Re: Duplicate mails on pop3 expunge with dsync replication on 2.2.35 (2.2.33.2 works)

2018-09-18 Thread Jan Münnich 

Hi,

Has anyone any idea how to solve or further debug this issue? It seems 
indeed that it was introduced in 2.2.34 and is still there in 2.3.2.1. I 
found a couple of posts for this on the mailing list and elsewhere, but 
no solution:


When a message is retrieved and immediately expunged, it gets replicated 
back from the other dsync node. This usually happens with POP3 but with 
IMAP as well, when the MUA fetches the mail and the user opens and reads 
it immediately within seconds. It does not seem to happen when the 
message is retrieved and only expunged a while after, which is mostly 
the case with IMAP.


The bug occurs and is reproducible when the message is delivered to node 
A and then fetched by the client from node B. If the message is 
delivered to and fetched from the same node, the message does not get 
duplicated.


I'm attaching the debug logs from both nodes for a full example 
transaction. The message is delivered via lmtp to node A with UID 
175261, fetched and deleted on node B and then appears again with the 
new UID 175262.


Thanks,
Jan


Node A:

2018-09-18 23:03:17 
lmtp(u...@example.org)<6916>: Debug: Loading 
modules from directory: /usr/lib/dovecot/modules
2018-09-18 23:03:17 
lmtp(u...@example.org)<6916>: Debug: Module 
loaded: /usr/lib/dovecot/modules/lib01_acl_plugin.so
2018-09-18 23:03:17 
lmtp(u...@example.org)<6916>: Debug: Module 
loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so
2018-09-18 23:03:17 
lmtp(u...@example.org)<6916>: Debug: Module 
loaded: /usr/lib/dovecot/modules/lib15_notify_plugin.so
2018-09-18 23:03:17 
lmtp(u...@example.org)<6916>: Debug: Module 
loaded: /usr/lib/dovecot/modules/lib20_fts_plugin.so
2018-09-18 23:03:17 
lmtp(u...@example.org)<6916>: Debug: Module 
loaded: /usr/lib/dovecot/modules/lib20_replication_plugin.so
2018-09-18 23:03:17 
lmtp(u...@example.org)<6916>: Debug: Module 
loaded: /usr/lib/dovecot/modules/lib21_fts_solr_plugin.so
2018-09-18 23:03:17 
lmtp(u...@example.org)<6916>: Debug: Module 
loaded: /usr/lib/dovecot/modules/lib90_sieve_plugin.so
2018-09-18 23:03:17 
lmtp(u...@example.org)<6916>: Debug: auth USER 
input: u...@example.org home=/var/vmail/user/u...@example.org/ uid=2000 
gid=2000 quota_rule=*:bytes=10737418240
2018-09-18 23:03:17 
lmtp(u...@example.org)<6916>: Debug: Added 
userdb setting: plugin/quota_rule=*:bytes=10737418240
2018-09-18 23:03:17 lmtp(6916, u...@example.org): Debug: Effective 
uid=2000, gid=2000, home=/var/vmail/user/u...@example.org/
2018-09-18 23:03:17 lmtp(6916, u...@example.org): Debug: Quota root: 
name=User quota backend=count args=
2018-09-18 23:03:17 lmtp(6916, u...@example.org): Debug: Quota rule: 
root=User quota mailbox=* bytes=10737418240 messages=0
2018-09-18 23:03:17 lmtp(6916, u...@example.org): Debug: Quota rule: 
root=User quota mailbox=Trash bytes=+1073741824 messages=0
2018-09-18 23:03:17 lmtp(6916, u...@example.org): Debug: Quota warning: 
bytes=10630044057 (99%) messages=0 reverse=no command=quota-warning 100 
u...@example.org
2018-09-18 23:03:17 lmtp(6916, u...@example.org): Debug: Quota warning: 
bytes=10200547328 (95%) messages=0 reverse=no command=quota-warning 95 
u...@example.org
2018-09-18 23:03:17 lmtp(6916, u...@example.org): Debug: Quota warning: 
bytes=9663676416 (90%) messages=0 reverse=no command=quota-warning 90 
u...@example.org
2018-09-18 23:03:17 lmtp(6916, u...@example.org): Debug: Quota warning: 
bytes=8589934592 (80%) messages=0 reverse=no command=quota-warning 80 
u...@example.org
2018-09-18 23:03:17 lmtp(6916, u...@example.org): Debug: Quota grace: 
root=User quota bytes=1073741824 (10%)
2018-09-18 23:03:17 lmtp(6916, u...@example.org): Debug: Namespace 
inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, 
subscriptions=yes location=mdbox:~/mdbox
2018-09-18 23:03:17 lmtp(6916, u...@example.org): Debug: fs: 
root=/var/vmail/user/u...@example.org//mdbox, index=, indexpvt=, 
control=, inbox=, alt=
2018-09-18 23:03:17 lmtp(6916, u...@example.org): Debug: acl: 
initializing backend with data: vfile
2018-09-18 23:03:17 lmtp(6916, u...@example.org): Debug: acl: acl 
username = u...@example.org

2018-09-18 23:03:17 lmtp(6916, u...@example.org): Debug: acl: owner = 1
2018-09-18 23:03:17 lmtp(6916, u...@example.org): Debug: acl vfile: 
Global ACLs disabled
2018-09-18 23:03:17 lmtp(6916, u...@example.org): Debug: Namespace : 
type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no, 
list=children, subscriptions=no location=mdbox:%h:INDEX=~/shared/%u
2018-09-18 23:03:17 lmtp(6916, u...@example.org): Debug: shared: 
root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt=
2018-09-18 23:03:17 lmtp(6916, u...@example.org): Debug: fts: Indexes 
disabled for namespace 'shared/%u/'
2018-09-18 23:03:17 lmtp(6916, u...@example.org): Debug: acl: 
initializing backend with data: vfile
2018-09-18 23:03:17 lmtp(6916, u...@example.org): Debug: acl: acl 
username = u...@example.org

2018-09-18 23:03:17 lmtp(6916, u...@example.org): Debug: acl: owner = 0

Problem getting quota-warning script to function.

2018-09-18 Thread Ted 
Hello,

I'm trying to implement quota enforcement in our mailservers, and it is
all working properly except that the quota warnings are not firing when
the quota levels are passed.  the server stops accepting email when the
quota is reached, and you can see tyhe quota usage through the email
client connected through, but as the quota passes the set levels the
/usr/local/bin/quota-warning.sh script is not called.  I checked from
the appropriate user and the script executes from the command line with
no problem, but dovecot does not invoke it when the quota levels are
crossed.  The relevant configs are below, any ideas about what the
problem may be or how I should approach this?

/etc/dovecot/dovecot.conf

## Dovecot configuration file


# Protocols we want to be serving.
protocols = imap pop3 lmtp sieve

mailbox_list_index = yes
# Avoid spending excessive time waiting for the quota calculation to
finish when
# mails' vsizes aren't already cached. If this many mails are opened,
finish the
# quota calculation on background in indexer-worker process. Mail
deliveries will
# be assumed to succeed, and explicit quota lookups will return internal
error.
# (v2.2.28+)
# mail_vsize_bg_after_count = 100

plugin {
    quota_grace = 10%%
    # 10% is the default
#    quota_status_success = DUNNO
#    quota_status_nouser = DUNNO
    quota_status_overquota = "552 5.2.2 Mailbox is full"
    quota_vsizes = yes
}

service quota-status {
    executable = quota-status -p postfix
    inet_listener {
    port = 10070
    # You can choose any port you want
    }
    client_limit = 1
}

mail_plugins = $mail_plugins quota mail_log notify

protocol imap {
  # Space separated list of plugins to load (default is global
mail_plugins).
  mail_plugins = $mail_plugins imap_quota
}


# Greeting message for clients.
login_greeting = Welcome to easyMail.


# Show more verbose process titles (in ps). Currently shows user name and
# IP address. Useful for seeing who are actually using the IMAP processes
# (eg. shared mailboxes or if same uid is used for multiple accounts).
verbose_proctitle = yes

# Should all processes be killed when Dovecot master process shuts down.
# Setting this to "no" means that Dovecot can be upgraded without
# forcing existing client connections to close (although that could also be
# a problem if the upgrade is e.g. because of a security fix).
shutdown_clients = yes

# A config file can also tried to be included without giving an error if
# it's not found:
!include_try local.conf

service auth {
  unix_listener auth-master {
    mode = 0600
    user = vmail
  }
}


/etc/dovecot/dovecot-sql.conf.ext

# Database driver: mysql, pgsql, sqlite
driver = mysql

connect = host=redacted dbname=redacted user=redacted
password=reallyredacted

# Default password scheme.
#
# List of supported schemes is in
# http://wiki2.dovecot.org/Authentication/PasswordSchemes
#
default_pass_scheme = CRYPT

password_query = select email as user, crypt_password as password,
CONCAT('/',volume,'/',SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1))
AS home, 5000 AS uid, 5000 AS gid, concat('*:storage=', volume_limit
,'G') AS quota_rule from easymail_users where email = '%u' and banned =
'0' and active = '1'

user_query = SELECT
CONCAT('maildir:/',volume,'/',SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/Maildir')
AS mail,
CONCAT('/',volume,'/',SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1))
AS home, 5000 AS uid, 5000 AS gid, concat('*:storage=', volume_limit
,'G') AS quota_rule from easymail_users where email = '%u' and banned =
'0' and active = '1'


/etc/dovecot/conf.d/90-quota.conf

##
## Quota configuration.
##

##
## Quota warnings
##

# You can execute a given command when user exceeds a specified quota limit.
# Each quota root has separate limits. Only the command for the first
# exceeded limit is excecuted, so put the highest limit first.
# The commands are executed via script service by connecting to the named
# UNIX socket (quota-warning below).
# Note that % needs to be escaped as %%, otherwise "% " expands to empty.

plugin {
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=90%% quota-warning 90 %u
  quota_warning3 = storage=80%% quota-warning 80 %u
}

# Example quota-warning service. The unix listener's permissions should be
# set in a way that mail processes can connect to it. Below example assumes
# that mail processes run as vmail user. If you use mode=0666, all
system users
# can generate quota warnings to anyone.
service quota-warning {
  executable = script /usr/local/bin/quota-warning.sh
  user = dovecot
  unix_listener quota-warning {
    user = dovecot
    mode = 0666
  }
}

##
## Quota backends
##

# Multiple backends are supported:
#   dirsize: Find and sum all the files found from mail directory.
#    Extremely SLOW with Maildir. It'll eat your CPU and disk I/O.
#   dict: Keep quota stored in dictionary (eg. SQL)
#   maildir:

Possible architecture ?

