Dovecot eBook
Hi Timo I have a strange question. I bought the Dovecot Book off Amazon. I can easily prove it with a picture and/or my receipt off Amazon. I still have it o my library but I don’t like to travel around with it. Is there a way for me to get a PDF copy? I just checked Amazon and there is still no PDF version available there. Regards SI Sent from Mail for Windows 10
Re: Dovecot 2.3.6 on Solaris10: build issues, segfaults
Looking further into this segfault at
settings-parser.c:setting_copy():1519
*dest_size = *src_size;
*src_size points to type size_t (typedef unsigned long), a 4-byte
aligned value consistent with a 32-bit build. This is mismatched with
declared type
(gdb) whatis src_size
type = const uoff_t *
(gdb) whatis uoff_t
type = unsigned long long
(gdb) p sizeof(uoff_t)
$1 = 8
resulting in the segfault when *src_size is dereferened. The implied
condition of this code segment is typeof(uoff_t)==typeof(size_t) which
is clearly not the case.
I'm not sure how/if uoff_t is defined, but configure reports
checking for uoff_t... no
checking type of off_t... long long
The latter is weird, because if I compile and run using the same compiler flags
#include
int main(void) { printf("%d %d\n",sizeof(long long),sizeof(off_t)); }
the output is "8 4".
Joseph Tam
Re: Address family not supported by protocol
On 19/07/2019 20:04 Elias Hamaz via dovecot wrote: Hello, I am trying to run Dovecot on Arch Linux ARM on a Raspberry Pi, and there is an error when calling dovecot. Related information is listed below. Does anybody know if this is a code issue or a configuration issue? Regards, Elias Hamaz You have ipv6 disabled but is set to listen :: in config. Set listen=0.0.0.0 --- Aki Tuomi
Address family not supported by protocol
Hello,
I am trying to run Dovecot on Arch Linux ARM on a Raspberry Pi, and there is an
error when calling dovecot.
Related information is listed below.
Does anybody know if this is a code issue or a configuration issue?
Regards,
Elias Hamaz
$ sudo dovecot:
Error: socket() failed: Address family not supported by protocol
Error: service(pop3-login): listen(::, 110) failed: Address family not
supported by protocol
Error: socket() failed: Address family not supported by protocol
Error: service(pop3-login): listen(::, 995) failed: Address family not
supported by protocol
Error: socket() failed: Address family not supported by protocol
Error: service(imap-login): listen(::, 143) failed: Address family not
supported by protocol
Error: socket() failed: Address family not supported by protocol
Error: service(imap-login): listen(::, 993) failed: Address family not
supported by protocol
Fatal: Failed to start listeners
$ df -Th:
Filesystem Type Size Used Avail Use% Mounted on
/dev/root ext4 15G 13G 1.1G 93% /
devtmpfs devtmpfs 211M 0 211M 0% /dev
tmpfs tmpfs 215M 0 215M 0% /dev/shm
tmpfs tmpfs 215M 280K 215M 1% /run
tmpfs tmpfs 215M 0 215M 0% /sys/fs/cgroup
tmpfs tmpfs 215M 0 215M 0% /tmp
/dev/mmcblk0p1 vfat 90M 49M 41M 55% /boot
tmpfs tmpfs 43M 0 43M 0% /run/user/1000
$ lscpu:
Architecture:armv6l
Byte Order: Little Endian
CPU(s): 1
On-line CPU(s) list: 0
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 1
Vendor ID: ARM
Model: 7
Model name: ARM1176
Stepping:r0p7
CPU max MHz: 700.
CPU min MHz: 700.
