> dovecot/imap [jakob 92.60.9.18 select](_start+0x2a) [0x55759e08994a] Jän 12 10:54:41 aldebaran dovecot[839]: imap(jakob)<11302><9ILYQJFipPlcPAkS>: Fatal: master: service(imap): child 11302 killed with signal 6 (core not dumped) and if i search the virtual mailbox with doveadm i get almost the same error. The "Broken mailbox_count_header" is missing there. The full amount of emails in archiv is about 28000 # ulimit -n 256000 # doveadm search -u jakob mailbox Real/Archiv all doveadm(jakob): Panic: Leaked view for index /var/lib/dovecot/db/indexes/archiv/jakob/Archiv/2016/Diverses/Standard-foren/dovecot.index: Opened in index-storage.c:336 doveadm(jakob): Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f8259fe6021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc6079) [0x7f8259fe6079] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f8259f58481] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf3942) [0x7f825a385942] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_close+0x72) [0x7f825a35cec2] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) [0x7f825a2dcc0a] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xa7e0) [0x7f82559507e0] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_open+0x2b) [0x7f825595097b] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x1026) [0x7f8255953926] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d) [0x7f825a2df05d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) [0x7f825a2df117] -> doveadm(doveadm_mail_iter_init+0x94) [0x56303334be94] -> doveadm(+0x33715) [0x56303334f715] -> doveadm(+0x29a88) [0x563033345a88] -> doveadm(+0x2a702) [0x563033346702] -> doveadm(doveadm_cmd_ver2_to_mail_cmd_wrapper+0x230) [0x563033347570] -> doveadm(doveadm_cmd_run_ver2+0x575) [0x563033357155] -> doveadm(doveadm_cmd_try_run_ver2+0x37) [0x563033
Re: Bug in dovecot 2.3 virtual plugin
Hi! Now an error is back. I didn't change my configuration and get now this error, whily i try to refresh my thunderbird. I think it happens in a virtual folder again. Jän 11 01:29:19 aldebaran dovecot[11597]: imap-login: Login: user=, method=CRAM-MD5, rip=127.0.0.1, lip=127.0.0.1, mpid=5008, TLS, session=<+MAgPXVisrx/AAAB> Jän 11 01:29:22 aldebaran dovecot[11597]: imap(jakob)<5008><+MAgPXVisrx/AAAB>: Panic: file mail-index.c: line 793 (mail_index_close): assertion failed: (index->open_count > 0) Jän 11 01:29:22 aldebaran dovecot[11597]: imap(jakob)<5008><+MAgPXVisrx/AAAB>: Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7fd17fbb9021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7fd17fbb90ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fd17fb2b481] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf39a8) [0x7fd17ff589a8] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd92d1) [0x7fd17ff3e2d1] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd9363) [0x7fd17ff3e363] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_free+0x9) [0x7fd17ff2ff39] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd05a4) [0x7fd17ff355a4] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_free+0x19) [0x7fd17feafc99] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xabdc) [0x7fd17b11abdc] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xacb9) [0x7fd17b11acb9] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) [0x7fd17feafc0a] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xac60) [0x7fd17b11ac60] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xacb9) [0x7fd17b11acb9] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) [0x7fd17feafc0a] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xac60) [0x7fd17b11ac60] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xacb9) [0x7fd17b11acb9] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) [0x7fd17feafc0a] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_free+0x13) [0x7fd17feafc93] -> dovecot/imap [jakob 127.0.0.1 select](imap_client_close_mailbox+0x5b) [0x5633bdd9905b] -> dovecot/imap [jakob 127.0.0.1 select](+0x14f03) [0x5633bdd90f03] -> dovecot/imap [jakob 127.0.0.1 select](cmd_select_full+0xf9) [0x5633bdd91129] -> dovecot/imap [jakob 127.0.0.1 select](command_exec+0x64) [0x5633bdd98ca4] -> dovecot/imap [jakob 127.0.0.1 select](+0x1b0b2) [0x5633bdd970b2] -> dovecot/imap [jakob 127.0.0.1 select](+0x1b13c) [0x5633bdd9713c] -> dovecot/imap [jakob 127.0.0.1 select](client_handle_input+0x1a5) [0x5633bdd97565] -> dovecot/imap [jakob 127.0.0.1 select](client_input+0x82) [0x5633bdd97be2] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7fd17fbd0c09] Jän 11 01:29:22 aldebaran dovecot[11597]: imap(jakob)<5008><+MAgPXVisrx/AAAB>: Fatal: master: service(imap): child 5008 killed with signal 6 (core not dumped) Am 2018-01-05 um 10:25 schrieb Aki Tuomi: > This is a different bug, and I suspect it might be caused by virtual > plugin. We'll look into it. > > Aki > > On 04.01.2018 23:41, Jakob Schürz wrote: >> Hi! >> >> This is very strange... >> This error affects only one mailaccount, and it happend not yesterday. >> The file >> >> /var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index >> >> which hat "Panic: Leaked view for index" does not exist. only >> dovecot.index.log and .cache exists in this mailbox. (which is normal >> for small mailboxes, i've read). But why is dovecot throwing an error? >> >> And i could find out, this is only, when i try to open a virtual folder. >> >> I switched back to older self-compiled dovecot-versions... but the error >> exists also there (but not before the update!!!) >> >> I also deleted all the dovecot.index-files, dovecot.index.log and >> dovecot.index.cache-files to let rebuild dovecot the index again... the >> error persists. >> >> Is it a misconfiguration? >> >> So i tried to build for the virtual-Mailboxes the Index in memory... the >> error persists and dovecot wants to read this index-file. >> >> My virtual folders not working any longer (on this account only!) >> >> For debug purpose i deleted all the emails in this mailbox, the error >> dissapered on this folder, but comes back in the next folder. >> >> could this be a problem with ulimit? >> >> greez >> jakob >> >> Am 2018-01-04 um 11:07 schrieb Jakobus Schürz: >>> Hi! >>> >>> Is this a bug according to the other one? >>> >>> When i try to open a real or virtual mailbox, i often (not on every >>> mailbox) get this error-message: >>> >>> Jän 04 11:03:32 aldebaran dovecot[24534]: >>> imap(jakob)<24705>: Panic: Leaked view for index >>> /var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index: Opened in >>> index-storage.c:336 >>> Jän 04 11:03:32 aldebaran dovecot[24534]: >>> imap(jakob)<24705>: Error: Raw backtrace: >>> /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f47d5872021] -> >>> /usr/local/
Re: Bug in dovecot 2.3 virtual plugin