2018-09-18 Thread Alexandre Ellert 
 Hi,

I'd like to achieve the following setup whit dovecot using multiple servers
:
- one server dedicated to all client IMAP (TLS) connections (i
map.mymaindomain.com, see below )
- each backend server has it's own local storage. no replication
- each backend server responsible of a few domains
- each backend server has it's own Mysql local database for user's
passwords.

   ===> Server 1 :
domains A, B and C

> i map.mymaindomain.com  ===> Server 2 :
domains D, E and F
 (143 TLS / 993 SSL)
===> Server 3 :
domains G, H

For example, if a user connects from domain E to i 
map.mymaindomain.com, will Dovecot be able to use password database hosted
on Server 2 ?

Thank you !

Alex

Re: dovecot (2.2.13) panic on imap-login from iphone se

2018-09-18 Thread Aki Tuomi 
You could try checking with gdb what the values are that are passed in the 
failing assert, maybe it provides clues. 
---Aki TuomiDovecot oy
 Original message From: "Andre Hoepner - i.based: Systemhaus 
GmbH + Co. KG"  Date: 18/09/2018  19:57  (GMT+02:00) To: 
dovecot@dovecot.org Subject: Re: dovecot (2.2.13) panic on imap-login from 
iphone se 
here is our config: (doveconf -n)

# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.6.11-gentoo x86_64 Gentoo Base System release 2.2
auth_cache_size = 10 M
auth_mechanisms = plain login
default_client_limit = 1024
default_process_limit = 256
hostname = HOSTNAME
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
info_log_path = /var/log/dovecot.log
listen = *
mail_location = maildir:~/Maildir
mail_plugins = quota acl zlib
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave duplicate
namespace {
  list = yes
  location =
maildir:/home/shared/Maildir:CONTROL=~/Maildir/control/shared:INDEX=~/Maildir/index/shared
  prefix = Shared
  separator = /
  subscriptions = no
  type = public
}
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
  separator = /
  type = private
}
passdb {
  args = *
  driver = pam
}
passdb {
  driver = passwd
}
passdb {
  driver = shadow
}
plugin {
  acl = vfile
  autocreate = Trash
  autocreate2 = Junk
  autocreate3 = Sent
  autocreate4 = Drafts
  quota = maildir:User quota
  quota_rule = *:storage=3800M
  quota_rule2 = Trash:storage=+500M
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=85%% quota-warning 85 %u
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
}
postmaster_address = ADMIN-EMAIL
protocols = imap lmtp sieve
service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
  }
}
service imap-login {
  inet_listener imaps {
    ssl = yes
  }
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
}
service quota-warning {
  executable = script /usr/bin/dovecot-quota-warning.sh
  user = dovecot
}
ssl_ca =  Please keep replies on list. Can you provide doveconf -n and output of
> doveadm user victim ?
> 
> ---
> Aki Tuomi
> Dovecot oy
> 
>  Original message 
> From: "Andre Hoepner - i.based: Systemhaus GmbH + Co. KG"
> 
> Date: 18/09/2018 19:13 (GMT+02:00)
> To: Aki Tuomi 
> Subject: Re: dovecot (2.2.13) panic on imap-login from iphone se
> 
> 
> Sorry. I think upgrade is not possible because it is a very outdated
> gentoo installation and im not abe to compile without compiling the
> whole source stack of glibc and all other dependencies.
> 
> It is planned to replace the server in the next 8 weeks with a new
> system, but this 8 weeks the server must do the work.
> 
> Andre
> 
> 
> Am 18.09.2018 um 17:09 schrieb Aki Tuomi:
>> Can you upgrade to 2.2.36 or 2.3.2.1 and reproduce this issue? 2.2.13 is
>> quite old.
>>
>>
>>
>> ---
>> Aki Tuomi
>> Dovecot oy
>>
>>  Original message 
>> From: "Andre Hoepner - i.based: Systemhaus GmbH + Co. KG"
>> 
>> Date: 18/09/2018 16:17 (GMT+02:00)
>> To: dovecot@dovecot.org
>> Subject: dovecot (2.2.13) panic on imap-login from iphone se
>>
>>
>> Hi to all,
>>
>> we have trouble with one user account, when using imap-login with iphone
>> se. The user can login and use the account from webmail (roundcube) and
>> from thunderbird without any errors and without any restrictions.
>>
>> But if we use the account on an iphone se and try to use imap based
>> emails, there comes the following error (look at the end of the mail).
>> I have no idea, what for an error it is. Same account on an iphone 5
>> works without any trouble.
>>
>> We have delete the homedir of the user and also recreated the user with
>> new uid and new password. Webmail and thunderbird are fine, but if we
>> use the iphone se we got this error.
>>
>> Are there any known issues with this combination?
>> Thanks for your help.
>>
>> best regardings
>> Andre Hoepner
>>
>> ---8<
>> # HOST = hostname of the system; USER = username that gets this error
>>
>> Sep 18 12:46:02 HOST dovecot: imap(USER): Panic: file mailbox-list.c:
>> line 1125
>> (mailbox_list_try_mkdir_root): assertion failed: (strncmp(root_dir,
>> path, strlen(root_dir)) == 0)
>>
>> Sep 18 12:46:02 HOST dovecot: imap(USER): Error: Raw backtrace:
>> /usr/lib64/dovecot/libdovecot.so.0(+0x6552e) [0x7f4333e0452e]
>> -> /usr/lib64/dovecot/libdovecot.so.0(+0x65596) [0x7f4333e04596]
>> -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7f4333dc423e]
>> ->
>>
>

Re: dovecot (2.2.13) panic on imap-login from iphone se

2018-09-18 Thread Andre Hoepner - i.based: Systemhaus GmbH + Co. KG 
here is our config: (doveconf -n)

# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.6.11-gentoo x86_64 Gentoo Base System release 2.2
auth_cache_size = 10 M
auth_mechanisms = plain login
default_client_limit = 1024
default_process_limit = 256
hostname = HOSTNAME
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
info_log_path = /var/log/dovecot.log
listen = *
mail_location = maildir:~/Maildir
mail_plugins = quota acl zlib
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave duplicate
namespace {
  list = yes
  location =
maildir:/home/shared/Maildir:CONTROL=~/Maildir/control/shared:INDEX=~/Maildir/index/shared
  prefix = Shared
  separator = /
  subscriptions = no
  type = public
}
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
  separator = /
  type = private
}
passdb {
  args = *
  driver = pam
}
passdb {
  driver = passwd
}
passdb {
  driver = shadow
}
plugin {
  acl = vfile
  autocreate = Trash
  autocreate2 = Junk
  autocreate3 = Sent
  autocreate4 = Drafts
  quota = maildir:User quota
  quota_rule = *:storage=3800M
  quota_rule2 = Trash:storage=+500M
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=85%% quota-warning 85 %u
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
}
postmaster_address = ADMIN-EMAIL
protocols = imap lmtp sieve
service auth {
  unix_listener /var/spool/postfix/private/auth {
mode = 0666
  }
}
service imap-login {
  inet_listener imaps {
ssl = yes
  }
}
service managesieve-login {
  inet_listener sieve {
port = 4190
  }
}
service quota-warning {
  executable = script /usr/bin/dovecot-quota-warning.sh
  user = dovecot
}
ssl_ca =  Please keep replies on list. Can you provide doveconf -n and output of
> doveadm user victim ?
> 
> ---
> Aki Tuomi
> Dovecot oy
> 
>  Original message 
> From: "Andre Hoepner - i.based: Systemhaus GmbH + Co. KG"
> 
> Date: 18/09/2018 19:13 (GMT+02:00)
> To: Aki Tuomi 
> Subject: Re: dovecot (2.2.13) panic on imap-login from iphone se
> 
> 
> Sorry. I think upgrade is not possible because it is a very outdated
> gentoo installation and im not abe to compile without compiling the
> whole source stack of glibc and all other dependencies.
> 
> It is planned to replace the server in the next 8 weeks with a new
> system, but this 8 weeks the server must do the work.
> 
> Andre
> 
> 
> Am 18.09.2018 um 17:09 schrieb Aki Tuomi:
>> Can you upgrade to 2.2.36 or 2.3.2.1 and reproduce this issue? 2.2.13 is
>> quite old.
>>
>>
>>
>> ---
>> Aki Tuomi
>> Dovecot oy
>>
>>  Original message 
>> From: "Andre Hoepner - i.based: Systemhaus GmbH + Co. KG"
>> 
>> Date: 18/09/2018 16:17 (GMT+02:00)
>> To: dovecot@dovecot.org
>> Subject: dovecot (2.2.13) panic on imap-login from iphone se
>>
>>
>> Hi to all,
>>
>> we have trouble with one user account, when using imap-login with iphone
>> se. The user can login and use the account from webmail (roundcube) and
>> from thunderbird without any errors and without any restrictions.
>>
>> But if we use the account on an iphone se and try to use imap based
>> emails, there comes the following error (look at the end of the mail).
>> I have no idea, what for an error it is. Same account on an iphone 5
>> works without any trouble.
>>
>> We have delete the homedir of the user and also recreated the user with
>> new uid and new password. Webmail and thunderbird are fine, but if we
>> use the iphone se we got this error.
>>
>> Are there any known issues with this combination?
>> Thanks for your help.
>>
>> best regardings
>> Andre Hoepner
>>
>> ---8<
>> # HOST = hostname of the system; USER = username that gets this error
>>
>> Sep 18 12:46:02 HOST dovecot: imap(USER): Panic: file mailbox-list.c:
>> line 1125
>> (mailbox_list_try_mkdir_root): assertion failed: (strncmp(root_dir,
>> path, strlen(root_dir)) == 0)
>>
>> Sep 18 12:46:02 HOST dovecot: imap(USER): Error: Raw backtrace:
>> /usr/lib64/dovecot/libdovecot.so.0(+0x6552e) [0x7f4333e0452e]
>> -> /usr/lib64/dovecot/libdovecot.so.0(+0x65596) [0x7f4333e04596]
>> -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7f4333dc423e]
>> ->
>>
> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_list_try_mkdir_root+0x469)
>> [0x7f43340d3a5a]
>> ->
>> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_list_mkdir_root+0x15)
>> [0x7f43340d3ac0]
>> -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x570cb) [0x7f43340c40cb]
>> -> /usr/lib64/dovecot/libdovecot-storage.so.0(maildir_set_deleted+0x11a)
>> [0x7f43340c465c]
>> ->

