R: Dovecot 2.3 shared namespace issues

2022-11-15 Thread Stefano Cecconello 
Hello,

My bad, the OS was ubuntu 20.04 and not 22.04 .

After further tinkering\testing, it seems that removing the "
acl_ignore_namespace = shared/* " setting did the trick, now we're getting
the correct ACL on client side .
Without it we can see the folder with the right permissions :

Logging as user01 :
shared\Sharer01\INBOX : '[NONEXISTENT] Mailbox doesn't exist:
shared/test.imapshare...@td01.testdomain.it/INBOX''
shared\Sharer01\subfolder01 ( RW ) :
'shared/test.imapshare...@td01.testdomain.it/subfolder01
test.imapuse...@td01.testdomain.it akxeilprwtscd ']
shared\Sharer01\subfolder02ro ( RO ) : '[NOPERM] You lack administrator
privileges on this mailbox'

Logging on Thunderbird and other IMAP clients ( sylpheed\claws ) as user01 :
-   It list correctly the shared folders as subscribed folders ;
-   can't view the mail contents of the sharer INBOX, as desired ;
-   show the total elements of the sharer INBOX, even if the user01
didnt have access ; 

If the config is correct, this is somehow what we're trying to accomplish, i
have some concerns regarding how it is possible to show the total messages
of the remote INBOX without having any privileges .
Maybe is something related to the index of that INBOX folder that is
somewhat read by the accessing user even if IMAP-wise didnt have any ACL \
rights .

I still dont understand why enabling the acl_ignore_namespace setting,
results in a :
-   remote INBOX full control, even if it was not defined in any acl ;
-   subfolders ACL applied correctly

Hope that someone can shed a light on it .

Thanks
Stefano

Dovecot 2.3 shared namespace issues

2022-11-15 Thread Stefano Cecconello 
Hello,

 

We're trying to configure the shared mailbox feature\namespace on a dovecot
2.3 installation .

 

OS : Ubuntu 22.04 x64

Dovecot : 2:2.3.19.1-2+ubuntu20.04

 

Our test enviroment is based on a dovecot frontend ( director + proxy ) and
a dovecot backend ( auth  and storage ), later we will think about
increasing the number of backends and frontends ( if we got it right, as we
plan to use multiple backends, we should use imapc in order to bind the
sharer and the accessing user to the same backend )  .

 

On dovecot backend we've configured the new shared namespace, as stated in
the documentation (
https://doc.dovecot.org/configuration_manual/shared_mailboxes/shared_mailbox
es/#user-shared-mailboxes ) :

-- Dovecot conf 

# Maildir's location is under home dir, which is returned by userdb.

mail_location = maildir:~/Maildir:VOLATILEDIR=/tmp_lock/%2.256Nu/%u

 

# Quota, mail_log plugins enabled everywhere

mail_plugins = quota notify acl fts fts_lucene mail_log mailbox_alias
virtual

 

# Default namespace

namespace {

  hidden = no

  inbox = yes

  location =

  prefix =

  separator = /

  type = private

 

mailbox Sent {

   special_use = \Sent

   auto = create

}

mailbox Trash {

   special_use = \Trash

   auto = create

}

mailbox Drafts {

   special_use = \Drafts

   auto = create

}

mailbox SPAM {

   special_use = \Junk

  auto = create

}

}

 

# namespace used by virtual search

namespace {

   prefix = VrtSearch.

   separator = /

   location = virtual:/etc/dovecot-common-backend/virtual:INDEX=~/virtual

 hidden = yes

 subscriptions = no

 inbox = no

 list = no

}

 

 

# IMAP SHARING FEATURE

service dict {

  unix_listener dict {

mode = 0600

user = vpopmail

group = vchkpw

  }

}

 

plugin {

  acl = vfile

  acl_ignore_namespace = shared/*

  acl_shared_dict = proxy::acl-mysql

}

 

dict {

  acl-mysql = mysql:/etc/dovecot-common-backend/dovecot-dict-sql.conf.ext

}

 

# namespace used for IMAP sharing feature

namespace {

  type = shared

  separator = /

  prefix = shared/%%u/

  location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u

  list = children

  subscriptions = no

}

 

-- Dovecot dict sql 

# IMAP SHARING FEATURE

connect = host=x.x.x.x dbname=xx user=xx password=xx

map {

  pattern = shared/shared-boxes/user/$to/$from

  table = imap_user_shares

  value_field = dummy

 

  fields {

from_user = $from

to_user = $to

  }

}

 

map {

  pattern = shared/shared-boxes/anyone/$from

  table = imap_anyone_shares

  value_field = dummy

 

  fields {

from_user = $from

  }

}

 

-- Dict DB contents 

mysql> select * from imap_user_shares;

+--+
+---+

| from_user| to_user
| dummy |

+--+
+---+

| test.imapshare...@td01.testdomain.it |
test.imapuse...@td01.testdomain.it | 1 |

+--+
+---+

 

 

For our tests, we've :

- created two users

test.imapshare...@td01.testdomain.it

test.imapuse...@td01.testdomain.it

 

- Created two INBOX subfolders on the sharer01 user, giving user01 those
permissions :

subfolder01 giving to user01 Full control

subfolder02ro giving to user01 list and read 

 

- logging as user01 with thunderbird, we see the shared namespace tree :

shared

  test.imapshare...@td01.testdomain.it

subfolder01

subfolder02



we're able to see the contents of each folder, even the INBOX .

Checking the folder properties, thunderbird reports that the user01 has full
control on the INBOX of shared01 .

 

If we try to check the ACL via python script ( imaplib.gestacl ) or via
doveadm, we can see that the sharer01 INBOX has no rights for user01 .

But via thunderbird ( or other email clients ) we can delete emails .

 

ACL - sharer01 accessing its folder

('OK', [b'INBOX test.imapshare...@td01.testdomain.it lrwstipekxacd'])

('OK', [b'subfolder01 test.imapuse...@td01.testdomain.it akxeilprwtscd
test.imapshare...@td01.testdomain.it lrwstipekxacd'])

('OK', [b'subfolder02ro test.imapuse...@td01.testdomain.it lr
test.imapshare...@td01.testdomain.it lrwstipekxacd'])

 

ACL - user01 accessing sharer01 folders

('OK', [b'shared/test.imapshare...@td01.testdomain.it/INBOX'])

('OK', [b'shared/test.imapshare...@td01.testdomain.it/subfolder01
test.imapuse...@td01.testdomain.it akxeilprwtscd'])

('OK', [b'shared/test.imapshare...@td01.testdomain.it/subfolder02ro
test.imapuse...@td01.testdomain.it lr'])

 

Testing with doveadm shows the correct ACL :

 

# doveadm -c /etc/dovecot-backend01/dovecot.conf acl debug -u
test.imapuse...@td01.testdomain.it
shared/test.imapshare...@t

Re: dovecot-2.3-pigeonhole-0.5.18 : Freebsd Will not build

2022-02-20 Thread Larry Rosenman 
You need to upgrade dovecot to 2.3.18.


On Sun, Feb 20, 2022 at 10:43 PM Paul Kudla (Scom.ca Internet Services
Inc.)  wrote:

> dovecot version : dovecot-2.3.14
>
>
>
-- 
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 (c) E-Mail: larry...@gmail.com
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106

Re: Support of INDEXPVT in Dovecot 2.3 with replication

2020-10-29 Thread Ralf Becker 
Thanks Aki :)

Am 29.10.20 um 13:47 schrieb Aki Tuomi:
> At the moment the correct way to use shared folders in a replication pair is 
> to access them with imapc from the other pair.

Can you please elaborate a bit more?

In 2.2 I could understand how that works, as INDEXPVT was not
replicated, but worked, so using eg. Node A as primary and Node B
accessing it via imapc would give the same result, as long as both nodes
are up and running.

For me, that was the referenced mail from August, INDEXPVT stopped
working in 2.3 with replication enabled.

Ralf


>> On 29/10/2020 14:43 Ralf Becker  wrote:
>>
>>  
>> In reference to an earlier mail from me, I'd like to ask:
>>
>> Have there been any changes in regard to INDEXPVT and replication or are
>> there any plans in that direction?
>>
>> Thanks :)
>>
>> Ralf
>>
>>
>> On 03.08.20 at 11:20 Ralf Becker wrote:
>>> So far the only thing we noticed: private seen flags on shared user
>>> folders (which were never supported for replication!) seem to be not
>>> functioning any more in 2.3. Not functioning means, if they are
>>> configured you can not set a mail to seen in a shared user folder. After
>>> removing this configuration:
>>>
>>> location = mdbox:%%h/mdbox:INDEXPVT=~/shared/%%u  --> mdbox:%%h/mdbox
>>>
>>> seen flags behave as expected / are identical now if you access the
>>> mailbox direct or via the shared user folder, and the are identical on
>>> both backends.
>>>
>>> Ralf
>> -- 
>> Ralf Becker
>> EGroupware GmbH [www.egroupware.org]
>> Handelsregister HRB Kaiserslautern 3587
>> Geschäftsführer Birgit und Ralf Becker
>> Leibnizstr. 17, 67663 Kaiserslautern, Germany
>> Telefon +49 631 31657-0


-- 
Ralf Becker
EGroupware GmbH [www.egroupware.org]
Handelsregister HRB Kaiserslautern 3587
Geschäftsführer Birgit und Ralf Becker
Leibnizstr. 17, 67663 Kaiserslautern, Germany
Telefon +49 631 31657-0

Re: Support of INDEXPVT in Dovecot 2.3 with replication

2020-10-29 Thread Aki Tuomi 
At the moment the correct way to use shared folders in a replication pair is to 
access them with imapc from the other pair.

Aki

> On 29/10/2020 14:43 Ralf Becker  wrote:
> 
>  
> In reference to an earlier mail from me, I'd like to ask:
> 
> Have there been any changes in regard to INDEXPVT and replication or are
> there any plans in that direction?
> 
> Thanks :)
> 
> Ralf
> 
> 
> On 03.08.20 at 11:20 Ralf Becker wrote:
> > So far the only thing we noticed: private seen flags on shared user
> > folders (which were never supported for replication!) seem to be not
> > functioning any more in 2.3. Not functioning means, if they are
> > configured you can not set a mail to seen in a shared user folder. After
> > removing this configuration:
> >
> > location = mdbox:%%h/mdbox:INDEXPVT=~/shared/%%u  --> mdbox:%%h/mdbox
> >
> > seen flags behave as expected / are identical now if you access the
> > mailbox direct or via the shared user folder, and the are identical on
> > both backends.
> >
> > Ralf
> 
> -- 
> Ralf Becker
> EGroupware GmbH [www.egroupware.org]
> Handelsregister HRB Kaiserslautern 3587
> Geschäftsführer Birgit und Ralf Becker
> Leibnizstr. 17, 67663 Kaiserslautern, Germany
> Telefon +49 631 31657-0

Support of INDEXPVT in Dovecot 2.3 with replication

2020-10-29 Thread Ralf Becker 
In reference to an earlier mail from me, I'd like to ask:

Have there been any changes in regard to INDEXPVT and replication or are
there any plans in that direction?

Thanks :)

Ralf


On 03.08.20 at 11:20 Ralf Becker wrote:
> So far the only thing we noticed: private seen flags on shared user
> folders (which were never supported for replication!) seem to be not
> functioning any more in 2.3. Not functioning means, if they are
> configured you can not set a mail to seen in a shared user folder. After
> removing this configuration:
>
> location = mdbox:%%h/mdbox:INDEXPVT=~/shared/%%u  --> mdbox:%%h/mdbox
>
> seen flags behave as expected / are identical now if you access the
> mailbox direct or via the shared user folder, and the are identical on
> both backends.
>
> Ralf

-- 
Ralf Becker
EGroupware GmbH [www.egroupware.org]
Handelsregister HRB Kaiserslautern 3587
Geschäftsführer Birgit und Ralf Becker
Leibnizstr. 17, 67663 Kaiserslautern, Germany
Telefon +49 631 31657-0

Re: Best prometheus exporter for Dovecot 2.3 with the new metrics/stats module

2020-10-22 Thread Aki Tuomi 


> On 22/10/2020 12:18 Sidsel Jensen  wrote:
> 
> 
> Hi ppl.
> 
> I am trying to locate the best prometheus exporter for use with Dovecot 2.3 
> in connection with the new metrics/stats module.
> Any pointers in the right direction will be appreciated - seems like there is 
> a bunch out there which all works with the old stats module.
> 
> Anybody have something “in the works” for 2.3 ?
> 
> Kind Regards,
> Sidsel Jensen
> 
>

I'd say the best is the one in-built to dovecot. 
https://doc.dovecot.org/configuration_manual/stats/openmetrics/

Aki

Best prometheus exporter for Dovecot 2.3 with the new metrics/stats module

2020-10-22 Thread Sidsel Jensen 
Hi ppl.

I am trying to locate the best prometheus exporter for use with Dovecot 2.3 in 
connection with the new metrics/stats module.
Any pointers in the right direction will be appreciated - seems like there is a 
bunch out there which all works with the old stats module.

Anybody have something “in the works” for 2.3 ?

Kind Regards,
  Sidsel Jensen









signature.asc
Description: Message signed with OpenPGP

Re: Apple Mail Since upgrade to dovecot 2.3.x unable to connect

2020-08-17 Thread Joseph Tam 

On Mon, 17 Aug 2020, Johannes Rohr wrote:


You need to set

ssl_min_protocol = TLSv1.2 # or TLSv1


Thanks, tried both, but unsuccessfully.


Don't give up too easily/early on this.

I said this before, but MacOSX Mail behaves weirdly.  I've more than
once changed a server setting, without apparent effect, only to have
MacOSX Mail mysteriously start working again after some time.  Maybe it
caches settings.  Also, disable "Automatic manage connection" as failure
to establish a successful session will cause your client to do some
auto-wandering to discover settings, which could really do your head in.

Joseph Tam

Re: Apple Mail Since upgrade to dovecot 2.3.x unable to connect

2020-08-17 Thread @lbutlr 
On 17 Aug 2020, at 05:10, Gerald Galster  wrote:
> I don't know how detailed this is in older Apple Mail versions

I don't think the detail has changed in many many years, if at all. I remember 
using the logs to troubleshoot security issues 15 years ago.

Mac OS 10.11 El Capitan was released in 2015, not 2016, but I don't think that 
makes any difference. El Capitan uses outdate versions of openssl (0.9.9). 
Sierra (10.12) and High Sierra (10.13) have an updated stack and work fine with 
TLSv1.2.

Because the issue is the unix level tools, this is not generally something you 
can work around with a third-arty client unless you find one with its own 
stack. Webmail would be the solution if someone refuses or is unable to update.

Any machine that is less than about 10-12 years old can update to 10.13 at no 
cost though.



-- 
I said pretend you've got no money, she just laughed and said, 'Eh
you're so funny.' I said, 'Yeah? Well I can't see anyone else
smiling in here.'

Re: Apple Mail Since upgrade to dovecot 2.3.x unable to connect

2020-08-17 Thread Johannes Rohr 
Am 17.08.20 um 13:10 schrieb Gerald Galster:
>>> You need to set
>>>
>>> ssl_min_protocol = TLSv1.2 # or TLSv1
>> Thanks, tried both, but unsuccessfully. Again, is there any debug
>> setting that allows me to see what SSL version was requested? Without
>> this, this is fumbling in the dark.
> In the german version of Apple Mail go to menu "Fenster" / "Verbindug prüfen".
>
> There you can check the connection and log all transactions.
>
> I don't know how detailed this is in older Apple Mail versions, but you could 
> try.
>
> READ Aug 17 13:05:32.041 [kCFStreamSocketSecurityLevelTLSv1_2] -- 
> host:mail.server.com -- port:587 -- socket:0x65ff1980 -- 
> thread:0x6e5cb340
> 235 2.7.0 Authentication successful

Thanks Gerald, I'll try that. Strange though that the info isn't in the
dovecot debug log.

Cheers,

Johannes


>
>
> Best regards
> Gerald





signature.asc
Description: OpenPGP digital signature

Re: Apple Mail Since upgrade to dovecot 2.3.x unable to connect

2020-08-17 Thread Gregory Heytings 





ssl_cert = 

This is wrong, it should be:

ssl_cert = The address idaweb-mail.rooot.de does not resolve.  There is a 
webmail.rooot.de , but its certificate is for mail.rooot.de , which is 
wrong.  There is also a mail.rooot.de , whose certificate is also for 
mail.rooot.de , which is okay.


Yet another possibility (but it seems less likely given that an Apple Mail 
from 2016 is a reasonably recent mail client) is that it does not support 
recent enough SSL protocols, which were enforced by your server upgrade. 
See the entries for MinProtocol and CipherString in the openssl.cnf file 
on the server.


Gregory

Re: Apple Mail Since upgrade to dovecot 2.3.x unable to connect

2020-08-17 Thread Gerald Galster 
>> You need to set
>> 
>> ssl_min_protocol = TLSv1.2 # or TLSv1
> 
> Thanks, tried both, but unsuccessfully. Again, is there any debug
> setting that allows me to see what SSL version was requested? Without
> this, this is fumbling in the dark.

In the german version of Apple Mail go to menu "Fenster" / "Verbindug prüfen".

There you can check the connection and log all transactions.

I don't know how detailed this is in older Apple Mail versions, but you could 
try.

READ Aug 17 13:05:32.041 [kCFStreamSocketSecurityLevelTLSv1_2] -- 
host:mail.server.com -- port:587 -- socket:0x65ff1980 -- 
thread:0x6e5cb340
235 2.7.0 Authentication successful


Best regards
Gerald

Re: Apple Mail Since upgrade to dovecot 2.3.x unable to connect

2020-08-17 Thread Johannes Rohr 

Am 17.08.20 um 12:16 schrieb Aki Tuomi:

> You need to set
>
> ssl_min_protocol = TLSv1.2 # or TLSv1

Thanks, tried both, but unsuccessfully. Again, is there any debug
setting that allows me to see what SSL version was requested? Without
this, this is fumbling in the dark.

Cheers,

Johannes





signature.asc
Description: OpenPGP digital signature

Apple Mail Since upgrade to dovecot 2.3.x unable to connect

2020-08-17 Thread Johannes Rohr 
|Dear all,|

|a couple of days ago I upgraded our server from Ubuntu 18.04 to 20.04,
thereby upgrading dovecot from 2.2.x to 2.3.x.
|

|Since then, some older versions of apple's mail.app (bundled with el
Capitano, released in 2016) no longer connect. When I turn on SSL
debugging, I see:|

|Debug: SSL error: SSL_accept() failed: error:14209102:SSL
routines:tls_early_post_process_client_hello:unsupported protocol
imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument|

||

|Unfortunately, it doesn't reveal the name of the unsupported protocol.
Also, what about the failed syscall? Does dovecot try and fail to open
some file?|

|Here are the contents of /etc/dovecot/conf.d/10-ssl.conf:|

|    ssl = yes
    ssl_cert =

Apple Mail Since upgrade to dovecot 2.3.x unable to connect

2020-08-17 Thread Johannes Rohr 
|Dear all,|

|a couple of days ago I upgraded our server from Ubuntu 18.04 to 20.04,
thereby upgrading dovecot from 2.2.x to 2.3.x.
|

|Since then, some older versions of apple's mail.app (bundled with el
Capitano, released in 2016) no longer connect. When I turn on SSL
debugging, I see:|

|Debug: SSL error: SSL_accept() failed: error:14209102:SSL
routines:tls_early_post_process_client_hello:unsupported protocol
imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument|

||

|Unfortunately, it doesn't reveal the name of the unsupported protocol.
Also, what about the failed syscall? Does dovecot try and fail to open
some file?|

|Here are the contents of /etc/dovecot/conf.d/10-ssl.conf:|

|    ssl = yes
    ssl_cert = 

signature.asc
Description: OpenPGP digital signature

Re: Director with dovecot 2.3 and Panic/Fatal error

2020-03-19 Thread Aki Tuomi 


> On 19/03/2020 17:02 Alessio Cecchi  wrote:
> 
> 
>  
> Hi,
>  
>  after the upgrade to Dovecot 2.3 for our director ring we found some times 
> in the log errors like this:
>  
>  Mar 18 14:22:51 Panic: imap-login: file iostream-openssl.c: line 599 
> (openssl_iostream_handle_error): assertion failed: (errno != 0)
>  Mar 18 14:22:51 Fatal: imap-login: master: service(imap-login): child 1726 
> killed with signal 6 (core dumps disabled - 
> https://dovecot.org/bugreport.html#coredumps)
>  
>  Backend is still Dovecot 2.2.36 and Director is 2.3.10.
>  I hope it can be fixed.
>  
>  Thanks
> 
>  
> -- 
> Alessio Cecchi
> Postmaster @ http://www.qboxmail.it
> https://www.linkedin.com/in/alessice

Hi!

This is fixed in master already, 

https://github.com/dovecot/core/commit/f41874b3dec541478a85275698a91f089f537df2

This will be part of next release.

Aki

Director with dovecot 2.3 and Panic/Fatal error

2020-03-19 Thread Alessio Cecchi 

Hi,

after the upgrade to Dovecot 2.3 for our director ring we found some 
times in the log errors like this:


Mar 18 14:22:51 Panic: imap-login: file iostream-openssl.c: line 599 
(openssl_iostream_handle_error): assertion failed: (errno != 0)
Mar 18 14:22:51 Fatal: imap-login: master: service(imap-login): child 
1726 killed with signal 6 (core dumps disabled - 
https://dovecot.org/bugreport.html#coredumps)


Backend is still Dovecot 2.2.36 and Director is 2.3.10.
I hope it can be fixed.

Thanks

--
Alessio Cecchi
Postmaster @ http://www.qboxmail.it
https://www.linkedin.com/in/alessice

Re: Dovecot 2.3 repo for CentOS 8.

2020-02-15 Thread Tobias Kirchhofer 

On 14 Feb 2020, at 10:59, Peter wrote:


On 14/02/20 10:10 pm, Tobias Kirchhofer wrote:
would it be useful/advisable to use this repo for productive 
operation?


An official repo is still not available for CentOS 8 
https://repo.dovecot.org/


We would like to set up our new mail server on CentOS 8 and are 
waiting… :)


What is your advice?


As others have mentioned there are missing -devel packages in CentOS 
8, which is because there are missing -devel packages in RHEL 8, most 
notably in this case is quota-devel.  tcp wrappers is also missing but 
that's because they are deprecated in CentOS 8 so building without tcp 
wrapper support is not a big deal, but I would assume that a lot of 
people will want quota support, so I wouldn't want to build a dovecot 
package without it.


Personally I'm trying to get the GhettoForge build system modified so 
it can get missing -devel packages by rebuilding the source rpms for 
them, this is a work in progress.  There is also work on the CentOS 
side to build and offer up the missing -devel packages.  At the end of 
the day nobody will be able to build decent dovecot packages until one 
of these things happens.


For now you can use the stock dovecot 2.2.36 that comes with CentOS or 
you can wait.  CentOS and Red Hat have not made this easy so it is 
going to take time.


Okay, will try 2.2.36. Our protoype is on Debian 10 with the latest 
Dovecot. Don’t know yet if we rely on features from the latest 
version. Will see. Thank you.


Also on a personal note, I think that pushing out any production 
server on CentOS 8 at this time is premature.  CentOS 8 simply is not 
ready yet, imo.


We have CentOS 8.1 VMs productive with either of nginx, PostgreSQL, 
MariaDB, Node.js. No problems so far. Cross your fingers! :-)




Peter



--
collect@shift.agency

Re: Dovecot 2.3 repo for CentOS 8.

2020-02-14 Thread Peter 

On 14/02/20 10:10 pm, Tobias Kirchhofer wrote:

would it be useful/advisable to use this repo for productive operation?

An official repo is still not available for CentOS 8 https://repo.dovecot.org/

We would like to set up our new mail server on CentOS 8 and are waiting… :)

What is your advice?


As others have mentioned there are missing -devel packages in CentOS 8, 
which is because there are missing -devel packages in RHEL 8, most 
notably in this case is quota-devel.  tcp wrappers is also missing but 
that's because they are deprecated in CentOS 8 so building without tcp 
wrapper support is not a big deal, but I would assume that a lot of 
people will want quota support, so I wouldn't want to build a dovecot 
package without it.


Personally I'm trying to get the GhettoForge build system modified so it 
can get missing -devel packages by rebuilding the source rpms for them, 
this is a work in progress.  There is also work on the CentOS side to 
build and offer up the missing -devel packages.  At the end of the day 
nobody will be able to build decent dovecot packages until one of these 
things happens.


For now you can use the stock dovecot 2.2.36 that comes with CentOS or 
you can wait.  CentOS and Red Hat have not made this easy so it is going 
to take time.


Also on a personal note, I think that pushing out any production server 
on CentOS 8 at this time is premature.  CentOS 8 simply is not ready 
yet, imo.



Peter

Re: Dovecot 2.3 repo for CentOS 8.

2020-02-14 Thread Tobias Kirchhofer 
Hi Filip,

On 12 Dec 2019, at 12:01, fil...@centrum.cz wrote:

> Hello,
> I have builded some dovecot packages for CentOS 8 in my personal
> repository:
> http://repo.joomhosting.eu/centos/8/x86_64/
> and SRPMS are in
> http://repo.joomhosting.eu/centos/8/SRPMS/
>
> I you want you can try it.
>
> With best regards,
> Filip Bartmann

would it be useful/advisable to use this repo for productive operation?

An official repo is still not available for CentOS 8 https://repo.dovecot.org/

We would like to set up our new mail server on CentOS 8 and are waiting… :)

What is your advice?

Tobias

> On Thu, 12 Dec 2019 12:31:45 +0200
> Reio Remma  wrote:
>
>> On 09/12/2019 17:25, Aki Tuomi via dovecot wrote:
 On 09/12/2019 17:20 Reio Remma via dovecot 
 wrote:


 Hello!

 Are there any plans for an official Dovecot repo for CentOS 8?

 Thanks,
 Reio
>>> (sorry for duplicate, user error in earlier one...)
>>>
>>> Yes. There are plans for the repo, unfortunately there are still
>>> technical problems due to how CentOS8 repositories are organized.
>>> But soon.
>>>
>>> Aki
>>
>> I tried rebuilding the RPM for CentOS 8 but I see it's missing some
>> notable required packages like tcp wrappers and quota-devel. Managed
>> to rebuild by switching these off in the spec file
>> (--without-libwrap), but that's probably not a good idea. :)
>>
>> Reio


-- 
collect@shift.agency

Re: Dovecot 2.3 repo for CentOS 8.

2019-12-12 Thread Remo Mattei 
Agree

> Il giorno 12 dic 2019, alle ore 10:47, Alexander Dalloz  
> ha scritto:
> 
> Am 12.12.2019 um 11:31 schrieb Reio Remma:
>> On 09/12/2019 17:25, Aki Tuomi via dovecot wrote:
> On 09/12/2019 17:20 Reio Remma via dovecot  wrote:
>> 
>> [ ... ]
>> 
>> I tried rebuilding the RPM for CentOS 8 but I see it's missing some notable 
>> required packages like tcp wrappers and quota-devel. Managed to rebuild by 
>> switching these off in the spec file (--without-libwrap), but that's 
>> probably not a good idea. :)
>> Reio
> 
> TCP wrappers got dropped for RHEL 8 by purpose, following that step of fedora.
> 
> https://fedoraproject.org//wiki/Changes/Deprecate_TCP_wrappers
> 
> There is no real need nowadays and from my experience not many admins make 
> use of it.
> 
> Alexander

Re: Dovecot 2.3 repo for CentOS 8.

