Re: dovecot-2.3-pigeonhole-0.5.18 : Freebsd Will not build
You need to upgrade dovecot to 2.3.18. On Sun, Feb 20, 2022 at 10:43 PM Paul Kudla (Scom.ca Internet Services Inc.) wrote: > dovecot version : dovecot-2.3.14 > > > -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larry...@gmail.com US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
Re: Dovecot 2.3 repo for CentOS 8.
On 14 Feb 2020, at 10:59, Peter wrote: On 14/02/20 10:10 pm, Tobias Kirchhofer wrote: would it be useful/advisable to use this repo for productive operation? An official repo is still not available for CentOS 8 https://repo.dovecot.org/ We would like to set up our new mail server on CentOS 8 and are waiting… :) What is your advice? As others have mentioned there are missing -devel packages in CentOS 8, which is because there are missing -devel packages in RHEL 8, most notably in this case is quota-devel. tcp wrappers is also missing but that's because they are deprecated in CentOS 8 so building without tcp wrapper support is not a big deal, but I would assume that a lot of people will want quota support, so I wouldn't want to build a dovecot package without it. Personally I'm trying to get the GhettoForge build system modified so it can get missing -devel packages by rebuilding the source rpms for them, this is a work in progress. There is also work on the CentOS side to build and offer up the missing -devel packages. At the end of the day nobody will be able to build decent dovecot packages until one of these things happens. For now you can use the stock dovecot 2.2.36 that comes with CentOS or you can wait. CentOS and Red Hat have not made this easy so it is going to take time. Okay, will try 2.2.36. Our protoype is on Debian 10 with the latest Dovecot. Don’t know yet if we rely on features from the latest version. Will see. Thank you. Also on a personal note, I think that pushing out any production server on CentOS 8 at this time is premature. CentOS 8 simply is not ready yet, imo. We have CentOS 8.1 VMs productive with either of nginx, PostgreSQL, MariaDB, Node.js. No problems so far. Cross your fingers! :-) Peter -- collect@shift.agency
Re: Dovecot 2.3 repo for CentOS 8.
On 14/02/20 10:10 pm, Tobias Kirchhofer wrote: would it be useful/advisable to use this repo for productive operation? An official repo is still not available for CentOS 8 https://repo.dovecot.org/ We would like to set up our new mail server on CentOS 8 and are waiting… :) What is your advice? As others have mentioned there are missing -devel packages in CentOS 8, which is because there are missing -devel packages in RHEL 8, most notably in this case is quota-devel. tcp wrappers is also missing but that's because they are deprecated in CentOS 8 so building without tcp wrapper support is not a big deal, but I would assume that a lot of people will want quota support, so I wouldn't want to build a dovecot package without it. Personally I'm trying to get the GhettoForge build system modified so it can get missing -devel packages by rebuilding the source rpms for them, this is a work in progress. There is also work on the CentOS side to build and offer up the missing -devel packages. At the end of the day nobody will be able to build decent dovecot packages until one of these things happens. For now you can use the stock dovecot 2.2.36 that comes with CentOS or you can wait. CentOS and Red Hat have not made this easy so it is going to take time. Also on a personal note, I think that pushing out any production server on CentOS 8 at this time is premature. CentOS 8 simply is not ready yet, imo. Peter
Re: Dovecot 2.3 repo for CentOS 8.
Hi Filip, On 12 Dec 2019, at 12:01, fil...@centrum.cz wrote: > Hello, > I have builded some dovecot packages for CentOS 8 in my personal > repository: > http://repo.joomhosting.eu/centos/8/x86_64/ > and SRPMS are in > http://repo.joomhosting.eu/centos/8/SRPMS/ > > I you want you can try it. > > With best regards, > Filip Bartmann would it be useful/advisable to use this repo for productive operation? An official repo is still not available for CentOS 8 https://repo.dovecot.org/ We would like to set up our new mail server on CentOS 8 and are waiting… :) What is your advice? Tobias > On Thu, 12 Dec 2019 12:31:45 +0200 > Reio Remma wrote: > >> On 09/12/2019 17:25, Aki Tuomi via dovecot wrote: On 09/12/2019 17:20 Reio Remma via dovecot wrote: Hello! Are there any plans for an official Dovecot repo for CentOS 8? Thanks, Reio >>> (sorry for duplicate, user error in earlier one...) >>> >>> Yes. There are plans for the repo, unfortunately there are still >>> technical problems due to how CentOS8 repositories are organized. >>> But soon. >>> >>> Aki >> >> I tried rebuilding the RPM for CentOS 8 but I see it's missing some >> notable required packages like tcp wrappers and quota-devel. Managed >> to rebuild by switching these off in the spec file >> (--without-libwrap), but that's probably not a good idea. :) >> >> Reio -- collect@shift.agency
Re: Dovecot 2.3 repo for CentOS 8.
Agree > Il giorno 12 dic 2019, alle ore 10:47, Alexander Dalloz > ha scritto: > > Am 12.12.2019 um 11:31 schrieb Reio Remma: >> On 09/12/2019 17:25, Aki Tuomi via dovecot wrote: > On 09/12/2019 17:20 Reio Remma via dovecot wrote: >> >> [ ... ] >> >> I tried rebuilding the RPM for CentOS 8 but I see it's missing some notable >> required packages like tcp wrappers and quota-devel. Managed to rebuild by >> switching these off in the spec file (--without-libwrap), but that's >> probably not a good idea. :) >> Reio > > TCP wrappers got dropped for RHEL 8 by purpose, following that step of fedora. > > https://fedoraproject.org//wiki/Changes/Deprecate_TCP_wrappers > > There is no real need nowadays and from my experience not many admins make > use of it. > > Alexander
Re: Dovecot 2.3 repo for CentOS 8.
Am 12.12.2019 um 11:31 schrieb Reio Remma: On 09/12/2019 17:25, Aki Tuomi via dovecot wrote: On 09/12/2019 17:20 Reio Remma via dovecot wrote: [ ... ] I tried rebuilding the RPM for CentOS 8 but I see it's missing some notable required packages like tcp wrappers and quota-devel. Managed to rebuild by switching these off in the spec file (--without-libwrap), but that's probably not a good idea. :) Reio TCP wrappers got dropped for RHEL 8 by purpose, following that step of fedora. https://fedoraproject.org//wiki/Changes/Deprecate_TCP_wrappers There is no real need nowadays and from my experience not many admins make use of it. Alexander
Re: Dovecot 2.3 repo for CentOS 8.
On 12/12/2019 13:01, fil...@centrum.cz wrote: Hello, I have builded some dovecot packages for CentOS 8 in my personal repository: http://repo.joomhosting.eu/centos/8/x86_64/ and SRPMS are in http://repo.joomhosting.eu/centos/8/SRPMS/ I you want you can try it. With best regards, Filip Bartmann Thanks! Will have a look. :) Reio On Thu, 12 Dec 2019 12:31:45 +0200 Reio Remma wrote: On 09/12/2019 17:25, Aki Tuomi via dovecot wrote: On 09/12/2019 17:20 Reio Remma via dovecot wrote: Hello! Are there any plans for an official Dovecot repo for CentOS 8? Thanks, Reio (sorry for duplicate, user error in earlier one...) Yes. There are plans for the repo, unfortunately there are still technical problems due to how CentOS8 repositories are organized. But soon. Aki I tried rebuilding the RPM for CentOS 8 but I see it's missing some notable required packages like tcp wrappers and quota-devel. Managed to rebuild by switching these off in the spec file (--without-libwrap), but that's probably not a good idea. :) Reio -- Tervitades Reio Remma MR Stuudio 25 aastat *MR Stuudio OÜ* Tondi 17b, 11316, Tallinn Tel +372 650 4808 Mob +372 56 22 00 33 r...@mrstuudio.ee www.mrstuudio.ee
Re: Dovecot 2.3 repo for CentOS 8.
Hello, I have builded some dovecot packages for CentOS 8 in my personal repository: http://repo.joomhosting.eu/centos/8/x86_64/ and SRPMS are in http://repo.joomhosting.eu/centos/8/SRPMS/ I you want you can try it. With best regards, Filip Bartmann On Thu, 12 Dec 2019 12:31:45 +0200 Reio Remma wrote: > On 09/12/2019 17:25, Aki Tuomi via dovecot wrote: > >> On 09/12/2019 17:20 Reio Remma via dovecot > >> wrote: > >> > >> > >> Hello! > >> > >> Are there any plans for an official Dovecot repo for CentOS 8? > >> > >> Thanks, > >> Reio > > (sorry for duplicate, user error in earlier one...) > > > > Yes. There are plans for the repo, unfortunately there are still > > technical problems due to how CentOS8 repositories are organized. > > But soon. > > > > Aki > > I tried rebuilding the RPM for CentOS 8 but I see it's missing some > notable required packages like tcp wrappers and quota-devel. Managed > to rebuild by switching these off in the spec file > (--without-libwrap), but that's probably not a good idea. :) > > Reio
Re: Dovecot 2.3 repo for CentOS 8.
On 09/12/2019 17:25, Aki Tuomi via dovecot wrote: On 09/12/2019 17:20 Reio Remma via dovecot wrote: Hello! Are there any plans for an official Dovecot repo for CentOS 8? Thanks, Reio (sorry for duplicate, user error in earlier one...) Yes. There are plans for the repo, unfortunately there are still technical problems due to how CentOS8 repositories are organized. But soon. Aki I tried rebuilding the RPM for CentOS 8 but I see it's missing some notable required packages like tcp wrappers and quota-devel. Managed to rebuild by switching these off in the spec file (--without-libwrap), but that's probably not a good idea. :) Reio
Re: Dovecot 2.3 repo for CentOS 8.
> On 09/12/2019 17:20 Reio Remma via dovecot wrote: > > > Hello! > > Are there any plans for an official Dovecot repo for CentOS 8? > > Thanks, > Reio (sorry for duplicate, user error in earlier one...) Yes. There are plans for the repo, unfortunately there are still technical problems due to how CentOS8 repositories are organized. But soon. Aki
Re: Dovecot 2.3 repo for CentOS 8.
> On 09/12/2019 17:20 Reio Remma via dovecot wrote: > > > Hello! > > Are there any plans for an official Dovecot repo for CentOS 8? > > Thanks, > Reio
Re: Dovecot 2.3 error, FreeBSD 12 in a jail
On Sat, 15 Jun 2019 at 07:12, David Mehler via dovecot wrote: > Hello, > > I'm trying to get Dovecot going on my system. It's a FreeBSD > 12.0-RELEASE system and it's running dovecot 2.3 via ports in a jail. > I'm getting the same error message(s) as in this bug report, which has > been marked as closed: > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225078 > > Dovecot is not starting at all in this jail when starting with service > dovecot start. A service dovecot status also reveals the error message > about /var/run/dovecot/dovecot.conf file, but a doveconf -n does not > reveal any configuration file issues. I did put a symlink in > /var/run/dovecot to /usr/local/etc/dovecot/dovecot.conf, this did not > correct the issue. > > Any suggestions welcome. > Thanks. > Dave. > Hi David, Your problem must be something to do with your jails on FreeBSD, IMHO. The FreeBSD port maintainer (Larry Rosenman) is here. Perhaps he'll be willing to help troubleshoot the jail issue. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-)
Re: Dovecot 2.3 no longer accepts ssl_key_password
Op 15/01/2019 om 08:08 schreef Aki Tuomi: On 10.1.2019 6.53, Chris Kiakas wrote: Hit a little problem when I upgraded a system from FreeBSD 10.3 to 11.2. I did not receive any errors in the upgrade. The system is running 4 jails and everything seems to work except in Dovecot dovecot-2.3.4_5 where when using the exact same configuration which worked in 10.3 with the same password protected certificate key. (doveconf -n -P shows the correct password.) ssl_ca = Thanks for reporting this, we'll look into it. Tracking internally as DOP-851. Regards, Stephan.
