date:20190120

Re: assertion failed: (srcleft <= CHARSET_MAX_PENDING_BUF_SIZE)

2019-01-20 Thread Giacomo

I've just enabled core dumps on the involved FreeBSD system. Let's see if
it dumps something..

Il giorno dom 20 gen 2019 alle ore 19:16 Stephan Bosch 
ha scritto:

> Hi Giacomo,
>
> Op 21/12/2018 om 16:16 schreef Giacomo:
> > The bug happens not very often, it might need a week to get a core file.
>
> Any luck getting a core file?
>
> Regards,
>
> Stephan.
> >
> >
> > Il giorno ven 21 dic 2018 alle ore 15:18 Aki Tuomi
> > mailto:aki.tu...@open-xchange.com>> ha
> > scritto:
> >
> >
> > On 21.12.2018 14.49, Giacomo wrote:
> > > I'm running the following:
> > >
> > > # 2.3.4 (0ecbaf23d): /usr/local/etc/dovecot/dovecot.conf
> > > # OS: FreeBSD 11.2-RELEASE-p4 amd64
> > > # FS: ZFS
> > >
> > > auth_mechanisms = plain login
> > > auth_username_format = %Ln
> > > listen = *
> > > mail_location = maildir:~/Maildir
> > > namespace inbox {
> > >   inbox = yes
> > >   location =
> > >   mailbox Drafts {
> > > auto = subscribe
> > > special_use = \Drafts
> > >   }
> > >   mailbox Junk {
> > > auto = subscribe
> > > special_use = \Junk
> > >   }
> > >   mailbox Sent {
> > > special_use = \Sent
> > >   }
> > >   mailbox Trash {
> > > auto = subscribe
> > > special_use = \Trash
> > >   }
> > >   prefix =
> > > }
> > > passdb {
> > >   driver = pam
> > > }
> > > protocols = imap lmtp
> > > service auth {
> > >   unix_listener /var/spool/postfix/private/auth {
> > > group = postfix
> > > mode = 0666
> > > user = postfix
> > >   }
> > >   user = dovecot
> > > }
> > > service imap-login {
> > >   inet_listener imap {
> > > port = 0
> > >   }
> > > }
> > > service lmtp {
> > >   unix_listener /var/spool/postfix/private/dovecot-lmtp {
> > > group = postfix
> > > mode = 0600
> > > user = postfix
> > >   }
> > > }
> > > service stats {
> > >   unix_listener stats-reader {
> > > group =
> > > mode = 0600
> > > user =
> > >   }
> > >   unix_listener stats-writer {
> > > group = $default_internal_group
> > > mode = 0666
> > > user =
> > >   }
> > >   user = $default_internal_user
> > > }
> > > ssl_cert =  > > ssl_key = # hidden, use -P to show it
> > > userdb {
> > >   driver = passwd
> > > }
> > >
> > > dmesg shows:
> > >
> > > pid 74441 (imap), uid 1002: exited on signal 6
> > > pid 74784 (imap), uid 1002: exited on signal 6
> > > pid 21471 (imap), uid 1002: exited on signal 6
> > > pid 21470 (imap), uid 1002: exited on signal 6
> > > pid 21464 (imap), uid 1002: exited on signal 6
> > > pid 21731 (imap), uid 1002: exited on signal 6
> > >
> > > Sometimes the dovecot process serving an user crashes. He runs
> > mostly
> > > airmail on macOS and samsung mail on Android.
> > >
> > > Happens only to that particular user.
> > >
> > > The log shows the following: (maillog)
> > >
> > > Dec 16 14:52:35 mail dovecot: imap-login: Login: user=,
> > > method=PLAIN, rip=79.12.201.157, lip=192.168.1.28, mpid=74779, TLS,
> > > session=
> > > Dec 16 14:52:39 mail dovecot: imap(USER)<74441>:
> > > Panic: file charset-iconv.c: line 83 (charset_to_utf8_try):
> > assertion
> > > failed: (srcleft <= CHARSET_MAX_PENDING_BUF_SIZE)
> > > Dec 16 14:52:39 mail dovecot: imap(USER)<74441>:
> > > Fatal: master: service(imap): child 74441 killed with signal 6
> (core
> > > not dumped - https://dovecot.org/bugreport.html#coredumps - set
> > > service imap { drop_priv_before_exec=yes })
> > >
> > > I'm here if more info is needed.
> > >
> > > Thanks for taking a look.
> >
> >
> > Can you somehow get a core file and get backtrace from it?
> >
> >
> > Aki
> >
>
>

Re: doveadm proxy list repeats header line

2019-01-20 Thread Stephan Bosch





Op 12/12/2018 om 11:42 schreef Michael Goth:


On 12/12/2018 10:19 AM, Aki Tuomi wrote:

Looks like a bug, which version is this?


It's Dovecot 2.3.3


Internally tracked as DOP-816. This is not something we will be working 
on any time soon though (small problem, difficult to fix).


Regards,

Stephan.

Re: Panic…

2019-01-20 Thread Stephan Bosch

Op 13/12/2018 om 09:12 schreef Aki Tuomi:

Yes, and it's our backlog.

Internally tracked as DOP-90.

Regards,

Stephan.

Aki

On 13.12.2018 10.10, Rupert Gallagher via dovecot wrote:
Shouldn't an event of this type trigger a useful warning instead of a 
cryptic programming error?

On Thu, Dec 13, 2018 at 07:42, Timo Sirainen > wrote:
On 13 Dec 2018, at 7.31, SH Development 
 wrote:

>
> I have started getting these in my log. What does this mean and 
what do I need to do?

>
> Panic: file mail-index-util.c: line 37 
(mail_index_uint32_to_offset): assertion failed: (offset < 0x4000)

Your dovecot.index.cache file has grown too huge. The only solution 
now is to delete it, and perhaps try to shrink the number of mails 
in the folder as well. The downside to deleting cache is that it may 
temporarily slow down performance for accessing the folder, 
depending on the IMAP client.

Re: I never touched nuthin'

2019-01-20 Thread Stephan Bosch





Op 14/12/2018 om 13:21 schreef RW via dovecot:

On Sat, 1 Dec 2018 16:35:19 +0200 (EET)
Aki Tuomi wrote:


On 01 December 2018 at 12:09 mick crane  wrote:
  getmail is not sending the delete request.
Mails are sent and received but not deleted gmail so I keep getting
them.

mick@rapunzel:~/.getmail$ getmail --rcfile getmailrc1
Delivery error (command deliver 1363 wrote to stderr:
lda(mick,)Error: net_connect_unix(/var/run/dovecot//stats-writer)
failed: Permission denied)

I think is apt install dovecot on debian buster probably
I updated yesterday but was working OK since so I dunno what
happened. is log full or something ?

you can fix this with

service stats {
  unix_listener stats-writer {
mode = 077
  }
}


But why is this needed? Something has changed. It used to work
without the socket being owned by the user running 'deliver'.

I just ran into this on FreeBSD after a package update, so it's not
just Debian.


Yes, we're working on this issue (internally tracked as DOP-838).

Regards,

Stephan.

Re: 2.3.4 doesnt compile on FreeBSD 11.2 using clang

2019-01-20 Thread Odhiambo Washington

And it works now. I have managed to successfully compile dovecot-2.3.4
against mysql-8.0.13.


On Sun, 20 Jan 2019 at 21:22, Larry Rosenman  wrote:

> the above(below?) cited patch is already in the 2.3.4 port for FreeBSD.
> As I stated earlier, I'm the FreeBSD port maintainer.
>
> On Sun, Jan 20, 2019 at 11:48 AM Stephan Bosch 
> wrote:
>
>>
>>
>> Op 29/12/2018 om 10:25 schreef Aki Tuomi:
>> > Hi!
>> >
>> > Can you give
>> >
>> > https://github.com/dovecot/core/compare/1004822%5E..de42b54a.patch
>> >
>> > a try? It's in master branch.
>>
>> This fix is scheduled for 2.3.5.
>>
>> Regards,
>>
>> Stephan.
>>
>> > On 29 December 2018 at 02:51 Chris  wrote:
>> >
>> >
>> > extract below, this has already been reported a while back but still
>> > no new patch, so this email is to serve as a reminder, if someone
>> > manually fixes it for the ports tree, I dont consider that a fix,
>> > ideally we need this fixed in the source code, as not everyone will
>> > install it from ports.
>> >
>> > Chris
>> >
>> > "clang40 -DHAVE_CONFIG_H -I. -I../..  -I../../src/lib
>> > -I../../src/lib-dns -I../../src/lib-test -I../../src/lib-settings
>> > -I../../src/lib-ssl-iostream -DPKG_RUNDIR=\""/var/run/dovecot"\"
>> > -DPKG_STATEDIR=\""/var/lib/dovecot"\" -DSYSCONFDIR=\""/etc/dovecot"\"
>> > -DBINDIR=\""/usr/bin"\" -I/usr/local/include  -std=gnu99
>> > -fdiagnostics-color -Wl,-rpath=/usr/local/llvm40/lib -O2 -pipe
>> > -march=native -fno-strict-aliasing -fstack-protector-strong
>> > -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wall -W -Wmissing-prototypes
>> > -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2
>> > -Wbad-function-cast -Wno-duplicate-decl-specifier -Wstrict-aliasing=2
>> > -I/usr/local/include   -MT test-event-stats.o -MD -MP -MF
>> > .deps/test-event-stats.Tpo -c -o test-event-stats.o test-event-stats.c
>> > clang-4.0: warning: -Wl,-rpath=/usr/local/llvm40/lib: 'linker' input
>> > unused [-Wunused-command-line-argument]
>> > test-event-stats.c:101:8: warning: implicit declaration of function
>> > 'kill' is invalid in C99 [-Wimplicit-function-declaration]
>> >  (void)kill(stats_pid, SIGKILL);
>> >^
>> > test-event-stats.c:101:24: error: use of undeclared identifier 'SIGKILL'
>> >  (void)kill(stats_pid, SIGKILL);
>> >^
>> > 1 warning and 1 error generated.
>> > gmake[2]: *** [Makefile:656: test-event-stats.o] Error 1
>> > gmake[2]: Leaving directory
>> > '/usr/local/directadmin/custombuild/dovecot-2.3.4/src/lib-master'
>> > gmake[1]: *** [Makefile:565: install-recursive] Error 1
>> > gmake[1]: Leaving directory
>> > '/usr/local/directadmin/custombuild/dovecot-2.3.4/src'
>> > gmake: *** [Makefile:683: install-recursive] Error 1"
>>
>>
>
> --
> Larry Rosenman http://www.lerctr.org/~ler
> Phone: +1 214-642-9640 (c) E-Mail: larry...@gmail.com
> US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
>


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)

Re: 2.3.4 doesnt compile on FreeBSD 11.2 using clang

2019-01-20 Thread Larry Rosenman

the above(below?) cited patch is already in the 2.3.4 port for FreeBSD.  As
I stated earlier, I'm the FreeBSD port maintainer.

On Sun, Jan 20, 2019 at 11:48 AM Stephan Bosch  wrote:

>
>
> Op 29/12/2018 om 10:25 schreef Aki Tuomi:
> > Hi!
> >
> > Can you give
> >
> > https://github.com/dovecot/core/compare/1004822%5E..de42b54a.patch
> >
> > a try? It's in master branch.
>
> This fix is scheduled for 2.3.5.
>
> Regards,
>
> Stephan.
>
> > On 29 December 2018 at 02:51 Chris  wrote:
> >
> >
> > extract below, this has already been reported a while back but still
> > no new patch, so this email is to serve as a reminder, if someone
> > manually fixes it for the ports tree, I dont consider that a fix,
> > ideally we need this fixed in the source code, as not everyone will
> > install it from ports.
> >
> > Chris
> >
> > "clang40 -DHAVE_CONFIG_H -I. -I../..  -I../../src/lib
> > -I../../src/lib-dns -I../../src/lib-test -I../../src/lib-settings
> > -I../../src/lib-ssl-iostream -DPKG_RUNDIR=\""/var/run/dovecot"\"
> > -DPKG_STATEDIR=\""/var/lib/dovecot"\" -DSYSCONFDIR=\""/etc/dovecot"\"
> > -DBINDIR=\""/usr/bin"\" -I/usr/local/include  -std=gnu99
> > -fdiagnostics-color -Wl,-rpath=/usr/local/llvm40/lib -O2 -pipe
> > -march=native -fno-strict-aliasing -fstack-protector-strong
> > -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wall -W -Wmissing-prototypes
> > -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2
> > -Wbad-function-cast -Wno-duplicate-decl-specifier -Wstrict-aliasing=2
> > -I/usr/local/include   -MT test-event-stats.o -MD -MP -MF
> > .deps/test-event-stats.Tpo -c -o test-event-stats.o test-event-stats.c
> > clang-4.0: warning: -Wl,-rpath=/usr/local/llvm40/lib: 'linker' input
> > unused [-Wunused-command-line-argument]
> > test-event-stats.c:101:8: warning: implicit declaration of function
> > 'kill' is invalid in C99 [-Wimplicit-function-declaration]
> >  (void)kill(stats_pid, SIGKILL);
> >^
> > test-event-stats.c:101:24: error: use of undeclared identifier 'SIGKILL'
> >  (void)kill(stats_pid, SIGKILL);
> >^
> > 1 warning and 1 error generated.
> > gmake[2]: *** [Makefile:656: test-event-stats.o] Error 1
> > gmake[2]: Leaving directory
> > '/usr/local/directadmin/custombuild/dovecot-2.3.4/src/lib-master'
> > gmake[1]: *** [Makefile:565: install-recursive] Error 1
> > gmake[1]: Leaving directory
> > '/usr/local/directadmin/custombuild/dovecot-2.3.4/src'
> > gmake: *** [Makefile:683: install-recursive] Error 1"
>
>

-- 
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 (c) E-Mail: larry...@gmail.com
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106

Re: 2.3.4 doesnt compile on FreeBSD 11.2 using clang

2019-01-20 Thread Stephan Bosch





Op 29/12/2018 om 10:25 schreef Aki Tuomi:

Hi!

