doveadm: Error: Mailbox INBOX: Deleting corrupted cache: Cache file too large

[Ralf Hildebrandt]

Hi!

Upon issuing a 
% doveadm import -u restore@backup.invalid mdbox:/home/storage/mdbox
I'm getting a:
doveadm(restore@backup.invalid): Error: Mailbox INBOX: Deleting corrupted 
cache: Cache file too largea
doveadm(restore@backup.invalid): Error: Corrupted dbox file 
/home/restore/mdbox/storage/m.7 (around offset=41602004): msg header has bad 
magic value
doveadm(restore@backup.invalid): Error: Corrupted dbox file 
/home/restore/mdbox/storage/m.8 (around offset=17193748): msg header has bad 
magic value

message -- but the process keeps running!

Should I worry?

dovecot packages: 2.3.20-3+ubuntu20.04

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | https://www.charite.de

Re: Doveadm error since 2.3.11.3 when run as unprivileged user

[Olav Seyfarth]

Thanks a lot, understood and added to config.
No warning for doveadm any longer.

Re: Doveadm error since 2.3.11.3 when run as unprivileged user

[Aki Tuomi]

> On 11/09/2020 01:40 Olav Seyfarth  wrote:
> 
>  
> On Thu, Aug 13, 2020, Arjen de Korte wrote:
> > include optional config file and suppress errors if it doesn't exist
> 
> I followed this workaround, which is nicely summarized at
> https://github.com/postfixadmin/postfixadmin/issues/381#issuecomment-678269198
> 
> Yet, not all errors are suppressed this way:
> 
> $ doveadm pw
> doveadm(olav): Error: net_connect_unix(/run/dovecot/stats-writer) failed: 
> Permission denied
> 
> $ ls -l /run/dovecot/stats-writer
> srw-rw 1 rootdovecot0 11. Sep 00:27 stats-writer
> 
> Olav

Hi!

That error is more like warning, and you can safely ignore it.

If you want to get rid of it, add

service stats {
   unix_listener stats-writer {
 mode = 0666
   }
}

Aki

Re: Doveadm error since 2.3.11.3 when run as unprivileged user

[Olav Seyfarth]

On Thu, Aug 13, 2020, Arjen de Korte wrote:

include optional config file and suppress errors if it doesn't exist


I followed this workaround, which is nicely summarized at
https://github.com/postfixadmin/postfixadmin/issues/381#issuecomment-678269198

Yet, not all errors are suppressed this way:

$ doveadm pw
doveadm(olav): Error: net_connect_unix(/run/dovecot/stats-writer) failed: 
Permission denied

$ ls -l /run/dovecot/stats-writer
srw-rw 1 rootdovecot0 11. Sep 00:27 stats-writer

Olav

Re: Doveadm error since 2.3.11.3 when run as unprivileged user

[Dan Christensen]

On Aug 13, 2020, Josef 'Jeff' Sipek  wrote:

> On Thu, Aug 13, 2020 at 21:16:42 +0200, Arjen de Korte wrote:
>> Citeren Timo Sirainen :
>> > !include_try ssl-keys.conf
>> 
>> That will only work to include an optional configuration file and  
>> suppress errors if it doesn't exist. I put
>> 
>> ssl_key = > 
>> in a separate configuration file and it failed in a similar fashion,  
>> just with another filename.
>
> I think the idea was that the file with the ssl_key line was only
> root-readable.  That way, non-privilged users will fail to include the file.

This worked for me.  As mentioned, I had to make the new .conf file
readable only by root.

Dan

Re: Doveadm error since 2.3.11.3 when run as unprivileged user

[Arjen de Korte]

Citeren Josef 'Jeff' Sipek :


On Thu, Aug 13, 2020 at 21:16:42 +0200, Arjen de Korte wrote:

Citeren Timo Sirainen :
> !include_try ssl-keys.conf

That will only work to include an optional configuration file and
suppress errors if it doesn't exist. I put

ssl_key = 

I think the idea was that the file with the ssl_key line was only
root-readable.  That way, non-privilged users will fail to include the file.

Is that what you tried?


No, but you put me on the right track.

What is needed is to !include_try the whole previous SSL configuration  
file only for root and to precede this by an include for a new one  
which disables SSL completely. So first SSL will be disabled for all  
users (including root) and only for root, the SSL configuration will  
be loaded after that.

Re: Doveadm error since 2.3.11.3 when run as unprivileged user

[Josef 'Jeff' Sipek]

On Thu, Aug 13, 2020 at 21:16:42 +0200, Arjen de Korte wrote:
> Citeren Timo Sirainen :
> > !include_try ssl-keys.conf
> 
> That will only work to include an optional configuration file and  
> suppress errors if it doesn't exist. I put
> 
> ssl_key =  
> in a separate configuration file and it failed in a similar fashion,  
> just with another filename.

I think the idea was that the file with the ssl_key line was only
root-readable.  That way, non-privilged users will fail to include the file.

Is that what you tried?

Jeff.

-- 
I think there is a world market for maybe five computers.
- Thomas Watson, chairman of IBM, 1943.

Re: Doveadm error since 2.3.11.3 when run as unprivileged user

[Arjen de Korte]

Citeren Timo Sirainen :


On 13. Aug 2020, at 11.29, Timo Sirainen  wrote:


On 13. Aug 2020, at 11.00, Arjen de Korte  
 wrote:


I allow users to run 'doveadm' for mailbox maintenance (to expunge  
mail for instance). Since the upgrade to 2.3.11.3, this no longer  
works and results in the following error message:


doveconf: Fatal: Error in configuration file  
/etc/dovecot/conf.d/10-ssl.conf line 13: ssl_key: Can't open file  
/etc/ssl/private/de-korte.org.key: Permission denied


This is no surprise, as non-privileged users are not allowed to  
read the private keys of the server. Question is, why is doveadm  
trying to read this key in the first place (it is not needed for  
mailbox maintenance) and why is it failing now?


There were some ssl setting handling cleanups in v2.3.11, which  
caused this. I guess the proper fix for this would be to split SSL  
client settings and SSL server settings. So doveadm would still  
read the SSL client settings without trying to read the SSL server  
settings and failing there.


As a workaround, it should be possible to put the ssl_key into a  
separate config file and use !Include_try for it. For example in  
dovecot.conf:


!include_try ssl-keys.conf


That will only work to include an optional configuration file and  
suppress errors if it doesn't exist. I put


ssl_key = in a separate configuration file and it failed in a similar fashion,  
just with another filename.

Re: Doveadm error since 2.3.11.3 when run as unprivileged user

[Timo Sirainen]

On 13. Aug 2020, at 11.29, Timo Sirainen  wrote:
> 
> On 13. Aug 2020, at 11.00, Arjen de Korte  wrote:
>> 
>> I allow users to run 'doveadm' for mailbox maintenance (to expunge mail for 
>> instance). Since the upgrade to 2.3.11.3, this no longer works and results 
>> in the following error message:
>> 
>> doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf 
>> line 13: ssl_key: Can't open file /etc/ssl/private/de-korte.org.key: 
>> Permission denied
>> 
>> This is no surprise, as non-privileged users are not allowed to read the 
>> private keys of the server. Question is, why is doveadm trying to read this 
>> key in the first place (it is not needed for mailbox maintenance) and why is 
>> it failing now?
> 
> There were some ssl setting handling cleanups in v2.3.11, which caused this. 
> I guess the proper fix for this would be to split SSL client settings and SSL 
> server settings. So doveadm would still read the SSL client settings without 
> trying to read the SSL server settings and failing there.