BogoMIPS:697.95
Flags: half thumb fastmult vfp edsp java tls
$ dovecot -n:
# 2.3.7 (494d20bdc): /etc/dovecot/dovecot.conf
# OS: Linux 4.14.50-2-ARCH armv6l
# Hostname: alarmpi
doveconf: Error: t_readlink(/var/run/dovecot/dovecot.conf) failed: readlink()
failed: No such file or directory
namespace {
inbox = yes
location =
mailbox {
special_use = \Drafts
name = Drafts
}
mailbox {
special_use = \Junk
name = Junk
}
mailbox {
special_use = \Sent
name = Sent
}
mailbox {
special_use = \Sent
name = Sent Messages
}
mailbox {
special_use = \Trash
name = Trash
}
prefix =
name = inbox
}
passdb {
driver = pam
}
service replication-notify-fifo {
name = aggregator
}
service anvil-auth-penalty {
name = anvil
}
service auth-worker {
name = auth-worker
}
service auth-client {
name = auth
}
service config {
name = config
}
service dict-async {
name = dict-async
}
service dict {
name = dict
}
service login/proxy-notify {
name = director
}
service dns-client {
name = dns_client
}
service doveadm-server {
name = doveadm
}
service imap-hibernate {
name = imap-hibernate
}
service imap {
name = imap-login
}
service imap-urlauth {
name = imap-urlauth-login
}
service imap-urlauth-worker {
name = imap-urlauth-worker
}
service token-login/imap-urlauth {
name = imap-urlauth
}
service imap-master {
name = imap
}
service indexer-worker {
name = indexer-worker
}
service indexer {
name = indexer
}
service ipc {
name = ipc
}
service lmtp {
name = lmtp
}
service log-errors {
name = log
}
service old-stats-mail {
name = old-stats
}
service pop3 {
name = pop3-login
}
service login/pop3 {
name = pop3
}
service replicator-doveadm {
name = replicator
}
service stats-reader {
name = stats
}
service submission {
name = submission-login
}
service login/submission {
name = submission
}
ssl_cert =
Address family not supported by protocol
Hello,I am trying to run Dovecot on Arch Linux ARM on a Raspberry Pi, and there is an error when calling dovecot.Related information is listed below.Does anybody know if this is a code issue or a configuration issue?Regards,Elias Hamaz$ sudo dovecot:Error: socket() failed: Address family not supported by protocolError: service(pop3-login): listen(::, 110) failed: Address family not supported by protocolError: socket() failed: Address family not supported by protocolError: service(pop3-login): listen(::, 995) failed: Address family not supported by protocolError: socket() failed: Address family not supported by protocolError: service(imap-login): listen(::, 143) failed: Address family not supported by protocolError: socket() failed: Address family not supported by protocolError: service(imap-login): listen(::, 993) failed: Address family not supported by protocolFatal: Failed to start listeners$ df -Th:Filesystem Type Size Used Avail Use% Mounted on/dev/root ext4 15G 13G 1.1G 93% /devtmpfs devtmpfs 211M 0 211M 0% /devtmpfs tmpfs 215M 0 215M 0% /dev/shmtmpfs tmpfs 215M 280K 215M 1% /runtmpfs tmpfs 215M 0 215M 0% /sys/fs/cgrouptmpfs tmpfs 215M 0 215M 0% /tmp/dev/mmcblk0p1 vfat 90M 49M 41M 55% /boottmpfs tmpfs 43M 0 43M 0% /run/user/1000$ lscpu:Architecture: armv6lByte Order: Little EndianCPU(s): 1On-line CPU(s) list: 0Thread(s) per core: 1Core(s) per socket: 1Socket(s): 1Vendor ID: ARMModel: 7Model name: ARM1176Stepping: r0p7CPU max MHz: 700.CPU min MHz: 700.BogoMIPS: 697.95Flags: half thumb fastmult vfp edsp java tls$ dovecot -n:# 2.3.7 (494d20bdc): /etc/dovecot/dovecot.conf# OS: Linux 4.14.50-2-ARCH armv6l # Hostname: alarmpidoveconf: Error: t_readlink(/var/run/dovecot/dovecot.conf) failed: readlink() failed: No such file or directorynamespace { inbox = yes location = mailbox { special_use = \Drafts name = Drafts } mailbox { special_use = \Junk name = Junk } mailbox { special_use = \Sent name = Sent } mailbox { special_use = \Sent name = Sent Messages } mailbox { special_use = \Trash name = Trash } prefix = name = inbox}passdb { driver = pam}service replication-notify-fifo { name = aggregator}service anvil-auth-penalty { name = anvil}service auth-worker { name = auth-worker}service auth-client { name = auth}service config { name = config}service dict-async { name = dict-async}service dict { name = dict}service login/proxy-notify { name = director}service dns-client { name = dns_client}service doveadm-server { name = doveadm}service imap-hibernate { name = imap-hibernate}service imap { name = imap-login}service imap-urlauth { name = imap-urlauth-login}service