Can you give

https://github.com/dovecot/core/compare/1004822%5E..de42b54a.patch

a try? It's in master branch.


This fix is scheduled for 2.3.5.

Regards,

Stephan.


On 29 December 2018 at 02:51 Chris  wrote:


extract below, this has already been reported a while back but still
no new patch, so this email is to serve as a reminder, if someone
manually fixes it for the ports tree, I dont consider that a fix,
ideally we need this fixed in the source code, as not everyone will
install it from ports.

Chris

"clang40 -DHAVE_CONFIG_H -I. -I../..  -I../../src/lib
-I../../src/lib-dns -I../../src/lib-test -I../../src/lib-settings
-I../../src/lib-ssl-iostream -DPKG_RUNDIR=\""/var/run/dovecot"\"
-DPKG_STATEDIR=\""/var/lib/dovecot"\" -DSYSCONFDIR=\""/etc/dovecot"\"
-DBINDIR=\""/usr/bin"\" -I/usr/local/include  -std=gnu99
-fdiagnostics-color -Wl,-rpath=/usr/local/llvm40/lib -O2 -pipe
-march=native -fno-strict-aliasing -fstack-protector-strong
-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wall -W -Wmissing-prototypes
-Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2
-Wbad-function-cast -Wno-duplicate-decl-specifier -Wstrict-aliasing=2
-I/usr/local/include   -MT test-event-stats.o -MD -MP -MF
.deps/test-event-stats.Tpo -c -o test-event-stats.o test-event-stats.c
clang-4.0: warning: -Wl,-rpath=/usr/local/llvm40/lib: 'linker' input
unused [-Wunused-command-line-argument]
test-event-stats.c:101:8: warning: implicit declaration of function
'kill' is invalid in C99 [-Wimplicit-function-declaration]
 (void)kill(stats_pid, SIGKILL);
   ^
test-event-stats.c:101:24: error: use of undeclared identifier 'SIGKILL'
 (void)kill(stats_pid, SIGKILL);
   ^
1 warning and 1 error generated.
gmake[2]: *** [Makefile:656: test-event-stats.o] Error 1
gmake[2]: Leaving directory
'/usr/local/directadmin/custombuild/dovecot-2.3.4/src/lib-master'
gmake[1]: *** [Makefile:565: install-recursive] Error 1
gmake[1]: Leaving directory
'/usr/local/directadmin/custombuild/dovecot-2.3.4/src'
gmake: *** [Makefile:683: install-recursive] Error 1"

Re: Localhost imap server fails after upgrade from 2.2.33.2-1 to 1:2.3.2.1 (fwd)

2019-01-20 Thread Stephan Bosch

Op 31/12/2018 om 22:51 schreef Aki Tuomi:

We are working on fixing this.

Internally tracked as DOP-838.

Regards,

Stephan.

On 31 December 2018 at 23:45 Chris BL  wrote:

Hi Aki,

Bingo! Putting that line in dovecot.conf rather than my custom file, and
then using my old custom file, unchanged, from Alpine works perfectly.

My only remaining question, then, would be ... what was this (change)
about / or is there any documentation that I should/could have read to
know what to do without asking a lead developer?

Thank you very much.

  I hope you had a great start to the New Year!

Happy 2019,
Chris

On Mon, 31 Dec 2018, Aki Tuomi wrote:

If your client directly executes imap binary, it is not mandatory for dovecot 
to be running, but you need to put the service section into 
/etc/dovecot/dovecot.conf and restart the dovecot service.

Putting it to your local config file does not affect the global service.

Aki

On 31 December 2018 at 22:16 Chris BL  wrote:

Hi Aki,

I am not 100% sure.  I do not really know what my OS does. "ps -A" says
dovecot is running, but if I say "sudo service dovecot stop", my email
client works fine still (that is, assuming the old version of dovecot is
installed). ie the on-demand instances of dovecot-imapd that Alpine calls
are, I assume, started and stopped by Alpine. (?)

  Is my OS using dovecot for other stuff, like managing system mail (e.g.
root's reports of cron jobs, which still go to /var/mail, but I never read
them)?  I am not certain.  But I believed that any other use of dovecot
would be using a different .conf file, so I was hoping I just had to know
how to make my custom one (-c flag) work.

Thanks,
Chris

On Mon, 31 Dec 2018, Aki Tuomi wrote:

Am I assuming correctly that you are not, in fact, running anything but imap 
process from Dovecot?

Aki

On 31 December 2018 at 18:35 Chris BL  wrote:

Hi Aki,

Oops; I did not think carefully enough about your instructions. Here is the 
output from

$ dovecot -n -c /home/meuser/dotfiles/auto-stanford-dovecot.conf

# 2.3.2.1 (0719df592): /home/meuser/dotfiles/auto-stanford-dovecot.conf
# Pigeonhole version 0.5.2 ()
# OS: Linux 4.18.0-13-generic x86_64 Ubuntu 18.10 ext4
# Hostname: cpbl-t450s
doveconf: Warning: please set ssl_dh= /etc/dovecot/dh.pem
mail_location = 
maildir:/home/meuser/imap/gmailStanford:LAYOUT=fs:INBOX=/home/meuser/imap/gmailStanford/INBOX
service stats {
   unix_listener stats-writer {
     mode = 0666
   }
}
ssl_dh =  # hidden, use -P to show it
verbose_proctitle = yes

I then followed the instructions in the Warning lines above and now I get:

  dovecot -n -c /home/meuser/dotfiles/auto-stanford-dovecot.conf
# 2.3.2.1 (0719df592): /home/meuser/dotfiles/auto-stanford-dovecot.conf
# Pigeonhole version 0.5.2 ()
# OS: Linux 4.18.0-13-generic x86_64 Ubuntu 18.10 ext4
# Hostname: cpbl-t450s
mail_location = 
maildir:/home/meuser/imap/gmailStanford:LAYOUT=fs:INBOX=/home/meuser/imap/gmailStanford/INBOX
service stats {
   unix_listener stats-writer {
     mode = 0666
   }
}
ssl_dh =  # hidden, use -P to show it
verbose_proctitle = yes

However, this does not help my primary symptom:

$ /usr/lib/dovecot/imap -c /home/meuser/dotfiles/auto-stanford-dovecot.conf
imap(meuser,)Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: 
Permission denied
* PREAUTH [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT 
SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND 
URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE
UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES 
WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY LITERAL+ NOTIFY] 
Logged in as meuser

Thanks!
Chris

On Mon, Dec 31, 2018 at 10:27 AM Aki Tuomi  wrote:
   Did you remove the service section before taking doveconf -n? 'cos I 
can't see it here..

   Also, did you restart dovecot after config change?

   Aki

   > On 31 December 2018 at 16:54 Chris BL  
wrote:
   >
   >
   > Hi Aki,
   >
   > Yes, the same connect error: imap(meuser,)Error: 
net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied
   >
   > The mail location in "doveconf -n" (belo) does not reflect my 
preferences.
   >
   > In Alpine, if I acknowledge the error I get, which tells me to add
   > novalidate-cert in my pinerc file, it prompts me for my POSIX username 
and
   > password.  After that, I get my /var/spool/mail inbox, which is not 
what I
   > want.
   >
   >
   > doveconf -n
   > # 2.3.2.1 (0719df592): /etc/dovecot/dovecot.conf
   > # Pigeonhole version 0.5.2 ()
   > # OS: Linux 4.18.0-13-generic x86_64 Ubuntu 18.10
   > # Hostname: myhost-t450s
   > mail_location = mbox:~/mail:INBOX=/var/mail/%u
   > mail_privileged_group = mail
   > namespace inbox {
   >   inbox = yes
   >   location =
   >   mailbox Drafts {
   >     special_use =

Re: doveadm index crash/assert

2019-01-20 Thread Stephan Bosch





Op 02/01/2019 om 23:05 schreef Stephan Bosch:


Op 02/01/2019 om 22:51 schreef Larry Rosenman:

https://www.lerctr.org/~ler/dovecot/doveadm-index-fts-debug.txt

https://www.lerctr.org/~ler/dovecot/doveadm-index-fts-bt.txt

I wish there was a way to set plugins {fts_solr = } from the 
command line :(


but I turned it on globally for that run.


Yeah, it is caused by the interaction between the solr and tika HTTP 
clients in this case. The bug itself will require some care and 
attention, but a quick fix should be provided by:


diff --git a/src/plugins/fts-solr/solr-connection.c 
b/src/plugins/fts-solr/solr-connection.c

index 947ea76af..3389729d1 100644
--- a/src/plugins/fts-solr/solr-connection.c
+++ b/src/plugins/fts-solr/solr-connection.c
@@ -156,7 +156,7 @@ int solr_connection_init(const char *url,
    http_set.request_timeout_msecs = 60*1000;
    http_set.ssl = ssl_client_set;
    http_set.debug = debug;
-   solr_http_client = http_client_init(_set);
+   solr_http_client = http_client_init_private(_set);
    }

    conn->xml_parser = XML_ParserCreate("UTF-8");
diff --git a/src/plugins/fts/fts-parser-tika.c 
b/src/plugins/fts/fts-parser-tika.c

index a4b8b5c30..b8b57a350 100644
--- a/src/plugins/fts/fts-parser-tika.c
+++ b/src/plugins/fts/fts-parser-tika.c
@@ -77,7 +77,7 @@ tika_get_http_client_url(struct mail_user *user, 
struct http_url **http_url_r)

    http_set.request_timeout_msecs = 60*1000;
    http_set.ssl = _set;
    http_set.debug = user->mail_debug;
-   tika_http_client = http_client_init(_set);
+   tika_http_client = http_client_init_private(_set);
    }
    *http_url_r = tuser->http_url;
    return 0;

This will bluntly prevent sharing any state between Solr and Tika HTTP 
clients, also across users (if there is more than one per mail process).


Internally tracked as DOP-850 (and DOP-834 for the underlying problem).

Regards,

Stephan.

Re: Request: Pigeonhole - strip CWFS from message-id logs

2019-01-20 Thread Stephan Bosch





Op 03/01/2019 om 17:29 schreef Stephan Bosch:


Op 30-11-2018 om 14:06 schreef Lee Maguire:
Normally for a log line containing the contents of a Message-Id, it 
is logged like the following


   Nov 29 11:41:27 xxx dovecot[211]: lmtp(lee)<30167>: sieve: 
msgid=: stored mail into mailbox 'Notifications'


However, if there is CFWS other than a space, it changes the format 
of the log line (potentially making the logs harder to process - eg 
via “logcheck" rules)


   Nov 29 11:50:09 xxx dovecot[401]: lmtp(lee)<55724>: sieve: 
msgid=? : stored mail into mailbox ‘Notifications'


A message-id line broken up is valid per RFC 5322 and header 
whitespace shouldn’t be significant for logging purposes


   https://tools.ietf.org/html/rfc5322#section-3.6.4
   https://tools.ietf.org/html/rfc5322#section-3.2.2



Yes, that is a bug.


Internally tracked as DOP-870.

Regards,

Stephan.

Re: Feature request: client bind address for replication

2019-01-20 Thread Stephan Bosch


Hi John,

Op 04/01/2019 om 16:25 schreef John Fawcett:

Hi

would it be possible to consider a new parameter for replication:
doveadm_local_ip which allows the source ip address to be set when
connection to a remote dovecot for replication?

It could be useful when the network interface has multiple ips and a
specific one is used for mail services. See attached proposal. I tested
against 2.2.36 only. It applies correctly against 2.3.4 with a warning,.


I am not sure whether this can be added (soon or at all), but it is now 
tracked internally as DOP-869 so we don't forget.


Regards,

Stephan.

Re: auth-worker service failed since recent MariaDB upgrade

2019-01-20 Thread Bogomil Vasilev via dovecot


Hello Stephan,

Great, that's fine. However, I don't see how your link is related to my 
issue.

Anyway, the patch works. Hope it makes it to upstream soon.

Best regards,

---
BOGOMIL VASILEV
For contacts, use this e-mail. My GPG key is 646F3ABF6E457336
Website: HTTPS://WWW.SMIRKY.NET/

On 2019-01-20 19:07, Stephan Bosch wrote:


Op 20/01/2019 om 15:30 schreef Bogomil Vasilev via dovecot:


Hello Aki,

This patch seems to have done the trick - hopefully it works fine and 
doesn't mask the problem.