As a workaround, it should be possible to put the ssl_key into a separate 
config file and use !Include_try for it. For example in dovecot.conf:

!include_try ssl-keys.conf

Re: Doveadm error since 2.3.11.3 when run as unprivileged user

[Timo Sirainen]

On 13. Aug 2020, at 11.00, Arjen de Korte  wrote:
> 
> I allow users to run 'doveadm' for mailbox maintenance (to expunge mail for 
> instance). Since the upgrade to 2.3.11.3, this no longer works and results in 
> the following error message:
> 
> doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf 
> line 13: ssl_key: Can't open file /etc/ssl/private/de-korte.org.key: 
> Permission denied
> 
> This is no surprise, as non-privileged users are not allowed to read the 
> private keys of the server. Question is, why is doveadm trying to read this 
> key in the first place (it is not needed for mailbox maintenance) and why is 
> it failing now?

There were some ssl setting handling cleanups in v2.3.11, which caused this. I 
guess the proper fix for this would be to split SSL client settings and SSL 
server settings. So doveadm would still read the SSL client settings without 
trying to read the SSL server settings and failing there.

Doveadm error since 2.3.11.3 when run as unprivileged user

[Arjen de Korte]

I allow users to run 'doveadm' for mailbox maintenance (to expunge  
mail for instance). Since the upgrade to 2.3.11.3, this no longer  
works and results in the following error message:


doveconf: Fatal: Error in configuration file  
/etc/dovecot/conf.d/10-ssl.conf line 13: ssl_key: Can't open file  
/etc/ssl/private/de-korte.org.key: Permission denied


This is no surprise, as non-privileged users are not allowed to read  
the private keys of the server. Question is, why is doveadm trying to  
read this key in the first place (it is not needed for mailbox  
maintenance) and why is it failing now?


Regards, Arjen

Re: Doveadm error during store - segfault clucene

[Stephan Bosch via dovecot]

On 02/10/2019 10:12, Domenico Pastore via dovecot wrote:



Hi,
during the store of the messages, I find the following doveadm errors:

2019-10-02 09:22:19 auth: Debug: 
ldap(test@test.xxx.it,10.11.47.60): result: 
mailMessageStore=1/1/2/0/8/7/2/1120872_91093 mailQuota=52428800; 
mailQuota,mailMessageStore unused
2019-10-02 09:22:19 auth: Debug: 
ldap(test@test.xxx.it,10.11.47.60): Finished userdb lookup
2019-10-02 09:22:19 auth: Debug: userdb out: USER    1 
test@test.xxx.it 
home=/store/mailbox/mailbox_test/1/1/2/0/8/7/2/1120872_91093 
quota_rule=*:bytes=52428800    mail_plugins+=
*2019-10-02 09:22:19 
doveadm(test@test.xxx.it)<180667>: Fatal: 
master: service(doveadm): child 180667 killed with signal 11 (core 
dumped)*
2019-10-02 09:22:19 auth: Debug: master in: USER    1 
test@test.xxx.it    service=doveadm lip=192.160.10.100    
lport=924    rip=10.11.47.60 rport=56515
2019-10-02 09:22:19 auth: Debug: 
ldap(test@test.xxx.it,10.11.47.60): Performing userdb lookup


This problem occurs only with the quota plugin enabled.

Can you help me?



The GDB trace tells me this is most likely a Lucene bug. There is very 
little Dovecot can mess up at library deinit like that.


Regards,

Stephan.


Best regards

Domenico

-

(gdb)
#0  clear (this=0x0) at 
/usr/src/debug/clucene-core-2.3.3.4/src/core/CLucene/util/VoidMap.h:123
#1  lucene::search::FieldSortedHitQueue::_shutdown () at 
/usr/src/debug/clucene-core-2.3.3.4/src/core/CLucene/search/FieldSortedHitQueue.cpp:60
#2  0x7f4b37a62e96 in _lucene_shutdown () at 
/usr/src/debug/clucene-core-2.3.3.4/src/core/CLucene/StdHeader.cpp:33
#3  0x7f4b3b2f2fbb in module_dir_deinit (modules=) 
at module-dir.c:578
#4  0x7f4b3b2f3001 in module_dir_unload 
(modules=modules@entry=0x7f4b3b8e1380 ) 
at module-dir.c:590
#5  0x7f4b3b5dd264 in mail_storage_service_deinit 
(_ctx=_ctx@entry=0x55ea409b7838) at mail-storage-service.c:1730
#6  0x55ea3f4a3d35 in doveadm_mail_cmd_exec 
(ctx=ctx@entry=0x55ea409b77f8, wildcard_user=wildcard_user@entry=0x0) 
at doveadm-mail.c:673
#7  0x55ea3f4a4bbd in doveadm_cmd_ver2_to_mail_cmd_wrapper 
(cctx=) at doveadm-mail.c:1144
#8  0x55ea3f4b5c98 in doveadm_cmd_run_ver2 (argc=argc@entry=1, 
argv=argv@entry=0x55ea40997150, cctx=cctx@entry=0x7fff9a1cb990) at 
doveadm-cmd.c:574
#9  0x55ea3f4ba020 in doveadm_cmd_server_run_ver2 
(cctx=0x7fff9a1cb990, argv=0x55ea40997150, argc=1, 
conn=0x55ea409ebbd8) at client-connection-tcp.c:178
#10 doveadm_cmd_handle (cctx=0x7fff9a1cb990, argv=0x55ea40997150, 
argc=1, cmd_name=, conn=0x55ea409ebbd8) at 
client-connection-tcp.c:342
#11 client_handle_command (args=, conn=0x55ea409ebbd8) 
at client-connection-tcp.c:415
#12 client_connection_tcp_input (conn=0x55ea409ebbd8) at 
client-connection-tcp.c:561
#13 0x7f4b3b2e855f in io_loop_call_io (io=0x55ea409c5b10) at 
ioloop.c:704
#14 0x7f4b3b2e9fa3 in io_loop_handler_run_internal 
(ioloop=ioloop@entry=0x55ea4099fcb0) at ioloop-epoll.c:221
#15 0x7f4b3b2e8666 in io_loop_handler_run 
(ioloop=ioloop@entry=0x55ea4099fcb0) at ioloop.c:756
#16 0x7f4b3b2e in io_loop_run (ioloop=0x55ea4099fcb0) at 
ioloop.c:729
#17 0x7f4b3b25b2d3 in master_service_run (service=0x55ea4099fb40, 
callback=callback@entry=0x55ea3f4bd260 ) at 
master-service.c:781

#18 0x55ea3f493421 in main (argc=1, argv=0x55ea4099f890) at main.c:151

(gdb) bt full
#0  clear (this=0x0) at 
/usr/src/debug/clucene-core-2.3.3.4/src/core/CLucene/util/VoidMap.h:123

No locals.
#1  lucene::search::FieldSortedHitQueue::_shutdown () at 
/usr/src/debug/clucene-core-2.3.3.4/src/core/CLucene/search/FieldSortedHitQueue.cpp:60

No locals.
#2  0x7f4b37a62e96 in _lucene_shutdown () at 
/usr/src/debug/clucene-core-2.3.3.4/src/core/CLucene/StdHeader.cpp:33

No locals.
#3  0x7f4b3b2f2fbb in module_dir_deinit (modules=) 
at module-dir.c:578

