Re: postfix, dovecot-lda, /run/dovecot/stats-writer socket permision and local user delivery, again

2022-02-21 Thread Aki Tuomi 


> On 21/02/2022 23:24 Michael Tokarev  wrote:
> 
>  
> Hi!
> 
> There are many questions on the 'net about the same theme:
> lda(mjt): Error: net_connect_unix(/run/dovecot/stats-writer) failed: 
> Permission denied
> 
> dovecot-lda is run from postfix as mailbox_command for local users.
> 
> There's even a suggestion on dovecot wiki to make dovecot-lda setgid
> (to mail) - for a different reason but people use this trick to shut
> this error message up.  See eg the last message at
> https://forum.zentyal.org/index.php?topic=35236.0 which points to
> https://wiki2.dovecot.org/LDA/Postfix .
> 
> But the thing is: mail delivery stops right after making dovecot-lda
> setgid, like this:
> 
> Feb 22 00:06:46 tsrv dovecot: lda(mjt)<253650>: \
>   Fatal: setresgid(914(dovecot),914(dovecot),8(mail)) failed with 
> euid=1000(mjt): \
>   Operation not permitted
> 
> why the hell lda tries to setuid to dovecot user?
> It will definitely unable to write to the maildir since it is owned by
> user mjt, not by user dovecot!
> 
> And I *only* made it setgid, not setuid.
> 
> How to use dovecot-lda together with postfix, after all?
> 
> Thanks,
> 
> /mjt

The most simple fix which usually works is

service stats {
  unix_listener stats-writer {
mode = 0666
  }
}

Aki

Different auth logging with cache lookup. (OPEN)

2022-02-21 Thread Eikås Arvid 


dovecot-2.3.5 and centos 7
User and IP are logged in both scenarios.
auth-worker(26145): sql(user,1.1.1.1,): Password mismatch
auth-worker(13380): 
cache(u...@online.no,1.1.1.1): Password mismatch




dovecot-2.3.17 and rhel 8
Feb 03 14:42:53 auth-worker(1676266): Info: conn unix:auth-worker 
(pid=1675846,uid=97): auth-worker<1>: sql(user,127.0.0.1,): Password 
mismatch (given password: )
Feb 03 14:43:48 auth-worker(1676266): Info: conn unix:auth-worker 
(pid=1675846,uid=97): auth-worker<2>: Password mismatch (given password: )

User and IP is not logged in cache lookup.
Is this a design change or a unplanned change?

Any ide when it was changed?

postfix, dovecot-lda, /run/dovecot/stats-writer socket permision and local user delivery, again

2022-02-21 Thread Michael Tokarev 

Hi!

There are many questions on the 'net about the same theme:
lda(mjt): Error: net_connect_unix(/run/dovecot/stats-writer) failed: Permission 
denied

dovecot-lda is run from postfix as mailbox_command for local users.

There's even a suggestion on dovecot wiki to make dovecot-lda setgid
(to mail) - for a different reason but people use this trick to shut
this error message up.  See eg the last message at
https://forum.zentyal.org/index.php?topic=35236.0 which points to
https://wiki2.dovecot.org/LDA/Postfix .

But the thing is: mail delivery stops right after making dovecot-lda
setgid, like this:

Feb 22 00:06:46 tsrv dovecot: lda(mjt)<253650>: \
 Fatal: setresgid(914(dovecot),914(dovecot),8(mail)) failed with 
euid=1000(mjt): \
 Operation not permitted

why the hell lda tries to setuid to dovecot user?
It will definitely unable to write to the maildir since it is owned by
user mjt, not by user dovecot!

And I *only* made it setgid, not setuid.

How to use dovecot-lda together with postfix, after all?

Thanks,

/mjt

Re: /usr/libexec/dovecot/anvil crashes immediately

2022-02-21 Thread James 

On 08/02/2022 20:04, Friedrich Kink wrote:


I built a dovecot package for openindiana (which is a Solaris
derivative) from latest version 2.3.18. Everything compiles and builds
fine without any issue. Even subsequent installation and startup of main
dovecot process works as expected. But execution of
/usr/libexec/dovecot/anvil immediately crashes.


I can't see what is wrong from your trace.  You might get more help on 
the OpenIndiana mailing list.


I run dovecot on OmniOS (also a Solaris / illuminos derivative) without 
problem.  I wonder why you are running dovecot on openindiana which is 
focused for desktop use; why not use OmniOS for a server?  Your choice 
but you could run OpenIndiana global with a bhyve zone running OmniOS.



James.

Re: Memory problems with config service

2022-02-21 Thread Víctor Rubiella Monfort 

You are rigth.

This problem is fixed upgrading to 2.3 version.

Thanks.


El 18/2/22 a las 10:04, Aki Tuomi escribió:

Hi,

2.2.27 is unfortunately rather ancient version, and no longer supported. Can 
you try, somehow, if this happens with 2.3.18? You can get packages from 
https://repo.dovecot.org.

Aki



On 16/02/2022 17:20 Víctor Rubiella Monfort  wrote:


(Resend to list, sorry for personal reply)


  
   Mensaje reenviado 

Asunto: Re: Memory problems with config service 
Fecha: Wed, 16 Feb 2022 16:19:32 +0100  
De: Víctor Rubiella Monfort  
Para: Aki Tuomi   

  
  # 2.2.27 (): /etc/dovecot/dovecot.conf

  # Pigeonhole version 0.4.16 ()
  # OS: Linux 4.9.0-16-amd64 x86_64 Debian 9.9
  auth_username_chars = 
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@&
  auth_worker_max_count = 25
  default_client_limit = 1200
  disable_plaintext_auth = no
  first_valid_uid = 100
  info_log_path = /var/log/dovecot-info.log
  log_path = /var/log/dovecot.log
  login_greeting = Server ready
  login_log_format_elements = user=<%u> method=%m port=%a rip=%r lip=%l mpid=%e 
%c
  mail_location = maildir:%h
  mail_max_userip_connections = 100
  passdb {
  args = /etc/dovecot/mailaccounts.db
  driver = passwd-file
  }
  plugin {
  quota = maildir:User quota
  quota_rule3 = SPAM:storage=+50M
  }
  protocols = imap pop3
  service config {
  vsz_limit = 9 G
  }
  service imap-login {
  process_limit = 500
  }
  service pop3-login {
  process_limit = 500
  }
  ssl_ca =   
  local_name *.hidden.com {

  ssl_cert =   
  
  El 16/2/22 a las 10:02, Aki Tuomi escribió:



On 16/02/2022 07:30 Víctor Rubiella Monfort  wrote:
  
  
  Hi all,

  I'm having problems with memory in config service. I increased vsz_limit to 
10GB but continue with this errors when try to reload or restart dovecot:
  
  config: Panic: data stack: Out of memory when allocating 2147483688 bytes

  master: Error: service(config): command startup failed, throttling for 2 secs
  config: Fatal: master: service(config): child 5512 killed with signal 6 (core 
dumps disabled)
  
  Dovecot has a lot of certificates TLS configured (SNI) (about 3k), but if I check the size of all of them is aprox 170MB on disk.Why does it need so much memory to boot? Is normal?
  
  
  
  service config {

  vsz_limit = {{ vszlimit }}
  }


Hi!
  
  Can you send your doveconf -n output?
  
  Aki