Re: dovecot (2.2.13) panic on imap-login from iphone se

2018-09-18 Thread Aki Tuomi 
Please keep replies on list. Can you provide doveconf -n and output of doveadm 
user victim ?
---Aki TuomiDovecot oy
 Original message From: "Andre Hoepner - i.based: Systemhaus 
GmbH + Co. KG"  Date: 18/09/2018  19:13  (GMT+02:00) To: 
Aki Tuomi  Subject: Re: dovecot (2.2.13) panic on 
imap-login from iphone se 

Sorry. I think upgrade is not possible because it is a very outdated
gentoo installation and im not abe to compile without compiling the
whole source stack of glibc and all other dependencies.

It is planned to replace the server in the next 8 weeks with a new
system, but this 8 weeks the server must do the work.

Andre


Am 18.09.2018 um 17:09 schrieb Aki Tuomi:
> Can you upgrade to 2.2.36 or 2.3.2.1 and reproduce this issue? 2.2.13 is
> quite old.
> 
> 
> 
> ---
> Aki Tuomi
> Dovecot oy
> 
>  Original message 
> From: "Andre Hoepner - i.based: Systemhaus GmbH + Co. KG"
> 
> Date: 18/09/2018 16:17 (GMT+02:00)
> To: dovecot@dovecot.org
> Subject: dovecot (2.2.13) panic on imap-login from iphone se
> 
> 
> Hi to all,
> 
> we have trouble with one user account, when using imap-login with iphone
> se. The user can login and use the account from webmail (roundcube) and
> from thunderbird without any errors and without any restrictions.
> 
> But if we use the account on an iphone se and try to use imap based
> emails, there comes the following error (look at the end of the mail).
> I have no idea, what for an error it is. Same account on an iphone 5
> works without any trouble.
> 
> We have delete the homedir of the user and also recreated the user with
> new uid and new password. Webmail and thunderbird are fine, but if we
> use the iphone se we got this error.
> 
> Are there any known issues with this combination?
> Thanks for your help.
> 
> best regardings
> Andre Hoepner
> 
> ---8<
> # HOST = hostname of the system; USER = username that gets this error
> 
> Sep 18 12:46:02 HOST dovecot: imap(USER): Panic: file mailbox-list.c:
> line 1125
> (mailbox_list_try_mkdir_root): assertion failed: (strncmp(root_dir,
> path, strlen(root_dir)) == 0)
> 
> Sep 18 12:46:02 HOST dovecot: imap(USER): Error: Raw backtrace:
> /usr/lib64/dovecot/libdovecot.so.0(+0x6552e) [0x7f4333e0452e]
> -> /usr/lib64/dovecot/libdovecot.so.0(+0x65596) [0x7f4333e04596]
> -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7f4333dc423e]
> ->
> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_list_try_mkdir_root+0x469)
> [0x7f43340d3a5a]
> ->
> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_list_mkdir_root+0x15)
> [0x7f43340d3ac0]
> -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x570cb) [0x7f43340c40cb]
> -> /usr/lib64/dovecot/libdovecot-storage.so.0(maildir_set_deleted+0x11a)
> [0x7f43340c465c]
> -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x563d5) [0x7f43340c33d5]
> ->
> /usr/lib64/dovecot/libdovecot-storage.so.0(maildir_uidlist_sync_init+0x33)
> [0x7f43340c34f7]
> -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x517ac) [0x7f43340be7ac]
> -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x51c59) [0x7f43340bec59]
> ->
> /usr/lib64/dovecot/libdovecot-storage.so.0(maildir_storage_sync_init+0xb5)
> [0x7f43340bef35]
> -> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x2b)
> [0x7f43340cc405]
> -> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_sync+0x27)
> [0x7f43340cc4f1]
> ->
> /usr/lib64/dovecot/libdovecot-storage.so.0(index_storage_get_status+0x2f)
> [0x7f43340f1f6a]
> -> /usr/lib64/dovecot/lib01_acl_plugin.so(+0xdff9) [0x7f433359]
> -> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_get_status+0x31)
> [0x7f43340cd36c]
> -> dovecot/imap(imap_status_get+0x5f) [0x41dc1d]
> -> dovecot/imap() [0x410cf9]
> -> dovecot/imap(cmd_list_full+0x49d) [0x411297]
> -> dovecot/imap(command_exec+0x37) [0x417f20]
> -> dovecot/imap() [0x4170c9]
> -> dovecot/imap() [0x417174]
> -> dovecot/imap(client_handle_input+0x106) [0x417400]
> -> dovecot/imap(client_input+0x72) [0x417768]
> -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x3f) [0x7f4333e13536]
> -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xd1)
> [0x7f4333e142e6]
> -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x9)
> [0x7f4333e13598]
> 
> Sep 18 12:46:02 HOST dovecot: imap(USER): Fatal: master: service(imap):
> child 32253
> killed with signal 6 (core dumps disabled)
> ---8<

-- 

Sie möchten wissen, warum wir die Richtigen für Ihr
Unternehmen sind? Lesen Sie hier ...
http://www.11-gute-gruende.de


i.based: Systemhaus GmbH & Co. KG
Langenstrasse 38
18439 Stralsund
Deutschland

http://www.ibased.de
a.hoep...@ibased.de

fon: 03831-28944-0
fax: 03831-28944-29

Registergericht:
HRA 2072 Amtsgericht Stralsund

Geschäftsführung:
i.based: Systemhaus Verwaltungs GmbH

Steuer-Nr: 082/187/38401
USt.-ID: DE254322988

persönlich haftend:
i.based: Systemhaus Verwaltungs-
GmbH, Stralsund
HRB 7189 Amtsgericht Stralsund

vertreten durch:
André Höpner, Mathias Waldeck

Re: dovecot (2.2.13) panic on imap-login from iphone se

2018-09-18 Thread Aki Tuomi 
Can you upgrade to 2.2.36 or 2.3.2.1 and reproduce this issue? 2.2.13 is quite 
old.


---Aki TuomiDovecot oy
 Original message From: "Andre Hoepner - i.based: Systemhaus 
GmbH + Co. KG"  Date: 18/09/2018  16:17  (GMT+02:00) To: 
dovecot@dovecot.org Subject: dovecot (2.2.13) panic on imap-login from iphone 
se 

Hi to all,

we have trouble with one user account, when using imap-login with iphone
se. The user can login and use the account from webmail (roundcube) and
from thunderbird without any errors and without any restrictions.

But if we use the account on an iphone se and try to use imap based
emails, there comes the following error (look at the end of the mail).
I have no idea, what for an error it is. Same account on an iphone 5
works without any trouble.

We have delete the homedir of the user and also recreated the user with
new uid and new password. Webmail and thunderbird are fine, but if we
use the iphone se we got this error.