    _data_stack_cur_id = 4
    module = 0x55ea40a048b0
    rev = 0x55ea4099ac18
    i = 
    count = 6
#4  0x7f4b3b2f3001 in module_dir_unload 
(modules=modules@entry=0x7f4b3b8e1380 ) 
at module-dir.c:590

    module = 
    next = 
#5  0x7f4b3b5dd264 in mail_storage_service_deinit 
(_ctx=_ctx@entry=0x55ea409b7838) at mail-storage-service.c:1730

    ctx = 0x55ea409f0bf8
#6  0x55ea3f4a3d35 in doveadm_mail_cmd_exec 
(ctx=ctx@entry=0x55ea409b77f8, wildcard_user=wildcard_user@entry=0x0) 
at doveadm-mail.c:673

    cctx = 
    cli = 
    ret = 
    error = 0x7f4b3b22d2f7 <__x86_return_thunk+5> 
"\363\220\017\256\350\353\371H\215d$\b\303\350\a"
#7  0x55ea3f4a4bbd in doveadm_cmd_ver2_to_mail_cmd_wrapper 
(cctx=) at doveadm-mail.c:1144

    mctx = 0x55ea409b77f8
    wildcard_user = 
    fieldstr = 0x55ea40997310 "͒\t7K\177"
    pargv = {arr = {buffer = 0x55ea409b7a28, element_size = 8}, v 
= 0x55ea409b7a28, v_modifiable = 0x55ea409b7a28}
    full_args = {arr = {buffer = , 

Doveadm error during store - segfault clucene

[Domenico Pastore via dovecot]

Hi,
during the store of the messages, I find the following doveadm errors:

2019-10-02 09:22:19 auth: Debug: 
ldap(test@test.xxx.it,10.11.47.60):
 result: mailMessageStore=1/1/2/0/8/7/2/1120872_91093 mailQuota=52428800; 
mailQuota,mailMessageStore unused
2019-10-02 09:22:19 auth: Debug: 
ldap(test@test.xxx.it,10.11.47.60):
 Finished userdb lookup
2019-10-02 09:22:19 auth: Debug: userdb out: USER1
test@test.xxx.it
home=/store/mailbox/mailbox_test/1/1/2/0/8/7/2/1120872_91093
quota_rule=*:bytes=52428800mail_plugins+=
2019-10-02 09:22:19 
doveadm(test@test.xxx.it)<180667>:
 Fatal: master: service(doveadm): child 180667 killed with signal 11 (core 
dumped)
2019-10-02 09:22:19 auth: Debug: master in: USER1
test@test.xxx.itservice=doveadm
lip=192.160.10.100lport=924rip=10.11.47.60rport=56515
2019-10-02 09:22:19 auth: Debug: 
ldap(test@test.xxx.it,10.11.47.60):
 Performing userdb lookup

This problem occurs only with the quota plugin enabled.

Can you help me?

Best regards

Domenico

-

(gdb)
#0  clear (this=0x0) at 
/usr/src/debug/clucene-core-2.3.3.4/src/core/CLucene/util/VoidMap.h:123
#1  lucene::search::FieldSortedHitQueue::_shutdown () at 
/usr/src/debug/clucene-core-2.3.3.4/src/core/CLucene/search/FieldSortedHitQueue.cpp:60
#2  0x7f4b37a62e96 in _lucene_shutdown () at 
/usr/src/debug/clucene-core-2.3.3.4/src/core/CLucene/StdHeader.cpp:33
#3  0x7f4b3b2f2fbb in module_dir_deinit (modules=) at 
module-dir.c:578
#4  0x7f4b3b2f3001 in module_dir_unload 
(modules=modules@entry=0x7f4b3b8e1380 ) at 
module-dir.c:590
#5  0x7f4b3b5dd264 in mail_storage_service_deinit 
(_ctx=_ctx@entry=0x55ea409b7838) at mail-storage-service.c:1730
#6  0x55ea3f4a3d35 in doveadm_mail_cmd_exec (ctx=ctx@entry=0x55ea409b77f8, 
wildcard_user=wildcard_user@entry=0x0) at doveadm-mail.c:673
#7  0x55ea3f4a4bbd in doveadm_cmd_ver2_to_mail_cmd_wrapper (cctx=) at doveadm-mail.c:1144
#8  0x55ea3f4b5c98 in doveadm_cmd_run_ver2 (argc=argc@entry=1, 
argv=argv@entry=0x55ea40997150, cctx=cctx@entry=0x7fff9a1cb990) at 
doveadm-cmd.c:574
#9  0x55ea3f4ba020 in doveadm_cmd_server_run_ver2 (cctx=0x7fff9a1cb990, 
argv=0x55ea40997150, argc=1, conn=0x55ea409ebbd8) at client-connection-tcp.c:178
#10 doveadm_cmd_handle (cctx=0x7fff9a1cb990, argv=0x55ea40997150, argc=1, 
cmd_name=, conn=0x55ea409ebbd8) at client-connection-tcp.c:342
#11 client_handle_command (args=, conn=0x55ea409ebbd8) at 
client-connection-tcp.c:415
#12 client_connection_tcp_input (conn=0x55ea409ebbd8) at 
client-connection-tcp.c:561
#13 0x7f4b3b2e855f in io_loop_call_io (io=0x55ea409c5b10) at ioloop.c:704
#14 0x7f4b3b2e9fa3 in io_loop_handler_run_internal 
(ioloop=ioloop@entry=0x55ea4099fcb0) at ioloop-epoll.c:221
#15 0x7f4b3b2e8666 in io_loop_handler_run 
(ioloop=ioloop@entry=0x55ea4099fcb0) at ioloop.c:756
#16 0x7f4b3b2e in io_loop_run (ioloop=0x55ea4099fcb0) at ioloop.c:729
#17 0x7f4b3b25b2d3 in master_service_run (service=0x55ea4099fb40, 
callback=callback@entry=0x55ea3f4bd260 ) at 
master-service.c:781
#18 0x55ea3f493421 in main (argc=1, argv=0x55ea4099f890) at main.c:151

(gdb) bt full
#0  clear (this=0x0) at 
/usr/src/debug/clucene-core-2.3.3.4/src/core/CLucene/util/VoidMap.h:123
No locals.
#1  lucene::search::FieldSortedHitQueue::_shutdown () at 
/usr/src/debug/clucene-core-2.3.3.4/src/core/CLucene/search/FieldSortedHitQueue.cpp:60
No locals.
#2  0x7f4b37a62e96 in _lucene_shutdown () at 
/usr/src/debug/clucene-core-2.3.3.4/src/core/CLucene/StdHeader.cpp:33
No locals.
#3  0x7f4b3b2f2fbb in module_dir_deinit (modules=) at 
module-dir.c:578
_data_stack_cur_id = 4
module = 0x55ea40a048b0
rev = 0x55ea4099ac18
i = 
count = 6
#4  0x7f4b3b2f3001 in module_dir_unload 
(modules=modules@entry=0x7f4b3b8e1380 ) at 
module-dir.c:590
module = 
next = 
#5  0x7f4b3b5dd264 in mail_storage_service_deinit 
(_ctx=_ctx@entry=0x55ea409b7838) at mail-storage-service.c:1730
ctx = 0x55ea409f0bf8
#6  0x55ea3f4a3d35 in doveadm_mail_cmd_exec (ctx=ctx@entry=0x55ea409b77f8, 
wildcard_user=wildcard_user@entry=0x0) at doveadm-mail.c:673
cctx = 
cli = 
ret = 
error = 0x7f4b3b22d2f7 <__x86_return_thunk+5> 
"\363\220\017\256\350\353\371H\215d$\b\303\350\a"
#7  0x55ea3f4a4bbd in doveadm_cmd_ver2_to_mail_cmd_wrapper (cctx=) at doveadm-mail.c:1144
mctx = 0x55ea409b77f8
wildcard_user = 
fieldstr = 0x55ea40997310 "͒\t7K\177"
pargv = {arr = {buffer = 0x55ea409b7a28, element_size = 8}, v = 
0x55ea409b7a28, v_modifiable = 0x55ea409b7a28}
full_args = {arr = {buffer = , element_size = 

Re: doveadm: Error: open(/proc/self/io) failed

[Aki Tuomi via dovecot]

