Re: kqueue crash on FreeBSD with 2.2.25

[Edgar Pettijohn]

On 16-07-03 22:14:01, Edgar Pettijohn wrote:
> On 16-07-03 03:30:36, Timo Sirainen wrote:
> > On 02 Jul 2016, at 03:30, Adam Weinberger  wrote:
> > > 
> > >>> Jul  1 10:07:27 imap dovecot: master: Panic: kevent(EV_ADD, READ, 54) 
> > >>> failed: Bad file descriptor
> > >>> 
> > >>> It's not dumping core, and I get the message even with "protocols ="
> > >>> 
> > >>> Downgrading back to 2.2.24 fixes it. What info would be helpful for me 
> > >>> to provide here?
> > >> 
> > >> gdb backtrace: http://dovecot.org/bugreport.html#coredumps
> > >> 
> > > 
> > > Fuller logs attached. Thanks for your help, Timo.
> > > 
> > > #6  0x2815b23a in i_panic (format=0x281ccf7a "kevent(EV_ADD, READ, %d) 
> > > failed: %m") at failures.c:275
> > > #7  0x28185e10 in io_loop_handle_add (io=0x288843a0) at ioloop-kqueue.c:67
> > > #8  0x281815a8 in io_add_file (fd=56, condition=IO_READ, 
> > > source_linenum=244, callback=0x2818a7d0 , context=0x0) at 
> > > ioloop.c:59
> > > #9  0x281813a6 in io_add (fd=56, condition=IO_READ, source_linenum=244, 
> > > callback=0x2818a7d0 , context=0x0) at ioloop.c:81
> > > #10 0x2818a666 in lib_signals_set_handler (signo=1, flags=3, 
> > > handler=0x804e6c0 , context=0x0) at lib-signals.c:243
> > > #11 0x0804e129 in main_init (set=0x2881d098) at main.c:518
> > > #12 0x0804d562 in main (argc=3, argv=0xae08) at main.c:890
> > 
> > Weird. I haven't touched anything even close to that. Also kqueue works on 
> > my OSX. The only thing that comes to my mind is 
> > https://github.com/dovecot/core/commit/fde7b8a03bf91cfa5bb7ca3e84545386243fa0d2
> > 
> > Does it happen to work if you use the attached patch?
> > 
> 
> Still trying to learn git, but here is what happened when I tried applying 
> this diff.
> 
> Sun Jul 03 10:12:32 ~/dovecot/core $ git reset --hard 
> 3fea4d5988de365503df44a9b067e3b181cac65c 
> HEAD is now at 3fea4d5 master: Stopping didn't close dead-pipes early enough.
> Sun Jul 03 10:12:37 ~/dovecot/core $ git apply diff.patch 
>  
> error: patch failed: src/master/service-monitor.c:522
> error: src/master/service-monitor.c: patch does not apply
> error: patch failed: src/master/service-monitor.c:452
> error: src/master/service-monitor.c: patch does not apply
> error: patch failed: src/master/service-process.c:133
> error: src/master/service-process.c: patch does not apply
> error: patch failed: src/master/service.c:283
> error: src/master/service.c: patch does not apply
> error: patch failed: src/master/service.h:85
> error: src/master/service.h: patch does not apply
> 
> Same thing happened before the reset --hard.
> 
> -- 
> Edgar Pettijohn
It was a misconfiguration problem on my part causing the issues on OpenBSD.  
Probably the same for FreeBSD.  Had to make changes to /etc/login.conf 
to fix it.  However, the following diff keeps it from panicing and logs enough 
info to help figure out the problem.



