Re: Outlook 2010 woes
On Thu, 13 Oct 2016, Bryan Holloway wrote: Rebuilding caches? Do you get the same delay when going back to the folder after the initial delay. No, but once sitting idle again for 10-15 seconds, the delay occurs again regardless of which folder you choose. Another diagnostic is to strace the server process. Joseph Tam
Re: Outlook 2010 woes
On 10/13/16 11:01 AM, Aki Tuomi wrote: On October 13, 2016 at 6:52 PM Konstantin Khomoutovwrote: On Thu, 13 Oct 2016 10:35:14 -0500 Bryan Holloway wrote: [...] Is there a way to see the IMAP commands coming from the client? I've tried looking at PCAPs, but of course they're encrypted so I can't see the actual dialog going on between the server and client. I didn't see an obvious way to do this in the docs. If you have access to the SSL/TLS key (IOW, the private part of the cert) the server uses to secure IMAP connections you can dump the IMAP traffic using the `ssldump` utility (which builds on `tcpdump`). I do, but the client is using a DH key exchange so I only have the server-side private key. Tried that using Wireshark's decoder features and ran into this problem. I'm assuming I'd run into the same using ssldump, but I'll give it a shot! I think DH is not the culprit: just to be able to actually decode SSL traffic, you must have the server private key when you're decoding the SSL handshake phase -- to be able to recover the session keys, which you then use to decode the actual tunneled data. You can also enable only non DH algorithms in ssl settings if rawlog isn't working for you. Aki Ah -- interesting tip. I hadn't thought of that. Thank you! I'll report my findings to the list.
Re: Outlook 2010 woes
On 10/13/16 10:42 AM, Urban Loesch wrote: Am 13.10.2016 um 16:53 schrieb Bryan Holloway: On 10/13/16 9:07 AM, Aki Tuomi wrote: On October 13, 2016 at 4:55 PM Jerrywrote: On Thu, 13 Oct 2016 08:36:23 -0500, Bryan Holloway stated: I also extended the "Server Timeout" setting in OT2010 to 10 minutes, which doesn't seem to help either. (!) Outlook 2010 is a very old version. Why not update to the 2016 version. I am running it without any problems. If you do update, remember to remove the old version completely first. -- Jerry I do wonder if the real culprit is some firewall that timeouts the idle connection. Aki I considered that, but again everything worked fine until we moved them from 2.1 to 2.2. Their same firewall is in use. Is there a way to see the IMAP commands coming from the client? I've tried looking at PCAPs, but of course they're encrypted so I can't see the actual dialog going on between the server and client. I didn't see an obvious way to do this in the docs. There is a "rawlog" feature, which writes down the hole decrypted imap session in files. ... service imap { ... executable = imap postlogin ... } ... service postlogin { executable = script-login -d rawlog unix_listener postlogin { } } ... This should write *.in an *.out files to "$mail_location/dovecot.rawlog/" directory for each imap session. The directory should be writeable by the dovecot user. I tested this some years ago, so I'm not shure if the configuration is still valid. Regards Urban Great! I will try this.
Re: Outlook 2010 woes
> On October 13, 2016 at 6:52 PM Konstantin Khomoutov >wrote: > > > On Thu, 13 Oct 2016 10:35:14 -0500 > Bryan Holloway wrote: > > > > [...] > > >> Is there a way to see the IMAP commands coming from the client? > > >> I've tried looking at PCAPs, but of course they're encrypted so I > > >> can't see the actual dialog going on between the server and > > >> client. I didn't see an obvious way to do this in the docs. > > > > > > If you have access to the SSL/TLS key (IOW, the private part of the > > > cert) the server uses to secure IMAP connections you can dump the > > > IMAP traffic using the `ssldump` utility (which builds on > > > `tcpdump`). > > > > I do, but the client is using a DH key exchange so I only have the > > server-side private key. > > > > Tried that using Wireshark's decoder features and ran into this > > problem. I'm assuming I'd run into the same using ssldump, but I'll > > give it a shot! > > I think DH is not the culprit: just to be able to actually decode SSL > traffic, you must have the server private key when you're decoding the > SSL handshake phase -- to be able to recover the session keys, which > you then use to decode the actual tunneled data. You can also enable only non DH algorithms in ssl settings if rawlog isn't working for you. Aki
Re: Outlook 2010 woes
On Thu, 13 Oct 2016 10:35:14 -0500 Bryan Hollowaywrote: > > [...] > >> Is there a way to see the IMAP commands coming from the client? > >> I've tried looking at PCAPs, but of course they're encrypted so I > >> can't see the actual dialog going on between the server and > >> client. I didn't see an obvious way to do this in the docs. > > > > If you have access to the SSL/TLS key (IOW, the private part of the > > cert) the server uses to secure IMAP connections you can dump the > > IMAP traffic using the `ssldump` utility (which builds on > > `tcpdump`). > > I do, but the client is using a DH key exchange so I only have the > server-side private key. > > Tried that using Wireshark's decoder features and ran into this > problem. I'm assuming I'd run into the same using ssldump, but I'll > give it a shot! I think DH is not the culprit: just to be able to actually decode SSL traffic, you must have the server private key when you're decoding the SSL handshake phase -- to be able to recover the session keys, which you then use to decode the actual tunneled data.