Re: Dovecot 2.3 no longer accepts ssl_key_password
On 10.1.2019 6.53, Chris Kiakas wrote: > Hit a little problem when I upgraded a system from FreeBSD 10.3 to 11.2. I > did not receive any errors in the upgrade. The system is running 4 jails and > everything seems to work except in Dovecot dovecot-2.3.4_5 where when using > the exact same configuration which worked in 10.3 with the same password > protected certificate key. (doveconf -n -P shows the correct password.) > > > ssl_ca = ssl_cert = ssl_dh = ssl_key = ssl_key_password = keypassword > > The password works with openssl. Changing the password on the key has no > effect. Removing the password on the cert with openssl and running dovecot > with the new key works. > > I installed on another system and I am experiencing the same results. The > issue persists whether I install dovecot from ports or pkg. I can't see where > the problem is. It seems that Dovecot is unable to read the key when password > protected even though it has the correct password. Has anyone experienced > this? > > > > Chris Hi! Thanks for reporting this, we'll look into it. Aki
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
>> That is one of the reasons I do not bother since long with public CAs >> but rather deploy my own, including own OSCP responder. > May I ask, how you create a CA which is valid for clients without them > having to install your root cert? > > and CA trust in clients. Latter though could be easily overcome if browser and email clients were to support DNSSEC/DANE validation. That is where DANE/TLSA comes in but it requires DNSSEC/DANE validation in the client and of course DNSSEC and TLSA records in the domain's DNS. Notwithstanding that the upstream DNS resolvers utilized by clients need to support DNSSEC queries/answers as well. Whatever the reasons for lacking such validation support in most of the clients (incl. web browsers) one speculative is that it would kill commercial CAs (as such Let's Encrypt is one too through their sponsors), or at least has the potential to diminish their business (model). Suppose we are not hijacking this thread furthermore and avoid earning a discontent eventually ... ;)
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
On 2018-07-30 19:45, ѽ҉ᶬḳ℠ wrote: > That is one of the reasons I do not bother since long with public CAs > but rather deploy my own, including own OSCP responder. May I ask, how you create a CA which is valid for clients without them having to install your root cert? Cheers, K. C. -- regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944 Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944 /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */ signature.asc Description: OpenPGP digital signature
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
That is one of the reasons I do not bother since long with public CAs but rather deploy my own, including own OSCP responder. Which has of course has some drawbacks like redundancy, resilience, bandwidth provision, geographical spread, implementing CA security standards and CA trust in clients. Latter though could be easily overcome if browser and email clients were to support DNSSEC/DANE validation. It may not help you in the short term now but perhaps something to consider long term for the benefit of controlling the certificate handling/signing, depending on the CA scale. > Hello, > > I have discovered what I believe is the issue after hearing back from > Aquamail. And that is that android 7 which I'm running 7.0 that is, > only supports up to the p256 ecc curve. This brings up a question to > users of letsencrypt, when you revoke a certificate does it take it > out on the usage as well? I've got one domain that says i've issued to > many certificates for it and no more can be issued, thought I was > using the staging server. I'd like to get those certs off the > letsencrypt servers so I can make a new one using the p256 curve. Does > anyone know if this is doable? Using acme.sh I tried --revoke which > revoked one cert but letsencrypt still would not let me issue another. > > Thanks. > Dave. > > > On 7/30/18, Aki Tuomi wrote: >> I don't know how to get both RSA and ECC cert from letsencrypt. >> >> Aki >> >>> On 30 July 2018 at 20:43 David Mehler wrote: >>> >>> >>> Hello, >>> >>> What acme implementation do you use for your letsencrypt certificates? >>> If it's acme.sh how do you get both rsa and ecc certificates? What >>> configuration options are you using in your configuration of services >>> to allow access to both rsa and ecc? >>> >>> Thanks. >>> Dave. >>> >>> >>> On 7/30/18, David Mehler wrote: Hello, The client in question is the latest version of AquaMail running on android. Thanks. Dave. On 7/30/18, Aki Tuomi wrote: > You should, in practice, enable both. This gives best client > compability. > It > is possible you have clients that cannot understand ECC certificates? > You > can use ssl_alt_cert to provide RSA cert too. > > Aki > >> On 30 July 2018 at 20:05 David Mehler wrote: >> >> >> Hi, >> >> Thanks, good news is that worked. Bad news is it all looks good which >> means I do not know hwhy my remote clients can't get their email, >> looked like from the logs it was that. >> >> Would 143 be better or 993 for the external clients? >> >> Thanks. >> Dave. >> >> >> On 7/30/18, Aki Tuomi wrote: On 30 July 2018 at 19:16 David Mehler wrote: Hello, Does dovecot 2.3.x have any issues recognizing or using certificates that are ECC and wildcard? I'm trying to switch my letsencrypt implementation from acme-client which does not support either of those capabilities to acme.sh which does. Since then external clients checking their email has not worked. A manual telnet to mail.example.com 993 gives a connected message but then nothing no greeting or capabilities. The certificate is for example.com with an alt name of *.example.com if that's not right let me know, i'm not sure about that one, connecting to the web sites of these pages seems noticeably slower, I'm wondering if both of these issues aren't key related? Thanks. Dave. >>> These both should be fine. >>> >>> Port 993 is TLS encrypted, you should use openssl s_client -connect >>> server:993 >>> >>> Aki >>>
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
Revocation doesn’t remove the certificates; it just marks them as invalid when a TLS client bothers to check. -FG > On Jul 30, 2018, at 6:45 PM, David Mehler wrote: > > Hello, > > I have discovered what I believe is the issue after hearing back from > Aquamail. And that is that android 7 which I'm running 7.0 that is, > only supports up to the p256 ecc curve. This brings up a question to > users of letsencrypt, when you revoke a certificate does it take it > out on the usage as well? I've got one domain that says i've issued to > many certificates for it and no more can be issued, thought I was > using the staging server. I'd like to get those certs off the > letsencrypt servers so I can make a new one using the p256 curve. Does > anyone know if this is doable? Using acme.sh I tried --revoke which > revoked one cert but letsencrypt still would not let me issue another. > > Thanks. > Dave. > > > On 7/30/18, Aki Tuomi wrote: >> I don't know how to get both RSA and ECC cert from letsencrypt. >> >> Aki >> >>> On 30 July 2018 at 20:43 David Mehler wrote: >>> >>> >>> Hello, >>> >>> What acme implementation do you use for your letsencrypt certificates? >>> If it's acme.sh how do you get both rsa and ecc certificates? What >>> configuration options are you using in your configuration of services >>> to allow access to both rsa and ecc? >>> >>> Thanks. >>> Dave. >>> >>> >>> On 7/30/18, David Mehler wrote: Hello, The client in question is the latest version of AquaMail running on android. Thanks. Dave. On 7/30/18, Aki Tuomi wrote: > You should, in practice, enable both. This gives best client > compability. > It > is possible you have clients that cannot understand ECC certificates? > You > can use ssl_alt_cert to provide RSA cert too. > > Aki > >> On 30 July 2018 at 20:05 David Mehler wrote: >> >> >> Hi, >> >> Thanks, good news is that worked. Bad news is it all looks good which >> means I do not know hwhy my remote clients can't get their email, >> looked like from the logs it was that. >> >> Would 143 be better or 993 for the external clients? >> >> Thanks. >> Dave. >> >> >> On 7/30/18, Aki Tuomi wrote: >>> On 30 July 2018 at 19:16 David Mehler wrote: Hello, Does dovecot 2.3.x have any issues recognizing or using certificates that are ECC and wildcard? I'm trying to switch my letsencrypt implementation from acme-client which does not support either of those capabilities to acme.sh which does. Since then external clients checking their email has not worked. A manual telnet to mail.example.com 993 gives a connected message but then nothing no greeting or capabilities. The certificate is for example.com with an alt name of *.example.com if that's not right let me know, i'm not sure about that one, connecting to the web sites of these pages seems noticeably slower, I'm wondering if both of these issues aren't key related? Thanks. Dave. >>> >>> These both should be fine. >>> >>> Port 993 is TLS encrypted, you should use openssl s_client -connect >>> server:993 >>> >>> Aki >>> > >>
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
Hello, I have discovered what I believe is the issue after hearing back from Aquamail. And that is that android 7 which I'm running 7.0 that is, only supports up to the p256 ecc curve. This brings up a question to users of letsencrypt, when you revoke a certificate does it take it out on the usage as well? I've got one domain that says i've issued to many certificates for it and no more can be issued, thought I was using the staging server. I'd like to get those certs off the letsencrypt servers so I can make a new one using the p256 curve. Does anyone know if this is doable? Using acme.sh I tried --revoke which revoked one cert but letsencrypt still would not let me issue another. Thanks. Dave. On 7/30/18, Aki Tuomi wrote: > I don't know how to get both RSA and ECC cert from letsencrypt. > > Aki > >> On 30 July 2018 at 20:43 David Mehler wrote: >> >> >> Hello, >> >> What acme implementation do you use for your letsencrypt certificates? >> If it's acme.sh how do you get both rsa and ecc certificates? What >> configuration options are you using in your configuration of services >> to allow access to both rsa and ecc? >> >> Thanks. >> Dave. >> >> >> On 7/30/18, David Mehler wrote: >> > Hello, >> > >> > The client in question is the latest version of AquaMail running on >> > android. >> > >> > Thanks. >> > Dave. >> > >> > >> > On 7/30/18, Aki Tuomi wrote: >> >> You should, in practice, enable both. This gives best client >> >> compability. >> >> It >> >> is possible you have clients that cannot understand ECC certificates? >> >> You >> >> can use ssl_alt_cert to provide RSA cert too. >> >> >> >> Aki >> >> >> >>> On 30 July 2018 at 20:05 David Mehler wrote: >> >>> >> >>> >> >>> Hi, >> >>> >> >>> Thanks, good news is that worked. Bad news is it all looks good which >> >>> means I do not know hwhy my remote clients can't get their email, >> >>> looked like from the logs it was that. >> >>> >> >>> Would 143 be better or 993 for the external clients? >> >>> >> >>> Thanks. >> >>> Dave. >> >>> >> >>> >> >>> On 7/30/18, Aki Tuomi wrote: >> >>> > >> >>> >> On 30 July 2018 at 19:16 David Mehler >> >>> >> wrote: >> >>> >> >> >>> >> >> >>> >> Hello, >> >>> >> >> >>> >> Does dovecot 2.3.x have any issues recognizing or using >> >>> >> certificates >> >>> >> that are ECC and wildcard? I'm trying to switch my letsencrypt >> >>> >> implementation from acme-client which does not support either of >> >>> >> those >> >>> >> capabilities to acme.sh which does. Since then external clients >> >>> >> checking their email has not worked. A manual telnet to >> >>> >> mail.example.com 993 gives a connected message but then nothing no >> >>> >> greeting or capabilities. >> >>> >> >> >>> >> The certificate is for example.com with an alt name of >> >>> >> *.example.com >> >>> >> if that's not right let me know, i'm not sure about that one, >> >>> >> connecting to the web sites of these pages seems noticeably >> >>> >> slower, >> >>> >> I'm wondering if both of these issues aren't key related? >> >>> >> >> >>> >> Thanks. >> >>> >> Dave. >> >>> > >> >>> > These both should be fine. >> >>> > >> >>> > Port 993 is TLS encrypted, you should use openssl s_client -connect >> >>> > server:993 >> >>> > >> >>> > Aki >> >>> > >> >> >> > >