On 6.8.2019 4.20, Tom Diehl via dovecot wrote:
> On Thu, 1 Aug 2019, Timo Sirainen via dovecot wrote:
>
>> On 31 Jul 2019, at 20.45, A. Schulze via dovecot
>>  wrote:
>>>
>>>
>>>
>>> Am 31.07.19 um 08:27 schrieb Sami Ketola via dovecot:
 service lmtp {
 user = vmail
 }

 please remove user = vmail from here or change it to root.

 for security reasons lmtp service must be started as root since
 version 2.2.36. lmtp will drop root privileges after initialization
 but it needs to open /self/proc/io as root before that.
>>>
>>> Hello Sami,
>>>
>>> I don't read "root is required for lmtp" in
>>> https://wiki.dovecot.org/LMTP#Security neither does
>>> https://dovecot.org/doc/NEWS-2.2 say so.
>>> Could you proof that statement somehow?
>>
>>
>> Alternative is:
>>
>> service lmtp {
>>  user = vmail
>>  drop_priv_before_exec = yes
>> }
>>
>> I'm not sure if you run into other problems with that.
>
> OK, so now I am confused. At https://wiki.dovecot.org/LMTP#Security it
> says
> "If you're using only a single global UID/GID, you can improve
> security by
> running lmtp processes as that user"
>
> So, if I am using a single UID/GID, then is the above wiki article
> correct or
> do I need to change my config?
>
> Regards,
>
This file is used for stats gathering, so if you are not using stats,
it's not a huge problem. You can probably also use

import_environment = PR_SET_DUMPABLE=1

to get rid of the warning. Although this makes your process less secure
as it can be ptrace'd.

Aki

Re: doveadm: Error: open(/proc/self/io) failed

[Tom Diehl via dovecot]

On Thu, 1 Aug 2019, Timo Sirainen via dovecot wrote:


On 31 Jul 2019, at 20.45, A. Schulze via dovecot  wrote:




Am 31.07.19 um 08:27 schrieb Sami Ketola via dovecot:

service lmtp {
user = vmail
}

please remove user = vmail from here or change it to root.

for security reasons lmtp service must be started as root since version 2.2.36. 
lmtp will drop root privileges after initialization but it needs to open 
/self/proc/io as root before that.


Hello Sami,

I don't read "root is required for lmtp" in 
https://wiki.dovecot.org/LMTP#Security neither does https://dovecot.org/doc/NEWS-2.2 say 
so.
Could you proof that statement somehow?



Alternative is:

service lmtp {
 user = vmail
 drop_priv_before_exec = yes
}

I'm not sure if you run into other problems with that.


OK, so now I am confused. At https://wiki.dovecot.org/LMTP#Security it says
"If you're using only a single global UID/GID, you can improve security by
running lmtp processes as that user"

So, if I am using a single UID/GID, then is the above wiki article correct or
do I need to change my config?

Regards,

--
Tom m...@tdiehl.org

Re: Solved Re: doveadm: Error: open(/proc/self/io) failed

[Sami Ketola via dovecot]

> On 1 Aug 2019, at 1.51, Tom Diehl via dovecot  wrote:
> 
> Actually the above works OK but you gave me the clue I needed to
> find the actual problem. I looked at the log message again and
> realized that it says doveadm is having problems.
> Something like this:
> Jul 22 12:52:04 vmail2 dovecot: doveadm: Error: open(/proc/self/io) failed: 
> Permission denied
> 
> So I took your advice and found that I had the following in my dsync
> config:
> service doveadm {
>  inet_listener {
>port = 2525
>  }
>  user = vmail
> }
> 
> Removing the user = vmail above fixed the problem.

 Yes, I forgot to mention that the same thing applies to doveadm too.

Sami

Re: doveadm: Error: open(/proc/self/io) failed

[Timo Sirainen via dovecot]

On 31 Jul 2019, at 20.45, A. Schulze via dovecot  wrote:
> 
> 
> 
> Am 31.07.19 um 08:27 schrieb Sami Ketola via dovecot:
>> service lmtp {
>> user = vmail
>> }
>> 
>> please remove user = vmail from here or change it to root.
>> 
>> for security reasons lmtp service must be started as root since version 
>> 2.2.36. lmtp will drop root privileges after initialisation but it needs to 
>> open /self/proc/io as root before that.
> 
> Hello Sami,
> 
> I don't read "root is required for lmtp" in 
> https://wiki.dovecot.org/LMTP#Security neither does 
> https://dovecot.org/doc/NEWS-2.2 say so.
> Could you proof that statement somehow?


Alternative is:

service lmtp {
  user = vmail
  drop_priv_before_exec = yes
}

I'm not sure if you run into other problems with that.

Solved Re: doveadm: Error: open(/proc/self/io) failed

[Tom Diehl via dovecot]

Hi Sami,

Thanks, for taking the time to look at this.

For the archives, the resolution is in line below.

On Wed, 31 Jul 2019, Sami Ketola wrote:





On 30 Jul 2019, at 22.53, Tom Diehl via dovecot  wrote:

On Tue, 30 Jul 2019, Reio Remma via dovecot wrote:


On 30.07.2019 20:07, Tom Diehl via dovecot wrote:


Does anyone have an Idea how to fix this?


Perhaps see if there are any denials in SELinux audit log:


Selinux is in permissive.

If I do:
(vmail1 pts9) # ll /proc/self/io -r 1 root root 0 Jul 30 15:27 
/proc/self/io
(vmail1 pts9) #

It is obvious to me why I get permission denied. The problem is you
cannot chmod on /proc. I suspect I have something mis-configured but
the question is what?


service lmtp {
executable = lmtp -L
inet_listener lmtp {
  address = 127.0.0.1
  port = 24
}
process_min_avail = 5
unix_listener /var/spool/postfix/private/dovecot-lmtp {
  group = postfix
  mode = 0600
  user = postfix
}
user = vmail
}

please remove user = vmail from here or change it to root.


Actually the above works OK but you gave me the clue I needed to
find the actual problem. I looked at the log message again and
realized that it says doveadm is having problems.
Something like this:
Jul 22 12:52:04 vmail2 dovecot: doveadm: Error: open(/proc/self/io) failed: 
Permission denied

So I took your advice and found that I had the following in my dsync
config:
service doveadm {
  inet_listener {
port = 2525
  }
  user = vmail
}

Removing the user = vmail above fixed the problem.

Thanks again.

Regards,

--
Tom m...@tdiehl.org

Re: doveadm: Error: open(/proc/self/io) failed

[A. Schulze via dovecot]

Am 31.07.19 um 08:27 schrieb Sami Ketola via dovecot:
> service lmtp {
>  user = vmail
> }
> 
> please remove user = vmail from here or change it to root.
> 
> for security reasons lmtp service must be started as root since version 
> 2.2.36. lmtp will drop root privileges after initialisation but it needs to 
> open /self/proc/io as root before that.

Hello Sami,

I don't read "root is required for lmtp" in 
https://wiki.dovecot.org/LMTP#Security neither does 
https://dovecot.org/doc/NEWS-2.2 say so.
Could you proof that statement somehow?

Andreas

Re: doveadm: Error: open(/proc/self/io) failed

[Sami Ketola via dovecot]

> On 30 Jul 2019, at 22.53, Tom Diehl via dovecot  wrote:
> 
> On Tue, 30 Jul 2019, Reio Remma via dovecot wrote:
> 
>> On 30.07.2019 20:07, Tom Diehl via dovecot wrote:
>>> 
>>> Does anyone have an Idea how to fix this?
>> 
>> Perhaps see if there are any denials in SELinux audit log:
> 
> Selinux is in permissive.
> 
> If I do:
> (vmail1 pts9) # ll /proc/self/io -r 1 root root 0 Jul 30 15:27 
> /proc/self/io
> (vmail1 pts9) #
> 
> It is obvious to me why I get permission denied. The problem is you
> cannot chmod on /proc. I suspect I have something mis-configured but
> the question is what?

service lmtp {
 executable = lmtp -L
 inet_listener lmtp {
   address = 127.0.0.1
   port = 24
 }
 process_min_avail = 5
 unix_listener /var/spool/postfix/private/dovecot-lmtp {
   group = postfix
   mode = 0600
   user = postfix
 }
 user = vmail
}

please remove user = vmail from here or change it to root.

for security reasons lmtp service must be started as root since version 2.2.36. 
lmtp will drop root privileges after initialisation but it needs to open 
/self/proc/io as root before that.