From the patch content, I see that it's from 4th of December.
Is there a reason why this hasn't made it yet into upstream?


It is still being tested in QA (other stuff came first). It is 
internally tracked as DOV-2826, which merged to master.



Did you come across this bug on your own and patch it temporarily?


Bug was seen earlier here: 
https://www.dovecot.org/pipermail/dovecot/2018-November/113627.html


Regards,

Stephan.

Best regards,

---
BOGOMIL VASILEV
For contacts, use this e-mail. My GPG key is 646F3ABF6E457336
Website: HTTPS://WWW.SMIRKY.NET/

On 2019-01-20 15:11, Aki Tuomi wrote:

Can you try if 
https://github.com/dovecot/core/commit/3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch 
helps?


Aki
On 20 January 2019 at 15:05 Bogomil Vasilev via dovecot < 
dovecot@dovecot.org> wrote:


Hello,

I rebuilt mariadb and dovecot with debug symbols.
The backtrace is this:

Program terminated with signal SIGABRT, Aborted.
#0 0x7fb040e0cd7f in raise () from /usr/lib/libc.so.6
(gdb) bt full
#0 0x7fb040e0cd7f in raise () from /usr/lib/libc.so.6
No symbol table info available.
#1 0x7fb040df7672 in abort () from /usr/lib/libc.so.6
No symbol table info available.
#2 0x7fb040e4f878 in __libc_message () from /usr/lib/libc.so.6
No symbol table info available.
#3 0x7fb040e5618a in malloc_printerr () from /usr/lib/libc.so.6
No symbol table info available.
#4 0x7fb040e57b27 in _int_free () from /usr/lib/libc.so.6
No symbol table info available.
#5 0x7fb04114db89 in mysql_close (mysql=0x5592728448e0) at
/usr/src/debug/mariadb-10.3.12/libmariadb/libmariadb/mariadb_lib.c:1940
p = 
#6 mysql_close (mysql=0x5592728448e0) at
/usr/src/debug/mariadb-10.3.12/libmariadb/libmariadb/mariadb_lib.c:1913
p = 
#7 0x5592724e2dac in driver_sqlpool_disconnect (_db=0x559272843be0)
at driver-sqlpool.c:590
conn__foreach_end = 0x559272844090
db = 0x559272843be0
conn = 0x559272844080
#8 0x5592724d78fc in db_sql_unref (_conn=0x55927283b5e8) at
db-sql.c:128
conn = 0x559272843818
#9 0x5592724cf89c in userdb_deinit (userdb=0x55927283b5c0) at
userdb.c:191
idx = 0
__func__ = "userdb_deinit"
#10 0x5592724afbb9 in auth_deinit (auth=0x55927283b320) at
auth.c:335
passdb = 
userdb = 0x55927283b4e0
passdb = 
userdb = 
#11 auths_deinit () at auth.c:433
auth__foreach_end = 0x559272842e18
auth = 0x559272842e10
#12 0x5592724ae664 in main_deinit () at main.c:271
l = 
l = 
l_end = 
#13 main (argc=, argv=) at main.c:398
c = 
(gdb)

My `dovecot -n` output is this:

0 « root » /home/smirky/stuff/ABS/dovecot # dovecot -n
# 2.3.4 (0ecbaf23d): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 (60b0f48d)
# OS: Linux 5.0.0-rc2-mainline x86_64 Arch Linux
# Hostname: archy
dict {
quotadict = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
mail_home = /home/vmail/%d/%u
mail_location = maildir:~
mail_plugins = quota
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date i
ndex ihave duplicate mime foreverypart extracttext imapsieve
vnd.dovecot.imapsieve
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = create
special_use = \Drafts
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
auto = no
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Spam
imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_name = *
quota = dict:User quota::proxy::quotadict
quota_rule2 = Trash:storage=+10%%
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
quota_warning3 = -storage=100%% quota-warning below 100 %u
sieve_before = /etc/dovecot/sieve/filter.sieve
sieve_global_extensions = +vnd.dovecot.pipe
sieve_pipe_bin_dir = /etc/dovecot/sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
}
protocols = imap pop3 sieve
service auth-worker {
unix_listener auth-worker {
group = vmail
mode = 0666
user = vmail
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group =

Re: Dovecot 2.3.4 crash

2019-01-20 Thread Stephan Bosch





Op 04/12/2018 om 15:58 schreef Aki Tuomi:

On 04 December 2018 at 13:23 Guillaume via dovecot  wrote:


A full example with dovecot debug symbols activated (note since I have activate 
valgrind, no more segfault it’s normal I presume ):


Hi!

We believe this is fixed with 
https://github.com/dovecot/core/commit/3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch


Internally tracked as DOV-2826.

Regards,

Stephan.

Re: auth-worker service failed since recent MariaDB upgrade

2019-01-20 Thread Stephan Bosch





Op 20/01/2019 om 15:30 schreef Bogomil Vasilev via dovecot:

Hello Aki,

This patch seems to have done the trick - hopefully it works fine and 
doesn't mask the problem.

From the patch content, I see that it's from 4th of December.
Is there a reason why this hasn't made it yet into upstream?


It is still being tested in QA (other stuff came first). It is 
internally tracked as DOV-2826, which merged to master.



Did you come across this bug on your own and patch it temporarily?


Bug was seen earlier here: 
https://www.dovecot.org/pipermail/dovecot/2018-November/113627.html


Regards,

Stephan.


Best regards,

---
BOGOMIL VASILEV
For contacts, use this e-mail. My GPG key is 646F3ABF6E457336
Website: HTTPS://WWW.SMIRKY.NET/

On 2019-01-20 15:11, Aki Tuomi wrote:

Can you try if 
https://github.com/dovecot/core/commit/3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch 
helps?


Aki
On 20 January 2019 at 15:05 Bogomil Vasilev via dovecot < 
dovecot@dovecot.org> wrote:


Hello,

I rebuilt mariadb and dovecot with debug symbols.
The backtrace is this:

Program terminated with signal SIGABRT, Aborted.
#0 0x7fb040e0cd7f in raise () from /usr/lib/libc.so.6
(gdb) bt full
#0 0x7fb040e0cd7f in raise () from /usr/lib/libc.so.6
No symbol table info available.
#1 0x7fb040df7672 in abort () from /usr/lib/libc.so.6
No symbol table info available.
#2 0x7fb040e4f878 in __libc_message () from /usr/lib/libc.so.6
No symbol table info available.
#3 0x7fb040e5618a in malloc_printerr () from /usr/lib/libc.so.6
No symbol table info available.
#4 0x7fb040e57b27 in _int_free () from /usr/lib/libc.so.6
No symbol table info available.
#5 0x7fb04114db89 in mysql_close (mysql=0x5592728448e0) at
/usr/src/debug/mariadb-10.3.12/libmariadb/libmariadb/mariadb_lib.c:1940
p = 
#6 mysql_close (mysql=0x5592728448e0) at
/usr/src/debug/mariadb-10.3.12/libmariadb/libmariadb/mariadb_lib.c:1913
p = 
#7 0x5592724e2dac in driver_sqlpool_disconnect (_db=0x559272843be0)
at driver-sqlpool.c:590
conn__foreach_end = 0x559272844090
db = 0x559272843be0
conn = 0x559272844080
#8 0x5592724d78fc in db_sql_unref (_conn=0x55927283b5e8) at
db-sql.c:128
conn = 0x559272843818
#9 0x5592724cf89c in userdb_deinit (userdb=0x55927283b5c0) at
userdb.c:191
idx = 0
__func__ = "userdb_deinit"
#10 0x5592724afbb9 in auth_deinit (auth=0x55927283b320) at
auth.c:335
passdb = 
userdb = 0x55927283b4e0
passdb = 
userdb = 
#11 auths_deinit () at auth.c:433
auth__foreach_end = 0x559272842e18
auth = 0x559272842e10
#12 0x5592724ae664 in main_deinit () at main.c:271
l = 
l = 
l_end = 
#13 main (argc=, argv=) at main.c:398
c = 
(gdb)

My `dovecot -n` output is this:

0 « root » /home/smirky/stuff/ABS/dovecot # dovecot -n
# 2.3.4 (0ecbaf23d): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 (60b0f48d)
# OS: Linux 5.0.0-rc2-mainline x86_64 Arch Linux
# Hostname: archy
dict {
quotadict = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
mail_home = /home/vmail/%d/%u
mail_location = maildir:~
mail_plugins = quota
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date i
ndex ihave duplicate mime foreverypart extracttext imapsieve
vnd.dovecot.imapsieve
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = create
special_use = \Drafts
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
auto = no
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Spam
imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_name = *
quota = dict:User quota::proxy::quotadict
quota_rule2 = Trash:storage=+10%%
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
quota_warning3 = -storage=100%% quota-warning below 100 %u
sieve_before = /etc/dovecot/sieve/filter.sieve
sieve_global_extensions = +vnd.dovecot.pipe
sieve_pipe_bin_dir = /etc/dovecot/sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
}
protocols = imap pop3 sieve
service auth-worker {
unix_listener auth-worker {
group = vmail
mode = 0666
user = vmail
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
user = root
}
service dict {
unix_listener dict {
group = vmail
mode = 0660
user = vmail
}
user = root
}
service imap-login {
inet_listener imap {
address = 127.0.0.1
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
service pop3-login {
inet_listener pop3 {
address =

doveadm move that hangs

2019-01-20 Thread Marc Roos



I have a  doveadm move that hangs, and cannot kill it. Leaving these 
files. Did I lose mails now?


-rw--- 1 testuser popusers  4.0M Jan 20 17:42 
.temp.1548002572.P1969Q0M313023.host
-rw--- 1 testuser popusers  3.9M Jan 20 17:42 
.temp.1548002572.P1969Q1M313023.host
-rw--- 1 testuser popusers 1017K Jan 20 17:42 
.temp.1548002572.P1969Q2M313023.host
drwx-- 1 testuser popusers   574 Jan 20 17:42 .
-rw--- 1 testuser popusers   12M Jan 20 17:42 
.temp.1548002572.P1969Q3M313023.host

Re: SCRAM-SHA-256 and SCRAM-SHA-512 supports

2019-01-20 Thread Stephan Bosch





Op 20/01/2019 om 15:29 schreef - Neustradamus -:

Hello Stephan,

The -PLUS variant for all SCRAM is not possible too for have (with 
other SCRAM):


SCRAM-SHA-1(-PLUS), SCRAM-SHA-224(-PLUS), SCRAM-SHA-256(-PLUS), 
SCRAM-SHA-384(-PLUS), SCRAM-SHA-512(-PLUS)




I haven't looked at channel binding, but that is not going to be as easy.


Some softwares use already it...



Such as?



Thanks in advance.



Regards,

Stephan.




Regards,

Neustradamus


*De :* Stephan Bosch 
*Envoyé :* dimanche 20 janvier 2019 12:14
*À :* - Neustradamus -; dovecot@dovecot.org
*Objet :* Re: SCRAM-SHA-256 and SCRAM-SHA-512 supports


Op 20/01/2019 om 00:45 schreef - Neustradamus -:
> Hello all,
>
> I would like to know if it is possible to add SCRAM-SHA-256 and
> SCRAM-SHA-512 supports?
>
> RFC7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS: Simple Authentication
> and Security Layer (SASL) Mechanisms
> https://tools.ietf.org/html/rfc7677
>
> Thanks in advance.

https://www.dovecot.org/pipermail/dovecot/2019-January/114194.html

Any particular application you have in mind?

Regards,

Stephan.

Re: auth core dump

2019-01-20 Thread Mamontov Roman

> Op 10/01/2019 om 14:43 schreef Mamontov Roman:
[...]
> Thanks for reporting this. We're looking into it.
> Tracking internally as DOP-867.

Sorry for late answer: I found where problem: dovecot been compiled
on  11-Stable  branch  with  ports OpenSSL. After upgrade to 12-Stable
(which  have  base  OpenSSL  1.1.1)  dovecot (and some other software,
which  use OpenSSL library, but not all) hangs when user connected via
SSL'ed  imap  with  core  dumps.  When  I  removed  ports  OpenSSL and
recompile dovecot with base OpenSSL 1.1.1 it stopped hangs.

Re: auth-worker service failed since recent MariaDB upgrade

2019-01-20 Thread Bogomil Vasilev via dovecot


Hello Aki,

This patch seems to have done the trick - hopefully it works fine and 
doesn't mask the problem.

From the patch content, I see that it's from 4th of December.
Is there a reason why this hasn't made it yet into upstream?
Did you come across this bug on your own and patch it temporarily?

Best regards,

---
BOGOMIL VASILEV
For contacts, use this e-mail. My GPG key is 646F3ABF6E457336
Website: HTTPS://WWW.SMIRKY.NET/

On 2019-01-20 15:11, Aki Tuomi wrote:

Can you try if  
https://github.com/dovecot/core/commit/3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch 
helps?