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
FWIW, it’s relatively straightforward to do this with my Perl ACME implementation, Net::ACME2. You’ll get your first certificate order using one key, then request another certificate with the other key. -FG > On Jul 30, 2018, at 1:49 PM, Aki Tuomi wrote: > > I don't know how to get both RSA and ECC cert from letsencrypt. > > Aki > >> On 30 July 2018 at 20:43 David Mehler wrote: >> >> >> Hello, >> >> What acme implementation do you use for your letsencrypt certificates? >> If it's acme.sh how do you get both rsa and ecc certificates? What >> configuration options are you using in your configuration of services >> to allow access to both rsa and ecc? >> >> Thanks. >> Dave. >> >> >> On 7/30/18, David Mehler wrote: >>> Hello, >>> >>> The client in question is the latest version of AquaMail running on >>> android. >>> >>> Thanks. >>> Dave. >>> >>> >>> On 7/30/18, Aki Tuomi wrote: You should, in practice, enable both. This gives best client compability. It is possible you have clients that cannot understand ECC certificates? You can use ssl_alt_cert to provide RSA cert too. Aki > On 30 July 2018 at 20:05 David Mehler wrote: > > > Hi, > > Thanks, good news is that worked. Bad news is it all looks good which > means I do not know hwhy my remote clients can't get their email, > looked like from the logs it was that. > > Would 143 be better or 993 for the external clients? > > Thanks. > Dave. > > > On 7/30/18, Aki Tuomi wrote: >> >>> On 30 July 2018 at 19:16 David Mehler wrote: >>> >>> >>> Hello, >>> >>> Does dovecot 2.3.x have any issues recognizing or using certificates >>> that are ECC and wildcard? I'm trying to switch my letsencrypt >>> implementation from acme-client which does not support either of >>> those >>> capabilities to acme.sh which does. Since then external clients >>> checking their email has not worked. A manual telnet to >>> mail.example.com 993 gives a connected message but then nothing no >>> greeting or capabilities. >>> >>> The certificate is for example.com with an alt name of *.example.com >>> if that's not right let me know, i'm not sure about that one, >>> connecting to the web sites of these pages seems noticeably slower, >>> I'm wondering if both of these issues aren't key related? >>> >>> Thanks. >>> Dave. >> >> These both should be fine. >> >> Port 993 is TLS encrypted, you should use openssl s_client -connect >> server:993 >> >> Aki >> >>>
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
I don't know how to get both RSA and ECC cert from letsencrypt. Aki > On 30 July 2018 at 20:43 David Mehler wrote: > > > Hello, > > What acme implementation do you use for your letsencrypt certificates? > If it's acme.sh how do you get both rsa and ecc certificates? What > configuration options are you using in your configuration of services > to allow access to both rsa and ecc? > > Thanks. > Dave. > > > On 7/30/18, David Mehler wrote: > > Hello, > > > > The client in question is the latest version of AquaMail running on > > android. > > > > Thanks. > > Dave. > > > > > > On 7/30/18, Aki Tuomi wrote: > >> You should, in practice, enable both. This gives best client compability. > >> It > >> is possible you have clients that cannot understand ECC certificates? You > >> can use ssl_alt_cert to provide RSA cert too. > >> > >> Aki > >> > >>> On 30 July 2018 at 20:05 David Mehler wrote: > >>> > >>> > >>> Hi, > >>> > >>> Thanks, good news is that worked. Bad news is it all looks good which > >>> means I do not know hwhy my remote clients can't get their email, > >>> looked like from the logs it was that. > >>> > >>> Would 143 be better or 993 for the external clients? > >>> > >>> Thanks. > >>> Dave. > >>> > >>> > >>> On 7/30/18, Aki Tuomi wrote: > >>> > > >>> >> On 30 July 2018 at 19:16 David Mehler wrote: > >>> >> > >>> >> > >>> >> Hello, > >>> >> > >>> >> Does dovecot 2.3.x have any issues recognizing or using certificates > >>> >> that are ECC and wildcard? I'm trying to switch my letsencrypt > >>> >> implementation from acme-client which does not support either of > >>> >> those > >>> >> capabilities to acme.sh which does. Since then external clients > >>> >> checking their email has not worked. A manual telnet to > >>> >> mail.example.com 993 gives a connected message but then nothing no > >>> >> greeting or capabilities. > >>> >> > >>> >> The certificate is for example.com with an alt name of *.example.com > >>> >> if that's not right let me know, i'm not sure about that one, > >>> >> connecting to the web sites of these pages seems noticeably slower, > >>> >> I'm wondering if both of these issues aren't key related? > >>> >> > >>> >> Thanks. > >>> >> Dave. > >>> > > >>> > These both should be fine. > >>> > > >>> > Port 993 is TLS encrypted, you should use openssl s_client -connect > >>> > server:993 > >>> > > >>> > Aki > >>> > > >> > >
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
Hello, What acme implementation do you use for your letsencrypt certificates? If it's acme.sh how do you get both rsa and ecc certificates? What configuration options are you using in your configuration of services to allow access to both rsa and ecc? Thanks. Dave. On 7/30/18, David Mehler wrote: > Hello, > > The client in question is the latest version of AquaMail running on > android. > > Thanks. > Dave. > > > On 7/30/18, Aki Tuomi wrote: >> You should, in practice, enable both. This gives best client compability. >> It >> is possible you have clients that cannot understand ECC certificates? You >> can use ssl_alt_cert to provide RSA cert too. >> >> Aki >> >>> On 30 July 2018 at 20:05 David Mehler wrote: >>> >>> >>> Hi, >>> >>> Thanks, good news is that worked. Bad news is it all looks good which >>> means I do not know hwhy my remote clients can't get their email, >>> looked like from the logs it was that. >>> >>> Would 143 be better or 993 for the external clients? >>> >>> Thanks. >>> Dave. >>> >>> >>> On 7/30/18, Aki Tuomi wrote: >>> > >>> >> On 30 July 2018 at 19:16 David Mehler wrote: >>> >> >>> >> >>> >> Hello, >>> >> >>> >> Does dovecot 2.3.x have any issues recognizing or using certificates >>> >> that are ECC and wildcard? I'm trying to switch my letsencrypt >>> >> implementation from acme-client which does not support either of >>> >> those >>> >> capabilities to acme.sh which does. Since then external clients >>> >> checking their email has not worked. A manual telnet to >>> >> mail.example.com 993 gives a connected message but then nothing no >>> >> greeting or capabilities. >>> >> >>> >> The certificate is for example.com with an alt name of *.example.com >>> >> if that's not right let me know, i'm not sure about that one, >>> >> connecting to the web sites of these pages seems noticeably slower, >>> >> I'm wondering if both of these issues aren't key related? >>> >> >>> >> Thanks. >>> >> Dave. >>> > >>> > These both should be fine. >>> > >>> > Port 993 is TLS encrypted, you should use openssl s_client -connect >>> > server:993 >>> > >>> > Aki >>> > >> >
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
Hello, The client in question is the latest version of AquaMail running on android. Thanks. Dave. On 7/30/18, Aki Tuomi wrote: > You should, in practice, enable both. This gives best client compability. It > is possible you have clients that cannot understand ECC certificates? You > can use ssl_alt_cert to provide RSA cert too. > > Aki > >> On 30 July 2018 at 20:05 David Mehler wrote: >> >> >> Hi, >> >> Thanks, good news is that worked. Bad news is it all looks good which >> means I do not know hwhy my remote clients can't get their email, >> looked like from the logs it was that. >> >> Would 143 be better or 993 for the external clients? >> >> Thanks. >> Dave. >> >> >> On 7/30/18, Aki Tuomi wrote: >> > >> >> On 30 July 2018 at 19:16 David Mehler wrote: >> >> >> >> >> >> Hello, >> >> >> >> Does dovecot 2.3.x have any issues recognizing or using certificates >> >> that are ECC and wildcard? I'm trying to switch my letsencrypt >> >> implementation from acme-client which does not support either of those >> >> capabilities to acme.sh which does. Since then external clients >> >> checking their email has not worked. A manual telnet to >> >> mail.example.com 993 gives a connected message but then nothing no >> >> greeting or capabilities. >> >> >> >> The certificate is for example.com with an alt name of *.example.com >> >> if that's not right let me know, i'm not sure about that one, >> >> connecting to the web sites of these pages seems noticeably slower, >> >> I'm wondering if both of these issues aren't key related? >> >> >> >> Thanks. >> >> Dave. >> > >> > These both should be fine. >> > >> > Port 993 is TLS encrypted, you should use openssl s_client -connect >> > server:993 >> > >> > Aki >> > >
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
You should, in practice, enable both. This gives best client compability. It is possible you have clients that cannot understand ECC certificates? You can use ssl_alt_cert to provide RSA cert too. Aki > On 30 July 2018 at 20:05 David Mehler wrote: > > > Hi, > > Thanks, good news is that worked. Bad news is it all looks good which > means I do not know hwhy my remote clients can't get their email, > looked like from the logs it was that. > > Would 143 be better or 993 for the external clients? > > Thanks. > Dave. > > > On 7/30/18, Aki Tuomi wrote: > > > >> On 30 July 2018 at 19:16 David Mehler wrote: > >> > >> > >> Hello, > >> > >> Does dovecot 2.3.x have any issues recognizing or using certificates > >> that are ECC and wildcard? I'm trying to switch my letsencrypt > >> implementation from acme-client which does not support either of those > >> capabilities to acme.sh which does. Since then external clients > >> checking their email has not worked. A manual telnet to > >> mail.example.com 993 gives a connected message but then nothing no > >> greeting or capabilities. > >> > >> The certificate is for example.com with an alt name of *.example.com > >> if that's not right let me know, i'm not sure about that one, > >> connecting to the web sites of these pages seems noticeably slower, > >> I'm wondering if both of these issues aren't key related? > >> > >> Thanks. > >> Dave. > > > > These both should be fine. > > > > Port 993 is TLS encrypted, you should use openssl s_client -connect > > server:993 > > > > Aki > >