Are there any known issues with this combination?
Thanks for your help.

best regardings
Andre Hoepner

---8<
# HOST = hostname of the system; USER = username that gets this error

Sep 18 12:46:02 HOST dovecot: imap(USER): Panic: file mailbox-list.c:
line 1125
(mailbox_list_try_mkdir_root): assertion failed: (strncmp(root_dir,
path, strlen(root_dir)) == 0)

Sep 18 12:46:02 HOST dovecot: imap(USER): Error: Raw backtrace:
/usr/lib64/dovecot/libdovecot.so.0(+0x6552e) [0x7f4333e0452e]
-> /usr/lib64/dovecot/libdovecot.so.0(+0x65596) [0x7f4333e04596]
-> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7f4333dc423e]
->
/usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_list_try_mkdir_root+0x469)
[0x7f43340d3a5a]
->
/usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_list_mkdir_root+0x15)
[0x7f43340d3ac0]
-> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x570cb) [0x7f43340c40cb]
-> /usr/lib64/dovecot/libdovecot-storage.so.0(maildir_set_deleted+0x11a)
[0x7f43340c465c]
-> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x563d5) [0x7f43340c33d5]
->
/usr/lib64/dovecot/libdovecot-storage.so.0(maildir_uidlist_sync_init+0x33)
[0x7f43340c34f7]
-> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x517ac) [0x7f43340be7ac]
-> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x51c59) [0x7f43340bec59]
->
/usr/lib64/dovecot/libdovecot-storage.so.0(maildir_storage_sync_init+0xb5)
[0x7f43340bef35]
-> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x2b)
[0x7f43340cc405]
-> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_sync+0x27)
[0x7f43340cc4f1]
->
/usr/lib64/dovecot/libdovecot-storage.so.0(index_storage_get_status+0x2f)
[0x7f43340f1f6a]
-> /usr/lib64/dovecot/lib01_acl_plugin.so(+0xdff9) [0x7f433359]
-> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_get_status+0x31)
[0x7f43340cd36c]
-> dovecot/imap(imap_status_get+0x5f) [0x41dc1d]
-> dovecot/imap() [0x410cf9]
-> dovecot/imap(cmd_list_full+0x49d) [0x411297]
-> dovecot/imap(command_exec+0x37) [0x417f20]
-> dovecot/imap() [0x4170c9]
-> dovecot/imap() [0x417174]
-> dovecot/imap(client_handle_input+0x106) [0x417400]
-> dovecot/imap(client_input+0x72) [0x417768]
-> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x3f) [0x7f4333e13536]
-> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xd1)
[0x7f4333e142e6]
-> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x9)
[0x7f4333e13598]

Sep 18 12:46:02 HOST dovecot: imap(USER): Fatal: master: service(imap):
child 32253
killed with signal 6 (core dumps disabled)
---8<

Regression ACL & namespace prefix

2018-09-18 Thread Michal Hlavinka 

Hi

tl;dr:
Seems that for Global ACL directory, namespace prefix is not part of the 
path, when looking for acl file.


Long version:

We're planning to update dovecot in next os update to 2.2.36 and while 
going through regression testing, we found a problem with ACL 
configuration combined with namespace.


Test uses "Global ACL directory" configuration.

Relevant configuration part:
mail_location = maildir:~/Maildir

namespace inbox {
  hidden = no
  inbox = yes
  list = yes
  location =
  prefix =
  separator = /
}
namespace {
  hidden = no
  list = yes
  location = maildir:/var/mail/pub
  prefix = pub/
  separator = /
  type = public
}

mail_plugins = acl

protocol imap {
  mail_plugins = $mail_plugins acl imap_acl
}
plugin {
  acl = vfile:/etc/dovecot/global-acls
}

ACL config file is stored at:
/etc/dovecot/global-acls/pub/.DEFAULT

when trying to examine "pub", it is denied:
fetchmail: IMAP> A0005 EXAMINE "pub"
fetchmail: IMAP< A0005 NO Mailbox doesn't exist: pub (0.001 + 0.000 secs).

# doveadm acl debug -u d2 pub
doveadm(d2): Info: Mailbox '' is in namespace 'pub/'
doveadm(d2): Info: Mailbox path: /var/mail/pub
doveadm(d2): Info: All message flags are shared across users in mailbox
doveadm(d2): Info: User d2 has no rights for mailbox
doveadm(d2): Error: User d2 is missing 'lookup' right
doveadm(d2): Info: Mailbox pub is NOT visible in LIST

because it did not find acl file:
imap(d2): Debug: Namespace : type=public, prefix=pub/, sep=/, inbox=no, 
hidden=no, list=yes, subscriptions=yes location=maildir:/var/mail/pub
imap(d2): Debug: maildir++: root=/var/mail/pub, index=, indexpvt=, 
control=, inbox=, alt=
imap(d2): Debug: acl: initializing backend with data: 
vfile:/etc/dovecot/global-acls

imap(d2): Debug: acl: acl username = d2
imap(d2): Debug: acl: owner = 0
imap(d2): Debug: acl vfile: Global ACL legacy directory: 
/etc/dovecot/global-acls

imap(d2): Debug: pub: Mailbox opened because: EXAMINE
imap(d2): Debug: acl vfile: file /etc/dovecot/global-acls//.DEFAULT not 
found

imap(d2): Debug: acl vfile: file /var/mail/pub/dovecot-acl not found


see it's looking for:
/etc/dovecot/global-acls//.DEFAULT
instead of
/etc/dovecot/global-acls/pub/.DEFAULT

Checking with documentation
https://wiki.dovecot.org/ACL
it seems that prefix should still be part of the path, as it was before:
"""The filenames must start with namespace prefix (if it has one). For 
example with namespace prefix=INBOX/ containing mailbox "foo" use 
/etc/dovecot/acls/INBOX/foo."""



Just for comparison, previous version (2.2.10) would work fine:
imap(d2): Debug: Namespace : type=public, prefix=pub/, sep=/, inbox=no, 
hidden=no, list=yes, subscriptions=yes location=maildir:/var/mail/pub
imap(d2): Debug: maildir++: root=/var/mail/pub, index=, indexpvt=, 
control=, inbox=, alt=
imap(d2): Debug: acl: initializing backend with data: 
vfile:/etc/dovecot/global-acls

imap(d2): Debug: acl: acl username = d2
imap(d2): Debug: acl: owner = 0
imap(d2): Debug: acl vfile: Global ACL directory: /etc/dovecot/global-acls
imap(d2): Debug: acl vfile: reading file 
/etc/dovecot/global-acls/pub/.DEFAULT

imap(d2): Debug: acl vfile: file /var/mail/pub/dovecot-acl not found


I've localized problem to:
src/plugins/acl/acl-backend-vfile.c: acl_backend_vfile_object_init(...)
and change from:

vname = mailbox_list_get_vname(_backend->list, name);

to:

vname = *name == '\0' ? "" :
mailbox_list_get_vname(_backend->list, name);

that happened quite time ago during bigger acl changes and I don't know 
why exactly this line was changed previously. Anyway, reverting this 
line alone fixes the problem and while testing both per-mailbox ACL 
vfile and Global ACL file, reverting this did not affect them.

HTTP DoveAdm API - Possible bug?

2018-09-18 Thread Chris Malton 

Hi all,

It seems that setting userMask in the doveadm http api's "user" command 
to anything involving wildcards ?s or *s causes the API to fail.


When using the API with a userMask set to the fully qualified email 
address, I get the expected fields back.


From a python shell, with an asterisk causes the following behaviour 
(note that doveadm is a python module that wrappers the dovecot API into 
Python's requests module).


>>> doveadm.do_query("http://[:::::]:24280;, 
"API_KEY_HERE", [ ["user", { "userMask": ["*"] }, "c01"] ])

'[["doveadmResponse",,"c01"]]'

If I run the same command with a valid mailbox in the userMask Field, I 
get the response I expect:


>>> doveadm.do_query("http://[[:::::]:24280;, 
"API_KEY_HERE", [ ["user", { "userMask": ["t...@test.mydomain.com"] }, 
"c01"] ])

'[["doveadmResponse",{"t...@test.mydomain.com":{"uid":"x","gid":"y","home":"/mail/test.mydomain.com/users/test","mail":"maildir:/mail/test.mydomain.com/users/test/Maildir/:INDEX=/indexes/test.mydomain.com/test","nice":"10"}},"c01"]]'


Chatting with people in #dovecot revealed similar behaviour elsewhere so 
it doesn't appear to be just me.  I've also selectively edited the above 
to avoid leaking data.


We're running on the following

# 2.2.34 (874deae): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.22 (22940fb7)
# OS: Linux 4.9.0-7-amd64 x86_64 Debian 9.5 ext4

If you need a full copy of the config, please let me know and I'll talk 
to my client, however, I don't think this is config related.


Thanks in advance.

Regards,

Chris Malton

--
Delta V Technologies Limited
0 402 402www.deltav-tech.co.uk
Office: 17 Elm Close, Southampton, SO16 7DT
Company No. 11006104 Registered in England and Wales

dovecot (2.2.13) panic on imap-login from iphone se

2018-09-18 Thread Andre Hoepner - i.based: Systemhaus GmbH + Co. KG 


Hi to all,

we have trouble with one user account, when using imap-login with iphone
se. The user can login and use the account from webmail (roundcube) and
from thunderbird without any errors and without any restrictions.

But if we use the account on an iphone se and try to use imap based
emails, there comes the following error (look at the end of the mail).
I have no idea, what for an error it is. Same account on an iphone 5
works without any trouble.

We have delete the homedir of the user and also recreated the user with
new uid and new password. Webmail and thunderbird are fine, but if we
use the iphone se we got this error.