Aki
On 20 January 2019 at 15:05 Bogomil Vasilev via dovecot < 
dovecot@dovecot.org> wrote:


Hello,

I rebuilt mariadb and dovecot with debug symbols.
The backtrace is this:

Program terminated with signal SIGABRT, Aborted.
#0 0x7fb040e0cd7f in raise () from /usr/lib/libc.so.6
(gdb) bt full
#0 0x7fb040e0cd7f in raise () from /usr/lib/libc.so.6
No symbol table info available.
#1 0x7fb040df7672 in abort () from /usr/lib/libc.so.6
No symbol table info available.
#2 0x7fb040e4f878 in __libc_message () from /usr/lib/libc.so.6
No symbol table info available.
#3 0x7fb040e5618a in malloc_printerr () from /usr/lib/libc.so.6
No symbol table info available.
#4 0x7fb040e57b27 in _int_free () from /usr/lib/libc.so.6
No symbol table info available.
#5 0x7fb04114db89 in mysql_close (mysql=0x5592728448e0) at
/usr/src/debug/mariadb-10.3.12/libmariadb/libmariadb/mariadb_lib.c:1940
p = 
#6 mysql_close (mysql=0x5592728448e0) at
/usr/src/debug/mariadb-10.3.12/libmariadb/libmariadb/mariadb_lib.c:1913
p = 
#7 0x5592724e2dac in driver_sqlpool_disconnect (_db=0x559272843be0)
at driver-sqlpool.c:590
conn__foreach_end = 0x559272844090
db = 0x559272843be0
conn = 0x559272844080
#8 0x5592724d78fc in db_sql_unref (_conn=0x55927283b5e8) at
db-sql.c:128
conn = 0x559272843818
#9 0x5592724cf89c in userdb_deinit (userdb=0x55927283b5c0) at
userdb.c:191
idx = 0
__func__ = "userdb_deinit"
#10 0x5592724afbb9 in auth_deinit (auth=0x55927283b320) at
auth.c:335
passdb = 
userdb = 0x55927283b4e0
passdb = 
userdb = 
#11 auths_deinit () at auth.c:433
auth__foreach_end = 0x559272842e18
auth = 0x559272842e10
#12 0x5592724ae664 in main_deinit () at main.c:271
l = 
l = 
l_end = 
#13 main (argc=, argv=) at main.c:398
c = 
(gdb)

My `dovecot -n` output is this:

0 « root » /home/smirky/stuff/ABS/dovecot # dovecot -n
# 2.3.4 (0ecbaf23d): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 (60b0f48d)
# OS: Linux 5.0.0-rc2-mainline x86_64 Arch Linux
# Hostname: archy
dict {
quotadict = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
mail_home = /home/vmail/%d/%u
mail_location = maildir:~
mail_plugins = quota
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date i
ndex ihave duplicate mime foreverypart extracttext imapsieve
vnd.dovecot.imapsieve
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = create
special_use = \Drafts
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
auto = no
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Spam
imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_name = *
quota = dict:User quota::proxy::quotadict
quota_rule2 = Trash:storage=+10%%
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
quota_warning3 = -storage=100%% quota-warning below 100 %u
sieve_before = /etc/dovecot/sieve/filter.sieve
sieve_global_extensions = +vnd.dovecot.pipe
sieve_pipe_bin_dir = /etc/dovecot/sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
}
protocols = imap pop3 sieve
service auth-worker {
unix_listener auth-worker {
group = vmail
mode = 0666
user = vmail
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
user = root
}
service dict {
unix_listener dict {
group = vmail
mode = 0660
user = vmail
}
user = root
}
service imap-login {
inet_listener imap {
address = 127.0.0.1
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
service pop3-login {
inet_listener pop3 {
address = 127.0.0.1
}
}
service quota-warning {
executable = script /usr/local/bin/quota-warning.sh
unix_listener quota-warning {
group = vmail
mode = 0660
user = vmail
}
user = vmail
}
service stats {
unix_listener stats-reader {
group = vmail
mode = 0660
user = vmail
}
unix_listener stats-writer {
group = vmail
mode =

RE: SCRAM-SHA-256 and SCRAM-SHA-512 supports

2019-01-20 Thread - Neustradamus -

Hello Stephan,

Thanks for the link about SCRAM-SHA-256, good news for this point, hope a merge 
soon :)
I am from this page: https://wiki.dovecot.org/Authentication/PasswordSchemes ^^

The -PLUS variant for all SCRAM is not possible too for have (with other SCRAM):

SCRAM-SHA-1(-PLUS), SCRAM-SHA-224(-PLUS), SCRAM-SHA-256(-PLUS), 
SCRAM-SHA-384(-PLUS), SCRAM-SHA-512(-PLUS)

Some softwares use already it...

Thanks in advance.

Regards,

Neustradamus


De : Stephan Bosch 
Envoyé : dimanche 20 janvier 2019 12:14
À : - Neustradamus -; dovecot@dovecot.org
Objet : Re: SCRAM-SHA-256 and SCRAM-SHA-512 supports



Op 20/01/2019 om 00:45 schreef - Neustradamus -:
> Hello all,
>
> I would like to know if it is possible to add SCRAM-SHA-256 and
> SCRAM-SHA-512 supports?
>
> RFC7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS: Simple Authentication
> and Security Layer (SASL) Mechanisms
> https://tools.ietf.org/html/rfc7677
>
> Thanks in advance.

https://www.dovecot.org/pipermail/dovecot/2019-January/114194.html

Any particular application you have in mind?

Regards,

Stephan.

Re: sieve issue after upgrad

2019-01-20 Thread Tim Dickson via dovecot


On 20/01/2019 11:29, Stephan Bosch wrote:



Op 20/01/2019 om 00:21 schreef Tim Dickson via dovecot:

On 19/01/2019 17:54, Stephan Bosch wrote:

relevant info from /var/log/dovecot.log (domain changed for privacy)


Jan 19 09:27:09 lda(tim): Debug: Loading modules from directory: 
/usr/lib64/dovecot
Jan 19 09:27:09 lda(tim): Debug: Module loaded: 
/usr/lib64/dovecot/lib90_sieve_plugin.so
Jan 19 09:27:09 lda(tim): Debug: auth USER input: tim 
system_groups_user=tim uid=1003 gid=100 home=/home/tim
Jan 19 09:27:09 lda(tim): Debug: Effective uid=1003, gid=100, 
home=/home/tim
Jan 19 09:27:09 lda(tim): Debug: maildir++: 
root=/var/spool/dovecot/tim, index=, indexpvt=, control=, 
inbox=/var/spool/dovecot/tim, alt=
Jan 19 09:27:09 lda(tim): Debug: none: root=, index=, indexpvt=, 
control=, inbox=, alt=
Jan 19 09:27:09 lda(tim): Debug: Destination address: 
 (source: user@hostname)
Jan 19 09:27:09 lda(tim): Debug: sieve: Pigeonhole version 0.5.1 
(d9bc6dfe) initializing
Jan 19 09:27:09 lda(tim): Debug: sieve: include: sieve_global is 
not set; it is currently not possible to include `:global' scripts.
Jan 19 09:27:09 lda(tim): Debug: sieve: file storage: Using active 
Sieve script path: /home/tim/.dovecot.sieve
Jan 19 09:27:09 lda(tim): Debug: sieve: file storage: Using script 
storage path: /home/tim/sieve
Jan 19 09:27:09 lda(tim): Debug: sieve: file storage: Relative path 
to sieve storage in active link: sieve/
Jan 19 09:27:09 lda(tim): Debug: sieve: file storage: Using Sieve 
script path: /home/tim/.dovecot.sieve
Jan 19 09:27:09 lda(tim): Debug: sieve: file script: Opened script 
`test' from `/home/tim/.dovecot.sieve'
Jan 19 09:27:09 lda(tim): Debug: sieve: Using the following 
location for user's Sieve script: /home/tim/.dovecot.sieve


Here, all Sieve involvement abruptly seems to stop, which is very 
very weird.


I'd expect this to end in some sort of error message. Is there a 
/var/log/dovecot.error or something like that? You can verify where 
things are logged using `sudo doveadm log find`.




output of doveadm log find
Looking for log files from /var/log
Debug: /var/log/dovecot.log
Info: /var/log/dovecot.info
Warning: /var/log/maillog
Error: /var/log/maillog
Fatal: /var/log/maillog

I have listed below the section of /var/log/maillog which appears to 
be relevant . (domain changed for privacy)


Jan 18 23:13:46 mail dovecot: lda(tim): Error: sieve: Failed to 
initialize script execution: Invalid postmaster_address: invalid 
address `postmaster@' specified for the postmaster_address setting
Jan 18 23:13:46 mail sm-mta[866]: x0INDhct000865: 
to=, ctladdr= (1002/100), 
delay=00:00:00, xdelay=00:00:00, mailer=local, pri=33291, dsn=2.0.0, 
stat=Sent
Jan 18 23:21:14 mail dovecot: master: Warning: Killed with signal 15 
(by pid=905 uid=0 code=kill)


There are other mails with the same "invalid address `postmaster@' to 
other users.
Is a postmaster address is required for sieve to work.? if so where 
should it go. is it the sieve_user_email declaration ?

thanks.


Aha! So, you tripped over a 2.3.1 bug. The best way to work around 
this is by setting a proper explicit value for the global 
postmaster_address setting (https://wiki.dovecot.org/LDA). So, 
Pigeonhole does not define this setting; it is defined by Dovecot 
LDA/LMTP.


Regards,

Stephan.

Brilliant. that fixed it. the scripts are running again, and my test, 
and out of office is working. So it is just that there is no default for 
that field, and the example comments need to be updated.  (i just 
checked the 2.3.4 source and the example 15-lda.conf still implies a 
default, or has the behaviour been fixed in newer versions so it works?) 
I'll let the slackware build maintainer know so it can be added to the 
readme for 2.3.1 version.


many thanks everyone for your assistance.
regards, Tim

Re: Localhost imap server fails after upgrade from 2.2.33.2-1 to 1:2.3.2.1

2019-01-20 Thread Stephan Bosch





Op 06/01/2019 om 15:29 schreef Chris BL:

Hello Stephan,

I'm interested to see this get fixed (and ideally one day for it to be
really easy for people to set up Alpine so that it competes fairly with
heavier GUIs!), but I do not know that I am qualified to help (beyond
light testing).  Is there someone from Alpine on this thread?


The trigger for this problem is being worked on (tracked internally as 
DOP-838). The overall Alpine issue I don't know.

The second (askubuntu.com) link you give is my own question (and answer, based 
on Aki
Tuomi's earlier responses).

Oh, lol :)

Regards,

Stephan.




On Sun, 6 Jan 2019, Stephan Bosch wrote:


Op 31/12/2018 om 16:53 schreef Chris Barrington-Leigh:

I then followed the instructions in the Warning lines above and now I get:

  dovecot -n -c /home/meuser/dotfiles/auto-stanford-dovecot.conf
# 2.3.2.1 (0719df592): /home/meuser/dotfiles/auto-stanford-dovecot.conf
# Pigeonhole version 0.5.2 ()
# OS: Linux 4.18.0-13-generic x86_64 Ubuntu 18.10 ext4
# Hostname: cpbl-t450s
mail_location =
maildir:/home/meuser/imap/gmailStanford:LAYOUT=fs:INBOX=/home/meuser/imap/gmailStanford/INBOX
service stats {
   unix_listener stats-writer {
     mode = 0666
   }
}
ssl_dh =  # hidden, use -P to show it
verbose_proctitle = yes


However, this does not help my primary symptom:


$ /usr/lib/dovecot/imap -c /home/meuser/dotfiles/auto-stanford-dovecot.conf
imap(meuser,)Error: net_connect_unix(/var/run/dovecot/stats-writer) failed:
Permission denied
* PREAUTH [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT
SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND
URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED
I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH
LIST-STATUS BINARY MOVE SNIPPET=FUZZY LITERAL+ NOTIFY] Logged in as meuser


I notice that you use an explicit configuration file for your imap invocation.
Which likely means that this is something different from the config used the
main dovecot service running on your system. That service block needs to be in
the configuration of the dovecot instance running the stats service (which is
likely just the main /etc/dovecot/dovecot.conf). Given the location of your
own config file, I'm assuming you cannot manage the main dovecot instance?

BTW, there is a related thread with a different solution to this issue:

https://www.dovecot.org/pipermail/dovecot/2019-January/114151.html

We're still working on getting that bug fixed, so that will not help you
immediately, unless you can patch dovecot.

BTW, I find it a bit weird that Alpine would fail on this. It is not a fatal
error, so the imap service will just work. The error is sent to /dev/stderr,
so I'd normally expect a service like Alpine to be able to ignore output sent
there.

The question below is about the same issue and their config suggests that
stderr is sent to a log file:

https://askubuntu.com/questions/1104056/how-to-use-local-dovecot-imap-with-alpine-18-10-changes

So, I really don't understand what the core of the problem is. Why does Alpine
fail on this at all?

Regards,

Stephan.