So hello back again! Am 05.01.2018 um 14:31 schrieb Jakobus Schürz: Am 05.01.2018 um 10:25 schrieb Aki Tuomi: This is a different bug, and I suspect it might be caused by virtual plugin. We'll look into it. Aki It was a problem with selfhealing the index... I deleted all my emails and mailboxes and rebuild the tree of mailboxes again with doveadm. Then i put back email for email from the cur-folders from backup to the new-folders in the rebuild mailboxes. From the filename i cut of the part with hostname and size and flags. The archive now is in a separate namespace, because there are really a lot of emails in. Now it works great again (exept one error, i posted before) Maybe you can find something to improve dovecot in selfhealing broken index. Thanks for the great work on this server! jakob
Re: Bug in dovecot 2.3 virtual plugin
Good morning! I did more research on this error. The virtual mailboxes are working in two other accounts. The big difference to my account is, i have a lot (sub)mailboxes (about 430) and a lot emails in my account. The other accounts only have a few emails and mailboxes (5 or 6 standard, inbox, trash, templates...) So i moved all my mailboxes to another place and left there only a few. The virtual mailbox is working. Then i put back some mailboxes, it is working. Then i put back the next and the next and tried if the virtual mailbox is reachable. it was working, and after i put back more then a half of my mailboxes, the error occured again. dovecot says: Panic: Leaked view for index /var/lib/dovecot/db/indexes/Maildir/jakob/TU-Wien/dovecot.index: Opened in index-storage.c:336 The missing dovecot.indes file is now another. But it is on every error-message the same missing indes-file. Deleting the according mailbox, it gets another missing index-file. And the every error-message stays on the next indes-file... It looks to me, it'S a question about too many mailboxes, then an internal index gets broken and can't rebuild on the every same point (mailbox). This is just an idea, but i don't know how dovecot really works... I do not understand, why it worked till yesterday. And why it breaked on deleting not used debian-packages... (maybe this is not the reason) I removed all my virtual mailboxes from config Am 04.01.2018 um 22:41 schrieb Jakob Schürz: Hi! This is very strange... This error affects only one mailaccount, and it happend not yesterday. The file /var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index which hat "Panic: Leaked view for index" does not exist. only dovecot.index.log and .cache exists in this mailbox. (which is normal for small mailboxes, i've read). But why is dovecot throwing an error? And i could find out, this is only, when i try to open a virtual folder. I switched back to older self-compiled dovecot-versions... but the error exists also there (but not before the update!!!) I also deleted all the dovecot.index-files, dovecot.index.log and dovecot.index.cache-files to let rebuild dovecot the index again... the error persists. Is it a misconfiguration? So i tried to build for the virtual-Mailboxes the Index in memory... the error persists and dovecot wants to read this index-file. My virtual folders not working any longer (on this account only!) For debug purpose i deleted all the emails in this mailbox, the error dissapered on this folder, but comes back in the next folder. could this be a problem with ulimit? greez jakob Am 2018-01-04 um 11:07 schrieb Jakobus Schürz: Hi! Is this a bug according to the other one? When i try to open a real or virtual mailbox, i often (not on every mailbox) get this error-message: Jän 04 11:03:32 aldebaran dovecot[24534]: imap(jakob)<24705>: Panic: Leaked view for index /var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index: Opened in index-storage.c:336 Jän 04 11:03:32 aldebaran dovecot[24534]: imap(jakob)<24705>: Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f47d5872021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7f47d58720ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f47d57e4481] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf3942) [0x7f47d5c11942] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_close+0x72) [0x7f47d5be8ec2] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) [0x7f47d5b68c0a] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xa7e0) [0x7f47d0dd37e0] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_open+0x2b) [0x7f47d0dd397b] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x1026) [0x7f47d0dd6926] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d) [0x7f47d5b6b05d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) [0x7f47d5b6b117] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_get_status+0x31) [0x7f47d5be7781] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x9b3d) [0x7f47d0dd2b3d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xaded1) [0x7f47d5bcbed1] -> /usr/local/lib/dovecot/lib01_acl_plugin.so(+0xe975) [0x7f47d5001975] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_get_status+0x31) [0x7f47d5b6b4b1] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x114d) [0x7f47d0dd6a4d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d) [0x7f47d5b6b05d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) [0x7f47d5b6b117] -> dovecot/imap [jakob 192.168.0.14 EXAMINE](cmd_select_full+0x171) [0x555d195a91a1] -> dovecot/imap [jakob 192.168.0.14 EXAMINE](command_exec+0x64) [0x555d195b0ca4] -> dovecot/imap [jakob 192.168.0.14 EXAMINE](+0x1b0b2) [0x555d195af0b2] -> dovecot/imap [jakob 192.168.0.14
Re: Dovecot 2.3 - using doveadm as non-root?
On Wed, 3 Jan 2018 13:37:07 -0500 Timo Sirainen wrote: > On 3 Jan 2018, at 11.38, Rob Hoelz wrote: > > > > Hi dovecot developers and users, > > > > I recently upgraded my server running Arch Linux to dovecot 2.3.0, > > and I noticed some of my cron jobs started issuing me error > > messages. These cron jobs run as a non-root user associated with > > my mail account, and they use doveadm to tidy things up (ex. > > purging the trash, moving old mail in certain folders into the > > trash). The error message is: > > > >> Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: > >> Permission denied > > > > I assume this is doveadm trying to participate in the new 2.3 stats > > process, and after reading the code a bit, I can't see way to tell > > doveadm to not connect to the stats writer. The socket is owned by > > root with 600 permissions. > > > > What would be the right way to remedy this? AFAICT, I could > > potentially run doveadm as root (which I would prefer to avoid), or > > I could change the permissions on the stats writer socket, but I > > would hate to introduce any sort of security vulnerability by doing > > so. I currently have a scrappy Perl script that just runs doveadm > > and filters out the error message (it doesn't seem to affect the > > behavior of doveadm other than the message), but that feels dirty > > and I would prefer a cleaner solution. Any advice? > > I was wondering what to do about this while developing it. I think > you can disable this by clearing out the socket path: > > doveadm -o stats_writer_socket_path= > > But .. I think the changing the socket permissions is the better > solution. The new stats process should know about everything that is > going on in the system, and these doveadm calls are part of that. So > if they're excluded then the stats aren't exactly correct. The > stats-writer can't do all that much harm other than messing up the > statistics or probably crashing stats process by using up all of its > memory. > Thanks for the advice, Timo - I went ahead and applied the permission change to my dovecot config. On a side note, thanks for dovecot in general - it's a great piece of software! -Rob