2019-12-12 Thread Alexander Dalloz 

Am 12.12.2019 um 11:31 schrieb Reio Remma:

On 09/12/2019 17:25, Aki Tuomi via dovecot wrote:

On 09/12/2019 17:20 Reio Remma via dovecot  wrote:


[ ... ]

I tried rebuilding the RPM for CentOS 8 but I see it's missing some 
notable required packages like tcp wrappers and quota-devel. Managed to 
rebuild by switching these off in the spec file (--without-libwrap), but 
that's probably not a good idea. :)


Reio


TCP wrappers got dropped for RHEL 8 by purpose, following that step of 
fedora.


https://fedoraproject.org//wiki/Changes/Deprecate_TCP_wrappers

There is no real need nowadays and from my experience not many admins 
make use of it.


Alexander

Re: Dovecot 2.3 repo for CentOS 8.

2019-12-12 Thread Reio Remma 

On 12/12/2019 13:01, fil...@centrum.cz wrote:

Hello,
I have builded some dovecot packages for CentOS 8 in my personal
repository:
http://repo.joomhosting.eu/centos/8/x86_64/
and SRPMS are in
http://repo.joomhosting.eu/centos/8/SRPMS/

I you want you can try it.

With best regards,
Filip Bartmann


Thanks! Will have a look. :)

Reio



On Thu, 12 Dec 2019 12:31:45 +0200
Reio Remma  wrote:


On 09/12/2019 17:25, Aki Tuomi via dovecot wrote:

On 09/12/2019 17:20 Reio Remma via dovecot 
wrote:

   
Hello!


Are there any plans for an official Dovecot repo for CentOS 8?

Thanks,
Reio

(sorry for duplicate, user error in earlier one...)

Yes. There are plans for the repo, unfortunately there are still
technical problems due to how CentOS8 repositories are organized.
But soon.

Aki

I tried rebuilding the RPM for CentOS 8 but I see it's missing some
notable required packages like tcp wrappers and quota-devel. Managed
to rebuild by switching these off in the spec file
(--without-libwrap), but that's probably not a good idea. :)

Reio



--
Tervitades
Reio Remma


MR Stuudio 25 aastat

*MR Stuudio OÜ*
Tondi 17b, 11316, Tallinn
Tel +372 650 4808
Mob +372 56 22 00 33
r...@mrstuudio.ee
www.mrstuudio.ee

Re: Dovecot 2.3 repo for CentOS 8.

2019-12-12 Thread filbar 
Hello,
I have builded some dovecot packages for CentOS 8 in my personal
repository:
http://repo.joomhosting.eu/centos/8/x86_64/ 
and SRPMS are in
http://repo.joomhosting.eu/centos/8/SRPMS/

I you want you can try it.

With best regards,
Filip Bartmann

On Thu, 12 Dec 2019 12:31:45 +0200
Reio Remma  wrote:

> On 09/12/2019 17:25, Aki Tuomi via dovecot wrote:
> >> On 09/12/2019 17:20 Reio Remma via dovecot 
> >> wrote:
> >>
> >>   
> >> Hello!
> >>
> >> Are there any plans for an official Dovecot repo for CentOS 8?
> >>
> >> Thanks,
> >> Reio  
> > (sorry for duplicate, user error in earlier one...)
> >
> > Yes. There are plans for the repo, unfortunately there are still
> > technical problems due to how CentOS8 repositories are organized.
> > But soon.
> >
> > Aki  
> 
> I tried rebuilding the RPM for CentOS 8 but I see it's missing some 
> notable required packages like tcp wrappers and quota-devel. Managed
> to rebuild by switching these off in the spec file
> (--without-libwrap), but that's probably not a good idea. :)
> 
> Reio

Re: Dovecot 2.3 repo for CentOS 8.

2019-12-12 Thread Reio Remma 

On 09/12/2019 17:25, Aki Tuomi via dovecot wrote:

On 09/12/2019 17:20 Reio Remma via dovecot  wrote:

  
Hello!


Are there any plans for an official Dovecot repo for CentOS 8?

Thanks,
Reio

(sorry for duplicate, user error in earlier one...)

Yes. There are plans for the repo, unfortunately there are still technical 
problems due to how CentOS8 repositories are organized. But soon.

Aki


I tried rebuilding the RPM for CentOS 8 but I see it's missing some 
notable required packages like tcp wrappers and quota-devel. Managed to 
rebuild by switching these off in the spec file (--without-libwrap), but 
that's probably not a good idea. :)


Reio

Re: Dovecot 2.3 repo for CentOS 8.

2019-12-09 Thread Aki Tuomi via dovecot 


> On 09/12/2019 17:20 Reio Remma via dovecot  wrote:
> 
>  
> Hello!
> 
> Are there any plans for an official Dovecot repo for CentOS 8?
> 
> Thanks,
> Reio

(sorry for duplicate, user error in earlier one...)

Yes. There are plans for the repo, unfortunately there are still technical 
problems due to how CentOS8 repositories are organized. But soon.

Aki

Re: Dovecot 2.3 repo for CentOS 8.

2019-12-09 Thread Aki Tuomi via dovecot 


> On 09/12/2019 17:20 Reio Remma via dovecot  wrote:
> 
>  
> Hello!
> 
> Are there any plans for an official Dovecot repo for CentOS 8?
> 
> Thanks,
> Reio

Dovecot 2.3 repo for CentOS 8.

2019-12-09 Thread Reio Remma via dovecot 

Hello!

Are there any plans for an official Dovecot repo for CentOS 8?

Thanks,
Reio

Re: lmtp with non ASCII Parameters changed in dovecot 2.3

2019-07-25 Thread Matthias Lay via dovecot 
 
> mail from:
> 500 5.5.2 Invalid command syntax

this was a bad example. the problem is more common on rcpt to: if you
deliver to usernames or special folders

rcpt to:<üser>
or
rcpt to:

lmtp with non ASCII Parameters changed in dovecot 2.3

2019-07-24 Thread Matthias Lay via dovecot 



Hi,

I updated from 2.2 to 2.3 and noticed lmtp rejects parameters
containing non ASCII now. this worked with dovecot-2.2 lmtp.

the string is already denied after reading in
"smtp_command_parse_parameters()"

mail from:
500 5.5.2 Invalid command syntax

is there a plan to change this behaviour, or to implement the SMTPUTF8
extension in lib-smtp?




I guess thie would fix Michals "Dovecot LMTP rejecting mail from address
with apostrophe" Problem too.

Greetz Matze

Re: Dovecot 2.3 error, FreeBSD 12 in a jail

2019-06-15 Thread Odhiambo Washington via dovecot 
On Sat, 15 Jun 2019 at 07:12, David Mehler via dovecot 
wrote:

> Hello,
>
> I'm trying to get Dovecot going on my system. It's a FreeBSD
> 12.0-RELEASE system and it's running dovecot 2.3 via ports in a jail.
> I'm getting the same error message(s) as in this bug report, which has
> been marked as closed:
>
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225078
>
> Dovecot is not starting at all in this jail when starting with service
> dovecot start. A service dovecot status also reveals the error message
> about /var/run/dovecot/dovecot.conf file, but a doveconf -n does not
> reveal any configuration file issues. I did put a symlink in
> /var/run/dovecot to /usr/local/etc/dovecot/dovecot.conf, this did not
> correct the issue.
>
> Any suggestions welcome.
> Thanks.
> Dave.
>

Hi David,

Your problem must be something to do with your jails on FreeBSD, IMHO.
The FreeBSD port maintainer (Larry Rosenman) is here.
Perhaps he'll be willing to help troubleshoot the jail issue.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)

Dovecot 2.3 error, FreeBSD 12 in a jail

2019-06-14 Thread David Mehler via dovecot 
Hello,

I'm trying to get Dovecot going on my system. It's a FreeBSD
12.0-RELEASE system and it's running dovecot 2.3 via ports in a jail.
I'm getting the same error message(s) as in this bug report, which has
been marked as closed:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225078

Dovecot is not starting at all in this jail when starting with service
dovecot start. A service dovecot status also reveals the error message
about /var/run/dovecot/dovecot.conf file, but a doveconf -n does not
reveal any configuration file issues. I did put a symlink in
/var/run/dovecot to /usr/local/etc/dovecot/dovecot.conf, this did not
correct the issue.

Any suggestions welcome.
Thanks.
Dave.

CVE-2019-10691: JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters.

2019-04-18 Thread Aki Tuomi via dovecot 
Dear subscribers,

we're sharing our latest advisory with you and would like to thank
everyone who contributed in finding and solving those vulnerabilities.
Feel free to join our bug bounty programs (open-xchange, dovecot,
powerdns) at HackerOne.

You can find binary packages at https://repo.dovecot.org/

Yours sincerely,
Aki Tuomi
Open-Xchange Oy

Open-Xchange Security Advisory 2019-04-18
Product: Dovecot
Vendor: OX Software GmbH

Internal reference: DOV-3173 (Bug ID)
Vulnerability type: CWE-176
Vulnerable version: 2.3.0 - 2.3.5.1
Vulnerable component: json encoder
Report confidence: Confirmed
Researcher credits: cPanel L.L.C.
Solution status: Fixed by Vendor
Fixed version: 2.3.5.2
Vendor notification: 2019-04-02
Solution date: 2019-04-11
Public disclosure: 2019-04-18
CVE reference: CVE-2019-10691
CVSS: 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
 
Vulnerability Details:
JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering
invalid UTF-8 characters. This can be used to crash dovecot in two ways.
Attacker can repeatedly crash Dovecot authentication process by logging
in using invalid UTF-8 sequence in username. This requires that auth
policy is enabled.
Crash can also occur if OX push notification driver is enabled and an
email is delivered with invalid UTF-8 sequence in From or Subject header.
In 2.2, malformed UTF-8 sequences are forwarded "as-is", and thus do not
cause problems in Dovecot itself. Target systems should be checked for
possible problems in dealing with such sequences.
See https://wiki.dovecot.org/Authentication/Policy for details on auth
policy support.

Risk:
Determined attacker can prevent authentication process from staying up
by keeping on attempting to log in with username containing invalid
UTF-8 sequence.
Steps to reproduce:
Configure dovecot with auth_policy_server_url and auth_policy_hash_nonce
set.
Attempt to log in with username containing an invalid UTF-8 sequence
Observe assert-crash in dovecot logs.

Solution:
Operators should update to the latest Patch Release or disable auth
policy support.




signature.asc
Description: OpenPGP digital signature

Re: Dovecot 2.3 no longer accepts ssl_key_password

2019-01-20 Thread Stephan Bosch 




Op 15/01/2019 om 08:08 schreef Aki Tuomi:

On 10.1.2019 6.53, Chris Kiakas wrote:

Hit a little problem when I upgraded a system from FreeBSD 10.3 to 11.2. I did 
not receive any errors in the upgrade. The system is running 4 jails and 
everything seems to work except in Dovecot dovecot-2.3.4_5 where when using the 
exact same configuration which worked in 10.3 with the same password protected 
certificate key. (doveconf -n -P shows the correct password.)


ssl_ca = 
Thanks for reporting this, we'll look into it.


Tracking internally as DOP-851.

Regards,

Stephan.

Re: Dovecot 2.3 no longer accepts ssl_key_password

2019-01-14 Thread Aki Tuomi 


On 10.1.2019 6.53, Chris Kiakas wrote:
> Hit a little problem when I upgraded a system from FreeBSD 10.3 to 11.2. I 
> did not receive any errors in the upgrade. The system is running 4 jails and 
> everything seems to work except in Dovecot dovecot-2.3.4_5 where when using 
> the exact same configuration which worked in 10.3 with the same password 
> protected certificate key. (doveconf -n -P shows the correct password.)
>
>
> ssl_ca =  ssl_cert =  ssl_dh =  ssl_key =  ssl_key_password = keypassword
>
> The password works with openssl. Changing the password on the key has no 
> effect. Removing the password on the cert with openssl and running dovecot 
> with the new key works.
>
> I installed on another system and I am experiencing the same results. The 
> issue persists whether I install dovecot from ports or pkg. I can't see where 
> the problem is. It seems that Dovecot is unable to read the key when password 
> protected even though it has the correct password. Has anyone experienced 
> this?
>
>
>
> Chris

Hi!

Thanks for reporting this, we'll look into it.


Aki

Dovecot 2.3 no longer accepts ssl_key_password

2019-01-09 Thread Chris Kiakas 
Hit a little problem when I upgraded a system from FreeBSD 10.3 to 11.2. I did 
not receive any errors in the upgrade. The system is running 4 jails and 
everything seems to work except in Dovecot dovecot-2.3.4_5 where when using the 
exact same configuration which worked in 10.3 with the same password protected 
certificate key. (doveconf -n -P shows the correct password.)


ssl_ca =

Re: dovecot 2.2/openssl 1.0 vs dovecot 2.3/openssl 1.1.1 ssl regression

2018-11-15 Thread Aki Tuomi 


> On 15 November 2018 at 17:53 Hauke Fath  wrote:
> 
> 
> On 11/13/18 19:58, Aki Tuomi wrote:
> > On 13 November 2018 at 20:53 Arkadiusz Miśkiewicz wrote:
> >> I'm considering dovecot migration from 2.2.36 run with openssl 1.0.2o to
> >> dovecot 2.3.3 run with openssl 1.1.1.
> >>
> >> Currently I have both variants running with identical configs and certs
> >> (the only differences are due to config syntax changes in dovecot 2.3),
> >> so for example on both I have:
> >>
> >> ssl_ca =  >> (this file contains single intermediate certificate of my CA)
> >>
> >> ssl_cert =  >> (this contains single cerificate for my *.example.com domain)
> 
> [dovecot 2.3+ does not provide intermediate CA cert to clients any more]
> 
> >> 2.3.x announcements and upgrade wiki mention no such behaviour change,
> >> so I assume it is a regression.
> >>
> >> Now doing
> >> cat wildcard_ca.pem >> wildcard_crt.pem
> >> solves the problem and dovecot starts providing both certs to clients
> >> but if that's the proper way of solving this issue then what's the point
> >> of having ssl_ca config setting?
>  >
> > Including ssl_ca with cert is not actually a good idea, but perhaps this 
> > should
> > indeed be mentioned in the upgrading page. Not a regression in any case.
> 
> Aki,
> 
> when I brought up this very issue in 
> <https://dovecot.org/list/dovecot/2018-January/110638.html> ff., you 
> told me that "ssl_ca", despite the name, was for client certificates 
> only, and that I was supposed to append the CA certificate(s) to the 
> server certificate file.
> 
> I am glad to hear you consider this a bad idea now.  ;)
> 

Eventually realized it too, and now it's been fixed. =)

Aki

> Cheerio,
> Hauke
> 
> -- 
>   The ASCII Ribbon CampaignHauke Fath
> () No HTML/RTF in email   Institut für Nachrichtentechnik
> /\ No Word docs in email TU Darmstadt
>   Respect for open standards  Ruf +49-6151-16-21344

Re: dovecot 2.2/openssl 1.0 vs dovecot 2.3/openssl 1.1.1 ssl regression

2018-11-15 Thread Hauke Fath 

On 11/13/18 19:58, Aki Tuomi wrote:

On 13 November 2018 at 20:53 Arkadiusz Miśkiewicz wrote:

I'm considering dovecot migration from 2.2.36 run with openssl 1.0.2o to
dovecot 2.3.3 run with openssl 1.1.1.

Currently I have both variants running with identical configs and certs
(the only differences are due to config syntax changes in dovecot 2.3),
so for example on both I have:

ssl_ca = 

[dovecot 2.3+ does not provide intermediate CA cert to clients any more]


2.3.x announcements and upgrade wiki mention no such behaviour change,
so I assume it is a regression.

Now doing
cat wildcard_ca.pem >> wildcard_crt.pem
solves the problem and dovecot starts providing both certs to clients
but if that's the proper way of solving this issue then what's the point
of having ssl_ca config setting?

>

Including ssl_ca with cert is not actually a good idea, but perhaps this should
indeed be mentioned in the upgrading page. Not a regression in any case.


Aki,

when I brought up this very issue in 
<https://dovecot.org/list/dovecot/2018-January/110638.html> ff., you 
told me that "ssl_ca", despite the name, was for client certificates 
only, and that I was supposed to append the CA certificate(s) to the 
server certificate file.


I am glad to hear you consider this a bad idea now.  ;)

Cheerio,
Hauke

--
 The ASCII Ribbon CampaignHauke Fath
() No HTML/RTF in email Institut für Nachrichtentechnik
/\ No Word docs in email TU Darmstadt
 Respect for open standards  Ruf +49-6151-16-21344

Re: dovecot 2.2/openssl 1.0 vs dovecot 2.3/openssl 1.1.1 ssl regression

2018-11-13 Thread Aki Tuomi 


 
 
  
   
  
  
   
On 13 November 2018 at 20:53 Arkadiusz Miśkiewicz <
ar...@maven.pl> wrote:
   
   

   
   

   
   
Hi.
   
   

   
   
I'm considering dovecot migration from 2.2.36 run with openssl 1.0.2o to
   
   
dovecot 2.3.3 run with openssl 1.1.1.
   
   

   
   
Currently I have both variants running with identical configs and certs
   
   
(the only differences are due to config syntax changes in dovecot 2.3),
   
   
so for example on both I have:
   
   

   
   
ssl_ca = 
   
(this file contains single intermediate certificate of my CA)
   
   

   
   
ssl_cert = 
   
(this contains single cerificate for my *.example.com domain)
   
   

   
   
ssl_key = # hidden, use -P to show it
   
   
(and one key)
   
   

   
   
No alt certs in use.
   
   

   
   
Chain is:
   
   
- CA trusted by clients (this certificate isn't provided by my dovecot,
   
   
it's not needed)
   
   
- wildcard_ca.pem - intermediate CA
   
   
- wildcard_crt.pem - wildcard certificate for my *.example.com domain
   
   

   
   

   
   

   
   
dovecot 2.2.36 behaviour is to provide wildcard_ca.pem and
   
   
wildcard_crt.pem to the client - that behaviour is OK. Client has full
   
   
trust chain.
   
   

   
   
dovecot 2.3.3 provides only wildcard_crt.pem certificate to the client
   
   
which is a big problem because missing wildcard_ca.pem (intermediate
   
   
certificate) breaks chain and client is not able to verify trust chain.
   
   

   
   
Testing is done with simple:
   
   

   
   
openssl s_client -connect my.example.com:143 -starttls imap -servername
   
   
my.example.com -showcerts
   
   

   
   

   
   
2.3.x announcements and upgrade wiki mention no such behaviour change,
   
   
so I assume it is a regression.
   
   

   
   
Now doing
   
   
cat wildcard_ca.pem >> wildcard_crt.pem
   
   
solves the problem and dovecot starts providing both certs to clients
   
   
but if that's the proper way of solving this issue then what's the point
   
   
of having ssl_ca config setting?
   
   

   
   
Ideas?
   
   

   
   
--
   
   
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
   
  
  
   Including ssl_ca with cert is not actually a good idea, but perhaps this should indeed be mentioned in the upgrading page. Not a regression in any case.
  
  
   ---
   Aki Tuomi

dovecot 2.2/openssl 1.0 vs dovecot 2.3/openssl 1.1.1 ssl regression

2018-11-13 Thread Arkadiusz Miśkiewicz 
Hi.

I'm considering dovecot migration from 2.2.36 run with openssl 1.0.2o to
dovecot 2.3.3 run with openssl 1.1.1.

Currently I have both variants running with identical configs and certs
(the only differences are due to config syntax changes in dovecot 2.3),
so for example on both I have:

ssl_ca = > wildcard_crt.pem
solves the problem and dovecot starts providing both certs to clients
but if that's the proper way of solving this issue then what's the point
of having ssl_ca config setting?

Ideas?

-- 
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )

Re: Reproducible SIGSEGV when Dovecot 2.3 compiled against glibc-2.28

2018-08-08 Thread Aki Tuomi 



On 08.08.2018 10:55, Reuben Farrelly wrote:
>
> On 8/08/2018 5:29 pm, Thore Bödecker wrote:
>> Hey,
>>
>> you mentioned that dovecot builds fine, but does "make check" also
>> complete successfully with a glibc-2.28 build on a glibc-2.28 system?
>>
>> We have been seeing segfaults during "make check" and it seems the
>> following
>> patch was able to make the testsuite run successfully.
> >
>> Just out of curiosity, could you try this patch and see if this fixes
>> the issues you're experiencing?
>>
>>
>> include-crypt-h.patch:
>> 8<
>> diff -up dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt
>> dovecot-2.3.0.1/src/auth/mycrypt.c
>> --- dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt   2018-02-28
>> 15:28:58.0 +0100
>> +++ dovecot-2.3.0.1/src/auth/mycrypt.c 2018-03-27 10:57:38.447769201
>> +0200
>> @@ -14,6 +14,7 @@
>>   #  define _XPG6 /* Some Solaris versions require this, some break
>> with this */
>>   #endif
>>   #include 
>> +#include 
>>
>>   #include "mycrypt.h"
>>
>> >8
>
> Ok, wellafter running 'make check' I also saw a failure due to a
> segfault.  It's the same crash Thore is seeing:
>
> /bin/sh ../../libtool  --tag=CC   --mode=link x86_64-pc-linux-gnu-gcc
> -std=gnu99 -O0 -g -pipe -march=native -mtune=native -ggdb
> -fstack-protector-strong -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
> -mfunction-return=thunk -mindirect-branch=thunk -Wall -W
> -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith
> -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime
> -Wstrict-aliasing=2   -module -avoid-version  -Wl,-O1 -Wl,--as-needed -o
> libauthdb_imap.la -rpath /usr/lib64/dovecot/auth
> libauthdb_imap_la-passdb-imap.lo ../lib-imap-client/libimap_client.la
> ../../src/lib-dovecot/libdovecot.la -export-dynamic -ldl
> libtool: link: x86_64-pc-linux-gnu-gcc -shared  -fPIC -DPIC
> .libs/libauthdb_imap_la-passdb-imap.o  -Wl,--whole-archive
> ../lib-imap-client/.libs/libimap_client.a -Wl,--no-whole-archive
> -Wl,-rpath
> -Wl,/home/portage/portage/net-mail/dovecot-_p20180807/work/dovecot-_p20180807/src/lib-dovecot/.libs
> -Wl,-rpath -Wl,/usr/lib64/dovecot -Wl,--as-needed
> ../../src/lib-dovecot/.libs/libdovecot.so -ldl  -O0 -g -march=native
> -mtune=native -ggdb -fstack-protector-strong -mfunction-return=thunk
> -mindirect-branch=thunk -Wl,-O1   -Wl,-soname -Wl,libauthdb_imap.so -o
> .libs/libauthdb_imap.so
> libtool: link: ( cd ".libs" && rm -f "libauthdb_imap.la" && ln -s
> "../libauthdb_imap.la" "libauthdb_imap.la" )
> make  check-local
> make[3]: Entering directory
> '/home/portage/portage/net-mail/dovecot-_p20180807/work/dovecot-_p20180807/src/auth'
> for bin in test-libpassword test-auth-cache test-auth; do \
>   if !  ./$bin; then exit 1; fi; \
> done
> /bin/sh: line 1: 31821 Segmentation fault  ./$bin
> make[3]: *** [Makefile:1924: check-local] Error 1
> make[3]: Leaving directory
> '/home/portage/portage/net-mail/dovecot-_p20180807/work/dovecot-_p20180807/src/auth'
> make[2]: *** [Makefile:1579: check-am] Error 2
>
>
> However by applying the patch to include crypt.h (as above) it not
> only fixed the make test but also has fixed the glibc runtime problem
> too.
>
> In other words - rebuild on glibc-2.28 just now and executed on
> glibc-2.28 based system resulted in a successful and usable auth binary.
>
> Thanks Thore!
>
> Reuben
>

I can also confirm that the patch fixes things, thank you!

Aki

Re: Reproducible SIGSEGV when Dovecot 2.3 compiled against glibc-2.28

2018-08-08 Thread Reuben Farrelly 



On 8/08/2018 5:29 pm, Thore Bödecker wrote:

Hey,

you mentioned that dovecot builds fine, but does "make check" also
complete successfully with a glibc-2.28 build on a glibc-2.28 system?

We have been seeing segfaults during "make check" and it seems the following
patch was able to make the testsuite run successfully.

>

Just out of curiosity, could you try this patch and see if this fixes
the issues you're experiencing?


include-crypt-h.patch:
8<
diff -up dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt 
dovecot-2.3.0.1/src/auth/mycrypt.c
--- dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt   2018-02-28 
15:28:58.0 +0100
+++ dovecot-2.3.0.1/src/auth/mycrypt.c 2018-03-27 10:57:38.447769201 +0200
@@ -14,6 +14,7 @@
  #  define _XPG6 /* Some Solaris versions require this, some break with this */
  #endif
  #include 
+#include 

  #include "mycrypt.h"

>8


Ok, wellafter running 'make check' I also saw a failure due to a 
segfault.  It's the same crash Thore is seeing:


/bin/sh ../../libtool  --tag=CC   --mode=link x86_64-pc-linux-gnu-gcc
-std=gnu99 -O0 -g -pipe -march=native -mtune=native -ggdb
-fstack-protector-strong -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
-mfunction-return=thunk -mindirect-branch=thunk -Wall -W
-Wmissing-prototypes -Wmissing-declarations -Wpointer-arith
-Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime
-Wstrict-aliasing=2   -module -avoid-version  -Wl,-O1 -Wl,--as-needed -o
libauthdb_imap.la -rpath /usr/lib64/dovecot/auth
libauthdb_imap_la-passdb-imap.lo ../lib-imap-client/libimap_client.la
../../src/lib-dovecot/libdovecot.la -export-dynamic -ldl
libtool: link: x86_64-pc-linux-gnu-gcc -shared  -fPIC -DPIC
.libs/libauthdb_imap_la-passdb-imap.o  -Wl,--whole-archive
../lib-imap-client/.libs/libimap_client.a -Wl,--no-whole-archive 
-Wl,-rpath 
-Wl,/home/portage/portage/net-mail/dovecot-_p20180807/work/dovecot-_p20180807/src/lib-dovecot/.libs

-Wl,-rpath -Wl,/usr/lib64/dovecot -Wl,--as-needed
../../src/lib-dovecot/.libs/libdovecot.so -ldl  -O0 -g -march=native
-mtune=native -ggdb -fstack-protector-strong -mfunction-return=thunk
-mindirect-branch=thunk -Wl,-O1   -Wl,-soname -Wl,libauthdb_imap.so -o
.libs/libauthdb_imap.so
libtool: link: ( cd ".libs" && rm -f "libauthdb_imap.la" && ln -s
"../libauthdb_imap.la" "libauthdb_imap.la" )
make  check-local
make[3]: Entering directory 
'/home/portage/portage/net-mail/dovecot-_p20180807/work/dovecot-_p20180807/src/auth'

for bin in test-libpassword test-auth-cache test-auth; do \
  if !  ./$bin; then exit 1; fi; \
done
/bin/sh: line 1: 31821 Segmentation fault  ./$bin
make[3]: *** [Makefile:1924: check-local] Error 1
make[3]: Leaving directory 
'/home/portage/portage/net-mail/dovecot-_p20180807/work/dovecot-_p20180807/src/auth'

make[2]: *** [Makefile:1579: check-am] Error 2


However by applying the patch to include crypt.h (as above) it not only 
fixed the make test but also has fixed the glibc runtime problem too.


