Re: Debug: open(/proc/self/io) failed: Permission denied
Hi, On Mon, Apr 24, 2023 at 1:34 PM Aki Tuomi wrote: > You can get rid of the debug message with > > import_environment = $import_environment PR_SET_DUMPABLE=2 > > or setting > > sysctl fs.suid_dumpable=2 > Thanks so much - that appears to have fixed it. What does that do, and any idea why it wasn't necessary on my other fedora37 system with the same configuration? It appears to be related to allowing core dumps, but I don't understand how that is relevant here. Thanks, Alex ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Debug: open(/proc/self/io) failed: Permission denied
You can get rid of the debug message with
import_environment = $import_environment PR_SET_DUMPABLE=2
or setting
sysctl fs.suid_dumpable=2
Aki
> On 24/04/2023 19:47 EEST Alex wrote:
>
>
> Hi, I've seen a few emails over the years related to this error message, but
> they are typically associated with doveadm. In my case, it's related to
> dovecot itself.
>
> I've just set up dovecot-2.3.20-1.fc37.x86_64 on fedora37 and unable to
> receive mail. The main config was copied over from another dovecot system on
> fedora37 with virtually identical settings, including the same SSL cert. I've
> also tried to just migrate the important stuff and otherwise leave the
> defaults, but I'm having the same problem.
>
> imap(bcc-user)<2977522>: Debug: Loading modules from
> directory: /usr/lib64/dovecot
> imap(bcc-user)<2977522>: Debug: Module loaded:
> /usr/lib64/dovecot/lib20_listescape_plugin.so
> imap(bcc-user)<2977522>: Debug: Effective uid=1001,
> gid=1001, home=/home/bcc-user
> imap(bcc-user)<2977522>: Debug: open(/proc/self/io) failed:
> Permission denied
> imap(bcc-user)<2977522>: Debug: Namespace inbox:
> type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes,
> subscriptions=yes location=mbox:~/mail:INBOX=/var/spool/mail/bcc-user
> imap(bcc-user)<2977522>: Debug: fs:
> root=/home/bcc-user/mail, index=, indexpvt=, control=,
> inbox=/var/spool/mail/bcc-user, alt=
> imap(bcc-user)<2977522>: Debug: Mailbox Trash: Mailbox
> opened
>
> I've set the /var/spool/mail/bcc-user permissions to 600, bcc-user:mail. The
> /home/bcc-user directory is 611, bcc-user:bcc-user.
>
> Here is my doveconf -n:
>
> # 2.3.20 (80a5ac675d): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.20 (149edcf2)
> # OS: Linux 6.1.15-200.fc37.x86_64 x86_64 Fedora release 37 (Thirty Seven)
> auth_debug = yes
> auth_verbose = yes
> mail_debug = yes
> mail_gid = mail
> mail_home = mail/
> mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
> mail_max_userip_connections = 500
> mail_plugins = " listescape"
> mail_privileged_group = mail
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
> copy include variables body enotify environment mailbox date index ihave
> duplicate mime foreverypart extracttext
> mbox_write_locks = fcntl
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix =
> }
> passdb {
> driver = pam
> }
> protocols = imap
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0660
> user = postfix
> }
> }
> service imap-login {
> inet_listener imap {
> port = 0
> }
> inet_listener imaps {
> port = 993
> }
> process_min_avail = 6
> service_count = 0
> vsz_limit = 512 M
> }
> ssl_cert = ssl_cipher_list =
> ALL:!LOW:!EXP:!aNULL:!RC4::!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> ssl_prefer_server_ciphers = yes
> userdb {
> driver = passwd
> }
> verbose_ssl = yes
>
> Any ideas greatly appreciated. I was very surprised to be having problems
> after having done this so many times before.
>
>
>
>
>
>
> ___
> dovecot mailing list -- dovecot@dovecot.org
> To unsubscribe send an email to dovecot-le...@dovecot.org
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Debug: open(/proc/self/io) failed: Permission denied
Hi, I've seen a few emails over the years related to this error message,
but they are typically associated with doveadm. In my case, it's related to
dovecot itself.
I've just set up dovecot-2.3.20-1.fc37.x86_64 on fedora37 and unable to
receive mail. The main config was copied over from another dovecot system
on fedora37 with virtually identical settings, including the same SSL cert.