Re: Bug in dovecot 2.3 virtual plugin
Am 05.01.2018 um 10:25 schrieb Aki Tuomi: This is a different bug, and I suspect it might be caused by virtual plugin. We'll look into it. Aki Ok! So the subject for this bug is (now) correct... I found out, that the count of mailboxes is not the problem. But the count of emails!! So i deletet all my mailboxes an created them new with doveadm. 430 empty mailboxes existed then. No problem with my virtual boxes. Then i restored my emails mailbox for mailbox from backup. After each restored mailbox i tested the virtual mailboxes. It worked with 15482 emails. Then i restored a larger one. The total amount of emails was then 16843, and the virtual mailbox crashed like before. Then i deleted the emails from the box... all is working. I added them again, deletet 200, all is working. deleted all of them again and added them again... so they are again 16844 (one email arrived in another mailbox), all is working. :-/ Put more and more emails to my mailboxes... checking every time if virtual mailboxes are working, so i get a new error: Jän 05 14:28:18 aldebaran dovecot[17022]: imap(jakob)<5117>: Panic: file mail-index.c: line 793 (mail_index_close): assertion failed: (index->open_count > 0) Jän 05 14:28:18 aldebaran dovecot[17022]: imap(jakob)<5117>: Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f419fecd021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7f419fecd0ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f419fe3f481] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf39a8) [0x7f41a026c9a8] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd92d1) [0x7f41a02522d1] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd9363) [0x7f41a0252363] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_free+0x9) [0x7f41a0243f39] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd05a4) [0x7f41a02495a4] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_free+0x19) [0x7f41a01c3c99] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xabdc) [0x7f419b42ebdc] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xacb9) [0x7f419b42ecb9] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) [0x7f41a01c3c0a] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xac60) [0x7f419b42ec60] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xacb9) [0x7f419b42ecb9] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) [0x7f41a01c3c0a] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_free+0x13) [0x7f41a01c3c93] -> dovecot/imap [jakob 92.60.9.18 select](imap_client_close_mailbox+0x5b) [0x564c2088205b] -> dovecot/imap [jakob 92.60.9.18 select](+0x14f03) [0x564c20879f03] -> dovecot/imap [jakob 92.60.9.18 select](cmd_select_full+0xf9) [0x564c2087a129] -> dovecot/imap [jakob 92.60.9.18 select](command_exec+0x64) [0x564c20881ca4] -> dovecot/imap [jakob 92.60.9.18 select](+0x1b0b2) [0x564c208800b2] -> dovecot/imap [jakob 92.60.9.18 select](+0x1b13c) [0x564c2088013c] -> dovecot/imap [jakob 92.60.9.18 select](client_handle_input+0x1a5) [0x564c20880565] -> dovecot/imap [jakob 92.60.9.18 select](client_input+0x82) [0x564c20880be2] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7f419fee4c09] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) [0x7f419fee64a9] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7f419fee4d12] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f419fee4f28] Jän 05 14:28:18 aldebaran dovecot[17022]: imap(jakob)<5117>: Fatal: master: service(imap): child 5117 killed with signal 6 (core not dumped) Do you need some configs and deeper descriptions from me? I have two namespaces with virtual mailboxes: The first "Real" is normally hidden. It's not hidden now for debug-purpose. namespace Real { hidden = no ignore_on_failure = yes list = children location = virtual:/var/mail/real:INDEX=/var/lib/dovecot/db/indexes/real/%u prefix = Real/ separator = / subscriptions = no } namespace Synoptic { hidden = no ignore_on_failure = yes list = children location = virtual:/var/mail/virtual:INDEX=/var/lib/dovecot/db/indexes/virtual/%u mailbox INBOX/Archives { auto = no special_use = \Archive } mailbox INBOX/Drafts { auto = no special_use = \Drafts } mailbox INBOX/Entwürfe { auto = no special_use = \Drafts } mailbox INBOX/Junk { auto = no special_use = \Junk } mailbox INBOX/Sent { auto = no special_use = \Sent } mailbox INBOX/Spam { auto = no special_use = \Junk } prefix = Synoptic/ separator = / subscriptions = no } The "Real" namespace is to get a first filter for emails for all, the last 1, 2 and 3 years: Here is the virtual-mailbox-definition: /var/mail/real: # tree . ├── Alle │ └── dovecot-virtual ├── dovecot-acl-list ├── dreijahr │ └── dovecot-virtual ├──
Re: Bug in dovecot 2.3 virtual plugin
Does it always happen with 2.2 and 2.3? I was not immediately able to reproduce your problem. Aki On 05.01.2018 12:26, Jakobus Schürz wrote: > Ok! > So the subject for this bug is correct... > > Do you need some configs and deeper descriptions from me? > > I have two namespaces with virtual mailboxes: > The first "Real" is normally hidden. It's not hidden now for > debug-purpose. > > namespace Real { > hidden = no > ignore_on_failure = yes > list = children > location = > virtual:/var/mail/real:INDEX=/var/lib/dovecot/db/indexes/real/%u > prefix = Real/ > separator = / > subscriptions = no > } > > namespace Synoptic { > hidden = no > ignore_on_failure = yes > list = children > location = > virtual:/var/mail/virtual:INDEX=/var/lib/dovecot/db/indexes/virtual/%u > mailbox INBOX/Archives { > auto = no > special_use = \Archive > } > mailbox INBOX/Drafts { > auto = no > special_use = \Drafts > } > mailbox INBOX/Entwürfe { > auto = no > special_use = \Drafts > } > mailbox INBOX/Junk { > auto = no > special_use = \Junk > } > mailbox INBOX/Sent { > auto = no > special_use = \Sent > } > mailbox INBOX/Spam { > auto = no > special_use = \Junk > } > prefix = Synoptic/ > separator = / > subscriptions = no > } > > The "Real" namespace is to get a first filter for emails for all, the > last 1, 2 and 3 years: > > Here is the virtual-mailbox-definition: > > /var/mail/real: # tree > . > ├── Alle > │ └── dovecot-virtual > ├── dovecot-acl-list > ├── dreijahr > │ └── dovecot-virtual > ├── einjahr > │ └── dovecot-virtual > └── zweijahr > └── dovecot-virtual > > and the index-files > /var/lib/dovecot/db/indexes: # tree real/ > real/ > └── jakob > ├── Alle > │ └── dovecot.index.log > ├── dovecot.list.index.log > ├── dreijahr > │ └── dovecot.index.log > ├── einjahr > │ └── dovecot.index.log > └── zweijahr > └── dovecot.index.log > > > /var/mail/real: # cat Alle/dovecot-virtual > !INBOX > INBOX/* > -INBOX/Trash > -INBOX/Trash/* > -INBOX/Archives > -INBOX/Archives/* > -INBOX/Drafts > -INBOX/Drafts/* > -INBOX/Junk > -INBOX/Junk/* > -INBOX/SYSTEM > -INBOX/SYSTEM/* > all > > /var/mail/real: # cat einjahr/dovecot-virtual > Real/Alle > all younger 31536000 > > And the namespace Synoptic is the one, i can subscribe. It has as > Background the "Real"-namespace: > > /var/mail/virtual: # tree > . > ├── AKTUELL > │ └── dovecot-virtual > ├── Archives > │ └── dovecot-virtual > ├── dovecot-acl-list > ├── Drafts > │ └── dovecot-virtual > ├── GINBOX > │ └── dovecot-virtual > ├── Markierte > │ └── dovecot-virtual > ├── Neue > │ └── dovecot-virtual > ├── Sent > │ └── dovecot-virtual > ├── Trash > │ └── dovecot-virtual > ├── Ungelesene > │ └── dovecot-virtual > └── WICHTIG > └── dovecot-virtual > > /var/mail/virtual: # cat AKTUELL/dovecot-virtual > Real/einjahr > inthread refs younger 2592000 > > /var/mail/virtual: # cat Markierte/dovecot-virtual > Real/Alle > flagged > > The error only appears in a Mailbox from one of this two namespaces. > Every other mailboxes (public, private, shared) are working correct. > When i try to open a mailbox from one of this two namespaces, the > error below (Panic: Leaked view for index) is throwen > > jakob > > > Am 05.01.2018 um 10:25 schrieb Aki Tuomi: >> This is a different bug, and I suspect it might be caused by virtual >> plugin. We'll look into it. >> >> Aki >> >> On 04.01.2018 23:41, Jakob Schürz wrote: >>> Hi! >>> >>> This is very strange... >>> This error affects only one mailaccount, and it happend not yesterday. >>> The file >>> >>> /var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index >>> >>> which hat "Panic: Leaked view for index" does not exist. only >>> dovecot.index.log and .cache exists in this mailbox. (which is normal >>> for small mailboxes, i've read). But why is dovecot throwing an error? >>> >>> And i could find out, this is only, when i try to open a virtual >>> folder. >>> >>> I switched back to older self-compiled dovecot-versions... but the >>> error >>> exists also there (but not before the update!!!) >>> >>> I also deleted all the dovecot.index-files, dovecot.index.log and >>> dovecot.index.cache-files to let rebuild dovecot the index again... the >>> error persists. >>> >>> Is it a misconfiguration? >>> >>> So i tried to build for the virtual-Mailboxes the Index in memory... >>> the >>> error persists and dovecot wants to read this index-file. >>> >>> My virtual folders not working any longer (on this account only!) >>> >>> For debug purpose i deleted all the emails in this mailbox, the error >>> dissapered on this folder, but comes back in the next folder. >>> >>> could this be a problem with ulimit? >>> >>> greez >>> jakob >>> >>> Am 2018-01-04 um 11:07 schrieb Jakobus Schürz: Hi! Is this a bug according to the other one? When i try to open a real or virtual mailbox, i of
Re: Bug in dovecot 2.3 virtual plugin
Ok! So the subject for this bug is correct... Do you need some configs and deeper descriptions from me? I have two namespaces with virtual mailboxes: The first "Real" is normally hidden. It's not hidden now for debug-purpose. namespace Real { hidden = no ignore_on_failure = yes list = children location = virtual:/var/mail/real:INDEX=/var/lib/dovecot/db/indexes/real/%u prefix = Real/ separator = / subscriptions = no } namespace Synoptic { hidden = no ignore_on_failure = yes list = children location = virtual:/var/mail/virtual:INDEX=/var/lib/dovecot/db/indexes/virtual/%u mailbox INBOX/Archives { auto = no special_use = \Archive } mailbox INBOX/Drafts { auto = no special_use = \Drafts } mailbox INBOX/Entwürfe { auto = no special_use = \Drafts } mailbox INBOX/Junk { auto = no special_use = \Junk } mailbox INBOX/Sent { auto = no special_use = \Sent } mailbox INBOX/Spam { auto = no special_use = \Junk } prefix = Synoptic/ separator = / subscriptions = no } The "Real" namespace is to get a first filter for emails for all, the last 1, 2 and 3 years: Here is the virtual-mailbox-definition: /var/mail/real: # tree . ├── Alle │ └── dovecot-virtual ├── dovecot-acl-list ├── dreijahr │ └── dovecot-virtual ├── einjahr │ └── dovecot-virtual └── zweijahr └── dovecot-virtual and the index-files /var/lib/dovecot/db/indexes: # tree real/ real/ └── jakob ├── Alle │ └── dovecot.index.log ├── dovecot.list.index.log ├── dreijahr │ └── dovecot.index.log ├── einjahr │ └── dovecot.index.log └── zweijahr └── dovecot.index.log /var/mail/real: # cat Alle/dovecot-virtual !INBOX INBOX/* -INBOX/Trash -INBOX/Trash/* -INBOX/Archives -INBOX/Archives/* -INBOX/Drafts -INBOX/Drafts/* -INBOX/Junk -INBOX/Junk/* -INBOX/SYSTEM -INBOX/SYSTEM/* all /var/mail/real: # cat einjahr/dovecot-virtual Real/Alle all younger 31536000 And the namespace Synoptic is the one, i can subscribe. It has as Background the "Real"-namespace: /var/mail/virtual: # tree . ├── AKTUELL │ └── dovecot-virtual ├── Archives │ └── dovecot-virtual ├── dovecot-acl-list ├── Drafts │ └── dovecot-virtual ├── GINBOX │ └── dovecot-virtual ├── Markierte │ └── dovecot-virtual ├── Neue │ └── dovecot-virtual ├── Sent │ └── dovecot-virtual ├── Trash │ └── dovecot-virtual ├── Ungelesene │ └── dovecot-virtual └── WICHTIG └── dovecot-virtual /var/mail/virtual: # cat AKTUELL/dovecot-virtual Real/einjahr inthread refs younger 2592000 /var/mail/virtual: # cat Markierte/dovecot-virtual Real/Alle flagged The error only appears in a Mailbox from one of this two namespaces. Every other mailboxes (public, private, shared) are working correct. When i try to open a mailbox from one of this two namespaces, the error below (Panic: Leaked view for index) is throwen jakob Am 05.01.2018 um 10:25 schrieb Aki Tuomi: This is a different bug, and I suspect it might be caused by virtual plugin. We'll look into it. Aki On 04.01.2018 23:41, Jakob Schürz wrote: Hi! This is very strange... This error affects only one mailaccount, and it happend not yesterday. The file /var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index which hat "Panic: Leaked view for index" does not exist. only dovecot.index.log and .cache exists in this mailbox. (which is normal for small mailboxes, i've read). But why is dovecot throwing an error? And i could find out, this is only, when i try to open a virtual folder. I switched back to older self-compiled dovecot-versions... but the error exists also there (but not before the update!!!) I also deleted all the dovecot.index-files, dovecot.index.log and dovecot.index.cache-files to let rebuild dovecot the index again... the error persists. Is it a misconfiguration? So i tried to build for the virtual-Mailboxes the Index in memory... the error persists and dovecot wants to read this index-file. My virtual folders not working any longer (on this account only!) For debug purpose i deleted all the emails in this mailbox, the error dissapered on this folder, but comes back in the next folder. could this be a problem with ulimit? greez jakob Am 2018-01-04 um 11:07 schrieb Jakobus Schürz: Hi! Is this a bug according to the other one? When i try to open a real or virtual mailbox, i often (not on every mailbox) get this error-message: Jän 04 11:03:32 aldebaran dovecot[24534]: imap(jakob)<24705>: Panic: Leaked view for index /var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index: Opened in index-storage.c:336 Jän 04 11:03:32 aldebaran dovecot[24534]: imap(jakob)<24705>: Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f47d5872021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7f47d58720ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f47d57e4481] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf3942) [0x7f47d5c1