Sami

Re: doveadm: Error: open(/proc/self/io) failed

[Tom Diehl via dovecot]

On Tue, 30 Jul 2019, Reio Remma via dovecot wrote:


On 30.07.2019 20:07, Tom Diehl via dovecot wrote:


 Does anyone have an Idea how to fix this?


Perhaps see if there are any denials in SELinux audit log:


Selinux is in permissive.

If I do:
(vmail1 pts9) # ll /proc/self/io 
-r 1 root root 0 Jul 30 15:27 /proc/self/io

(vmail1 pts9) #

It is obvious to me why I get permission denied. The problem is you
cannot chmod on /proc. I suspect I have something mis-configured but
the question is what?

Regards,

--
Tom m...@tdiehl.org

Re: doveadm: Error: open(/proc/self/io) failed

[Alexander Dalloz via dovecot]

Am 30.07.2019 um 20:12 schrieb Alexander Dalloz via dovecot:

aausearch -m avc -c dovecot | audit2why


sorry, "ausearch" is the proper command

Re: doveadm: Error: open(/proc/self/io) failed

[Alexander Dalloz via dovecot]

Am 30.07.2019 um 19:33 schrieb Reio Remma via dovecot:

On 30.07.2019 20:07, Tom Diehl via dovecot wrote:


Does anyone have an Idea how to fix this?

Regards,



Perhaps see if there are any denials in SELinux audit log:

sudo grep denied /var/log/audit/audit.log | grep dovecot | audit2allow -a

Good luck,
Reio



The proper search for dovecot AVCs would be:

aausearch -m avc -c dovecot | audit2why

audit2allow is not that helpful in the first approach.

Alexander

Re: doveadm: Error: open(/proc/self/io) failed

[Reio Remma via dovecot]

On 30.07.2019 20:07, Tom Diehl via dovecot wrote:


Does anyone have an Idea how to fix this?

Regards,



Perhaps see if there are any denials in SELinux audit log:

sudo grep denied /var/log/audit/audit.log | grep dovecot | audit2allow -a

Good luck,
Reio

Re: doveadm: Error: open(/proc/self/io) failed

[Tom Diehl via dovecot]

Does anyone have an Idea how to fix this?

Regards,

--
Tom m...@tdiehl.org

On Mon, 22 Jul 2019, Tom Diehl via dovecot wrote:


Hi,

I am running dovecot-2.2.36-3.el7.x86_64 on a Centos 7 machine. I keep seeing
the following errors in the dovecot.log:
Jul 22 12:52:04 vmail2 dovecot: doveadm: Error: open(/proc/self/io) failed: 
Permission denied


Dovecot -n is listed below:
#  2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf
#  Pigeonhole version 0.4.24 (124e06aa)
#  OS: Linux 3.10.0-957.21.3.el7.x86_64 x86_64 CentOS Linux release 7.6.1810 
#  (Core) Hostname: vmail2.kmg.mydomain.com

auth_master_user_separator = *
auth_mechanisms = PLAIN LOGIN
deliver_log_format = from=%{from}, envelope_sender=%{from_envelope}, 
subject=%{subject}, msgid=%m, size=%{size}, %$

dict {
  acl = mysql:/etc/dovecot/dovecot-share-folder.conf
  quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
}
doveadm_password =  # hidden, use -P to show it
doveadm_port = 2525
first_valid_uid = 2000
last_valid_uid = 2000
mail_gid = 2000
mail_location = maildir:%Lh/Maildir/:INDEX=%Lh/Maildir/
mail_plugins = quota mailbox_alias acl mail_log notify stats replication
mail_uid = 2000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags 
copy include variables body enotify environment mailbox date index ihave 
duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve

namespace {
  inbox = yes
  location =
  mailbox Archive {
auto = no
special_use = \Archive
  }
  mailbox Archives {
auto = no
special_use = \Archive
  }
  mailbox "Deleted Messages" {
auto = no
special_use = \Trash
  }
  mailbox Drafts {
auto = subscribe
special_use = \Drafts
  }
  mailbox Junk {
auto = subscribe
special_use = \Junk
  }
  mailbox "Junk E-mail" {
auto = no
special_use = \Junk
  }
  mailbox Sent {
auto = subscribe
special_use = \Sent
  }
  mailbox "Sent Items" {
auto = no
special_use = \Sent
  }
  mailbox "Sent Messages" {
auto = no
special_use = \Sent
  }
  mailbox Spam {
auto = no
special_use = \Junk
  }
  mailbox Trash {
auto = subscribe
special_use = \Trash
  }
  prefix =
  separator = /
  type = private
}
namespace {
  list = children
  location = maildir:%%Lh/Maildir/:INDEX=%%Lh/Maildir/Shared/%%Ld/%%Ln
  prefix = Shared/%%u/
  separator = /
  subscriptions = yes
  type = shared
}
passdb {
  args = /etc/dovecot/dovecot-mysql.conf
  driver = sql
}
passdb {
  args = /etc/dovecot/dovecot-master-users
  driver = passwd-file
  master = yes
}
plugin {
  acl = vfile
  acl_shared_dict = proxy::acl
  fts_autoindex = yes
  fts_autoindex_max_recent_msgs = 50
  imapsieve_mailbox1_before =
  file:/usr/lib64/dovecot/sieve/report-spam.sieve
  imapsieve_mailbox1_causes = COPY
  imapsieve_mailbox1_name = Spam
  imapsieve_mailbox2_before = file:/usr/lib64/dovecot/sieve/report-ham.sieve
  imapsieve_mailbox2_causes = COPY
  imapsieve_mailbox2_from = Spam
  imapsieve_mailbox2_name = *
  mail_log_events = delete undelete expunge mailbox_delete mailbox_rename
  mail_log_fields = uid box msgid size from subject
  mail_replica = tcp:vmail1.kmg.mydomain.com
  mailbox_alias_new = Sent Messages
  mailbox_alias_new2 = Sent Items
  mailbox_alias_old = Sent
  mailbox_alias_old2 = Sent
  quota = dict:user::proxy::quotadict
  quota_grace = 10%%
  quota_warning = storage=100%% quota-warning 100 %u
  quota_warning2 = storage=95%% quota-warning 95 %u
  quota_warning3 = storage=90%% quota-warning 90 %u
  quota_warning4 = storage=85%% quota-warning 85 %u
  sieve = ~/sieve/dovecot.sieve
  sieve_before = /var/vmail/sieve/dovecot.sieve
  sieve_dir = ~/sieve
  sieve_global_dir = /var/vmail/sieve
  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
  sieve_max_redirects = 30
  sieve_pipe_bin_dir = /usr/lib64/dovecot/sieve
  sieve_plugins = sieve_imapsieve sieve_extprograms
  sieve_vacation_send_from_recipient = yes
  stats_refresh = 30 secs
  stats_track_cmds = yes
}
protocols = pop3 imap sieve lmtp
service aggregator {
  fifo_listener replication-notify-fifo {
user = vmail
  }
  unix_listener replication-notify {
user = vmail
 }
}
service auth {
  unix_listener /var/spool/postfix/private/dovecot-auth {
group = postfix
mode = 0666
user = postfix
  }
  unix_listener auth-master {
group = vmail
mode = 0666
user = vmail
  }
  unix_listener auth-userdb {
group = vmail
mode = 0660
user = vmail
 }
}
service config {
  unix_listener config {
user = vmail
 }
}
service dict {
  unix_listener dict {
group = vmail
mode = 0660
user = vmail
 }
}
service doveadm {
  inet_listener {
port = 2525
  }
  user = vmail
}
service imap-login {
  process_limit = 500
  service_count = 1
}
service lmtp {
  executable = lmtp -L
  inet_listener lmtp

doveadm: Error: open(/proc/self/io) failed

[Tom Diehl via dovecot]

