Re: v2.3.2 released

2018-07-04 Thread Juan C. Blanco 



On 04/07/2018 9:44, Heiko Schlichting wrote:

v2.3.2 is mainly a bugfix release.


Please push a tag into the git repository.


Yes, thanks for doing it, and I will be gratefull also, if the dovecot 
master-2.3 and pigeonhole master-0.5 branchs would include the commits 
of the last dovecot and pigeonhole releases.


Thanks
Juan C.



Thanks,
Heiko

Heiko SchlichtingFreie Universität Berlin
heiko.schlicht...@fu-berlin.de   Zentraleinrichtung für Datenverarbeitung
Telefon +49 30 838-54327 Fabeckstraße 32
Telefax +49 30 838454327 14195 Berlin



--
+---+
| Juan C. Blanco|
|   |
|  Centro de Calculo |  |
|  E.T.S. Ingenieros Informáticos|  E-mail: jcbla...@fi.upm.es  |
|  Universidad Politécnica de Madrid |  |
|  Campus de Montegancedo|  |
|  Boadilla del Monte|  Tel.:(+34) 91 067 2771  |
|  28660 MADRID (Spain)  |  Fax :(+34) 91 336 7412  |
+---+

Re: v2.3.2 released

2018-07-04 Thread Heiko Schlichting 
> v2.3.2 is mainly a bugfix release.

Please push a tag into the git repository.

Thanks,
Heiko

Heiko SchlichtingFreie Universität Berlin
heiko.schlicht...@fu-berlin.de   Zentraleinrichtung für Datenverarbeitung
Telefon +49 30 838-54327 Fabeckstraße 32
Telefax +49 30 838454327 14195 Berlin


smime.p7s
Description: S/MIME cryptographic signature

Re: v2.3.2 released

2018-06-30 Thread Michael Grimm 
Timo Sirainen  wrote:

> - lmtp, submission: Message size limit was hardcoded to 40 MB.

I only want to clarify if ...

mail> doveconf -d | grep size
submission_max_mail_size = 0

… this setting stands for 'unlimited'?

Thanks in advance and regards,
Michael

Re: v2.3.2 released

2018-06-30 Thread Reio Remma 

On 30.06.2018 10:55, Reio Remma wrote:

On 29.06.2018 15:51, Timo Sirainen wrote:

https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig

v2.3.2 is mainly a bugfix release. It contains all the changes in 
v2.2.36, as well as a bunch of other fixes (mainly for v2.3-only 
bugs). Binary packages are already in https://repo.dovecot.org/


Has something been changed in the CentOS package, especially with 
SELinux? I just updated from 2.3.1 and now I'm having to add SELinux 
rules for Dovecot to be able to read files in /etc. I've an sqlite 
user database in /etc/mail and sieve scripts in /etc/dovecot/sieve, 
neither are accessible anymore without adding extra SELinux rules.


# This one is now needed to use the sqlite database in /etc/mail
#

module selinux-dovecot-etc 1.0;

require {

    type dovecot_auth_t;

    type etc_mail_t;

    class dir search;

    class file { getattr lock open read write };

}

#= dovecot_auth_t ==

allow dovecot_auth_t etc_mail_t:dir search;

allow dovecot_auth_t etc_mail_t:file { getattr lock open read write };


# This module is needed for Dovecot to be able to execute sieve scripts 
in /etc/dovecot/sieve

#

module selinux-dovecot-etc-execute 1.0;

require {

    type dovecot_etc_t;

    type dovecot_t;

    class file { execute execute_no_trans };

}

#= dovecot_t ==

allow dovecot_t dovecot_etc_t:file { execute execute_no_trans };


# This module is needed for my spamc scripts to access what it needs
#

module selinux-dovecot-sieve-execute 1.0;

require {

    type var_log_t;

    type dovecot_t;

    type spamc_exec_t;

    type tmpfs_t;

    class lnk_file read;

    class file { execute execute_no_trans getattr open read };

}

#= dovecot_t ==

allow dovecot_t spamc_exec_t:file { execute execute_no_trans getattr open read 
};

allow dovecot_t tmpfs_t:lnk_file read;

allow dovecot_t var_log_t:file open;


None of these modules were needed before upgrade from 2.3.1 on my Centos 
7.5 system.


---
Good luck,
Reio

Re: v2.3.2 released

2018-06-30 Thread Reio Remma 

On 29.06.2018 15:51, Timo Sirainen wrote:

https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig

v2.3.2 is mainly a bugfix release. It contains all the changes in v2.2.36, as 
well as a bunch of other fixes (mainly for v2.3-only bugs). Binary packages are 
already in https://repo.dovecot.org/


Has something been changed in the CentOS package, especially with 
SELinux? I just updated from 2.3.1 and now I'm having to add SELinux 
rules for Dovecot to be able to read files in /etc. I've an sqlite user 
database in /etc/mail and sieve scripts in /etc/dovecot/sieve, neither 
are accessible anymore without adding extra SELinux rules.