I've also tried to just migrate the important stuff and otherwise leave the
defaults, but I'm having the same problem.
imap(bcc-user)<2977522>: Debug: Loading modules from
directory: /usr/lib64/dovecot
imap(bcc-user)<2977522>: Debug: Module loaded:
/usr/lib64/dovecot/lib20_listescape_plugin.so
imap(bcc-user)<2977522>: Debug: Effective uid=1001,
gid=1001, home=/home/bcc-user
imap(bcc-user)<2977522>: Debug: open(/proc/self/io)
failed: Permission denied
imap(bcc-user)<2977522>: Debug: Namespace inbox:
type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes,
subscriptions=yes location=mbox:~/mail:INBOX=/var/spool/mail/bcc-user
imap(bcc-user)<2977522>: Debug: fs:
root=/home/bcc-user/mail, index=, indexpvt=, control=,
inbox=/var/spool/mail/bcc-user, alt=
imap(bcc-user)<2977522>: Debug: Mailbox Trash: Mailbox
opened
I've set the /var/spool/mail/bcc-user permissions to 600, bcc-user:mail.
The /home/bcc-user directory is 611, bcc-user:bcc-user.
Here is my doveconf -n:
# 2.3.20 (80a5ac675d): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.20 (149edcf2)
# OS: Linux 6.1.15-200.fc37.x86_64 x86_64 Fedora release 37 (Thirty Seven)
auth_debug = yes
auth_verbose = yes
mail_debug = yes
mail_gid = mail
mail_home = mail/
mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
mail_max_userip_connections = 500
mail_plugins = " listescape"
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date index ihave
duplicate mime foreverypart extracttext
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = imap
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
}
process_min_avail = 6
service_count = 0
vsz_limit = 512 M
}
ssl_cert = ___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: managesieve problem
Did you try openssl s_client -connect server:4190 -starttls sieve Aki > On 24/04/2023 18:59 EEST Soeren Malchow wrote: > > > Hi, > > > i am struggeling with a managesieve problem, we are using docker mailserver > and managesieve login does not work, if i understand correctly, then dovecot > should offer something like this > > > "SASL" "PLAIN" > > > > on our server it is simply empty > > > "SASL" "" > > > i was trying to authenticate in a telnet connection > > > AUTHENTICATE "PLAIN" "LOGINSTRING_HERE" > > > > And i get this > > > NO "Error in MANAGESIEVE command received by server." > > > > first of all i would like to ask where the SASL capabilites come from, how > can i get it to offer "PLAIN" or "AUTH" > > > everything else (e.g. sieve itself) just works find > > > Cheers > Soeren > > > ___ > dovecot mailing list -- dovecot@dovecot.org > To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
managesieve problem
Hi, i am struggeling with a managesieve problem, we are using docker mailserver and managesieve login does not work, if i understand correctly, then dovecot should offer something like this "SASL" "PLAIN" on our server it is simply empty "SASL" "" i was trying to authenticate in a telnet connection AUTHENTICATE "PLAIN" "LOGINSTRING_HERE" And i get this NO "Error in MANAGESIEVE command received by server." first of all i would like to ask where the SASL capabilites come from, how can i get it to offer "PLAIN" or "AUTH" everything else (e.g. sieve itself) just works find Cheers Soeren ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot sasl with postfix, smtp auth not available
On 2023-04-23 11:53, Benny Pedersen wrote: dovecot--- via dovecot skrev den 2023-04-23 20:25: I tried to enable it on postfix smtp_sasl_auth_enable, but it is was not advertise. That is because "smtp" is not the same as "smtpd". http://www.postfix.org/postconf.5.html#smtpd_sasl_auth_enable port 25 should not support sasl auth, make this a override in master.cf so it only is on port 465, or 587 when remote mta's blindly just try sasl auth on port 25 thay miss a password, and give up, after wasting resourses in both ends ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org FYI, +1... Especially since some email clients STILL fallback to insecure password auth attempts on port 25, resulting in sending email passwords across the internet in plain text. Everyone should adopt this policy by default. Turning off AUTH on insecure connections has shown to reduce email compromise levels by up to 90%. Reminder, this also applies to POP/IMAP. -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot-fts-solr Solr9 support
Shawn -
You had mentioned in another email (somewhere) that were hopefully going
to do a write-up of setting up Solr 9.x with Dovecot. Any chance you've
had time for that ?
Thanks -
On 2022-09-30 1:52 pm, Shawn Heisey wrote:
> On 9/27/22 19:32, Nathanael Anderson wrote:
>
>> I was trying a new install of dovecot w/ solr9. I've manually fixed the file
>> linking to the proper directories, however one plugin is no longer shipped.
>> Since the solr files aren't updated yet to 9, can anyone tell me if I need
>> the discontinued velocity plugin that was default in the dovecot solr 7.7
>> config file. It appears it is now a third party plugin that hasn't been
>> updated for 3 years.
>
> The velocity stuff that Solr ships with is a templating system that
> allows Solr to host a little website showcasing its capabilities. It is
> strongly recommended to never use this in production, as it requires
> that end users have direct network access to the Solr install, which is
> never a good idea.
>
> Dovecot accesses the API directly and does not need velocity.
>
> I am running a dev version of Solr 9.1.0 with the config and schema
> stripped down to just what is needed for Dovecot. I have added the jars
> necessary for the ICU analysis components and I am using two of those
> analysis components in my schema.