Hi,

I am running dovecot-2.2.36-3.el7.x86_64 on a Centos 7 machine. I keep seeing
the following errors in the dovecot.log:
Jul 22 12:52:04 vmail2 dovecot: doveadm: Error: open(/proc/self/io) failed: 
Permission denied

Dovecot -n is listed below:
# 2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.24 (124e06aa)
# OS: Linux 3.10.0-957.21.3.el7.x86_64 x86_64 CentOS Linux release 7.6.1810 (Core) 
# Hostname: vmail2.kmg.mydomain.com

auth_master_user_separator = *
auth_mechanisms = PLAIN LOGIN
deliver_log_format = from=%{from}, envelope_sender=%{from_envelope}, 
subject=%{subject}, msgid=%m, size=%{size}, %$
dict {
  acl = mysql:/etc/dovecot/dovecot-share-folder.conf
  quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
}
doveadm_password =  # hidden, use -P to show it
doveadm_port = 2525
first_valid_uid = 2000
last_valid_uid = 2000
mail_gid = 2000
mail_location = maildir:%Lh/Maildir/:INDEX=%Lh/Maildir/
mail_plugins = quota mailbox_alias acl mail_log notify stats replication
mail_uid = 2000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date index ihave duplicate 
mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
namespace {
  inbox = yes
  location =
  mailbox Archive {
auto = no
special_use = \Archive
  }
  mailbox Archives {
auto = no
special_use = \Archive
  }
  mailbox "Deleted Messages" {
auto = no
special_use = \Trash
  }
  mailbox Drafts {
auto = subscribe
special_use = \Drafts
  }
  mailbox Junk {
auto = subscribe
special_use = \Junk
  }
  mailbox "Junk E-mail" {
auto = no
special_use = \Junk
  }
  mailbox Sent {
auto = subscribe
special_use = \Sent
  }
  mailbox "Sent Items" {
auto = no
special_use = \Sent
  }
  mailbox "Sent Messages" {
auto = no
special_use = \Sent
  }
  mailbox Spam {
auto = no
special_use = \Junk
  }
  mailbox Trash {
auto = subscribe
special_use = \Trash
  }
  prefix =
  separator = /
  type = private
}
namespace {
  list = children
  location = maildir:%%Lh/Maildir/:INDEX=%%Lh/Maildir/Shared/%%Ld/%%Ln
  prefix = Shared/%%u/
  separator = /
  subscriptions = yes
  type = shared
}
passdb {
  args = /etc/dovecot/dovecot-mysql.conf
  driver = sql
}
passdb {
  args = /etc/dovecot/dovecot-master-users
  driver = passwd-file
  master = yes
}
plugin {
  acl = vfile
  acl_shared_dict = proxy::acl
  fts_autoindex = yes
  fts_autoindex_max_recent_msgs = 50
  imapsieve_mailbox1_before = file:/usr/lib64/dovecot/sieve/report-spam.sieve
  imapsieve_mailbox1_causes = COPY
  imapsieve_mailbox1_name = Spam
  imapsieve_mailbox2_before = file:/usr/lib64/dovecot/sieve/report-ham.sieve
  imapsieve_mailbox2_causes = COPY
  imapsieve_mailbox2_from = Spam
  imapsieve_mailbox2_name = *
  mail_log_events = delete undelete expunge mailbox_delete mailbox_rename
  mail_log_fields = uid box msgid size from subject
  mail_replica = tcp:vmail1.kmg.mydomain.com
  mailbox_alias_new = Sent Messages
  mailbox_alias_new2 = Sent Items
  mailbox_alias_old = Sent
  mailbox_alias_old2 = Sent
  quota = dict:user::proxy::quotadict
  quota_grace = 10%%
  quota_warning = storage=100%% quota-warning 100 %u
  quota_warning2 = storage=95%% quota-warning 95 %u
  quota_warning3 = storage=90%% quota-warning 90 %u
  quota_warning4 = storage=85%% quota-warning 85 %u
  sieve = ~/sieve/dovecot.sieve
  sieve_before = /var/vmail/sieve/dovecot.sieve
  sieve_dir = ~/sieve
  sieve_global_dir = /var/vmail/sieve
  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
  sieve_max_redirects = 30
  sieve_pipe_bin_dir = /usr/lib64/dovecot/sieve
  sieve_plugins = sieve_imapsieve sieve_extprograms
  sieve_vacation_send_from_recipient = yes
  stats_refresh = 30 secs
  stats_track_cmds = yes
}
protocols = pop3 imap sieve lmtp
service aggregator {
  fifo_listener replication-notify-fifo {
user = vmail
  }
  unix_listener replication-notify {
user = vmail
  }
}
service auth {
  unix_listener /var/spool/postfix/private/dovecot-auth {
group = postfix
mode = 0666
user = postfix
  }
  unix_listener auth-master {
group = vmail
mode = 0666
user = vmail
  }
  unix_listener auth-userdb {
group = vmail
mode = 0660
user = vmail
  }
}
service config {
  unix_listener config {
user = vmail
  }
}
service dict {
  unix_listener dict {
group = vmail
mode = 0660
user = vmail
  }
}
service doveadm {
  inet_listener {
port = 2525
  }
  user = vmail
}
service imap-login {
  process_limit = 500
  service_count = 1
}
service lmtp {
  executable = lmtp -L
  inet_listener lmtp {
address = 127.0.0.1
port = 24
  }
  process_min_avail = 5
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 06

Re: Doveadm error

[Alessio Cecchi]

Il 25.07.2016 00:03 Timo Sirainen ha scritto:

On 23 Jul 2016, at 04:05, Alessio Cecchi  wrote:


Il 15.07.2016 16:03 aki.tu...@dovecot.fi ha scritto:
On July 12, 2016 at 4:30 PM László Károlyi  
wrote:

Hey everyone,
I've got a weird error since I upgraded to the latest dovecot on my 
FreeBSD box:

root@postfixjail /# doveadm quota recalc -u x...@xxx.com
doveadm(x...@xxx.com): Error: dict-client: Commit failed: Deinit
fish: 'doveadm quota recalc -u xxx@…' terminated by signal SIGSEGV 
(Address boundary error)

root@postfixjail /# dovecot --version
2.2.25 (7be1766)


[...]


Hi
This bug is being fixed.


Hi Aki,

in what version of dovecot is being fixed? I still have the error:

# dovecot --version
2.2.25.2 (624a8f8)

# doveadm quota recalc -u ales...@skye.it
doveadm(ales...@skye.it): Error: dict-client: Commit failed: Deinit

Up to version 2.2.24 working fine.


Could you get gdb backtrace? Probably just:

gdb --args doveadm quota recalc -u user@domain
run
bt full

with 2.2.25.2 you'd need the dovecot-ee-debuginfo package.