-- 
Edgar Pettijohn
diff --git a/src/lib/ioloop-kqueue.c b/src/lib/ioloop-kqueue.c
index 881ce87..9c35202 100644
--- a/src/lib/ioloop-kqueue.c
+++ b/src/lib/ioloop-kqueue.c
@@ -63,12 +63,12 @@ void io_loop_handle_add(struct io_file *io)
 
if ((io->io.condition & (IO_READ | IO_ERROR)) != 0) {
MY_EV_SET(&ev, io->fd, EVFILT_READ, EV_ADD, 0, 0, io);
-   if (kevent(ctx->kq, &ev, 1, NULL, 0, NULL) < 0)
+   if (kevent(ctx->kq, &ev, 1, NULL, 0, NULL) == -1)
i_panic("kevent(EV_ADD, READ, %d) failed: %m", io->fd);
}
if ((io->io.condition & IO_WRITE) != 0) {
MY_EV_SET(&ev, io->fd, EVFILT_WRITE, EV_ADD, 0, 0, io);
-   if (kevent(ctx->kq, &ev, 1, NULL, 0, NULL) < 0)
+   if (kevent(ctx->kq, &ev, 1, NULL, 0, NULL) == -1)
i_panic("kevent(EV_ADD, WRITE, %d) failed: %m", io->fd);
}
 

is it possible to run a post-login script in a dovecot proxy with local auth?

[Luca Lesinigo]

We’re using dovecot v2.2.22, authenticating on a local database (passdb with 
sql driver), and then proxying the connections to the backend server returned 
by passdb (proxy=y and backend in “host” column). To support some legacy 
clients we should keep POP/IMAP-before-SMTP running for some time, but right 
know I don’t know how to hook up a successful authentication in the dovecot 
proxy.

I did read from http://wiki2.dovecot.org/PostLoginScripting:
“...it's not currently possible to run post-login scripts in proxies, 
because they're not actually logging in to the local Dovecot”
Does that also holds true even if the proxy is authenticating users locally 
before proxying them?

Failing that, any idea on how to get successful logins, other than parsing the 
log file?

thank you,
--
Luca Lesinigo

Feature Request

[Doug Hardie]

I would like to request an additional optional argument for queue-id to 
dovecot-lda.  The intended use for this argument is to include in the logging.  
From what I can tell, the queue-id size is not consistent between the various 
MTAs and so would need to be allocated dynamically when read during 
initialization.  

This element in the log messages would make it easier to find the trace of a 
received email.  Generally I can easily get the queue-id generated by postfix 
(or sendmail - I use both).  One grep would then give me the whole picture 
rather than having to dig out the message-id and doing a secondary grep to 
obtain the lda log messages.

— Doug

I find it interesting that every submission to this list results in a quick 
response that says moderation is required since I "am not a member". However, I 
am a member...

Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI config]

[Mark Foley]

Brendan - yes, go ahead and send that doc directly to my email address. I've 
got Maildir
folders going, but not nfs; and I'm curious about your load balance.