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
Hi, Thanks, good news is that worked. Bad news is it all looks good which means I do not know hwhy my remote clients can't get their email, looked like from the logs it was that. Would 143 be better or 993 for the external clients? Thanks. Dave. On 7/30/18, Aki Tuomi wrote: > >> On 30 July 2018 at 19:16 David Mehler wrote: >> >> >> Hello, >> >> Does dovecot 2.3.x have any issues recognizing or using certificates >> that are ECC and wildcard? I'm trying to switch my letsencrypt >> implementation from acme-client which does not support either of those >> capabilities to acme.sh which does. Since then external clients >> checking their email has not worked. A manual telnet to >> mail.example.com 993 gives a connected message but then nothing no >> greeting or capabilities. >> >> The certificate is for example.com with an alt name of *.example.com >> if that's not right let me know, i'm not sure about that one, >> connecting to the web sites of these pages seems noticeably slower, >> I'm wondering if both of these issues aren't key related? >> >> Thanks. >> Dave. > > These both should be fine. > > Port 993 is TLS encrypted, you should use openssl s_client -connect > server:993 > > Aki >
Re: dovecot 2.3.x, ECC and wildcard certificates, any issues
> On 30 July 2018 at 19:16 David Mehler wrote: > > > Hello, > > Does dovecot 2.3.x have any issues recognizing or using certificates > that are ECC and wildcard? I'm trying to switch my letsencrypt > implementation from acme-client which does not support either of those > capabilities to acme.sh which does. Since then external clients > checking their email has not worked. A manual telnet to > mail.example.com 993 gives a connected message but then nothing no > greeting or capabilities. > > The certificate is for example.com with an alt name of *.example.com > if that's not right let me know, i'm not sure about that one, > connecting to the web sites of these pages seems noticeably slower, > I'm wondering if both of these issues aren't key related? > > Thanks. > Dave. These both should be fine. Port 993 is TLS encrypted, you should use openssl s_client -connect server:993 Aki
Re: Dovecot 2.3 panic
Hi! Can you install debugging symbols and try get core? A backtrace would help a lot! https://dovecot.org/bugreport.html Aki On 29.03.2018 00:50, Martynas Bendorius wrote: > Dovecot version: 2.3.1 (happens with 2.3.x too) > OS: CentOS 7 64-bit > > Mar 28 16:29:24 lmtp(30383): Panic: file lib-event.c: line 182 > (event_pop_global): assertion failed: (event != NULL) > Mar 28 16:29:24 lmtp(30383): Error: Raw backtrace: > /usr/lib/dovecot/libdovecot.so.0(+0xcc7a4) [0x7fac7f5177a4] -> > /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7fac7f5177ea] > -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fac7f48826b] -> > /usr/lib/dovecot/libdovecot.so.0(+0xe8392) [0x7fac7f533392] -> > /usr/lib/dovecot/libdovecot-storage.so.0(+0x4ffc8) [0x7fac7f814fc8] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_context_deactivate+0x5d) > [0x7fac7f52ec5d] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x85) > [0x7fac7f52f055] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) > [0x7fac7f53092f] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7fac7f52f132] > -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fac7f52f358] -> > /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fac7f4ab6e3] -> > dovecot/lmtp [local READY](main+0x229) [0x7fac7ff4a319] -> > /lib64/libc.so.6(__libc_start_main+0xf5) [0x7fac7f0a9c05] -> dovecot/lmtp > [local READY](+0x5445) [0x7fac7ff4a445] > Mar 28 16:30:03 lmtp(17330): Panic: file lib-event.c: line 182 > (event_pop_global): assertion failed: (event != NULL) > Mar 28 16:30:03 lmtp(17330): Error: Raw backtrace: > /usr/lib/dovecot/libdovecot.so.0(+0xcc7a4) [0x7f31e1b977a4] -> > /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7f31e1b977ea] > -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f31e1b0826b] -> > /usr/lib/dovecot/libdovecot.so.0(+0xe8392) [0x7f31e1bb3392] -> > /usr/lib/dovecot/libdovecot-storage.so.0(+0x4ffc8) [0x7f31e1e94fc8] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_context_deactivate+0x5d) > [0x7f31e1baec5d] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x85) > [0x7f31e1baf055] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) > [0x7f31e1bb092f] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7f31e1baf132] > -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f31e1baf358] -> > /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f31e1b2b6e3] -> > dovecot/lmtp [local READY](main+0x229) [0x7f31e25ca319] -> > /lib64/libc.so.6(__libc_start_main+0xf5) [0x7f31e1729c05] -> dovecot/lmtp > [local READY](+0x5445) [0x7f31e25ca445] > Mar 28 16:31:52 lmtp(883): Panic: file lib-event.c: line 182 > (event_pop_global): assertion failed: (event != NULL) > Mar 28 16:31:52 lmtp(883): Error: Raw backtrace: > /usr/lib/dovecot/libdovecot.so.0(+0xcc7a4) [0x7feb746127a4] -> > /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7feb746127ea] > -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7feb7458326b] -> > /usr/lib/dovecot/libdovecot.so.0(+0xe8392) [0x7feb7462e392] -> > /usr/lib/dovecot/libdovecot-storage.so.0(+0x4ffc8) [0x7feb7490ffc8] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_context_deactivate+0x5d) > [0x7feb74629c5d] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x85) > [0x7feb7462a055] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) > [0x7feb7462b92f] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7feb7462a132] > -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7feb7462a358] -> > /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7feb745a66e3] -> > dovecot/lmtp [local READY](main+0x229) [0x7feb75045319] -> > /lib64/libc.so.6(__libc_start_main+0xf5) [0x7feb741a4c05] -> dovecot/lmtp > [local READY](+0x5445) [0x7feb75045445] > > # 2.3.1 (8e2f634): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.5.1 (d9bc6dfe) > # OS: Linux 3.10.0-714.10.2.lve1.5.12.el7.x86_64 x86_64 CloudLinux release > 7.4 (Georgy Grechko) > # Hostname: XXX > auth_username_chars = > abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@& > auth_verbose = yes > default_client_limit = 12288 > default_login_user = dovecot > default_process_limit = 2048 > default_vsz_limit = 512 M > disable_plaintext_auth = no > listen = * > lmtp_rcpt_check_quota = yes > login_greeting = Dovecot ready. > mail_access_groups = mail > mail_location = maildir:~/Maildir > mail_max_userip_connections = 150 > mail_plugins = " quota" > maildir_copy_with_hardlinks = no > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date index ihave > duplicate mime foreverypart extracttext > passdb { > driver = shadow > username_filter = !*@* >
Re: Dovecot 2.3 on CentOS 7.
On Fri, February 2, 2018 8:58 am, Reio Remma wrote: > What would be the preferred directory for storing all virtual mail > without modification to system files? on my Centos 7 Dovecit 2.2.32, as well as prior versions, I've always used /var/vmail/vmail1/dom.tld don't know about 'preferred', but, that works fine for me -- Voytek
Re: Dovecot 2.3 on CentOS 7.
--On Thursday, February 01, 2018 11:58 PM +0200 Reio Remmawrote: What would be the preferred directory for storing all virtual mail without modification to system files? I would guess something under /var/lib. If you plan to host multiple virtual servers, /srv might be a better place to locate it.
Re: Dovecot 2.3 on CentOS 7.
Thanks for the pointer! That didn't work though, but what worked was: [Service] ReadWriteDirectories=/home/dovecot What would be the preferred directory for storing all virtual mail without modification to system files? Thanks! Reio On 01.02.2018 21:57, Aki Tuomi wrote: /etc/systemd/system/dovecot.service.d/writable-home.conf [Service] ProtectHome=false maybe this helps? --- Aki Tuomi Dovecot oy Original message From: Reio RemmaDate: 01/02/2018 21:44 (GMT+02:00) To: dovecot@dovecot.org Subject: Dovecot 2.3 on CentOS 7. Greetings! I'm having a bit of trouble trying out Dovecot 2.3 on CentOS 7. Dovecot 2.2.33 works fine on the same system (same config as well, minus the SSL changes) but after upgrading to 2.3 I'm getting the following errors: Feb 1 21:30:18 localhost dovecot: imap(r...@bwo.mrstuudio.ee)<3566>: Debug: INBOX.Templates: Mailbox opened because: STATUS Feb 1 21:30:18 localhost dovecot: Error: imap(r...@bwo.mrstuudio.ee)<3566>: open() failed with file /home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot.index.log: Read-only file system Feb 1 21:30:18 localhost dovecot: imap(r...@bwo.mrstuudio.ee)<3566>: Error: open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist.lock) failed: Read-only file system Feb 1 21:30:18 localhost dovecot: Error: imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox INBOX.Templates: file_dotlock_create(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) failed: Read-only file system Feb 1 21:30:18 localhost dovecot: Error: imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox INBOX.Templates: open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) failed: Read-only file system So far I've tried running it with SELinux enforce off and giving the directories 777 permissions to no avail. Is anyone else running 2.3 on CentOS 7? Thanks and good luck! Reio
Re: Dovecot 2.3 on CentOS 7.
/etc/systemd/system/dovecot.service.d/writable-home.conf [Service]ProtectHome=false maybe this helps? ---Aki TuomiDovecot oy Original message From: Reio RemmaDate: 01/02/2018 21:44 (GMT+02:00) To: dovecot@dovecot.org Subject: Dovecot 2.3 on CentOS 7. Greetings! I'm having a bit of trouble trying out Dovecot 2.3 on CentOS 7. Dovecot 2.2.33 works fine on the same system (same config as well, minus the SSL changes) but after upgrading to 2.3 I'm getting the following errors: Feb 1 21:30:18 localhost dovecot: imap(r...@bwo.mrstuudio.ee)<3566>: Debug: INBOX.Templates: Mailbox opened because: STATUS Feb 1 21:30:18 localhost dovecot: Error: imap(r...@bwo.mrstuudio.ee)<3566>: open() failed with file /home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot.index.log: Read-only file system Feb 1 21:30:18 localhost dovecot: imap(r...@bwo.mrstuudio.ee)<3566>: Error: open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist.lock) failed: Read-only file system Feb 1 21:30:18 localhost dovecot: Error: imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox INBOX.Templates: file_dotlock_create(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) failed: Read-only file system Feb 1 21:30:18 localhost dovecot: Error: imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox INBOX.Templates: open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) failed: Read-only file system So far I've tried running it with SELinux enforce off and giving the directories 777 permissions to no avail. Is anyone else running 2.3 on CentOS 7? Thanks and good luck! Reio
Re: Dovecot 2.3 - using doveadm as non-root?
