Re: dovecot-2.3-pigeonhole-0.5.18 : Freebsd Will not build

[Larry Rosenman]

You need to upgrade dovecot to 2.3.18.


On Sun, Feb 20, 2022 at 10:43 PM Paul Kudla (Scom.ca Internet Services
Inc.)  wrote:

> dovecot version : dovecot-2.3.14
>
>
>
-- 
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 (c) E-Mail: larry...@gmail.com
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106

Re: Dovecot 2.3 repo for CentOS 8.

[Tobias Kirchhofer]

On 14 Feb 2020, at 10:59, Peter wrote:


On 14/02/20 10:10 pm, Tobias Kirchhofer wrote:
would it be useful/advisable to use this repo for productive 
operation?


An official repo is still not available for CentOS 8 
https://repo.dovecot.org/


We would like to set up our new mail server on CentOS 8 and are 
waiting… :)


What is your advice?


As others have mentioned there are missing -devel packages in CentOS 
8, which is because there are missing -devel packages in RHEL 8, most 
notably in this case is quota-devel.  tcp wrappers is also missing but 
that's because they are deprecated in CentOS 8 so building without tcp 
wrapper support is not a big deal, but I would assume that a lot of 
people will want quota support, so I wouldn't want to build a dovecot 
package without it.


Personally I'm trying to get the GhettoForge build system modified so 
it can get missing -devel packages by rebuilding the source rpms for 
them, this is a work in progress.  There is also work on the CentOS 
side to build and offer up the missing -devel packages.  At the end of 
the day nobody will be able to build decent dovecot packages until one 
of these things happens.


For now you can use the stock dovecot 2.2.36 that comes with CentOS or 
you can wait.  CentOS and Red Hat have not made this easy so it is 
going to take time.


Okay, will try 2.2.36. Our protoype is on Debian 10 with the latest 
Dovecot. Don’t know yet if we rely on features from the latest 
version. Will see. Thank you.


Also on a personal note, I think that pushing out any production 
server on CentOS 8 at this time is premature.  CentOS 8 simply is not 
ready yet, imo.


We have CentOS 8.1 VMs productive with either of nginx, PostgreSQL, 
MariaDB, Node.js. No problems so far. Cross your fingers! :-)




Peter



--
collect@shift.agency

Re: Dovecot 2.3 repo for CentOS 8.

[Peter]

On 14/02/20 10:10 pm, Tobias Kirchhofer wrote:

would it be useful/advisable to use this repo for productive operation?

An official repo is still not available for CentOS 8 https://repo.dovecot.org/

We would like to set up our new mail server on CentOS 8 and are waiting… :)

What is your advice?


As others have mentioned there are missing -devel packages in CentOS 8, 
which is because there are missing -devel packages in RHEL 8, most 
notably in this case is quota-devel.  tcp wrappers is also missing but 
that's because they are deprecated in CentOS 8 so building without tcp 
wrapper support is not a big deal, but I would assume that a lot of 
people will want quota support, so I wouldn't want to build a dovecot 
package without it.


Personally I'm trying to get the GhettoForge build system modified so it 
can get missing -devel packages by rebuilding the source rpms for them, 
this is a work in progress.  There is also work on the CentOS side to 
build and offer up the missing -devel packages.  At the end of the day 
nobody will be able to build decent dovecot packages until one of these 
things happens.


For now you can use the stock dovecot 2.2.36 that comes with CentOS or 
you can wait.  CentOS and Red Hat have not made this easy so it is going 
to take time.


Also on a personal note, I think that pushing out any production server 
on CentOS 8 at this time is premature.  CentOS 8 simply is not ready 
yet, imo.



Peter

Re: Dovecot 2.3 repo for CentOS 8.

[Tobias Kirchhofer]

Hi Filip,

On 12 Dec 2019, at 12:01, fil...@centrum.cz wrote:

> Hello,
> I have builded some dovecot packages for CentOS 8 in my personal
> repository:
> http://repo.joomhosting.eu/centos/8/x86_64/
> and SRPMS are in
> http://repo.joomhosting.eu/centos/8/SRPMS/
>
> I you want you can try it.
>
> With best regards,
> Filip Bartmann

would it be useful/advisable to use this repo for productive operation?

An official repo is still not available for CentOS 8 https://repo.dovecot.org/

We would like to set up our new mail server on CentOS 8 and are waiting… :)

What is your advice?

Tobias

> On Thu, 12 Dec 2019 12:31:45 +0200
> Reio Remma  wrote:
>
>> On 09/12/2019 17:25, Aki Tuomi via dovecot wrote:
 On 09/12/2019 17:20 Reio Remma via dovecot 
 wrote:


 Hello!

 Are there any plans for an official Dovecot repo for CentOS 8?