Re: Outlook 2010 woes
Am 13.10.2016 um 16:53 schrieb Bryan Holloway: On 10/13/16 9:07 AM, Aki Tuomi wrote: On October 13, 2016 at 4:55 PM Jerrywrote: On Thu, 13 Oct 2016 08:36:23 -0500, Bryan Holloway stated: I also extended the "Server Timeout" setting in OT2010 to 10 minutes, which doesn't seem to help either. (!) Outlook 2010 is a very old version. Why not update to the 2016 version. I am running it without any problems. If you do update, remember to remove the old version completely first. -- Jerry I do wonder if the real culprit is some firewall that timeouts the idle connection. Aki I considered that, but again everything worked fine until we moved them from 2.1 to 2.2. Their same firewall is in use. Is there a way to see the IMAP commands coming from the client? I've tried looking at PCAPs, but of course they're encrypted so I can't see the actual dialog going on between the server and client. I didn't see an obvious way to do this in the docs. There is a "rawlog" feature, which writes down the hole decrypted imap session in files. ... service imap { ... executable = imap postlogin ... } ... service postlogin { executable = script-login -d rawlog unix_listener postlogin { } } ... This should write *.in an *.out files to "$mail_location/dovecot.rawlog/" directory for each imap session. The directory should be writeable by the dovecot user. I tested this some years ago, so I'm not shure if the configuration is still valid. Regards Urban
Re: Outlook 2010 woes
On 10/13/16 10:23 AM, Konstantin Khomoutov wrote: On Thu, 13 Oct 2016 09:53:19 -0500 Bryan Hollowaywrote: [...] Is there a way to see the IMAP commands coming from the client? I've tried looking at PCAPs, but of course they're encrypted so I can't see the actual dialog going on between the server and client. I didn't see an obvious way to do this in the docs. If you have access to the SSL/TLS key (IOW, the private part of the cert) the server uses to secure IMAP connections you can dump the IMAP traffic using the `ssldump` utility (which builds on `tcpdump`). I do, but the client is using a DH key exchange so I only have the server-side private key. Tried that using Wireshark's decoder features and ran into this problem. I'm assuming I'd run into the same using ssldump, but I'll give it a shot! Stupid privacy. :)
Re: Outlook 2010 woes
On Thu, 13 Oct 2016 09:53:19 -0500 Bryan Hollowaywrote: [...] > Is there a way to see the IMAP commands coming from the client? I've > tried looking at PCAPs, but of course they're encrypted so I can't > see the actual dialog going on between the server and client. I > didn't see an obvious way to do this in the docs. If you have access to the SSL/TLS key (IOW, the private part of the cert) the server uses to secure IMAP connections you can dump the IMAP traffic using the `ssldump` utility (which builds on `tcpdump`).
Re: Outlook 2010 woes
On 10/13/16 9:07 AM, Aki Tuomi wrote: On October 13, 2016 at 4:55 PM Jerrywrote: On Thu, 13 Oct 2016 08:36:23 -0500, Bryan Holloway stated: I also extended the "Server Timeout" setting in OT2010 to 10 minutes, which doesn't seem to help either. (!) Outlook 2010 is a very old version. Why not update to the 2016 version. I am running it without any problems. If you do update, remember to remove the old version completely first. -- Jerry I do wonder if the real culprit is some firewall that timeouts the idle connection. Aki I considered that, but again everything worked fine until we moved them from 2.1 to 2.2. Their same firewall is in use. Is there a way to see the IMAP commands coming from the client? I've tried looking at PCAPs, but of course they're encrypted so I can't see the actual dialog going on between the server and client. I didn't see an obvious way to do this in the docs.
