>>>>> "Aki" == Aki Tuomi <[email protected]> writes:
Aki> This issue is now fixed for Dovecot on master with Aki> https://github.com/dovecot/core/compare/ca2237e%5E..6fff8d5.patch Looking at the patch, I've got a couple of comments. 1. Even your added comment says this issue could still happen is doveadm reads the config setting through doveconf, instead of the config socket. To me that smells like the problem isn't really where you patched it, but more in the parsing of options in doveadm. 2. This is much more bike-shedding, but you have the following: - if (input->module != NULL || input->extra_modules != NULL) { + if ((service->flags & MASTER_SERVICE_FLAG_DISABLE_SSL_SET) == 0 && + (input->module != NULL || input->extra_modules != NULL)) { And I would think that the last line would be more readable with: (input->module || input->extra_modules)) { The != NULL test just seems really redundant. I haven't looked at the rest of the main.c to see if this pattern is repeated all over the place or not. John Aki> and for pigeonhole master with Aki> https://github.com/dovecot/pigeonhole/commit/29750ba54c20eea0afd4ca436ddc1325723ce93f.patch Aki> Regards, Aki> Aki >> On 01/11/2021 08:38 Aki Tuomi <[email protected]> wrote: >> >> >> Hi all! >> >> We are looking into this issue. >> >> Aki >> >> > On 30/10/2021 19:36 TG Servers <[email protected]> wrote: >> > >> > >> > Thanks Robert, I read that. I will also wait for a patch and stay >> > >> > Cheers >> > >> > >> > On 30/10/2021 12:59, Robert Nowotny wrote: >> > >> > > the reason is : >> > > >> > > ssl_ca = </etc/ssl/certs/ca-bundle.crt >> > > >> > > if "ca-bundle.crt"is too big, You will get that error. >> > > this should be fixed, but as a workaround You might pull out the >> > > certificates You need. >> > > I personally wait for the patch and stay at 2.3.16 for the time beeing. >> > > >> > > yours sincerely >> > > Robert >> > > >> > > >> > > >> > > Am 30.10.2021 um 10:34 schrieb TG Servers: >> > > >> > > > Hello, >> > > > >> > > > tonight my dovecot upgraded to 2.3.17 and completely broke on recent >> > > > CentOS 8 installation. >> > > > >> > > > I found the service in status >> > > > >> > > > [root@riot ~]# systemctl status dovecot >> > > > ● dovecot.service - Dovecot IMAP/POP3 email server >> > > > Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; >> > > > vendor preset: disabled) >> > > > Active: failed (Result: exit-code) since Sat 2021-10-30 09:59:11 >> > > > CEST; 58s ago >> > > > Docs: man:dovecot(1) >> > > > https://doc.dovecot.org/ >> > > > Process: 1515 ExecStart=/usr/sbin/dovecot -F (code=exited, status=89) >> > > > Process: 1429 ExecStartPre=/usr/libexec/dovecot/prestartscript >> > > > (code=exited, status=0/SUCCESS) >> > > > Main PID: 1515 (code=exited, status=89) >> > > > >> > > > Oct 30 09:59:10 riot.<domain>.com systemd[1]: Starting Dovecot >> > > > IMAP/POP3 email server... >> > > > Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: >> > > > execvp(/usr/libexec/dovecot/managesieve) failed: Argument list too long >> > > > Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Error: >> > > > managesieve-login: dump-capability process returned 89 >> > > > Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: >> > > > execvp(/usr/sbin/dovecot) failed: Argument list too long >> > > > Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Main >> > > > process exited, code=exited, status=89/n/a >> > > > Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Failed >> > > > with result 'exit-code'. >> > > > Oct 30 09:59:11 riot.