THX --Mark

-Original Message-
> Date: Mon, 04 Jul 2016 10:40:06 -0400
> From: Brendan Kearney 
> To: dovecot@dovecot.org
> Subject: Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI 
> config]
>
> On 07/04/2016 03:30 AM, Mark Foley wrote:
> > Actually, I see that you used host.domain.name further down. That's a good 
> > substitute for mail.hprs.local.
> >
> > Also, not to be a literary critic, but it might not hurt to show an example 
> > keytab beneath your
> > "Make sure your keytab has entry for ...". Just in case people don't 
> > exactly know how to "make sure:
> >
> > $ klist -Kek /etc/dovecot/dovecot.keytab
> > Keytab name: FILE:/etc/dovecot/dovecot.keytab
> > KVNO Principal
> >  
> > --
> > 1 imap/host.domain.name@MYREALM (des-cbc-crc)  (0x232616c2a4fd08f7)
> > 1 imap/host.domain.name@MYREALM (des-cbc-md5)  (0x232616c2a4fd08f7)
> > 1 imap/host.domain.name@MYREALM (arcfour-hmac)  
> > (0x9dae89a221dc374a39f560833
> >
> > --Mark
> >
> > -Original Message-
> > From: Mark Foley 
> > Date: Mon, 04 Jul 2016 03:23:30 -0400
> > Organization: Ohio Highway Patrol Retirement System
> > To: dovecot@dovecot.org
> > Subject: Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI 
> > config]
> >
> > On Mon, 4 Jul 2016 08:54:27 +0300 Aki Tuomi  wrote:
> >
> >>> http://wiki2.dovecot.org/Authentication/Kerberos
> >> It has been now updated.
> > Excellent! That was quick!
> >
> > Although, you used my actual local domain in your example: mail.hprs.local. 
> >  Not that I care,
> > no one can get to that, but it might be clearer to those of us who 
> > uncomprehendingly
> > monkey-type things from wiki's when we don't fully understand.  Perhaps 
> > something more generic
> > would be clearer: myhost.myrealm, or myhost.mydom.local, or myLocalFDQN -- 
> > something like that.
> > Not sure what is best; just don't want to imply that they HAVE TO use 
> > mail.hprs.local.
> >
> >> I had a look at the NTLM mechanism, it *should* support SSP and NTLMv2.
> >> I have to set up some kind of test environment to find out why it bugs.
> > I'm going to give my brain a rest for a bit before I resume tilting at the 
> > NTML windmill! I'll
> > check back with the list to see if you've come up with anything.
> >
> >> Aki
> > Again, thanks for all your help.
> >
> > --Mark
> >
> > -Original Message-
> >> Subject: Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI 
> >> config]
> >> To: dovecot@dovecot.org
> >> From: Aki Tuomi 
> >> Organization: Dovecot Oy
> >> Date: Mon, 4 Jul 2016 08:54:27 +0300
> >> On 04.07.2016 07:44, Mark Foley wrote:
> >>> After a over a year and a half struggling to get Dovecot to do either 
> >>> NTLM or GSSAPI
> >>> authentication with Samba4 AD/DC, I believe I've finally got it! Thanks 
> >>> to all those in this
> >>> list who helped: Jan Jurkus, Edgar Pettijohn, Gregory Sloop, Tom Talpey 
> >>> especially Aki Tuomi;
> >>> and infinite thanks to Achim Gottinger on the SambaList for his patience 
> >>> in working this
> >>> through with me.  Although my purpose was for Dovecot to authenticate 
> >>> mail clients, the
> >>> configuration settings needed were on the Samba side.  I hope a variation 
> >>> of these instructions
> >>> can eventually make it into:
> >>>
> >>> http://wiki2.dovecot.org/Authentication/Kerberos
> >>>
> >>>
> >> It has been now updated.
> >>
> >> I had a look at the NTLM mechanism, it *should* support SSP and NTLMv2.
> >> I have to set up some kind of test environment to find out why it bugs.
> >>
> >> Aki
> >>
> i have a document that i had written, recording each of the changes 
> needed to each of the files to be modified, in order to have dovecot 
> authenticate against kerberos and authorize against ldap.  in addition, 
> the use of nfs for maildir mailboxes and load balanced nuances are 
> covered.  the doc is in odt format (libre office writer), and i have 
> attempted to post it to this mailing list, but it was quarantined.
>
> if there is any interest in the doc, reach out to me.  i welcome input 
> and feedback on it.
>
> brendan
>

Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI config]

[Aki Tuomi]

On 04.07.2016 17:40, Brendan Kearney wrote:

On 07/04/2016 03:30 AM, Mark Foley wrote:
Actually, I see that you used host.domain.name further down. That's a 
good substitute for mail.hprs.local.


Also, not to be a literary critic, but it might not hurt to show an 
example keytab beneath your
"Make sure your keytab has entry for ...". Just in case people don't 
exactly know how to "make sure:


$ klist -Kek /etc/dovecot/dovecot.keytab
Keytab name: FILE:/etc/dovecot/dovecot.keytab
KVNO Principal
 
--

1 imap/host.domain.name@MYREALM (des-cbc-crc) (0x232616c2a4fd08f7)
1 imap/host.domain.name@MYREALM (des-cbc-md5) (0x232616c2a4fd08f7)
1 imap/host.domain.name@MYREALM (arcfour-hmac) 
(0x9dae89a221dc374a39f560833


--Mark

-Original Message-
From: Mark Foley 
Date: Mon, 04 Jul 2016 03:23:30 -0400
Organization: Ohio Highway Patrol Retirement System
To: dovecot@dovecot.org
Subject: Re: Configure Dovecot for GSSAPI [formerly: Looking for 
GSSAPI config]


On Mon, 4 Jul 2016 08:54:27 +0300 Aki Tuomi  
wrote:



http://wiki2.dovecot.org/Authentication/Kerberos

It has been now updated.