Re: Outlook 2010 woes
On 10/13/16 9:06 AM, Bryan Holloway wrote: On 10/13/16 8:55 AM, Jerry wrote: On Thu, 13 Oct 2016 08:36:23 -0500, Bryan Holloway stated: I also extended the "Server Timeout" setting in OT2010 to 10 minutes, which doesn't seem to help either. (!) Outlook 2010 is a very old version. Why not update to the 2016 version. I am running it without any problems. If you do update, remember to remove the old version completely first. Yeah -- totally not disagreeing with that statement ... the problem is that the customer is putting their foot down since everything worked fine with Dovecot 2.1. But yes, I have mentioned that to them ... I guess I should add that it would be one thing if there were a specific IMAP feature that a newer Dovecot version (2.2) supported and the client didn't, but I haven't been able to pinpoint it. Obviously the behavior is different than what it was, but it would be a lot easier to convince the customer to upgrade if I could point a finger right at the "feature" in question. In the meantime, I have to try and figure out what's changed ...
Re: Outlook 2010 woes
> On October 13, 2016 at 4:55 PM Jerrywrote: > > > On Thu, 13 Oct 2016 08:36:23 -0500, Bryan Holloway stated: > > >I also extended the "Server Timeout" setting in OT2010 to 10 minutes, > >which doesn't seem to help either. (!) > > Outlook 2010 is a very old version. Why not update to the 2016 version. > I am running it without any problems. If you do update, remember to > remove the old version completely first. > > -- > Jerry I do wonder if the real culprit is some firewall that timeouts the idle connection. Aki
Re: Outlook 2010 woes
On 10/13/16 8:55 AM, Jerry wrote: On Thu, 13 Oct 2016 08:36:23 -0500, Bryan Holloway stated: I also extended the "Server Timeout" setting in OT2010 to 10 minutes, which doesn't seem to help either. (!) Outlook 2010 is a very old version. Why not update to the 2016 version. I am running it without any problems. If you do update, remember to remove the old version completely first. Yeah -- totally not disagreeing with that statement ... the problem is that the customer is putting their foot down since everything worked fine with Dovecot 2.1. But yes, I have mentioned that to them ...
Re: Outlook 2010 woes
On Thu, 13 Oct 2016 08:36:23 -0500, Bryan Holloway stated: >I also extended the "Server Timeout" setting in OT2010 to 10 minutes, >which doesn't seem to help either. (!) Outlook 2010 is a very old version. Why not update to the 2016 version. I am running it without any problems. If you do update, remember to remove the old version completely first. -- Jerry
Too many references: cannot splice
Hi, A while ago I sent an email regarding these "*ETOOMANYREFS* Too many references: cannot splice." that we've seen since Debian updated the Jessie kernel to 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u3 (2016-01-17) x86_64 while older kernels, like 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1+deb8u6 (2015-11-09) x86_64 showed no errors at all. I was wondering if no one else is getting these errors, or if you know any workarounds that might probe useful, apart from downgrading the kernel. I would say that the infrastructure we're running is quite standard, with directors balancing users to NFS backed dovecot servers. Best regards, Luis Ugalde.
Re: Outlook 2010 woes
On 10/12/16 4:11 PM, Joseph Tam wrote: Old server: * Ubuntu 10.04.4 LTS * Dovecot 2.1.13 * Maildir++ * Local auth via passwd/shadow files New server: * Debian GNU/Linux 8.6 * Dovecot 2.2.13 * Maildir++ * Quotas enabled * LDAP Basically what's happening is that users are seeing large delays when navigating between different IMAP folders. So, for example, user "X" is sitting idle in their INBOX. Rebuilding caches? Do you get the same delay when going back to the folder after the initial delay. Joseph TamNo, but once sitting idle again for 10-15 seconds, the delay occurs again regardless of which folder you choose. Am I understanding your question correctly? It really seems to me like Outlook is prematurely ending IMAP sessions. I also extended the "Server Timeout" setting in OT2010 to 10 minutes, which doesn't seem to help either. (!) I was considering enabling the auth_cache feature to see if that helps. I'll let the list know what happens -- planning on doing that today.