In other words - rebuild on glibc-2.28 just now and executed on 
glibc-2.28 based system resulted in a successful and usable auth binary.


Thanks Thore!

Reuben

Re: Reproducible SIGSEGV when Dovecot 2.3 compiled against glibc-2.28

2018-08-08 Thread Thore Bödecker 
Hey,

you mentioned that dovecot builds fine, but does "make check" also
complete successfully with a glibc-2.28 build on a glibc-2.28 system?

We have been seeing segfaults during "make check" and it seems the following
patch was able to make the testsuite run successfully.

Just out of curiosity, could you try this patch and see if this fixes
the issues you're experiencing?


include-crypt-h.patch:
8<
diff -up dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt 
dovecot-2.3.0.1/src/auth/mycrypt.c
--- dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt   2018-02-28 
15:28:58.0 +0100
+++ dovecot-2.3.0.1/src/auth/mycrypt.c 2018-03-27 10:57:38.447769201 +0200
@@ -14,6 +14,7 @@
 #  define _XPG6 /* Some Solaris versions require this, some break with this */
 #endif
 #include 
+#include 

 #include "mycrypt.h"

>8


Cheers,
Thore

PS: Sorry Reuben for duplicate mail, forgot to Cc the list...

-- 
Thore Bödecker

GPG ID: 0xD622431AF8DB80F3
GPG FP: 0F96 559D 3556 24FC 2226  A864 D622 431A F8DB 80F3


signature.asc
Description: PGP signature

Re: Reproducible SIGSEGV when Dovecot 2.3 compiled against glibc-2.28

2018-08-08 Thread Aki Tuomi 
Was able to find a way to get glibc-2.28 and it seems that they have
changed how crypt return value behaves.

I am not sure if this is intentional or not, but it appears that the
return value becomes invalidated as soon as function ends. Dovecot calls
crypt inside mycrypt. While in mycrypt, the pointer is valid. Once
mycrypt returns, the pointer suddenly becomes invalidated and causes crash.

This can be fixed by duplicating the value before return, but I am not
sure if this is the correct way to deal with this or not, you should
probably open issue with glibc developers.

Aki


On 08.08.2018 09:42, Reuben Farrelly wrote:
> Hi,
>
> The link to the release notes seems should have an 'l' on the end:
>
> Try: https://www.sourceware.org/ml/libc-alpha/2018-08/msg3.html
>
> This with gdb:
>
> thunderstorm /usr/src/dovecot/dovecot-2.3/src/auth # gdb
> /root/dovecot-auth-crash/auth /root/dovecot-auth-crash/core.auth.29667
> GNU gdb (Gentoo 8.1.1 p1) 8.1.1
> Copyright (C) 2018 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later
> <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show
> copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-pc-linux-gnu".
> Type "show configuration" for configuration details.
> For bug reporting instructions, please see:
> <https://bugs.gentoo.org/>.
> Find the GDB manual and other documentation resources online at:
> <http://www.gnu.org/software/gdb/documentation/>.
> For help, type "help".
> Type "apropos word" to search for commands related to "word"...
> Reading symbols from /root/dovecot-auth-crash/auth...done.
>
> warning: exec file is newer than core file.
> [New LWP 29667]
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> Core was generated by `dovecot/auth'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  __strcmp_sse2_unaligned () at
> ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S:31
> 31  ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S: No such
> file or directory.
> (gdb) bt full
> #0  __strcmp_sse2_unaligned () at
> ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S:31
> No locals.
> #1  0x562d7a9d8dcf in password_scheme_register_crypt () at
> password-scheme-crypt.c:191
>     i = 0
>     crypted = 0xf6e4b200  address 0xf6e4b200>
>     __func__ = 
> #2  0x562d7a9d87cb in password_schemes_init () at
> password-scheme.c:874
>     i = 27
> #3  0x562d7a9a082a in main_preinit () at main.c:185
>     mod_set = {abi_version = 0xf74856c0  memory at address 0xf74856c0>,
>   binary_name = 0x6f6c0d52e61baf00  memory at address 0x6f6c0d52e61baf00>,
>   setting_name = 0x7fa9f6e97011 <__x86_return_thunk+5>
> "\363\220\017\256\350\353\371H\215d$\b\303\350\a",
>   filter_callback = 0x7fa9f6ecd029 ,
> filter_context = 0x7fa9f6e97011 <__x86_return_thunk+5>,
>   require_init_funcs = false, debug = false,
> ignore_dlopen_errors = false, ignore_missing = false}
>     services = 0x562d7b4d9fa0
> #4  0x562d7a9a0ef5 in main (argc=1, argv=0x562d7b4d9ae0) at
> main.c:392
>     c = -1
> (gdb) p sample[i].key
> No symbol "i" in current context.
> (gdb) p sample[i].salt
> No symbol "i" in current context.
> (gdb)
>
> However:
>
> (gdb) p sample[0].key
> $1 = 0x562d7a9f2f1e "08/15!test~4711"
> (gdb) p sample[1].key
> $2 = 0x562d7a9f2f1e "08/15!test~4711"
> (gdb) p sample[2].key
> $3 = 0x562d7a9f2f1e "08/15!test~4711"
> (gdb) p sample[0].salt
> $4 = 0x562d7a9f2f2e "JB"
> (gdb) p sample[1].salt
> $5 = 0x562d7a9f2f40 "$5$rounds=1000$0123456789abcdef"
> (gdb) p sample[2].salt
> $6 = 0x562d7a9f2fb0 "$6$rounds=1000$0123456789abcdef"
> (gdb)
>
>
> (Different core file to earlier but the trace looks the same)
>
> I haven't experienced any problems with any other apps (yet).
>
> Thanks,
> Reuben
>
>
> On 8/08/2018 4:13 pm, Aki Tuomi wrote:
>> Hi!
>>
>> Thank you for the report, few points though:
>>
>>   - The link you provided is broken
>>
>>   - getting glibc-2.28 prebuilt seems to be bit problematic, and what I
>> read from their changelog, the crypt function should work as normal.
>> That said, it would be somewhat helpful if you could use gdb to find out
>> what was passed to crypt
>>
>> p samp

Re: Reproducible SIGSEGV when Dovecot 2.3 compiled against glibc-2.28

2018-08-08 Thread Reuben Farrelly 

Hi,

The link to the release notes seems should have an 'l' on the end:

Try: https://www.sourceware.org/ml/libc-alpha/2018-08/msg3.html

This with gdb:

thunderstorm /usr/src/dovecot/dovecot-2.3/src/auth # gdb 
/root/dovecot-auth-crash/auth /root/dovecot-auth-crash/core.auth.29667 
GNU gdb (Gentoo 8.1.1 p1) 8.1.1

Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
<http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://bugs.gentoo.org/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /root/dovecot-auth-crash/auth...done.

warning: exec file is newer than core file.
[New LWP 29667]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `dovecot/auth'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  __strcmp_sse2_unaligned () at 
../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S:31
31  ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S: No such 
file or directory.

(gdb) bt full
#0  __strcmp_sse2_unaligned () at 
../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S:31

No locals.
#1  0x562d7a9d8dcf in password_scheme_register_crypt () at 
password-scheme-crypt.c:191

i = 0
crypted = 0xf6e4b200 address 0xf6e4b200>

__func__ = 
#2  0x562d7a9d87cb in password_schemes_init () at password-scheme.c:874
i = 27
#3  0x562d7a9a082a in main_preinit () at main.c:185
mod_set = {abi_version = 0xf74856c0 memory at address 0xf74856c0>,
  binary_name = 0x6f6c0d52e61baf00 at address 0x6f6c0d52e61baf00>,
  setting_name = 0x7fa9f6e97011 <__x86_return_thunk+5> 
"\363\220\017\256\350\353\371H\215d$\b\303\350\a",
  filter_callback = 0x7fa9f6ecd029 , 
filter_context = 0x7fa9f6e97011 <__x86_return_thunk+5>,
  require_init_funcs = false, debug = false, 
ignore_dlopen_errors = false, ignore_missing = false}

services = 0x562d7b4d9fa0
#4  0x562d7a9a0ef5 in main (argc=1, argv=0x562d7b4d9ae0) at main.c:392
c = -1
(gdb) p sample[i].key
No symbol "i" in current context.
(gdb) p sample[i].salt
No symbol "i" in current context.
(gdb)

However:

(gdb) p sample[0].key
$1 = 0x562d7a9f2f1e "08/15!test~4711"
(gdb) p sample[1].key
$2 = 0x562d7a9f2f1e "08/15!test~4711"
(gdb) p sample[2].key
$3 = 0x562d7a9f2f1e "08/15!test~4711"
(gdb) p sample[0].salt
$4 = 0x562d7a9f2f2e "JB"
(gdb) p sample[1].salt
$5 = 0x562d7a9f2f40 "$5$rounds=1000$0123456789abcdef"
(gdb) p sample[2].salt
$6 = 0x562d7a9f2fb0 "$6$rounds=1000$0123456789abcdef"
(gdb)


(Different core file to earlier but the trace looks the same)

I haven't experienced any problems with any other apps (yet).

Thanks,
Reuben


On 8/08/2018 4:13 pm, Aki Tuomi wrote:

Hi!

Thank you for the report, few points though:

  - The link you provided is broken

  - getting glibc-2.28 prebuilt seems to be bit problematic, and what I
read from their changelog, the crypt function should work as normal.
That said, it would be somewhat helpful if you could use gdb to find out
what was passed to crypt

p sample[i].key
p sample[i].salt

the return value is, for some reason, an invalid pointer, which it
really should not be. So you probably might want to raise this up with
glibc developers too.

Aki

On 08.08.2018 06:54, Reuben Farrelly wrote:

Hi,

Dovecot 2.3 (release and current -git) versions compile, but fail to
run when compiled against glibc-2.28.

This is what is logged on startup:

Aug  8 08:24:39 thunderstorm.reub.net dovecot[569]: master: Dovecot
v2.3.2.1 (0719df592) starting up for imap, lmtp, sieve, submission, sieve
Aug  8 08:24:39 thunderstorm.reub.net dovecot[569]: master: Error:
service(auth): command startup failed, throttling for 2 secs
Aug  8 08:24:39 thunderstorm.reub.net dovecot[574]: auth: Fatal:
master: service(auth): child 582 killed with signal 11 (core dumped)
Aug  8 08:24:39 thunderstorm.reub.net dovecot[574]: replicator: Error:
userdb lookup: Disconnected unexpectedly
Aug  8 08:24:52 thunderstorm.reub.net dovecot[569]: master: Warning:
Killed with signal 15 (by pid=670 uid=0 code=kill)

The issue is specifically with the 'auth' binary.  Other components
all appear to be unaffected.  The 'auth' binary dies with a
Segmentation Fault wh

Re: Reproducible SIGSEGV when Dovecot 2.3 compiled against glibc-2.28

2018-08-08 Thread Aki Tuomi 
Hi!

Thank you for the report, few points though:

 - The link you provided is broken

 - getting glibc-2.28 prebuilt seems to be bit problematic, and what I
read from their changelog, the crypt function should work as normal.
That said, it would be somewhat helpful if you could use gdb to find out
what was passed to crypt

p sample[i].key
p sample[i].salt

the return value is, for some reason, an invalid pointer, which it
really should not be. So you probably might want to raise this up with
glibc developers too.

Aki

On 08.08.2018 06:54, Reuben Farrelly wrote:
> Hi,
>
> Dovecot 2.3 (release and current -git) versions compile, but fail to
> run when compiled against glibc-2.28.
>
> This is what is logged on startup:
>
> Aug  8 08:24:39 thunderstorm.reub.net dovecot[569]: master: Dovecot
> v2.3.2.1 (0719df592) starting up for imap, lmtp, sieve, submission, sieve
> Aug  8 08:24:39 thunderstorm.reub.net dovecot[569]: master: Error:
> service(auth): command startup failed, throttling for 2 secs
> Aug  8 08:24:39 thunderstorm.reub.net dovecot[574]: auth: Fatal:
> master: service(auth): child 582 killed with signal 11 (core dumped)
> Aug  8 08:24:39 thunderstorm.reub.net dovecot[574]: replicator: Error:
> userdb lookup: Disconnected unexpectedly
> Aug  8 08:24:52 thunderstorm.reub.net dovecot[569]: master: Warning:
> Killed with signal 15 (by pid=670 uid=0 code=kill)
>
> The issue is specifically with the 'auth' binary.  Other components
> all appear to be unaffected.  The 'auth' binary dies with a
> Segmentation Fault when run as a standalone executable too.
> As the auth binary is critical to many different parts of Dovecot, a
> failure of this is catastrophic.
>
> This is a 100% reproducible problem.  The platform is Gentoo x86_64.
>
> thunderstorm /usr/libexec/dovecot # ./auth-old
> Segmentation fault
> thunderstorm /usr/libexec/dovecot #
>
> [I've renamed the original binary to auth-old, and put in it's place a
> working 'auth' binary built against glibc-2.27 in order to have a
> functioning system]
>
> Problem matrix looks like this:
>
> Build on a glibc-2.27 system, run on a glibc-2.27 - OK
> Build on a glibc-2.27 system, run on a glibc-2.28 - OK
> Build on a glibc-2.28 system, run on a glibc-2.27 - SEGFAULT
> Build on a glibc-2.28 system, run on a glibc-2.28 - SEGFAULT
>
> (All other components including gcc otherwise identical)
>
> ./configure --prefix=/usr --build=x86_64-pc-linux-gnu
> --host=x86_64-pc-linux-gnu --mandir=/usr/share/man
> --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc
> --localstatedir=/var/lib --disable-dependency-tracking
> --disable-silent-rules --docdir=/usr/share/doc/dovecot-_p20180807
> --htmldir=/usr/share/doc/dovecot-_p20180807/html
> --libdir=/usr/lib64 --with-rundir=/run/dovecot
> --with-statedir=/var/lib/dovecot --with-moduledir=/usr/lib64/dovecot
> --without-stemmer --disable-rpath --without-libbsd --with-icu
> --with-ssl --with-systemdsystemunitdir=/lib/systemd/system
> --with-sodium --with-bzlib --without-libcap --without-gssapi
> --without-lua --without-ldap --with-lucene --with-lz4 --with-lzma
> --without-mysql --with-pam --without-pgsql --without-sqlite
> --without-solr --with-libwrap --without-textcat --without-vpopmail
> --with-zlib --disable-static
>
>
> Strace:
>
> thunderstorm /usr/libexec/dovecot # strace ./auth-old
> execve("./auth-old", ["./auth-old"], 0x7ffd17c804c0 /* 27 vars */) = 0
> brk(NULL)   = 0x557e9dc28000
> access("/etc/ld.so.preload", R_OK)  = -1 ENOENT (No such file or
> directory)
> openat(AT_FDCWD,
> "/usr/lib64/dovecot/old-stats/tls/x86_64/x86_64/libstats_auth.so",
> O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> stat("/usr/lib64/dovecot/old-stats/tls/x86_64/x86_64", 0x7ffcc7973020)
> = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD,
> "/usr/lib64/dovecot/old-stats/tls/x86_64/libstats_auth.so",
> O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> stat("/usr/lib64/dovecot/old-stats/tls/x86_64", 0x7ffcc7973020) = -1
> ENOENT (No such file or directory)
> openat(AT_FDCWD,
> "/usr/lib64/dovecot/old-stats/tls/x86_64/libstats_auth.so",
> O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> stat("/usr/lib64/dovecot/old-stats/tls/x86_64", 0x7ffcc7973020) = -1
> ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/lib64/dovecot/old-stats/tls/libstats_auth.so",
> O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> stat("/usr/lib64/dovecot/old-stats/tls", 0x7ffcc7973020) = -1 ENOENT
> (No such file or directory)
> openat(AT_FDCWD,
> "/usr/lib64/dovecot/old-stats/x8

Reproducible SIGSEGV when Dovecot 2.3 compiled against glibc-2.28

2018-08-07 Thread Reuben Farrelly 

Hi,

Dovecot 2.3 (release and current -git) versions compile, but fail to run 
when compiled against glibc-2.28.


This is what is logged on startup:

Aug  8 08:24:39 thunderstorm.reub.net dovecot[569]: master: Dovecot 
v2.3.2.1 (0719df592) starting up for imap, lmtp, sieve, submission, sieve
Aug  8 08:24:39 thunderstorm.reub.net dovecot[569]: master: Error: 
service(auth): command startup failed, throttling for 2 secs
Aug  8 08:24:39 thunderstorm.reub.net dovecot[574]: auth: Fatal: master: 
service(auth): child 582 killed with signal 11 (core dumped)
Aug  8 08:24:39 thunderstorm.reub.net dovecot[574]: replicator: Error: 
userdb lookup: Disconnected unexpectedly
Aug  8 08:24:52 thunderstorm.reub.net dovecot[569]: master: Warning: 
Killed with signal 15 (by pid=670 uid=0 code=kill)


The issue is specifically with the 'auth' binary.  Other components all 
appear to be unaffected.  The 'auth' binary dies with a Segmentation 
Fault when run as a standalone executable too.
As the auth binary is critical to many different parts of Dovecot, a 
failure of this is catastrophic.


This is a 100% reproducible problem.  The platform is Gentoo x86_64.

thunderstorm /usr/libexec/dovecot # ./auth-old
Segmentation fault
thunderstorm /usr/libexec/dovecot #

[I've renamed the original binary to auth-old, and put in it's place a 
working 'auth' binary built against glibc-2.27 in order to have a 
functioning system]


Problem matrix looks like this:

Build on a glibc-2.27 system, run on a glibc-2.27 - OK
Build on a glibc-2.27 system, run on a glibc-2.28 - OK
Build on a glibc-2.28 system, run on a glibc-2.27 - SEGFAULT
Build on a glibc-2.28 system, run on a glibc-2.28 - SEGFAULT

(All other components including gcc otherwise identical)

./configure --prefix=/usr --build=x86_64-pc-linux-gnu 
--host=x86_64-pc-linux-gnu --mandir=/usr/share/man 
--infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc 
--localstatedir=/var/lib --disable-dependency-tracking 
--disable-silent-rules --docdir=/usr/share/doc/dovecot-_p20180807 
--htmldir=/usr/share/doc/dovecot-_p20180807/html --libdir=/usr/lib64 
--with-rundir=/run/dovecot --with-statedir=/var/lib/dovecot 
--with-moduledir=/usr/lib64/dovecot --without-stemmer --disable-rpath 
--without-libbsd --with-icu --with-ssl 
--with-systemdsystemunitdir=/lib/systemd/system --with-sodium 
--with-bzlib --without-libcap --without-gssapi --without-lua 
--without-ldap --with-lucene --with-lz4 --with-lzma --without-mysql 
--with-pam --without-pgsql --without-sqlite --without-solr 
--with-libwrap --without-textcat --without-vpopmail --with-zlib 
--disable-static



Strace:

thunderstorm /usr/libexec/dovecot # strace ./auth-old
execve("./auth-old", ["./auth-old"], 0x7ffd17c804c0 /* 27 vars */) = 0
brk(NULL)   = 0x557e9dc28000
access("/etc/ld.so.preload", R_OK)  = -1 ENOENT (No such file or 
directory)
openat(AT_FDCWD, 
"/usr/lib64/dovecot/old-stats/tls/x86_64/x86_64/libstats_auth.so", 
O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/dovecot/old-stats/tls/x86_64/x86_64", 0x7ffcc7973020) = 
-1 ENOENT (No such file or directory)
openat(AT_FDCWD, 
"/usr/lib64/dovecot/old-stats/tls/x86_64/libstats_auth.so", 
O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/dovecot/old-stats/tls/x86_64", 0x7ffcc7973020) = -1 
ENOENT (No such file or directory)
openat(AT_FDCWD, 
"/usr/lib64/dovecot/old-stats/tls/x86_64/libstats_auth.so", 
O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/dovecot/old-stats/tls/x86_64", 0x7ffcc7973020) = -1 
ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/dovecot/old-stats/tls/libstats_auth.so", 
O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/dovecot/old-stats/tls", 0x7ffcc7973020) = -1 ENOENT (No 
such file or directory)
openat(AT_FDCWD, 
"/usr/lib64/dovecot/old-stats/x86_64/x86_64/libstats_auth.so", 
O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/dovecot/old-stats/x86_64/x86_64", 0x7ffcc7973020) = -1 
ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/dovecot/old-stats/x86_64/libstats_auth.so", 
O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/dovecot/old-stats/x86_64", 0x7ffcc7973020) = -1 ENOENT 
(No such file or directory)
openat(AT_FDCWD, "/usr/lib64/dovecot/old-stats/x86_64/libstats_auth.so", 
O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/dovecot/old-stats/x86_64", 0x7ffcc7973020) = -1 ENOENT 
(No such file or directory)
openat(AT_FDCWD, "/usr/lib64/dovecot/old-stats/libstats_auth.so", 
O_RDONLY|O_CLOEXEC) = 3
read(3, 
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\t\0\0\0\0\0\0"..., 832) 
= 832

fstat(3, {st_mode=S_IFRE

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

2018-07-30 Thread ѽ҉ᶬḳ℠ 


>> That is one of the reasons I do not bother since long with public CAs
>> but rather deploy my own, including own OSCP responder.
> May I ask, how you create a CA which is valid for clients without them
> having to install your root cert?
>

> and CA trust in clients. Latter though could be easily overcome if
browser and email clients were to support DNSSEC/DANE validation.

That is where DANE/TLSA comes in but it requires DNSSEC/DANE validation
in the client and of course DNSSEC and TLSA records in the domain's DNS.
Notwithstanding that the upstream DNS resolvers utilized by clients need
to support DNSSEC queries/answers as well.

Whatever the reasons for lacking such validation support in most of the
clients (incl. web browsers) one speculative is that it would kill
commercial CAs (as such Let's Encrypt is one too through their
sponsors), or at least has the potential to diminish their business (model).

Suppose we are not hijacking this thread furthermore and avoid earning a
discontent eventually ... ;)

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

2018-07-30 Thread Helmut K. C. Tessarek 
On 2018-07-30 19:45, ѽ҉ᶬḳ℠ wrote:
> That is one of the reasons I do not bother since long with public CAs
> but rather deploy my own, including own OSCP responder.

May I ask, how you create a CA which is valid for clients without them
having to install your root cert?

Cheers,
 K. C.

-- 
regards Helmut K. C. Tessarek  KeyID 0x172380A011EF4944
Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944

/*
   Thou shalt not follow the NULL pointer for chaos and madness
   await thee at its end.
*/



signature.asc
Description: OpenPGP digital signature

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

2018-07-30 Thread ѽ҉ᶬḳ℠ 
That is one of the reasons I do not bother since long with public CAs
but rather deploy my own, including own OSCP responder.

Which has of course has some drawbacks like redundancy, resilience,
bandwidth provision, geographical spread, implementing CA security
standards and CA trust in clients. Latter though could be easily
overcome if browser and email clients were to support DNSSEC/DANE
validation.

It may not help you in the short term now but perhaps something to
consider long term for the benefit of controlling the certificate
handling/signing, depending on the CA scale.

> Hello,
>
> I have discovered what I believe is the issue after hearing back from
> Aquamail. And that is that android 7 which I'm running 7.0 that is,
> only supports up to the p256 ecc curve. This brings up a question to
> users of letsencrypt, when you revoke a certificate does it take it
> out on the usage as well? I've got one domain that says i've issued to
> many certificates for it and no more can be issued, thought I was
> using the staging server. I'd like to get those certs off the
> letsencrypt servers so I can make a new one using the p256 curve. Does
> anyone know if this is doable? Using acme.sh I tried --revoke which
> revoked one cert but letsencrypt still would not let me issue another.
>
> Thanks.
> Dave.
>
>
> On 7/30/18, Aki Tuomi  wrote:
>> I don't know how to get both RSA and ECC cert from letsencrypt.
>>
>> Aki
>>
>>> On 30 July 2018 at 20:43 David Mehler  wrote:
>>>
>>>
>>> Hello,
>>>
>>> What acme implementation do you use for your letsencrypt certificates?
>>> If it's acme.sh how do you get both rsa and ecc certificates? What
>>> configuration options are you using in your configuration of services
>>> to allow access to both rsa and ecc?
>>>
>>> Thanks.
>>> Dave.
>>>
>>>
>>> On 7/30/18, David Mehler  wrote:
>>>> Hello,
>>>>
>>>> The client in question is the latest version of AquaMail running on
>>>> android.
>>>>
>>>> Thanks.
>>>> Dave.
>>>>
>>>>
>>>> On 7/30/18, Aki Tuomi  wrote:
>>>>> You should, in practice, enable both. This gives best client
>>>>> compability.
>>>>> It
>>>>> is possible you have clients that cannot understand ECC certificates?
>>>>> You
>>>>> can use ssl_alt_cert to provide RSA cert too.
>>>>>
>>>>> Aki
>>>>>
>>>>>> On 30 July 2018 at 20:05 David Mehler  wrote:
>>>>>>
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> Thanks, good news is that worked. Bad news is it all looks good which
>>>>>> means I do not know hwhy my remote clients can't get their email,
>>>>>> looked like from the logs it was that.
>>>>>>
>>>>>> Would 143 be better or 993 for the external clients?
>>>>>>
>>>>>> Thanks.
>>>>>> Dave.
>>>>>>
>>>>>>
>>>>>> On 7/30/18, Aki Tuomi  wrote:
>>>>>>>> On 30 July 2018 at 19:16 David Mehler 
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> Does dovecot 2.3.x have any issues recognizing or using
>>>>>>>> certificates
>>>>>>>> that are ECC and wildcard? I'm trying to switch my letsencrypt
>>>>>>>> implementation from acme-client which does not support either of
>>>>>>>> those
>>>>>>>> capabilities to acme.sh which does. Since then external clients
>>>>>>>> checking their email has not worked. A manual telnet to
>>>>>>>> mail.example.com 993 gives a connected message but then nothing no
>>>>>>>> greeting or capabilities.
>>>>>>>>
>>>>>>>> The certificate is for example.com with an alt name of
>>>>>>>> *.example.com
>>>>>>>> if that's not right let me know, i'm not sure about that one,
>>>>>>>> connecting to the web sites of these pages seems noticeably
>>>>>>>> slower,
>>>>>>>> I'm wondering if both of these issues aren't key related?
>>>>>>>>
>>>>>>>> Thanks.
>>>>>>>> Dave.
>>>>>>> These both should be fine.
>>>>>>>
>>>>>>> Port 993 is TLS encrypted, you should use openssl s_client -connect
>>>>>>> server:993
>>>>>>>
>>>>>>> Aki
>>>>>>>

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

2018-07-30 Thread Felipe Gasper 
Revocation doesn’t remove the certificates; it just marks them as invalid when 
a TLS client bothers to check.