Re: Issue with LMTP proxying and port number

2019-01-20 Thread Stephan Bosch





Op 06/01/2019 om 19:35 schreef Stephan Bosch:

Op 06/01/2019 om 17:02 schreef Steven Craig:

On 1/6/2019 8:00 AM, Stephan Bosch wrote:

Op 06/01/2019 om 11:50 schreef Stephan Bosch:

Op 31/12/2018 om 23:59 schreef Steven Craig:

Hello there,

Everything was working fine on Dovecot 2.2.10 (on CentOS 7), but 
after updating to version 2.2.36, our director servers are not 
able to proxy LMTP.


We are sending mail from exim to the local Dovecot LMTP socket, 
which then used to send it to our internal mail servers on port 24.


Besides the update, nothing has changed in the config files. The 
configuration has been working great for months … Then we had a 
great idea of doing holiday maintenance.


(Currently, we are working around this issue by having exim send 
mail to the IP and port, instead of the socket.)


Doing a tcpdump capture shows no TCP traffic either.  The logs 
seem to say that it is trying to go to port 0, so my guess is that 
it’s not getting the port directive from either static or sql — 
since the docs state that if these settings aren't specified, it 
will always use the same connection type for the proxy that it 
received the connection on.


Any thoughts?  I can share config if necessary.


Yes, output from `dovecot -n` could be helpful.
Also a literal dump of those errors in the log could help.


Never mind, I can reproduce it here, even with master.
We'll get back to you.


Actually, this is equally problematic for Dovecot v2.2.10. I could 
reproduce this there too by my method (after some considerable 
difficulty to get that compiled on a modern system). So, first of all, 
I am wondering why this worked at your end in the first place and why 
it finally failed upon upgrade.


The problem is that services like imap, pop3, managesieve, and 
submission define a literal default port for proxying, while lmtp 
really doesn't. Instead, LMTP uses the local port of the server as the 
default for the outgoing proxy connection. With unix services, there 
is no local port and hence no default, which instead results in using 
an (erroneous) port 0.


Arguably, it would be useful to define a lmtp_proxy_port setting to 
have a default for situations when none other can be obtained. LMTP 
has no properly registered standard port, so hard-coding the default 
to 24 could be a bad idea.


Tracking internally as DOP-868.

Regards,

Stephan.

Re: auth-worker service failed since recent MariaDB upgrade

2019-01-20 Thread Aki Tuomi



 
 
  
   Can you try if  https://github.com/dovecot/core/commit/3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch helps?
   
  
  
   
  
  
   Aki
  
  
   
On 20 January 2019 at 15:05 Bogomil Vasilev via dovecot <
dovecot@dovecot.org> wrote:
   
   

   
   

   
   
Hello,
   
   

   
   
I rebuilt mariadb and dovecot with debug symbols.
   
   
The backtrace is this:
   
   

   
   
Program terminated with signal SIGABRT, Aborted.
   
   
#0 0x7fb040e0cd7f in raise () from /usr/lib/libc.so.6
   
   
(gdb) bt full
   
   
#0 0x7fb040e0cd7f in raise () from /usr/lib/libc.so.6
   
   
No symbol table info available.
   
   
#1 0x7fb040df7672 in abort () from /usr/lib/libc.so.6
   
   
No symbol table info available.
   
   
#2 0x7fb040e4f878 in __libc_message () from /usr/lib/libc.so.6
   
   
No symbol table info available.
   
   
#3 0x7fb040e5618a in malloc_printerr () from /usr/lib/libc.so.6
   
   
No symbol table info available.
   
   
#4 0x7fb040e57b27 in _int_free () from /usr/lib/libc.so.6
   
   
No symbol table info available.
   
   
#5 0x7fb04114db89 in mysql_close (mysql=0x5592728448e0) at
   
   
/usr/src/debug/mariadb-10.3.12/libmariadb/libmariadb/mariadb_lib.c:1940
   
   
p = 
   
   
#6 mysql_close (mysql=0x5592728448e0) at
   
   
/usr/src/debug/mariadb-10.3.12/libmariadb/libmariadb/mariadb_lib.c:1913
   
   
p = 
   
   
#7 0x5592724e2dac in driver_sqlpool_disconnect (_db=0x559272843be0)
   
   
at driver-sqlpool.c:590
   
   
conn__foreach_end = 0x559272844090
   
   
db = 0x559272843be0
   
   
conn = 0x559272844080
   
   
#8 0x5592724d78fc in db_sql_unref (_conn=0x55927283b5e8) at
   
   
db-sql.c:128
   
   
conn = 0x559272843818
   
   
#9 0x5592724cf89c in userdb_deinit (userdb=0x55927283b5c0) at
   
   
userdb.c:191
   
   
idx = 0
   
   
__func__ = "userdb_deinit"
   
   
#10 0x5592724afbb9 in auth_deinit (auth=0x55927283b320) at
   
   
auth.c:335
   
   
passdb = 
   
   
userdb = 0x55927283b4e0
   
   
passdb = 
   
   
userdb = 
   
   
#11 auths_deinit () at auth.c:433
   
   
auth__foreach_end = 0x559272842e18
   
   
auth = 0x559272842e10
   
   
#12 0x5592724ae664 in main_deinit () at main.c:271
   
   
l = 
   
   
l = 
   
   
l_end = 
   
   
#13 main (argc=, argv=) at main.c:398
   
   
c = 
   
   
(gdb)
   
   

   
   

   
   
My `dovecot -n` output is this:
   
   

   
   
0 « root » /home/smirky/stuff/ABS/dovecot # dovecot -n
   
   
# 2.3.4 (0ecbaf23d): /etc/dovecot/dovecot.conf
   
   
# Pigeonhole version 0.5.4 (60b0f48d)
   
   
# OS: Linux 5.0.0-rc2-mainline x86_64 Arch Linux
   
   
# Hostname: archy
   
   
dict {
   
   
quotadict = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
   
   
}
   
   
mail_home = /home/vmail/%d/%u
   
   
mail_location = maildir:~
   
   
mail_plugins = quota
   
   
managesieve_notify_capability = mailto
   
   
managesieve_sieve_capability = fileinto reject envelope
   
   
encoded-character vacation subaddress comparator-i;ascii-numeric
   
   
relational regex imap4flags copy include variables body enotify
   
   
environment mailbox date i
   
   
ndex ihave duplicate mime foreverypart extracttext imapsieve
   
   
vnd.dovecot.imapsieve
   
   
namespace inbox {
   
   
inbox = yes
   
   
location =
   
   
mailbox Drafts {
   
   
auto = create
   
   
special_use = \Drafts
   
   
}
   
   
mailbox Sent {
   
   
auto = subscribe
   
   
special_use = \Sent
   
   
}
   
   
mailbox "Sent Messages" {
   
   
auto = no
   
   
special_use = \Sent
   
   
}
   
   
mailbox Spam {
   
   
auto = subscribe
   
   
special_use = \Junk
   
   
}
   
   
mailbox Trash {
   
   
auto = subscribe
   
   
special_use = \Trash
   
   
}
   
   
prefix =
   
   
}
   
   
passdb {
   
   
args = /etc/dovecot/dovecot-sql.conf
   
   
driver = sql
   
   
}
   
   
plugin {
   
   
imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve
   
   
imapsieve_mailbox1_causes = COPY
   
   
imapsieve_mailbox1_name = Spam
   
   
imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve
   
   
imapsieve_mailbox2_causes = COPY
   
   
imapsieve_mailbox2_from = Junk
   
   
imapsieve_mailbox2_name = *
   
   
quota = dict:User quota::proxy::quotadict
   
   
quota_rule2 = Trash:storage=+10%%
   
   
quota_warning = storage=95%% quota-warning 95 %u
   
   
quota_warning2 = storage=80%% quota-warning 80 %u
   
   
quota_warning3 = -storage=100%% quota-warning below 100 %u

Re: Authentication/Penalty disabled (socket mode=0) introduces constant 5 sec delays (2.27 on debian 9)

2019-01-20 Thread Stephan Bosch





Op 08/01/2019 om 11:05 schreef Ludovic Pouzenc:


Hi,

I can confirm that in the bad behavior, the 5 second delay occurs at 
each AUTH in our case. I think the configuration we have kill auth 
process at each end of AUTH (and fork a new one for next next AUTH). I 
think the "disable" flag is local to the process that is killed / 
respawned.




Can you explain this further? The auth process is supposed to be a 
long-running process. It is not killed after the first client and I 
don't see anything in your config that would do that.






A collegue of mine, Laurent Guerby, has found a workaround for us and 
it's findings seems very valuable for this ticket.


We now know how to not having the troubles in our setup : by manual 
removing the auth-penalty socket with "rm" (or by rebooting the whole 
VM because the socket is in a tmpfs). The rm is needed only one time.


I think now a clean reproducer of the problem is :

(I go through a fairly similar one but not this exact one)

  * take a vanilla Debian 9 (probably not limited this particular
version/distro)
  * make sure use have non-root local unix user account (adduser
testimap for instance)
  * apt install dovecot-imapd
  * keep default config (it may need TLS certificate addition, default
config make uses of auth-penalty and system auth, don't touch that
now)
  * let it start at least one time (should be already started after
install)
  * try at least 1 auth via IMAP (against a local unix user account
  * verify that auth-penalty socket exists
  * check with lsof if some process have opened it
  o Should see 1 dovecot process
  * change dovecot config to not use penalty
  o service anvil {    unix_listener anvil-auth-penalty { mode =
00    } }
  * restart dovecot
  * check if the auth-penalty socket exists
  o For me it persists and it seems now to be the root problem
  * (here you can do anything like dovecot stop / start, dovecot will
never remove the auth-penalty socket by itself)
  * check with lsof if some process have opened it
  o No process
  * try at least 2 auth (against a a local unix user account) via IMAP
  o You should have 5 second penalty twice

The socket open retries loop happens if the socket exists but noone 
"listen" on it.
The socket open retries loop don't happen if the socket does not 
exists at all.


(I think there is 1 try, the system returns non existing error, this 
bails out)


Regards,
Ludovic

On 06/01/2019 20:04, Stephan Bosch wrote:


Op 20/12/2018 om 18:09 schreef Ludovic Pouzenc:

Hi,

I hit a bizare problem with dovecot 2.2.7 on debian 9 with LMTP 
enabled and auth/penalty disabled as documented here :

https://wiki.dovecot.org/Authentication/Penalty

Use case : I run a swaks command to send an email to an exim4 that 
tries to make a callout to dovecot-lmtp.
At RCPT TO: swaks hangs 5.0 seconds then process 
normally (exim is waiting for callout completion).


with strace, I see 5 second delay with many tries to socket connection.


The sources confirm this behavior, but only for the first connection 
attempt (i.e. the first 5 seconds of reconnections), which happens at 
auth startup (which then takes 5 seconds longer). After that, it will 
mark auth-penalty as disabled and it will not try connecting to it 
again. Is that what you're referring to?



Regards,

Stephan.






(PID 9652 was an auth process freshly forked)

[pid  9652] socket(AF_UNIX, SOCK_STREAM, 0) = 14
[pid  9652] fcntl(14, F_GETFL)  = 0x2 (flags O_RDWR)
[pid  9652] fcntl(14, F_SETFL, O_RDWR|O_NONBLOCK) = 0
[pid  9652] connect(14, {sa_family=AF_UNIX, 
sun_path="anvil-auth-penalty"}, 110) = -1 ECONNREFUSED (Connection 
refused)

[pid  9652] close(14)   = 0
[pid  9652] nanosleep({tv_sec=0, tv_nsec=2000}, NULL) = 0
[pid  9652] socket(AF_UNIX, SOCK_STREAM, 0) = 14
[pid  9652] fcntl(14, F_GETFL)  = 0x2 (flags O_RDWR)
[pid  9652] fcntl(14, F_SETFL, O_RDWR|O_NONBLOCK) = 0
[pid  9652] connect(14, {sa_family=AF_UNIX, 
sun_path="anvil-auth-penalty"}, 110) = -1 ECONNREFUSED (Connection 
refused)

[pid  9652] close(14)   = 0
[pid  9652] nanosleep({tv_sec=0, tv_nsec=5000}, NULL) = 0
[pid  9652] socket(AF_UNIX, SOCK_STREAM, 0) = 14
[pid  9652] fcntl(14, F_GETFL)  = 0x2 (flags O_RDWR)
[pid  9652] fcntl(14, F_SETFL, O_RDWR|O_NONBLOCK) = 0
[pid  9652] connect(14, {sa_family=AF_UNIX, 
sun_path="anvil-auth-penalty"}, 110) = -1 ECONNREFUSED (Connection 
refused)

[pid  9652] close(14)   = 0
[pid  9652] nanosleep({tv_sec=0, tv_nsec=9000}, NULL) = 0


with ddd I get to:
src/lib-master/anvil-client.c: int anvil_client_connect(struct 
anvil_client *client, bool retry) {

//[...]
fd = retry ? net_connect_unix_with_retries(client->path, 5000) : 
net_connect_unix(client->path);

//[...]

and retry is forced to TRUE by the caller and 
net_connect_unix_with_retries retries in case of ECONNREFUSED.