Thanks,
Reio

Re: v2.3.2 released

2018-06-29 Thread Aki Tuomi 


> On 29 June 2018 at 23:39 Jean-Daniel  wrote:
> 
> 
> 
> 
> > Le 29 juin 2018 à 14:51, Timo Sirainen  a écrit :
> > 
> > https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz
> > https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig
> > 
> > v2.3.2 is mainly a bugfix release. It contains all the changes in v2.2.36, 
> > as well as a bunch of other fixes (mainly for v2.3-only bugs).
> 
> > Binary packages are already in https://repo.dovecot.org/ 
> > 
> 
> Is there any plan to add bionic version to the ubuntu repo ?
> 
>

Yes. It is on our roadmap.

Aki

Re: v2.3.2 released

2018-06-29 Thread Jean-Daniel 


> Le 29 juin 2018 à 14:51, Timo Sirainen  a écrit :
> 
> https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz
> https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig
> 
> v2.3.2 is mainly a bugfix release. It contains all the changes in v2.2.36, as 
> well as a bunch of other fixes (mainly for v2.3-only bugs).

> Binary packages are already in https://repo.dovecot.org/ 
> 

Is there any plan to add bionic version to the ubuntu repo ?

Re: v2.3.2 released

2018-06-29 Thread Tom Sommer 

On 2018-06-29 16:00, Timo Sirainen wrote:

On 29 Jun 2018, at 15.28, Tom Sommer  wrote:


On 2018-06-29 15:20, Timo Sirainen wrote:

On 29 Jun 2018, at 15.05, Tom Sommer  wrote:

On 2018-06-29 14:51, Timo Sirainen wrote:

v2.3.2 is mainly a bugfix release. It contains all the changes in
v2.2.36, as well as a bunch of other fixes (mainly for v2.3-only
bugs). Binary packages are already in https://repo.dovecot.org/

A simple "yum update" will result in a ton of these errors:
Jun 29 15:02:19 stats: Error: stats: Socket supports major version 
2, but we support only 3 (mixed old and new binaries?)
Should the yum update process perhaps not restart the dovecot 
service?

It sounds like you upgraded from v2.2.x to v2.3.2? The stats was
completely changed.


From 2.3.1 to 2.3.2:

Installed:
 dovecot.x86_64 2:2.3.2-3dovecot-mysql.x86_64 2:2.3.2-3

Updated:
 dovecot-pigeonhole.x86_64 2:2.3.2-3

Replaced:
 dovecot.x86_64 2:2.3.1-1dovecot-mysql.x86_64 2:2.3.1-1


That's weird. Something appears to be connecting to the stats socket
with old protocol version. What your doveconf -n?


service stats {
  chroot = empty
  client_limit = 0
  drop_priv_before_exec = no
  executable = stats
  extra_groups =
  group =
  idle_kill = 4294967295 secs
  privileged_group =
  process_limit = 1
  process_min_avail = 0
  protocol =
  service_count = 0
  type =
  unix_listener stats-reader {
group =
mode = 0600
user =
  }
  unix_listener stats-writer {
group = $default_internal_group
mode = 0660
user =
  }
  user = $default_internal_user
  vsz_limit = 18446744073709551615 B
}


This is the full error-log that happened after "yum update": 
https://pastebin.com/tUJaehdV


"Jun 29 15:02:20" is the "/etc/init.d/dovecot restart"

Maybe it was a one-time thing for only my setup, I don't know - Although 
I find it hard to understand how a stat-writer socket with an old 
version should be able to run in 2.3.1 with major version 2 for several 
months - and the same thing happened on all of my 22 
director-backend-servers.


Oh well.

Re: v2.3.2 released

2018-06-29 Thread Timo Sirainen 
On 29 Jun 2018, at 15.28, Tom Sommer  wrote:
> 
> On 2018-06-29 15:20, Timo Sirainen wrote:
>> On 29 Jun 2018, at 15.05, Tom Sommer  wrote:
>>> On 2018-06-29 14:51, Timo Sirainen wrote:
 v2.3.2 is mainly a bugfix release. It contains all the changes in
 v2.2.36, as well as a bunch of other fixes (mainly for v2.3-only
 bugs). Binary packages are already in https://repo.dovecot.org/
>>> A simple "yum update" will result in a ton of these errors:
>>> Jun 29 15:02:19 stats: Error: stats: Socket supports major version 2, but 
>>> we support only 3 (mixed old and new binaries?)
>>> Should the yum update process perhaps not restart the dovecot service?
>> It sounds like you upgraded from v2.2.x to v2.3.2? The stats was
>> completely changed.
> 
> From 2.3.1 to 2.3.2:
> 
> Installed:
>  dovecot.x86_64 2:2.3.2-3dovecot-mysql.x86_64 2:2.3.2-3
> 
> Updated:
>  dovecot-pigeonhole.x86_64 2:2.3.2-3
> 
> Replaced:
>  dovecot.x86_64 2:2.3.1-1dovecot-mysql.x86_64 2:2.3.1-1

That's weird. Something appears to be connecting to the stats socket with old 
protocol version. What your doveconf -n?