-FG

> On Jul 30, 2018, at 6:45 PM, David Mehler  wrote:
> 
> Hello,
> 
> I have discovered what I believe is the issue after hearing back from
> Aquamail. And that is that android 7 which I'm running 7.0 that is,
> only supports up to the p256 ecc curve. This brings up a question to
> users of letsencrypt, when you revoke a certificate does it take it
> out on the usage as well? I've got one domain that says i've issued to
> many certificates for it and no more can be issued, thought I was
> using the staging server. I'd like to get those certs off the
> letsencrypt servers so I can make a new one using the p256 curve. Does
> anyone know if this is doable? Using acme.sh I tried --revoke which
> revoked one cert but letsencrypt still would not let me issue another.
> 
> Thanks.
> Dave.
> 
> 
> On 7/30/18, Aki Tuomi  wrote:
>> I don't know how to get both RSA and ECC cert from letsencrypt.
>> 
>> Aki
>> 
>>> On 30 July 2018 at 20:43 David Mehler  wrote:
>>> 
>>> 
>>> Hello,
>>> 
>>> What acme implementation do you use for your letsencrypt certificates?
>>> If it's acme.sh how do you get both rsa and ecc certificates? What
>>> configuration options are you using in your configuration of services
>>> to allow access to both rsa and ecc?
>>> 
>>> Thanks.
>>> Dave.
>>> 
>>> 
>>> On 7/30/18, David Mehler  wrote:
>>>> Hello,
>>>> 
>>>> The client in question is the latest version of AquaMail running on
>>>> android.
>>>> 
>>>> Thanks.
>>>> Dave.
>>>> 
>>>> 
>>>> On 7/30/18, Aki Tuomi  wrote:
>>>>> You should, in practice, enable both. This gives best client
>>>>> compability.
>>>>> It
>>>>> is possible you have clients that cannot understand ECC certificates?
>>>>> You
>>>>> can use ssl_alt_cert to provide RSA cert too.
>>>>> 
>>>>> Aki
>>>>> 
>>>>>> On 30 July 2018 at 20:05 David Mehler  wrote:
>>>>>> 
>>>>>> 
>>>>>> Hi,
>>>>>> 
>>>>>> Thanks, good news is that worked. Bad news is it all looks good which
>>>>>> means I do not know hwhy my remote clients can't get their email,
>>>>>> looked like from the logs it was that.
>>>>>> 
>>>>>> Would 143 be better or 993 for the external clients?
>>>>>> 
>>>>>> Thanks.
>>>>>> Dave.
>>>>>> 
>>>>>> 
>>>>>> On 7/30/18, Aki Tuomi  wrote:
>>>>>>> 
>>>>>>>> On 30 July 2018 at 19:16 David Mehler 
>>>>>>>> wrote:
>>>>>>>> 
>>>>>>>> 
>>>>>>>> Hello,
>>>>>>>> 
>>>>>>>> Does dovecot 2.3.x have any issues recognizing or using
>>>>>>>> certificates
>>>>>>>> that are ECC and wildcard? I'm trying to switch my letsencrypt
>>>>>>>> implementation from acme-client which does not support either of
>>>>>>>> those
>>>>>>>> capabilities to acme.sh which does. Since then external clients
>>>>>>>> checking their email has not worked. A manual telnet to
>>>>>>>> mail.example.com 993 gives a connected message but then nothing no
>>>>>>>> greeting or capabilities.
>>>>>>>> 
>>>>>>>> The certificate is for example.com with an alt name of
>>>>>>>> *.example.com
>>>>>>>> if that's not right let me know, i'm not sure about that one,
>>>>>>>> connecting to the web sites of these pages seems noticeably
>>>>>>>> slower,
>>>>>>>> I'm wondering if both of these issues aren't key related?
>>>>>>>> 
>>>>>>>> Thanks.
>>>>>>>> Dave.
>>>>>>> 
>>>>>>> These both should be fine.
>>>>>>> 
>>>>>>> Port 993 is TLS encrypted, you should use openssl s_client -connect
>>>>>>> server:993
>>>>>>> 
>>>>>>> Aki
>>>>>>> 
>>>>> 
>>>> 
>>

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

2018-07-30 Thread David Mehler 
Hello,

I have discovered what I believe is the issue after hearing back from
Aquamail. And that is that android 7 which I'm running 7.0 that is,
only supports up to the p256 ecc curve. This brings up a question to
users of letsencrypt, when you revoke a certificate does it take it
out on the usage as well? I've got one domain that says i've issued to
many certificates for it and no more can be issued, thought I was
using the staging server. I'd like to get those certs off the
letsencrypt servers so I can make a new one using the p256 curve. Does
anyone know if this is doable? Using acme.sh I tried --revoke which
revoked one cert but letsencrypt still would not let me issue another.

Thanks.
Dave.


On 7/30/18, Aki Tuomi  wrote:
> I don't know how to get both RSA and ECC cert from letsencrypt.
>
> Aki
>
>> On 30 July 2018 at 20:43 David Mehler  wrote:
>>
>>
>> Hello,
>>
>> What acme implementation do you use for your letsencrypt certificates?
>> If it's acme.sh how do you get both rsa and ecc certificates? What
>> configuration options are you using in your configuration of services
>> to allow access to both rsa and ecc?
>>
>> Thanks.
>> Dave.
>>
>>
>> On 7/30/18, David Mehler  wrote:
>> > Hello,
>> >
>> > The client in question is the latest version of AquaMail running on
>> > android.
>> >
>> > Thanks.
>> > Dave.
>> >
>> >
>> > On 7/30/18, Aki Tuomi  wrote:
>> >> You should, in practice, enable both. This gives best client
>> >> compability.
>> >> It
>> >> is possible you have clients that cannot understand ECC certificates?
>> >> You
>> >> can use ssl_alt_cert to provide RSA cert too.
>> >>
>> >> Aki
>> >>
>> >>> On 30 July 2018 at 20:05 David Mehler  wrote:
>> >>>
>> >>>
>> >>> Hi,
>> >>>
>> >>> Thanks, good news is that worked. Bad news is it all looks good which
>> >>> means I do not know hwhy my remote clients can't get their email,
>> >>> looked like from the logs it was that.
>> >>>
>> >>> Would 143 be better or 993 for the external clients?
>> >>>
>> >>> Thanks.
>> >>> Dave.
>> >>>
>> >>>
>> >>> On 7/30/18, Aki Tuomi  wrote:
>> >>> >
>> >>> >> On 30 July 2018 at 19:16 David Mehler 
>> >>> >> wrote:
>> >>> >>
>> >>> >>
>> >>> >> Hello,
>> >>> >>
>> >>> >> Does dovecot 2.3.x have any issues recognizing or using
>> >>> >> certificates
>> >>> >> that are ECC and wildcard? I'm trying to switch my letsencrypt
>> >>> >> implementation from acme-client which does not support either of
>> >>> >> those
>> >>> >> capabilities to acme.sh which does. Since then external clients
>> >>> >> checking their email has not worked. A manual telnet to
>> >>> >> mail.example.com 993 gives a connected message but then nothing no
>> >>> >> greeting or capabilities.
>> >>> >>
>> >>> >> The certificate is for example.com with an alt name of
>> >>> >> *.example.com
>> >>> >> if that's not right let me know, i'm not sure about that one,
>> >>> >> connecting to the web sites of these pages seems noticeably
>> >>> >> slower,
>> >>> >> I'm wondering if both of these issues aren't key related?
>> >>> >>
>> >>> >> Thanks.
>> >>> >> Dave.
>> >>> >
>> >>> > These both should be fine.
>> >>> >
>> >>> > Port 993 is TLS encrypted, you should use openssl s_client -connect
>> >>> > server:993
>> >>> >
>> >>> > Aki
>> >>> >
>> >>
>> >
>

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

2018-07-30 Thread Felipe Gasper 
FWIW, it’s relatively straightforward to do this with my Perl ACME 
implementation, Net::ACME2.

You’ll get your first certificate order using one key, then request another 
certificate with the other key.

-FG

> On Jul 30, 2018, at 1:49 PM, Aki Tuomi  wrote:
> 
> I don't know how to get both RSA and ECC cert from letsencrypt.
> 
> Aki
> 
>> On 30 July 2018 at 20:43 David Mehler  wrote:
>> 
>> 
>> Hello,
>> 
>> What acme implementation do you use for your letsencrypt certificates?
>> If it's acme.sh how do you get both rsa and ecc certificates? What
>> configuration options are you using in your configuration of services
>> to allow access to both rsa and ecc?
>> 
>> Thanks.
>> Dave.
>> 
>> 
>> On 7/30/18, David Mehler  wrote:
>>> Hello,
>>> 
>>> The client in question is the latest version of AquaMail running on
>>> android.
>>> 
>>> Thanks.
>>> Dave.
>>> 
>>> 
>>> On 7/30/18, Aki Tuomi  wrote:
>>>> You should, in practice, enable both. This gives best client compability.
>>>> It
>>>> is possible you have clients that cannot understand ECC certificates? You
>>>> can use ssl_alt_cert to provide RSA cert too.
>>>> 
>>>> Aki
>>>> 
>>>>> On 30 July 2018 at 20:05 David Mehler  wrote:
>>>>> 
>>>>> 
>>>>> Hi,
>>>>> 
>>>>> Thanks, good news is that worked. Bad news is it all looks good which
>>>>> means I do not know hwhy my remote clients can't get their email,
>>>>> looked like from the logs it was that.
>>>>> 
>>>>> Would 143 be better or 993 for the external clients?
>>>>> 
>>>>> Thanks.
>>>>> Dave.
>>>>> 
>>>>> 
>>>>> On 7/30/18, Aki Tuomi  wrote:
>>>>>> 
>>>>>>> On 30 July 2018 at 19:16 David Mehler  wrote:
>>>>>>> 
>>>>>>> 
>>>>>>> Hello,
>>>>>>> 
>>>>>>> Does dovecot 2.3.x have any issues recognizing or using certificates
>>>>>>> that are ECC and wildcard? I'm trying to switch my letsencrypt
>>>>>>> implementation from acme-client which does not support either of
>>>>>>> those
>>>>>>> capabilities to acme.sh which does. Since then external clients
>>>>>>> checking their email has not worked. A manual telnet to
>>>>>>> mail.example.com 993 gives a connected message but then nothing no
>>>>>>> greeting or capabilities.
>>>>>>> 
>>>>>>> The certificate is for example.com with an alt name of *.example.com
>>>>>>> if that's not right let me know, i'm not sure about that one,
>>>>>>> connecting to the web sites of these pages seems noticeably slower,
>>>>>>> I'm wondering if both of these issues aren't key related?
>>>>>>> 
>>>>>>> Thanks.
>>>>>>> Dave.
>>>>>> 
>>>>>> These both should be fine.
>>>>>> 
>>>>>> Port 993 is TLS encrypted, you should use openssl s_client -connect
>>>>>> server:993
>>>>>> 
>>>>>> Aki
>>>>>> 
>>>> 
>>>

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

2018-07-30 Thread Aki Tuomi 
I don't know how to get both RSA and ECC cert from letsencrypt.

Aki

> On 30 July 2018 at 20:43 David Mehler  wrote:
> 
> 
> Hello,
> 
> What acme implementation do you use for your letsencrypt certificates?
> If it's acme.sh how do you get both rsa and ecc certificates? What
> configuration options are you using in your configuration of services
> to allow access to both rsa and ecc?
> 
> Thanks.
> Dave.
> 
> 
> On 7/30/18, David Mehler  wrote:
> > Hello,
> >
> > The client in question is the latest version of AquaMail running on
> > android.
> >
> > Thanks.
> > Dave.
> >
> >
> > On 7/30/18, Aki Tuomi  wrote:
> >> You should, in practice, enable both. This gives best client compability.
> >> It
> >> is possible you have clients that cannot understand ECC certificates? You
> >> can use ssl_alt_cert to provide RSA cert too.
> >>
> >> Aki
> >>
> >>> On 30 July 2018 at 20:05 David Mehler  wrote:
> >>>
> >>>
> >>> Hi,
> >>>
> >>> Thanks, good news is that worked. Bad news is it all looks good which
> >>> means I do not know hwhy my remote clients can't get their email,
> >>> looked like from the logs it was that.
> >>>
> >>> Would 143 be better or 993 for the external clients?
> >>>
> >>> Thanks.
> >>> Dave.
> >>>
> >>>
> >>> On 7/30/18, Aki Tuomi  wrote:
> >>> >
> >>> >> On 30 July 2018 at 19:16 David Mehler  wrote:
> >>> >>
> >>> >>
> >>> >> Hello,
> >>> >>
> >>> >> Does dovecot 2.3.x have any issues recognizing or using certificates
> >>> >> that are ECC and wildcard? I'm trying to switch my letsencrypt
> >>> >> implementation from acme-client which does not support either of
> >>> >> those
> >>> >> capabilities to acme.sh which does. Since then external clients
> >>> >> checking their email has not worked. A manual telnet to
> >>> >> mail.example.com 993 gives a connected message but then nothing no
> >>> >> greeting or capabilities.
> >>> >>
> >>> >> The certificate is for example.com with an alt name of *.example.com
> >>> >> if that's not right let me know, i'm not sure about that one,
> >>> >> connecting to the web sites of these pages seems noticeably slower,
> >>> >> I'm wondering if both of these issues aren't key related?
> >>> >>
> >>> >> Thanks.
> >>> >> Dave.
> >>> >
> >>> > These both should be fine.
> >>> >
> >>> > Port 993 is TLS encrypted, you should use openssl s_client -connect
> >>> > server:993
> >>> >
> >>> > Aki
> >>> >
> >>
> >

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

2018-07-30 Thread David Mehler 
Hello,

What acme implementation do you use for your letsencrypt certificates?
If it's acme.sh how do you get both rsa and ecc certificates? What
configuration options are you using in your configuration of services
to allow access to both rsa and ecc?

Thanks.
Dave.


On 7/30/18, David Mehler  wrote:
> Hello,
>
> The client in question is the latest version of AquaMail running on
> android.
>
> Thanks.
> Dave.
>
>
> On 7/30/18, Aki Tuomi  wrote:
>> You should, in practice, enable both. This gives best client compability.
>> It
>> is possible you have clients that cannot understand ECC certificates? You
>> can use ssl_alt_cert to provide RSA cert too.
>>
>> Aki
>>
>>> On 30 July 2018 at 20:05 David Mehler  wrote:
>>>
>>>
>>> Hi,
>>>
>>> Thanks, good news is that worked. Bad news is it all looks good which
>>> means I do not know hwhy my remote clients can't get their email,
>>> looked like from the logs it was that.
>>>
>>> Would 143 be better or 993 for the external clients?
>>>
>>> Thanks.
>>> Dave.
>>>
>>>
>>> On 7/30/18, Aki Tuomi  wrote:
>>> >
>>> >> On 30 July 2018 at 19:16 David Mehler  wrote:
>>> >>
>>> >>
>>> >> Hello,
>>> >>
>>> >> Does dovecot 2.3.x have any issues recognizing or using certificates
>>> >> that are ECC and wildcard? I'm trying to switch my letsencrypt
>>> >> implementation from acme-client which does not support either of
>>> >> those
>>> >> capabilities to acme.sh which does. Since then external clients
>>> >> checking their email has not worked. A manual telnet to
>>> >> mail.example.com 993 gives a connected message but then nothing no
>>> >> greeting or capabilities.
>>> >>
>>> >> The certificate is for example.com with an alt name of *.example.com
>>> >> if that's not right let me know, i'm not sure about that one,
>>> >> connecting to the web sites of these pages seems noticeably slower,
>>> >> I'm wondering if both of these issues aren't key related?
>>> >>
>>> >> Thanks.
>>> >> Dave.
>>> >
>>> > These both should be fine.
>>> >
>>> > Port 993 is TLS encrypted, you should use openssl s_client -connect
>>> > server:993
>>> >
>>> > Aki
>>> >
>>
>

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

2018-07-30 Thread David Mehler 
Hello,

The client in question is the latest version of AquaMail running on android.

Thanks.
Dave.


On 7/30/18, Aki Tuomi  wrote:
> You should, in practice, enable both. This gives best client compability. It
> is possible you have clients that cannot understand ECC certificates? You
> can use ssl_alt_cert to provide RSA cert too.
>
> Aki
>
>> On 30 July 2018 at 20:05 David Mehler  wrote:
>>
>>
>> Hi,
>>
>> Thanks, good news is that worked. Bad news is it all looks good which
>> means I do not know hwhy my remote clients can't get their email,
>> looked like from the logs it was that.
>>
>> Would 143 be better or 993 for the external clients?
>>
>> Thanks.
>> Dave.
>>
>>
>> On 7/30/18, Aki Tuomi  wrote:
>> >
>> >> On 30 July 2018 at 19:16 David Mehler  wrote:
>> >>
>> >>
>> >> Hello,
>> >>
>> >> Does dovecot 2.3.x have any issues recognizing or using certificates
>> >> that are ECC and wildcard? I'm trying to switch my letsencrypt
>> >> implementation from acme-client which does not support either of those
>> >> capabilities to acme.sh which does. Since then external clients
>> >> checking their email has not worked. A manual telnet to
>> >> mail.example.com 993 gives a connected message but then nothing no
>> >> greeting or capabilities.
>> >>
>> >> The certificate is for example.com with an alt name of *.example.com
>> >> if that's not right let me know, i'm not sure about that one,
>> >> connecting to the web sites of these pages seems noticeably slower,
>> >> I'm wondering if both of these issues aren't key related?
>> >>
>> >> Thanks.
>> >> Dave.
>> >
>> > These both should be fine.
>> >
>> > Port 993 is TLS encrypted, you should use openssl s_client -connect
>> > server:993
>> >
>> > Aki
>> >
>

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

2018-07-30 Thread Aki Tuomi 
You should, in practice, enable both. This gives best client compability. It is 
possible you have clients that cannot understand ECC certificates? You can use 
ssl_alt_cert to provide RSA cert too.

Aki

> On 30 July 2018 at 20:05 David Mehler  wrote:
> 
> 
> Hi,
> 
> Thanks, good news is that worked. Bad news is it all looks good which
> means I do not know hwhy my remote clients can't get their email,
> looked like from the logs it was that.
> 
> Would 143 be better or 993 for the external clients?
> 
> Thanks.
> Dave.
> 
> 
> On 7/30/18, Aki Tuomi  wrote:
> >
> >> On 30 July 2018 at 19:16 David Mehler  wrote: 
> >>
> >>
> >> Hello,
> >>
> >> Does dovecot 2.3.x have any issues recognizing or using certificates
> >> that are ECC and wildcard? I'm trying to switch my letsencrypt
> >> implementation from acme-client which does not support either of those
> >> capabilities to acme.sh which does. Since then external clients
> >> checking their email has not worked. A manual telnet to
> >> mail.example.com 993 gives a connected message but then nothing no
> >> greeting or capabilities.
> >>
> >> The certificate is for example.com with an alt name of *.example.com
> >> if that's not right let me know, i'm not sure about that one,
> >> connecting to the web sites of these pages seems noticeably slower,
> >> I'm wondering if both of these issues aren't key related?
> >>
> >> Thanks.
> >> Dave.
> >
> > These both should be fine.
> >
> > Port 993 is TLS encrypted, you should use openssl s_client -connect
> > server:993
> >
> > Aki
> >

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

2018-07-30 Thread David Mehler 
Hi,

Thanks, good news is that worked. Bad news is it all looks good which
means I do not know hwhy my remote clients can't get their email,
looked like from the logs it was that.

Would 143 be better or 993 for the external clients?

Thanks.
Dave.


On 7/30/18, Aki Tuomi  wrote:
>
>> On 30 July 2018 at 19:16 David Mehler  wrote:
>>
>>
>> Hello,
>>
>> Does dovecot 2.3.x have any issues recognizing or using certificates
>> that are ECC and wildcard? I'm trying to switch my letsencrypt
>> implementation from acme-client which does not support either of those
>> capabilities to acme.sh which does. Since then external clients
>> checking their email has not worked. A manual telnet to
>> mail.example.com 993 gives a connected message but then nothing no
>> greeting or capabilities.
>>
>> The certificate is for example.com with an alt name of *.example.com
>> if that's not right let me know, i'm not sure about that one,
>> connecting to the web sites of these pages seems noticeably slower,
>> I'm wondering if both of these issues aren't key related?
>>
>> Thanks.
>> Dave.
>
> These both should be fine.
>
> Port 993 is TLS encrypted, you should use openssl s_client -connect
> server:993
>
> Aki
>

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

2018-07-30 Thread Aki Tuomi 


> On 30 July 2018 at 19:16 David Mehler  wrote:
> 
> 
> Hello,
> 
> Does dovecot 2.3.x have any issues recognizing or using certificates
> that are ECC and wildcard? I'm trying to switch my letsencrypt
> implementation from acme-client which does not support either of those
> capabilities to acme.sh which does. Since then external clients
> checking their email has not worked. A manual telnet to
> mail.example.com 993 gives a connected message but then nothing no
> greeting or capabilities.
> 
> The certificate is for example.com with an alt name of *.example.com
> if that's not right let me know, i'm not sure about that one,
> connecting to the web sites of these pages seems noticeably slower,
> I'm wondering if both of these issues aren't key related?
> 
> Thanks.
> Dave.

These both should be fine.

Port 993 is TLS encrypted, you should use openssl s_client -connect server:993

Aki

dovecot 2.3.x, ECC and wildcard certificates, any issues

2018-07-30 Thread David Mehler 
Hello,

Does dovecot 2.3.x have any issues recognizing or using certificates
that are ECC and wildcard? I'm trying to switch my letsencrypt
implementation from acme-client which does not support either of those
capabilities to acme.sh which does. Since then external clients
checking their email has not worked. A manual telnet to
mail.example.com 993 gives a connected message but then nothing no
greeting or capabilities.

The certificate is for example.com with an alt name of *.example.com
if that's not right let me know, i'm not sure about that one,
connecting to the web sites of these pages seems noticeably slower,
I'm wondering if both of these issues aren't key related?

Thanks.
Dave.

Re: Lmtp issues on dovecot 2.3.x with big messages

2018-05-23 Thread Stephan Bosch 



Op 23-5-2018 om 7:48 schreef Reio Remma:

On 17.04.2018 2:21, Stephan Bosch wrote:

Op 16/04/2018 om 19:57 schreef Michael Tratz:
Messages are being sent to dovecot LMTP by postfix. If I change 
this email

to another server with dovecot 2.2.x the same message are delivered
immediately.

Confirmed. Starts to fail here around 30Mb. Tested with Swaks.

Working on a fix...
Problem found. It is an explicit limit of 40Mb (for the 30Mb I saw 
in my

tests, there was also a base64 encoding I forgot about).

Will fix both the unhelpful error and the fact that there should be no
limit (currently) for LMTP.


Stephan,

I’m having the same issue with LMTP and large messages with dovecot 
2.3.x. Can you tell me which commit fixes this issue? I looked 
through the GitHub commits, but it’s not clear to me which commit 
fixes this issue. I’d like to apply the patch and re-compile dovecot 
for my machines instead of having to downgrade to 2.2.35.


This fix is currently pending: 
https://github.com/stephanbosch/dovecot-core/commits/lmtp-fix-msg-size-limit


I'm seeing some CI issues still and I am waiting on some input from 
someone else.


Regards,

Stephan.


Any news on when this fix might turn up in a release?


Release schedule tells me it will be part of 2.3.2, which should roll 
out some time mid June.


Regards,

Stephan.

Re: Lmtp issues on dovecot 2.3.x with big messages

2018-05-22 Thread Reio Remma 

On 17.04.2018 2:21, Stephan Bosch wrote:

Op 16/04/2018 om 19:57 schreef Michael Tratz:
Messages are being sent to dovecot LMTP by postfix. If I change 
this email

to another server with dovecot 2.2.x the same message are delivered
immediately.

Confirmed. Starts to fail here around 30Mb. Tested with Swaks.

Working on a fix...
Problem found. It is an explicit limit of 40Mb (for the 30Mb I saw 
in my

tests, there was also a base64 encoding I forgot about).

Will fix both the unhelpful error and the fact that there should be no
limit (currently) for LMTP.


Stephan,

I’m having the same issue with LMTP and large messages with dovecot 
2.3.x. Can you tell me which commit fixes this issue? I looked 
through the GitHub commits, but it’s not clear to me which commit 
fixes this issue. I’d like to apply the patch and re-compile dovecot 
for my machines instead of having to downgrade to 2.2.35.


This fix is currently pending: 
https://github.com/stephanbosch/dovecot-core/commits/lmtp-fix-msg-size-limit


I'm seeing some CI issues still and I am waiting on some input from 
someone else.


Regards,

Stephan.


Any news on when this fix might turn up in a release?

Thanks,
Reio

dovecot 2.3 on Ubuntu 18.04 LTS

2018-05-16 Thread Jean-Daniel Dupas 
Hello,

I'm running dovecot 2.3 from repo.dovecot.org <http://repo.dovecot.org/> on 
ubuntu 16.04 LTS, and I'm wondering if there is a scheduled date for the 
release of the bionic package in that repository.

The Ubuntu mainstream version is based on the 2.2 branch, which prevent us to 
use it.

Thanks.

Re: Lmtp issues on dovecot 2.3.x with big messages

2018-04-16 Thread Stephan Bosch 



Op 16/04/2018 om 19:57 schreef Michael Tratz:

Messages are being sent to dovecot LMTP by postfix. If I change this email
to another server with dovecot 2.2.x the same message are delivered
immediately.

Confirmed. Starts to fail here around 30Mb. Tested with Swaks.

Working on a fix...

Problem found. It is an explicit limit of 40Mb (for the 30Mb I saw in my
tests, there was also a base64 encoding I forgot about).

Will fix both the unhelpful error and the fact that there should be no
limit (currently) for LMTP.


Stephan,

I’m having the same issue with LMTP and large messages with dovecot 2.3.x. Can 
you tell me which commit fixes this issue? I looked through the GitHub commits, 
but it’s not clear to me which commit fixes this issue. I’d like to apply the 
patch and re-compile dovecot for my machines instead of having to downgrade to 
2.2.35.


This fix is currently pending: 
https://github.com/stephanbosch/dovecot-core/commits/lmtp-fix-msg-size-limit


I'm seeing some CI issues still and I am waiting on some input from 
someone else.


Regards,

Stephan.

Re: Lmtp issues on dovecot 2.3.x with big messages

2018-04-16 Thread Michael Tratz 
> >> Messages are being sent to dovecot LMTP by postfix. If I change this email
> >> to another server with dovecot 2.2.x the same message are delivered
> >> immediately.
> > Confirmed. Starts to fail here around 30Mb. Tested with Swaks.
> >
> > Working on a fix...
> 
> Problem found. It is an explicit limit of 40Mb (for the 30Mb I saw in my
> tests, there was also a base64 encoding I forgot about).
> 
> Will fix both the unhelpful error and the fact that there should be no
> limit (currently) for LMTP.
> 

Stephan,

I’m having the same issue with LMTP and large messages with dovecot 2.3.x. Can 
you tell me which commit fixes this issue? I looked through the GitHub commits, 
but it’s not clear to me which commit fixes this issue. I’d like to apply the 
patch and re-compile dovecot for my machines instead of having to downgrade to 
2.2.35.