How I get into it :

ssh -X

Re: auth-worker service failed since recent MariaDB upgrade

2019-01-20 Thread Bogomil Vasilev via dovecot


Hello,

I rebuilt mariadb and dovecot with debug symbols.
The backtrace is this:

Program terminated with signal SIGABRT, Aborted.
#0  0x7fb040e0cd7f in raise () from /usr/lib/libc.so.6
(gdb) bt full
#0  0x7fb040e0cd7f in raise () from /usr/lib/libc.so.6
No symbol table info available.
#1  0x7fb040df7672 in abort () from /usr/lib/libc.so.6
No symbol table info available.
#2  0x7fb040e4f878 in __libc_message () from /usr/lib/libc.so.6
No symbol table info available.
#3  0x7fb040e5618a in malloc_printerr () from /usr/lib/libc.so.6
No symbol table info available.
#4  0x7fb040e57b27 in _int_free () from /usr/lib/libc.so.6
No symbol table info available.
#5  0x7fb04114db89 in mysql_close (mysql=0x5592728448e0) at 
/usr/src/debug/mariadb-10.3.12/libmariadb/libmariadb/mariadb_lib.c:1940

p = 
#6  mysql_close (mysql=0x5592728448e0) at 
/usr/src/debug/mariadb-10.3.12/libmariadb/libmariadb/mariadb_lib.c:1913

p = 
#7  0x5592724e2dac in driver_sqlpool_disconnect (_db=0x559272843be0) 
at driver-sqlpool.c:590

conn__foreach_end = 0x559272844090
db = 0x559272843be0
conn = 0x559272844080
#8  0x5592724d78fc in db_sql_unref (_conn=0x55927283b5e8) at 
db-sql.c:128

conn = 0x559272843818
#9  0x5592724cf89c in userdb_deinit (userdb=0x55927283b5c0) at 
userdb.c:191

idx = 0
__func__ = "userdb_deinit"
#10 0x5592724afbb9 in auth_deinit (auth=0x55927283b320) at 
auth.c:335

passdb = 
userdb = 0x55927283b4e0
passdb = 
userdb = 
#11 auths_deinit () at auth.c:433
auth__foreach_end = 0x559272842e18
auth = 0x559272842e10
#12 0x5592724ae664 in main_deinit () at main.c:271
l = 
l = 
l_end = 
#13 main (argc=, argv=) at main.c:398
c = 
(gdb)


My `dovecot -n` output is this:

 0 « root » /home/smirky/stuff/ABS/dovecot # dovecot -n
# 2.3.4 (0ecbaf23d): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 (60b0f48d)
# OS: Linux 5.0.0-rc2-mainline x86_64 Arch Linux
# Hostname: archy
dict {
  quotadict = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
mail_home = /home/vmail/%d/%u
mail_location = maildir:~
mail_plugins = quota
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date i
ndex ihave duplicate mime foreverypart extracttext imapsieve 
vnd.dovecot.imapsieve

namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
auto = create
special_use = \Drafts
  }
  mailbox Sent {
auto = subscribe
special_use = \Sent
  }
  mailbox "Sent Messages" {
auto = no
special_use = \Sent
  }
  mailbox Spam {
auto = subscribe
special_use = \Junk
  }
  mailbox Trash {
auto = subscribe
special_use = \Trash
  }
  prefix =
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
plugin {
  imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve
  imapsieve_mailbox1_causes = COPY
  imapsieve_mailbox1_name = Spam
  imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve
  imapsieve_mailbox2_causes = COPY
  imapsieve_mailbox2_from = Junk
  imapsieve_mailbox2_name = *
  quota = dict:User quota::proxy::quotadict
  quota_rule2 = Trash:storage=+10%%
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=80%% quota-warning 80 %u
  quota_warning3 = -storage=100%% quota-warning below 100 %u
  sieve_before = /etc/dovecot/sieve/filter.sieve
  sieve_global_extensions = +vnd.dovecot.pipe
  sieve_pipe_bin_dir = /etc/dovecot/sieve
  sieve_plugins = sieve_imapsieve sieve_extprograms
}
protocols = imap pop3 sieve
service auth-worker {
  unix_listener auth-worker {
group = vmail
mode = 0666
user = vmail
  }
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
  }
  user = root
}
service dict {
  unix_listener dict {
group = vmail
mode = 0660
user = vmail
  }
  user = root
}
service imap-login {
  inet_listener imap {
address = 127.0.0.1
  }
}
service managesieve-login {
  inet_listener sieve {
port = 4190
  }
}
service pop3-login {
  inet_listener pop3 {
address = 127.0.0.1
  }
}
service quota-warning {
  executable = script /usr/local/bin/quota-warning.sh
  unix_listener quota-warning {
group = vmail
mode = 0660
user = vmail
  }
  user = vmail
}
service stats {
  unix_listener stats-reader {
group = vmail
mode = 0660
user = vmail
  }
  unix_listener stats-writer {
group = vmail
mode = 0660
user = vmail
  }
}
ssl_cert = 
Op 20/01/2019 om 10:50 schreef Bogomil Vasilev via dovecot:


Hello,

I have started having issues with auth-worker. Dovecot version:

0 « root » ~ # dovecot --version
2.3.4 (0ecbaf23d)
0 « root » ~ # pacman -Q dovecot
dovecot 2.3.4-2

Re: auth core dump

2019-01-20 Thread Stephan Bosch





Op 10/01/2019 om 14:43 schreef Mamontov Roman:

auth core dump Hello.

After upgrade from FreeBSD 11 to FreeBSD 12 and Dovecot 2.2 to Dovecot 
2.3 hanged auth when user connected to imap:


Jan 10 15:53:46 master: Info: Dovecot v2.3.4 (0ecbaf23d) starting up 
for imap, pop3
Jan 10 15:54:09 auth-worker: Fatal: master: service(auth-worker): 
child 56308 killed with signal 11 (core dumped)
Jan 10 15:54:09 master: Error: service(auth-worker): command startup 
failed, throttling for 2 secs
Jan 10 15:54:09 auth: Error: auth worker: Aborted PASSV request for 
ro...@host.ru: Worker process died unexpectedly
Jan 10 15:54:11 imap-login: Info: Disconnected (auth service reported 
temporary failure): user=, method=PLAIN, 
rip=xxx.xxx.xxx.xxx, lip=yyy.yyy.yyy.yyy, TLS: Connection closed, 
session=



[...]
Why this can be? 


Thanks for reporting this. We're looking into it.

Tracking internally as DOP-867.

Regards,

Stephan.

Re: panic when using dovecot master account

2019-01-20 Thread André Rodier via dovecot


On 2019-01-20 12:38, Stephan Bosch wrote:

Op 12/01/2019 om 20:31 schreef André Rodier via dovecot:

On Sat, 2019-01-12 at 19:11 +, André Rodier via dovecot wrote:

Happy new year, everyone!
Aki, I have been able to reproduce the problem, and this time, with 
the
packages from Debian stable. So you were right, this had nothing to 
do

with master user, but virtual folders.

I found what caused the crash:

the line "auto = subscribe" for the virtual folders.
Dovecot does not crash when I comment this line.


Tracking internally as DOP-866.

Regards,

Stephan.


Thanks, I am happy to have been useful.

Kind regards,
André

Re: IMAP copy stopped copying flags

2019-01-20 Thread Stephan Bosch





Op 11/01/2019 om 12:42 schreef Stephan Bosch:


Op 11-1-2019 om 10:53 schreef Marc Weustink:

Hi all,

Andrzej A. Filip wrote:

Timo Sirainen  wrote:
On 9 Jul 2018, at 16.49, Andrzej A. Filip  
wrote:


Is it intended behavior?


No.


It seems to be caused by upgrade to 1:2.3.2-2 on Debian/Testing.


What was the old version? What's your doveconf -n? How are you testing
that it's not working?


It seems that the problem occurred after Debian/Testing dovecot's 
upgrade

from 1:2.2.36-1 to 1:2.3.2-2.  I have fixed the problem by downgrading
dovecot to version provided by Debian/Stable (1:2.2.27-3+deb9u2).

I use dovecot in "server less" mode (IMAP via stdin+stdout) with 
maildir.


mail_location = maildir:~/Maildir:LAYOUT=fs




Same issue here on 2.3.4 (0ecbaf23d) as server.

When a message is moved, either through Thunderbird or doveadm move, 
the flags are lost.


Any update on this ?


We're working on it. We have reproduced the problem without difficulty 
and isolated the commit that caused it.


Tracking internally as DOP-842.

Regards,

Stephan.

Re: panic when using dovecot master account

2019-01-20 Thread Stephan Bosch


Op 12/01/2019 om 20:31 schreef André Rodier via dovecot:

On Sat, 2019-01-12 at 19:11 +, André Rodier via dovecot wrote:

Happy new year, everyone!
Aki, I have been able to reproduce the problem, and this time, with the
packages from Debian stable. So you were right, this had nothing to do
with master user, but virtual folders.

I found what caused the crash:

the line "auto = subscribe" for the virtual folders.
Dovecot does not crash when I comment this line.


Tracking internally as DOP-866.

Regards,

Stephan.

Re: Error: User b...@aaa.bbb doesn't have home dir set, disabling duplicate database

2019-01-20 Thread Stephan Bosch





Op 14/01/2019 om 15:20 schreef subscription1:
Have enabled debug as suggested, but don't really know what I'm 
looking for or what the 'correct' output should be.




Clearly your userdb doesn't return a home directory, but that should be 
no problem when mail_home is configured. But, are you really sure it is? 
Can you provide me with the output from `dovecot -n`?


Regards,

Stephan.



Jan 14 15:06:03 master: Info: Dovecot v2.2.33.2 (d6601f4ec) starting 
up for imap, lmtp, sieve (core dumps disabled)
Jan 14 15:07:09 auth: Debug: Loading modules from directory: 
/usr/lib/dovecot/modules/auth
Jan 14 15:07:09 auth: Debug: Module loaded: 
/usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so
Jan 14 15:07:09 auth: Debug: Module loaded: 
/usr/lib/dovecot/modules/auth/libdriver_mysql.so
Jan 14 15:07:09 auth: Debug: Read auth token secret from 
/var/run/dovecot/auth-token-secret.dat

Jan 14 15:07:09 auth: Debug: auth client connected (pid=5343)
Jan 14 15:07:10 auth: Debug: client in: AUTH    1    PLAIN 
service=imap    secured    session=MpKNj2t/V7XV4SEm 
lip=173.212.231.229    rip=213.225.33.38    lport=993 rport=46423    
local_name=imap.mydomain.com

Jan 14 15:07:10 auth: Debug: client passdb out: CONT    1
Jan 14 15:07:10 auth: Debug: client in: CONT
Jan 14 15:07:10 auth-worker(5346): Debug: Loading modules from 
directory: /usr/lib/dovecot/modules/auth
Jan 14 15:07:10 auth-worker(5346): Debug: Module loaded: 
/usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so
Jan 14 15:07:10 auth-worker(5346): Debug: Module loaded: 
/usr/lib/dovecot/modules/auth/libdriver_mysql.so
Jan 14 15:07:10 auth-worker(5346): Debug: 
sql(mailus...@mydomain.com,213.225.33.38,): query: 
SELECT username AS user, domain, password FROM accounts WHERE username 
= 'mailuser1' AND domain = 'mydomain.com' and enabled = true;
Jan 14 15:07:10 auth-worker(5346): Debug: 
sql(mailus...@mydomain.com,213.225.33.38,): username 
changed mailus...@mydomain.com -> mailuser1
Jan 14 15:07:10 auth-worker(5346): Debug: 
sql(mailuser1,213.225.33.38,): username changed 
mailuser1 -> mailus...@mydomain.com
Jan 14 15:07:10 auth: Debug: 
sql(mailus...@mydomain.com,213.225.33.38,): username 
changed mailus...@mydomain.com -> mailuser1
Jan 14 15:07:10 auth: Debug: 
sql(mailuser1,213.225.33.38,): username changed 
mailuser1 -> mailus...@mydomain.com
Jan 14 15:07:10 auth: Debug: client passdb out: OK    1 
user=mailus...@mydomain.com
Jan 14 15:07:10 auth: Debug: master in: REQUEST    1124466689 5343    
1    f6508d0565d31959337b995fee8c8fc0 session_pid=5347 request_auth_token
Jan 14 15:07:10 auth-worker(5346): Debug: 
passwd(mailus...@mydomain.com,213.225.33.38,): lookup
Jan 14 15:07:10 auth-worker(5346): Info: 
passwd(mailus...@mydomain.com,213.225.33.38,): 
unknown user
Jan 14 15:07:10 auth-worker(5346): Debug: 
sql(mailus...@mydomain.com,213.225.33.38,): SELECT 
concat('*:storage=', quota, 'M') AS quota_rule FROM accounts WHERE 
username = 'mailuser1' AND domain = 'mydomain.com' AND sendonly = false;
Jan 14 15:07:10 auth: Debug: master userdb out: USER 1124466689 
mailus...@mydomain.com quota_rule=*:storage=2048M 
auth_token=c0af49e6da382961494c74d54add28b3a077f23c
Jan 14 15:07:10 imap-login: Info: Login: 
user=, method=PLAIN, rip=213.225.33.38, 
lip=173.212.231.229, mpid=5347, TLS, session=
Jan 14 15:07:10 imap(mailus...@mydomain.com): Debug: Loading modules 
from directory: /usr/lib/dovecot/modules
Jan 14 15:07:10 imap(mailus...@mydomain.com): Debug: Module loaded: 
/usr/lib/dovecot/modules/lib10_quota_plugin.so
Jan 14 15:07:10 imap(mailus...@mydomain.com): Debug: Module loaded: 
/usr/lib/dovecot/modules/lib11_imap_quota_plugin.so
Jan 14 15:07:10 imap(mailus...@mydomain.com): Debug: Module loaded: 
/usr/lib/dovecot/modules/lib15_notify_plugin.so
Jan 14 15:07:10 imap(mailus...@mydomain.com): Debug: Module loaded: 
/usr/lib/dovecot/modules/lib20_replication_plugin.so
Jan 14 15:07:10 imap(mailus...@mydomain.com): Debug: Module loaded: 
/usr/lib/dovecot/modules/lib95_imap_sieve_plugin.so
Jan 14 15:07:10 imap(mailus...@mydomain.com): Debug: Added userdb 
setting: plugin/quota_rule=*:storage=2048M
Jan 14 15:07:10 imap(mailus...@mydomain.com): Debug: Effective 
uid=1001, gid=1001, home=
Jan 14 15:07:10 imap(mailus...@mydomain.com): Debug: quota: No quota 
setting - plugin disabled
Jan 14 15:07:10 imap(mailus...@mydomain.com): Debug: replication: No 
mail_replica setting - replication disabled
Jan 14 15:07:10 imap(mailus...@mydomain.com): Debug: Namespace inbox: 
type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, 
subscriptions=yes 
location=maildir:/home/vmail/mailboxes/mydomain.com/mailuser1Jan 14 
15:07:10 imap(mailus...@mydomain.com): Debug: maildir++: 
root=/home/vmail/mailboxes/mydomain.com/mailuser1, index=, indexpvt=, 
control=, inbox=/home/vmail/mailboxes/mydomain.com/mailuser1, alt=
Jan 14 15:07:10 imap(mailus...@mydomain.com): Debug: Sent: Mailbox 
opened because: append
Jan 14 15:07:10 imap(mailus...@mydomain.com): Debug:

Moving messages on test server, dovecot.index.log was locked for x seconds on cephfs

2019-01-20 Thread Marc Roos




I am getting on a test environment were no users are logging in a 
dovecot.index.log was locked when moving messages with doveadm move -u 
testuser Archive/2012 mailbox INBOX/inbox  BEFORE 2013-01-01.

doveadm(testuser): Warning: Transaction log file 
/var/dovecot/testuser/index/.INBOX.inbox/dovecot.index.log was locked 
for 215 seconds (rotating while syncing)

I have read about how this can be related to default locking fcntl and 
nfs, anyone having this solved with cephfs?
https://www.dovecot.org/list/dovecot/2009-January/036194.html

Re: Dovecot 2.3 no longer accepts ssl_key_password

2019-01-20 Thread Stephan Bosch





Op 15/01/2019 om 08:08 schreef Aki Tuomi:

On 10.1.2019 6.53, Chris Kiakas wrote:

Hit a little problem when I upgraded a system from FreeBSD 10.3 to 11.2. I did 
not receive any errors in the upgrade. The system is running 4 jails and 
everything seems to work except in Dovecot dovecot-2.3.4_5 where when using the 
exact same configuration which worked in 10.3 with the same password protected 
certificate key. (doveconf -n -P shows the correct password.)


ssl_ca = 
Thanks for reporting this, we'll look into it.


Tracking internally as DOP-851.

Regards,

Stephan.

Re: auth-worker: Error: double free or corruption (fasttop)

2019-01-20 Thread Stephan Bosch





Op 16/01/2019 om 12:35 schreef Marcel Lorenz:

Dear list,

since the distri upgrade to glibc 2.28, i can't build working dovecot 
binary's.

Older with glibc 2.27 are working. The distri is LFS based.
MariaDB 10.2.18 and 10.3.11 makes no difference. Having this on 
different systems.


Messages Log:
Dec 19 17:10:38 test kernel: traps: auth[30189] general protection 
ip:7f4b96d6598c sp:7ffef1f31710 error:0 in 
libmariadb.so.3[7f4b96d4e000+67000]
Dec 19 17:11:39 test kernel: auth[30299]: segfault at 560c57366c40 ip 
560c57366c40 sp 7fffe5b51f18 error 15
Dec 19 17:12:39 test kernel: traps: auth[30346] general protection 
ip:7f55601f298c sp:7ffe597929c0 error:0 in 
libmariadb.so.3[7f55601db000+67000]
Dec 19 17:13:39 test kernel: traps: auth[30392] general protection 
ip:7fcd2317298c sp:7ffecd6f4cb0 error:0 in 
libmariadb.so.3[7fcd2315b000+67000]


Dovecot log:
2018-12-19 17:07:37 auth-worker: Fatal: master: service(auth-worker): 
child 30053 killed with signal 11 (core dumped)
2018-12-19 17:09:38 auth-worker: Error: double free or corruption 
(fasttop)
2018-12-19 17:09:38 auth-worker: Fatal: master: service(auth-worker): 
child 30098 killed with signal 6 (core dumped)
2018-12-19 17:10:38 auth-worker: Fatal: master: service(auth-worker): 
child 30189 killed with signal 11 (core dumped)


It says "core dumped". Can you obtain a gdb backtrace from those? 
https://www.dovecot.org/bugreport.html


Regards,

Stephan.


Output of dovecot -n:

# 2.3.4 (0ecbaf23d): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 (60b0f48d)
# OS: Linux 4.14.80 x86_64
# Hostname: test.testing.local
auth_mechanisms = plain login
auth_username_chars = 
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@+*#"

base_dir = /var/run/dovecot/
debug_log_path = /var/log/dovecot/debug.log
dict {
  expire = mysql:/etc/dovecot/dovecot-dict-sql-expire.conf
  sqldomainquota = mysql:/etc/dovecot/dovecot-dict-sql-domain.conf
  sqluserquota = mysql:/etc/dovecot/dovecot-dict-sql-user.conf
}
info_log_path = /var/log/dovecot/info.log
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
listen = *
log_path = /var/log/dovecot/main.log
log_timestamp = "%Y-%m-%d %H:%M:%S "
login_greeting = dovecot ready
login_log_format = %s
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e 
%c %k

mail_location = mdbox:/var/vmail/%d/%n/
mail_max_userip_connections = 4
mail_plugins = " zlib quota expire acl fts fts_lucene"
mailbox_idle_check_interval = 1 mins
maildir_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date index ihave duplicate mime foreverypart 
extracttext

namespace {
  list = children
  location = maildir:/var/vmail/%d/public:INDEXPVT=/var/vmail/%d/public
  prefix = Public.
  separator = .
  subscriptions = no
  type = public
}
namespace {
  list = children
  location = 
maildir:/var/vmail/%d/%%u:CONTROL=/var/vmail/%d/shared/%%u:INDEX=/var/vmail/$

  prefix = shared.%%n.
  separator = .
  subscriptions = yes
  type = shared
}
namespace inbox {
  inbox = yes
  location =
  mailbox Archive {
    auto = subscribe
    special_use = \Archive
  }
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Junk {
    auto = subscribe
    special_use = \Junk
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
  prefix =
  separator = .
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
plugin {
  acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes
  al = vfile
  expire = Trash
  expire2 = Trash/*
  expire3 = Spam
  expire_cache = yes
  expire_dict = proxy::expire
  fts = lucene
  fts_lucene = whitespace_chars=@.-+_*:/\"'
  last_login_key = # hidden, use -P to show it
  quota = dict:User Quota::proxy::sqluserquota
  quota_exceeded_message = Quota exceeded
  quota_grace = 10%%
  quota_rule2 = Trash:storage=+15%%
  quota_rule3 = Spam:ignore
  quota_status_nouser = DUNNO
  quota_status_overquota = 552 5.2.2 Mailbox is over quota / Postfach 
ist voll

  quota_status_success = DUNNO
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=80%% quota-warning 80 %u
  sieve = /var/vmail/%d/%n/sieve/active-script.sieve
  sieve_before = /var/vmail/sieve/spam-global.sieve
  sieve_dir = /var/vmail/%d/%n/sieve/scripts/
  sieve_global = /var/lib/dovecot/sieve/global/
  sieve_max_actions = 32
  sieve_max_redirects = 4
  sieve_max_script_size = 1M
  trash = /etc/dovecot/dovecot-trash.conf
  zlib_save = gz
  zlib_save_level = 6
}
postmaster_address = postmaster@testing.local
protocols = imap pop3 lmtp sieve
service auth-worker {
  user = doveauth
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user =

Re: Feature request SCRAM-SHA-256

2019-01-20 Thread Stephan Bosch





Op 07/01/2019 om 20:31 schreef Stephan Bosch:


Op 16/12/2018 om 10:06 schreef Tributh via dovecot:


Am 16.12.18 um 09:42 schrieb Aki Tuomi:
On 16 December 2018 at 10:27 Tributh via dovecot 
 wrote:



Hi,
is that here the right place to make feature requests?

dovecot supports as authentication mechanism
SCRAM-SHA-1 from RFC 5802
which was updated to
SCRAM-SHA-256 in RFC 7677

Can SCRAM-SHA-256 be added to the authentication mechanisms?

I would not like to request, that SCRAM-SHA-1 will be exchanged by
SCRAM-SHA-256, since several applications only support SCRAM-SHA-1

Regards

Torsten

Hi!

Adding this is possible, it can even be done as a separate plugin. 
But I have to ask, why? Do you actually have clients that support this?


Aki


Hi Aki,
let me first answer the second question.
Sadly I have no client which supports it, yet.
Here we have a chicken or the egg causality dilemma.
There was some communication with mail-client developers which stated
that they would start developing it, when they have a publicly usable
server to test against.
Now I hope that the most common IMAP server could be the one, which
gives this possibility.
Sadly, most communication is not publicly available.

In the past CRAM-MD5 was very popular. When the insecurity came out,
everything just shifted to TLS, but that prevented not from sending a
plain password now. If a malicious actor is able to change DNS/TLS
endpoints, he will receive the plain passwords immediately.
I am not the expert in explaining how such an actor could do this. I
just wanted to have possibilities for everybody to prevent this possible
exposure of a plain password, which could than easily used abusively.

I just hope for better security in the future.



I looked a this a bit and since it is basically only a matter of 
replacing the hash algorithm, I created a quick implementation (after 
some refactoring): 
https://github.com/stephanbosch/dovecot-core/commits/auth-scram-sha-256


However, since there is no client that actually supports this, I 
cannot test this myself. I've briefly tested that the old SHA-1 still 
works (using mpop) and that the server properly announces the new 
mechanism when enabled, but that is it. It is based on the master 
branch. Configuration is identical to SCRAM-SHA-1, apart from the 
mechanism (and password scheme) name of course.


Don't expect this to be released or even merged to the master branch 
any time soon: this is likely currently very low on our priority list. 
But, at least you can run your own server with SCRAM-SHA-256 support 
(and so can client developers).  Maybe if this gets endorsed and 
supported by clients and gets some testing in the field, we can speed 
it along a bit, but that is not something I can promise.


So, I hatched a chick for you. I hope you can make it lay a few eggs 
in the future...


Tracked internally as DOP-840.

Regards,

Stephan.

Re: IMAP preauth and stats-writer

2019-01-20 Thread Stephan Bosch





Op 06/01/2019 om 18:12 schreef John Fawcett:

On 06/01/2019 11:37, Stephan Bosch wrote:

Op 06/01/2019 om 03:35 schreef John Fawcett:

On 06/01/2019 02:26, John Fawcett wrote:


Can't see anything in the Dovecot 2.3.4 code that would give this
problem, setting

stats_writer_socket_path =

will overwrite the default value and dovecot does not attempt to
open a socket in that case.

Using your configuration (though not FreeBSD) I don't get the
net_connect_unix error whether I use a blank setting or leave the
default. In the case of leaving the default I do get an additional
process (dovecot/stats). No errors on connecting to the imap service
or by running preauth (with the dovecot daemon already running).

The net_connect_unix() error with a zero length socket name is
inexplicable to me, unless it's got a non printing character in it
or there is something different happening on FreeBSD.

One suggestion is to run with the default setting, but look at
resolving the permission problem for the default socket creation at
/var/run/dovecot/stats-writer rather than working round it.

John


Just following up, I don't get the error when I run preauth as root with
-u parameter. I do get something similar when I run as the user (this
wil the socket path set to blank)

Centos 7:

Error: net_connect_unix() failed: Connection refused

FreeBSD 11.2:

Error: net_connect_unix() failed: No such file or directory

So it's close. If I get time I'll see if I can track it down.