On Wed, 3 Jan 2018 13:37:07 -0500 Timo Sirainenwrote: > On 3 Jan 2018, at 11.38, Rob Hoelz wrote: > > > > Hi dovecot developers and users, > > > > I recently upgraded my server running Arch Linux to dovecot 2.3.0, > > and I noticed some of my cron jobs started issuing me error > > messages. These cron jobs run as a non-root user associated with > > my mail account, and they use doveadm to tidy things up (ex. > > purging the trash, moving old mail in certain folders into the > > trash). The error message is: > > > >> Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: > >> Permission denied > > > > I assume this is doveadm trying to participate in the new 2.3 stats > > process, and after reading the code a bit, I can't see way to tell > > doveadm to not connect to the stats writer. The socket is owned by > > root with 600 permissions. > > > > What would be the right way to remedy this? AFAICT, I could > > potentially run doveadm as root (which I would prefer to avoid), or > > I could change the permissions on the stats writer socket, but I > > would hate to introduce any sort of security vulnerability by doing > > so. I currently have a scrappy Perl script that just runs doveadm > > and filters out the error message (it doesn't seem to affect the > > behavior of doveadm other than the message), but that feels dirty > > and I would prefer a cleaner solution. Any advice? > > I was wondering what to do about this while developing it. I think > you can disable this by clearing out the socket path: > > doveadm -o stats_writer_socket_path= > > But .. I think the changing the socket permissions is the better > solution. The new stats process should know about everything that is > going on in the system, and these doveadm calls are part of that. So > if they're excluded then the stats aren't exactly correct. The > stats-writer can't do all that much harm other than messing up the > statistics or probably crashing stats process by using up all of its > memory. > Thanks for the advice, Timo - I went ahead and applied the permission change to my dovecot config. On a side note, thanks for dovecot in general - it's a great piece of software! -Rob
Re: Dovecot 2.3 - using doveadm as non-root?
On 3 Jan 2018, at 11.38, Rob Hoelzwrote: > > Hi dovecot developers and users, > > I recently upgraded my server running Arch Linux to dovecot 2.3.0, and I > noticed some of my cron jobs started issuing me error messages. These > cron jobs run as a non-root user associated with my mail account, and > they use doveadm to tidy things up (ex. purging the trash, moving > old mail in certain folders into the trash). The error message is: > >> Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: >> Permission denied > > I assume this is doveadm trying to participate in the new 2.3 stats > process, and after reading the code a bit, I can't see way to tell > doveadm to not connect to the stats writer. The socket is owned by > root with 600 permissions. > > What would be the right way to remedy this? AFAICT, I could potentially > run doveadm as root (which I would prefer to avoid), or I could change > the permissions on the stats writer socket, but I would hate to > introduce any sort of security vulnerability by doing so. I currently > have a scrappy Perl script that just runs doveadm and filters out the > error message (it doesn't seem to affect the behavior of doveadm other > than the message), but that feels dirty and I would prefer a cleaner > solution. Any advice? I was wondering what to do about this while developing it. I think you can disable this by clearing out the socket path: doveadm -o stats_writer_socket_path= But .. I think the changing the socket permissions is the better solution. The new stats process should know about everything that is going on in the system, and these doveadm calls are part of that. So if they're excluded then the stats aren't exactly correct. The stats-writer can't do all that much harm other than messing up the statistics or probably crashing stats process by using up all of its memory.
Re: Dovecot 2.3-rc Logging Format
Op 12/21/2017 om 8:57 AM schreef Thomas Leuxner: > Hi, > > the release candidate defaults to a log format with session IDs. > > mail_log_prefix = "%s(%u)<%{pid}><%{session}>: " > > As the LMTP service seems to have the session ID hardcoded, the IDs get > duplicated in the logs: > > Dec 21 08:48:03 edi dovecot: lmtp(26573): Connect from local > Dec 21 08:48:03 edi dovecot: lmtp(t...@leuxner.net)[26573]: > : fCVaBjNnO1rNZwAAIROLbg: sieve: > msgid=<2323281.OorJHhdMHM@ylum>, time=158ms, status=stored mail into mailbox > ':public/Mailing-Lists/Debian-User' > Dec 21 08:48:03 edi dovecot: lmtp(26573): Disconnect from local: Client has > quit the connection (state = READY) Fixed in release. Regards, Stephan.
Re: Dovecot 2.3-rc1 SMTP submission proxy always gives TLS required error even when already using TLS
On 2017-12-22 11:22, Michael Marley wrote: > On 2017-12-21 16:48, Stephan Bosch wrote: > > Op 12/18/2017 om 9:44 PM schreef Michael Marley: > > First of all, I apologize for my accidental empty message earlier. > > I just set up the SMTP submission proxy in Dovecot 2.3, but whenever I > try to connect to it, it always returns "530 5.7.0 TLS required." for > any sort of AUTH or MAIL command. This occurs even if TLS is being > used. It also occurs regardless of whether I connect with a real > client (Thunderbird) or manually with openssl s_client and regardless > of whether a loopback connection or a remote connection is used. Here > is the output of "dovecot -n". Please let me know if I can provide > any other data. Thanks! > Confirmed. Working on a fix. > > Regards, > > Stephan. I can confirm that it works correctly in 2.3.0, thanks! Michael I think I spoke too soon. It works correctly (requiring TLS but working once STARTTLS has been done) for remote connections, but it also is requiring TLS for loopback connections, even though the rest of Dovecot doesn't work this way. Michael
Re: Dovecot 2.3-rc1 SMTP submission proxy always gives TLS required error even when already using TLS
On 2017-12-21 16:48, Stephan Bosch wrote: > Op 12/18/2017 om 9:44 PM schreef Michael Marley: > >> First of all, I apologize for my accidental empty message earlier. >> >> I just set up the SMTP submission proxy in Dovecot 2.3, but whenever I >> try to connect to it, it always returns "530 5.7.0 TLS required." for >> any sort of AUTH or MAIL command. This occurs even if TLS is being >> used. It also occurs regardless of whether I connect with a real >> client (Thunderbird) or manually with openssl s_client and regardless >> of whether a loopback connection or a remote connection is used. Here >> is the output of "dovecot -n". Please let me know if I can provide >> any other data. Thanks! > > Confirmed. Working on a fix. > > Regards, > > Stephan. I can confirm that it works correctly in 2.3.0, thanks! Michael
Re: Dovecot 2.3-rc Logging Format
> On December 21, 2017 at 9:57 AM Thomas Leuxnerwrote: > > > Hi, > > the release candidate defaults to a log format with session IDs. > > mail_log_prefix = "%s(%u)<%{pid}><%{session}>: " > > As the LMTP service seems to have the session ID hardcoded, the IDs get > duplicated in the logs: > > Dec 21 08:48:03 edi dovecot: lmtp(26573): Connect from local > Dec 21 08:48:03 edi dovecot: lmtp(t...@leuxner.net)[26573]: > : fCVaBjNnO1rNZwAAIROLbg: sieve: > msgid=<2323281.OorJHhdMHM@ylum>, time=158ms, status=stored mail into mailbox > ':public/Mailing-Lists/Debian-User' > Dec 21 08:48:03 edi dovecot: lmtp(26573): Disconnect from local: Client has > quit the connection (state = READY) > > Regards > Thomas Hi! Thank you for your report, we'll look into it. Aki
Re: Dovecot 2.3-rc1 SMTP submission proxy always gives TLS required error even when already using TLS
Op 12/18/2017 om 9:44 PM schreef Michael Marley: > First of all, I apologize for my accidental empty message earlier. > > I just set up the SMTP submission proxy in Dovecot 2.3, but whenever I > try to connect to it, it always returns "530 5.7.0 TLS required." for > any sort of AUTH or MAIL command. This occurs even if TLS is being > used. It also occurs regardless of whether I connect with a real > client (Thunderbird) or manually with openssl s_client and regardless > of whether a loopback connection or a remote connection is used. Here > is the output of "dovecot -n". Please let me know if I can provide > any other data. Thanks! Confirmed. Working on a fix. Regards, Stephan.
Re: dovecot-2.3 (-git) Warning (Was Re: dovecot Digest, Vol 174, Issue 64)
On 02.11.2017 02:01, Timo Sirainen wrote: > On 1 Nov 2017, at 13.51, Reuben Farrellywrote: >> >> That's the thing. Those extra ssl_dh lines aren't actually specified in my >> conf files, they have been inherited from somewhere - so I can't change them >> to be of any particular form because they aren't defined as being that way >> in my configuration files. >> >> There is only one place where ssl_dh is defined and that's in the global >> 10-ssl.conf file. See here: >> >> lightning dovecot # grep ssl_dh * >> grep: conf.d: Is a directory >> lightning dovecot # grep ssl_dh */* >> conf.d/10-ssl.conf:# gives on startup when ssl_dh is unset. >> conf.d/10-ssl.conf:ssl_dh=> lightning dovecot # >> >> The rest of them must be being inherited from that statement above. >> >> But back to the original question, if I *remove* the ssl-parameters.dat file >> from /var/lib/dovecot/ then without any other configuration changes the >> error goes away on reload and from doveconf output. Not only that, but if >> the ssl-parameters.dat file is removed then those ssl_dh lines per-protocol >> in doveconf -n also disappear too. >> >> To me that indicates that the mere presence of the ssl-parameters.dat file >> is doing something odd with the way the ssl_dh configuration statements are >> being handled. Something buggy with backwards compatibility perhaps? >> >> [Also tested with latest 2.3 -git as of today - same result] > Looks like this is pretty easily reproducible: > > a) ok: printf "ssl_dh = foo; doveconf -n > -c foo > > b) not ok: printf "ssl_dh = {\n}\n" > foo; doveconf -n -c foo > doveconf: Warning: please set ssl_dh=https://github.com/dovecot/core/commit/a70d867d1fe3584149811c65eb6213deb72be824.patch Aki
Re: dovecot-2.3 (-git) Warning (Was Re: dovecot Digest, Vol 174, Issue 64)