Thanks,

Michael

Re: Lmtp issues on dovecot 2.3.x with big messages

2018-04-04 Thread Stephan Bosch 
Op 4/4/2018 om 11:38 PM schreef Stephan Bosch:
> Op 4/4/2018 om 8:26 PM schreef Ricardo Machini Barbosa:
>> Hello,
>>
>> After update dovecot to version 2.3.x, LMTP stopped to receive big messages
>> ( > 45 MB ).
>> Messages are being sent to dovecot LMTP by postfix. If I change this email
>> to another server with dovecot 2.2.x the same message are delivered
>> immediately.
> Confirmed. Starts to fail here around 30Mb. Tested with Swaks.
>
> Working on a fix...

Problem found. It is an explicit limit of 40Mb (for the 30Mb I saw in my
tests, there was also a base64 encoding I forgot about).

Will fix both the unhelpful error and the fact that there should be no
limit (currently) for LMTP.

Regards,

Stephan.

Re: Lmtp issues on dovecot 2.3.x with big messages

2018-04-04 Thread Stephan Bosch 
Op 4/4/2018 om 8:26 PM schreef Ricardo Machini Barbosa:
> Hello,
>
> After update dovecot to version 2.3.x, LMTP stopped to receive big messages
> ( > 45 MB ).
> Messages are being sent to dovecot LMTP by postfix. If I change this email
> to another server with dovecot 2.2.x the same message are delivered
> immediately.

Confirmed. Starts to fail here around 30Mb. Tested with Swaks.

Working on a fix...

Regards,

Stephan.

Lmtp issues on dovecot 2.3.x with big messages

2018-04-04 Thread Ricardo Machini Barbosa 
Hello,

After update dovecot to version 2.3.x, LMTP stopped to receive big messages
( > 45 MB ).
Messages are being sent to dovecot LMTP by postfix. If I change this email
to another server with dovecot 2.2.x the same message are delivered
immediately.


Log with mail_debug = yes:

Apr  4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: none: root=, index=,
indexpvt=, control=, inbox=, alt=
Apr  4 13:36:13 mailsrv01 dovecot: lmtp(190031): Connect from 10.0.5.3
Apr  4 13:36:13 mailsrv01 dovecot:
lmtp(mailto:mailsr...@dominio.com.br)<190031>:
Debug: Loading modules from directory: /usr/lib64/dovecot
Apr  4 13:36:13 mailsrv01 dovecot:
lmtp(mailto:mailsr...@dominio.com.br)<190031>:
Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so
Apr  4 13:36:13 mailsrv01 dovecot:
lmtp(mailto:mailsr...@dominio.com.br)<190031>:
Debug: Module loaded: /usr/lib64/dovecot/lib20_quota_clone_plugin.so
Apr  4 13:36:13 mailsrv01 dovecot:
lmtp(mailto:mailsr...@dominio.com.br)<190031>:
Debug: Module loaded: /usr/lib64/dovecot/lib90_sieve_plugin.so
Apr  4 13:36:13 mailsrv01 dovecot:
lmtp(mailto:mailsr...@dominio.com.br)<190031>:
Debug: auth USER input: mailto:mailsr...@dominio.com.br
home=/mail/data/dovecot/mailbox/dominio.com.br/m/h4/mailsrv01
quota_rule=*:bytes=53687091200
Apr  4 13:36:13 mailsrv01 dovecot:
lmtp(mailto:mailsr...@dominio.com.br)<190031>:
Debug: Added userdb setting: plugin/quota_rule=*:bytes=53687091200
Apr  4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: Effective uid=1000,
gid=1000, home=/mail/data/dovecot/mailbox/dominio.com.br/m/h4/mailsrv01
Apr  4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: Quota root:
name=User quota backend=count args=
Apr  4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: Quota rule:
root=User quota mailbox=* bytes=53687091200 messages=0
Apr  4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: Quota rule:
root=User quota mailbox=Itens Excluídos bytes=+209715200 messages=0
Apr  4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: Quota warning:
bytes=51002736640 (95%) messages=0 reverse=no command=quota-warning 95
mailto:mailsr...@dominio.com.br
Apr  4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: Quota warning:
bytes=42949672960 (80%) messages=0 reverse=no command=quota-warning 80
mailto:mailsr...@dominio.com.br
Apr  4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: Quota grace:
root=User quota bytes=5368709120 (10%)
Apr  4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: Namespace inbox:
type=private, prefix=, sep=., inbox=yes, hidden=no, list=yes,
subscriptions=yes
location=mdbox:~/mdbox:ALT=/altstorage/mail/data/dovecot/mailbox/dominio.com
.br/m/h4/mailsrv01/mdbox
Apr  4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: fs:
root=/mail/data/dovecot/mailbox/dominio.com.br/m/h4/mailsrv01/mdbox, index=,
indexpvt=, control=, inbox=,
alt=/altstorage/mail/data/dovecot/mailbox/dominio.com.br/m/h4/mailsrv01/mdbo
x
Apr  4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: quota:
quota_over_flag check: quota_over_script unset - skipping
Apr  4 13:36:13 mailsrv01 dovecot: lmtp(190031): Debug: INBOX: Mailbox
opened because: quota count
Apr  4 13:36:14 mailsrv01 dovecot: lmtp(190031): Error: lmtp-server: conn
10.0.5.3:41579 [0]: Connection lost during data transfer:
read(10.0.5.3:41579 [0]) failed: 
Apr  4 13:36:14 mailsrv01 dovecot: lmtp(190031): Disconnect from 10.0.5.3:
Read failure (state = DATA)


Strace on this process (final lines):

190074 read(15,
"4SJuCeSNxH05pyfK+aO5hKKkrPY8n8TeBNH\r\ngvJ5LrV54YxgtG6Blkx0wfTIxWZ4Z1PU9R1a
7hs7YQadaqfMkPIc5wCP8Ko69eXE8GoRSySpCh2g\r\ns/UA8Hn8K6nwrpscXhd5Vupfttw/mqFX
5WTqCD6DvxUSxdTeTM5YSFvdVhmueK/7Mguba8mkmuY/\r\nlAC580Zxn6CuP8GeLrq31oWOhotx
cXzYkVlGVj7n0yMn9Kf4h0LXZ7o393p8U1o5UnbMPnVsDIz2\r\n9R1617R8H/BWl2vhnxDfXUcF
rqYnVYJBuJxySB6ZwPzonKMlZkU4SjscV4puNW1a/nkvWZPscZij\r\nUqR5YI569WP+FeWx+FUs
oY573fCzjIJbdux3OD1r3zWPEVpYmRbyyS6WJljjkcbizsOOnQ8155q3\r\nhnWdVkkQMbKKF1fa
w+6vpj19q3o01y3RhiPi1J9H8KwavaKn2mFFGwGUEEkH3PGOD9K9bvrzwvpk\r\neu29rrs"...,
8192) = 8192
190074 write(8,
"4SJuCeSNxH05pyfK+aO5hKKkrPY8n8TeBNH\r\ngvJ5LrV54YxgtG6Blkx0wfTIxWZ4Z1PU9R1a
7hs7YQadaqfMkPIc5wCP8Ko69eXE8GoRSySpCh2g\r\ns/UA8Hn8K6nwrpscXhd5Vupfttw/mqFX
5WTqCD6DvxUSxdTeTM5YSFvdVhmueK/7Mguba8mkmuY/\r\nlAC580Zxn6CuP8GeLrq31oWOhotx
cXzYkVlGVj7n0yMn9Kf4h0LXZ7o393p8U1o5UnbMPnVsDIz2\r\n9R1617R8H/BWl2vhnxDfXUcF
rqYnVYJBuJxySB6ZwPzonKMlZkU4SjscV4puNW1a/nkvWZPscZij\r\nUqR5YI569WP+FeWx+FUs
oY573fCzjIJbdux3OD1r3zWPEVpYmRbyyS6WJljjkcbizsOOnQ8155q3\r\nhnWdVkkQMbKKF1fa
w+6vpj19q3o01y3RhiPi1J9H8KwavaKn2mFFGwGUEEkH3PGOD9K9bvrzwvpk\r\neu29rrs"...,
8192) = 8192
190074 read(15,
"S5huvLRmJ+YBc8A8nI9/x5cXQxLfNS28t\r\nylCLVmfo3Yx/BdrhLHxbpXgiwexjAiNsEtnuXA
/iJdWCtn5vmPXGK/HZfENnL8atQ8S6d4T0nwwh\r\nvHFz9ohKouSTuj+UdQRjqAcHNey6vH4wjg
fWP+Fl6v8AbpY2juXFskrwRnkg7shznJ5FfPfjX4ly\r\nz29npvibXtE1S+tSFhvmkWM5IIGB/D

Re: Dovecot 2.3 panic

2018-03-29 Thread Aki Tuomi 
Hi!

Can you install debugging symbols and try get core?

A backtrace would help a lot!

https://dovecot.org/bugreport.html

Aki


On 29.03.2018 00:50, Martynas Bendorius wrote:
> Dovecot version: 2.3.1 (happens with 2.3.x too)
> OS: CentOS 7 64-bit
>
> Mar 28 16:29:24 lmtp(30383): Panic: file lib-event.c: line 182 
> (event_pop_global): assertion failed: (event != NULL)
> Mar 28 16:29:24 lmtp(30383): Error: Raw backtrace: 
> /usr/lib/dovecot/libdovecot.so.0(+0xcc7a4) [0x7fac7f5177a4] -> 
> /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7fac7f5177ea] 
> -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fac7f48826b] -> 
> /usr/lib/dovecot/libdovecot.so.0(+0xe8392) [0x7fac7f533392] -> 
> /usr/lib/dovecot/libdovecot-storage.so.0(+0x4ffc8) [0x7fac7f814fc8] -> 
> /usr/lib/dovecot/libdovecot.so.0(io_loop_context_deactivate+0x5d) 
> [0x7fac7f52ec5d] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x85) 
> [0x7fac7f52f055] -> 
> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) 
> [0x7fac7f53092f] -> 
> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7fac7f52f132] 
> -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fac7f52f358] -> 
> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fac7f4ab6e3] -> 
> dovecot/lmtp [local READY](main+0x229) [0x7fac7ff4a319] -> 
> /lib64/libc.so.6(__libc_start_main+0xf5) [0x7fac7f0a9c05] -> dovecot/lmtp 
> [local READY](+0x5445) [0x7fac7ff4a445]
> Mar 28 16:30:03 lmtp(17330): Panic: file lib-event.c: line 182 
> (event_pop_global): assertion failed: (event != NULL)
> Mar 28 16:30:03 lmtp(17330): Error: Raw backtrace: 
> /usr/lib/dovecot/libdovecot.so.0(+0xcc7a4) [0x7f31e1b977a4] -> 
> /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7f31e1b977ea] 
> -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f31e1b0826b] -> 
> /usr/lib/dovecot/libdovecot.so.0(+0xe8392) [0x7f31e1bb3392] -> 
> /usr/lib/dovecot/libdovecot-storage.so.0(+0x4ffc8) [0x7f31e1e94fc8] -> 
> /usr/lib/dovecot/libdovecot.so.0(io_loop_context_deactivate+0x5d) 
> [0x7f31e1baec5d] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x85) 
> [0x7f31e1baf055] -> 
> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) 
> [0x7f31e1bb092f] -> 
> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7f31e1baf132] 
> -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f31e1baf358] -> 
> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f31e1b2b6e3] -> 
> dovecot/lmtp [local READY](main+0x229) [0x7f31e25ca319] -> 
> /lib64/libc.so.6(__libc_start_main+0xf5) [0x7f31e1729c05] -> dovecot/lmtp 
> [local READY](+0x5445) [0x7f31e25ca445]
> Mar 28 16:31:52 lmtp(883): Panic: file lib-event.c: line 182 
> (event_pop_global): assertion failed: (event != NULL)
> Mar 28 16:31:52 lmtp(883): Error: Raw backtrace: 
> /usr/lib/dovecot/libdovecot.so.0(+0xcc7a4) [0x7feb746127a4] -> 
> /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7feb746127ea] 
> -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7feb7458326b] -> 
> /usr/lib/dovecot/libdovecot.so.0(+0xe8392) [0x7feb7462e392] -> 
> /usr/lib/dovecot/libdovecot-storage.so.0(+0x4ffc8) [0x7feb7490ffc8] -> 
> /usr/lib/dovecot/libdovecot.so.0(io_loop_context_deactivate+0x5d) 
> [0x7feb74629c5d] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x85) 
> [0x7feb7462a055] -> 
> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) 
> [0x7feb7462b92f] -> 
> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7feb7462a132] 
> -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7feb7462a358] -> 
> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7feb745a66e3] -> 
> dovecot/lmtp [local READY](main+0x229) [0x7feb75045319] -> 
> /lib64/libc.so.6(__libc_start_main+0xf5) [0x7feb741a4c05] -> dovecot/lmtp 
> [local READY](+0x5445) [0x7feb75045445]
>
> # 2.3.1 (8e2f634): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.1 (d9bc6dfe)
> # OS: Linux 3.10.0-714.10.2.lve1.5.12.el7.x86_64 x86_64 CloudLinux release 
> 7.4 (Georgy Grechko)  
> # Hostname: XXX
> auth_username_chars = 
> abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@&
> auth_verbose = yes
> default_client_limit = 12288
> default_login_user = dovecot
> default_process_limit = 2048
> default_vsz_limit = 512 M
> disable_plaintext_auth = no
> listen = *
> lmtp_rcpt_check_quota = yes
> login_greeting = Dovecot ready.
> mail_access_groups = mail
> mail_location = maildir:~/Maildir
> mail_max_userip_connections = 150
> mail_plugins = " quota"
> maildir_copy_with_hardlinks = no
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character 
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags 
> copy include variables body enotify environment mailbox date index ihave 
> duplicate mime foreverypart extracttext
> passdb {
>   driver = shadow
>   username_filter = !*@*
>

Dovecot 2.3 panic

2018-03-28 Thread Martynas Bendorius 
Dovecot version: 2.3.1 (happens with 2.3.x too)
OS: CentOS 7 64-bit

Mar 28 16:29:24 lmtp(30383): Panic: file lib-event.c: line 182 
(event_pop_global): assertion failed: (event != NULL)
Mar 28 16:29:24 lmtp(30383): Error: Raw backtrace: 
/usr/lib/dovecot/libdovecot.so.0(+0xcc7a4) [0x7fac7f5177a4] -> 
/usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7fac7f5177ea] 
-> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fac7f48826b] -> 
/usr/lib/dovecot/libdovecot.so.0(+0xe8392) [0x7fac7f533392] -> 
/usr/lib/dovecot/libdovecot-storage.so.0(+0x4ffc8) [0x7fac7f814fc8] -> 
/usr/lib/dovecot/libdovecot.so.0(io_loop_context_deactivate+0x5d) 
[0x7fac7f52ec5d] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x85) 
[0x7fac7f52f055] -> 
/usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) 
[0x7fac7f53092f] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) 
[0x7fac7f52f132] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) 
[0x7fac7f52f358] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) 
[0x7fac7f4ab6e3] -> dovecot/lmtp [local READY](main+0x229) [0x7fac7ff4a319] -> 
/lib64/libc.so.6(__libc_start_main+0xf5) [0x7fac7f0a9c05] -> dovecot/lmtp 
[local READY](+0x5445) [0x7fac7ff4a445]
Mar 28 16:30:03 lmtp(17330): Panic: file lib-event.c: line 182 
(event_pop_global): assertion failed: (event != NULL)
Mar 28 16:30:03 lmtp(17330): Error: Raw backtrace: 
/usr/lib/dovecot/libdovecot.so.0(+0xcc7a4) [0x7f31e1b977a4] -> 
/usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7f31e1b977ea] 
-> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f31e1b0826b] -> 
/usr/lib/dovecot/libdovecot.so.0(+0xe8392) [0x7f31e1bb3392] -> 
/usr/lib/dovecot/libdovecot-storage.so.0(+0x4ffc8) [0x7f31e1e94fc8] -> 
/usr/lib/dovecot/libdovecot.so.0(io_loop_context_deactivate+0x5d) 
[0x7f31e1baec5d] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x85) 
[0x7f31e1baf055] -> 
/usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) 
[0x7f31e1bb092f] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) 
[0x7f31e1baf132] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) 
[0x7f31e1baf358] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) 
[0x7f31e1b2b6e3] -> dovecot/lmtp [local READY](main+0x229) [0x7f31e25ca319] -> 
/lib64/libc.so.6(__libc_start_main+0xf5) [0x7f31e1729c05] -> dovecot/lmtp 
[local READY](+0x5445) [0x7f31e25ca445]
Mar 28 16:31:52 lmtp(883): Panic: file lib-event.c: line 182 
(event_pop_global): assertion failed: (event != NULL)
Mar 28 16:31:52 lmtp(883): Error: Raw backtrace: 
/usr/lib/dovecot/libdovecot.so.0(+0xcc7a4) [0x7feb746127a4] -> 
/usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7feb746127ea] 
-> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7feb7458326b] -> 
/usr/lib/dovecot/libdovecot.so.0(+0xe8392) [0x7feb7462e392] -> 
/usr/lib/dovecot/libdovecot-storage.so.0(+0x4ffc8) [0x7feb7490ffc8] -> 
/usr/lib/dovecot/libdovecot.so.0(io_loop_context_deactivate+0x5d) 
[0x7feb74629c5d] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x85) 
[0x7feb7462a055] -> 
/usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) 
[0x7feb7462b92f] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) 
[0x7feb7462a132] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) 
[0x7feb7462a358] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) 
[0x7feb745a66e3] -> dovecot/lmtp [local READY](main+0x229) [0x7feb75045319] -> 
/lib64/libc.so.6(__libc_start_main+0xf5) [0x7feb741a4c05] -> dovecot/lmtp 
[local READY](+0x5445) [0x7feb75045445]

# 2.3.1 (8e2f634): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.1 (d9bc6dfe)
# OS: Linux 3.10.0-714.10.2.lve1.5.12.el7.x86_64 x86_64 CloudLinux release 7.4 
(Georgy Grechko)  
# Hostname: XXX
auth_username_chars = 
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@&
auth_verbose = yes
default_client_limit = 12288
default_login_user = dovecot
default_process_limit = 2048
default_vsz_limit = 512 M
disable_plaintext_auth = no
listen = *
lmtp_rcpt_check_quota = yes
login_greeting = Dovecot ready.
mail_access_groups = mail
mail_location = maildir:~/Maildir
mail_max_userip_connections = 150
mail_plugins = " quota"
maildir_copy_with_hardlinks = no
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date index ihave duplicate 
mime foreverypart extracttext
passdb {
  driver = shadow
  username_filter = !*@*
}
passdb {
  args = username_format=%n /etc/virtual/%d/passwd
  driver = passwd-file
  username_filter = *@*
}
plugin {
  quota = maildir
  sieve = file:~/sieve;active=~/.dovecot.sieve
  sieve_default = /var/lib/dovecot/sieve/default.sieve
  sieve_global = /var/lib/dovecot/sieve/global/
}
protocols = imap pop3 lmtp sieve
service auth {
  user = root
}
service

Re: Bug in dovecot 2.3 virtual plugin

2018-02-07 Thread Jakobus Schürz 

Hi there!

I compiled dovecot from git on 5.2.2018.

The id of the last commit is:

$ git log --format="%H" -n 1
83b1300b96e753206f9226e3738a7ad9f5428a75

From https://github.com/dovecot/core.git


There is a new error,  when i try to open a virtual folder for my archiv 
(almost 30.000 mails) in thunderbird, also in k9-mail on android.


Feb 07 11:09:55 aldebaran dovecot[7455]: 
imap(jakob)<7472>: Panic: Leaked view for index 
/var/lib/dovecot/db/indexes/archiv/jakob/Archiv/2016/Mailinglisten/stvkr-a/dovecot.index: 
Opened in index-storage.c:336
Feb 07 11:09:55 aldebaran dovecot[7455]: 
imap(jakob)<7472>: Error: Raw backtrace: 
/usr/local/lib/dovecot/libdovecot.so.0(+0xc9431) [0x7f6edc3dd431] -> 
/usr/local/lib/dovecot/libdovecot.so.0(+0xc94fa) [0x7f6edc3dd4fa] -> 
/usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f6edc34fbe8] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf44f2) 
[0x7f6edc77b4f2] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_close+0x72) 
[0x7f6edc752d32] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) 
[0x7f6edc6d227a] -> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xa700) [0x7f6ed78e8700] 
-> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_open+0x2b) 
[0x7f6ed78e889b] -> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x12a9) 
[0x7f6ed78eba79] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x51) 
[0x7f6edc6d4781] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) 
[0x7f6edc6d4837] -> dovecot/imap [jakob 92.60.9.18 
select](cmd_select_full+0x17e) [0x55bde8d2a08e] -> dovecot/imap [jakob 
92.60.9.18 select](command_exec+0x64) [0x55bde8d318d4] -> dovecot/imap 
[jakob 92.60.9.18 select](+0x1bd82) [0x55bde8d2fd82] -> dovecot/imap 
[jakob 92.60.9.18 select](+0x1be1c) [0x55bde8d2fe1c] -> dovecot/imap 
[jakob 92.60.9.18 select](client_handle_input+0x1b5) [0x55bde8d30225] -> 
dovecot/imap [jakob 92.60.9.18 select](client_input+0xa4) 
[0x55bde8d30844] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) 
[0x7f6edc3f51c9] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x12e) 
[0x7f6edc3f6a3e] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x4c) 
[0x7f6edc3f52cc] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) 
[0x7f6edc3f54d8] -> 
/usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) 
[0x7f6edc3725d3] -> dovecot/imap [jakob 92.60.9.18 select](main+0x339) 
[0x55bde8d22599] -> 
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xea) [0x7f6edbf7ef2a] 
-> dovecot/imap [jakob 92.60.9.18 select](_start+0x2a) [0x55bde8d2277a]
Feb 07 11:09:55 aldebaran dovecot[7455]: 
imap(jakob)<7472>: Fatal: master: service(imap): child 
7472 killed with signal 6 (core not dumped)
Feb 07 11:09:55 aldebaran dovecot[7455]: imap-login: Login: 
user=, method=CRAM-MD5, rip=1.2.3.4, lip=192.168.0.14, mpid=7474, 
TLS, session=
Feb 07 11:09:56 aldebaran dovecot[7455]: 
imap(jakob)<7474>: Panic: Leaked view for index 
/var/lib/dovecot/db/indexes/archiv/jakob/Archiv/2016/Mailinglisten/stvkr-a/dovecot.index: 
Opened in index-storage.c:336
Feb 07 11:09:56 aldebaran dovecot[7455]: 
imap(jakob)<7474>: Error: Raw backtrace: 
/usr/local/lib/dovecot/libdovecot.so.0(+0xc9431) [0x7fc44d019431] -> 
/usr/local/lib/dovecot/libdovecot.so.0(+0xc94fa) [0x7fc44d0194fa] -> 
/usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fc44cf8bbe8] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf44f2) 
[0x7fc44d3b74f2] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_close+0x72) 
[0x7fc44d38ed32] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) 
[0x7fc44d30e27a] -> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xa700) [0x7fc448524700] 
-> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_open+0x2b) 
[0x7fc44852489b] -> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x12a9) 
[0x7fc448527a79] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x51) 
[0x7fc44d310781] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) 
[0x7fc44d310837] -> dovecot/imap [jakob 92.60.9.18 
select](cmd_select_full+0x17e) [0x55770c32408e] -> dovecot/imap [jakob 
92.60.9.18 select](command_exec+0x64) [0x55770c32b8d4] -> dovecot/imap 
[jakob 92.60.9.18 select](+0x1bd82) [0x55770c329d82] -> dovecot/imap 
[jakob 92.60.9.18 select](+0x1be1c) [0x55770c329e1c] -> dovecot/imap 
[jakob 92.60.9.18 select](client_handle_input+0x1b5) [0x55770c32a225] -> 
dovecot/imap [jakob 92.60.9.18 select](client_input+0xa4) 
[0x55770c32a844] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) 
[0x7fc44d0311c9] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x12e) 
[0x7fc44d032a3e] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x4c) 
[0x7fc44d0312cc] ->

Re: Bug in dovecot 2.3 virtual plugin

2018-02-05 Thread Aki Tuomi 
Yeah, sorry I forgot to report back, it's now fixed in
https://github.com/dovecot/core/commit/5c1837529e6957da3e389683c43bd006859395e5.patch

Aki


On 05.02.2018 14:04, Marco Giunta wrote:
> Hi,
> did you have time to investigate about 'Panic: file unichar.c' bug ?
> Because I have the same problem with a 2.3.0 installation without
> virtual plugin.
>
> Thanks,
>   Marco
>
>
> On 2018-01-03 16:52, Aki Tuomi wrote:
>> This is not a bug in virtual plugin, but in some email which contains
>> invalid unicode sequence somehow. Can you send me a core file? This
>> should not have occured ofc but would be nice to know how it ended up
>> here.
>>
>> Aki
>>
>>> On January 3, 2018 at 5:35 PM Jakobus Schürz
>>> <wertsto...@nurfuerspam.de> wrote:
>>>
>>>
>>> Hi there!
>>>
>>> I compiled dovecot 2.3 from git. Because there is already a bug in
>>> virtual-plugin, and i hoped, it get fixed... but it doesn't. So this
>>> is the error-message from the log
>>>
>>> Jän 03 16:27:08 aldebaran dovecot[26460]:
>>> indexer-worker(jakob)<26476><qQ6g1+BhIJvAqAAO:sjYhMTH2TFpsZwAAk1Mx3g>:
>>> Panic: file unichar.c: line 160 (uni_ucs4_to_utf8_c): assertion
>>> failed: (uni_is_valid_ucs4(chr))
>>> Jän 03 16:27:08 aldebaran dovecot[26460]:
>>> indexer-worker(jakob)<26476><qQ6g1+BhIJvAqAAO:sjYhMTH2TFpsZwAAk1Mx3g>:
>>> Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021)
>>> [0x7f8299f7a021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed)
>>> [0x7f8299f7a0ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0)
>>> [0x7f8299eec481] ->
>>> /usr/local/lib/dovecot/libdovecot.so.0(uni_ucs4_to_utf8_c+0xa0)
>>> [0x7f8299fb1500] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xa75e0)
>>> [0x7f8299f5b5e0] ->
>>> /usr/local/lib/dovecot/libdovecot.so.0(mail_html2text_more+0xc5)
>>> [0x7f8299f5b775] ->
>>> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0xcfcc) [0x7f82990aefcc]
>>> -> /usr/local/lib/dovecot/lib20_fts_plugin.so(fts_parser_more+0x27)
>>> [0x7f82990aeca7] ->
>>> /usr/local/lib/dovecot/lib20_fts_plugin.so(fts_build_mail+0x5e9)
>>> [0x7f82990acc39] ->
>>> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x1122d) [0x7f82990b322d]
>>> -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x916a)
>>> [0x7f82958e316a] ->
>>> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x10f5d) [0x7f82990b2f5d]
>>> -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x916a)
>>> [0x7f82958e316a] ->
>>> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x10f5d) [0x7f82990b2f5d]
>>> -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mail_precache+0x2e)
>>> [0x7f829a2641be] -> dovecot/indexer-worker [jakob
>>> Synoptic/AKTUELL](+0x2533) [0x562227882533] ->
>>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69)
>>> [0x7f8299f91bf9] ->
>>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109)
>>>
>>> [0x7f8299f93499] ->
>>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52)
>>> [0x7f8299f91d02] ->
>>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38)
>>> [0x7f8299f91f18] ->
>>> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13)
>>> [0x7f8299f0f1e3] -> dovecot/indexer-worker [jakob
>>> Synoptic/AKTUELL](main+0xe7) [0x562227881f47] ->
>>> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)
>>> [0x7f8299b352b1] -> dovecot/indexer-worker [jakob
>>> Synoptic/AKTUELL](_start+0x2a) [0x56222788201a]
>>> Jän 03 16:27:08 aldebaran dovecot[26460]: indexer: Error: Indexer
>>> worker disconnected, discarding 1 requests for jakob
>>> Jän 03 16:27:08 aldebaran dovecot[26460]:
>>> imap(jakob)<26472><qQ6g1+BhIJvAqAAO>: Error: indexer failed to index
>>> mailbox Synoptic/AKTUELL
>>> Jän 03 16:27:08 aldebaran dovecot[26460]:
>>> indexer-worker(jakob)<26476><qQ6g1+BhIJvAqAAO:sjYhMTH2TFpsZwAAk1Mx3g>:
>>> Fatal: master: service(indexer-worker): child 26476 killed with signal
>>> 6 (core dumps disabled)
>>> Jän 03 16:27:09 aldebaran dovecot[26460]:
>>> indexer-worker(jakob)<26484><qQ6g1+BhIJvAqAAO:J6mUIEz2TFp0ZwAAk1Mx3g>:
>>> Error: lucene index
>>> /var/lib/dovecot/db/indexes/Maildir/jakob/lucene-indexes:
>>> IndexWriter() failed (#1): Lock obtain timed out
>>> Jän 03 16:27:10 aldebaran dovecot[26

Re: Re: Bug in dovecot 2.3 virtual plugin

2018-02-05 Thread Marco Giunta 

Hi,
did you have time to investigate about 'Panic: file unichar.c' bug ? 
Because I have the same problem with a 2.3.0 installation without 
virtual plugin.