>
> I installed Solr on Ubuntu Server using the service installer script
> included in the download. This extracts the tarball in /opt, and then
> sets up /opt/solr as a symlink to the version-specific directory in
> /opt. It creates a directory structure under /var/solr and creates
> /etc/default/solr.in.sh. If you use a service name other than solr,
> that will be named /etc/default/${servicename}.in.sh and I believe the
> data will go to /var/${servicename}.
>
> For ICU, I created /var/solr/data/lib, then copied icu4j-70.1.jar and
> lucene-analysis-icu-9.3.0.jar from /opt/solr/modules/analysis-extras/lib
> to that new lib directory. Solr 9.0.0 would have lucene jars from Lucene
> 9.0.0, but the 9.x branch is currently using Lucene 9.3.0. Do not use
> config elements in solrconfig.xml to load the jars. My
> solrconfig.xml and managed-schema.xml files can be found here:
>
> https://paste.elyograg.org/view/97597ed3 [1]
> https://paste.elyograg.org/view/dca55086 [2]
>
> My index is quite small by Solr standards, which is why I have such a
> low maxTime on autoSoftCommit. Larger indexes may do better with a
> larger interval there.
>
> I use LATEST for luceneMatchVersion, which generates a warning when Solr
> starts. I am also using 2.0 for the schema version so that it will
> automatically pick up new defaults after the 1.6 version when those
> versions are created in later versions of Solr.
>
> This is the current contents of /etc/default/solr.in.sh with commented
> lines removed:
>
> ---
> SOLR_PID_DIR="/var/solr"
> SOLR_HOME="/var/solr/data"
> LOG4J_PROPS="/var/solr/log4j2.xml"
> SOLR_LOGS_DIR="/var/solr/logs"
> SOLR_PORT="8983"
> SOLR_HEAP="1g"
> GC_TUNE="
> -XX:+UseG1GC
> -XX:+ParallelRefProcEnabled
> -XX:MaxGCPauseMillis=100
> -XX:+UseLargePages
> -XX:+AlwaysPreTouch
> -XX:+ExplicitGCInvokesConcurrent
> -XX:ParallelGCThreads=2
> -XX:+UseStringDeduplication
> -XX:+UseNUMA
> "
> SOLR_JAVA_STACK_SIZE="-Xss1m"
> SOLR_ULIMIT_CHECKS=false
> SOLR_GZIP_ENABLED=true
> SOLR_JETTY_HOST=0.0.0.0
> ---
>
> Once you have all that in place, start and stop solr using service or
> systemctl. Don't run the solr script directly except to create the
> index ... and for that you must run it as the solr user. Running it as
> root is prohibited by default, and forcing it will cause problems.
>
> My Solr install is running in cloud mode, but I have removed the things
> that configure that to make this info easier to use.
>
> One final note: Solr 9 cannot use indexes touched by Solr 7 or
> earlier. You will need to completely reindex.
>
> Thanks,
> Shawn
Links:
--
[1] https://paste.elyograg.org/view/97597ed3
[2] https://paste.elyograg.org/view/dca55086
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot sasl with postfix, smtp auth not available
Hi Badli, thanks for the information. A few hints: If possible, please avoid using HTML mails. And for outputs like 'postconf -n': please use an attached text file if your MUA (OL) isn't able to transfer them in a proper way. I would suggest the following changes: 1. postconf -n [...] smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot As Benny already wrote: delete them from your main.cf as port 25 should not be used for authentication. 2. postconf -M [...] smtps inet n - - - - smtpd [...] -o smtpd_client_restrictions= permit_sasl_authenticated, reject ---^ -o milter_macro_daemon_name= ORIGINATING --^ In master.cf: please take care that you don't specify whitespaces around the '=', at least if you're using the short form shown above. Some more examples, where you should check and change the master.cf regarding this: submission inet n - - - - smtpd [...] -o smtpd _sasl_security_options= noanonymous -o smtpd_client_restrictions= permit_sasl_authenticated, reject -o smtpd_sender_login_maps= hash:/etc/postfix/virtual -o smtpd_sender_restrictions= reject_sender_login_mismatch -o smtpd_recipient_restrictions= reject_non_fqdn_recipient ... Regarding the authentication part(s) itself: The configuration of the submission port seems correct to me and authentication should work. You can test it this way: openssl s_client -connect www.zystro.xyz:587 -starttls smtp For the smtps port you should add at least the following to the existing configuration of your master.cf: smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING -o smtpd_tls_security_level=encrypt -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous You can test it this way: openssl s_client -connect www.zystro.xyz:465 After connecting successfully (to 465 & 587), in both cases using 'ehlo foo' you should see entries like these: [...] 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN [...] If not, we need the logs. ;-) HTH and regards, Markus ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