Re: Bug in dovecot 2.3 virtual plugin
This is a different bug, and I suspect it might be caused by virtual plugin. We'll look into it. Aki On 04.01.2018 23:41, Jakob Schürz wrote: > Hi! > > This is very strange... > This error affects only one mailaccount, and it happend not yesterday. > The file > > /var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index > > which hat "Panic: Leaked view for index" does not exist. only > dovecot.index.log and .cache exists in this mailbox. (which is normal > for small mailboxes, i've read). But why is dovecot throwing an error? > > And i could find out, this is only, when i try to open a virtual folder. > > I switched back to older self-compiled dovecot-versions... but the error > exists also there (but not before the update!!!) > > I also deleted all the dovecot.index-files, dovecot.index.log and > dovecot.index.cache-files to let rebuild dovecot the index again... the > error persists. > > Is it a misconfiguration? > > So i tried to build for the virtual-Mailboxes the Index in memory... the > error persists and dovecot wants to read this index-file. > > My virtual folders not working any longer (on this account only!) > > For debug purpose i deleted all the emails in this mailbox, the error > dissapered on this folder, but comes back in the next folder. > > could this be a problem with ulimit? > > greez > jakob > > Am 2018-01-04 um 11:07 schrieb Jakobus Schürz: >> Hi! >> >> Is this a bug according to the other one? >> >> When i try to open a real or virtual mailbox, i often (not on every >> mailbox) get this error-message: >> >> Jän 04 11:03:32 aldebaran dovecot[24534]: >> imap(jakob)<24705>: Panic: Leaked view for index >> /var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index: Opened in >> index-storage.c:336 >> Jän 04 11:03:32 aldebaran dovecot[24534]: >> imap(jakob)<24705>: Error: Raw backtrace: >> /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f47d5872021] -> >> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7f47d58720ed] -> >> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f47d57e4481] -> >> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf3942) >> [0x7f47d5c11942] -> >> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_close+0x72) >> [0x7f47d5be8ec2] -> >> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) >> [0x7f47d5b68c0a] -> >> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xa7e0) [0x7f47d0dd37e0] >> -> >> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_open+0x2b) >> [0x7f47d0dd397b] -> >> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x1026) >> [0x7f47d0dd6926] -> >> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d) >> [0x7f47d5b6b05d] -> >> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) >> [0x7f47d5b6b117] -> >> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_get_status+0x31) >> [0x7f47d5be7781] -> >> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x9b3d) [0x7f47d0dd2b3d] >> -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xaded1) >> [0x7f47d5bcbed1] -> /usr/local/lib/dovecot/lib01_acl_plugin.so(+0xe975) >> [0x7f47d5001975] -> >> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_get_status+0x31) >> [0x7f47d5b6b4b1] -> >> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x114d) >> [0x7f47d0dd6a4d] -> >> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d) >> [0x7f47d5b6b05d] -> >> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) >> [0x7f47d5b6b117] -> dovecot/imap [jakob 192.168.0.14 >> EXAMINE](cmd_select_full+0x171) [0x555d195a91a1] -> dovecot/imap [jakob >> 192.168.0.14 EXAMINE](command_exec+0x64) [0x555d195b0ca4] -> >> dovecot/imap [jakob 192.168.0.14 EXAMINE](+0x1b0b2) [0x555d195af0b2] -> >> dovecot/imap [jakob 192.168.0.14 EXAMINE](+0x1b13c) [0x555d195af13c] -> >> dovecot/imap [jakob 192.168.0.14 EXAMINE](client_handle_input+0x1a5) >> [0x555d195af565] -> dovecot/imap [jakob 192.168.0.14 >> EXAMINE](client_input+0x82) [0x555d195afbe2] -> >> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) >> [0x7f47d5889bf9] -> >> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) >> [0x7f47d588b499] -> >> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) >> [0x7f47d5889d02] >> Jän 04 11:03:32 aldebaran dovecot[24534]: >> imap(jakob)<24705>: Fatal: master: service(imap): >> child 24705 killed with signal 6 (core dumps disabled) >> >> I deinstalled all debian-dovecot-packages and installed the user >> dovenull manually again. This is all, i did. >> >> jakob >
Re: Bug in dovecot 2.3 virtual plugin
Hi! This is very strange... This error affects only one mailaccount, and it happend not yesterday. The file /var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index which hat "Panic: Leaked view for index" does not exist. only dovecot.index.log and .cache exists in this mailbox. (which is normal for small mailboxes, i've read). But why is dovecot throwing an error? And i could find out, this is only, when i try to open a virtual folder. I switched back to older self-compiled dovecot-versions... but the error exists also there (but not before the update!!!) I also deleted all the dovecot.index-files, dovecot.index.log and dovecot.index.cache-files to let rebuild dovecot the index again... the error persists. Is it a misconfiguration? So i tried to build for the virtual-Mailboxes the Index in memory... the error persists and dovecot wants to read this index-file. My virtual folders not working any longer (on this account only!) For debug purpose i deleted all the emails in this mailbox, the error dissapered on this folder, but comes back in the next folder. could this be a problem with ulimit? greez jakob Am 2018-01-04 um 11:07 schrieb Jakobus Schürz: > Hi! > > Is this a bug according to the other one? > > When i try to open a real or virtual mailbox, i often (not on every > mailbox) get this error-message: > > Jän 04 11:03:32 aldebaran dovecot[24534]: > imap(jakob)<24705>: Panic: Leaked view for index > /var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index: Opened in > index-storage.c:336 > Jän 04 11:03:32 aldebaran dovecot[24534]: > imap(jakob)<24705>: Error: Raw backtrace: > /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f47d5872021] -> > /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7f47d58720ed] -> > /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f47d57e4481] -> > /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf3942) > [0x7f47d5c11942] -> > /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_close+0x72) > [0x7f47d5be8ec2] -> > /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) > [0x7f47d5b68c0a] -> > /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xa7e0) [0x7f47d0dd37e0] > -> > /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_open+0x2b) > [0x7f47d0dd397b] -> > /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x1026) > [0x7f47d0dd6926] -> > /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d) > [0x7f47d5b6b05d] -> > /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) > [0x7f47d5b6b117] -> > /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_get_status+0x31) > [0x7f47d5be7781] -> > /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x9b3d) [0x7f47d0dd2b3d] > -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xaded1) > [0x7f47d5bcbed1] -> /usr/local/lib/dovecot/lib01_acl_plugin.so(+0xe975) > [0x7f47d5001975] -> > /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_get_status+0x31) > [0x7f47d5b6b4b1] -> > /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x114d) > [0x7f47d0dd6a4d] -> > /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d) > [0x7f47d5b6b05d] -> > /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) > [0x7f47d5b6b117] -> dovecot/imap [jakob 192.168.0.14 > EXAMINE](cmd_select_full+0x171) [0x555d195a91a1] -> dovecot/imap [jakob > 192.168.0.14 EXAMINE](command_exec+0x64) [0x555d195b0ca4] -> > dovecot/imap [jakob 192.168.0.14 EXAMINE](+0x1b0b2) [0x555d195af0b2] -> > dovecot/imap [jakob 192.168.0.14 EXAMINE](+0x1b13c) [0x555d195af13c] -> > dovecot/imap [jakob 192.168.0.14 EXAMINE](client_handle_input+0x1a5) > [0x555d195af565] -> dovecot/imap [jakob 192.168.0.14 > EXAMINE](client_input+0x82) [0x555d195afbe2] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) > [0x7f47d5889bf9] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) > [0x7f47d588b499] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) > [0x7f47d5889d02] > Jän 04 11:03:32 aldebaran dovecot[24534]: > imap(jakob)<24705>: Fatal: master: service(imap): > child 24705 killed with signal 6 (core dumps disabled) > > I deinstalled all debian-dovecot-packages and installed the user > dovenull manually again. This is all, i did. > > jakob
Re: Bug in dovecot 2.3 virtual plugin
Hi! Is this a bug according to the other one? When i try to open a real or virtual mailbox, i often (not on every mailbox) get this error-message: Jän 04 11:03:32 aldebaran dovecot[24534]: imap(jakob)<24705>: Panic: Leaked view for index /var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index: Opened in index-storage.c:336 Jän 04 11:03:32 aldebaran dovecot[24534]: imap(jakob)<24705>: Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f47d5872021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7f47d58720ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f47d57e4481] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf3942) [0x7f47d5c11942] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_close+0x72) [0x7f47d5be8ec2] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) [0x7f47d5b68c0a] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xa7e0) [0x7f47d0dd37e0] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_open+0x2b) [0x7f47d0dd397b] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x1026) [0x7f47d0dd6926] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d) [0x7f47d5b6b05d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) [0x7f47d5b6b117] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_get_status+0x31) [0x7f47d5be7781] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x9b3d) [0x7f47d0dd2b3d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xaded1) [0x7f47d5bcbed1] -> /usr/local/lib/dovecot/lib01_acl_plugin.so(+0xe975) [0x7f47d5001975] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_get_status+0x31) [0x7f47d5b6b4b1] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x114d) [0x7f47d0dd6a4d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d) [0x7f47d5b6b05d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) [0x7f47d5b6b117] -> dovecot/imap [jakob 192.168.0.14 EXAMINE](cmd_select_full+0x171) [0x555d195a91a1] -> dovecot/imap [jakob 192.168.0.14 EXAMINE](command_exec+0x64) [0x555d195b0ca4] -> dovecot/imap [jakob 192.168.0.14 EXAMINE](+0x1b0b2) [0x555d195af0b2] -> dovecot/imap [jakob 192.168.0.14 EXAMINE](+0x1b13c) [0x555d195af13c] -> dovecot/imap [jakob 192.168.0.14 EXAMINE](client_handle_input+0x1a5) [0x555d195af565] -> dovecot/imap [jakob 192.168.0.14 EXAMINE](client_input+0x82) [0x555d195afbe2] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7f47d5889bf9] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) [0x7f47d588b499] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7f47d5889d02] Jän 04 11:03:32 aldebaran dovecot[24534]: imap(jakob)<24705>: Fatal: master: service(imap): child 24705 killed with signal 6 (core dumps disabled) I deinstalled all debian-dovecot-packages and installed the user dovenull manually again. This is all, i did. jakob
Re: Dovecot 2.3 - using doveadm as non-root?
On 3 Jan 2018, at 11.38, Rob Hoelz wrote: > > Hi dovecot developers and users, > > I recently upgraded my server running Arch Linux to dovecot 2.3.0, and I > noticed some of my cron jobs started issuing me error messages. These > cron jobs run as a non-root user associated with my mail account, and > they use doveadm to tidy things up (ex. purging the trash, moving > old mail in certain folders into the trash). The error message is: > >> Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: >> Permission denied > > I assume this is doveadm trying to participate in the new 2.3 stats > process, and after reading the code a bit, I can't see way to tell > doveadm to not connect to the stats writer. The socket is owned by > root with 600 permissions. > > What would be the right way to remedy this? AFAICT, I could potentially > run doveadm as root (which I would prefer to avoid), or I could change > the permissions on the stats writer socket, but I would hate to > introduce any sort of security vulnerability by doing so. I currently > have a scrappy Perl script that just runs doveadm and filters out the > error message (it doesn't seem to affect the behavior of doveadm other > than the message), but that feels dirty and I would prefer a cleaner > solution. Any advice? I was wondering what to do about this while developing it. I think you can disable this by clearing out the socket path: doveadm -o stats_writer_socket_path= But .. I think the changing the socket permissions is the better solution. The new stats process should know about everything that is going on in the system, and these doveadm calls are part of that. So if they're excluded then the stats aren't exactly correct. The stats-writer can't do all that much harm other than messing up the statistics or probably crashing stats process by using up all of its memory.
Dovecot 2.3 - using doveadm as non-root?
