Re: Panic…

2018-12-13 Thread Rupert Gallagher via dovecot 
Shouldn't an event of this type trigger a useful warning instead of a cryptic 
programming error?

On Thu, Dec 13, 2018 at 07:42, Timo Sirainen  wrote:

> On 13 Dec 2018, at 7.31, SH Development  wrote:
>>
>> I have started getting these in my log. What does this mean and what do I 
>> need to do?
>>
>> Panic: file mail-index-util.c: line 37 (mail_index_uint32_to_offset): 
>> assertion failed: (offset < 0x4000)
>
> Your dovecot.index.cache file has grown too huge. The only solution now is to 
> delete it, and perhaps try to shrink the number of mails in the folder as 
> well. The downside to deleting cache is that it may temporarily slow down 
> performance for accessing the folder, depending on the IMAP client.

Re: Panic…

2018-12-13 Thread Aki Tuomi 
Yes, and it's our backlog.

Aki

On 13.12.2018 10.10, Rupert Gallagher via dovecot wrote:
> Shouldn't an event of this type trigger a useful warning instead of a
> cryptic programming error?
>
>
>
> On Thu, Dec 13, 2018 at 07:42, Timo Sirainen  > wrote:
>> On 13 Dec 2018, at 7.31, SH Development 
>> wrote:
>> >
>> > I have started getting these in my log. What does this mean and
>> what do I need to do?
>> >
>> > Panic: file mail-index-util.c: line 37
>> (mail_index_uint32_to_offset): assertion failed: (offset < 0x4000)
>>
>> Your dovecot.index.cache file has grown too huge. The only solution
>> now is to delete it, and perhaps try to shrink the number of mails in
>> the folder as well. The downside to deleting cache is that it may
>> temporarily slow down performance for accessing the folder, depending
>> on the IMAP client.
>>
>
>

dovecot/config processes one more time - which are safe to kill?

2018-12-13 Thread Arkadiusz Miśkiewicz 


Hello.

The problem with dovecot/config processes never ending and spawning new
one on each reload
(https://www.dovecot.org/list/dovecot/2016-November/106058.html) is
becoming a problem here:

# ps aux|grep dovecot/config|wc -l
206

That's a lot of wasted memory - dovecot/config processes ate over 30GB
of ram on 64GB box.

Before killing dovecot/config processes:
# free -m
  totalusedfree  shared  buff/cache
available
Mem:  64437   61656 483   02297


after:

# free -m
  totalusedfree  shared  buff/cache
available
Mem:  64437   23676   37822   02939


Currently on dovecot 2.3.3. I guess it's very low priority to handle
that, so: how can I figure out which dovecot/config processes are safe
to be killed by external script?

Does "all beside 2 newest ones" rule look sane?

Thanks,
-- 
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )

Re: dovecot/config processes one more time - which are safe to kill?

2018-12-13 Thread j.emerlik 
In my Dovecot 2.2.32 I do not have such a problem.

czw., 13 gru 2018 o 10:18 Arkadiusz Miśkiewicz  napisał(a):

>
> Hello.
>
> The problem with dovecot/config processes never ending and spawning new
> one on each reload
> (https://www.dovecot.org/list/dovecot/2016-November/106058.html) is
> becoming a problem here:
>
> # ps aux|grep dovecot/config|wc -l
> 206
>
> That's a lot of wasted memory - dovecot/config processes ate over 30GB
> of ram on 64GB box.
>
> Before killing dovecot/config processes:
> # free -m
>   totalusedfree  shared  buff/cache
> available
> Mem:  64437   61656 483   02297
>
>
> after:
>
> # free -m
>   totalusedfree  shared  buff/cache
> available
> Mem:  64437   23676   37822   02939
>
>
> Currently on dovecot 2.3.3. I guess it's very low priority to handle
> that, so: how can I figure out which dovecot/config processes are safe
> to be killed by external script?
>
> Does "all beside 2 newest ones" rule look sane?
>
> Thanks,
> --
> Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
>

Re: doveadm batch crash

2018-12-13 Thread Jonathan Casiot via dovecot 




On 08/12/2018 19:53, Jonathan Casiot via dovecot wrote:


Hi

I'm having an issue with doveadm batch - the following command always 
crashes:


doveadm batch : mailbox status all inbox

Whereas the following work as expected:

doveadm mailbox status all inbox
doveadm batch : mailbox list


Any assistance gratefully received.