Are there any known issues with this combination?
Thanks for your help.

best regardings
Andre Hoepner

---8<
# HOST = hostname of the system; USER = username that gets this error

Sep 18 12:46:02 HOST dovecot: imap(USER): Panic: file mailbox-list.c:
line 1125
(mailbox_list_try_mkdir_root): assertion failed: (strncmp(root_dir,
path, strlen(root_dir)) == 0)

Sep 18 12:46:02 HOST dovecot: imap(USER): Error: Raw backtrace:
/usr/lib64/dovecot/libdovecot.so.0(+0x6552e) [0x7f4333e0452e]
-> /usr/lib64/dovecot/libdovecot.so.0(+0x65596) [0x7f4333e04596]
-> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7f4333dc423e]
->
/usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_list_try_mkdir_root+0x469)
[0x7f43340d3a5a]
->
/usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_list_mkdir_root+0x15)
[0x7f43340d3ac0]
-> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x570cb) [0x7f43340c40cb]
-> /usr/lib64/dovecot/libdovecot-storage.so.0(maildir_set_deleted+0x11a)
[0x7f43340c465c]
-> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x563d5) [0x7f43340c33d5]
->
/usr/lib64/dovecot/libdovecot-storage.so.0(maildir_uidlist_sync_init+0x33)
[0x7f43340c34f7]
-> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x517ac) [0x7f43340be7ac]
-> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x51c59) [0x7f43340bec59]
->
/usr/lib64/dovecot/libdovecot-storage.so.0(maildir_storage_sync_init+0xb5)
[0x7f43340bef35]
-> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x2b)
[0x7f43340cc405]
-> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_sync+0x27)
[0x7f43340cc4f1]
->
/usr/lib64/dovecot/libdovecot-storage.so.0(index_storage_get_status+0x2f)
[0x7f43340f1f6a]
-> /usr/lib64/dovecot/lib01_acl_plugin.so(+0xdff9) [0x7f433359]
-> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_get_status+0x31)
[0x7f43340cd36c]
-> dovecot/imap(imap_status_get+0x5f) [0x41dc1d]
-> dovecot/imap() [0x410cf9]
-> dovecot/imap(cmd_list_full+0x49d) [0x411297]
-> dovecot/imap(command_exec+0x37) [0x417f20]
-> dovecot/imap() [0x4170c9]
-> dovecot/imap() [0x417174]
-> dovecot/imap(client_handle_input+0x106) [0x417400]
-> dovecot/imap(client_input+0x72) [0x417768]
-> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x3f) [0x7f4333e13536]
-> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xd1)
[0x7f4333e142e6]
-> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x9)
[0x7f4333e13598]

Sep 18 12:46:02 HOST dovecot: imap(USER): Fatal: master: service(imap):
child 32253
killed with signal 6 (core dumps disabled)
---8<

Re: Auth process sometimes stop responding after upgrade

2018-09-18 Thread Simone Lazzaris 
In data martedì 18 settembre 2018 14:25:25 CEST, Aki Tuomi ha scritto:
> Can you provide 'bt full'
> 

Sure:

(gdb) bt full
#0  0xb76e4428 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb74636c1 in raise () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
No symbol table info available.
#2  0xb7466af2 in abort () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
No symbol table info available.
#3  0xb76485ae in default_fatal_finish (type=, 
status=status@entry=0) at 
failures.c:201
backtrace = 0x82b5168 "/usr/local/lib/dovecot/libdovecot.so.0(+0xa15be) 
[0xb76485be] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xa1641) [0xb7648641] 
-> /usr/
local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0xb75ce35e] -> dove"...
#4  0xb7648641 in i_internal_fatal_handler (ctx=0xbf839cc0, format=0x805c274 
"file %s: 
line %d (%s): assertion failed: (%s)", args=0xbf839ce4 "4\370\005\bI\004") at 
failures.c:670
status = 0
#5  0xb75ce35e in i_panic (format=format@entry=0x805c274 "file %s: line %d 
(%s): 
assertion failed: (%s)") at failures.c:275
ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0, 
timestamp_usecs = 0}
args = 0xbf839ce4 "4\370\005\bI\004"
#6  0x080574f7 in doveadm_connection_deinit (_conn=_conn@entry=0xbf839d60) at 
doveadm-connection.c:1097
conn = 0x82fb580
__FUNCTION__ = "doveadm_connection_deinit"
#7  0x08057f03 in doveadm_connection_input (conn=0x0) at 
doveadm-connection.c:1051
line = 
ret = 
#8  0xb76613db in io_loop_call_io (io=0x82fb780) at ioloop.c:600
ioloop = 0x82bd648
t_id = 2
__FUNCTION__ = "io_loop_call_io"
#9  0xb7662e1e in io_loop_handler_run_internal (ioloop=ioloop@entry=0x82bd648) 
at 
ioloop-epoll.c:223
ctx = 0x82c9a40
events = 0x0
event = 0x82c9a80
list = 0x82e1830
io = 
tv = {tv_sec = 0, tv_usec = 236182}
events_count = 0
msecs = 
ret = 1
i = 
j = 
call = 
__FUNCTION__ = "io_loop_handler_run_internal"
#10 0xb7661496 in io_loop_handler_run (ioloop=ioloop@entry=0x82bd648) at 
ioloop.c:649
No locals.
#11 0xb7661658 in io_loop_run (ioloop=0x82bd648) at ioloop.c:624
__FUNCTION__ = "io_loop_run"
#12 0xb75da45e in master_service_run (service=0x82bd578, 
callback=callback@entry=0x804d360 ) at master-service.c:719
No locals.
#13 0x0804cf5e in main (argc=1, argv=0x82bd300) at main.c:366
set_roots = {0x805f6c0, 0x0}
test_port = 0
error = 
debug = false
c = 
(gdb) 


I have realized that on these machine used to run dovecot 2.1.x and were 
upgraded with 
"make install" on 2.2.36. I've found a library that is not upgraded (maybe is 
missing or not 
compiled on the new version).


-rw-r--r-- 1 root staff 1963428 Jun 17  2016 
/usr/local/lib/dovecot/libdovecot-ssl.a
-rwxr-xr-x 1 root staff1014 Jun 17  2016 
/usr/local/lib/dovecot/libdovecot-ssl.la
lrwxrwxrwx 1 root staff  23 Jun 17  2016 
/usr/local/lib/dovecot/libdovecot-ssl.so -> 
libdovecot-ssl.so.0.0.0
lrwxrwxrwx 1 root staff  23 Jun 17  2016 
/usr/local/lib/dovecot/libdovecot-ssl.so.0 -> 
libdovecot-ssl.so.0.0.0
-rwxr-xr-x 1 root staff 1284527 Jun 17  2016 
/usr/local/lib/dovecot/libdovecot-ssl.so.0.0.0

Can that be the ultimate cause?


*Simone Lazzaris*
*Qcom S.p.A.*
simone.lazza...@qcom.it[1] | www.qcom.it[2]
* LinkedIn[3]* | *Facebook[4]*
[5] 







[1] mailto:simone.lazza...@qcom.it
[2] https://www.qcom.it
[3] https://www.linkedin.com/company/qcom-spa
[4] http://www.facebook.com/qcomspa
[5] https://www.qcom.it/includes/email-banner.gif

Re: Auth process sometimes stop responding after upgrade

2018-09-18 Thread Aki Tuomi 
Can you provide 'bt full'

Aki


On 18.09.2018 15:15, Simone Lazzaris wrote:
>
> In data martedì 18 settembre 2018 14:07:26 CEST, Aki Tuomi ha scritto:
>
> > If you are using systemd, create
>
> > /etc/systemd/system/dovecot.service.d/limits.conf and put
>
> > [Service]LimitCORE=infinity
>
> >
>
> > and run 
>
> > systemctl daemon-reloadsystemctl restart dovecot
>
>  
>
> Nope, I'm on a debian 7, without systemd. Anyway, I've resolved the
> issue: I had to set fs.suid_dumpable BEFORE starting dovecot.
>
>  
>
> I've got a core dump, and here is the backtrace. Let me know if you
> want the core file.
>
>  
>
> gdb) bt
>
> #0 0xb76e4428 in __kernel_vsyscall ()
>
> #1 0xb74636c1 in raise () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
>
> #2 0xb7466af2 in abort () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
>
> #3 0xb76485ae in default_fatal_finish (type=,
> status=status@entry=0) at failures.c:201
>
> #4 0xb7648641 in i_internal_fatal_handler (ctx=0xbf839cc0,
> format=0x805c274 "file %s: line %d (%s): assertion failed: (%s)",
> args=0xbf839ce4 "4\370\005\bI\004") at failures.c:670
>
> #5 0xb75ce35e in i_panic (format=format@entry=0x805c274 "file %s: line
> %d (%s): assertion failed: (%s)") at failures.c:275
>
> #6 0x080574f7 in doveadm_connection_deinit
> (_conn=_conn@entry=0xbf839d60) at doveadm-connection.c:1097
>
> #7 0x08057f03 in doveadm_connection_input (conn=0x0) at
> doveadm-connection.c:1051
>
> #8 0xb76613db in io_loop_call_io (io=0x82fb780) at ioloop.c:600
>
> #9 0xb7662e1e in io_loop_handler_run_internal
> (ioloop=ioloop@entry=0x82bd648) at ioloop-epoll.c:223
>
> #10 0xb7661496 in io_loop_handler_run (ioloop=ioloop@entry=0x82bd648)
> at ioloop.c:649
>
> #11 0xb7661658 in io_loop_run (ioloop=0x82bd648) at ioloop.c:624
>
> #12 0xb75da45e in master_service_run (service=0x82bd578,
> callback=callback@entry=0x804d360 ) at
> master-service.c:719
>
> #13 0x0804cf5e in main (argc=1, argv=0x82bd300) at main.c:366
>
>  
>
> -- 
>
> Simone LazzarisResponsabile datacenter Qcom S.p.A.Via Roggia Vignola,
> 9 | 24047 Treviglio (BG) T +39036347905 | D +3903631970352| M
> +393938111237 simone.lazza...@qcom.it
> | www.qcom.it
> Qcom Official PagesLinkedIn
> | Facebook
> 
>

Re: Auth process sometimes stop responding after upgrade

2018-09-18 Thread Simone Lazzaris 
In data martedì 18 settembre 2018 14:07:26 CEST, Aki Tuomi ha scritto:
> If you are using systemd, create
> /etc/systemd/system/dovecot.service.d/limits.conf and put
> [Service]LimitCORE=infinity
> 
> and run 
> systemctl daemon-reloadsystemctl restart dovecot

Nope, I'm on a debian 7, without systemd. Anyway, I've resolved the issue: I 
had to set 
fs.suid_dumpable BEFORE starting dovecot.