Excellent! That was quick!

Although, you used my actual local domain in your example: 
mail.hprs.local.  Not that I care,
no one can get to that, but it might be clearer to those of us who 
uncomprehendingly
monkey-type things from wiki's when we don't fully understand. 
Perhaps something more generic
would be clearer: myhost.myrealm, or myhost.mydom.local, or 
myLocalFDQN -- something like that.
Not sure what is best; just don't want to imply that they HAVE TO use 
mail.hprs.local.



I had a look at the NTLM mechanism, it *should* support SSP and NTLMv2.
I have to set up some kind of test environment to find out why it bugs.
I'm going to give my brain a rest for a bit before I resume tilting 
at the NTML windmill! I'll

check back with the list to see if you've come up with anything.


Aki

Again, thanks for all your help.

--Mark

-Original Message-
Subject: Re: Configure Dovecot for GSSAPI [formerly: Looking for 
GSSAPI config]

To: dovecot@dovecot.org
From: Aki Tuomi 
Organization: Dovecot Oy
Date: Mon, 4 Jul 2016 08:54:27 +0300
On 04.07.2016 07:44, Mark Foley wrote:
After a over a year and a half struggling to get Dovecot to do 
either NTLM or GSSAPI
authentication with Samba4 AD/DC, I believe I've finally got it! 
Thanks to all those in this
list who helped: Jan Jurkus, Edgar Pettijohn, Gregory Sloop, Tom 
Talpey especially Aki Tuomi;
and infinite thanks to Achim Gottinger on the SambaList for his 
patience in working this
through with me.  Although my purpose was for Dovecot to 
authenticate mail clients, the
configuration settings needed were on the Samba side.  I hope a 
variation of these instructions

can eventually make it into:

http://wiki2.dovecot.org/Authentication/Kerberos



It has been now updated.

I had a look at the NTLM mechanism, it *should* support SSP and NTLMv2.
I have to set up some kind of test environment to find out why it bugs.

Aki

i have a document that i had written, recording each of the changes 
needed to each of the files to be modified, in order to have dovecot 
authenticate against kerberos and authorize against ldap.  in 
addition, the use of nfs for maildir mailboxes and load balanced 
nuances are covered.  the doc is in odt format (libre office writer), 
and i have attempted to post it to this mailing list, but it was 
quarantined.


if there is any interest in the doc, reach out to me.  i welcome input 
and feedback on it.


brendan


I would very much like to have a copy, please.

Aki

Re: v2.2.25 released

[Dave]

On 04/07/2016 12:44, Aki Tuomi wrote:



On 04.07.2016 14:24, Juan C. Blanco wrote:



On 01/07/2016 18:51, Timo Sirainen wrote:

On 01 Jul 2016, at 19:09, Juan C. Blanco  wrote:


I Haven't had the time to check the sha1.h error with the new fixes
but I've just done so after de 2.2.25 release was out and I'm having
the same error:

gcc -DHAVE_CONFIG_H -I. -I. -I../.. -std=gnu99 -O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m64 -mtune=generic -Wall -W
-Wmissing-prototypes -Wmissing-declarations -Wpointer-arith
-Wchar-subscripts -Wformat=2 -Wbad-function-cast
-fno-builtin-strftime -Wstrict-aliasing=2 -I/usr/kerberos/include -c
guid.c  -fPIC -DPIC -o .libs/guid.o
In file included from guid.c:6:
sha1.h:80: error: static or type qualifiers in abstract declarator


I thought this was fixed in 2.2.25.. In config.h you should have only:

#define STATIC_ARRAY

(not #define STATIC_ARRAY static)


OK, my config.h contains:

/* C99 static array */
#define STATIC_ARRAY static

Regards.