Debug output from the crash:

Debug: Loading modules from directory: /usr/lib64/dovecot
Debug: Module loaded: /usr/lib64/dovecot/lib01_acl_plugin.so
Debug: Module loaded: /usr/lib64/dovecot/lib10_mail_crypt_plugin.so
Debug: Module loaded: /usr/lib64/dovecot/lib90_stats_plugin.so
Debug: Loading modules from directory: /usr/lib64/dovecot/doveadm
Debug: Module loaded: 
/usr/lib64/dovecot/doveadm/lib10_doveadm_acl_plugin.so
Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: 
/usr/lib64/dovecot/doveadm/lib10_doveadm_expire_plugin.so: undefined 
symbol: expire_set_deinit (this is usually intentional, so just ignore 
this message)
Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: 
/usr/lib64/dovecot/doveadm/lib10_doveadm_quota_plugin.so: undefined 
symbol: quota_user_module (this is usually intentional, so just ignore 
this message)
Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() 
failed: /usr/lib64/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.so: 
undefined symbol: lucene_index_iter_deinit (this is usually intentional, 
so just ignore this message)
Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: 
/usr/lib64/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined 
symbol: fts_user_get_language_list (this is usually intentional, so just 
ignore this message)
Debug: Module loaded: 
/usr/lib64/dovecot/doveadm/libdoveadm_mail_crypt_plugin.so

doveadm(jc): Debug: Effective uid=1001, gid=100, home=/home/jc
doveadm(jc): Debug: acl: No acl_shared_dict setting - shared mailbox 
listing is disabled
doveadm(jc): Debug: mail_crypt_plugin: mail_crypt_curve setting missing 
- generating EC keys disabled
doveadm(jc): Debug: Namespace inbox: type=private, prefix=, sep=., 
inbox=yes, hidden=no, list=yes, subscriptions=yes 
location=mdbox:~/mdbox:ALT=~/Archive/tape/mdbox
doveadm(jc): Debug: fs: root=/home/jc/mdbox, index=, indexpvt=, 
control=, inbox=, alt=/home/jc/Archive/tape/mdbox

doveadm(jc): Debug: acl: initializing backend with data: vfile
doveadm(jc): Debug: acl: acl username = jc
doveadm(jc): Debug: acl: owner = 1
doveadm(jc): Debug: acl vfile: Global ACLs disabled
doveadm(jc): Panic: file mail-storage.c: line 875 (mailbox_set_reason): 
assertion failed: (reason != NULL)
doveadm(jc): Error: Raw backtrace: 
/usr/lib64/dovecot/libdovecot.so.0(+0xa0e9e) [0x7fc993023e9e] -> 
/usr/lib64/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) 
[0x7fc993023f0a] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) 
[0x7fc992fb3c97] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x49856) 
[0x7fc993301856] -> /usr/bin/doveadm(+0x348e2) [0x5631dbb5f8e2] -> 
/usr/bin/doveadm(+0x2e1ad) [0x5631dbb591ad] -> 
/usr/bin/doveadm(+0x2bd2c) [0x5631dbb56d2c] -> 
/usr/bin/doveadm(+0x2c92a) [0x5631dbb5792a] -> 
/usr/bin/doveadm(doveadm_mail_try_run+0x215) [0x5631dbb58285] -> 
/usr/bin/doveadm(main+0x46a) [0x5631dbb473fa] -> 
/lib64/libc.so.6(__libc_start_main+0xf5) [0x7fc992bd83d5] -> 
/usr/bin/doveadm(+0x1c565) [0x5631dbb47565]

Aborted (core dumped)


And doveconf -n output:

# 2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-957.1.3.el7.x86_64 x86_64 CentOS Linux release 
7.6.1810 (Core)

# Hostname: ### redacted ###
first_valid_gid = 100
first_valid_uid = 1000
last_valid_gid = 100
last_valid_uid = 1999
listen = *
login_greeting = IMAP ready
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e 
session=<%{session}> %k

mail_attribute_dict = file:%h/mdbox/dovecot-attributes
mail_location = mdbox:~/mdbox:ALT=~/Archive/tape/mdbox
mail_plugins = acl stats mail_crypt
mailbox_list_index = yes
mdbox_rotate_size = 16 M
namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix =
   separator = .
}
passdb {
   driver = pam
}
plugin {
   acl = vfile
   mail_crypt_global_private_key = <### redacted ###
   mail_crypt_global_public_key = <### redacted ###
   mail_crypt_save_version = 2
   stats_memory_limit = 16 M
   stats_refresh = 30 secs
   stats_track_cmds = yes
}
postmaster_address = ### redacted ###
protocols = imap
service auth {
   unix_listener /var/spool/postfix/private/auth {
     group = postfix
     mode = 0660
     user = postfix
   }
}
service imap-login {
   process_limit = 200
   process_min_avail = 4
   service_count = 1
}
service stats {
   fifo_listener stats-mail {
     group = users
     mode = 01224
   }
}
ssl = required
ssl_cert = <### redacted ###

Upgrade to 2.3.1 has failed

2018-12-13 Thread C. Andrews Lavarre 
Problem:
We had Dovecot v2.2 working just fine under openSUSE Leap 42.3. But we
upgraded openSUSE to Leap 15.0.
In the process, Dovecot got upgraded from 2.2 to 2.3.1. It no longer
works and I haven't figured out how to downgrade to the older working
version.