Re: dovecot 2.2.25 BUG: local_name is not matching correctly
On 13.10.2016 16:09, Arkadiusz Miśkiewicz wrote: > Bug report: > > When using dovecot 2.2.25 SNI capability it doesn't always match proper vhost > config. For example if we have such config: > > local_name imap.example.com { > ssl_cert = ssl_key = } > > but imap client sends mixedcase SNI hostname like "IMAP.example.com" then > dovecot won't match above local_name imap.example.coml config section. > > IMO dovecot should do case insensitive comparison. Case sensitive matching > for > DNS names makes little sense. > Hi! Thank you for reporting this, we'll look into it. Aki Tuomi Dovecot oy
dovecot 2.2.25 BUG: local_name is not matching correctly
Bug report: When using dovecot 2.2.25 SNI capability it doesn't always match proper vhost config. For example if we have such config: local_name imap.example.com { ssl_cert =
Re: fix SIS attachment errors
To whom it may interest; With the help of Aki Tuomi I've found a way to remove such errors and move forward, in a way that could be automated. As this might be a problem to others and there seems to be no discussion about it, i'll share it with you. What I did, essentially, was to write a shell script that do the following, per user: - read all the mailboxes with `doveadm fetch -u $username text all` and redirect errors to a file - identify all missing attachments' paths from the file created previously and try to create a hardlink to it. Any file with the same hash (before `-`) is good. - identify all mailboxes and uids from messages there are still broken (the same error file created before should have this information) and fetch them, and save them elsewhere. - after fetching and saving, expunge such messages. - use doveadm save to put the messages back. They'll be without the attachments but also without any errors. There are some gotchas to do the above, and to automate that, so I'll be happy to help if anyone needs. Thank you. On Wed, Oct 5, 2016 at 3:59 PM Webert de Souza Limawrote: Hi, I've sent some e-mails about this before but since there was no answers I'll write it differently, with different information. I'm using SIS (Single Instance Attachment Storage). For any reason that is not relevant now, many attachments are missing and the messages can't be fetched: Error: read(attachments-connector(zlib(/dovecot/mdbox/bar.example/foo/storage/m.1))) failed: read(/dovecot/attach/bar.example/23/ae/23aed008c1f32f048afd38d9aae68c5aeae2d17a9170e28c60c75a02ec199ef4e7079cd92988ad857bd6e12cd24cdd7619bd29f26edeec842a6911bb14a86944-fb0b6a214dfa63573c1f9331bd36[base64:19 b/l]) failed: open(/dovecot/attach/bar.example/23/ae/23aed008c1f32f048afd38d9aae68c5aeae2d17a9170e28c60c75a02ec199ef4e7079cd92988ad857bd6e12cd24cdd7619bd29f26edeec842a6911bb14a86944-fb0b6a214dfa63573c1f9331bd36) failed: No such file or directory in this specific case, the /dovecot/attach/bar.example/23/ae/ director doesn't exist. In other cases, just one file is missing so I would assume the hardlink could be recreated and it would work. If I create the missing file (with touch or whatever), I get the following errors: Error: read(/dovecot/attach/bar.example/23/ae/23aed008c1f32f048afd38d9aae68c5aeae2d17a9170e28c60c75a02ec199ef4e7079cd92988ad857bd6e12cd24cdd7619bd29f26edeec842a6911bb14a86944-fb0b6a214dfa63573c1f9331bd36[base64:19 b/l]) failed: Stream is smaller than expected (0 < 483065) Error: read(attachments-connector(zlib(/dovecot/mdbox/bar.example/foo/storage/m.1))) failed: read(/dovecot/attach/bar.example/23/ae/23aed008c1f32f048afd38d9aae68c5aeae2d17a9170e28c60c75a02ec199ef4e7079cd92988ad857bd6e12cd24cdd7619bd29f26edeec842a6911bb14a86944-fb0b6a214dfa63573c1f9331bd36[base64:19 b/l]) failed: Stream is smaller than expected (0 < 483065) Error: fetch(body) failed for box=INBOX uid=15: BUG: Unknown internal error If I try to fill the file with the amount of bytes it complains about with the following command: $ dd if=/dev/zero of=/dovecot/attach/bar.example/23/ae/23aed008c1f32f048afd38d9aae68c5aeae2d17a9170e28c60c75a02ec199ef4e7079cd92988ad857bd6e12cd24cdd7619bd29f26edeec842a6911bb14a86944-fb0b6a214dfa63573c1f9331bd36 bs=1 count=483065 then I get the following error: Error: read(/dovecot/attach/bar.example/23/ae/23aed008c1f32f048afd38d9aae68c5aeae2d17a9170e28c60c75a02ec199ef4e7079cd92988ad857bd6e12cd24cdd7619bd29f26edeec842a6911bb14a86944-fb0b6a214dfa63573c1f9331bd36[base64:19 b/l]) failed: Stream is larger than expected (483928 > 483065, eof=0) Error: read(attachments-connector(zlib(/srv/dovecot/mdbox/bar.example/foo/storage/m.1))) failed: read(//dovecot/attach/bar.example/23/ae/23aed008c1f32f048afd38d9aae68c5aeae2d17a9170e28c60c75a02ec199ef4e7079cd92988ad857bd6e12cd24cdd7619bd29f26edeec842a6911bb14a86944-fb0b6a214dfa63573c1f9331bd36[base64:19 b/l]) failed: Stream is larger than expected (483928 > 483065, eof=0) Error: fetch(body) failed for box=INBOX uid=15: BUG: Unknown internal error Based on this I have a few questions: 1. Is there a way, or a tool to scan all mailboxes to get all the messages that have compromised attachments? 2. is there a way to "fix" the missing files (even if creating fake files or removing the attachments information from the messages) 3. What I need is to migrate these boxes using doveadm backup/sync, which fails when these errors occur. Is is possible to ignore them or is there another tool that would do it? Thank you. Webert Lima Belo Horizonte, Brasil
RE: First steps in Dovecot; IMAP not working
I think I found the culprit. I had backed files up using cp (e.g. 10-ssl.conf to 10-ssl.default.conf) so if I made mistakes, I could revert easily. It looks like all files in the conf.d folder are included, therefore my backup files overwrote the standard ones. Now, when I try to send mails, outlook tells me it can't save the message in the "sent" folder (the mail server denies saving there (I'm translating from French, sorry)). The error code is 0x80040119. At least, I don't get the same set of errors. Thanks, aki, for your previous answer.