Hi,

# gdb --args doveadm quota recalc -u ales...@skye.it
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-90.el6)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 


This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show 
copying"

and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
...
Reading symbols from /usr/bin/doveadm...Reading symbols from 
/usr/lib/debug/usr/bin/doveadm.debug...done.

done.
(gdb) run
Starting program: /usr/bin/doveadm quota recalc -u ales...@skye.it
[Thread debugging using libthread_db enabled]
doveadm(ales...@skye.it): Error: dict-client: Commit failed: Deinit

Program exited normally.
Missing separate debuginfos, use: debuginfo-install 
bzip2-libs-1.0.5-7.el6_0.x86_64 cyrus-sasl-lib-2.1.23-15.el6_6.2.x86_64 
dovecot-ee-pigeonhole-2.2.25.2-2.x86_64 glibc-2.12-1.192.el6.x86_64 
nspr-4.11.0-1.el6.x86_64 nss-3.21.0-8.el6.x86_64 
nss-softokn-freebl-3.14.3-23.el6_7.x86_64 nss-util-3.21.0-2.el6.x86_64 
openldap-2.4.40-12.el6.x86_64 zlib-1.2.3-29.el6.x86_64

(gdb) bt full
No stack.
(gdb)

And quota is now correctly update, so doveadm works fine but output the 
error "Error: dict-client: Commit failed: Deinit".


I hope can be fixed.
Thanks
--
Alessio Cecchi
Postmaster AT http://www.qboxmail.it
http://www.linkedin.com/in/alessice

Re: Doveadm error

[Alessio Cecchi]

Il 25.07.2016 00:03 Timo Sirainen ha scritto:

On 23 Jul 2016, at 04:05, Alessio Cecchi  wrote:


Il 15.07.2016 16:03 aki.tu...@dovecot.fi ha scritto:
On July 12, 2016 at 4:30 PM László Károlyi  
wrote:

Hey everyone,
I've got a weird error since I upgraded to the latest dovecot on my 
FreeBSD box:

root@postfixjail /# doveadm quota recalc -u x...@xxx.com
doveadm(x...@xxx.com): Error: dict-client: Commit failed: Deinit
fish: 'doveadm quota recalc -u xxx@…' terminated by signal SIGSEGV 
(Address boundary error)

root@postfixjail /# dovecot --version
2.2.25 (7be1766)


[...]


Hi
This bug is being fixed.


Hi Aki,

in what version of dovecot is being fixed? I still have the error:

# dovecot --version
2.2.25.2 (624a8f8)

# doveadm quota recalc -u ales...@skye.it
doveadm(ales...@skye.it): Error: dict-client: Commit failed: Deinit

Up to version 2.2.24 working fine.


Could you get gdb backtrace? Probably just:

gdb --args doveadm quota recalc -u user@domain
run
bt full

with 2.2.25.2 you'd need the dovecot-ee-debuginfo package.


I found the the command works fine but output the error.

I will try to get gdb backtrace.
Thanks
--
Alessio Cecchi
Postmaster AT http://www.qboxmail.it
http://www.linkedin.com/in/alessice

Re: Doveadm error

[Timo Sirainen]

On 23 Jul 2016, at 04:05, Alessio Cecchi  wrote:
> 
> Il 15.07.2016 16:03 aki.tu...@dovecot.fi ha scritto:
>>> On July 12, 2016 at 4:30 PM László Károlyi  wrote:
>>> Hey everyone,
>>> I've got a weird error since I upgraded to the latest dovecot on my FreeBSD 
>>> box:
>>> root@postfixjail /# doveadm quota recalc -u x...@xxx.com
>>> doveadm(x...@xxx.com): Error: dict-client: Commit failed: Deinit
>>> fish: 'doveadm quota recalc -u xxx@…' terminated by signal SIGSEGV (Address 
>>> boundary error)
>>> root@postfixjail /# dovecot --version
>>> 2.2.25 (7be1766)
> 
> [...]
> 
>> Hi
>> This bug is being fixed.
> 
> Hi Aki,
> 
> in what version of dovecot is being fixed? I still have the error:
> 
> # dovecot --version
> 2.2.25.2 (624a8f8)
> 
> # doveadm quota recalc -u ales...@skye.it
> doveadm(ales...@skye.it): Error: dict-client: Commit failed: Deinit
> 
> Up to version 2.2.24 working fine.

Could you get gdb backtrace? Probably just:

gdb --args doveadm quota recalc -u user@domain
run
bt full

with 2.2.25.2 you'd need the dovecot-ee-debuginfo package.

Re: Doveadm error

[Lefteris Tsintjelis]

On 23 Jul 2016, at 11:05, Alessio Cecchi  wrote:
> 
> Il 15.07.2016 16:03 aki.tu...@dovecot.fi ha scritto:
>>> On July 12, 2016 at 4:30 PM László Károlyi  wrote:
>>> Hey everyone,
>>> I've got a weird error since I upgraded to the latest dovecot on my FreeBSD 
>>> box:
>>> root@postfixjail /# doveadm quota recalc -u x...@xxx.com
>>> doveadm(x...@xxx.com): Error: dict-client: Commit failed: Deinit
>>> fish: 'doveadm quota recalc -u xxx@…' terminated by signal SIGSEGV (Address 
>>> boundary error)
>>> root@postfixjail /# dovecot --version
>>> 2.2.25 (7be1766)
> 
> [...]
> 
>> Hi
>> This bug is being fixed.
> 
> Hi Aki,
> 
> in what version of dovecot is being fixed? I still have the error:
> 
> # dovecot --version
> 2.2.25.2 (624a8f8)
> 
> # doveadm quota recalc -u ales...@skye.it
> doveadm(ales...@skye.it): Error: dict-client: Commit failed: Deinit
> 
> Up to version 2.2.24 working fine.

It is working fine here with no errors and I use FreeBSD also with dovecot 
—version 2.2.25 (7be1766)

Re: Doveadm error

[Alessio Cecchi]

Il 15.07.2016 16:03 aki.tu...@dovecot.fi ha scritto:

On July 12, 2016 at 4:30 PM László Károlyi  wrote:


Hey everyone,

I've got a weird error since I upgraded to the latest dovecot on my 
FreeBSD box:


root@postfixjail /# doveadm quota recalc -u x...@xxx.com
doveadm(x...@xxx.com): Error: dict-client: Commit failed: Deinit
fish: 'doveadm quota recalc -u xxx@…' terminated by signal SIGSEGV 
(Address boundary error)

root@postfixjail /# dovecot --version
2.2.25 (7be1766)


[...]




Hi

This bug is being fixed.


Hi Aki,

in what version of dovecot is being fixed? I still have the error:

# dovecot --version
2.2.25.2 (624a8f8)

# doveadm quota recalc -u ales...@skye.it
doveadm(ales...@skye.it): Error: dict-client: Commit failed: Deinit

Up to version 2.2.24 working fine.

Thanks
--
Alessio Cecchi
Postmaster AT http://www.qboxmail.it
http://www.linkedin.com/in/alessice

Re: Doveadm error

[aki . tuomi]