I've got a core dump, and here is the backtrace. Let me know if you want the 
core file.

gdb) bt
#0  0xb76e4428 in __kernel_vsyscall ()
#1  0xb74636c1 in raise () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
#2  0xb7466af2 in abort () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
#3  0xb76485ae in default_fatal_finish (type=, 
status=status@entry=0) at 
failures.c:201
#4  0xb7648641 in i_internal_fatal_handler (ctx=0xbf839cc0, format=0x805c274 
"file %s: 
line %d (%s): assertion failed: (%s)", args=0xbf839ce4 "4\370\005\bI\004") at 
failures.c:670
#5  0xb75ce35e in i_panic (format=format@entry=0x805c274 "file %s: line %d 
(%s): 
assertion failed: (%s)") at failures.c:275
#6  0x080574f7 in doveadm_connection_deinit (_conn=_conn@entry=0xbf839d60) at 
doveadm-connection.c:1097
#7  0x08057f03 in doveadm_connection_input (conn=0x0) at 
doveadm-connection.c:1051
#8  0xb76613db in io_loop_call_io (io=0x82fb780) at ioloop.c:600
#9  0xb7662e1e in io_loop_handler_run_internal (ioloop=ioloop@entry=0x82bd648) 
at 
ioloop-epoll.c:223
#10 0xb7661496 in io_loop_handler_run (ioloop=ioloop@entry=0x82bd648) at 
ioloop.c:649
#11 0xb7661658 in io_loop_run (ioloop=0x82bd648) at ioloop.c:624
#12 0xb75da45e in master_service_run (service=0x82bd578, 
callback=callback@entry=0x804d360 ) at master-service.c:719
#13 0x0804cf5e in main (argc=1, argv=0x82bd300) at main.c:366



*Simone Lazzaris*
*Qcom S.p.A.*
simone.lazza...@qcom.it[1] | www.qcom.it[2]
* LinkedIn[3]* | *Facebook*[4]
[5] 







[1] mailto:simone.lazza...@qcom.it
[2] https://www.qcom.it
[3] https://www.linkedin.com/company/qcom-spa
[4] http://www.facebook.com/qcomspa
[5] https://www.qcom.it/includes/email-banner.gif

Re: Auth process sometimes stop responding after upgrade

2018-09-18 Thread Aki Tuomi 
If you are using systemd, create 
/etc/systemd/system/dovecot.service.d/limits.conf and put
[Service]LimitCORE=infinity

and run 
systemctl daemon-reloadsystemctl restart dovecot
---Aki TuomiDovecot oy
 Original message From: Simone Lazzaris 
 Date: 18/09/2018  15:01  (GMT+02:00) To: Timo 
Sirainen  Cc: dovecot@dovecot.org Subject: Re: Auth process 
sometimes stop responding after upgrade 

Alas, I've set fs.suid_dumpable to 2 but the core is not dumped. So far I've 
checked:
 
- ulimit -c unlimited, done
- /proc/sys/kernel/core_pattern is set to /var/tmp/core.%p
- /var/tmp is chmod 1777
- daemon is not chrooted 
- sysctl -w fs.suid_dumpable=2
- dir /var/tmp is empty and filesystem has 2GB free
 
 
This is the logfile:
 
Sep 18 13:54:22 imap-front4 dovecot: director: doveadm: Host 192.168.1.145 
changed down (vhost_count=100 last_updown_change=0)
Sep 18 13:54:52 imap-front4 dovecot: director: doveadm: Host 192.168.1.145 
changed up (vhost_count=100 last_updown_change=1537271662)
Sep 18 13:54:52 imap-front4 dovecot: director: Panic: file 
doveadm-connection.c: line 1097 (doveadm_connection_deinit): assertion failed: 
(conn->to_ring_sync_abort == NULL)
Sep 18 13:54:52 imap-front4 dovecot: director: Error: Raw backtrace: 
/usr/local/lib/dovecot/libdovecot.so.0(+0xa15be) [0xb76fa5be] -> 
/usr/local/lib/dovecot/libdovecot.so.0(+0xa1641) [0xb76fa641] -> 
/usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0xb768035e] -> 
dovecot/director() [0x80574f7] -> dovecot/director() [0x8057f03] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x6b) [0xb77133db] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xfe) 
[0xb7714e1e] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x46) [0xb7713496] 
-> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x48) [0xb7713658] -> 
/usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x2e) [0xb768c45e] -> 
dovecot/director(main+0x49e) [0x804cf5e] -> 
/lib/i386-linux-gnu/i686/cmov/libc.so.6(__libc_start_main+0xe6) [0xb7501e46] -> 
dovecot/director() [0x804d081]
Sep 18 13:54:52 imap-front4 dovecot: director: Fatal: master: 
service(director): child 8059 killed with signal 6 (core not dumped)
Sep 18 13:54:52 imap-front4 dovecot: director: Connecting to 
212.183.164.161:9090 (as 212.183.164.164): Initial connection
Sep 18 13:54:52 imap-front4 dovecot: director: Incoming connection from 
director 212.183.164.163/in
Sep 18 13:54:52 imap-front4 dovecot: director: director(212.183.164.163/in): 
Host 192.168.1.142 vhost count changed from 100 to 100
Sep 18 13:54:52 imap-front4 dovecot: director: director(212.183.164.163/in): 
Host 192.168.1.143 vhost count changed from 100 to 100
Sep 18 13:54:52 imap-front4 dovecot: director: director(212.183.164.163/in): 
Host 192.168.1.144 vhost count changed from 100 to 100
Sep 18 13:54:52 imap-front4 dovecot: director: director(212.183.164.163/in): 
Host 192.168.1.145 vhost count changed from 100 to 100
Sep 18 13:54:52 imap-front4 dovecot: director: director(212.183.164.163/in): 
Host 192.168.1.216 vhost count changed from 100 to 100
Sep 18 13:54:52 imap-front4 dovecot: director: director(212.183.164.163/in): 
Host 192.168.1.217 vhost count changed from 100 to 100
Sep 18 13:54:52 imap-front4 dovecot: director: director(212.183.164.163/in): 
Host 192.168.1.218 vhost count changed from 100 to 100
Sep 18 13:54:52 imap-front4 dovecot: director: director(212.183.164.163/in): 
Host 192.168.1.219 vhost count changed from 100 to 100
Sep 18 13:54:52 imap-front4 dovecot: director: 
director(212.183.164.161:9090/out): Handshake finished in 0.001 secs (bytes 
in=61, bytes out=791, 0+0 USERs received, last input 0.000 s ago, last output 
0.001 s ago, connected 0.001 s ago, 408 peak output buffer size, 0.000 CPU secs 
since connected)
Sep 18 13:54:52 imap-front4 dovecot: director: director(212.183.164.163/in): 
Handshake finished in 0.006 secs (bytes in=111411, bytes out=56, 2940+0 USERs 
received, last input 0.000 s ago, last output 0.006 s ago, connected 0.006 s 
ago, 0 peak output buffer size, 0.004 CPU secs since connected)
 
 
I can confirm that I can trigger the issue having one of the backends flapping 
down/up.