Re: First steps in Dovecot; IMAP not working
On 13.10.2016 12:42, Marnaud wrote: > > "Aki Tuomi"wrote: > >> doveconf -n shows what's there. if you have ssl=no somewhere else in the >> config after you set it to required, it gets overwritten. >> >> Aki > > Thanks, Aki. > It means I have to open each conf file (e.g. using nano) and search > for ssl=no; I'm right or there's a specific file to check? I see you replied to me only, please keep your replies on-list. Try grep -r ssl.*no /etc/dovecot Aki
Re: First steps in Dovecot; IMAP not working
doveconf -n shows what's there. if you have ssl=no somewhere else in the config after you set it to required, it gets overwritten. Aki On 13.10.2016 12:18, Marnaud wrote: > Hello, > > > > I'm new in Dovecot and am having troubles making it working. I'm > trying using Outlook and Apple's Mail as the mail clients. Outlook > says it can't establish a secured connection to the server (for the > IMAP protocol). I'm guessing sending e-mails works but I can't check. > > > > This is my current configuration (using dovecot -n): > > > > # 2.2.13: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-042stab116.1 x86_64 Debian 8.6 > mail_location = mbox:~/mail:INBOX=/var/mail/%u > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > driver = pam > } > passdb { > driver = pam > } > protocols = " imap" > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0666 > user = postfix > } > } > service imap-login { > inet_listener imaps { > port = 993 > ssl = yes > } > } > ssl = no > ssl_cert = ssl_key = userdb { > driver = passwd > } > userdb { > driver = passwd > } > > > > I find abnormal I'm seeing "ssl = no" in this configuration despite > the fact that I have "ssl = required" in the > /etc/dovecot/conf.d/10-ssl.conf file, but I'm new to this... > > I have looked around the web; finally, I'm asking here, hoping it's > the correct place to ask. > > > > Arnaud
First steps in Dovecot; IMAP not working
Hello, I'm new in Dovecot and am having troubles making it working. I'm trying using Outlook and Apple's Mail as the mail clients. Outlook says it can't establish a secured connection to the server (for the IMAP protocol). I'm guessing sending e-mails works but I can't check. This is my current configuration (using dovecot -n): # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-042stab116.1 x86_64 Debian 8.6 mail_location = mbox:~/mail:INBOX=/var/mail/%u namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } passdb { driver = pam } protocols = " imap" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imaps { port = 993 ssl = yes } } ssl = no ssl_cert =
Re: SSL error
On Thu, Oct 13, 2016 at 10:30 AM Christian Kivalowrote: > > > > > On 2016-10-13 10:12, arnaud gaboury wrote: > > > On Thu, Oct 13, 2016 at 8:48 AM Christian Kivalo > > > wrote: > > > > > >> > > >> > > >> > > >> > > >> Am 13. Oktober 2016 08:41:06 MESZ, schrieb arnaud gaboury < > > >> arnaud.gabo...@gmail.com>: > > >> > > >> >I run dovecot + postfix as my email server. Everything is working as > > >> > > >> >expected, but I see an error in the dovecot logs: > > >> > > >> > > > >> > > >> >lmtp(7331): Error: SSL context initialization failed, disabling SSL: > > >> > > >> >ENGINE_init(dynamic) failed > > >> > > >> > > > >> > > >> >Dovecot is running and emails are OK. I wonder why this error and how I > > >> > > >> >can > > >> > > >> >fix it? I see it is a SSL issue but no idea in which direction to look. > > >> > > >> >Thank you for help > > >> > > >> Please post the complete log lines and the output of dovecot -n > > >> > > >> > > > $ journalctl --unit=dovecot > > > Oct 13 08:20:20 thetradinghall.com systemd[1]: Started Dovecot > > > IMAP/POP3 > > > email server. > > > Oct 13 08:20:20 thetradinghall.com dovecot[7333]: lmtp(7331): Error: > > > SSL > > > context initialization failed, disabling SSL: ENGINE_init(dynamic) > > > failed > > > Oct 13 08:20:20 thetradinghall.com