Thanks,
  Marco


On 2018-01-03 16:52, Aki Tuomi wrote:

This is not a bug in virtual plugin, but in some email which contains invalid 
unicode sequence somehow. Can you send me a core file? This should not have 
occured ofc but would be nice to know how it ended up here.

Aki


On January 3, 2018 at 5:35 PM Jakobus Schürz <wertsto...@nurfuerspam.de> wrote:


Hi there!

I compiled dovecot 2.3 from git. Because there is already a bug in
virtual-plugin, and i hoped, it get fixed... but it doesn't. So this
is the error-message from the log

Jän 03 16:27:08 aldebaran dovecot[26460]:
indexer-worker(jakob)<26476><qQ6g1+BhIJvAqAAO:sjYhMTH2TFpsZwAAk1Mx3g>:
Panic: file unichar.c: line 160 (uni_ucs4_to_utf8_c): assertion
failed: (uni_is_valid_ucs4(chr))
Jän 03 16:27:08 aldebaran dovecot[26460]:
indexer-worker(jakob)<26476><qQ6g1+BhIJvAqAAO:sjYhMTH2TFpsZwAAk1Mx3g>:
Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021)
[0x7f8299f7a021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed)
[0x7f8299f7a0ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0)
[0x7f8299eec481] ->
/usr/local/lib/dovecot/libdovecot.so.0(uni_ucs4_to_utf8_c+0xa0)
[0x7f8299fb1500] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xa75e0)
[0x7f8299f5b5e0] ->
/usr/local/lib/dovecot/libdovecot.so.0(mail_html2text_more+0xc5)
[0x7f8299f5b775] ->
/usr/local/lib/dovecot/lib20_fts_plugin.so(+0xcfcc) [0x7f82990aefcc]
-> /usr/local/lib/dovecot/lib20_fts_plugin.so(fts_parser_more+0x27)
[0x7f82990aeca7] ->
/usr/local/lib/dovecot/lib20_fts_plugin.so(fts_build_mail+0x5e9)
[0x7f82990acc39] ->
/usr/local/lib/dovecot/lib20_fts_plugin.so(+0x1122d) [0x7f82990b322d]
-> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x916a)
[0x7f82958e316a] ->
/usr/local/lib/dovecot/lib20_fts_plugin.so(+0x10f5d) [0x7f82990b2f5d]
-> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x916a)
[0x7f82958e316a] ->
/usr/local/lib/dovecot/lib20_fts_plugin.so(+0x10f5d) [0x7f82990b2f5d]
-> /usr/local/lib/dovecot/libdovecot-storage.so.0(mail_precache+0x2e)
[0x7f829a2641be] -> dovecot/indexer-worker [jakob
Synoptic/AKTUELL](+0x2533) [0x562227882533] ->
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69)
[0x7f8299f91bf9] ->
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109)
[0x7f8299f93499] ->
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52)
[0x7f8299f91d02] ->
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38)
[0x7f8299f91f18] ->
/usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13)
[0x7f8299f0f1e3] -> dovecot/indexer-worker [jakob
Synoptic/AKTUELL](main+0xe7) [0x562227881f47] ->
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)
[0x7f8299b352b1] -> dovecot/indexer-worker [jakob
Synoptic/AKTUELL](_start+0x2a) [0x56222788201a]
Jän 03 16:27:08 aldebaran dovecot[26460]: indexer: Error: Indexer
worker disconnected, discarding 1 requests for jakob
Jän 03 16:27:08 aldebaran dovecot[26460]:
imap(jakob)<26472><qQ6g1+BhIJvAqAAO>: Error: indexer failed to index
mailbox Synoptic/AKTUELL
Jän 03 16:27:08 aldebaran dovecot[26460]:
indexer-worker(jakob)<26476><qQ6g1+BhIJvAqAAO:sjYhMTH2TFpsZwAAk1Mx3g>:
Fatal: master: service(indexer-worker): child 26476 killed with signal
6 (core dumps disabled)
Jän 03 16:27:09 aldebaran dovecot[26460]:
indexer-worker(jakob)<26484><qQ6g1+BhIJvAqAAO:J6mUIEz2TFp0ZwAAk1Mx3g>:
Error: lucene index
/var/lib/dovecot/db/indexes/Maildir/jakob/lucene-indexes:
IndexWriter() failed (#1): Lock obtain timed out
Jän 03 16:27:10 aldebaran dovecot[26460]:
indexer-worker(jakob)<26484><qQ6g1+BhIJvAqAAO:J6mUIEz2TFp0ZwAAk1Mx3g>:
Error: Mailbox Synoptic/AKTUELL: Transaction commit failed: BUG:
Unknown internal error (attempted to index 1488 messages (UIDs
15214..16775))
Jän 03 16:27:10 aldebaran dovecot[26460]:
imap(jakob)<26480>: Error: indexer failed to index
mailbox Synoptic/AKTUELL
Jän 03 16:27:11 aldebaran dovecot[26460]:
imap(jakob)<26472><qQ6g1+BhIJvAqAAO>: Panic: file mail-index.c: line
793 (mail_index_close): assertion failed: (index->open_count > 0)
Jän 03 16:27:11 aldebaran dovecot[26460]:
imap(jakob)<26472><qQ6g1+BhIJvAqAAO>: Error: Raw backtrace:
/usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7fb0fbd3a021] ->
/usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7fb0fbd3a0ed] ->
/usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fb0fbcac481] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf39a8)
[0x7fb0fc0d99a8] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd92d1)
[0x7fb0fc0bf2d1] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd9363)
[0x7fb0fc0bf363] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_free+0

Re: Dovecot 2.3 on CentOS 7.

2018-02-01 Thread Voytek Eymont 


On Fri, February 2, 2018 8:58 am, Reio Remma wrote:

> What would be the preferred directory for storing all virtual mail
> without modification to system files?

on my Centos 7 Dovecit 2.2.32, as well as prior versions, I've always used
/var/vmail/vmail1/dom.tld

don't know about 'preferred', but, that works fine for me


-- 
Voytek

Re: Dovecot 2.3 on CentOS 7.

2018-02-01 Thread Kenneth Porter 
--On Thursday, February 01, 2018 11:58 PM +0200 Reio Remma 
 wrote:



What would be the preferred directory for storing all virtual mail
without modification to system files?


I would guess something under /var/lib. If you plan to host multiple 
virtual servers, /srv might be a better place to locate it.

Re: Dovecot 2.3 on CentOS 7.

2018-02-01 Thread Reio Remma 

Thanks for the pointer!

That didn't work though, but what worked was:

[Service]
ReadWriteDirectories=/home/dovecot

What would be the preferred directory for storing all virtual mail 
without modification to system files?


Thanks!
Reio

On 01.02.2018 21:57, Aki Tuomi wrote:

/etc/systemd/system/dovecot.service.d/writable-home.conf

[Service]
ProtectHome=false


maybe this helps?

---
Aki Tuomi
Dovecot oy

 Original message 
From: Reio Remma <r...@mrstuudio.ee>
Date: 01/02/2018 21:44 (GMT+02:00)
To: dovecot@dovecot.org
Subject: Dovecot 2.3 on CentOS 7.

Greetings!

I'm having a bit of trouble trying out Dovecot 2.3 on CentOS 7.

Dovecot 2.2.33 works fine on the same system (same config as well, minus
the SSL changes) but after upgrading to 2.3 I'm getting the following
errors:

Feb  1 21:30:18 localhost dovecot:
imap(r...@bwo.mrstuudio.ee)<3566>: Debug:
INBOX.Templates: Mailbox opened because: STATUS
Feb  1 21:30:18 localhost dovecot: Error:
imap(r...@bwo.mrstuudio.ee)<3566>: open() failed with
file
/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot.index.log:
Read-only file system
Feb  1 21:30:18 localhost dovecot:
imap(r...@bwo.mrstuudio.ee)<3566>: Error:
open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist.lock) 


failed: Read-only file system
Feb  1 21:30:18 localhost dovecot: Error:
imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox
INBOX.Templates:
file_dotlock_create(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) 


failed: Read-only file system
Feb  1 21:30:18 localhost dovecot: Error:
imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox
INBOX.Templates:
open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) 


failed: Read-only file system

So far I've tried running it with SELinux enforce off and giving the
directories 777 permissions to no avail.

Is anyone else running 2.3 on CentOS 7?

Thanks and good luck!
Reio

Re: Dovecot 2.3 on CentOS 7.

2018-02-01 Thread Aki Tuomi 
/etc/systemd/system/dovecot.service.d/writable-home.conf
[Service]ProtectHome=false

maybe this helps?
---Aki TuomiDovecot oy
 Original message From: Reio Remma <r...@mrstuudio.ee> Date: 
01/02/2018  21:44  (GMT+02:00) To: dovecot@dovecot.org Subject: Dovecot 2.3 on 
CentOS 7. 
Greetings!

I'm having a bit of trouble trying out Dovecot 2.3 on CentOS 7.

Dovecot 2.2.33 works fine on the same system (same config as well, minus 
the SSL changes) but after upgrading to 2.3 I'm getting the following 
errors:

Feb  1 21:30:18 localhost dovecot: 
imap(r...@bwo.mrstuudio.ee)<3566>: Debug: 
INBOX.Templates: Mailbox opened because: STATUS
Feb  1 21:30:18 localhost dovecot: Error: 
imap(r...@bwo.mrstuudio.ee)<3566>: open() failed with 
file 
/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot.index.log: 
Read-only file system
Feb  1 21:30:18 localhost dovecot: 
imap(r...@bwo.mrstuudio.ee)<3566>: Error: 
open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist.lock)
 
failed: Read-only file system
Feb  1 21:30:18 localhost dovecot: Error: 
imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox 
INBOX.Templates: 
file_dotlock_create(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist)
 
failed: Read-only file system
Feb  1 21:30:18 localhost dovecot: Error: 
imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox 
INBOX.Templates: 
open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) 
failed: Read-only file system

So far I've tried running it with SELinux enforce off and giving the 
directories 777 permissions to no avail.

Is anyone else running 2.3 on CentOS 7?

Thanks and good luck!
Reio

Dovecot 2.3 on CentOS 7.

2018-02-01 Thread Reio Remma 

Greetings!

I'm having a bit of trouble trying out Dovecot 2.3 on CentOS 7.

Dovecot 2.2.33 works fine on the same system (same config as well, minus 
the SSL changes) but after upgrading to 2.3 I'm getting the following 
errors:


Feb  1 21:30:18 localhost dovecot: 
imap(r...@bwo.mrstuudio.ee)<3566>: Debug: 
INBOX.Templates: Mailbox opened because: STATUS
Feb  1 21:30:18 localhost dovecot: Error: 
imap(r...@bwo.mrstuudio.ee)<3566>: open() failed with 
file 
/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot.index.log: 
Read-only file system
Feb  1 21:30:18 localhost dovecot: 
imap(r...@bwo.mrstuudio.ee)<3566>: Error: 
open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist.lock) 
failed: Read-only file system
Feb  1 21:30:18 localhost dovecot: Error: 
imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox 
INBOX.Templates: 
file_dotlock_create(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) 
failed: Read-only file system
Feb  1 21:30:18 localhost dovecot: Error: 
imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox 
INBOX.Templates: 
open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) 
failed: Read-only file system


So far I've tried running it with SELinux enforce off and giving the 
directories 777 permissions to no avail.


Is anyone else running 2.3 on CentOS 7?

Thanks and good luck!
Reio

Re: Error in virtual mailbox dovecot 2.3-devel maybe in mailcount

2018-02-01 Thread Jakobus Schürz 

Hi!


I didn't hear anything about this issue... the problem still persists 
(last build was 27.1.2018 from git ressources)


Do you need more informations?

jakob


Am 12.01.2018 um 11:04 schrieb Jakobus Schürz:

Hi there!

I splitted my Mailarchiv to an extra namespace. Because i have some 
Problems with the Archiv.


I can open all Folders from Mailarchiv with dovecot. But i want to 
have a "all archives" Mailbox to search in all messages in only one 
virtual mailbox. Trying to open this virtual folder from thunderbird, 
I get in a big archiv this error in logs from dovecot:


Jän 12 10:54:41 aldebaran dovecot[839]: 
imap(jakob)<11302><9ILYQJFipPlcPAkS>: Error: virtual index 
/var/mail/virtual/ARCHIV: Broken mailbox_count header
Jän 12 10:54:41 aldebaran dovecot[839]: 
imap(jakob)<11302><9ILYQJFipPlcPAkS>: Error: virtual index 
/var/mail/virtual/ARCHIV: Broken mailbox_count header
Jän 12 10:54:41 aldebaran dovecot[839]: 
imap(jakob)<11302><9ILYQJFipPlcPAkS>: Panic: Leaked view for index 
/var/lib/dovecot/db/indexes/archiv/jakob/Archiv/2016/Mailinglisten/stvkr-a/dovecot.index: 
Opened in index-storage.c:336
Jän 12 10:54:41 aldebaran dovecot[839]: 
imap(jakob)<11302><9ILYQJFipPlcPAkS>: Error: Raw backtrace: 
/usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f391bf02021] -> 
/usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7f391bf020ed] -> 
/usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f391be74481] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf3942) 
[0x7f391c2a1942] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_close+0x72) 
[0x7f391c278ec2] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) 
[0x7f391c1f8c0a] -> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xa7e0) 
[0x7f39174637e0] -> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_open+0x2b) 
[0x7f391746397b] -> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x1026) 
[0x7f3917466926] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d) 
[0x7f391c1fb05d] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) 
[0x7f391c1fb117] -> dovecot/imap [jakob 92.60.9.18 
select](cmd_select_full+0x171) [0x55759e0911a1] -> dovecot/imap [jakob 
92.60.9.18 select](command_exec+0x64) [0x55759e098ca4] -> dovecot/imap 
[jakob 92.60.9.18 select](+0x1b0b2) [0x55759e0970b2] -> dovecot/imap 
[jakob 92.60.9.18 select](+0x1b13c) [0x55759e09713c] -> dovecot/imap 
[jakob 92.60.9.18 select](client_handle_input+0x1a5) [0x55759e097565] 
-> dovecot/imap [jakob 92.60.9.18 select](client_input+0x82) 
[0x55759e097be2] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) 
[0x7f391bf19c09] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) 
[0x7f391bf1b4a9] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) 
[0x7f391bf19d12] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) 
[0x7f391bf19f28] -> 
/usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) 
[0x7f391be971e3] -> dovecot/imap [jakob 92.60.9.18 select](main+0x328) 
[0x55759e089768] -> 
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) 
[0x7f391babd2b1] -> dovecot/imap [jakob 92.60.9.18 
select](_start+0x2a) [0x55759e08994a]
Jän 12 10:54:41 aldebaran dovecot[839]: 
imap(jakob)<11302><9ILYQJFipPlcPAkS>: Fatal: master: service(imap): 
child 11302 killed with signal 6 (core not dumped)


and if i search the virtual mailbox with doveadm i get almost the same 
error. The "Broken mailbox_count_header" is missing there.


The full amount of emails in archiv is about 28000

# ulimit -n 256000
# doveadm search -u jakob mailbox Real/Archiv all
doveadm(jakob): Panic: Leaked view for index 
/var/lib/dovecot/db/indexes/archiv/jakob/Archiv/2016/Diverses/Standard-foren/dovecot.index: 
Opened in index-storage.c:336
doveadm(jakob): Error: Raw backtrace: 
/usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f8259fe6021] -> 
/usr/local/lib/dovecot/libdovecot.so.0(+0xc6079) [0x7f8259fe6079] -> 
/usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f8259f58481] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf3942) 
[0x7f825a385942] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_close+0x72) 
[0x7f825a35cec2] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) 
[0x7f825a2dcc0a] -> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xa7e0) 
[0x7f82559507e0] -> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_open+0x2b) 
[0x7f825595097b] -> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x1026) 
[0x7f8255953926] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d) 
[0x7f825a2df05d] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) 
[0x7f825a2df117] -> doveadm(doveadm_mail_iter_init+0x94) 
[0x56303334be94] -> doveadm(+0x33715) [0x56303334f715] -> 
doveadm(+0x29a88) [0x563033345a88] ->

Error in virtual mailbox dovecot 2.3-devel maybe in mailcount

2018-01-12 Thread Jakobus Schürz 

Hi there!

I splitted my Mailarchiv to an extra namespace. Because i have some 
Problems with the Archiv.


I can open all Folders from Mailarchiv with dovecot. But i want to have 
a "all archives" Mailbox to search in all messages in only one virtual 
mailbox. Trying to open this virtual folder from thunderbird, I get in a 
big archiv this error in logs from dovecot:


Jän 12 10:54:41 aldebaran dovecot[839]: 
imap(jakob)<11302><9ILYQJFipPlcPAkS>: Error: virtual index 
/var/mail/virtual/ARCHIV: Broken mailbox_count header
Jän 12 10:54:41 aldebaran dovecot[839]: 
imap(jakob)<11302><9ILYQJFipPlcPAkS>: Error: virtual index 
/var/mail/virtual/ARCHIV: Broken mailbox_count header
Jän 12 10:54:41 aldebaran dovecot[839]: 
imap(jakob)<11302><9ILYQJFipPlcPAkS>: Panic: Leaked view for index 
/var/lib/dovecot/db/indexes/archiv/jakob/Archiv/2016/Mailinglisten/stvkr-a/dovecot.index: 
Opened in index-storage.c:336
Jän 12 10:54:41 aldebaran dovecot[839]: 
imap(jakob)<11302><9ILYQJFipPlcPAkS>: Error: Raw backtrace: 
/usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f391bf02021] -> 
/usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7f391bf020ed] -> 
/usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f391be74481] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf3942) 
[0x7f391c2a1942] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_close+0x72) 
[0x7f391c278ec2] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) 
[0x7f391c1f8c0a] -> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xa7e0) [0x7f39174637e0] 
-> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_open+0x2b) 
[0x7f391746397b] -> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x1026) 
[0x7f3917466926] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d) 
[0x7f391c1fb05d] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) 
[0x7f391c1fb117] -> dovecot/imap [jakob 92.60.9.18 
select](cmd_select_full+0x171) [0x55759e0911a1] -> dovecot/imap [jakob 
92.60.9.18 select](command_exec+0x64) [0x55759e098ca4] -> dovecot/imap 
[jakob 92.60.9.18 select](+0x1b0b2) [0x55759e0970b2] -> dovecot/imap 
[jakob 92.60.9.18 select](+0x1b13c) [0x55759e09713c] -> dovecot/imap 
[jakob 92.60.9.18 select](client_handle_input+0x1a5) [0x55759e097565] -> 
dovecot/imap [jakob 92.60.9.18 select](client_input+0x82) 
[0x55759e097be2] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) 
[0x7f391bf19c09] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) 
[0x7f391bf1b4a9] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) 
[0x7f391bf19d12] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) 
[0x7f391bf19f28] -> 
/usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) 
[0x7f391be971e3] -> dovecot/imap [jakob 92.60.9.18 select](main+0x328) 
[0x55759e089768] -> 
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f391babd2b1] 
-> dovecot/imap [jakob 92.60.9.18 select](_start+0x2a) [0x55759e08994a]
Jän 12 10:54:41 aldebaran dovecot[839]: 
imap(jakob)<11302><9ILYQJFipPlcPAkS>: Fatal: master: service(imap): 
child 11302 killed with signal 6 (core not dumped)


and if i search the virtual mailbox with doveadm i get almost the same 
error. The "Broken mailbox_count_header" is missing there.


The full amount of emails in archiv is about 28000

# ulimit -n 256000
# doveadm search -u jakob mailbox Real/Archiv all
doveadm(jakob): Panic: Leaked view for index 
/var/lib/dovecot/db/indexes/archiv/jakob/Archiv/2016/Diverses/Standard-foren/dovecot.index: 
Opened in index-storage.c:336
doveadm(jakob): Error: Raw backtrace: 
/usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f8259fe6021] -> 
/usr/local/lib/dovecot/libdovecot.so.0(+0xc6079) [0x7f8259fe6079] -> 
/usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f8259f58481] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf3942) 
[0x7f825a385942] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_close+0x72) 
[0x7f825a35cec2] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) 
[0x7f825a2dcc0a] -> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xa7e0) [0x7f82559507e0] 
-> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_open+0x2b) 
[0x7f825595097b] -> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x1026) 
[0x7f8255953926] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d) 
[0x7f825a2df05d] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) 
[0x7f825a2df117] -> doveadm(doveadm_mail_iter_init+0x94) 
[0x56303334be94] -> doveadm(+0x33715) [0x56303334f715] -> 
doveadm(+0x29a88) [0x563033345a88] -> doveadm(+0x2a702) [0x563033346702] 
-> doveadm(doveadm_cmd_ver2_to_mail_cmd_wrapper+0x230) [0x563033347570] 
-> doveadm(doveadm_cmd_run_ver2+0x575) [0x563033357155] -> 
doveadm(doveadm_cmd_try_run_ver2+0x37)

Re: Bug in dovecot 2.3 virtual plugin

2018-01-10 Thread Jakob Schürz 
Hi!

Now an error is back. I didn't change my configuration and get now this
error, whily i try to refresh my thunderbird. I think it happens in a
virtual folder again.


Jän 11 01:29:19 aldebaran dovecot[11597]: imap-login: Login:
user=, method=CRAM-MD5, rip=127.0.0.1, lip=127.0.0.1, mpid=5008,
TLS, session=<+MAgPXVisrx/AAAB>
Jän 11 01:29:22 aldebaran dovecot[11597]:
imap(jakob)<5008><+MAgPXVisrx/AAAB>: Panic: file mail-index.c: line 793
(mail_index_close): assertion failed: (index->open_count > 0)
Jän 11 01:29:22 aldebaran dovecot[11597]:
imap(jakob)<5008><+MAgPXVisrx/AAAB>: Error: Raw backtrace:
/usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7fd17fbb9021] ->
/usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7fd17fbb90ed] ->
/usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fd17fb2b481] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf39a8)
[0x7fd17ff589a8] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd92d1)
[0x7fd17ff3e2d1] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd9363)
[0x7fd17ff3e363] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_free+0x9)
[0x7fd17ff2ff39] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd05a4)
[0x7fd17ff355a4] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_free+0x19)
[0x7fd17feafc99] ->
/usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xabdc) [0x7fd17b11abdc]
-> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xacb9)
[0x7fd17b11acb9] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a)
[0x7fd17feafc0a] ->
/usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xac60) [0x7fd17b11ac60]
-> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xacb9)
[0x7fd17b11acb9] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a)
[0x7fd17feafc0a] ->
/usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xac60) [0x7fd17b11ac60]
-> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xacb9)
[0x7fd17b11acb9] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a)
[0x7fd17feafc0a] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_free+0x13)
[0x7fd17feafc93] -> dovecot/imap [jakob 127.0.0.1
select](imap_client_close_mailbox+0x5b) [0x5633bdd9905b] -> dovecot/imap
[jakob 127.0.0.1 select](+0x14f03) [0x5633bdd90f03] -> dovecot/imap
[jakob 127.0.0.1 select](cmd_select_full+0xf9) [0x5633bdd91129] ->
dovecot/imap [jakob 127.0.0.1 select](command_exec+0x64)
[0x5633bdd98ca4] -> dovecot/imap [jakob 127.0.0.1 select](+0x1b0b2)
[0x5633bdd970b2] -> dovecot/imap [jakob 127.0.0.1 select](+0x1b13c)
[0x5633bdd9713c] -> dovecot/imap [jakob 127.0.0.1
select](client_handle_input+0x1a5) [0x5633bdd97565] -> dovecot/imap
[jakob 127.0.0.1 select](client_input+0x82) [0x5633bdd97be2] ->
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69)
[0x7fd17fbd0c09]
Jän 11 01:29:22 aldebaran dovecot[11597]:
imap(jakob)<5008><+MAgPXVisrx/AAAB>: Fatal: master: service(imap): child
5008 killed with signal 6 (core not dumped)


Am 2018-01-05 um 10:25 schrieb Aki Tuomi:
> This is a different bug, and I suspect it might be caused by virtual
> plugin. We'll look into it.
> 
> Aki
> 
> On 04.01.2018 23:41, Jakob Schürz wrote:
>> Hi!
>>
>> This is very strange...
>> This error affects only one mailaccount, and it happend not yesterday.
>> The file
>>
>> /var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index
>>
>> which hat "Panic: Leaked view for index" does not exist. only
>> dovecot.index.log and .cache exists in this mailbox. (which is normal
>> for small mailboxes, i've read). But why is dovecot throwing an error?
>>
>> And i could find out, this is only, when i try to open a virtual folder.
>>
>> I switched back to older self-compiled dovecot-versions... but the error
>> exists also there (but not before the update!!!)
>>
>> I also deleted all the dovecot.index-files, dovecot.index.log and
>> dovecot.index.cache-files to let rebuild dovecot the index again... the
>> error persists.
>>
>> Is it a misconfiguration?
>>
>> So i tried to build for the virtual-Mailboxes the Index in memory... the
>> error persists and dovecot wants to read this index-file.
>>
>> My virtual folders not working any longer (on this account only!)
>>
>> For debug purpose i deleted all the emails in this mailbox, the error
>> dissapered on this folder, but comes back in the next folder.
>>
>> could this be a problem with ulimit?
>>
>> greez
>> jakob
>>
>> Am 2018-01-04 um 11:07 schrieb Jakobus Schürz:
>>> Hi!
>>>
>>> Is this a bug according to the other one?
>>>
>>> When i try to open a real or virtual mailbox, i often (not on every
>>> mailbox) get this error-message:
>>>
>>> Jän 04 11:03:32 aldebaran dovecot[24534]:
>>> imap(jakob)<24705>: Panic: Leaked view for index
>>> /var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index: Opened in
>>> index-storage.c:336
>>> Jän 04 11:03:32 aldebaran dovecot[24534]:
>>> imap(jakob)<24705>: Error: Raw backtrace:
>>> /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f47d5872021] ->
>>>

Re: Bug in dovecot 2.3 virtual plugin

2018-01-05 Thread Jakob Schürz 

So hello back again!