Operating System: CentOS 5.11
GCC Version: gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-55)

We have four systems like this with dovecot 2.2.24 working fine. I
would like to know if this platform will not be compatible anymore
with dovecot and if we need to upgrade our systems prior to dovecot
version since, besides this, I have the problem related to the
openssl version for the lib-dcrypt library


I recommend upgrading. We're considering not supporting older OSes
anymore at all..





Hi!

This problem is hopefully now fixed by
https://github.com/dovecot/core/commit/d9c865ce774aae9f2f17b89e7e94c3cfca29dea7


Aki, I had a go mock building on CentOS5 and it appears that the test 
succeeds with this patch in place:


configure:21182: checking if we can use C99 static in array sizes
configure:21202: gcc -c -std=gnu99 -O2 -g -pipe -Wall 
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
--param=ssp-buffer-size=4 -fno-strict-aliasing -Wall -W 
-Wmissing-prototypes -Wmissing-declarations -Wpointer-arith 
-Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime 
-Wstrict-aliasing=2  conftest.c >&5

configure:21202: $? = 0
configure:21214: result: yes

(confirmed was built using unsigned char array)

In fact, after a cursory examination and some testing I suspect the 
CentOS5 gcc does nominally support static array sizes, and it's likely 
hitting a compiler bug on the build proper?


All I can suggest is a manual configure flag toggle of the test, or that 
this bug is better placed against Redhat? I haven't been able to narrow 
down a reproducer on triggering the error message other than during build.


--
Dave

Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI config]

[Brendan Kearney]

On 07/04/2016 03:30 AM, Mark Foley wrote:

Actually, I see that you used host.domain.name further down. That's a good 
substitute for mail.hprs.local.

Also, not to be a literary critic, but it might not hurt to show an example 
keytab beneath your
"Make sure your keytab has entry for ...". Just in case people don't exactly know 
how to "make sure:

$ klist -Kek /etc/dovecot/dovecot.keytab
Keytab name: FILE:/etc/dovecot/dovecot.keytab
KVNO Principal
 --
1 imap/host.domain.name@MYREALM (des-cbc-crc)  (0x232616c2a4fd08f7)
1 imap/host.domain.name@MYREALM (des-cbc-md5)  (0x232616c2a4fd08f7)
1 imap/host.domain.name@MYREALM (arcfour-hmac)  (0x9dae89a221dc374a39f560833

--Mark

-Original Message-
From: Mark Foley 
Date: Mon, 04 Jul 2016 03:23:30 -0400
Organization: Ohio Highway Patrol Retirement System
To: dovecot@dovecot.org
Subject: Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI config]

On Mon, 4 Jul 2016 08:54:27 +0300 Aki Tuomi  wrote:


http://wiki2.dovecot.org/Authentication/Kerberos

It has been now updated.

Excellent! That was quick!

Although, you used my actual local domain in your example: mail.hprs.local.  
Not that I care,
no one can get to that, but it might be clearer to those of us who 
uncomprehendingly
monkey-type things from wiki's when we don't fully understand.  Perhaps 
something more generic
would be clearer: myhost.myrealm, or myhost.mydom.local, or myLocalFDQN -- 
something like that.
Not sure what is best; just don't want to imply that they HAVE TO use 
mail.hprs.local.


I had a look at the NTLM mechanism, it *should* support SSP and NTLMv2.
I have to set up some kind of test environment to find out why it bugs.

I'm going to give my brain a rest for a bit before I resume tilting at the NTML 
windmill! I'll
check back with the list to see if you've come up with anything.


Aki

Again, thanks for all your help.