-- 
Simone Lazzaris
Responsabile datacenter

Qcom S.p.A.
Via Roggia Vignola, 9 | 24047 Treviglio (BG)
T +39036347905 | D +3903631970352| M +393938111237
simone.lazza...@qcom.it | www.qcom.it

Qcom Official Pages LinkedIn | Facebook

Re: Auth process sometimes stop responding after upgrade

2018-09-18 Thread Simone Lazzaris 
Alas, I've set fs.suid_dumpable to 2 but the core is not dumped. So far I've 
checked:

- ulimit -c unlimited, done
- /proc/sys/kernel/core_pattern is set to /var/tmp/core.%p
- /var/tmp is chmod 1777
- daemon is not chrooted 
- sysctl -w fs.suid_dumpable=2
- dir /var/tmp is empty and filesystem has 2GB free


This is the logfile:

Sep 18 13:54:22 imap-front4 dovecot: director: doveadm: Host 192.168.1.145 
changed 
down (vhost_count=100 last_updown_change=0)
Sep 18 13:54:52 imap-front4 dovecot: director: doveadm: Host 192.168.1.145 
changed up 
(vhost_count=100 last_updown_change=1537271662)
Sep 18 13:54:52 imap-front4 dovecot: director: Panic: file 
doveadm-connection.c: line 1097 
(doveadm_connection_deinit): assertion failed: (conn->to_ring_sync_abort == 
NULL)
Sep 18 13:54:52 imap-front4 dovecot: director: Error: Raw backtrace: 
/usr/local/lib/dovecot/
libdovecot.so.0(+0xa15be) [0xb76fa5be] -> /usr/local/lib/dovecot/libdovecot.so.
0(+0xa1641) [0xb76fa641] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) 
[0xb768035e] 
-> dovecot/director() [0x80574f7] -> dovecot/director() [0x8057f03] -> 
/usr/local/lib/
dovecot/libdovecot.so.0(io_loop_call_io+0x6b) [0xb77133db] -> 
/usr/local/lib/dovecot/
libdovecot.so.0(io_loop_handler_run_internal+0xfe) [0xb7714e1e] -> 
/usr/local/lib/dovecot/
libdovecot.so.0(io_loop_handler_run+0x46) [0xb7713496] -> 
/usr/local/lib/dovecot/
libdovecot.so.0(io_loop_run+0x48) [0xb7713658] -> 
/usr/local/lib/dovecot/libdovecot.so.
0(master_service_run+0x2e) [0xb768c45e] -> dovecot/director(main+0x49e) 
[0x804cf5e] -> 
/lib/i386-linux-gnu/i686/cmov/libc.so.6(__libc_start_main+0xe6) [0xb7501e46] -> 
dovecot/
director() [0x804d081]
Sep 18 13:54:52 imap-front4 dovecot: director: Fatal: master: 
service(director): child 8059 
killed with signal 6 (core not dumped)
Sep 18 13:54:52 imap-front4 dovecot: director: Connecting to 
212.183.164.161:9090 (as 
212.183.164.164): Initial connection
Sep 18 13:54:52 imap-front4 dovecot: director: Incoming connection from 
director 
212.183.164.163/in
Sep 18 13:54:52 imap-front4 dovecot: director: director(212.183.164.163/in): 
Host 
192.168.1.142 vhost count changed from 100 to 100
Sep 18 13:54:52 imap-front4 dovecot: director: director(212.183.164.163/in): 
Host 
192.168.1.143 vhost count changed from 100 to 100
Sep 18 13:54:52 imap-front4 dovecot: director: director(212.183.164.163/in): 
Host 
192.168.1.144 vhost count changed from 100 to 100
Sep 18 13:54:52 imap-front4 dovecot: director: director(212.183.164.163/in): 
Host 
192.168.1.145 vhost count changed from 100 to 100
Sep 18 13:54:52 imap-front4 dovecot: director: director(212.183.164.163/in): 
Host 
192.168.1.216 vhost count changed from 100 to 100
Sep 18 13:54:52 imap-front4 dovecot: director: director(212.183.164.163/in): 
Host 
192.168.1.217 vhost count changed from 100 to 100
Sep 18 13:54:52 imap-front4 dovecot: director: director(212.183.164.163/in): 
Host 
192.168.1.218 vhost count changed from 100 to 100
Sep 18 13:54:52 imap-front4 dovecot: director: director(212.183.164.163/in): 
Host 
192.168.1.219 vhost count changed from 100 to 100
Sep 18 13:54:52 imap-front4 dovecot: director: 
director(212.183.164.161:9090/out): 
Handshake finished in 0.001 secs (bytes in=61, bytes out=791, 0+0 USERs 
received, last 
input 0.000 s ago, last output 0.001 s ago, connected 0.001 s ago, 408 peak 
output buffer 
size, 0.000 CPU secs since connected)
Sep 18 13:54:52 imap-front4 dovecot: director: director(212.183.164.163/in): 
Handshake 
finished in 0.006 secs (bytes in=111411, bytes out=56, 2940+0 USERs received, 
last input 
0.000 s ago, last output 0.006 s ago, connected 0.006 s ago, 0 peak output 
buffer size, 
0.004 CPU secs since connected)


I can confirm that I can trigger the issue having one of the backends flapping 
down/up.


*Simone Lazzaris*
*Qcom S.p.A.*
simone.lazza...@qcom.it[1] | www.qcom.it[2]
* LinkedIn[3]* | *Facebook*[4]
[5] 







[1] mailto:simone.lazza...@qcom.it
[2] https://www.qcom.it
[3] https://www.linkedin.com/company/qcom-spa
[4] http://www.facebook.com/qcomspa
[5] https://www.qcom.it/includes/email-banner.gif

Re: Auth process sometimes stop responding after upgrade

2018-09-18 Thread Timo Sirainen 
On 18 Sep 2018, at 13.29, Simone Lazzaris  wrote:
> 
> > Hi all, again;
> >
> > I've enabled the core dumps and let it go for some day waiting for the issue
> > to reoccur.
> >
> > Meantime I've also upgraded the poolmon script, as Sami suggested.
> >
> > It seems that the upgrade has scared the issue away, because it no longer
> > occurred.
> >
> > Maybe the problem is related to the way the old poolmon talked to the
> > director daemon? I'm not very inclined to downgrade poolmon to catch a
> > traceback, but can do if neccessary.
>  
> Well, maybe it's not necessary ;)
> I've performed some maintenance operations on the backends and that triggered 
> the crash. It seems that something goes wrong where one backend come back 
> online.

It's weird how easily you can reproduce the crash. I've ran all kinds of 
(stress) tests and I can't reproduce this crash. I was able to reproduce the 
original hang though.
 
> Unfortunately, the core was not dumped And I don't know what to do: the 
> director service was not chrooted, and ulimit -c is unlimited.

Do you have: sysctl -w fs.suid_dumpable=2

Re: Auth process sometimes stop responding after upgrade

2018-09-18 Thread Simone Lazzaris 
> Hi all, again;
> 
> I've enabled the core dumps and let it go for some day waiting for the issue
> to reoccur.
> 
> Meantime I've also upgraded the poolmon script, as Sami suggested.
> 
> It seems that the upgrade has scared the issue away, because it no longer
> occurred.
> 
> Maybe the problem is related to the way the old poolmon talked to the
> director daemon? I'm not very inclined to downgrade poolmon to catch a
> traceback, but can do if neccessary.

Well, maybe it's not necessary ;)
I've performed some maintenance operations on the backends and that triggered 
the 
crash. It seems that something goes wrong where one backend come back online.

Unfortunately, the core was not dumped And I don't know what to do: the 
director 
service was not chrooted, and ulimit -c is unlimited.

>From the log file:

Sep 18 12:21:46 imap-front4 dovecot: director: Panic: file 
doveadm-connection.c: line 1097 
(doveadm_connection_deinit): assertion failed: (conn->to_ring_sync_abort == 
NULL)
Sep 18 12:21:46 imap-front4 dovecot: director: Error: Raw backtrace: 
/usr/local/lib/dovecot/
libdovecot.so.0(+0xa15be) [0xb77345be] -> /usr/local/lib/dovecot/libdovecot.so.
0(+0xa1641) [0xb7734641] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) 
[0xb76ba35e] 
-> dovecot/director() [0x80574f7] -> dovecot/director() [0x8057f03] -> 
/usr/local/lib/
dovecot/libdovecot.so.0(io_loop_call_io+0x6b) [0xb774d3db] -> 
/usr/local/lib/dovecot/
libdovecot.so.0(io_loop_handler_run_internal+0xfe) [0xb774ee1e] -> 
/usr/local/lib/dovecot/
libdovecot.so.0(io_loop_handler_run+0x46) [0xb774d496] -> 
/usr/local/lib/dovecot/
libdovecot.so.0(io_loop_run+0x48) [0xb774d658] -> 
/usr/local/lib/dovecot/libdovecot.so.
0(master_service_run+0x2e) [0xb76c645e] -> dovecot/director(main+0x49e) 
[0x804cf5e] -> 
/lib/i386-linux-gnu/i686/cmov/libc.so.6(__libc_start_main+0xe6) [0xb753be46] -> 
dovecot/
director() [0x804d081]
Sep 18 12:21:46 imap-front4 dovecot: director: Fatal: master: 
service(director): child 7941 
killed with signal 6 (core not dumped)
Sep 18 12:21:46 imap-front4 dovecot: director: Connecting to 
212.183.164.161:9090 (as 
212.183.164.164): Initial connection
Sep 18 12:21:46 imap-front4 dovecot: director: Incoming connection from 
director 
212.183.164.163/in

My current config:

root@imap-front4:~# doveconf -n
# 2.2.36 (1f10bfa63): /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-686-pae i686 Debian 7.11 
# Hostname: imap-front4
auth_mechanisms = plain login digest-md5 cram-md5 apop scram-sha-1
auth_verbose = yes
auth_verbose_passwords = plain
base_dir = /var/run/dovecot/
default_login_user = nobody
director_doveadm_port = 9091
director_mail_servers = 192.168.1.142 192.168.1.143 192.168.1.216 192.168.1.217 
192.168.1.218 192.168.1.219
director_servers = 212.183.164.161 212.183.164.162 212.183.164.163 
212.183.164.164
disable_plaintext_auth = no
listen = *
passdb {
  args = /usr/local/etc/dovecot/sql.conf
  driver = sql
}
protocols = imap pop3
service director {
  chroot = 
  fifo_listener login/proxy-notify {
mode = 0666
  }
  inet_listener {
port = 9090
  }
  unix_listener director-userdb {
mode = 0600
  }
  unix_listener login/director {
mode = 0666
  }
}
service imap-login {
  executable = imap-login director
  service_count = 0
  vsz_limit = 128 M
}
service pop3-login {
  executable = pop3-login director
  service_count = 0
  vsz_limit = 128 M
}
ssl_cert =

Re: Using both starttls and ssl in passdb on proxy results in timeouts

2018-09-18 Thread Aki Tuomi 
The problem is that due to how it was done some ages ago, the passdb
result items are treated so that presence means "use it". If you return
'proxy' it means same as 'proxy=y' or 'proxy=yes'.