 Thanks,
 Reio
>>> (sorry for duplicate, user error in earlier one...)
>>>
>>> Yes. There are plans for the repo, unfortunately there are still
>>> technical problems due to how CentOS8 repositories are organized.
>>> But soon.
>>>
>>> Aki
>>
>> I tried rebuilding the RPM for CentOS 8 but I see it's missing some
>> notable required packages like tcp wrappers and quota-devel. Managed
>> to rebuild by switching these off in the spec file
>> (--without-libwrap), but that's probably not a good idea. :)
>>
>> Reio


-- 
collect@shift.agency

Re: Dovecot 2.3 repo for CentOS 8.

[Remo Mattei]

Agree

> Il giorno 12 dic 2019, alle ore 10:47, Alexander Dalloz  
> ha scritto:
> 
> Am 12.12.2019 um 11:31 schrieb Reio Remma:
>> On 09/12/2019 17:25, Aki Tuomi via dovecot wrote:
> On 09/12/2019 17:20 Reio Remma via dovecot  wrote:
>> 
>> [ ... ]
>> 
>> I tried rebuilding the RPM for CentOS 8 but I see it's missing some notable 
>> required packages like tcp wrappers and quota-devel. Managed to rebuild by 
>> switching these off in the spec file (--without-libwrap), but that's 
>> probably not a good idea. :)
>> Reio
> 
> TCP wrappers got dropped for RHEL 8 by purpose, following that step of fedora.
> 
> https://fedoraproject.org//wiki/Changes/Deprecate_TCP_wrappers
> 
> There is no real need nowadays and from my experience not many admins make 
> use of it.
> 
> Alexander

Re: Dovecot 2.3 repo for CentOS 8.

[Alexander Dalloz]

Am 12.12.2019 um 11:31 schrieb Reio Remma:

On 09/12/2019 17:25, Aki Tuomi via dovecot wrote:

On 09/12/2019 17:20 Reio Remma via dovecot  wrote:


[ ... ]

I tried rebuilding the RPM for CentOS 8 but I see it's missing some 
notable required packages like tcp wrappers and quota-devel. Managed to 
rebuild by switching these off in the spec file (--without-libwrap), but 
that's probably not a good idea. :)


Reio


TCP wrappers got dropped for RHEL 8 by purpose, following that step of 
fedora.


https://fedoraproject.org//wiki/Changes/Deprecate_TCP_wrappers

There is no real need nowadays and from my experience not many admins 
make use of it.


Alexander

Re: Dovecot 2.3 repo for CentOS 8.

[Reio Remma]

On 12/12/2019 13:01, fil...@centrum.cz wrote:

Hello,
I have builded some dovecot packages for CentOS 8 in my personal
repository:
http://repo.joomhosting.eu/centos/8/x86_64/
and SRPMS are in
http://repo.joomhosting.eu/centos/8/SRPMS/

I you want you can try it.

With best regards,
Filip Bartmann


Thanks! Will have a look. :)

Reio



On Thu, 12 Dec 2019 12:31:45 +0200
Reio Remma  wrote:


On 09/12/2019 17:25, Aki Tuomi via dovecot wrote:

On 09/12/2019 17:20 Reio Remma via dovecot 
wrote:

   
Hello!


Are there any plans for an official Dovecot repo for CentOS 8?

Thanks,
Reio

(sorry for duplicate, user error in earlier one...)

Yes. There are plans for the repo, unfortunately there are still
technical problems due to how CentOS8 repositories are organized.
But soon.

Aki

I tried rebuilding the RPM for CentOS 8 but I see it's missing some
notable required packages like tcp wrappers and quota-devel. Managed
to rebuild by switching these off in the spec file
(--without-libwrap), but that's probably not a good idea. :)

Reio



--
Tervitades
Reio Remma


MR Stuudio 25 aastat

*MR Stuudio OÜ*
Tondi 17b, 11316, Tallinn
Tel +372 650 4808
Mob +372 56 22 00 33
r...@mrstuudio.ee
www.mrstuudio.ee

Re: Dovecot 2.3 repo for CentOS 8.

[filbar]

Hello,
I have builded some dovecot packages for CentOS 8 in my personal
repository:
http://repo.joomhosting.eu/centos/8/x86_64/ 
and SRPMS are in
http://repo.joomhosting.eu/centos/8/SRPMS/

I you want you can try it.