--Mark

-Original Message-

Subject: Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI config]
To: dovecot@dovecot.org
From: Aki Tuomi 
Organization: Dovecot Oy
Date: Mon, 4 Jul 2016 08:54:27 +0300
On 04.07.2016 07:44, Mark Foley wrote:

After a over a year and a half struggling to get Dovecot to do either NTLM or 
GSSAPI
authentication with Samba4 AD/DC, I believe I've finally got it! Thanks to all 
those in this
list who helped: Jan Jurkus, Edgar Pettijohn, Gregory Sloop, Tom Talpey 
especially Aki Tuomi;
and infinite thanks to Achim Gottinger on the SambaList for his patience in 
working this
through with me.  Although my purpose was for Dovecot to authenticate mail 
clients, the
configuration settings needed were on the Samba side.  I hope a variation of 
these instructions
can eventually make it into:

http://wiki2.dovecot.org/Authentication/Kerberos



It has been now updated.

I had a look at the NTLM mechanism, it *should* support SSP and NTLMv2.
I have to set up some kind of test environment to find out why it bugs.

Aki

i have a document that i had written, recording each of the changes 
needed to each of the files to be modified, in order to have dovecot 
authenticate against kerberos and authorize against ldap.  in addition, 
the use of nfs for maildir mailboxes and load balanced nuances are 
covered.  the doc is in odt format (libre office writer), and i have 
attempted to post it to this mailing list, but it was quarantined.


if there is any interest in the doc, reach out to me.  i welcome input 
and feedback on it.


brendan

Re: v2.2.25 released

[Aki Tuomi]

On 04.07.2016 14:24, Juan C. Blanco wrote:
>
>
> On 01/07/2016 18:51, Timo Sirainen wrote:
>> On 01 Jul 2016, at 19:09, Juan C. Blanco  wrote:
>>>
>>> I Haven't had the time to check the sha1.h error with the new fixes
>>> but I've just done so after de 2.2.25 release was out and I'm having
>>> the same error:
>>>
>>> gcc -DHAVE_CONFIG_H -I. -I. -I../.. -std=gnu99 -O2 -g -pipe -Wall
>>> -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
>>> --param=ssp-buffer-size=4 -m64 -mtune=generic -Wall -W
>>> -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith
>>> -Wchar-subscripts -Wformat=2 -Wbad-function-cast
>>> -fno-builtin-strftime -Wstrict-aliasing=2 -I/usr/kerberos/include -c
>>> guid.c  -fPIC -DPIC -o .libs/guid.o
>>> In file included from guid.c:6:
>>> sha1.h:80: error: static or type qualifiers in abstract declarator
>>
>> I thought this was fixed in 2.2.25.. In config.h you should have only:
>>
>> #define STATIC_ARRAY
>>
>> (not #define STATIC_ARRAY static)
>
> OK, my config.h contains:
>
> /* C99 static array */
> #define STATIC_ARRAY static
>
> Regards.
>
>>
>>> Operating System: CentOS 5.11
>>> GCC Version: gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-55)
>>>
>>> We have four systems like this with dovecot 2.2.24 working fine. I
>>> would like to know if this platform will not be compatible anymore
>>> with dovecot and if we need to upgrade our systems prior to dovecot
>>> version since, besides this, I have the problem related to the
>>> openssl version for the lib-dcrypt library
>>
>> I recommend upgrading. We're considering not supporting older OSes
>> anymore at all..
>>
>

Hi!

This problem is hopefully now fixed by
https://github.com/dovecot/core/commit/d9c865ce774aae9f2f17b89e7e94c3cfca29dea7

Aki

Re: v2.2.25 released

[Juan C. Blanco]

On 01/07/2016 18:51, Timo Sirainen wrote:

On 01 Jul 2016, at 19:09, Juan C. Blanco  wrote:


I Haven't had the time to check the sha1.h error with the new fixes but I've 
just done so after de 2.2.25 release was out and I'm having the same error:

gcc -DHAVE_CONFIG_H -I. -I. -I../.. -std=gnu99 -O2 -g -pipe -Wall 
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
--param=ssp-buffer-size=4 -m64 -mtune=generic -Wall -W -Wmissing-prototypes 
-Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 
-Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 
-I/usr/kerberos/include -c guid.c  -fPIC -DPIC -o .libs/guid.o
In file included from guid.c:6:
sha1.h:80: error: static or type qualifiers in abstract declarator


I thought this was fixed in 2.2.25.. In config.h you should have only:

#define STATIC_ARRAY

(not #define STATIC_ARRAY static)


OK, my config.h contains:

/* C99 static array */
#define STATIC_ARRAY static

Regards.