> On July 12, 2016 at 4:30 PM László Károlyi  wrote:
> 
> 
> Hey everyone,
> 
> I've got a weird error since I upgraded to the latest dovecot on my FreeBSD 
> box:
> 
> root@postfixjail /# doveadm quota recalc -u x...@xxx.com
> doveadm(x...@xxx.com): Error: dict-client: Commit failed: Deinit
> fish: 'doveadm quota recalc -u xxx@…' terminated by signal SIGSEGV (Address 
> boundary error)
> root@postfixjail /# dovecot --version
> 2.2.25 (7be1766)
> root@postfixjail /# dovecot -n
> # 2.2.25 (7be1766): /usr/local/etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.15 (97b3da0)
> # OS: FreeBSD 10.3-STABLE amd64
> auth_cache_negative_ttl = 0
> auth_cache_ttl = 0
> auth_mechanisms = plain login cram-md5 digest-md5
> auth_realms = flix.hu
> base_dir = /usr/local/var/run/dovecot/
> default_login_user = nobody
> dict {
>   quota = mysql:/usr/local/etc/dovecot/dovecot-dict-sql.conf.ext
>   quota_rule2 = Trash:bytes=+100M
> }
> listen = *
> login_trusted_networks = 127.0.0.0/24
> mail_location = mdbox:~/mdbox
> mail_plugins = quota
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character 
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags 
> copy include variables body enotify environment mailbox date index ihave 
> duplicate mime foreverypart extracttext vnd.dovecot.pipe
> mdbox_rotate_size = 20 M
> namespace {
>   inbox = yes
>   location =
>   prefix =
>   separator = .
> }
> passdb {
>   args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
>   driver = sql
> }
> plugin {
>   quota = dict:User quota::proxy::quota
>   sieve = ~/.dovecot.sieve
>   sieve_dir = ~/sieve
>   sieve_extensions = +vnd.dovecot.pipe
>   sieve_pipe_bin_dir = /usr/local/etc/email-responder
>   sieve_plugins = sieve_extprograms
> }
> postmaster_address = postmas...@flix.hu
> protocols = imap pop3 lmtp sieve
> service auth {
>   unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0660
> user = postfix
>   }
>   unix_listener auth-userdb {
> group = vmail
> mode = 0600
> user = vmail
>   }
> }
> service dict {
>   unix_listener dict {
> mode = 0600
> user = vmail
>   }
> }
> service imap-login {
>   process_min_avail = 3
>   service_count = 1
> }
> service managesieve-login {
>   inet_listener sieve {
> port = 4190
>   }
>   process_min_avail = 2
>   service_count = 1
> }
> service managesieve {
>   process_limit = 1024
>   process_min_avail = 2
> }
> service pop3-login {
>   process_min_avail = 3
>   service_count = 1
> }
> ssl = required
> ssl_cert =  ssl_key =  userdb {
>   driver = prefetch
> }
> userdb {
>   args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
>   driver = sql
> }
> protocol lda {
>   mail_plugins = quota sieve
> }
> protocol lmtp {
>   mail_plugins = quota sieve
> }
> protocol sieve {
>   mail_plugins = quota sieve
>   managesieve_max_line_length = 65536
> }
> protocol imap {
>   mail_max_userip_connections = 20
>   mail_plugins = quota imap_quota
> }
> protocol pop3 {
>   mail_max_userip_connections = 15
>   mail_plugins = quota
> }
> root@postfixjail /# uname -a
> FreeBSD postfixjail.xxx.com 10.3-STABLE FreeBSD 10.3-STABLE #19 r302639: Tue 
> Jul 12 13:54:21 CEST 2016 r...@flix.hu:/usr/obj/usr/src/sys/MYKERNEL  
> amd64
> 
> There seems no difference of which virtual mailbox I want dovecot to quota 
> recalculate, it always fails with this error message.
> 
> Any suggestions?
> 
> Cheers,
> --
> László Károlyi
> http://linkedin.com/in/karolyi


Hi

This bug is being fixed. 

Aki

Doveadm error

[László Károlyi]

Hey everyone,

I've got a weird error since I upgraded to the latest dovecot on my FreeBSD box:

root@postfixjail /# doveadm quota recalc -u x...@xxx.com
doveadm(x...@xxx.com): Error: dict-client: Commit failed: Deinit
fish: 'doveadm quota recalc -u xxx@…' terminated by signal SIGSEGV (Address 
boundary error)
root@postfixjail /# dovecot --version
2.2.25 (7be1766)
root@postfixjail /# dovecot -n
# 2.2.25 (7be1766): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.15 (97b3da0)
# OS: FreeBSD 10.3-STABLE amd64
auth_cache_negative_ttl = 0
auth_cache_ttl = 0
auth_mechanisms = plain login cram-md5 digest-md5
auth_realms = flix.hu
base_dir = /usr/local/var/run/dovecot/
default_login_user = nobody
dict {
  quota = mysql:/usr/local/etc/dovecot/dovecot-dict-sql.conf.ext
  quota_rule2 = Trash:bytes=+100M
}
listen = *
login_trusted_networks = 127.0.0.0/24
mail_location = mdbox:~/mdbox
mail_plugins = quota
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date index ihave duplicate 
mime foreverypart extracttext vnd.dovecot.pipe
mdbox_rotate_size = 20 M
namespace {
  inbox = yes
  location =
  prefix =
  separator = .
}
passdb {
  args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  quota = dict:User quota::proxy::quota
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
  sieve_extensions = +vnd.dovecot.pipe
  sieve_pipe_bin_dir = /usr/local/etc/email-responder
  sieve_plugins = sieve_extprograms
}
postmaster_address = postmas...@flix.hu
protocols = imap pop3 lmtp sieve
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
  }
  unix_listener auth-userdb {
group = vmail
mode = 0600
user = vmail
  }
}
service dict {
  unix_listener dict {
mode = 0600
user = vmail
  }
}
service imap-login {
  process_min_avail = 3
  service_count = 1
}
service managesieve-login {
  inet_listener sieve {
port = 4190
  }
  process_min_avail = 2
  service_count = 1
}
service managesieve {
  process_limit = 1024
  process_min_avail = 2
}
service pop3-login {
  process_min_avail = 3
  service_count = 1
}
ssl = required
ssl_cert = http://linkedin.com/in/karolyi



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: [Dovecot] doveadm: Error: dlopen(/path/2/lib10_doveadm_expire_plugin.so) failed

[Timo Sirainen]

On 29.5.2010, at 0.34, Pascal Volk wrote:

 dunno why, but I've executed doveadm with the -D option. Debug output
 contains:
 
 doveadm(root): Error: 
 dlopen(/path/2/lib/dovecot/doveadm/lib10_doveadm_expire_plugin.so) failed: 
 /path/2/lib/dovecot/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: 
 expire_set_lookup

This is normal. You don't have expire plugin loaded, so it also can't use 
doveadm_expire plugin.

Re: [Dovecot] doveadm: Error: dlopen(/path/2/lib10_doveadm_expire_plugin.so) failed

[Pascal Volk]

On 05/29/2010 03:47 PM Timo Sirainen wrote:
 On 29.5.2010, at 0.34, Pascal Volk wrote:
 … undefined symbol: expire_set_lookup
 
 This is normal. You don't have expire plugin loaded, so it also can't use 
 doveadm_expire plugin.

OK, good to know. The 'undefined symbol' part looked a little bit buggy
for me. So i reported it.


Regards,
Pascal
-- 
The trapper recommends today: cafefeed.1015...@localdomain.org

Re: [Dovecot] doveadm: Error: dlopen(/path/2/lib10_doveadm_expire_plugin.so) failed

[Timo Sirainen]

On 30.5.2010, at 0.50, Pascal Volk wrote:

 On 05/29/2010 03:47 PM Timo Sirainen wrote:
 On 29.5.2010, at 0.34, Pascal Volk wrote:
 … undefined symbol: expire_set_lookup
 
 This is normal. You don't have expire plugin loaded, so it also can't use 
 doveadm_expire plugin.
 
 OK, good to know. The 'undefined symbol' part looked a little bit buggy
 for me. So i reported it.

Yeah, doveadm just tries to load all doveadm plugins and ignores the ones that 
it can't.

[Dovecot] doveadm: Error: dlopen(/path/2/lib10_doveadm_expire_plugin.so) failed

[Pascal Volk]

Hi Timo,

dunno why, but I've executed doveadm with the -D option. Debug output
contains:

doveadm(root): Error: 
dlopen(/path/2/lib/dovecot/doveadm/lib10_doveadm_expire_plugin.so) failed: 
/path/2/lib/dovecot/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: 
expire_set_lookup

dovecot --version
2.0.beta5 (4faaf5b037d5)


Regards,
Pascal
-- 
The trapper recommends today: 5e1f1e55.1014...@localdomain.org