dovecot[7333]: lmtp(7337): Error: > > > SSL > > > context initialization failed, disabling SSL: ENGINE_init(dynamic) > > > failed > > > Oct 13 08:20:20 thetradinghall.com dovecot[7333]: lmtp(7338): Error: > > > SSL > > > context initialization failed, disabling SSL: ENGINE_init(dynamic) > > > failed > > > > > > > > > > > > $ dovecot -n > > > # 2.2.25 (7be1766): /etc/dovecot/dovecot.conf > > > # OS: Linux 4.7.4-1-hortensia_docker x86_64 Fedora release 24 (Twenty > > > Four) > > > auth_cache_size = 10 M > > > auth_debug = yes > > > auth_debug_passwords = yes > > > auth_mechanisms = plain login > > > auth_verbose = yes > > > auth_verbose_passwords = plain > > > doveadm_socket_path = /run/dovecot/doveadm-server > > > imap_id_log = * > > > info_log_path = /storage/log/dovecot/dovecot-info.log > > > mail_debug = yes > > > mail_gid = 5000 > > > mail_location = maildir:~:LAYOUT=fs > > > mail_server_admin = mailto:ad...@thetradinghall.com > > > mail_uid = 5000 > > > mailbox_list_index = yes > > > maildir_very_dirty_syncs = yes > > > namespace inbox { > > > inbox = yes > > > location = > > > mailbox Archive { > > > auto = create > > > special_use = \Archive > > > } > > > mailbox Drafts { > > > auto = create > > > special_use = \Drafts > > > } > > > mailbox Junk { > > > auto = create > > > special_use = \Junk > > > } > > > mailbox Sent { > > > auto = create > > > special_use = \Sent > > > } > > > prefix = > > > separator = / > > > type = private > > > } > > > passdb { > > > args = /etc/dovecot/dovecot-sql.conf.ext > > > driver = sql > > > } > > > protocols = imap lmtp > > > service auth-worker { > > > user = vmail > > > } > > > service auth { > > > unix_listener /var/spool/postfix/private/auth { > > > group = postfix > > > mode = 0666 > > > user = postfix > > > } > > > unix_listener auth-userdb { > > > group = postfix > > > mode = 0600 > > > user = postfix > > > } > > > user = root > > > } > > > service imap-login { > > > inet_listener imaps { > > > port = 993 > > > ssl = yes > > > } > > > } > > > service lmtp { > > > process_min_avail = 10 > > > unix_listener /var/spool/postfix/private/dovecot-lmtp { > > > group = postfix > > > mode = 0600 > > > user = postfix > > > } > > > } > > > ssl = required > > > ssl_cert = > > ssl_crypto_device = dynamic > > ^^ does it work when you comment/remove this setting? > > > > from my 10-ssl.conf > > # SSL crypto device to use, for valid values run "openssl engine" > > #ssl_crypto_device = > > > > by default ssl_crypto_device is not set. > the line was uncommented, so I commented it. Now .-) ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2016-10-13 10:46:27 CEST; 6s ago Docs: man:dovecot(1) http://wiki2.dovecot.org/ Process: 9793 ExecStop=/usr/bin/doveadm stop (code=exited, status=0/SUCCESS) Process: 9806 ExecStart=/usr/sbin/dovecot (code=exited, status=0/SUCCESS) Process: 9804 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) Main PID: 9807 (dovecot) CGroup: /machine.slice/systemd-nspawn@poppy.service /system.slice/dovecot.service ├─9807 /usr/sbin/dovecot ├─9808 dovecot/lmtp ├─9809 dovecot/anvil ├─9810 dovecot/log ├─9811 dovecot/ssl-params ├─9812 dovecot/lmtp ├─9813 dovecot/lmtp ├─9814 dovecot/lmtp
Re: SSL error
On 2016-10-13 10:12, arnaud gaboury wrote: On Thu, Oct 13, 2016 at 8:48 AM Christian Kivalowrote: Am 13. Oktober 2016 08:41:06 MESZ, schrieb arnaud gaboury < arnaud.gabo...