On 1 Nov 2017, at 13.51, Reuben Farrellywrote: > > > That's the thing. Those extra ssl_dh lines aren't actually specified in my > conf files, they have been inherited from somewhere - so I can't change them > to be of any particular form because they aren't defined as being that way in > my configuration files. > > There is only one place where ssl_dh is defined and that's in the global > 10-ssl.conf file. See here: > > lightning dovecot # grep ssl_dh * > grep: conf.d: Is a directory > lightning dovecot # grep ssl_dh */* > conf.d/10-ssl.conf:# gives on startup when ssl_dh is unset. > conf.d/10-ssl.conf:ssl_dh= lightning dovecot # > > The rest of them must be being inherited from that statement above. > > But back to the original question, if I *remove* the ssl-parameters.dat file > from /var/lib/dovecot/ then without any other configuration changes the error > goes away on reload and from doveconf output. Not only that, but if the > ssl-parameters.dat file is removed then those ssl_dh lines per-protocol in > doveconf -n also disappear too. > > To me that indicates that the mere presence of the ssl-parameters.dat file is > doing something odd with the way the ssl_dh configuration statements are > being handled. Something buggy with backwards compatibility perhaps? > > [Also tested with latest 2.3 -git as of today - same result] Looks like this is pretty easily reproducible: a) ok: printf "ssl_dh = foo; doveconf -n -c foo b) not ok: printf "ssl_dh = foo; doveconf -n -c foo doveconf: Warning: please set ssl_dh=
Re: dovecot-2.3 (-git) Warning (Was Re: dovecot Digest, Vol 174, Issue 64)
Hi again, On 1/11/2017 12:01 AM, Aki Tuomi wrote: On 31.10.2017 15:00, Reuben Farrelly wrote: Hi, On 30/10/2017 7:22 PM, dovecot-requ...@dovecot.org wrote: Message: 6 Date: Mon, 30 Oct 2017 10:22:42 +0200 From: Teemu Huovila <teemu.huov...@dovecot.fi> To: dovecot@dovecot.org Subject: Re: dovecot-2.3 (-git) Warning and Fatal Compile Error Message-ID: <7d2c0b5b-019a-067c-c6be-f36571ed9...@dovecot.fi> Content-Type: text/plain; charset=utf-8 On 30.10.2017 09:10, Aki Tuomi wrote: On 30.10.2017 00:23, Reuben Farrelly wrote: Hi Aki, On 30/10/2017 12:43 AM, Aki Tuomi wrote: On October 29, 2017 at 1:55 PM Reuben Farrelly <reuben-dove...@reub.net> wrote: Hi again, Chasing down one last problem which seems to have been missed from my last email: On 20/10/2017 9:22 PM, Stephan Bosch wrote: Op 20-10-2017 om 4:23 schreef Reuben Farrelly: On 18/10/2017 11:40 PM, Timo Sirainen wrote: On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dove...@reub.net> wrote: This problem below is still present in 2.3 -git, as of version 2.3.devel (6fc40674e) Secondly, this ssl_dh messages is always printed from doveconf: doveconf: Warning: please set ssl_dh= /etc/dovecot/dh.pem Yet the file is there: thunderstorm conf.d # ls -la /etc/dovecot/dh.pem -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem And the config is there as well: thunderstorm dovecot # doveconf -P | grep ssl_dh ssl_dh = /etc/dovecot/dh.pem ?? ssl_dh = -BEGIN DH PARAMETERS- ?? ssl_dh = -BEGIN DH PARAMETERS- ?? ssl_dh = -BEGIN DH PARAMETERS- ?? ssl_dh = -BEGIN DH PARAMETERS- ?? ssl_dh = -BEGIN DH PARAMETERS- ?? ssl_dh = -BEGIN DH PARAMETERS- ?? ssl_dh = -BEGIN DH PARAMETERS- ?? ssl_dh = -BEGIN DH PARAMETERS- thunderstorm dovecot # It appears that this warning is being triggered by the presence of the ssl-parameters.dat file because when I remove it the warning goes away. Perhaps the warning could be made a bit more specific about this file being removed if it is not required because at the moment the warning message is not related to the trigger. Thanks, Reuben Thanks, Reuben It is triggered when there is ssl-parameters.dat file *AND* there is no ssl_dh=< explicitly set in config file. Aki I have this already in my 10-ssl.conf file: lightning dovecot # /etc/init.d/dovecot reload doveconf: Warning: please set ssl_dh= /etc/dovecot/dh.pem ?* Reloading dovecot configs and restarting auth/login processes ...? [ ok ] lightning dovecot # However: lightning dovecot # grep ssl_dh conf.d/10-ssl.conf # gives on startup when ssl_dh is unset. ssl_dh= Hi! I gave this a try, and I was not able to repeat this issue. Perhaps you are still missing ssl_dh somewhere? Aki Hello Just a guess, but at this point I would recommend reviewing the output of "doveconf -n" to make sure the appropriate settings are present. br, Teemu I still can't see anything amiss. Here's the output from doveconf -n: # 2.3.devel (65ef8330e): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.devel (f4659224) # OS: Linux 4.9.56-x86_64-linode87 x86_64 Gentoo Base System release 2.4.1 auth_mechanisms = plain login auth_socket_path = /var/run/dovecot/auth-userdb auth_username_format = %Ln doveadm_password = # hidden, use -P to show it first_valid_uid = 1000 imap_client_workarounds = tb-lsub-flags tb-extra-mailbox-sep last_valid_uid = 1100 login_log_format_elements = user=<%u> auth-method=%m remote=%r local=%l %k login_trusted_networks = 192.168.0.0/16 mail_location = maildir:~/Maildir mail_plugins = stats notify replication fts fts_lucene managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = failure_show_msg=yes %s driver = pam } plugin { fts = lucene fts_autoindex = yes fts_languages = en fts_lucene = whitespace_chars=@. mail_replica = tcps:inside-mail.reub.net:4813 replication_full_sync_interval = 4 hours sieve = file:~/sieve;active=~/.dovecot.sieve stats_refresh = 30 secs stats_track_cmds = yes } protocols = imap lmtp sieve recipient_delimiter = - service aggregator { fifo_listener replication-notify-fifo { mode = 0666 user = root } unix_listener replication-notify { mode = 0666 user = root } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user =
Re: dovecot-2.3 (-git) Warning (Was Re: dovecot Digest, Vol 174, Issue 64)
On 31.10.2017 15:00, Reuben Farrelly wrote: > Hi, > > On 30/10/2017 7:22 PM, dovecot-requ...@dovecot.org wrote: >> Message: 6 >> Date: Mon, 30 Oct 2017 10:22:42 +0200 >> From: Teemu Huovila <teemu.huov...@dovecot.fi> >> To: dovecot@dovecot.org >> Subject: Re: dovecot-2.3 (-git) Warning and Fatal Compile Error >> Message-ID: <7d2c0b5b-019a-067c-c6be-f36571ed9...@dovecot.fi> >> Content-Type: text/plain; charset=utf-8 >> >> >> >> On 30.10.2017 09:10, Aki Tuomi wrote: >>> >>> >>> On 30.10.2017 00:23, Reuben Farrelly wrote: >>>> Hi Aki, >>>> >>>> On 30/10/2017 12:43 AM, Aki Tuomi wrote: >>>>>> On October 29, 2017 at 1:55 PM Reuben Farrelly >>>>>> <reuben-dove...@reub.net> wrote: >>>>>> >>>>>> >>>>>> Hi again, >>>>>> >>>>>> Chasing down one last problem which seems to have been missed >>>>>> from my >>>>>> last email: >>>>>> >>>>>> On 20/10/2017 9:22 PM, Stephan Bosch wrote: >>>>>>> >>>>>>> Op 20-10-2017 om 4:23 schreef Reuben Farrelly: >>>>>>>> On 18/10/2017 11:40 PM, Timo Sirainen wrote: >>>>>>>>> On 18 Oct 2017, at 6.34, Reuben Farrelly >>>>>>>>> <reuben-dove...@reub.net> >>>>>>>>> wrote: >>>>>> This problem below is still present in 2.3 -git, as of version >>>>>> 2.3.devel >>>>>> (6fc40674e) >>>>>> >>>>>>>>> Secondly, this ssl_dh messages is always printed from doveconf: >>>>>>>>> >>>>>>>>> doveconf: Warning: please set ssl_dh=>>>>>>>> doveconf: Warning: You can generate it with: dd >>>>>>>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >>>>>>>>> -inform der > /etc/dovecot/dh.pem >>>>>>>>> >>>>>>>>> Yet the file is there: >>>>>>>>> >>>>>>>>> thunderstorm conf.d # ls -la /etc/dovecot/dh.pem >>>>>>>>> -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem >>>>>>>>> >>>>>>>>> And the config is there as well: >>>>>>>>> >>>>>>>>> thunderstorm dovecot # doveconf -P | grep ssl_dh >>>>>>>>> ssl_dh = >>>>>>>> doveconf: Warning: please set ssl_dh=>>>>>>>> doveconf: Warning: You can generate it with: dd >>>>>>>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >>>>>>>>> -inform der > /etc/dovecot/dh.pem >>>>>>>>> ?? ssl_dh = -BEGIN DH PARAMETERS- >>>>>>>>> ?? ssl_dh = -BEGIN DH PARAMETERS- >>>>>>>>> ?? ssl_dh = -BEGIN DH PARAMETERS- >>>>>>>>> ?? ssl_dh = -BEGIN DH PARAMETERS- >>>>>>>>> ?? ssl_dh = -BEGIN DH PARAMETERS- >>>>>>>>> ?? ssl_dh = -BEGIN DH PARAMETERS- >>>>>>>>> ?? ssl_dh = -BEGIN DH PARAMETERS- >>>>>>>>> ?? ssl_dh = -BEGIN DH PARAMETERS- >>>>>>>>> thunderstorm dovecot # >>>>>>>>> >>>>>>>>> It appears that this warning is being triggered by the >>>>>>>>> presence of >>>>>>>>> the ssl-parameters.dat file because when I remove it the warning >>>>>>>>> goes away. Perhaps the warning could be made a bit more specific >>>>>>>>> about this file being removed if it is not required because at >>>>>>>>> the >>>>>>>>> moment the warning message is not related to the trigger. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Reuben >>>>>> Thanks, >>>>>> Reuben >>>>> It is triggered when there is ssl-parameters.dat file *AND* there is >>>>> no ssl_dh=< explicitly set in config file. >>>>> >>>>> Aki >>>> >>>> I have this already in my 10-ssl.conf file: >>>> >&
Re: dovecot-2.3 (-git) Warning and Fatal Compile Error
On 30.10.2017 09:10, Aki Tuomi wrote: > > > On 30.10.2017 00:23, Reuben Farrelly wrote: >> Hi Aki, >> >> On 30/10/2017 12:43 AM, Aki Tuomi wrote: On October 29, 2017 at 1:55 PM Reuben Farrellywrote: Hi again, Chasing down one last problem which seems to have been missed from my last email: On 20/10/2017 9:22 PM, Stephan Bosch wrote: > > Op 20-10-2017 om 4:23 schreef Reuben Farrelly: >> On 18/10/2017 11:40 PM, Timo Sirainen wrote: >>> On 18 Oct 2017, at 6.34, Reuben Farrelly >>> wrote: This problem below is still present in 2.3 -git, as of version 2.3.devel (6fc40674e) >>> Secondly, this ssl_dh messages is always printed from doveconf: >>> >>> doveconf: Warning: please set ssl_dh=>> doveconf: Warning: You can generate it with: dd >>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >>> -inform der > /etc/dovecot/dh.pem >>> >>> Yet the file is there: >>> >>> thunderstorm conf.d # ls -la /etc/dovecot/dh.pem >>> -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem >>> >>> And the config is there as well: >>> >>> thunderstorm dovecot # doveconf -P | grep ssl_dh >>> ssl_dh = >> doveconf: Warning: please set ssl_dh=>> doveconf: Warning: You can generate it with: dd >>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >>> -inform der > /etc/dovecot/dh.pem >>> ssl_dh = -BEGIN DH PARAMETERS- >>> ssl_dh = -BEGIN DH PARAMETERS- >>> ssl_dh = -BEGIN DH PARAMETERS- >>> ssl_dh = -BEGIN DH PARAMETERS- >>> ssl_dh = -BEGIN DH PARAMETERS- >>> ssl_dh = -BEGIN DH PARAMETERS- >>> ssl_dh = -BEGIN DH PARAMETERS- >>> ssl_dh = -BEGIN DH PARAMETERS- >>> thunderstorm dovecot # >>> >>> It appears that this warning is being triggered by the presence of >>> the ssl-parameters.dat file because when I remove it the warning >>> goes away. Perhaps the warning could be made a bit more specific >>> about this file being removed if it is not required because at the >>> moment the warning message is not related to the trigger. >>> >>> Thanks, >>> Reuben Thanks, Reuben >>> It is triggered when there is ssl-parameters.dat file *AND* there is >>> no ssl_dh=< explicitly set in config file. >>> >>> Aki >> >> I have this already in my 10-ssl.conf file: >> >> lightning dovecot # /etc/init.d/dovecot reload >> doveconf: Warning: please set ssl_dh=> doveconf: Warning: You can generate it with: dd >> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >> -inform der > /etc/dovecot/dh.pem >> * Reloading dovecot configs and restarting auth/login processes >> ... [ ok ] >> lightning dovecot # >> >> However: >> >> lightning dovecot # grep ssl_dh conf.d/10-ssl.conf >> # gives on startup when ssl_dh is unset. >> ssl_dh=> lightning dovecot # >> >> and the file is there: >> >> lightning dovecot # ls -la /etc/dovecot/dh.pem >> -rw-r--r-- 1 root root 769 Oct 19 19:06 /etc/dovecot/dh.pem >> lightning dovecot # >> >> So it is actually configured and yet the warning still is present. >> >> Reuben > > Hi! > > I gave this a try, and I was not able to repeat this issue. Perhaps you > are still missing ssl_dh somewhere? > > Aki > Hello Just a guess, but at this point I would recommend reviewing the output of "doveconf -n" to make sure the appropriate settings are present. br, Teemu
