Re: Renewing certificates

2017-12-26 Thread Aki Tuomi 

> On December 26, 2017 at 11:42 PM Kenneth Porter  wrote:
> 
> 
> I'm setting up certbot/letsencrypt to provide a certificate for dovecot and 
> sendmail. Is it necessary to restart dovecot to load the new certificate, 
> as shown in most examples I find in blogs? That seems rude to established 
> connections. When does dovecot read the cert and key files? Once at startup 
> or each time a connection requests SSL? Is there a preferred locking 
> protocol when changing the two files to keep dovecot from reading one while 
> the other is being replaced and getting a mismatched pair?

doveadm reload should be enough.

Aki

Renewing certificates

2017-12-26 Thread Kenneth Porter 
I'm setting up certbot/letsencrypt to provide a certificate for dovecot and 
sendmail. Is it necessary to restart dovecot to load the new certificate, 
as shown in most examples I find in blogs? That seems rude to established 
connections. When does dovecot read the cert and key files? Once at startup 
or each time a connection requests SSL? Is there a preferred locking 
protocol when changing the two files to keep dovecot from reading one while 
the other is being replaced and getting a mismatched pair?

zlib plugin aborts without zlib_save

2017-12-26 Thread Adam Weinberger 
This is in follow-up to  
https://dovecot.org/pipermail/dovecot/2017-December/110443.html


I had mail_plugins = "zlib", but zlib_save wasn't set (my mailboxes were  
not compressed).


It seems that when the zlib plugin is enabled, but zlib_save isn't set, the  
zlib plugin aborts on a regular basis---on a single-user system, I was  
seeing it about 150 times a day.


Panic: file ostream-zlib.c: line 36 (o_stream_zlib_close): assertion  
failed: (zstream->ostream.finished || zstream->ostream.ostream.stream_errno  
!= 0)
Fatal: master: service(imap): child 80128 killed with signal 6 (core not  
dumped - set service imap { drop_priv_before_exec=yes })


Removing the (unused) zlib plugin made the errors disappear, at least.

# Adam


--
Adam Weinberger
ad...@adamw.org
http://www.adamw.org