@gmail.com>: >I run dovecot + postfix as my email server. Everything is working as >expected, but I see an error in the dovecot logs: > >lmtp(7331): Error: SSL context initialization failed, disabling SSL: >ENGINE_init(dynamic) failed > >Dovecot is running and emails are OK. I wonder why this error and how I >can >fix it? I see it is a SSL issue but no idea in which direction to look. >Thank you for help Please post the complete log lines and the output of dovecot -n $ journalctl --unit=dovecot Oct 13 08:20:20 thetradinghall.com systemd[1]: Started Dovecot IMAP/POP3 email server. Oct 13 08:20:20 thetradinghall.com dovecot[7333]: lmtp(7331): Error: SSL context initialization failed, disabling SSL: ENGINE_init(dynamic) failed Oct 13 08:20:20 thetradinghall.com dovecot[7333]: lmtp(7337): Error: SSL context initialization failed, disabling SSL: ENGINE_init(dynamic) failed Oct 13 08:20:20 thetradinghall.com dovecot[7333]: lmtp(7338): Error: SSL context initialization failed, disabling SSL: ENGINE_init(dynamic) failed $ dovecot -n # 2.2.25 (7be1766): /etc/dovecot/dovecot.conf # OS: Linux 4.7.4-1-hortensia_docker x86_64 Fedora release 24 (Twenty Four) auth_cache_size = 10 M auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain doveadm_socket_path = /run/dovecot/doveadm-server imap_id_log = * info_log_path = /storage/log/dovecot/dovecot-info.log mail_debug = yes mail_gid = 5000 mail_location = maildir:~:LAYOUT=fs mail_server_admin = mailto:ad...@thetradinghall.com mail_uid = 5000 mailbox_list_index = yes maildir_very_dirty_syncs = yes namespace inbox { inbox = yes location = mailbox Archive { auto = create special_use = \Archive } mailbox Drafts { auto = create special_use = \Drafts } mailbox Junk { auto = create special_use = \Junk } mailbox Sent { auto = create special_use = \Sent } prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocols = imap lmtp service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = postfix mode = 0600 user = postfix } user = root } service imap-login { inet_listener imaps { port = 993 ssl = yes } } service lmtp { process_min_avail = 10 unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert = ^^ does it work when you comment/remove this setting? from my 10-ssl.conf # SSL crypto device to use, for valid values run "openssl engine" #ssl_crypto_device = by default ssl_crypto_device is not set. ssl_key = -- Christian Kivalo
Re: SSL error
On Thu, Oct 13, 2016 at 8:48 AM Christian Kivalowrote: > > > > > Am 13. Oktober 2016 08:41:06 MESZ, schrieb arnaud gaboury < > arnaud.gabo...@gmail.com>: > > >I run dovecot + postfix as my email server. Everything is working as > > >expected, but I see an error in the dovecot logs: > > > > > >lmtp(7331): Error: SSL context initialization failed, disabling SSL: > > >ENGINE_init(dynamic) failed > > > > > >Dovecot is running and emails are OK. I wonder why this error and how I > > >can > > >fix it? I see it is a SSL issue but no idea in which direction to look. > > >Thank you for help > > Please post the complete log lines and the output of dovecot -n > > $ journalctl --unit=dovecot Oct 13 08:20:20 thetradinghall.com systemd[1]: Started Dovecot IMAP/POP3 email server. Oct 13 08:20:20 thetradinghall.com dovecot[7333]: lmtp(7331): Error: SSL context initialization failed, disabling SSL: ENGINE_init(dynamic) failed Oct 13 08:20:20 thetradinghall.com dovecot[7333]: lmtp(7337): Error: SSL context initialization failed, disabling SSL: ENGINE_init(dynamic) failed Oct 13 08:20:20 thetradinghall.com dovecot[7333]: lmtp(7338): Error: SSL context initialization failed, disabling SSL: ENGINE_init(dynamic) failed $ dovecot -n # 2.2.25 (7be1766): /etc/dovecot/dovecot.conf # OS: Linux 4.7.4-1-hortensia_docker x86_64 Fedora release 24 (Twenty Four) auth_cache_size = 10 M auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain doveadm_socket_path = /run/dovecot/doveadm-server imap_id_log = * info_log_path = /storage/log/dovecot/dovecot-info.log mail_debug = yes mail_gid = 5000 mail_location = maildir:~:LAYOUT=fs mail_server_admin = mailto:ad...@thetradinghall.com mail_uid = 5000 mailbox_list_index = yes maildir_very_dirty_syncs = yes namespace inbox { inbox = yes location = mailbox Archive { auto = create special_use = \Archive } mailbox Drafts { auto = create special_use = \Drafts } mailbox Junk { auto = create special_use = \Junk } mailbox Sent { auto = create special_use = \Sent } prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocols = imap lmtp service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = postfix mode = 0600 user = postfix } user = root } service imap-login { inet_listener imaps { port = 993 ssl = yes } } service lmtp { process_min_avail = 10 unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert = > > -- > > Christian Kivalo > >