Hi dovecot developers and users, I recently upgraded my server running Arch Linux to dovecot 2.3.0, and I noticed some of my cron jobs started issuing me error messages. These cron jobs run as a non-root user associated with my mail account, and they use doveadm to tidy things up (ex. purging the trash, moving old mail in certain folders into the trash). The error message is: > Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: > Permission denied I assume this is doveadm trying to participate in the new 2.3 stats process, and after reading the code a bit, I can't see way to tell doveadm to not connect to the stats writer. The socket is owned by root with 600 permissions. What would be the right way to remedy this? AFAICT, I could potentially run doveadm as root (which I would prefer to avoid), or I could change the permissions on the stats writer socket, but I would hate to introduce any sort of security vulnerability by doing so. I currently have a scrappy Perl script that just runs doveadm and filters out the error message (it doesn't seem to affect the behavior of doveadm other than the message), but that feels dirty and I would prefer a cleaner solution. Any advice? Thanks, Rob
Re: Bug in dovecot 2.3 virtual plugin
This is not a bug in virtual plugin, but in some email which contains invalid unicode sequence somehow. Can you send me a core file? This should not have occured ofc but would be nice to know how it ended up here. Aki > On January 3, 2018 at 5:35 PM Jakobus Schürz > wrote: > > > Hi there! > > I compiled dovecot 2.3 from git. Because there is already a bug in > virtual-plugin, and i hoped, it get fixed... but it doesn't. So this > is the error-message from the log > > Jän 03 16:27:08 aldebaran dovecot[26460]: > indexer-worker(jakob)<26476>: > Panic: file unichar.c: line 160 (uni_ucs4_to_utf8_c): assertion > failed: (uni_is_valid_ucs4(chr)) > Jän 03 16:27:08 aldebaran dovecot[26460]: > indexer-worker(jakob)<26476>: > Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) > [0x7f8299f7a021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) > [0x7f8299f7a0ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) > [0x7f8299eec481] -> > /usr/local/lib/dovecot/libdovecot.so.0(uni_ucs4_to_utf8_c+0xa0) > [0x7f8299fb1500] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xa75e0) > [0x7f8299f5b5e0] -> > /usr/local/lib/dovecot/libdovecot.so.0(mail_html2text_more+0xc5) > [0x7f8299f5b775] -> > /usr/local/lib/dovecot/lib20_fts_plugin.so(+0xcfcc) [0x7f82990aefcc] > -> /usr/local/lib/dovecot/lib20_fts_plugin.so(fts_parser_more+0x27) > [0x7f82990aeca7] -> > /usr/local/lib/dovecot/lib20_fts_plugin.so(fts_build_mail+0x5e9) > [0x7f82990acc39] -> > /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x1122d) [0x7f82990b322d] > -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x916a) > [0x7f82958e316a] -> > /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x10f5d) [0x7f82990b2f5d] > -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x916a) > [0x7f82958e316a] -> > /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x10f5d) [0x7f82990b2f5d] > -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mail_precache+0x2e) > [0x7f829a2641be] -> dovecot/indexer-worker [jakob > Synoptic/AKTUELL](+0x2533) [0x562227882533] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) > [0x7f8299f91bf9] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) > [0x7f8299f93499] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) > [0x7f8299f91d02] -> > /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) > [0x7f8299f91f18] -> > /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) > [0x7f8299f0f1e3] -> dovecot/indexer-worker [jakob > Synoptic/AKTUELL](main+0xe7) [0x562227881f47] -> > /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) > [0x7f8299b352b1] -> dovecot/indexer-worker [jakob > Synoptic/AKTUELL](_start+0x2a) [0x56222788201a] > Jän 03 16:27:08 aldebaran dovecot[26460]: indexer: Error: Indexer > worker disconnected, discarding 1 requests for jakob > Jän 03 16:27:08 aldebaran dovecot[26460]: > imap(jakob)<26472>: Error: indexer failed to index > mailbox Synoptic/AKTUELL > Jän 03 16:27:08 aldebaran dovecot[26460]: > indexer-worker(jakob)<26476>: > Fatal: master: service(indexer-worker): child 26476 killed with signal > 6 (core dumps disabled) > Jän 03 16:27:09 aldebaran dovecot[26460]: > indexer-worker(jakob)<26484>: > Error: lucene index > /var/lib/dovecot/db/indexes/Maildir/jakob/lucene-indexes: > IndexWriter() failed (#1): Lock obtain timed out > Jän 03 16:27:10 aldebaran dovecot[26460]: > indexer-worker(jakob)<26484>: > Error: Mailbox Synoptic/AKTUELL: Transaction commit failed: BUG: > Unknown internal error (attempted to index 1488 messages (UIDs > 15214..16775)) > Jän 03 16:27:10 aldebaran dovecot[26460]: > imap(jakob)<26480>: Error: indexer failed to index > mailbox Synoptic/AKTUELL > Jän 03 16:27:11 aldebaran dovecot[26460]: > imap(jakob)<26472>: Panic: file mail-index.c: line > 793 (mail_index_close): assertion failed: (index->open_count > 0) > Jän 03 16:27:11 aldebaran dovecot[26460]: > imap(jakob)<26472>: Error: Raw backtrace: > /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7fb0fbd3a021] -> > /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7fb0fbd3a0ed] -> > /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fb0fbcac481] -> > /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf39a8) > [0x7fb0fc0d99a8] -> > /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd92d1) > [0x7fb0fc0bf2d1] -> > /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd9363) > [0x7fb0fc0bf363] -> > /usr/local/lib/dovecot/
Bug in dovecot 2.3 virtual plugin
Hi there! I compiled dovecot 2.3 from git. Because there is already a bug in virtual-plugin, and i hoped, it get fixed... but it doesn't. So this is the error-message from the log Jän 03 16:27:08 aldebaran dovecot[26460]: indexer-worker(jakob)<26476>: Panic: file unichar.c: line 160 (uni_ucs4_to_utf8_c): assertion failed: (uni_is_valid_ucs4(chr)) Jän 03 16:27:08 aldebaran dovecot[26460]: indexer-worker(jakob)<26476>: Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f8299f7a021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7f8299f7a0ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f8299eec481] -> /usr/local/lib/dovecot/libdovecot.so.0(uni_ucs4_to_utf8_c+0xa0) [0x7f8299fb1500] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xa75e0) [0x7f8299f5b5e0] -> /usr/local/lib/dovecot/libdovecot.so.0(mail_html2text_more+0xc5) [0x7f8299f5b775] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0xcfcc) [0x7f82990aefcc] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(fts_parser_more+0x27) [0x7f82990aeca7] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(fts_build_mail+0x5e9) [0x7f82990acc39] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x1122d) [0x7f82990b322d] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x916a) [0x7f82958e316a] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x10f5d) [0x7f82990b2f5d] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x916a) [0x7f82958e316a] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x10f5d) [0x7f82990b2f5d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mail_precache+0x2e) [0x7f829a2641be] -> dovecot/indexer-worker [jakob Synoptic/AKTUELL](+0x2533) [0x562227882533] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7f8299f91bf9] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) [0x7f8299f93499] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7f8299f91d02] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f8299f91f18] -> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f8299f0f1e3] -> dovecot/indexer-worker [jakob Synoptic/AKTUELL](main+0xe7) [0x562227881f47] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f8299b352b1] -> dovecot/indexer-worker [jakob Synoptic/AKTUELL](_start+0x2a) [0x56222788201a] Jän 03 16:27:08 aldebaran dovecot[26460]: indexer: Error: Indexer worker disconnected, discarding 1 requests for jakob Jän 03 16:27:08 aldebaran dovecot[26460]: imap(jakob)<26472>: Error: indexer failed to index mailbox Synoptic/AKTUELL Jän 03 16:27:08 aldebaran dovecot[26460]: indexer-worker(jakob)<26476>: Fatal: master: service(indexer-worker): child 26476 killed with signal 6 (core dumps disabled) Jän 03 16:27:09 aldebaran dovecot[26460]: indexer-worker(jakob)<26484>: Error: lucene index /var/lib/dovecot/db/indexes/Maildir/jakob/lucene-indexes: IndexWriter() failed (#1): Lock obtain timed out Jän 03 16:27:10 aldebaran dovecot[26460]: indexer-worker(jakob)<26484>: Error: Mailbox Synoptic/AKTUELL: Transaction commit failed: BUG: Unknown internal error (attempted to index 1488 messages (UIDs 15214..16775)) Jän 03 16:27:10 aldebaran dovecot[26460]: imap(jakob)<26480>: Error: indexer failed to index mailbox Synoptic/AKTUELL Jän 03 16:27:11 aldebaran dovecot[26460]: imap(jakob)<26472>: Panic: file mail-index.c: line 793 (mail_index_close): assertion failed: (index->open_count > 0) Jän 03 16:27:11 aldebaran dovecot[26460]: imap(jakob)<26472>: Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7fb0fbd3a021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7fb0fbd3a0ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fb0fbcac481] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf39a8) [0x7fb0fc0d99a8] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd92d1) [0x7fb0fc0bf2d1] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd9363) [0x7fb0fc0bf363] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_free+0x9) [0x7fb0fc0b0f39] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd05a4) [0x7fb0fc0b65a4] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_free+0x19) [0x7fb0fc030c99] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xabdc) [0x7fb0f729bbdc] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xacb9) [0x7fb0f729bcb9] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) [0x7fb0fc030c0a] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xac60) [0x7fb0f729bc60] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xacb9) [0x7fb0f729bcb9] -> /usr/local/lib/dovecot/libdovecot-storage.so
ssl_curve_list seems to be ignored with Dovecot 2.3
Hi all, after upgrading to Dovecot 2.3, I've noticed the new "ssl_curve_list" TLS option in 10-ssl.conf. Setting it to "ssl_curve_list = X25519:P-256" or leaving it blank (auto) does not change anything, Dovecot keeps on negotiating P-384: Server Temp Key: ECDH, P-384, 384 bits When using "-curves X25519" in s_client, it does a fallback to DH: Server Temp Key: DH, 4096 bits I'm on Dovecot 2.3.0 (c8b89eb) with OpenSSL 1.1.0g 2 Nov 2017 on Arch Linux 4.14.8-1-ARCH. Am I missing something here? OpenSSL 1.1 defaults to Curve25519 when leaving it on auto. Greetings, Marcel Menzel
Re: Dovecot 2.3-rc Logging Format
Op 12/21/2017 om 8:57 AM schreef Thomas Leuxner: > Hi, > > the release candidate defaults to a log format with session IDs. > > mail_log_prefix = "%s(%u)<%{pid}><%{session}>: " > > As the LMTP service seems to have the session ID hardcoded, the IDs get > duplicated in the logs: > > Dec 21 08:48:03 edi dovecot: lmtp(26573): Connect from local > Dec 21 08:48:03 edi dovecot: lmtp(t...@leuxner.net)[26573]: > : fCVaBjNnO1rNZwAAIROLbg: sieve: > msgid=<2323281.OorJHhdMHM@ylum>, time=158ms, status=stored mail into mailbox > ':public/Mailing-Lists/Debian-User' > Dec 21 08:48:03 edi dovecot: lmtp(26573): Disconnect from local: Client has > quit the connection (state = READY) Fixed in release. Regards, Stephan.
Re: Dovecot 2.3-rc1 SMTP submission proxy always gives TLS required error even when already using TLS
Op 12/22/2017 om 7:04 PM schreef Michael Marley: > On 2017-12-22 11:22, Michael Marley wrote: > >> On 2017-12-21 16:48, Stephan Bosch wrote: >> >> Op 12/18/2017 om 9:44 PM schreef Michael Marley: >> >> First of all, I apologize for my accidental empty message earlier. >> >> I just set up the SMTP submission proxy in Dovecot 2.3, but whenever I >> try to connect to it, it always returns "530 5.7.0 TLS required." for >> any sort of AUTH or MAIL command. This occurs even if TLS is being >> used. It also occurs regardless of whether I connect with a real >> client (Thunderbird) or manually with openssl s_client and regardless >> of whether a loopback connection or a remote connection is used. Here >> is the output of "dovecot -n". Please let me know if I can provide >> any other data. Thanks! >> Confirmed. Working on a fix. >> >> Regards, >> >> Stephan. > I can confirm that it works correctly in 2.3.0, thanks! > > Michael > > I think I spoke too soon. It works correctly (requiring TLS but working > once STARTTLS has been done) for remote connections, but it also is > requiring TLS for loopback connections, even though the rest of Dovecot > doesn't work this way. Ok, confirmed. Fix is pending. Regards, Stephan.
Re: Dovecot 2.3-rc1 SMTP submission proxy always gives TLS required error even when already using TLS
On 2017-12-22 11:22, Michael Marley wrote: > On 2017-12-21 16:48, Stephan Bosch wrote: > > Op 12/18/2017 om 9:44 PM schreef Michael Marley: > > First of all, I apologize for my accidental empty message earlier. > > I just set up the SMTP submission proxy in Dovecot 2.3, but whenever I > try to connect to it, it always returns "530 5.7.0 TLS required." for > any sort of AUTH or MAIL command. This occurs even if TLS is being > used. It also occurs regardless of whether I connect with a real > client (Thunderbird) or manually with openssl s_client and regardless > of whether a loopback connection or a remote connection is used. Here > is the output of "dovecot -n". Please let me know if I can provide > any other data. Thanks! > Confirmed. Working on a fix. > > Regards, > > Stephan. I can confirm that it works correctly in 2.3.0, thanks! Michael I think I spoke too soon. It works correctly (requiring TLS but working once STARTTLS has been done) for remote connections, but it also is requiring TLS for loopback connections, even though the rest of Dovecot doesn't work this way. Michael