imap-urlauth-worker { name = imap-urlauth-worker}service token-login/imap-urlauth { name = imap-urlauth}service imap-master { name = imap}service indexer-worker { name = indexer-worker}service indexer { name = indexer}service ipc { name = ipc}service lmtp { name = lmtp}service log-errors { name = log}service old-stats-mail { name = old-stats}service pop3 { name = pop3-login}service login/pop3 { name = pop3}service replicator-doveadm { name = replicator}service stats-reader { name = stats}service submission { name = submission-login}service login/submission { name = submission}ssl_cert = ssl_key = # hidden, use -P to show ituserdb { driver = passwd}protocol lmtp { service replication-notify-fifo { name = aggregator } service anvil-auth-penalty { name = anvil } service auth-worker { name = auth-worker } service auth-client { name = auth } service config { name = config } service dict-async { name = dict-async } service dict { name = dict } service login/proxy-notify { name = director } service dns-client { name = dns_client } service doveadm-server { name = doveadm } service imap-hibernate { name = imap-hibernate } service imap { name = imap-login } service imap-urlauth { name = imap-urlauth-login } service imap-urlauth-worker { name = imap-urlauth-worker } service token-login/imap-urlauth { name = imap-urlauth } service imap-master { name = imap } service indexer-worker { name = indexer-worker } service indexer { name = indexer } service ipc { name = ipc } service lmtp { name = lmtp } service log-errors { name = log } service old-stats-mail { name = old-stats } service pop3 { name = pop3-login } service login/pop3 { name = pop3 } service replicator-doveadm { name = replicator } service stats-reader { name = stats } service submission { name = submission-login } service login/submission { name = submission }}protocol !indexer-worker { service
WARNING: using attachment_dir with plugin zlib can corrupt mails
Hello list, hello Dovecot developers,
this week, I discovered a serious bug in Dovecot, that lead to several
broken mails on our servers. The bug corrupts the first few characters
of the mail header during saving. On our setup, it was almost always
only the very first line of text, that was corrupted.
Depending on the IMAP client (they seem to request different header
fields, ... during mail access), the bug causes the imap process to hang
up the TCP connection and log errors like this:
imap(USERNAME)<4767>: Error: Corrupted record in index cache
file /IMAP/mail/mailboxes/USERNAME/mdbox/mailboxes/Trash/dbox-Mails/dovecot.index.cache:
UID 489113: Broken fields in mailbox Trash:
read(attachments-connector(zlib(/IMAP/mail/mailboxes/USERNAME/mdbox/storage/m.813))): FETCH
BODY[HEADER.FIELDS (RETURN-PATH SUBJECT)] got too little data: 2 vs 122
In our case that finally grabbed my attention, the client was the users
iphone that did not display any new messages but his Thunderbird did.
The bug seems to be triggered by a bad "interaction" of attachment_dir
option and zlib plugin. If you use both, you most likely are affected,
too, except you only use zlib plugin for reading previously compressed
stored mails. That's also the workaround we use now: zlib plugin only
enabled in mail_plugins but no plugin/zlib_save set.
The bug occurs on very specific mails. Due to privacy reasons I could
not provide sample mails here. Storing such mails seems to trigger the
bug reproducible.
I attached a very minimal doveconf -n config, that can be used to
trigger the bug. If one of the developers is interested, I can try to
generate an "anonymized" version of such a specific mail that still
causes the issue. I discovered the bug on our productive systems,
running latest Dovecot 2.2 release, but the latest 2.3 I used during
debugging is affected, too.
During debugging, I also found one hint, that might help find the bug:
If you store a problematic mail with zlib_save=gz (or zlib_save=bz2) and
then disable the zlib plugin in mail_plugins, you can call
doveadm fetch -u test hdr all | grep -v ^hdr: | gzip --decompress
on test's mailbox with only that one broken mail.
This will display the beginning of the rfc822 mail text until gzip
terminates with "gzip: stdin: unexpected end of file", approximately
after twice the length of the mail HEADER. This might indicate, that
dovecot stores the uncompressed size of the header in it's data
structures although the mail is stored compressed.