Operating System: CentOS 5.11
GCC Version: gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-55)

We have four systems like this with dovecot 2.2.24 working fine. I would like 
to know if this platform will not be compatible anymore with dovecot and if we 
need to upgrade our systems prior to dovecot version since, besides this, I 
have the problem related to the openssl version for the lib-dcrypt library


I recommend upgrading. We're considering not supporting older OSes anymore at 
all..



--
+---+
| Juan C. Blanco|
|   |
|  Centro de Calculo |  |
|  E.T.S. Ingenieros Informáticos|  E-mail: jcbla...@fi.upm.es  |
|  Universidad Politécnica de Madrid |  |
|  Campus de Montegancedo|  |
|  Boadilla del Monte|  Tel.:(+34) 91 336 7466  |
|  28660 MADRID (Spain)  |  Fax :(+34) 91 336 6913  |
+---+

Re: Dovecot 2.2.25 compiling error

[Aki Tuomi]

On 02.07.2016 20:03, aki.tu...@dovecot.fi wrote:
>> On July 2, 2016 at 7:58 PM aki.tu...@dovecot.fi wrote:
>>
>>
>>
>>> On July 2, 2016 at 6:56 PM Mart Pirita  wrote:
>>>
>>>
>>> Hello.
>>>
>>> I cant build 2.2.25, but I can build fine version 2.2.24 with same options:
>>>
>>> RedHat based customized distro, 2.6.28.10 kernel
>>>
>>> Build options:
>>>

Hi!

This has been now fixed in master-2.2 with

https://github.com/dovecot/core/commit/20e802d6bbf4ddad3a2140a2f7812d01de0ec2ef
https://github.com/dovecot/core/commit/d9c865ce774aae9f2f17b89e7e94c3cfca29dea7

Our testings indicate that you can compile 2.2.25.1 on CentOS5 with
these applied.

---
Aki Tuomi
Dovecot oy

Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI config]

[Mark Foley]

Actually, I see that you used host.domain.name further down. That's a good 
substitute for mail.hprs.local.

Also, not to be a literary critic, but it might not hurt to show an example 
keytab beneath your
"Make sure your keytab has entry for ...". Just in case people don't exactly 
know how to "make sure:

$ klist -Kek /etc/dovecot/dovecot.keytab
Keytab name: FILE:/etc/dovecot/dovecot.keytab
KVNO Principal
 --
   1 imap/host.domain.name@MYREALM (des-cbc-crc)  (0x232616c2a4fd08f7)
   1 imap/host.domain.name@MYREALM (des-cbc-md5)  (0x232616c2a4fd08f7)
   1 imap/host.domain.name@MYREALM (arcfour-hmac)  (0x9dae89a221dc374a39f560833

--Mark

-Original Message-
From: Mark Foley 
Date: Mon, 04 Jul 2016 03:23:30 -0400
Organization: Ohio Highway Patrol Retirement System
To: dovecot@dovecot.org
Subject: Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI config]

On Mon, 4 Jul 2016 08:54:27 +0300 Aki Tuomi  wrote:

> > http://wiki2.dovecot.org/Authentication/Kerberos
>
> It has been now updated.

Excellent! That was quick!

Although, you used my actual local domain in your example: mail.hprs.local.  
Not that I care,
no one can get to that, but it might be clearer to those of us who 
uncomprehendingly
monkey-type things from wiki's when we don't fully understand.  Perhaps 
something more generic
would be clearer: myhost.myrealm, or myhost.mydom.local, or myLocalFDQN -- 
something like that.
Not sure what is best; just don't want to imply that they HAVE TO use 
mail.hprs.local.