We are considering on changing this so that it would actually require a
k=v type of syntax, but it's going to be a breaking change.

Aki


On 18.09.2018 11:33, Filias Heidt wrote:
> I tried some more things, such as setting starttls=NULL or ssl=NULL, which 
> does the same as setting it to „no“. Interestingly, if I set ssl=NULL and 
> don’t set starttls at all, it still tries an SSL connection to the backend. 
>
> Is there no way to use starttls or ssl depending on a variable? It could also 
> be possible that I have starttls-backends and ssl-backends which would be a 
> similar use-case to my sieve-thing, I think.
>
> Cheers,
> Filias
>
>> Am 17.09.2018 um 11:54 schrieb Filias Heidt :
>>
>> Hi List,
>>
>> I have a dovecot which proxies to different backends depending on an entry 
>> in a mysql-database. The mysql-query sets ‚ssl‘ to ‚any-cert‘ and this works 
>> fine. But this causes me a problem: sieve-backends only support STARTTLS and 
>> if I set ‚ssl‘ to ‚any-cert‘ (or yes), it will attempt a TLS-connection to 
>> the sieve-backends, which fails. 
>>
>> My attempt was to alter the query to include %{real_lport} and return 
>> ‚ssl=no‘ and ‚starttls=any-cert‘ if the port matches the sieve-port. It 
>> works as expected in that it returns the correct values and proxies to the 
>> correct backend. 
>>
>> However it seems that TLS is no longer working and I get timeouts from the 
>> backends.
>>
>> Debug: client passdb out: OK 1   user=someu...@example.com   proxy   
>> proxy_nopipelining=yhost=backend1.example.com   nodelay=y   
>> nologin starttls=no ssl=any-certhostip=so.me.i.ppass=
>>
>> results in:
>> Sep 17 11:08:47 imapproxy1 dovecot: imap-login: Error: 
>> proxy(someu...@example.com): Login for so.me.i.p:993 timed out in 
>> state=/none (after 30 secs, local=lo.cal.i.p:60524): 
>> user=, method=PLAIN, rip=re.mo.te.ip, lip=lo.cal.i.p, 
>> TLS, session=
>>
>> My query looks like this:
>> password_query = SELECT host from proxy_domain, NULL as password, 'y' as 
>> nopassword, 'y' as proxy, NULL as destuser, 'y' as proxy_nopipelining, 'y' 
>> as nodelay, 'y' as nologin, IF(%{real_lport}=4190, 'any-cert', 'no') as 
>> 'starttls', IF(%{real_lport}<>4190, 'any-cert', 'no') as 'ssl‘;
>>
>> As soon as I remove the starttls-part and the passdb only returns 
>> ssl=any-cert (without starttls=no) it works flawlessly.
>>
>> Is it possible that I am attacking the problem the wrong way? Or is it not 
>> possible to set both starttls and ssl to some values in passdb and 
>> enable/disable them as needed? 
>>
>> Thanks for any input :)
>>
>> Cheers,
>> Filias

Re: Using both starttls and ssl in passdb on proxy results in timeouts

2018-09-18 Thread Filias Heidt 
I tried some more things, such as setting starttls=NULL or ssl=NULL, which does 
the same as setting it to „no“. Interestingly, if I set ssl=NULL and don’t set 
starttls at all, it still tries an SSL connection to the backend. 

Is there no way to use starttls or ssl depending on a variable? It could also 
be possible that I have starttls-backends and ssl-backends which would be a 
similar use-case to my sieve-thing, I think.

Cheers,
Filias

> Am 17.09.2018 um 11:54 schrieb Filias Heidt :
> 
> Hi List,
> 
> I have a dovecot which proxies to different backends depending on an entry in 
> a mysql-database. The mysql-query sets ‚ssl‘ to ‚any-cert‘ and this works 
> fine. But this causes me a problem: sieve-backends only support STARTTLS and 
> if I set ‚ssl‘ to ‚any-cert‘ (or yes), it will attempt a TLS-connection to 
> the sieve-backends, which fails. 
> 
> My attempt was to alter the query to include %{real_lport} and return 
> ‚ssl=no‘ and ‚starttls=any-cert‘ if the port matches the sieve-port. It works 
> as expected in that it returns the correct values and proxies to the correct 
> backend. 
> 
> However it seems that TLS is no longer working and I get timeouts from the 
> backends.
> 
> Debug: client passdb out: OK  1   user=someu...@example.com   proxy   
> proxy_nopipelining=yhost=backend1.example.com   nodelay=y   
> nologin starttls=no ssl=any-certhostip=so.me.i.ppass=
> 
> results in:
> Sep 17 11:08:47 imapproxy1 dovecot: imap-login: Error: 
> proxy(someu...@example.com): Login for so.me.i.p:993 timed out in state=/none 
> (after 30 secs, local=lo.cal.i.p:60524): user=, 
> method=PLAIN, rip=re.mo.te.ip, lip=lo.cal.i.p, TLS, 
> session=
> 
> My query looks like this:
> password_query = SELECT host from proxy_domain, NULL as password, 'y' as 
> nopassword, 'y' as proxy, NULL as destuser, 'y' as proxy_nopipelining, 'y' as 
> nodelay, 'y' as nologin, IF(%{real_lport}=4190, 'any-cert', 'no') as 
> 'starttls', IF(%{real_lport}<>4190, 'any-cert', 'no') as 'ssl‘;
> 
> As soon as I remove the starttls-part and the passdb only returns 
> ssl=any-cert (without starttls=no) it works flawlessly.
> 
> Is it possible that I am attacking the problem the wrong way? Or is it not 
> possible to set both starttls and ssl to some values in passdb and 
> enable/disable them as needed? 
> 
> Thanks for any input :)
> 
> Cheers,
> Filias

Re: Auth process sometimes stop responding after upgrade

2018-09-18 Thread Simone Lazzaris 
In data martedì 11 settembre 2018 10:46:30 CEST, Timo Sirainen ha scritto:
> On 11 Sep 2018, at 10.57, Simone Lazzaris  wrote:
> > Sep 11 03:25:55 imap-front4 dovecot: director: Panic: file
> > doveadm-connection.c: line 1097 (doveadm_connection_deinit): assertion
> > failed: (conn->to_ring_sync_abort == NULL) Sep 11 03:25:55 imap-front4
> > dovecot: director: Fatal: master: service(director): child 4395 killed
> > with signal 6 (core dumps disabled)
> It's crashing. Can you get gdb backtrace? First enable core dumps.
> https://dovecot.org/bugreport.html#coredumps
> 

Hi all, again;

I've enabled the core dumps and let it go for some day waiting for the issue to 
reoccur.

Meantime I've also upgraded the poolmon script, as Sami suggested.

It seems that the upgrade has scared the issue away, because it no longer 
occurred.

Maybe the problem is related to the way the old poolmon talked to the director 
daemon? 
I'm not very inclined to downgrade poolmon to catch a traceback, but can do if 
neccessary.


-- 
*Simone Lazzaris*
*Qcom S.p.A.*
simone.lazza...@qcom.it[1] | www.qcom.it[2]
* LinkedIn[3]* | *Facebook*[4]
[5] 







[1] mailto:simone.lazza...@qcom.it
[2] https://www.qcom.it
[3] https://www.linkedin.com/company/qcom-spa
[4] http://www.facebook.com/qcomspa
[5] https://www.qcom.it/includes/email-banner.gif

Re: Auth process sometimes stop responding after upgrade

2018-09-18 Thread Simone Lazzaris 
In data martedì 11 settembre 2018 10:46:30 CEST, Timo Sirainen ha scritto:
> On 11 Sep 2018, at 10.57, Simone Lazzaris  wrote:
> > Sep 11 03:25:55 imap-front4 dovecot: director: Panic: file
> > doveadm-connection.c: line 1097 (doveadm_connection_deinit): assertion
> > failed: (conn->to_ring_sync_abort == NULL) Sep 11 03:25:55 imap-front4
> > dovecot: director: Fatal: master: service(director): child 4395 killed
> > with signal 6 (core dumps disabled)
> It's crashing. Can you get gdb backtrace? First enable core dumps.
> https://dovecot.org/bugreport.html#coredumps
> 

Hi all, again;

I've enabled the core dumps and let it go for some day waiting for the issue to 
reoccur.

Meantime I've also upgraded the poolmon script, as Sami suggested.

It seems that the upgrade has scared the issue away, because it no longer 
occurred.

Maybe the problem is related to the way the old poolmon talked to the director 
daemon? 
I'm not very inclined to downgrade poolmon to catch a traceback, but can do if 
neccessary.


-- 
*Simone Lazzaris*
*Qcom S.p.A.*
simone.lazza...@qcom.it[1] | www.qcom.it[2]
* LinkedIn[3]* | *Facebook*[4]
[5] 







[1] mailto:simone.lazza...@qcom.it
[2] https://www.qcom.it
[3] https://www.linkedin.com/company/qcom-spa
[4] http://www.facebook.com/qcomspa
[5] https://www.qcom.it/includes/email-banner.gif