With best regards,
Filip Bartmann

On Thu, 12 Dec 2019 12:31:45 +0200
Reio Remma  wrote:

> On 09/12/2019 17:25, Aki Tuomi via dovecot wrote:
> >> On 09/12/2019 17:20 Reio Remma via dovecot 
> >> wrote:
> >>
> >>   
> >> Hello!
> >>
> >> Are there any plans for an official Dovecot repo for CentOS 8?
> >>
> >> Thanks,
> >> Reio  
> > (sorry for duplicate, user error in earlier one...)
> >
> > Yes. There are plans for the repo, unfortunately there are still
> > technical problems due to how CentOS8 repositories are organized.
> > But soon.
> >
> > Aki  
> 
> I tried rebuilding the RPM for CentOS 8 but I see it's missing some 
> notable required packages like tcp wrappers and quota-devel. Managed
> to rebuild by switching these off in the spec file
> (--without-libwrap), but that's probably not a good idea. :)
> 
> Reio

Re: Dovecot 2.3 repo for CentOS 8.

[Reio Remma]

On 09/12/2019 17:25, Aki Tuomi via dovecot wrote:

On 09/12/2019 17:20 Reio Remma via dovecot  wrote:

  
Hello!


Are there any plans for an official Dovecot repo for CentOS 8?

Thanks,
Reio

(sorry for duplicate, user error in earlier one...)

Yes. There are plans for the repo, unfortunately there are still technical 
problems due to how CentOS8 repositories are organized. But soon.

Aki


I tried rebuilding the RPM for CentOS 8 but I see it's missing some 
notable required packages like tcp wrappers and quota-devel. Managed to 
rebuild by switching these off in the spec file (--without-libwrap), but 
that's probably not a good idea. :)


Reio

Re: Dovecot 2.3 repo for CentOS 8.

[Aki Tuomi via dovecot]

> On 09/12/2019 17:20 Reio Remma via dovecot  wrote:
> 
>  
> Hello!
> 
> Are there any plans for an official Dovecot repo for CentOS 8?
> 
> Thanks,
> Reio

(sorry for duplicate, user error in earlier one...)

Yes. There are plans for the repo, unfortunately there are still technical 
problems due to how CentOS8 repositories are organized. But soon.

Aki

Re: Dovecot 2.3 repo for CentOS 8.

[Aki Tuomi via dovecot]

> On 09/12/2019 17:20 Reio Remma via dovecot  wrote:
> 
>  
> Hello!
> 
> Are there any plans for an official Dovecot repo for CentOS 8?
> 
> Thanks,
> Reio

Re: Dovecot 2.3 error, FreeBSD 12 in a jail

[Odhiambo Washington via dovecot]

On Sat, 15 Jun 2019 at 07:12, David Mehler via dovecot 
wrote:

> Hello,
>
> I'm trying to get Dovecot going on my system. It's a FreeBSD
> 12.0-RELEASE system and it's running dovecot 2.3 via ports in a jail.
> I'm getting the same error message(s) as in this bug report, which has
> been marked as closed:
>
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225078
>
> Dovecot is not starting at all in this jail when starting with service
> dovecot start. A service dovecot status also reveals the error message
> about /var/run/dovecot/dovecot.conf file, but a doveconf -n does not
> reveal any configuration file issues. I did put a symlink in
> /var/run/dovecot to /usr/local/etc/dovecot/dovecot.conf, this did not
> correct the issue.
>
> Any suggestions welcome.
> Thanks.
> Dave.
>

Hi David,

Your problem must be something to do with your jails on FreeBSD, IMHO.
The FreeBSD port maintainer (Larry Rosenman) is here.
Perhaps he'll be willing to help troubleshoot the jail issue.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)

Re: Dovecot 2.3 no longer accepts ssl_key_password

[Stephan Bosch]

Op 15/01/2019 om 08:08 schreef Aki Tuomi:

On 10.1.2019 6.53, Chris Kiakas wrote:

Hit a little problem when I upgraded a system from FreeBSD 10.3 to 11.2. I did 
not receive any errors in the upgrade. The system is running 4 jails and 
everything seems to work except in Dovecot dovecot-2.3.4_5 where when using the 
exact same configuration which worked in 10.3 with the same password protected 
certificate key. (doveconf -n -P shows the correct password.)


ssl_ca = 
Thanks for reporting this, we'll look into it.


Tracking internally as DOP-851.

Regards,

Stephan.

Re: Dovecot 2.3 no longer accepts ssl_key_password

[Aki Tuomi]

On 10.1.2019 6.53, Chris Kiakas wrote:
> Hit a little problem when I upgraded a system from FreeBSD 10.3 to 11.2. I 
> did not receive any errors in the upgrade. The system is running 4 jails and 
> everything seems to work except in Dovecot dovecot-2.3.4_5 where when using 
> the exact same configuration which worked in 10.3 with the same password 
> protected certificate key. (doveconf -n -P shows the correct password.)
>
>
> ssl_ca =  ssl_cert =  ssl_dh =  ssl_key =  ssl_key_password = keypassword
>
> The password works with openssl. Changing the password on the key has no 
> effect. Removing the password on the cert with openssl and running dovecot 
> with the new key works.
>
> I installed on another system and I am experiencing the same results. The 
> issue persists whether I install dovecot from ports or pkg. I can't see where 
> the problem is. It seems that Dovecot is unable to read the key when password 
> protected even though it has the correct password. Has anyone experienced 
> this?
>
>
>
> Chris

Hi!