Re: v2.3.2 released

2018-06-29 Thread Tom Sommer 

On 2018-06-29 15:20, Timo Sirainen wrote:

On 29 Jun 2018, at 15.05, Tom Sommer  wrote:


On 2018-06-29 14:51, Timo Sirainen wrote:


v2.3.2 is mainly a bugfix release. It contains all the changes in
v2.2.36, as well as a bunch of other fixes (mainly for v2.3-only
bugs). Binary packages are already in https://repo.dovecot.org/


A simple "yum update" will result in a ton of these errors:

Jun 29 15:02:19 stats: Error: stats: Socket supports major version 2, 
but we support only 3 (mixed old and new binaries?)


Should the yum update process perhaps not restart the dovecot service?


It sounds like you upgraded from v2.2.x to v2.3.2? The stats was
completely changed.


From 2.3.1 to 2.3.2:

Installed:
  dovecot.x86_64 2:2.3.2-3dovecot-mysql.x86_64 2:2.3.2-3

Updated:
  dovecot-pigeonhole.x86_64 2:2.3.2-3

Replaced:
  dovecot.x86_64 2:2.3.1-1dovecot-mysql.x86_64 2:2.3.1-1

Re: v2.3.2 released

2018-06-29 Thread Timo Sirainen 
On 29 Jun 2018, at 15.05, Tom Sommer  wrote:
> 
> On 2018-06-29 14:51, Timo Sirainen wrote:
> 
>> v2.3.2 is mainly a bugfix release. It contains all the changes in
>> v2.2.36, as well as a bunch of other fixes (mainly for v2.3-only
>> bugs). Binary packages are already in https://repo.dovecot.org/
> 
> A simple "yum update" will result in a ton of these errors:
> 
> Jun 29 15:02:19 stats: Error: stats: Socket supports major version 2, but we 
> support only 3 (mixed old and new binaries?)
> 
> Should the yum update process perhaps not restart the dovecot service?

It sounds like you upgraded from v2.2.x to v2.3.2? The stats was completely 
changed.

Re: v2.3.2 released

2018-06-29 Thread Tom Sommer 

On 2018-06-29 14:51, Timo Sirainen wrote:


v2.3.2 is mainly a bugfix release. It contains all the changes in
v2.2.36, as well as a bunch of other fixes (mainly for v2.3-only
bugs). Binary packages are already in https://repo.dovecot.org/


A simple "yum update" will result in a ton of these errors:

Jun 29 15:02:19 stats: Error: stats: Socket supports major version 2, 
but we support only 3 (mixed old and new binaries?)


Should the yum update process perhaps not restart the dovecot service?

---
Tom

[Dovecot-news] v2.3.2 released

2018-06-29 Thread Timo Sirainen 
https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig

v2.3.2 is mainly a bugfix release. It contains all the changes in v2.2.36, as 
well as a bunch of other fixes (mainly for v2.3-only bugs). Binary packages are 
already in https://repo.dovecot.org/