I also found a very efficient way to find all affected mails in our setup:
doveadm -f flow fetch -A 'user guid mailbox uid seq flags hdr' all | \
grep -a "^[^ ]+ user=" | \
grep -avF ' hdr=Return-path: ' | \
grep -av '.* hdr=[[:print:][:space:]]*$'
(runtime for ~6M mails on our servers was 20-30min)
This can be even more optimized if you have a powerful storage system
with GNU parallel:
doveadm user '*' | parallel "doveadm -f flow fetch -u '{}' 'user guid mailbox uid
seq flags hdr' all | grep -a '^user=' | grep -avF ' hdr=Return-path: ' | grep -av '.*
hdr=[[:print:][:space:]]*$' || true"
(runtime for ~6M mails on our servers was ~4min)
The command will give you a list of mails that possibly are affected,
check the full output of
doveadm fetch -u USERNAME hdr guid GUID | less
to verify that the header is really broken.
On our systems I found 39 mails within ~12M mails.
I was able to recover these mails "manually" by reconstructing the
Return-Path header line, importing the fixed mails and expunging the
corrupt ones. Before importing, I had to disable zlib_save option obviously.
Best regards,
--
Patrick Cernko +49 681 9325 5815
Joint Administration: Information Services and Technology
Max-Planck-Institute fuer Informatik & Softwaresysteme
# 2.3.6.1 (d124cc84b): /etc/dovecot/dovecot.conf
# OS: Linux 4.14.127.1.amd64-smp x86_64 Debian 9.9
# Hostname: adove.mpi-klsb.mpg.de
listen = *
mail_attachment_dir = /var/vmail/attachments
mail_attachment_fs = posix
mail_gid = nogroup
mail_home = /var/vmail/%u
mail_location = mdbox:~/mdbox
mail_plugins = " zlib"
mail_uid = nobody
passdb {
args = /etc/dovecot/userdb
driver = passwd-file
}
plugin {
zlib_save = gz
}
protocols = imap
userdb {
args = /etc/dovecot/userdb
driver = passwd-file
}
smime.p7s
Description: S/MIME Cryptographic Signature
index worker 2.3.7 undefined symbol errors
Suddenly I am getting undefined symbol errors having updated to 2.3.7.
Jul 18 01:02:49 localhost dovecot: indexer-worker: Error: User
lookup failed: Couldn't load required plugin
/usr/lib/dovecot/modules/lib95_imap_sieve_plugin.so: dlopen() failed:
/usr/lib/dovecot/modules/lib95_imap_sieve_plugin.so: undefined symbol:
command_hook_register
(I think I fixed this one by a config change)
But I am left with this:
Jul 19 14:09:52 localhost dovecot: indexer-worker: Error: User
lookup failed: Couldn't load required plugin
/usr/lib/dovecot/modules/lib90_sieve_plugin.so: dlopen() faile:
/usr/lib/dovecot/modules/lib90_sieve_plugin.so: undefined symbol:
mail_deliver_ctx_get_log_var_expand_table
My (redacted) dovecot -n:
# 2.3.7 (494d20bdc): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.7 (5a4e63b5)
# OS: Linux 4.15.0-54-generic x86_64 Ubuntu 18.04.2 LTS
# Hostname: localhost
auth_verbose = yes
first_valid_uid = 2000
imapc_features = rfc822.size fetch-headers
imapc_host = mailman.tobit.co.uk
imapc_port = 993
imapc_ssl = imaps
imapc_ssl_verify = no
imapc_user = %n
lda_mailbox_autocreate = yes
mail_attachment_dir = %h/attachments
mail_attachment_min_size = 64 k
mail_location = mdbox:%h:INBOX=%h/mail
mail_plugins = mail_log notify replication fts fts_lucene sieve
mail_prefetch_count = 20
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart
extracttext imapsieve vnd.dovecot.imapsieve
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = # hidden
driver = sql
}
plugin {
fts = lucene
fts_autoindex = yes
fts_autoindex_exclude = \Junk
fts_autoindex_exclude2 = \Trash
fts_autoindex_exclude3 = \Deleted
fts_lucene = whitespace_chars=@.
imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Junk
imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_name = *
mail_log_events = delete undelete expunge copy save mailbox_delete
mailbox_rename mailbox_create
mail_log_fields = uid box msgid size
sieve = file:~/sieve;active=~/.dovecot.sieve
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
sieve_pipe_bin_dir = /etc/dovecot/sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve_trace_dir = /tmp
sieve_trace_level = matching
}
postmaster_address = postmas...@tobit.co.uk
protocols = imap lmtp sieve
service auth {
unix_listener exim-auth {
group = Debian-exim
mode = 0660
user = Debian-exim
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service lmtp {
inet_listener lmtp {
address = 127.0.0.1
port = # hidden
}
unix_listener lmtp {
mode = 0666
}
user = vmail
}
service managesieve-login {
inet_listener sieve {
port = # hidden
}
process_min_avail = 0
service_count = 1
vsz_limit = 64 M
}
service managesieve {
process_limit = 100
}
ssl_cert = # hidden
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
args = # hidden
driver = sql
}
protocol imap {
mail_plugins = mail_log notify replication fts fts_lucene imap_sieve
}
protocol lmtp {
mail_plugins = fts fts_lucene sieve
}
Re: Dovecot 2.3.0 TLS
> Le 18 juil. 2019 à 11:21, Alexandre Urban via dovecot a > écrit : > > Hello, > > I don’t know who will read this message, but I found this thread: > https://www.mail-archive.com/search?l=dovecot@dovecot.org=subject:%22Dovecot+2.3.0+TLS%22=newest > And I’m expected the same issue, I will try to explain to you (english is not > my native language, sorry) > > Since Buster update, so Dovecot update too, I’m not able to connect to my > mail server from my iOS mail client (12.2) > Thunderbird just work fine. > > Here is my configuration: > > Debian Buster (amd64) > Dovecot: 2.3.4.1 > Postfix : 3.4.5 > OpenSSL: 1.1.1c > > Dovecot configuration file: > > ssl_min_protocol = TLSv1.2 (I tried different version) > > When I tried to connect with command line: openssl s_client -showcerts > -connect server:993 > > No client certificate CA names sent > Peer signing digest: SHA256 > Peer signature type: RSA-PSS > Server Temp Key: X25519, 253 bits > --- > SSL handshake has read 2322 bytes and written 392 bytes > Verification error: unable to verify the first certificate > --- > New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 > Server public key is 2048 bit > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > Early data was not sent > Verify return code: 21 (unable to verify the first certificate) > > When I tried to connect with command line: openssl s_client -showcerts > -no_tls1_3 -connect server:993 > > No client certificate CA names sent > Peer signing digest: SHA256 > Peer signature type: RSA-PSS > Server Temp Key: X25519, 253 bits > --- > SSL handshake has read 2423 bytes and written 310 bytes > Verification error: unable to verify the first certificate > --- > New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 > Server public key is 2048 bit > Secure Renegotiation IS supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > SSL-Session: > Protocol : TLSv1.2 > Cipher: ECDHE-RSA-AES256-GCM-SHA384 > > I think the “Secure Renegotiation IS NOT supported” with tls 1.3 could be an > issue, but I don’t what to do to fix the issue ? > > Could you help me ? > Let me know if you need more informations. > I would rather look at the "Verify return code: 21 (unable to verify the first certificate)" error. Is your TLS certificat valid and trusted on your iOS device ? IIRC, "Secure Renegotiation" is explicitly not supported by TLS1.3 (TLS1.3 forbids any renegotiation).
Re: Dovecot 2.3.0 TLS
Hello, I don't know who will read this message, but I found this thread: https://www.mail-archive.com/search?l=dovecot@dovecot.org=subject:%22Dovecot+2.3.0+TLS%22=newest And I'm expected the same issue, I will try to explain to you (english is not my native language, sorry) Since Buster update, so Dovecot update too, I'm not able to connect to my mail server from my iOS mail client (12.2) Thunderbird just work fine. Here is my configuration: Debian Buster (amd64) Dovecot: 2.3.4.1 Postfix : 3.4.5 OpenSSL: 1.1.1c Dovecot configuration file: ssl_min_protocol = TLSv1.2 (I tried different version) When I tried to connect with command line: openssl s_client -showcerts -connect server:993 No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 2322 bytes and written 392 bytes Verification error: unable to verify the first certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 21 (unable to verify the first certificate) When I tried to connect with command line: openssl s_client -showcerts -no_tls1_3 -connect server:993 No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 2423 bytes and written 310 bytes Verification error: unable to verify the first certificate --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher: ECDHE-RSA-AES256-GCM-SHA384 I think the "Secure Renegotiation IS NOT supported" with tls 1.3 could be an issue, but I don't what to do to fix the issue ? Could you help me ? Let me know if you need more informations. Thank you. Regards, Alex