Am 05.01.2018 um 14:31 schrieb Jakobus Schürz:



Am 05.01.2018 um 10:25 schrieb Aki Tuomi:

This is a different bug, and I suspect it might be caused by virtual
plugin. We'll look into it.

Aki






It was a problem with selfhealing the index...
I deleted all my emails and mailboxes and rebuild the tree of mailboxes 
again with doveadm.
Then i put back email for email from the cur-folders from backup to the 
new-folders in the rebuild mailboxes. From the filename i cut of the 
part with hostname and size and flags.


The archive now is in a separate namespace, because there are really a 
lot of emails in.


Now it works great again (exept one error, i posted before)

Maybe you can find something to improve dovecot in selfhealing broken index.

Thanks for the great work on this server!

jakob

Re: Bug in dovecot 2.3 virtual plugin

2018-01-05 Thread Jakobus Schürz 

Good morning!

I did more research on this error.
The virtual mailboxes are working in two other accounts. The big 
difference to my account is, i have a lot (sub)mailboxes (about 430) and 
a lot emails in my account. The other accounts only have a few emails 
and mailboxes (5 or 6 standard, inbox, trash, templates...)


So i moved all my mailboxes to another place  and left there only a few. 
The virtual mailbox is working.

Then i put back some mailboxes, it is working.
Then i put back the next and the next and tried if the virtual mailbox 
is reachable. it was working, and after i put back more then a half of 
my mailboxes, the error occured again.

dovecot says:

Panic: Leaked view for index 
/var/lib/dovecot/db/indexes/Maildir/jakob/TU-Wien/dovecot.index: Opened 
in index-storage.c:336


The missing dovecot.indes file is now another. But it is on every 
error-message the same missing indes-file.


Deleting the according mailbox, it gets another missing index-file. And 
the every error-message stays on the next indes-file...


It looks to me, it'S a question about too many mailboxes, then an 
internal index gets broken and can't rebuild on the every same point 
(mailbox). This is just an idea, but i don't know how dovecot really 
works...


I do not understand, why it worked till yesterday. And why it breaked on 
deleting not used debian-packages... (maybe this is not the reason)


I removed all my virtual mailboxes from config


Am 04.01.2018 um 22:41 schrieb Jakob Schürz:

Hi!

This is very strange...
This error affects only one mailaccount, and it happend not yesterday.
The file

/var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index

which hat "Panic: Leaked view for index" does not exist. only
dovecot.index.log and .cache exists in this mailbox. (which is normal
for small mailboxes, i've read). But why is dovecot throwing an error?

And i could find out, this is only, when i try to open a virtual folder.

I switched back to older self-compiled dovecot-versions... but the error
exists also there (but not before the update!!!)

I also deleted all the dovecot.index-files, dovecot.index.log and
dovecot.index.cache-files to let rebuild dovecot the index again... the
error persists.

Is it a misconfiguration?

So i tried to build for the virtual-Mailboxes the Index in memory... the
error persists and dovecot wants to read this index-file.

My virtual folders not working any longer (on this account only!)

For debug purpose i deleted all the emails in this mailbox, the error
dissapered on this folder, but comes back in the next folder.

could this be a problem with ulimit?

greez
jakob

Am 2018-01-04 um 11:07 schrieb Jakobus Schürz:

Hi!

Is this a bug according to the other one?

When i try to open a real or virtual mailbox, i often (not on every
mailbox) get this error-message:

Jän 04 11:03:32 aldebaran dovecot[24534]:
imap(jakob)<24705>: Panic: Leaked view for index
/var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index: Opened in
index-storage.c:336
Jän 04 11:03:32 aldebaran dovecot[24534]:
imap(jakob)<24705>: Error: Raw backtrace:
/usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f47d5872021] ->
/usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7f47d58720ed] ->
/usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f47d57e4481] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf3942)
[0x7f47d5c11942] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_close+0x72)
[0x7f47d5be8ec2] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a)
[0x7f47d5b68c0a] ->
/usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xa7e0) [0x7f47d0dd37e0]
->
/usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_open+0x2b)
[0x7f47d0dd397b] ->
/usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x1026)
[0x7f47d0dd6926] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d)
[0x7f47d5b6b05d] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37)
[0x7f47d5b6b117] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_get_status+0x31)
[0x7f47d5be7781] ->
/usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x9b3d) [0x7f47d0dd2b3d]
-> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xaded1)
[0x7f47d5bcbed1] -> /usr/local/lib/dovecot/lib01_acl_plugin.so(+0xe975)
[0x7f47d5001975] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_get_status+0x31)
[0x7f47d5b6b4b1] ->
/usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x114d)
[0x7f47d0dd6a4d] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d)
[0x7f47d5b6b05d] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37)
[0x7f47d5b6b117] -> dovecot/imap [jakob 192.168.0.14
EXAMINE](cmd_select_full+0x171) [0x555d195a91a1] -> dovecot/imap [jakob
192.168.0.14 EXAMINE](command_exec+0x64) [0x555d195b0ca4] ->
dovecot/imap [jakob 192.168.0.14 EXAMINE](+0x1b0b2) [0x555d195af0b2] ->
dovecot/imap [jakob 192.168.0.14

Re: Dovecot 2.3 - using doveadm as non-root?

2018-01-05 Thread Rob Hoelz 
On Wed, 3 Jan 2018 13:37:07 -0500
Timo Sirainen  wrote:

> On 3 Jan 2018, at 11.38, Rob Hoelz  wrote:
> > 
> > Hi dovecot developers and users,
> > 
> > I recently upgraded my server running Arch Linux to dovecot 2.3.0,
> > and I noticed some of my cron jobs started issuing me error
> > messages.  These cron jobs run as a non-root user associated with
> > my mail account, and they use doveadm to tidy things up (ex.
> > purging the trash, moving old mail in certain folders into the
> > trash).  The error message is:
> > 
> >> Error: net_connect_unix(/var/run/dovecot/stats-writer) failed:
> >> Permission denied
> > 
> > I assume this is doveadm trying to participate in the new 2.3 stats
> > process, and after reading the code a bit, I can't see way to tell
> > doveadm to not connect to the stats writer.  The socket is owned by
> > root with 600 permissions.
> > 
> > What would be the right way to remedy this?  AFAICT, I could
> > potentially run doveadm as root (which I would prefer to avoid), or
> > I could change the permissions on the stats writer socket, but I
> > would hate to introduce any sort of security vulnerability by doing
> > so.  I currently have a scrappy Perl script that just runs doveadm
> > and filters out the error message (it doesn't seem to affect the
> > behavior of doveadm other than the message), but that feels dirty
> > and I would prefer a cleaner solution.  Any advice?
> 
> I was wondering what to do about this while developing it. I think
> you can disable this by clearing out the socket path:
> 
> doveadm -o stats_writer_socket_path=
> 
> But .. I think the changing the socket permissions is the better
> solution. The new stats process should know about everything that is
> going on in the system, and these doveadm calls are part of that. So
> if they're excluded then the stats aren't exactly correct. The
> stats-writer can't do all that much harm other than messing up the
> statistics or probably crashing stats process by using up all of its
> memory.
> 

Thanks for the advice, Timo - I went ahead and applied the permission change to 
my dovecot config.  On a side note, thanks for dovecot in general - it's a 
great piece of software!

-Rob

Re: Bug in dovecot 2.3 virtual plugin

2018-01-05 Thread Jakob Schürz 



Am 05.01.2018 um 10:25 schrieb Aki Tuomi:

This is a different bug, and I suspect it might be caused by virtual
plugin. We'll look into it.

Aki


Ok!
So the subject for this bug is (now) correct...

I found out, that the count of mailboxes is not the problem. But the 
count of emails!!

So i deletet all my mailboxes an created them new with doveadm.
430 empty mailboxes existed then. No problem with my virtual boxes.
Then i restored my emails mailbox for mailbox from backup.
After each restored mailbox i tested the virtual mailboxes.

It worked with 15482 emails.
Then i restored a larger one.  The total amount of emails was then 
16843, and the virtual mailbox crashed like before.

Then i deleted the emails from the box... all is working.
I added them again, deletet 200, all is working.
deleted all of them again and added them again... so they are again 
16844 (one email arrived in another mailbox), all is working. :-/


Put more and more emails to my mailboxes... checking every time if 
virtual mailboxes are working, so i get a new error:


Jän 05 14:28:18 aldebaran dovecot[17022]: 
imap(jakob)<5117>: Panic: file mail-index.c: line 793 
(mail_index_close): assertion failed: (index->open_count > 0)
Jän 05 14:28:18 aldebaran dovecot[17022]: 
imap(jakob)<5117>: Error: Raw backtrace: 
/usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f419fecd021] -> 
/usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7f419fecd0ed] -> 
/usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f419fe3f481] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf39a8) 
[0x7f41a026c9a8] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd92d1) 
[0x7f41a02522d1] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd9363) 
[0x7f41a0252363] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_free+0x9) 
[0x7f41a0243f39] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd05a4) 
[0x7f41a02495a4] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_free+0x19) 
[0x7f41a01c3c99] -> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xabdc) [0x7f419b42ebdc] 
-> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xacb9) 
[0x7f419b42ecb9] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) 
[0x7f41a01c3c0a] -> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xac60) [0x7f419b42ec60] 
-> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xacb9) 
[0x7f419b42ecb9] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) 
[0x7f41a01c3c0a] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_free+0x13) 
[0x7f41a01c3c93] -> dovecot/imap [jakob 92.60.9.18 
select](imap_client_close_mailbox+0x5b) [0x564c2088205b] -> dovecot/imap 
[jakob 92.60.9.18 select](+0x14f03) [0x564c20879f03] -> dovecot/imap 
[jakob 92.60.9.18 select](cmd_select_full+0xf9) [0x564c2087a129] -> 
dovecot/imap [jakob 92.60.9.18 select](command_exec+0x64) 
[0x564c20881ca4] -> dovecot/imap [jakob 92.60.9.18 select](+0x1b0b2) 
[0x564c208800b2] -> dovecot/imap [jakob 92.60.9.18 select](+0x1b13c) 
[0x564c2088013c] -> dovecot/imap [jakob 92.60.9.18 
select](client_handle_input+0x1a5) [0x564c20880565] -> dovecot/imap 
[jakob 92.60.9.18 select](client_input+0x82) [0x564c20880be2] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) 
[0x7f419fee4c09] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) 
[0x7f419fee64a9] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) 
[0x7f419fee4d12] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f419fee4f28]
Jän 05 14:28:18 aldebaran dovecot[17022]: 
imap(jakob)<5117>: Fatal: master: service(imap): child 
5117 killed with signal 6 (core not dumped)




Do you need some configs and deeper descriptions from me?

I have two namespaces with virtual mailboxes:
The first "Real" is normally hidden. It's not hidden now for debug-purpose.

namespace Real {
  hidden = no
  ignore_on_failure = yes
  list = children
  location = 
virtual:/var/mail/real:INDEX=/var/lib/dovecot/db/indexes/real/%u

  prefix = Real/
  separator = /
  subscriptions = no
}

namespace Synoptic {
  hidden = no
  ignore_on_failure = yes
  list = children
  location = 
virtual:/var/mail/virtual:INDEX=/var/lib/dovecot/db/indexes/virtual/%u

  mailbox INBOX/Archives {
    auto = no
    special_use = \Archive
  }
  mailbox INBOX/Drafts {
    auto = no
    special_use = \Drafts
  }
  mailbox INBOX/Entwürfe {
    auto = no
    special_use = \Drafts
  }
  mailbox INBOX/Junk {
    auto = no
    special_use = \Junk
  }
  mailbox INBOX/Sent {
    auto = no
    special_use = \Sent
  }
  mailbox INBOX/Spam {
    auto = no
    special_use = \Junk
  }
  prefix = Synoptic/
  separator = /
  subscriptions = no
}

The "Real" namespace is to get a first filter for emails for all, the 
last 1, 2 and 3 years:


Here is the virtual-mailbox-definition:

/var/mail/real: # tree
.
├── Alle
│   └── dovecot-virtual
├── dovecot-acl-list
├── dreijahr
│   └── dovecot-virtual

Re: Bug in dovecot 2.3 virtual plugin

2018-01-05 Thread Aki Tuomi 
Does it always happen with 2.2 and 2.3? I was not immediately able to
reproduce your problem.

Aki


On 05.01.2018 12:26, Jakobus Schürz wrote:
> Ok!
> So the subject for this bug is correct...
>
> Do you need some configs and deeper descriptions from me?
>
> I have two namespaces with virtual mailboxes:
> The first "Real" is normally hidden. It's not hidden now for
> debug-purpose.
>
> namespace Real {
>   hidden = no
>   ignore_on_failure = yes
>   list = children
>   location =
> virtual:/var/mail/real:INDEX=/var/lib/dovecot/db/indexes/real/%u
>   prefix = Real/
>   separator = /
>   subscriptions = no
> }
>
> namespace Synoptic {
>   hidden = no
>   ignore_on_failure = yes
>   list = children
>   location =
> virtual:/var/mail/virtual:INDEX=/var/lib/dovecot/db/indexes/virtual/%u
>   mailbox INBOX/Archives {
>     auto = no
>     special_use = \Archive
>   }
>   mailbox INBOX/Drafts {
>     auto = no
>     special_use = \Drafts
>   }
>   mailbox INBOX/Entwürfe {
>     auto = no
>     special_use = \Drafts
>   }
>   mailbox INBOX/Junk {
>     auto = no
>     special_use = \Junk
>   }
>   mailbox INBOX/Sent {
>     auto = no
>     special_use = \Sent
>   }
>   mailbox INBOX/Spam {
>     auto = no
>     special_use = \Junk
>   }
>   prefix = Synoptic/
>   separator = /
>   subscriptions = no
> }
>
> The "Real" namespace is to get a first filter for emails for all, the
> last 1, 2 and 3 years:
>
> Here is the virtual-mailbox-definition:
>
> /var/mail/real: # tree
> .
> ├── Alle
> │   └── dovecot-virtual
> ├── dovecot-acl-list
> ├── dreijahr
> │   └── dovecot-virtual
> ├── einjahr
> │   └── dovecot-virtual
> └── zweijahr
>     └── dovecot-virtual
>
> and the index-files
> /var/lib/dovecot/db/indexes: # tree real/
> real/
> └── jakob
>     ├── Alle
>     │   └── dovecot.index.log
>     ├── dovecot.list.index.log
>     ├── dreijahr
>     │   └── dovecot.index.log
>     ├── einjahr
>     │   └── dovecot.index.log
>     └── zweijahr
>     └── dovecot.index.log
>
>
> /var/mail/real: # cat Alle/dovecot-virtual
> !INBOX
> INBOX/*
> -INBOX/Trash
> -INBOX/Trash/*
> -INBOX/Archives
> -INBOX/Archives/*
> -INBOX/Drafts
> -INBOX/Drafts/*
> -INBOX/Junk
> -INBOX/Junk/*
> -INBOX/SYSTEM
> -INBOX/SYSTEM/*
>  all
>
> /var/mail/real: # cat einjahr/dovecot-virtual
> Real/Alle
>  all younger 31536000
>
> And the namespace Synoptic is the one, i can subscribe. It has as
> Background the "Real"-namespace:
>
> /var/mail/virtual: # tree
> .
> ├── AKTUELL
> │   └── dovecot-virtual
> ├── Archives
> │   └── dovecot-virtual
> ├── dovecot-acl-list
> ├── Drafts
> │   └── dovecot-virtual
> ├── GINBOX
> │   └── dovecot-virtual
> ├── Markierte
> │   └── dovecot-virtual
> ├── Neue
> │   └── dovecot-virtual
> ├── Sent
> │   └── dovecot-virtual
> ├── Trash
> │   └── dovecot-virtual
> ├── Ungelesene
> │   └── dovecot-virtual
> └── WICHTIG
>     └── dovecot-virtual
>
> /var/mail/virtual: # cat AKTUELL/dovecot-virtual
> Real/einjahr
>  inthread refs younger 2592000
>
> /var/mail/virtual: # cat Markierte/dovecot-virtual
> Real/Alle
>  flagged
>
> The error only appears in a Mailbox from one of this two namespaces.
> Every other mailboxes (public, private, shared) are working correct.
> When i try to open a mailbox from one of this two namespaces, the
> error below (Panic: Leaked view for index) is throwen
>
> jakob
>
>
> Am 05.01.2018 um 10:25 schrieb Aki Tuomi:
>> This is a different bug, and I suspect it might be caused by virtual
>> plugin. We'll look into it.
>>
>> Aki
>>
>> On 04.01.2018 23:41, Jakob Schürz wrote:
>>> Hi!
>>>
>>> This is very strange...
>>> This error affects only one mailaccount, and it happend not yesterday.
>>> The file
>>>
>>> /var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index
>>>
>>> which hat "Panic: Leaked view for index" does not exist. only
>>> dovecot.index.log and .cache exists in this mailbox. (which is normal
>>> for small mailboxes, i've read). But why is dovecot throwing an error?
>>>
>>> And i could find out, this is only, when i try to open a virtual
>>> folder.
>>>
>>> I switched back to older self-compiled dovecot-versions... but the
>>> error
>>> exists also there (but not before the update!!!)
>>>
>>> I also deleted all the dovecot.index-files, dovecot.index.log and
>>> dovecot.index.cache-files to let rebuild dovecot the index again... the
>>> error persists.
>>>
>>> Is it a misconfiguration?
>>>
>>> So i tried to build for the virtual-Mailboxes the Index in memory...
>>> the
>>> error persists and dovecot wants to read this index-file.
>>>
>>> My virtual folders not working any longer (on this account only!)
>>>
>>> For debug purpose i deleted all the emails in this mailbox, the error
>>> dissapered on this folder, but comes back in the next folder.
>>>
>>> could this be a problem with ulimit?
>>>
>>> greez
>>> jakob
>>>
>>> Am 2018-01-04 um 11:07 schrieb Jakobus Schürz:
 Hi!

 Is this a bug according to the other one?

 When i try to open a real or virtual mailbox, i

Re: Bug in dovecot 2.3 virtual plugin

2018-01-05 Thread Jakobus Schürz 

Ok!
So the subject for this bug is correct...

Do you need some configs and deeper descriptions from me?

I have two namespaces with virtual mailboxes:
The first "Real" is normally hidden. It's not hidden now for debug-purpose.

namespace Real {
  hidden = no
  ignore_on_failure = yes
  list = children
  location = 
virtual:/var/mail/real:INDEX=/var/lib/dovecot/db/indexes/real/%u

  prefix = Real/
  separator = /
  subscriptions = no
}

namespace Synoptic {
  hidden = no
  ignore_on_failure = yes
  list = children
  location = 
virtual:/var/mail/virtual:INDEX=/var/lib/dovecot/db/indexes/virtual/%u

  mailbox INBOX/Archives {
auto = no
special_use = \Archive
  }
  mailbox INBOX/Drafts {
auto = no
special_use = \Drafts
  }
  mailbox INBOX/Entwürfe {
auto = no
special_use = \Drafts
  }
  mailbox INBOX/Junk {
auto = no
special_use = \Junk
  }
  mailbox INBOX/Sent {
auto = no
special_use = \Sent
  }
  mailbox INBOX/Spam {
auto = no
special_use = \Junk
  }
  prefix = Synoptic/
  separator = /
  subscriptions = no
}

The "Real" namespace is to get a first filter for emails for all, the 
last 1, 2 and 3 years:


Here is the virtual-mailbox-definition:

/var/mail/real: # tree
.
├── Alle
│   └── dovecot-virtual
├── dovecot-acl-list
├── dreijahr
│   └── dovecot-virtual
├── einjahr
│   └── dovecot-virtual
└── zweijahr
└── dovecot-virtual

and the index-files
/var/lib/dovecot/db/indexes: # tree real/
real/
└── jakob
├── Alle
│   └── dovecot.index.log
├── dovecot.list.index.log
├── dreijahr
│   └── dovecot.index.log
├── einjahr
│   └── dovecot.index.log
└── zweijahr
└── dovecot.index.log


/var/mail/real: # cat Alle/dovecot-virtual
!INBOX
INBOX/*
-INBOX/Trash
-INBOX/Trash/*
-INBOX/Archives
-INBOX/Archives/*
-INBOX/Drafts
-INBOX/Drafts/*
-INBOX/Junk
-INBOX/Junk/*
-INBOX/SYSTEM
-INBOX/SYSTEM/*
 all

/var/mail/real: # cat einjahr/dovecot-virtual
Real/Alle
 all younger 31536000

And the namespace Synoptic is the one, i can subscribe. It has as 
Background the "Real"-namespace:


/var/mail/virtual: # tree
.
├── AKTUELL
│   └── dovecot-virtual
├── Archives
│   └── dovecot-virtual
├── dovecot-acl-list
├── Drafts
│   └── dovecot-virtual
├── GINBOX
│   └── dovecot-virtual
├── Markierte
│   └── dovecot-virtual
├── Neue
│   └── dovecot-virtual
├── Sent
│   └── dovecot-virtual
├── Trash
│   └── dovecot-virtual
├── Ungelesene
│   └── dovecot-virtual
└── WICHTIG
└── dovecot-virtual

/var/mail/virtual: # cat AKTUELL/dovecot-virtual
Real/einjahr
 inthread refs younger 2592000

/var/mail/virtual: # cat Markierte/dovecot-virtual
Real/Alle
 flagged

The error only appears in a Mailbox from one of this two namespaces. 
Every other mailboxes (public, private, shared) are working correct.
When i try to open a mailbox from one of this two namespaces, the error 
below (Panic: Leaked view for index) is throwen


jakob


Am 05.01.2018 um 10:25 schrieb Aki Tuomi:

This is a different bug, and I suspect it might be caused by virtual
plugin. We'll look into it.

Aki

On 04.01.2018 23:41, Jakob Schürz wrote:

Hi!

This is very strange...
This error affects only one mailaccount, and it happend not yesterday.
The file

/var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index

which hat "Panic: Leaked view for index" does not exist. only
dovecot.index.log and .cache exists in this mailbox. (which is normal
for small mailboxes, i've read). But why is dovecot throwing an error?

And i could find out, this is only, when i try to open a virtual folder.

I switched back to older self-compiled dovecot-versions... but the error
exists also there (but not before the update!!!)

I also deleted all the dovecot.index-files, dovecot.index.log and
dovecot.index.cache-files to let rebuild dovecot the index again... the
error persists.

Is it a misconfiguration?

So i tried to build for the virtual-Mailboxes the Index in memory... the
error persists and dovecot wants to read this index-file.

My virtual folders not working any longer (on this account only!)

For debug purpose i deleted all the emails in this mailbox, the error
dissapered on this folder, but comes back in the next folder.

could this be a problem with ulimit?

greez
jakob

Am 2018-01-04 um 11:07 schrieb Jakobus Schürz:

Hi!

Is this a bug according to the other one?

When i try to open a real or virtual mailbox, i often (not on every
mailbox) get this error-message:

Jän 04 11:03:32 aldebaran dovecot[24534]:
imap(jakob)<24705>: Panic: Leaked view for index
/var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index: Opened in
index-storage.c:336
Jän 04 11:03:32 aldebaran dovecot[24534]:
imap(jakob)<24705>: Error: Raw backtrace:
/usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f47d5872021] ->
/usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7f47d58720ed] ->
/usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f47d57e4481] ->
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf3942)

Re: Bug in dovecot 2.3 virtual plugin

2018-01-05 Thread Aki Tuomi 
This is a different bug, and I suspect it might be caused by virtual
plugin. We'll look into it.

Aki

On 04.01.2018 23:41, Jakob Schürz wrote:
> Hi!
>
> This is very strange...
> This error affects only one mailaccount, and it happend not yesterday.
> The file
>
> /var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index
>
> which hat "Panic: Leaked view for index" does not exist. only
> dovecot.index.log and .cache exists in this mailbox. (which is normal
> for small mailboxes, i've read). But why is dovecot throwing an error?
>
> And i could find out, this is only, when i try to open a virtual folder.
>
> I switched back to older self-compiled dovecot-versions... but the error
> exists also there (but not before the update!!!)
>
> I also deleted all the dovecot.index-files, dovecot.index.log and
> dovecot.index.cache-files to let rebuild dovecot the index again... the
> error persists.
>
> Is it a misconfiguration?
>
> So i tried to build for the virtual-Mailboxes the Index in memory... the
> error persists and dovecot wants to read this index-file.
>
> My virtual folders not working any longer (on this account only!)
>
> For debug purpose i deleted all the emails in this mailbox, the error
> dissapered on this folder, but comes back in the next folder.
>
> could this be a problem with ulimit?
>
> greez
> jakob
>
> Am 2018-01-04 um 11:07 schrieb Jakobus Schürz:
>> Hi!
>>
>> Is this a bug according to the other one?
>>
>> When i try to open a real or virtual mailbox, i often (not on every
>> mailbox) get this error-message:
>>
>> Jän 04 11:03:32 aldebaran dovecot[24534]:
>> imap(jakob)<24705>: Panic: Leaked view for index
>> /var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index: Opened in
>> index-storage.c:336
>> Jän 04 11:03:32 aldebaran dovecot[24534]:
>> imap(jakob)<24705>: Error: Raw backtrace:
>> /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f47d5872021] ->
>> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7f47d58720ed] ->
>> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f47d57e4481] ->
>> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf3942)
>> [0x7f47d5c11942] ->
>> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_close+0x72)
>> [0x7f47d5be8ec2] ->
>> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a)
>> [0x7f47d5b68c0a] ->
>> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xa7e0) [0x7f47d0dd37e0]
>> ->
>> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_open+0x2b)
>> [0x7f47d0dd397b] ->
>> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x1026)
>> [0x7f47d0dd6926] ->
>> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d)
>> [0x7f47d5b6b05d] ->
>> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37)
>> [0x7f47d5b6b117] ->
>> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_get_status+0x31)
>> [0x7f47d5be7781] ->
>> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x9b3d) [0x7f47d0dd2b3d]
>> -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xaded1)
>> [0x7f47d5bcbed1] -> /usr/local/lib/dovecot/lib01_acl_plugin.so(+0xe975)
>> [0x7f47d5001975] ->
>> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_get_status+0x31)
>> [0x7f47d5b6b4b1] ->
>> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x114d)
>> [0x7f47d0dd6a4d] ->
>> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d)
>> [0x7f47d5b6b05d] ->
>> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37)
>> [0x7f47d5b6b117] -> dovecot/imap [jakob 192.168.0.14
>> EXAMINE](cmd_select_full+0x171) [0x555d195a91a1] -> dovecot/imap [jakob
>> 192.168.0.14 EXAMINE](command_exec+0x64) [0x555d195b0ca4] ->
>> dovecot/imap [jakob 192.168.0.14 EXAMINE](+0x1b0b2) [0x555d195af0b2] ->
>> dovecot/imap [jakob 192.168.0.14 EXAMINE](+0x1b13c) [0x555d195af13c] ->
>> dovecot/imap [jakob 192.168.0.14 EXAMINE](client_handle_input+0x1a5)
>> [0x555d195af565] -> dovecot/imap [jakob 192.168.0.14
>> EXAMINE](client_input+0x82) [0x555d195afbe2] ->
>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69)
>> [0x7f47d5889bf9] ->
>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109)
>> [0x7f47d588b499] ->
>> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52)
>> [0x7f47d5889d02]
>> Jän 04 11:03:32 aldebaran dovecot[24534]:
>> imap(jakob)<24705>: Fatal: master: service(imap):
>> child 24705 killed with signal 6 (core dumps disabled)
>>
>> I deinstalled all debian-dovecot-packages and installed the user
>> dovenull manually again. This is all, i did.
>>
>> jakob
>

Re: Bug in dovecot 2.3 virtual plugin

2018-01-04 Thread Jakob Schürz 
Hi!