Re: dovecot-2.3 (-git) Warning and Fatal Compile Error
On 30.10.2017 00:23, Reuben Farrelly wrote: > Hi Aki, > > On 30/10/2017 12:43 AM, Aki Tuomi wrote: >>> On October 29, 2017 at 1:55 PM Reuben Farrelly >>>wrote: >>> >>> >>> Hi again, >>> >>> Chasing down one last problem which seems to have been missed from my >>> last email: >>> >>> On 20/10/2017 9:22 PM, Stephan Bosch wrote: Op 20-10-2017 om 4:23 schreef Reuben Farrelly: > On 18/10/2017 11:40 PM, Timo Sirainen wrote: >> On 18 Oct 2017, at 6.34, Reuben Farrelly >> wrote: >>> This problem below is still present in 2.3 -git, as of version >>> 2.3.devel >>> (6fc40674e) >>> >> Secondly, this ssl_dh messages is always printed from doveconf: >> >> doveconf: Warning: please set ssl_dh=> doveconf: Warning: You can generate it with: dd >> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >> -inform der > /etc/dovecot/dh.pem >> >> Yet the file is there: >> >> thunderstorm conf.d # ls -la /etc/dovecot/dh.pem >> -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem >> >> And the config is there as well: >> >> thunderstorm dovecot # doveconf -P | grep ssl_dh >> ssl_dh = > doveconf: Warning: please set ssl_dh=> doveconf: Warning: You can generate it with: dd >> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >> -inform der > /etc/dovecot/dh.pem >> ssl_dh = -BEGIN DH PARAMETERS- >> ssl_dh = -BEGIN DH PARAMETERS- >> ssl_dh = -BEGIN DH PARAMETERS- >> ssl_dh = -BEGIN DH PARAMETERS- >> ssl_dh = -BEGIN DH PARAMETERS- >> ssl_dh = -BEGIN DH PARAMETERS- >> ssl_dh = -BEGIN DH PARAMETERS- >> ssl_dh = -BEGIN DH PARAMETERS- >> thunderstorm dovecot # >> >> It appears that this warning is being triggered by the presence of >> the ssl-parameters.dat file because when I remove it the warning >> goes away. Perhaps the warning could be made a bit more specific >> about this file being removed if it is not required because at the >> moment the warning message is not related to the trigger. >> >> Thanks, >> Reuben >>> Thanks, >>> Reuben >> It is triggered when there is ssl-parameters.dat file *AND* there is >> no ssl_dh=< explicitly set in config file. >> >> Aki > > I have this already in my 10-ssl.conf file: > > lightning dovecot # /etc/init.d/dovecot reload > doveconf: Warning: please set ssl_dh= doveconf: Warning: You can generate it with: dd > if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh > -inform der > /etc/dovecot/dh.pem > * Reloading dovecot configs and restarting auth/login processes > ... [ ok ] > lightning dovecot # > > However: > > lightning dovecot # grep ssl_dh conf.d/10-ssl.conf > # gives on startup when ssl_dh is unset. > ssl_dh= lightning dovecot # > > and the file is there: > > lightning dovecot # ls -la /etc/dovecot/dh.pem > -rw-r--r-- 1 root root 769 Oct 19 19:06 /etc/dovecot/dh.pem > lightning dovecot # > > So it is actually configured and yet the warning still is present. > > Reuben Hi! I gave this a try, and I was not able to repeat this issue. Perhaps you are still missing ssl_dh somewhere? Aki
Re: dovecot-2.3 (-git) Warning and Fatal Compile Error
Hi Aki, On 30/10/2017 12:43 AM, Aki Tuomi wrote: On October 29, 2017 at 1:55 PM Reuben Farrellywrote: Hi again, Chasing down one last problem which seems to have been missed from my last email: On 20/10/2017 9:22 PM, Stephan Bosch wrote: Op 20-10-2017 om 4:23 schreef Reuben Farrelly: On 18/10/2017 11:40 PM, Timo Sirainen wrote: On 18 Oct 2017, at 6.34, Reuben Farrelly wrote: This problem below is still present in 2.3 -git, as of version 2.3.devel (6fc40674e) Secondly, this ssl_dh messages is always printed from doveconf: doveconf: Warning: please set ssl_dh= /etc/dovecot/dh.pem Yet the file is there: thunderstorm conf.d # ls -la /etc/dovecot/dh.pem -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem And the config is there as well: thunderstorm dovecot # doveconf -P | grep ssl_dh ssl_dh = /etc/dovecot/dh.pem ssl_dh = -BEGIN DH PARAMETERS- ssl_dh = -BEGIN DH PARAMETERS- ssl_dh = -BEGIN DH PARAMETERS- ssl_dh = -BEGIN DH PARAMETERS- ssl_dh = -BEGIN DH PARAMETERS- ssl_dh = -BEGIN DH PARAMETERS- ssl_dh = -BEGIN DH PARAMETERS- ssl_dh = -BEGIN DH PARAMETERS- thunderstorm dovecot # It appears that this warning is being triggered by the presence of the ssl-parameters.dat file because when I remove it the warning goes away. Perhaps the warning could be made a bit more specific about this file being removed if it is not required because at the moment the warning message is not related to the trigger. Thanks, Reuben Thanks, Reuben It is triggered when there is ssl-parameters.dat file *AND* there is no ssl_dh=< explicitly set in config file. Aki I have this already in my 10-ssl.conf file: lightning dovecot # /etc/init.d/dovecot reload doveconf: Warning: please set ssl_dh=doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem * Reloading dovecot configs and restarting auth/login processes ... [ ok ] lightning dovecot # However: lightning dovecot # grep ssl_dh conf.d/10-ssl.conf # gives on startup when ssl_dh is unset. ssl_dh=
Re: dovecot-2.3 (-git) Warning and Fatal Compile Error
> On October 29, 2017 at 1:55 PM Reuben Farrelly> wrote: > > > Hi again, > > Chasing down one last problem which seems to have been missed from my > last email: > > On 20/10/2017 9:22 PM, Stephan Bosch wrote: > > > > > > Op 20-10-2017 om 4:23 schreef Reuben Farrelly: > >> On 18/10/2017 11:40 PM, Timo Sirainen wrote: > >>> On 18 Oct 2017, at 6.34, Reuben Farrelly > >>> wrote: > > This problem below is still present in 2.3 -git, as of version 2.3.devel > (6fc40674e) > > >>> Secondly, this ssl_dh messages is always printed from doveconf: > >>> > >>> doveconf: Warning: please set ssl_dh= >>> doveconf: Warning: You can generate it with: dd > >>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh > >>> -inform der > /etc/dovecot/dh.pem > >>> > >>> Yet the file is there: > >>> > >>> thunderstorm conf.d # ls -la /etc/dovecot/dh.pem > >>> -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem > >>> > >>> And the config is there as well: > >>> > >>> thunderstorm dovecot # doveconf -P | grep ssl_dh > >>> ssl_dh = >>> doveconf: Warning: please set ssl_dh= >>> doveconf: Warning: You can generate it with: dd > >>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh > >>> -inform der > /etc/dovecot/dh.pem > >>> ssl_dh = -BEGIN DH PARAMETERS- > >>> ssl_dh = -BEGIN DH PARAMETERS- > >>> ssl_dh = -BEGIN DH PARAMETERS- > >>> ssl_dh = -BEGIN DH PARAMETERS- > >>> ssl_dh = -BEGIN DH PARAMETERS- > >>> ssl_dh = -BEGIN DH PARAMETERS- > >>> ssl_dh = -BEGIN DH PARAMETERS- > >>> ssl_dh = -BEGIN DH PARAMETERS- > >>> thunderstorm dovecot # > >>> > >>> It appears that this warning is being triggered by the presence of > >>> the ssl-parameters.dat file because when I remove it the warning > >>> goes away. Perhaps the warning could be made a bit more specific > >>> about this file being removed if it is not required because at the > >>> moment the warning message is not related to the trigger. > >>> > >>> Thanks, > >>> Reuben > > > > Thanks, > Reuben It is triggered when there is ssl-parameters.dat file *AND* there is no ssl_dh=< explicitly set in config file. Aki
Re: dovecot-2.3 (-git) Warning and Fatal Compile Error
Hi again, Chasing down one last problem which seems to have been missed from my last email: On 20/10/2017 9:22 PM, Stephan Bosch wrote: Op 20-10-2017 om 4:23 schreef Reuben Farrelly: On 18/10/2017 11:40 PM, Timo Sirainen wrote: On 18 Oct 2017, at 6.34, Reuben Farrellywrote: This problem below is still present in 2.3 -git, as of version 2.3.devel (6fc40674e) Secondly, this ssl_dh messages is always printed from doveconf: doveconf: Warning: please set ssl_dh=doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem Yet the file is there: thunderstorm conf.d # ls -la /etc/dovecot/dh.pem -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem And the config is there as well: thunderstorm dovecot # doveconf -P | grep ssl_dh ssl_dh = doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem ssl_dh = -BEGIN DH PARAMETERS- ssl_dh = -BEGIN DH PARAMETERS- ssl_dh = -BEGIN DH PARAMETERS- ssl_dh = -BEGIN DH PARAMETERS- ssl_dh = -BEGIN DH PARAMETERS- ssl_dh = -BEGIN DH PARAMETERS- ssl_dh = -BEGIN DH PARAMETERS- ssl_dh = -BEGIN DH PARAMETERS- thunderstorm dovecot # It appears that this warning is being triggered by the presence of the ssl-parameters.dat file because when I remove it the warning goes away. Perhaps the warning could be made a bit more specific about this file being removed if it is not required because at the moment the warning message is not related to the trigger. Thanks, Reuben Thanks, Reuben
Re: dovecot-2.3 (-git) Warning and Fatal Compile Error
Op 10/20/2017 om 12:22 PM schreef Stephan Bosch: > > > Op 20-10-2017 om 4:23 schreef Reuben Farrelly: >> On 18/10/2017 11:40 PM, Timo Sirainen wrote: >>> On 18 Oct 2017, at 6.34, Reuben Farrelly>>> wrote: I haven't been tracking dovecot-2.3 until now, but I've just given it a quick run, and there are a few things that may need some attention. /usr/include/features.h:376:4: warning: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Wcpp] # warning _FORTIFY_SOURCE requires compiling with optimization (-O) >>> >>> Don't use -O0 or use configure --disable-hardening or just ignore it. >>> The build then fails entirely with this: DMODULEDIR=\""/usr/lib64/dovecot"\" -O0 -g -pipe -march=native -mtune=native -ggdb -c -o realpath.lo realpath.c edit-mail.c: In function ‘edit_mail_wrap’: edit-mail.c:235:14: error: too few arguments to function ‘mailbox_transaction_begin’ raw_trans = mailbox_transaction_begin(raw_box, 0); >>> >>> I don't think your pigeonhole is from git master. >> >> Thanks. That was it... >> >> Now onto 2.3 -git, there is a repeatable crash occurring in lmtp. In >> fact it looks like there could be more than one problem, because even >> invoking lmtp (with gdb) and no arguments results in a gdb error >> about an unaddressable byte. >> >> However when lmtp is used normally within dovecot it crashes out on a >> few but not all mails. > > I see what that smtp-submit problem is already. Will push fix later > today. > Fix is merged: https://github.com/dovecot/core/commit/9dd47ae5c1f0c20f1994a7ec1a862fe8beef8913 Regards, Stephan.