<domain>.com systemd[1]: Failed to start Dovecot >> > > > IMAP/POP3 email server. >> > > > >> > > > This seems to be like a bug as no configuration was changed by me in >> > > > the middle of the night. >> > > > I recall there were similar errors/bug reports in the past were it >> > > > seemed it was managesieve but wasn't, people had some >> > > > misconfigurations in the dovecot.conf. I did not change my >> > > > dovecot.conf since April. >> > > > But maybe here it is a pigeonhole issue. >> > > > >> > > > As I did not find any reason for it I changed the repo and downgraded >> > > > to 2.3.16-2 now and it runs without any flaws, like all the time >> > > > before. I had no time to investigate this any longer thand 2 hours >> > > > with 2.3.17 installed as this is a production server and I need the >> > > > email access. I also did not find anything adressable in the logs. >> > > > >> > > > [root@riot dovecot]# systemctl status dovecot >> > > > ● dovecot.service - Dovecot IMAP/POP3 email server >> > > > Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; >> > > > vendor preset: disabled) >> > > > Active: active (running) since Sat 2021-10-30 10:18:11 CEST; 2s ago >> > > > Docs: man:dovecot(1) >> > > > https://doc.dovecot.org/ >> > > > Process: 32398 ExecStartPre=/usr/libexec/dovecot/prestartscript >> > > > (code=exited, status=0/SUCCESS) >> > > > Main PID: 32452 (dovecot) >> > > > Status: "v2.3.16 (7e2e900c1a) running" >> > > > Tasks: 4 (limit: 99912) >> > > > Memory: 4.4M >> > > > CGroup: /system.slice/dovecot.service >> > > > ├─32452 /usr/sbin/dovecot -F >> > > > ├─32507 dovecot/anvil >> > > > ├─32508 dovecot/log >> > > > └─32513 dovecot/config >> > > > >> > > > Oct 30 10:18:11 riot.<domain>.com systemd[1]: Starting Dovecot >> > > > IMAP/POP3 email server... >> > > > Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: Warning: Corrected >> > > > permissions for login directory /var/run/dovecot/token-login >> > > > Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Warning: >> > > > Corrected permissions for login directory /var/run/dovecot/token-login >> > > > Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Dovecot >> > > > v2.3.16 (7e2e900c1a) starting up for imap, lmtp, sieve >> > > > Oct 30 10:18:11 riot.<domain>.com systemd[1]: Started Dovecot >> > > > IMAP/POP3 email server. >> > > > >> > > > >> > > > This is the configuration >> > > > # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf >> > > > # Pigeonhole version 0.5.16 (09c29328) >> > > > # OS: Linux 4.18.0-305.19.1.el8_4.x86_64 x86_64 AlmaLinux release 8.4 >> > > > (Electric Cheetah) >> > > > # Hostname: riot.<domain>.com >> > > > auth_mechanisms = plain login >> > > > auth_verbose = yes >> > > > listen = * >> > > > mail_gid = vmail >> > > > mail_home = /var/vmail/mailboxes/%d/%n >> > > > mail_location = maildir:~/mail:LAYOUT=fs >> > > > mail_plugins = " quota fts fts_solr" >> > > > mail_privileged_group = vmail >> > > > mail_uid = vmail >> > > > managesieve_notify_capability = mailto >> > > > managesieve_sieve_capability = fileinto reject envelope >> > > > encoded-character vacation subaddress comparator-i;ascii-numeric >> > > > relational regex imap4flags copy include variables body enotify >> > > > environment mailbox date index ihave duplicate mime foreverypart >> > > > extracttext imapsieve vnd.dovecot.imapsieve >> > > > namespace inbox { >> > > > inbox = yes >> > > > location = >> > > > mailbox Drafts { >> > > > auto = subscribe >> > > > special_use = \Drafts >> > > > } >> > > > mailbox Sent { >> > > > auto = subscribe >> > > > special_use = \Sent >> > > > } >> > > > mailbox Spam { >> > > > auto = subscribe >> > > > special_use = \Junk >> > > > } >> > > > mailbox Trash { >> > > > auto = subscribe >> > > > special_use = \Trash >> > > > } >> > > > prefix = >> > > > separator = . >> > > > type = private >> > > > } >> > > > passdb { >> > > > args = /etc/dovecot/dovecot-sql.conf >> > > > driver = sql >> > > > } >> > > > plugin { >> > > > fts = solr >> > > > fts_autoindex = yes >> > > > fts_solr = url=http://localhost:<solr_port>/solr/dovecot/ >> > > > imapsieve_mailbox1_before = >> > > > file:/var/vmail/sieve/global/learn-spam.sieve >> > > > imapsieve_mailbox1_causes = COPY >> > > > imapsieve_mailbox1_name = Spam >> > > > imapsieve_mailbox2_before = >> > > > file:/var/vmail/sieve/global/learn-ham.sieve >> > > > imapsieve_mailbox2_causes = COPY >> > > > imapsieve_mailbox2_from = Spam >> > > > imapsieve_mailbox2_name = * >> > > > quota = maildir:User quota >> > > > quota_exceeded_message = User %u is over the storage quota >> > > > sieve = >> > > > file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve >> > > > sieve_before = /var/vmail/sieve/global/spam-global.sieve >> > > > sieve_global_extensions = +vnd.dovecot.pipe >> > > > sieve_pipe_bin_dir = /usr/bin >> > > > sieve_plugins = sieve_imapsieve sieve_extprograms >> > > > } >> > > > protocols = imap lmtp sieve >> > > > service auth { >> > > > unix_listener /var/spool/postfix/private/auth { >> > > > group = postfix >> > > > mode = 0660 >> > > > user = postfix >> > > > } >> > > > unix_listener auth-userdb { >> > > > group = vmail >> > > > mode = 0660 >> > > > user = vmail >> > > > } >> > > > } >> > > > service imap-login { >> > > > inet_listener imap { >> > > > port = 0 >> > > > } >> > > > inet_listener imaps { >> > > > port = 993 >> > > > } >> > > > } >> > > > service lmtp { >> > > > unix_listener /var/spool/postfix/private/dovecot-lmtp { >> > > > group = postfix >> > > > mode = 0660 >> > > > user = postfix >> > > > } >> > > > user = vmail >> > > > } >> > > > service managesieve-login { >> > > > inet_listener sieve { >> > > > port = 4190 >> > > > } >> > > > } >> > > > ssl = required >> > > > ssl_ca = </etc/ssl/certs/ca-bundle.crt >> > > > ssl_cert = </etc/ssl/certs/<domain>.com_chain.crt >> > > > ssl_cipher_list = >> > > > TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:EECDH+AESGCM:EDH+AESGCM:@SECLEVEL=2 >> > > > ssl_client_ca_dir = /etc/ssl/certs >> > > > ssl_client_ca_file = /etc/ssl/certs/ca-bundle.crt >> > > > ssl_dh = # hidden, use -P to show it >> > > > ssl_key = # hidden, use -P to show it >> > > > ssl_prefer_server_ciphers = yes >> > > > userdb { >> > > > args = /etc/dovecot/dovecot-sql.conf >> > > > driver = sql >> > > > } >> > > > protocol imap { >> > > > imap_idle_notify_interval = 24 mins >> > > > mail_max_userip_connections = 20 >> > > > mail_plugins = " quota fts fts_solr imap_quota imap_sieve" >> > > > } >> > > > protocol lmtp { >> > > > mail_plugins = " quota fts fts_solr sieve" >> > > > postmaster_address = postmaster@<domain>.com >> > > > } >> > > > local_name mail.<domain_3>.com { >> > > > ssl_cert = </etc/ssl/certs/<domain_3>.com_chain.crt >> > > > ssl_key = # hidden, use -P to show it >> > > > } >> > > > local_name mail.<domain_2>.net { >> > > > ssl_cert = </etc/ssl/certs/<domain_2>.net_chain.crt >> > > > ssl_key = # hidden, use -P to show it >> > > > } >> > > > local_name mail.<domain>.com { >> > > > ssl_cert = </etc/ssl/certs/<domain>.com_chain.crt >> > > > ssl_key = # hidden, use -P to show it >> > > > } >> > > > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > >> > > >> > >> >