 * old-stats plugin: Don't temporarily enable PR_SET_DUMPABLE while
   opening /proc/self/io. This may still cause security problems if the
   process is ptrace()d at the same time. Instead, open it while still
   running as root.
 + doveadm: Added mailbox cache decision commands. See
   doveadm-mailbox(1) man page for details.
 + doveadm: Added rebuild attachments command for rebuilding
   $HasAttachment or $HasNoAttachment flags for matching mails. See
   doveadm-rebuild(1) man page for details.
 + cassandra: Use fallback_consistency on more types of errors
 + lmtp proxy: Support outgoing SSL/TLS connections
 + lmtp: Add lmtp_rawlog_dir and lmtp_proxy_rawlog_dir settings.
 + submission: Add support for rawlog_dir
 + submission: Add submission_client_workarounds setting.
 + lua auth: Add password_verify() function and additional fields in
   auth request.
 - doveadm-server: TCP connections are hanging when there is a lot of
   network output. This especially caused hangs in dsync-replication.
 - Using multiple type=shared mdbox namespaces crashed
 - mail_fsync setting was ignored. It was always set to "optimized".
 - lua auth: Fix potential crash at deinit
 - SSL/TLS servers may have crashed if client disconnected during
   handshake.
 - SSL/TLS servers: Don't send extraneous certificates to client when
   alt certs are used.
 - lda, lmtp: Return-Path header without '<' may have assert-crashed.
 - lda, lmtp: Unencoded UTF-8 in email address headers may assert-crash
 - lda: -f parameter didn't allow empty/null/domainless address
 - lmtp, submission: Message size limit was hardcoded to 40 MB.
   Exceeding it caused the connection to get dropped during transfer.
 - lmtp: Fix potential crash when delivery fails at DATA stage
 - lmtp: login_greeting setting was ignored
 - Fix to work with OpenSSL v1.0.2f
 - systemd unit restrictions were too strict by default
 - Fix potential crashes when a lot of log output was produced
 - SMTP client may have assert-crashed when sending mail
 - IMAP COMPRESS: Send "end of compression" marker when disconnecting.
 - cassandra: Fix consistency=quorum to work
 - dsync: Lock file generation failed if home directory didn't exist
 - Snippet generation for HTML mails didn't ignore  inside
   blockquotes, producing strange looking snippets.
 - imapc: Fix assert-crash if getting disconnected and after
   reconnection all mails in the selected mailbox are gone.
 - pop3c: Handle unexpected server disconnections without assert-crash
 - fts: Fixes to indexing mails via virtual mailboxes.
 - fts: If mails contained NUL characters, the text around it wasn't
   indexed.
 - Obsolete dovecot.index.cache offsets were sometimes used. Trying to
   fetch a field that was just added to cache file may not have always
   found it.

___
Dovecot-news mailing list
Dovecot-news@dovecot.org
https://dovecot.org/mailman/listinfo/dovecot-news

v2.3.2 released

2018-06-29 Thread Timo Sirainen 
https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig

v2.3.2 is mainly a bugfix release. It contains all the changes in v2.2.36, as 
well as a bunch of other fixes (mainly for v2.3-only bugs). Binary packages are 
already in https://repo.dovecot.org/

 * old-stats plugin: Don't temporarily enable PR_SET_DUMPABLE while
   opening /proc/self/io. This may still cause security problems if the
   process is ptrace()d at the same time. Instead, open it while still
   running as root.
 + doveadm: Added mailbox cache decision commands. See
   doveadm-mailbox(1) man page for details.
 + doveadm: Added rebuild attachments command for rebuilding
   $HasAttachment or $HasNoAttachment flags for matching mails. See
   doveadm-rebuild(1) man page for details.
 + cassandra: Use fallback_consistency on more types of errors
 + lmtp proxy: Support outgoing SSL/TLS connections
 + lmtp: Add lmtp_rawlog_dir and lmtp_proxy_rawlog_dir settings.
 + submission: Add support for rawlog_dir
 + submission: Add submission_client_workarounds setting.
 + lua auth: Add password_verify() function and additional fields in
   auth request.
 - doveadm-server: TCP connections are hanging when there is a lot of
   network output. This especially caused hangs in dsync-replication.
 - Using multiple type=shared mdbox namespaces crashed
 - mail_fsync setting was ignored. It was always set to "optimized".
 - lua auth: Fix potential crash at deinit
 - SSL/TLS servers may have crashed if client disconnected during
   handshake.
 - SSL/TLS servers: Don't send extraneous certificates to client when
   alt certs are used.
 - lda, lmtp: Return-Path header without '<' may have assert-crashed.
 - lda, lmtp: Unencoded UTF-8 in email address headers may assert-crash
 - lda: -f parameter didn't allow empty/null/domainless address
 - lmtp, submission: Message size limit was hardcoded to 40 MB.
   Exceeding it caused the connection to get dropped during transfer.
 - lmtp: Fix potential crash when delivery fails at DATA stage
 - lmtp: login_greeting setting was ignored
 - Fix to work with OpenSSL v1.0.2f
 - systemd unit restrictions were too strict by default
 - Fix potential crashes when a lot of log output was produced
 - SMTP client may have assert-crashed when sending mail
 - IMAP COMPRESS: Send "end of compression" marker when disconnecting.
 - cassandra: Fix consistency=quorum to work
 - dsync: Lock file generation failed if home directory didn't exist
 - Snippet generation for HTML mails didn't ignore  inside
   blockquotes, producing strange looking snippets.
 - imapc: Fix assert-crash if getting disconnected and after
   reconnection all mails in the selected mailbox are gone.
 - pop3c: Handle unexpected server disconnections without assert-crash
 - fts: Fixes to indexing mails via virtual mailboxes.
 - fts: If mails contained NUL characters, the text around it wasn't
   indexed.
 - Obsolete dovecot.index.cache offsets were sometimes used. Trying to
   fetch a field that was just added to cache file may not have always
   found it.