> I had a look at the NTLM mechanism, it *should* support SSP and NTLMv2.
> I have to set up some kind of test environment to find out why it bugs.

I'm going to give my brain a rest for a bit before I resume tilting at the NTML 
windmill! I'll
check back with the list to see if you've come up with anything.

> Aki

Again, thanks for all your help.

--Mark

-Original Message-
> Subject: Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI 
> config]
> To: dovecot@dovecot.org
> From: Aki Tuomi 
> Organization: Dovecot Oy
> Date: Mon, 4 Jul 2016 08:54:27 +0300

>
> On 04.07.2016 07:44, Mark Foley wrote:
> > After a over a year and a half struggling to get Dovecot to do either NTLM 
> > or GSSAPI
> > authentication with Samba4 AD/DC, I believe I've finally got it! Thanks to 
> > all those in this
> > list who helped: Jan Jurkus, Edgar Pettijohn, Gregory Sloop, Tom Talpey 
> > especially Aki Tuomi;
> > and infinite thanks to Achim Gottinger on the SambaList for his patience in 
> > working this
> > through with me.  Although my purpose was for Dovecot to authenticate mail 
> > clients, the
> > configuration settings needed were on the Samba side.  I hope a variation 
> > of these instructions
> > can eventually make it into:
> >
> > http://wiki2.dovecot.org/Authentication/Kerberos
> >
> >
>
> It has been now updated.
>
> I had a look at the NTLM mechanism, it *should* support SSP and NTLMv2.
> I have to set up some kind of test environment to find out why it bugs.
>
> Aki
>

Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI config]

[Mark Foley]

On Mon, 4 Jul 2016 08:54:27 +0300 Aki Tuomi  wrote:

> > http://wiki2.dovecot.org/Authentication/Kerberos
>
> It has been now updated.

Excellent! That was quick!

Although, you used my actual local domain in your example: mail.hprs.local.  
Not that I care,
no one can get to that, but it might be clearer to those of us who 
uncomprehendingly
monkey-type things from wiki's when we don't fully understand.  Perhaps 
something more generic
would be clearer: myhost.myrealm, or myhost.mydom.local, or myLocalFDQN -- 
something like that.
Not sure what is best; just don't want to imply that they HAVE TO use 
mail.hprs.local.

> I had a look at the NTLM mechanism, it *should* support SSP and NTLMv2.
> I have to set up some kind of test environment to find out why it bugs.

I'm going to give my brain a rest for a bit before I resume tilting at the NTML 
windmill! I'll
check back with the list to see if you've come up with anything.

> Aki

Again, thanks for all your help.

--Mark

-Original Message-
> Subject: Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI 
> config]
> To: dovecot@dovecot.org
> From: Aki Tuomi 
> Organization: Dovecot Oy
> Date: Mon, 4 Jul 2016 08:54:27 +0300

>
> On 04.07.2016 07:44, Mark Foley wrote:
> > After a over a year and a half struggling to get Dovecot to do either NTLM 
> > or GSSAPI
> > authentication with Samba4 AD/DC, I believe I've finally got it! Thanks to 
> > all those in this
> > list who helped: Jan Jurkus, Edgar Pettijohn, Gregory Sloop, Tom Talpey 
> > especially Aki Tuomi;
> > and infinite thanks to Achim Gottinger on the SambaList for his patience in 
> > working this
> > through with me.  Although my purpose was for Dovecot to authenticate mail 
> > clients, the
> > configuration settings needed were on the Samba side.  I hope a variation 
> > of these instructions
> > can eventually make it into:
> >
> > http://wiki2.dovecot.org/Authentication/Kerberos
> >
> >
>
> It has been now updated.
>
> I had a look at the NTLM mechanism, it *should* support SSP and NTLMv2.
> I have to set up some kind of test environment to find out why it bugs.
>
> Aki
>