Re: dovecot-2.3 (-git) Warning and Fatal Compile Error
Op 20-10-2017 om 4:23 schreef Reuben Farrelly: On 18/10/2017 11:40 PM, Timo Sirainen wrote: On 18 Oct 2017, at 6.34, Reuben Farrellywrote: I haven't been tracking dovecot-2.3 until now, but I've just given it a quick run, and there are a few things that may need some attention. /usr/include/features.h:376:4: warning: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Wcpp] # warning _FORTIFY_SOURCE requires compiling with optimization (-O) Don't use -O0 or use configure --disable-hardening or just ignore it. The build then fails entirely with this: DMODULEDIR=\""/usr/lib64/dovecot"\" -O0 -g -pipe -march=native -mtune=native -ggdb -c -o realpath.lo realpath.c edit-mail.c: In function ‘edit_mail_wrap’: edit-mail.c:235:14: error: too few arguments to function ‘mailbox_transaction_begin’ raw_trans = mailbox_transaction_begin(raw_box, 0); I don't think your pigeonhole is from git master. Thanks. That was it... Now onto 2.3 -git, there is a repeatable crash occurring in lmtp. In fact it looks like there could be more than one problem, because even invoking lmtp (with gdb) and no arguments results in a gdb error about an unaddressable byte. However when lmtp is used normally within dovecot it crashes out on a few but not all mails. I see what that smtp-submit problem is already. Will push fix later today. We're not sure that epoll_pwait() issue is an actual problem or valgrind being confused. Regards, Stephan. The full gdb output looks like this: Oct 20 12:59:21 thunderstorm.reub.net dovecot: master: Dovecot v2.3.devel (c398eca6b) starting up for imap, lmtp, sieve Oct 20 12:59:30 thunderstorm.reub.net postfix/qmgr[5057]: 9A25122B50: from= , size=18515, nrcpt=1 (queue active) Oct 20 12:59:30 thunderstorm.reub.net postfix/qmgr[5057]: 32D0722B4B: from= , size=27030, nrcpt=1 (queue active) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Syscall param epoll_pwait(sigmask) points to unaddressable byte(s) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== at 0x58A7705: epoll_pwait (epoll_pwait.c:42) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x5504697: io_loop_handler_run_internal (ioloop-epoll.c:182) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x5501C4F: io_loop_handler_run (ioloop.c:666) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x5501B2E: io_loop_run (ioloop.c:639) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x5449F05: master_service_run (master-service.c:733) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x10D8E8: main (main.c:139) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Address 0x0 is not stack'd, malloc'd or (recently) free'd Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Oct 20 12:59:32 thunderstorm.reub.net dovecot: lmtp(28006): Connect from local Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== Syscall param epoll_pwait(sigmask) points to unaddressable byte(s) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== at 0x58A7705: epoll_pwait (epoll_pwait.c:42) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== by 0x5504697: io_loop_handler_run_internal (ioloop-epoll.c:182) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== by 0x5501C4F: io_loop_handler_run (ioloop.c:666) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== by 0x5501B2E: io_loop_run (ioloop.c:639) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== by 0x5449F05: master_service_run (master-service.c:733) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== by 0x10D8E8: main (main.c:139) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== Address 0x0 is not stack'd, malloc'd or (recently) free'd Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp(28009): Connect from local Oct 20 12:59:34 thunderstorm.reub.net dovecot: lmtp(liam)<28006>: aFFxDIRY6VlmbQAAzkCIew: sieve: msgid=<001a114bd6f6d2fc86055be25...@google.com>: stored mail into mailbox 'INBOX' Oct 20 12:59:34 thunderstorm.reub.net dovecot: indexer-worker(liam)<28026>: Indexed 1 messages in INBOX (UIDs 634..634) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Invalid read of size 8 Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== at 0x543AECB: smtp_submit_session_init (smtp-submit.c:61) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x543B05B: smtp_submit_init_simple (smtp-submit.c:100) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xAA8BC4B: lda_sieve_smtp_start
Re: dovecot-2.3 (-git) Warning and Fatal Compile Error
On 18/10/2017 11:40 PM, Timo Sirainen wrote: On 18 Oct 2017, at 6.34, Reuben Farrellywrote: I haven't been tracking dovecot-2.3 until now, but I've just given it a quick run, and there are a few things that may need some attention. /usr/include/features.h:376:4: warning: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Wcpp] # warning _FORTIFY_SOURCE requires compiling with optimization (-O) Don't use -O0 or use configure --disable-hardening or just ignore it. The build then fails entirely with this: DMODULEDIR=\""/usr/lib64/dovecot"\" -O0 -g -pipe -march=native -mtune=native -ggdb -c -o realpath.lo realpath.c edit-mail.c: In function ‘edit_mail_wrap’: edit-mail.c:235:14: error: too few arguments to function ‘mailbox_transaction_begin’ raw_trans = mailbox_transaction_begin(raw_box, 0); I don't think your pigeonhole is from git master. Thanks. That was it... Now onto 2.3 -git, there is a repeatable crash occurring in lmtp. In fact it looks like there could be more than one problem, because even invoking lmtp (with gdb) and no arguments results in a gdb error about an unaddressable byte. However when lmtp is used normally within dovecot it crashes out on a few but not all mails. The full gdb output looks like this: Oct 20 12:59:21 thunderstorm.reub.net dovecot: master: Dovecot v2.3.devel (c398eca6b) starting up for imap, lmtp, sieve Oct 20 12:59:30 thunderstorm.reub.net postfix/qmgr[5057]: 9A25122B50: from= , size=18515, nrcpt=1 (queue active) Oct 20 12:59:30 thunderstorm.reub.net postfix/qmgr[5057]: 32D0722B4B: from= , size=27030, nrcpt=1 (queue active) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Syscall param epoll_pwait(sigmask) points to unaddressable byte(s) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== at 0x58A7705: epoll_pwait (epoll_pwait.c:42) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x5504697: io_loop_handler_run_internal (ioloop-epoll.c:182) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x5501C4F: io_loop_handler_run (ioloop.c:666) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x5501B2E: io_loop_run (ioloop.c:639) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x5449F05: master_service_run (master-service.c:733) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x10D8E8: main (main.c:139) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Address 0x0 is not stack'd, malloc'd or (recently) free'd Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Oct 20 12:59:32 thunderstorm.reub.net dovecot: lmtp(28006): Connect from local Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== Syscall param epoll_pwait(sigmask) points to unaddressable byte(s) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== at 0x58A7705: epoll_pwait (epoll_pwait.c:42) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== by 0x5504697: io_loop_handler_run_internal (ioloop-epoll.c:182) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== by 0x5501C4F: io_loop_handler_run (ioloop.c:666) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== by 0x5501B2E: io_loop_run (ioloop.c:639) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== by 0x5449F05: master_service_run (master-service.c:733) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== by 0x10D8E8: main (main.c:139) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== Address 0x0 is not stack'd, malloc'd or (recently) free'd Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp(28009): Connect from local Oct 20 12:59:34 thunderstorm.reub.net dovecot: lmtp(liam)<28006>: aFFxDIRY6VlmbQAAzkCIew: sieve: msgid=<001a114bd6f6d2fc86055be25...@google.com>: stored mail into mailbox 'INBOX' Oct 20 12:59:34 thunderstorm.reub.net dovecot: indexer-worker(liam)<28026>: Indexed 1 messages in INBOX (UIDs 634..634) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Invalid read of size 8 Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== at 0x543AECB: smtp_submit_session_init (smtp-submit.c:61) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x543B05B: smtp_submit_init_simple (smtp-submit.c:100) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xAA8BC4B: lda_sieve_smtp_start (lda-sieve-plugin.c:77) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACBF4C0: sieve_smtp_start (sieve-smtp.c:31) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACBF679:
Re: dovecot-2.3 (-git) Warning and Fatal Compile Error
On 18 Oct 2017, at 6.34, Reuben Farrellywrote: > > I haven't been tracking dovecot-2.3 until now, but I've just given it a quick > run, and there are a few things that may need some attention. > > /usr/include/features.h:376:4: warning: #warning _FORTIFY_SOURCE requires > compiling with optimization (-O) [-Wcpp] > # warning _FORTIFY_SOURCE requires compiling with optimization (-O) Don't use -O0 or use configure --disable-hardening or just ignore it. > The build then fails entirely with this: > > DMODULEDIR=\""/usr/lib64/dovecot"\" -O0 -g -pipe -march=native > -mtune=native -ggdb -c -o realpath.lo realpath.c > edit-mail.c: In function ‘edit_mail_wrap’: > edit-mail.c:235:14: error: too few arguments to function > ‘mailbox_transaction_begin’ > raw_trans = mailbox_transaction_begin(raw_box, 0); I don't think your pigeonhole is from git master.
Re: Dovecot 2.3 ?
Whoops. I meant from -git. Reuben On 24/04/2017 7:54 PM, Aki Tuomi wrote: On 24.04.2017 12:30, Ralf Hildebrandt wrote: * Reuben Farrelly: Hi, Is anyone here running dovecot-2.3 from hg? I'm using the daily builds on a low traffic machine. It's proxying traffic to a Exchange IMAP server. Please do not run it from hg, as we no longer provide hg repository. Aki
Re: Dovecot 2.3 ?
* Aki Tuomi: > > I'm using the daily builds on a low traffic machine. It's proxying > > traffic to a Exchange IMAP server. > > > > Please do not run it from hg, as we no longer provide hg repository. What I meant to say: I use the daily builds. Fair enough :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de
Re: Dovecot 2.3 ?
On 24.04.2017 12:30, Ralf Hildebrandt wrote: > * Reuben Farrelly: >> Hi, >> >> Is anyone here running dovecot-2.3 from hg? > I'm using the daily builds on a low traffic machine. It's proxying > traffic to a Exchange IMAP server. > Please do not run it from hg, as we no longer provide hg repository. Aki
Re: Dovecot 2.3 ?
* Reuben Farrelly: > Hi, > > Is anyone here running dovecot-2.3 from hg? I'm using the daily builds on a low traffic machine. It's proxying traffic to a Exchange IMAP server. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de