Does this fix it?

diff --git a/src/lib-master/master-service.c
b/src/lib-master/master-service.c
index 3de11fa1b..3c60a7a39 100644
--- a/src/lib-master/master-service.c
+++ b/src/lib-master/master-service.c
@@ -341,7 +341,7 @@ master_service_init(const char *name, enum
master_service_flags flags,
     if ((flags & MASTER_SERVICE_FLAG_DONT_SEND_STATS) == 0) {
     /* Initialize stats-client early so it can see all
events. */
     value = getenv(DOVECOT_STATS_WRITER_SOCKET_PATH);
-   if (value != NULL)
+   if (value != NULL && *value != '\0')
     service->stats_client =
stats_client_init(value, FALSE);
     }


Regards,

Stephan.


Hi Stephan

that fixes the issue that I reproduced. For the OP he will probably need
to wait for this to be picked up for FreeBSD ports.

This code seems safer than the original but it is still a mystery as to
why DOVECOT_STATS_WRITER_SOCKET_PATH is being put into the environment
as an empty string (changed behaviour reported by OP compared to 2.3.2.1_1).

The function that is doing the env_put call with the empty string is
config_request_putenv from src/config/doveconf.c.


Tracked internally as DOP-838.

Regards,

Stephan.

Re: sieve issue after upgrad

2019-01-20 Thread Stephan Bosch





Op 20/01/2019 om 00:21 schreef Tim Dickson via dovecot:

On 19/01/2019 17:54, Stephan Bosch wrote:

relevant info from /var/log/dovecot.log (domain changed for privacy)


Jan 19 09:27:09 lda(tim): Debug: Loading modules from directory: 
/usr/lib64/dovecot
Jan 19 09:27:09 lda(tim): Debug: Module loaded: 
/usr/lib64/dovecot/lib90_sieve_plugin.so
Jan 19 09:27:09 lda(tim): Debug: auth USER input: tim 
system_groups_user=tim uid=1003 gid=100 home=/home/tim
Jan 19 09:27:09 lda(tim): Debug: Effective uid=1003, gid=100, 
home=/home/tim
Jan 19 09:27:09 lda(tim): Debug: maildir++: 
root=/var/spool/dovecot/tim, index=, indexpvt=, control=, 
inbox=/var/spool/dovecot/tim, alt=
Jan 19 09:27:09 lda(tim): Debug: none: root=, index=, indexpvt=, 
control=, inbox=, alt=
Jan 19 09:27:09 lda(tim): Debug: Destination address: 
 (source: user@hostname)
Jan 19 09:27:09 lda(tim): Debug: sieve: Pigeonhole version 0.5.1 
(d9bc6dfe) initializing
Jan 19 09:27:09 lda(tim): Debug: sieve: include: sieve_global is not 
set; it is currently not possible to include `:global' scripts.
Jan 19 09:27:09 lda(tim): Debug: sieve: file storage: Using active 
Sieve script path: /home/tim/.dovecot.sieve
Jan 19 09:27:09 lda(tim): Debug: sieve: file storage: Using script 
storage path: /home/tim/sieve
Jan 19 09:27:09 lda(tim): Debug: sieve: file storage: Relative path 
to sieve storage in active link: sieve/
Jan 19 09:27:09 lda(tim): Debug: sieve: file storage: Using Sieve 
script path: /home/tim/.dovecot.sieve
Jan 19 09:27:09 lda(tim): Debug: sieve: file script: Opened script 
`test' from `/home/tim/.dovecot.sieve'
Jan 19 09:27:09 lda(tim): Debug: sieve: Using the following location 
for user's Sieve script: /home/tim/.dovecot.sieve


Here, all Sieve involvement abruptly seems to stop, which is very 
very weird.


I'd expect this to end in some sort of error message. Is there a 
/var/log/dovecot.error or something like that? You can verify where 
things are logged using `sudo doveadm log find`.




output of doveadm log find
Looking for log files from /var/log
Debug: /var/log/dovecot.log
Info: /var/log/dovecot.info
Warning: /var/log/maillog
Error: /var/log/maillog
Fatal: /var/log/maillog

I have listed below the section of /var/log/maillog which appears to 
be relevant . (domain changed for privacy)


Jan 18 23:13:46 mail dovecot: lda(tim): Error: sieve: Failed to 
initialize script execution: Invalid postmaster_address: invalid 
address `postmaster@' specified for the postmaster_address setting
Jan 18 23:13:46 mail sm-mta[866]: x0INDhct000865: 
to=, ctladdr= (1002/100), 
delay=00:00:00, xdelay=00:00:00, mailer=local, pri=33291, dsn=2.0.0, 
stat=Sent
Jan 18 23:21:14 mail dovecot: master: Warning: Killed with signal 15 
(by pid=905 uid=0 code=kill)


There are other mails with the same "invalid address `postmaster@' to 
other users.
Is a postmaster address is required for sieve to work.? if so where 
should it go. is it the sieve_user_email declaration ?

thanks.


Aha! So, you tripped over a 2.3.1 bug. The best way to work around this 
is by setting a proper explicit value for the global postmaster_address 
setting (https://wiki.dovecot.org/LDA). So, Pigeonhole does not define 
this setting; it is defined by Dovecot LDA/LMTP.


Regards,

Stephan.

Re: auth-worker service failed since recent MariaDB upgrade

2019-01-20 Thread Stephan Bosch





Op 20/01/2019 om 10:50 schreef Bogomil Vasilev via dovecot:

Hello,

I have started having issues with auth-worker. Dovecot version:

 0 « root » ~ # dovecot --version
2.3.4 (0ecbaf23d)
 0 « root » ~ # pacman -Q dovecot
dovecot 2.3.4-2

OS: Arch Linux

From /var/log/mail.log:

Jan 20 11:31:29 archy dovecot[23070]: auth-worker: Fatal: master: 
service(auth-worker): child 9885 killed with signal 6 (core not dumped 
- https://dovecot.org/bugreport.html#coredumps - set 
/proc/sys/fs/suid_dum

pable to 2)

From dmesg:

[42113.729398] auth[8134]: segfault at 5579d8e1c8e0 ip 
5579d8e1c8e0 sp 7ffd44ab0df8 error 15
[42113.729406] Code: 00 00 00 00 00 00 00 00 00 00 80 00 00 00 00 00 
00 00 21 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 20 7a af 07 e3 
7f 00 00 <40> f4 b5 07 e3 7f 00 00 31 a0 00 00 00 00 00 00 e0 9f df d8 79

 55

This started happening on January 18th, after I upgraded Dovecot from 
"2.3.4-1" to "2.3.4-2".
The package was rebuilt from our package maintainer due to bumping 
MariaDB from 10.1.x to 10.3.x.

Before that, I did not have any issues at all.
However, I don't see any impact from this error too, at least not for 
now.
I made a coredump as the error suggests and I'm pasting it here, as 
per the bugreport rules:


 0 « root » ~ # gdb /usr/lib/dovecot/auth /home/smirky/dovecot.dump
GNU gdb (GDB) 8.2.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 


This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
    .

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/lib/dovecot/auth...(no debugging symbols 
found)...done.

[New LWP 9549]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Core was generated by `dovecot/auth -w'.
Program terminated with signal SIGABRT, Aborted.
#0  0x7fe1bb8ead7f in raise () from /usr/lib/libc.so.6
(gdb) bt full
#0  0x7fe1bb8ead7f in raise () from /usr/lib/libc.so.6
No symbol table info available.
#1  0x7fe1bb8d5672 in abort () from /usr/lib/libc.so.6
No symbol table info available.
#2  0x7fe1bb92d878 in __libc_message () from /usr/lib/libc.so.6
No symbol table info available.
#3  0x7fe1bb93418a in malloc_printerr () from /usr/lib/libc.so.6
No symbol table info available.
#4  0x7fe1bb935b27 in _int_free () from /usr/lib/libc.so.6
No symbol table info available.
#5  0x7fe1bbc2bb89 in mysql_close () from /usr/lib/libmariadb.so.3
No symbol table info available.
#6  0x563481946dac in ?? ()
No symbol table info available.
#7  0x56348193b8fc in db_sql_unref ()
No symbol table info available.
#8  0x56348193389c in userdb_deinit ()
No symbol table info available.
#9  0x563481913bb9 in auths_deinit ()
No symbol table info available.
#10 0x563481912664 in main ()
No symbol table info available.
(gdb)

The way I see it, indeed it is highly-likely to be related to the 
MariaDB version bump,
but I cannot be entirely sure if it's not a bug in Dovecot, discovered 
by this bump.

Please let me know if you need any other info, related to my setup.


It is very hard to be sure. Dovecot could be using the MariaDB API wrong 
(e.g., calling mysql_close() more than once) causing it to call abort().


You should install debug symbols for Dovecot and perhaps also MariaDB to 
obtain a useful gdb backtrace. Now, it has no symbol table for any of 
the function calls.


In most cases is useful to also provide your configuration (output from 
`dovecot -n`).


Regards,

Stephan.

Re: SCRAM-SHA-256 and SCRAM-SHA-512 supports

2019-01-20 Thread Stephan Bosch





Op 20/01/2019 om 00:45 schreef - Neustradamus -:

Hello all,

I would like to know if it is possible to add SCRAM-SHA-256 and 
SCRAM-SHA-512 supports?


RFC7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS: Simple Authentication 
and Security Layer (SASL) Mechanisms

https://tools.ietf.org/html/rfc7677

Thanks in advance.


https://www.dovecot.org/pipermail/dovecot/2019-January/114194.html

Any particular application you have in mind?

Regards,

Stephan.

BUG 'doveadm mailbox' list does not honour symlinks to (mbox) mailboxes

2019-01-20 Thread Marc Roos




doveadm mailbox list does not honour symlinks to at least the mbox 
mailboxes I relocated temporarily. You would expect it to behave similar 
to the server and use the symlinks.

dovecot-2.2.36-3.el7.x86_64
CentOS Linux release 7.6.1810 (Core)

auth-worker service failed since recent MariaDB upgrade

2019-01-20 Thread Bogomil Vasilev via dovecot


Hello,

I have started having issues with auth-worker. Dovecot version:

 0 « root » ~ # dovecot --version
2.3.4 (0ecbaf23d)
 0 « root » ~ # pacman -Q dovecot
dovecot 2.3.4-2

OS: Arch Linux

From /var/log/mail.log:

Jan 20 11:31:29 archy dovecot[23070]: auth-worker: Fatal: master: 
service(auth-worker): child 9885 killed with signal 6 (core not dumped - 
https://dovecot.org/bugreport.html#coredumps - set /proc/sys/fs/suid_dum

pable to 2)

From dmesg:

[42113.729398] auth[8134]: segfault at 5579d8e1c8e0 ip 5579d8e1c8e0 
sp 7ffd44ab0df8 error 15
[42113.729406] Code: 00 00 00 00 00 00 00 00 00 00 80 00 00 00 00 00 00 
00 21 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 20 7a af 07 e3 7f 00 
00 <40> f4 b5 07 e3 7f 00 00 31 a0 00 00 00 00 00 00 e0 9f df d8 79

 55

This started happening on January 18th, after I upgraded Dovecot from 
"2.3.4-1" to "2.3.4-2".
The package was rebuilt from our package maintainer due to bumping 
MariaDB from 10.1.x to 10.3.x.

Before that, I did not have any issues at all.
However, I don't see any impact from this error too, at least not for 
now.
I made a coredump as the error suggests and I'm pasting it here, as per 
the bugreport rules:


 0 « root » ~ # gdb /usr/lib/dovecot/auth /home/smirky/dovecot.dump
GNU gdb (GDB) 8.2.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 


This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/lib/dovecot/auth...(no debugging symbols 
found)...done.

[New LWP 9549]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Core was generated by `dovecot/auth -w'.
Program terminated with signal SIGABRT, Aborted.
#0  0x7fe1bb8ead7f in raise () from /usr/lib/libc.so.6
(gdb) bt full
#0  0x7fe1bb8ead7f in raise () from /usr/lib/libc.so.6
No symbol table info available.
#1  0x7fe1bb8d5672 in abort () from /usr/lib/libc.so.6
No symbol table info available.
#2  0x7fe1bb92d878 in __libc_message () from /usr/lib/libc.so.6
No symbol table info available.
#3  0x7fe1bb93418a in malloc_printerr () from /usr/lib/libc.so.6
No symbol table info available.
#4  0x7fe1bb935b27 in _int_free () from /usr/lib/libc.so.6
No symbol table info available.
#5  0x7fe1bbc2bb89 in mysql_close () from /usr/lib/libmariadb.so.3
No symbol table info available.
#6  0x563481946dac in ?? ()
No symbol table info available.
#7  0x56348193b8fc in db_sql_unref ()
No symbol table info available.
#8  0x56348193389c in userdb_deinit ()
No symbol table info available.
#9  0x563481913bb9 in auths_deinit ()
No symbol table info available.
#10 0x563481912664 in main ()
No symbol table info available.
(gdb)

The way I see it, indeed it is highly-likely to be related to the 
MariaDB version bump,
but I cannot be entirely sure if it's not a bug in Dovecot, discovered 
by this bump.

Please let me know if you need any other info, related to my setup.

Best regards,

--
BOGOMIL VASILEV
For contacts, use this e-mail. My GPG key is 646F3ABF6E457336
Website: HTTPS://WWW.SMIRKY.NET/

40 matches

Mail list logo