Strange subscriptions added by dsync backup
Hi, We're in the process of migrating our dovecot 1.x mail server to a Dovecot 2.2.25 server. During the migration I'm moving from mbox storage to mdbox. I use the following method to do a one-way sync from our current mail server to our new mail server (command executed on the new server): doveadm -v -o imapc_host=oldserver \ -o imapc_user=$u \ -o imapc_master_user=$masteruser \ -o imapc_password="$masterpass" \ -o imapc_port=993 -o imapc_ssl=imaps \ -o ssl_client_ca_file=/etc/pki/tls/certs/ca-bundle.crt \ -o imapc_ssl_verify=yes \ -o mail_fsync=never \ -o mail_prefetch_count=20 \ backup -R -u $u imapc: $u is replaced by the username I'm migrating. The dsync command runs and exits with code 0 (all OK). However, when I look at the subscriptions file on the new server, there seem to be additional subscriptions that are not in the subscriptions file on the old server: 7b0d681945d0fc57115690ca 7c0d681945d0fc57115690ca 7d0d681945d0fc57115690ca 7e0d681945d0fc57115690ca 7f0d681945d0fc57115690ca 800d681945d0fc57115690ca Where do these come from? Is something wrong with the migration? It also seems that subscriptions for IMAP folders that only contain subfolders[1] are no longer present in the new subscriptions file: # diff -u sub-old.sorted sub-new.sorted --- sub-old.sorted2016-10-11 13:42:44.175070610 +0200 +++ sub-new.sorted2016-10-11 13:47:53.973888462 +0200 @@ -1,26 +1,26 @@ -Archive/Administration/ +7b0d681945d0fc57115690ca +7c0d681945d0fc57115690ca +7d0d681945d0fc57115690ca +7e0d681945d0fc57115690ca +7f0d681945d0fc57115690ca +800d681945d0fc57115690ca Archive/Administration/Conferences Archive/Announcements -Archive/Education/ Archive/Education/E02N3A Archive/Education/I0D51A Archive/Politics -Archive/Research/ -Archive/Research/FET/ Archive/Research/FET/VPH - Virtual Physiological Human Archive/Research/Grants/ICON IBBT Call 2011 Archive/Research/Grants/Marie Curie ITN 2011 Archive/Research/Grants/Odysseus Archive/Research/Grants/SymBioSysII/Funding Archive/Research/Grants/SymBioSysII/JobApplications -Archive/Research/Manuscripts/ Archive/Research/Manuscripts/ruby-ensembl-api Archive/Research/Projects/GUNZ Archive/Research/Projects/MIQAS Archive/Research/Projects/MODY Archive/Research/Projects/ruby-ensembl-api Archives -Archive/Service/ Archive/Service/EditorORC Archive/Service/Reviewing Deleted Messages Is this expected behaviour? Regards, Rik [1] On the old server a folder can only contain either messages or subfolders, not both at the same time. -- Rik Theys System Engineer KU Leuven - Dept. Elektrotechniek (ESAT) Kasteelpark Arenberg 10 bus 2440 - B-3001 Leuven-Heverlee +32(0)16/32.11.07 <>
Re: SSL error
Am 13. Oktober 2016 08:41:06 MESZ, schrieb arnaud gaboury: >I run dovecot + postfix as my email server. Everything is working as >expected, but I see an error in the dovecot logs: > >lmtp(7331): Error: SSL context initialization failed, disabling SSL: >ENGINE_init(dynamic) failed > >Dovecot is running and emails are OK. I wonder why this error and how I >can >fix it? I see it is a SSL issue but no idea in which direction to look. >Thank you for help Please post the complete log lines and the output of dovecot -n -- Christian Kivalo
SSL error
I run dovecot + postfix as my email server. Everything is working as expected, but I see an error in the dovecot logs: lmtp(7331): Error: SSL context initialization failed, disabling SSL: ENGINE_init(dynamic) failed Dovecot is running and emails are OK. I wonder why this error and how I can fix it? I see it is a SSL issue but no idea in which direction to look. Thank you for help