This is very strange...
This error affects only one mailaccount, and it happend not yesterday.
The file

/var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index

which hat "Panic: Leaked view for index" does not exist. only
dovecot.index.log and .cache exists in this mailbox. (which is normal
for small mailboxes, i've read). But why is dovecot throwing an error?

And i could find out, this is only, when i try to open a virtual folder.

I switched back to older self-compiled dovecot-versions... but the error
exists also there (but not before the update!!!)

I also deleted all the dovecot.index-files, dovecot.index.log and
dovecot.index.cache-files to let rebuild dovecot the index again... the
error persists.

Is it a misconfiguration?

So i tried to build for the virtual-Mailboxes the Index in memory... the
error persists and dovecot wants to read this index-file.

My virtual folders not working any longer (on this account only!)

For debug purpose i deleted all the emails in this mailbox, the error
dissapered on this folder, but comes back in the next folder.

could this be a problem with ulimit?

greez
jakob

Am 2018-01-04 um 11:07 schrieb Jakobus Schürz:
> Hi!
> 
> Is this a bug according to the other one?
> 
> When i try to open a real or virtual mailbox, i often (not on every
> mailbox) get this error-message:
> 
> Jän 04 11:03:32 aldebaran dovecot[24534]:
> imap(jakob)<24705>: Panic: Leaked view for index
> /var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index: Opened in
> index-storage.c:336
> Jän 04 11:03:32 aldebaran dovecot[24534]:
> imap(jakob)<24705>: Error: Raw backtrace:
> /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f47d5872021] ->
> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7f47d58720ed] ->
> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f47d57e4481] ->
> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf3942)
> [0x7f47d5c11942] ->
> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_close+0x72)
> [0x7f47d5be8ec2] ->
> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a)
> [0x7f47d5b68c0a] ->
> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xa7e0) [0x7f47d0dd37e0]
> ->
> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_open+0x2b)
> [0x7f47d0dd397b] ->
> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x1026)
> [0x7f47d0dd6926] ->
> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d)
> [0x7f47d5b6b05d] ->
> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37)
> [0x7f47d5b6b117] ->
> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_get_status+0x31)
> [0x7f47d5be7781] ->
> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x9b3d) [0x7f47d0dd2b3d]
> -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xaded1)
> [0x7f47d5bcbed1] -> /usr/local/lib/dovecot/lib01_acl_plugin.so(+0xe975)
> [0x7f47d5001975] ->
> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_get_status+0x31)
> [0x7f47d5b6b4b1] ->
> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x114d)
> [0x7f47d0dd6a4d] ->
> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d)
> [0x7f47d5b6b05d] ->
> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37)
> [0x7f47d5b6b117] -> dovecot/imap [jakob 192.168.0.14
> EXAMINE](cmd_select_full+0x171) [0x555d195a91a1] -> dovecot/imap [jakob
> 192.168.0.14 EXAMINE](command_exec+0x64) [0x555d195b0ca4] ->
> dovecot/imap [jakob 192.168.0.14 EXAMINE](+0x1b0b2) [0x555d195af0b2] ->
> dovecot/imap [jakob 192.168.0.14 EXAMINE](+0x1b13c) [0x555d195af13c] ->
> dovecot/imap [jakob 192.168.0.14 EXAMINE](client_handle_input+0x1a5)
> [0x555d195af565] -> dovecot/imap [jakob 192.168.0.14
> EXAMINE](client_input+0x82) [0x555d195afbe2] ->
> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69)
> [0x7f47d5889bf9] ->
> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109)
> [0x7f47d588b499] ->
> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52)
> [0x7f47d5889d02]
> Jän 04 11:03:32 aldebaran dovecot[24534]:
> imap(jakob)<24705>: Fatal: master: service(imap):
> child 24705 killed with signal 6 (core dumps disabled)
> 
> I deinstalled all debian-dovecot-packages and installed the user
> dovenull manually again. This is all, i did.
> 
> jakob

Re: Bug in dovecot 2.3 virtual plugin

2018-01-04 Thread Jakobus Schürz 

Hi!

Is this a bug according to the other one?

When i try to open a real or virtual mailbox, i often (not on every  
mailbox) get this error-message:


Jän 04 11:03:32 aldebaran dovecot[24534]:  
imap(jakob)<24705>: Panic: Leaked view for index  
/var/lib/dovecot/db/indexes/Maildir/jakob/INBOX/dovecot.index: Opened  
in index-storage.c:336
Jän 04 11:03:32 aldebaran dovecot[24534]:  
imap(jakob)<24705>: Error: Raw backtrace:  
/usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f47d5872021] ->  
/usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7f47d58720ed] ->  
/usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f47d57e4481] ->  
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf3942)  
[0x7f47d5c11942] ->  
/usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_close+0x72) [0x7f47d5be8ec2] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) [0x7f47d5b68c0a] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xa7e0) [0x7f47d0dd37e0] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_open+0x2b) [0x7f47d0dd397b] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x1026) [0x7f47d0dd6926] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d) [0x7f47d5b6b05d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) [0x7f47d5b6b117] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_get_status+0x31) [0x7f47d5be7781] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x9b3d) [0x7f47d0dd2b3d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xaded1) [0x7f47d5bcbed1] -> /usr/local/lib/dovecot/lib01_acl_plugin.so(+0xe975) [0x7f47d5001975] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_get_status+0x31) [0x7f47d5b6b4b1] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x114d) [0x7f47d0dd6a4d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d) [0x7f47d5b6b05d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) [0x7f47d5b6b117] -> dovecot/imap [jakob 192.168.0.14 EXAMINE](cmd_select_full+0x171) [0x555d195a91a1] -> dovecot/imap [jakob 192.168.0.14 EXAMINE](command_exec+0x64) [0x555d195b0ca4] -> dovecot/imap [jakob 192.168.0.14 EXAMINE](+0x1b0b2) [0x555d195af0b2] -> dovecot/imap [jakob 192.168.0.14 EXAMINE](+0x1b13c) [0x555d195af13c] -> dovecot/imap [jakob 192.168.0.14 EXAMINE](client_handle_input+0x1a5) [0x555d195af565] -> dovecot/imap [jakob 192.168.0.14 EXAMINE](client_input+0x82) [0x555d195afbe2] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7f47d5889bf9] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) [0x7f47d588b499] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52)  
[0x7f47d5889d02]
Jän 04 11:03:32 aldebaran dovecot[24534]:  
imap(jakob)<24705>: Fatal: master: service(imap):  
child 24705 killed with signal 6 (core dumps disabled)


I deinstalled all debian-dovecot-packages and installed the user  
dovenull manually again. This is all, i did.


jakob

Re: Dovecot 2.3 - using doveadm as non-root?

2018-01-03 Thread Timo Sirainen 
On 3 Jan 2018, at 11.38, Rob Hoelz  wrote:
> 
> Hi dovecot developers and users,
> 
> I recently upgraded my server running Arch Linux to dovecot 2.3.0, and I
> noticed some of my cron jobs started issuing me error messages.  These
> cron jobs run as a non-root user associated with my mail account, and
> they use doveadm to tidy things up (ex. purging the trash, moving
> old mail in certain folders into the trash).  The error message is:
> 
>> Error: net_connect_unix(/var/run/dovecot/stats-writer) failed:
>> Permission denied
> 
> I assume this is doveadm trying to participate in the new 2.3 stats
> process, and after reading the code a bit, I can't see way to tell
> doveadm to not connect to the stats writer.  The socket is owned by
> root with 600 permissions.
> 
> What would be the right way to remedy this?  AFAICT, I could potentially
> run doveadm as root (which I would prefer to avoid), or I could change
> the permissions on the stats writer socket, but I would hate to
> introduce any sort of security vulnerability by doing so.  I currently
> have a scrappy Perl script that just runs doveadm and filters out the
> error message (it doesn't seem to affect the behavior of doveadm other
> than the message), but that feels dirty and I would prefer a cleaner
> solution.  Any advice?

I was wondering what to do about this while developing it. I think you can 
disable this by clearing out the socket path:

doveadm -o stats_writer_socket_path=

But .. I think the changing the socket permissions is the better solution. The 
new stats process should know about everything that is going on in the system, 
and these doveadm calls are part of that. So if they're excluded then the stats 
aren't exactly correct. The stats-writer can't do all that much harm other than 
messing up the statistics or probably crashing stats process by using up all of 
its memory.

Dovecot 2.3 - using doveadm as non-root?

2018-01-03 Thread Rob Hoelz 
Hi dovecot developers and users,

I recently upgraded my server running Arch Linux to dovecot 2.3.0, and I
noticed some of my cron jobs started issuing me error messages.  These
cron jobs run as a non-root user associated with my mail account, and
they use doveadm to tidy things up (ex. purging the trash, moving
old mail in certain folders into the trash).  The error message is:

> Error: net_connect_unix(/var/run/dovecot/stats-writer) failed:
> Permission denied

I assume this is doveadm trying to participate in the new 2.3 stats
process, and after reading the code a bit, I can't see way to tell
doveadm to not connect to the stats writer.  The socket is owned by
root with 600 permissions.

What would be the right way to remedy this?  AFAICT, I could potentially
run doveadm as root (which I would prefer to avoid), or I could change
the permissions on the stats writer socket, but I would hate to
introduce any sort of security vulnerability by doing so.  I currently
have a scrappy Perl script that just runs doveadm and filters out the
error message (it doesn't seem to affect the behavior of doveadm other
than the message), but that feels dirty and I would prefer a cleaner
solution.  Any advice?

Thanks,
Rob

Re: Bug in dovecot 2.3 virtual plugin

2018-01-03 Thread Aki Tuomi 
This is not a bug in virtual plugin, but in some email which contains invalid 
unicode sequence somehow. Can you send me a core file? This should not have 
occured ofc but would be nice to know how it ended up here.

Aki

> On January 3, 2018 at 5:35 PM Jakobus Schürz <wertsto...@nurfuerspam.de> 
> wrote:
> 
> 
> Hi there!
> 
> I compiled dovecot 2.3 from git. Because there is already a bug in  
> virtual-plugin, and i hoped, it get fixed... but it doesn't. So this  
> is the error-message from the log
> 
> Jän 03 16:27:08 aldebaran dovecot[26460]:  
> indexer-worker(jakob)<26476><qQ6g1+BhIJvAqAAO:sjYhMTH2TFpsZwAAk1Mx3g>:  
> Panic: file unichar.c: line 160 (uni_ucs4_to_utf8_c): assertion  
> failed: (uni_is_valid_ucs4(chr))
> Jän 03 16:27:08 aldebaran dovecot[26460]:  
> indexer-worker(jakob)<26476><qQ6g1+BhIJvAqAAO:sjYhMTH2TFpsZwAAk1Mx3g>:  
> Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021)  
> [0x7f8299f7a021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed)  
> [0x7f8299f7a0ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0)  
> [0x7f8299eec481] ->  
> /usr/local/lib/dovecot/libdovecot.so.0(uni_ucs4_to_utf8_c+0xa0)  
> [0x7f8299fb1500] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xa75e0)  
> [0x7f8299f5b5e0] ->  
> /usr/local/lib/dovecot/libdovecot.so.0(mail_html2text_more+0xc5)  
> [0x7f8299f5b775] ->  
> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0xcfcc) [0x7f82990aefcc]  
> -> /usr/local/lib/dovecot/lib20_fts_plugin.so(fts_parser_more+0x27)  
> [0x7f82990aeca7] ->  
> /usr/local/lib/dovecot/lib20_fts_plugin.so(fts_build_mail+0x5e9)  
> [0x7f82990acc39] ->  
> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x1122d) [0x7f82990b322d]  
> -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x916a)  
> [0x7f82958e316a] ->  
> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x10f5d) [0x7f82990b2f5d]  
> -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x916a)  
> [0x7f82958e316a] ->  
> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x10f5d) [0x7f82990b2f5d]  
> -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mail_precache+0x2e)  
> [0x7f829a2641be] -> dovecot/indexer-worker [jakob  
> Synoptic/AKTUELL](+0x2533) [0x562227882533] ->  
> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69)  
> [0x7f8299f91bf9] ->  
> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109)  
> [0x7f8299f93499] ->  
> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52)  
> [0x7f8299f91d02] ->  
> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38)  
> [0x7f8299f91f18] ->  
> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13)  
> [0x7f8299f0f1e3] -> dovecot/indexer-worker [jakob  
> Synoptic/AKTUELL](main+0xe7) [0x562227881f47] ->  
> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)  
> [0x7f8299b352b1] -> dovecot/indexer-worker [jakob  
> Synoptic/AKTUELL](_start+0x2a) [0x56222788201a]
> Jän 03 16:27:08 aldebaran dovecot[26460]: indexer: Error: Indexer  
> worker disconnected, discarding 1 requests for jakob
> Jän 03 16:27:08 aldebaran dovecot[26460]:  
> imap(jakob)<26472><qQ6g1+BhIJvAqAAO>: Error: indexer failed to index  
> mailbox Synoptic/AKTUELL
> Jän 03 16:27:08 aldebaran dovecot[26460]:  
> indexer-worker(jakob)<26476><qQ6g1+BhIJvAqAAO:sjYhMTH2TFpsZwAAk1Mx3g>:  
> Fatal: master: service(indexer-worker): child 26476 killed with signal  
> 6 (core dumps disabled)
> Jän 03 16:27:09 aldebaran dovecot[26460]:  
> indexer-worker(jakob)<26484><qQ6g1+BhIJvAqAAO:J6mUIEz2TFp0ZwAAk1Mx3g>:  
> Error: lucene index  
> /var/lib/dovecot/db/indexes/Maildir/jakob/lucene-indexes:  
> IndexWriter() failed (#1): Lock obtain timed out
> Jän 03 16:27:10 aldebaran dovecot[26460]:  
> indexer-worker(jakob)<26484><qQ6g1+BhIJvAqAAO:J6mUIEz2TFp0ZwAAk1Mx3g>:  
> Error: Mailbox Synoptic/AKTUELL: Transaction commit failed: BUG:  
> Unknown internal error (attempted to index 1488 messages (UIDs  
> 15214..16775))
> Jän 03 16:27:10 aldebaran dovecot[26460]:  
> imap(jakob)<26480>: Error: indexer failed to index  
> mailbox Synoptic/AKTUELL
> Jän 03 16:27:11 aldebaran dovecot[26460]:  
> imap(jakob)<26472><qQ6g1+BhIJvAqAAO>: Panic: file mail-index.c: line  
> 793 (mail_index_close): assertion failed: (index->open_count > 0)
> Jän 03 16:27:11 aldebaran dovecot[26460]:  
> imap(jakob)<26472><qQ6g1+BhIJvAqAAO>: Error: Raw backtrace:  
> /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7fb0fbd3a021] ->  
> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7fb0fbd3a0ed] ->  
> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x

Bug in dovecot 2.3 virtual plugin

2018-01-03 Thread Jakobus Schürz 

Hi there!

I compiled dovecot 2.3 from git. Because there is already a bug in  
virtual-plugin, and i hoped, it get fixed... but it doesn't. So this  
is the error-message from the log


Jän 03 16:27:08 aldebaran dovecot[26460]:  
indexer-worker(jakob)<26476><qQ6g1+BhIJvAqAAO:sjYhMTH2TFpsZwAAk1Mx3g>:  
Panic: file unichar.c: line 160 (uni_ucs4_to_utf8_c): assertion  
failed: (uni_is_valid_ucs4(chr))
Jän 03 16:27:08 aldebaran dovecot[26460]:  
indexer-worker(jakob)<26476><qQ6g1+BhIJvAqAAO:sjYhMTH2TFpsZwAAk1Mx3g>:  
Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021)  
[0x7f8299f7a021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed)  
[0x7f8299f7a0ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0)  
[0x7f8299eec481] ->  
/usr/local/lib/dovecot/libdovecot.so.0(uni_ucs4_to_utf8_c+0xa0)  
[0x7f8299fb1500] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xa75e0)  
[0x7f8299f5b5e0] ->  
/usr/local/lib/dovecot/libdovecot.so.0(mail_html2text_more+0xc5)  
[0x7f8299f5b775] ->  
/usr/local/lib/dovecot/lib20_fts_plugin.so(+0xcfcc) [0x7f82990aefcc]  
-> /usr/local/lib/dovecot/lib20_fts_plugin.so(fts_parser_more+0x27)  
[0x7f82990aeca7] ->  
/usr/local/lib/dovecot/lib20_fts_plugin.so(fts_build_mail+0x5e9)  
[0x7f82990acc39] ->  
/usr/local/lib/dovecot/lib20_fts_plugin.so(+0x1122d) [0x7f82990b322d]  
-> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x916a)  
[0x7f82958e316a] ->  
/usr/local/lib/dovecot/lib20_fts_plugin.so(+0x10f5d) [0x7f82990b2f5d]  
-> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x916a)  
[0x7f82958e316a] ->  
/usr/local/lib/dovecot/lib20_fts_plugin.so(+0x10f5d) [0x7f82990b2f5d]  
-> /usr/local/lib/dovecot/libdovecot-storage.so.0(mail_precache+0x2e)  
[0x7f829a2641be] -> dovecot/indexer-worker [jakob  
Synoptic/AKTUELL](+0x2533) [0x562227882533] ->  
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69)  
[0x7f8299f91bf9] ->  
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109)  
[0x7f8299f93499] ->  
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52)  
[0x7f8299f91d02] ->  
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38)  
[0x7f8299f91f18] ->  
/usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13)  
[0x7f8299f0f1e3] -> dovecot/indexer-worker [jakob  
Synoptic/AKTUELL](main+0xe7) [0x562227881f47] ->  
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)  
[0x7f8299b352b1] -> dovecot/indexer-worker [jakob  
Synoptic/AKTUELL](_start+0x2a) [0x56222788201a]
Jän 03 16:27:08 aldebaran dovecot[26460]: indexer: Error: Indexer  
worker disconnected, discarding 1 requests for jakob
Jän 03 16:27:08 aldebaran dovecot[26460]:  
imap(jakob)<26472><qQ6g1+BhIJvAqAAO>: Error: indexer failed to index  
mailbox Synoptic/AKTUELL
Jän 03 16:27:08 aldebaran dovecot[26460]:  
indexer-worker(jakob)<26476><qQ6g1+BhIJvAqAAO:sjYhMTH2TFpsZwAAk1Mx3g>:  
Fatal: master: service(indexer-worker): child 26476 killed with signal  
6 (core dumps disabled)
Jän 03 16:27:09 aldebaran dovecot[26460]:  
indexer-worker(jakob)<26484><qQ6g1+BhIJvAqAAO:J6mUIEz2TFp0ZwAAk1Mx3g>:  
Error: lucene index  
/var/lib/dovecot/db/indexes/Maildir/jakob/lucene-indexes:  
IndexWriter() failed (#1): Lock obtain timed out
Jän 03 16:27:10 aldebaran dovecot[26460]:  
indexer-worker(jakob)<26484><qQ6g1+BhIJvAqAAO:J6mUIEz2TFp0ZwAAk1Mx3g>:  
Error: Mailbox Synoptic/AKTUELL: Transaction commit failed: BUG:  
Unknown internal error (attempted to index 1488 messages (UIDs  
15214..16775))
Jän 03 16:27:10 aldebaran dovecot[26460]:  
imap(jakob)<26480>: Error: indexer failed to index  
mailbox Synoptic/AKTUELL
Jän 03 16:27:11 aldebaran dovecot[26460]:  
imap(jakob)<26472><qQ6g1+BhIJvAqAAO>: Panic: file mail-index.c: line  
793 (mail_index_close): assertion failed: (index->open_count > 0)
Jän 03 16:27:11 aldebaran dovecot[26460]:  
imap(jakob)<26472><qQ6g1+BhIJvAqAAO>: Error: Raw backtrace:  
/usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7fb0fbd3a021] ->  
/usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7fb0fbd3a0ed] ->  
/usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fb0fbcac481] ->  
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf39a8)  
[0x7fb0fc0d99a8] ->  
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd92d1)  
[0x7fb0fc0bf2d1] ->  
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd9363)  
[0x7fb0fc0bf363] ->  
/usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_free+0x9)  
[0x7fb0fc0b0f39] ->  
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd05a4)  
[0x7fb0fc0b65a4] ->  
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_free+0x19)  
[0x7fb0fc030c99] ->  
/usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xabdc)  
[0x7fb0f729bbdc] ->  
/usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xacb9)  
[0x7fb0f

ssl_curve_list seems to be ignored with Dovecot 2.3

2017-12-25 Thread Marcel Menzel 
Hi all,


after upgrading to Dovecot 2.3, I've noticed the new "ssl_curve_list"
TLS option in 10-ssl.conf.
Setting it to "ssl_curve_list = X25519:P-256" or leaving it blank (auto)
does not change anything, Dovecot keeps on negotiating P-384: Server
Temp Key: ECDH, P-384, 384 bits

When using "-curves X25519" in s_client, it does a fallback to DH:
Server Temp Key: DH, 4096 bits

I'm on Dovecot 2.3.0 (c8b89eb) with OpenSSL 1.1.0g  2 Nov 2017 on Arch
Linux 4.14.8-1-ARCH.

Am I missing something here? OpenSSL 1.1 defaults to Curve25519 when
leaving it on auto.



Greetings,

Marcel Menzel

Re: Dovecot 2.3-rc Logging Format

2017-12-23 Thread Stephan Bosch 
Op 12/21/2017 om 8:57 AM schreef Thomas Leuxner:
> Hi,
>
> the release candidate defaults to a log format with session IDs.
>
> mail_log_prefix = "%s(%u)<%{pid}><%{session}>: "
>
> As the LMTP service seems to have the session ID hardcoded, the IDs get 
> duplicated in the logs:
>
> Dec 21 08:48:03 edi dovecot: lmtp(26573): Connect from local
> Dec 21 08:48:03 edi dovecot: lmtp(t...@leuxner.net)[26573]: 
> : fCVaBjNnO1rNZwAAIROLbg: sieve: 
> msgid=<2323281.OorJHhdMHM@ylum>, time=158ms, status=stored mail into mailbox 
> ':public/Mailing-Lists/Debian-User'
> Dec 21 08:48:03 edi dovecot: lmtp(26573): Disconnect from local: Client has 
> quit the connection (state = READY)

Fixed in release.

Regards,

Stephan.

Re: Dovecot 2.3-rc1 SMTP submission proxy always gives TLS required error even when already using TLS

2017-12-22 Thread Michael Marley 
On 2017-12-22 11:22, Michael Marley wrote:

> On 2017-12-21 16:48, Stephan Bosch wrote:
> 
> Op 12/18/2017 om 9:44 PM schreef Michael Marley: 
> 
> First of all, I apologize for my accidental empty message earlier.
> 
> I just set up the SMTP submission proxy in Dovecot 2.3, but whenever I
> try to connect to it, it always returns "530 5.7.0 TLS required." for
> any sort of AUTH or MAIL command.  This occurs even if TLS is being
> used.  It also occurs regardless of whether I connect with a real
> client (Thunderbird) or manually with openssl s_client and regardless
> of whether a loopback connection or a remote connection is used.  Here
> is the output of "dovecot -n".  Please let me know if I can provide
> any other data.  Thanks! 
> Confirmed. Working on a fix.
> 
> Regards,
> 
> Stephan.

I can confirm that it works correctly in 2.3.0, thanks! 

Michael 

I think I spoke too soon.  It works correctly (requiring TLS but working
once STARTTLS has been done) for remote connections, but it also is
requiring TLS for loopback connections, even though the rest of Dovecot
doesn't work this way. 

Michael

Re: Dovecot 2.3-rc1 SMTP submission proxy always gives TLS required error even when already using TLS

2017-12-22 Thread Michael Marley 
On 2017-12-21 16:48, Stephan Bosch wrote:

> Op 12/18/2017 om 9:44 PM schreef Michael Marley: 
> 
>> First of all, I apologize for my accidental empty message earlier.
>> 
>> I just set up the SMTP submission proxy in Dovecot 2.3, but whenever I
>> try to connect to it, it always returns "530 5.7.0 TLS required." for
>> any sort of AUTH or MAIL command.  This occurs even if TLS is being
>> used.  It also occurs regardless of whether I connect with a real
>> client (Thunderbird) or manually with openssl s_client and regardless
>> of whether a loopback connection or a remote connection is used.  Here
>> is the output of "dovecot -n".  Please let me know if I can provide
>> any other data.  Thanks!
> 
> Confirmed. Working on a fix.
> 
> Regards,
> 
> Stephan.

I can confirm that it works correctly in 2.3.0, thanks! 

Michael

Re: Dovecot 2.3-rc Logging Format

2017-12-21 Thread Aki Tuomi 

> On December 21, 2017 at 9:57 AM Thomas Leuxner  wrote:
> 
> 
> Hi,
> 
> the release candidate defaults to a log format with session IDs.
> 
> mail_log_prefix = "%s(%u)<%{pid}><%{session}>: "
> 
> As the LMTP service seems to have the session ID hardcoded, the IDs get 
> duplicated in the logs:
> 
> Dec 21 08:48:03 edi dovecot: lmtp(26573): Connect from local
> Dec 21 08:48:03 edi dovecot: lmtp(t...@leuxner.net)[26573]: 
> : fCVaBjNnO1rNZwAAIROLbg: sieve: 
> msgid=<2323281.OorJHhdMHM@ylum>, time=158ms, status=stored mail into mailbox 
> ':public/Mailing-Lists/Debian-User'
> Dec 21 08:48:03 edi dovecot: lmtp(26573): Disconnect from local: Client has 
> quit the connection (state = READY)
> 
> Regards
> Thomas

Hi! Thank you for your report, we'll look into it.

Aki

  1   2   >