The key issue seems to be the change to requiring dh.pem and changing s
sl_protocols to ssl_min_protocols. I think I've navigated both
correctly, but it still doesn't work.
The error is
 auth: Error: stats: open(old-stats-user) failed: Permission denied

as a consequence of which we get
imap-login: Error: Failed to initialize SSL server context: 
Can't
load SSL certificate: There is no valid PEM certificate.

We have followed the instructions at    https://wiki.dovecot.org/S
SL/DovecotConfiguration
1. We have created /etc/dovecot/dh.pem (yes it took five
hours) 

2. We have edited 10-ssl.conf as directed by the Wiki:
ssl = yes
ssl_cert =
/etc/certbot/live/privustech.com/fullchain.pem
ssl_key = 
/etc/certbot/live/privustech.com/privkey.pem
ssl_dh = /etc/dovecot/dh.pem
#(yes, it took five hours to create...)
ssl_min_protocol = TLSv1
ssl_cipher_list = 
ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
ssl_prefer_server_ciphers = no

3. We have checked 10-ssl.conf against the 2.3 default at

https://github.com/dovecot/core/blob/master/doc/example-config/conf.d/10-ssl.conf

4. We do NOT include the less than (<) symbol before the paths because 
then dovecot fails to load complaining it cannot find the files.

5. we have checked all the pem keys, certificates, and  dh
files with cat, they all exist and are in the expected hash format.

6. We have followed the instructions to set their permissions
root:root 0444 and 0400 accordingly.
7. We have rebooted the host.

Any help or clues would be most appreciated.

Kind regards, Andy

Re: Upgrade to 2.3.1 has failed

2018-12-13 Thread Aki Tuomi 


> On 14 December 2018 at 02:12 "C. Andrews Lavarre"  wrote:
> 
> 
> Problem:
> We had Dovecot v2.2 working just fine under openSUSE Leap 42.3. But we
> upgraded openSUSE to Leap 15.0.
> In the process, Dovecot got upgraded from 2.2 to 2.3.1. It no longer
> works and I haven't figured out how to downgrade to the older working
> version.
> 
> The key issue seems to be the change to requiring dh.pem and changing s
> sl_protocols to ssl_min_protocols. I think I've navigated both
> correctly, but it still doesn't work.
> The error is
>auth: Error: stats: open(old-stats-user) failed: Permission denied
> 
>   as a consequence of which we get
>   imap-login: Error: Failed to initialize SSL server context: 
> Can't
> load SSL certificate: There is no valid PEM certificate.
> 
> We have followed the instructions at  https://wiki.dovecot.org/S
> SL/DovecotConfiguration
>   1. We have created /etc/dovecot/dh.pem (yes it took five
> hours) 
> 
>   2. We have edited 10-ssl.conf as directed by the Wiki:
>   ssl = yes
>   ssl_cert =
> /etc/certbot/live/privustech.com/fullchain.pem
>   ssl_key = 
> /etc/certbot/live/privustech.com/privkey.pem
>   ssl_dh = /etc/dovecot
/dh.pem #(yes, it took five hours to create...)


Hi! You should use

ssl_cert =   ssl_min_protocol = TLSv1
>   ssl_cipher_list = 
> ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
>   ssl_prefer_server_ciphers = no
> 

You should set ssl_prefer_server_ciphers = yes. 

>   3. We have checked 10-ssl.conf against the 2.3 default at
>   
> https://github.com/dovecot/core/blob/master/doc/example-config/conf.d/10-ssl.conf
> 
>   4. We do NOT include the less than (<) symbol before the paths because 
> then dovecot fails to load complaining it cannot find the files.
> 

Yes, this is probably indication that you are missing the files or are 
chrooting dovecot in unsupported way. Not including the < symbol will not help 
with this.

>   5. we have checked all the pem keys, certificates, and  dh
> files with cat, they all exist and are in the expected hash format.
> 
>   6. We have followed the instructions to set their permissions
> root:root 0444 and 0400 accordingly.
>   7. We have rebooted the host.
>

This is correct.
 
> Any help or clues would be most appreciated.
> 
> Kind regards, Andy
>