Thanks for reporting this, we'll look into it.


Aki

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

[ѽ҉ᶬḳ℠]

>> That is one of the reasons I do not bother since long with public CAs
>> but rather deploy my own, including own OSCP responder.
> May I ask, how you create a CA which is valid for clients without them
> having to install your root cert?
>

> and CA trust in clients. Latter though could be easily overcome if
browser and email clients were to support DNSSEC/DANE validation.

That is where DANE/TLSA comes in but it requires DNSSEC/DANE validation
in the client and of course DNSSEC and TLSA records in the domain's DNS.
Notwithstanding that the upstream DNS resolvers utilized by clients need
to support DNSSEC queries/answers as well.

Whatever the reasons for lacking such validation support in most of the
clients (incl. web browsers) one speculative is that it would kill
commercial CAs (as such Let's Encrypt is one too through their
sponsors), or at least has the potential to diminish their business (model).

Suppose we are not hijacking this thread furthermore and avoid earning a
discontent eventually ... ;)

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

[Helmut K. C. Tessarek]

On 2018-07-30 19:45, ѽ҉ᶬḳ℠ wrote:
> That is one of the reasons I do not bother since long with public CAs
> but rather deploy my own, including own OSCP responder.

May I ask, how you create a CA which is valid for clients without them
having to install your root cert?

Cheers,
 K. C.

-- 
regards Helmut K. C. Tessarek  KeyID 0x172380A011EF4944
Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944

/*
   Thou shalt not follow the NULL pointer for chaos and madness
   await thee at its end.
*/



signature.asc
Description: OpenPGP digital signature

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

[ѽ҉ᶬḳ℠]

That is one of the reasons I do not bother since long with public CAs
but rather deploy my own, including own OSCP responder.

Which has of course has some drawbacks like redundancy, resilience,
bandwidth provision, geographical spread, implementing CA security
standards and CA trust in clients. Latter though could be easily
overcome if browser and email clients were to support DNSSEC/DANE
validation.

It may not help you in the short term now but perhaps something to
consider long term for the benefit of controlling the certificate
handling/signing, depending on the CA scale.

> Hello,
>
> I have discovered what I believe is the issue after hearing back from
> Aquamail. And that is that android 7 which I'm running 7.0 that is,
> only supports up to the p256 ecc curve. This brings up a question to
> users of letsencrypt, when you revoke a certificate does it take it
> out on the usage as well? I've got one domain that says i've issued to
> many certificates for it and no more can be issued, thought I was
> using the staging server. I'd like to get those certs off the
> letsencrypt servers so I can make a new one using the p256 curve. Does
> anyone know if this is doable? Using acme.sh I tried --revoke which
> revoked one cert but letsencrypt still would not let me issue another.
>
> Thanks.
> Dave.
>
>
> On 7/30/18, Aki Tuomi  wrote:
>> I don't know how to get both RSA and ECC cert from letsencrypt.
>>
>> Aki
>>
>>> On 30 July 2018 at 20:43 David Mehler  wrote:
>>>
>>>
>>> Hello,
>>>
>>> What acme implementation do you use for your letsencrypt certificates?
>>> If it's acme.sh how do you get both rsa and ecc certificates? What
>>> configuration options are you using in your configuration of services
>>> to allow access to both rsa and ecc?
>>>
>>> Thanks.
>>> Dave.
>>>
>>>
>>> On 7/30/18, David Mehler  wrote:
 Hello,

 The client in question is the latest version of AquaMail running on
 android.

 Thanks.
 Dave.


 On 7/30/18, Aki Tuomi  wrote:
> You should, in practice, enable both. This gives best client
> compability.
> It
> is possible you have clients that cannot understand ECC certificates?
> You
> can use ssl_alt_cert to provide RSA cert too.
>
> Aki
>
>> On 30 July 2018 at 20:05 David Mehler  wrote:
>>
>>
>> Hi,
>>
>> Thanks, good news is that worked. Bad news is it all looks good which
>> means I do not know hwhy my remote clients can't get their email,
>> looked like from the logs it was that.
>>
>> Would 143 be better or 993 for the external clients?
>>
>> Thanks.
>> Dave.
>>
>>
>> On 7/30/18, Aki Tuomi  wrote:
 On 30 July 2018 at 19:16 David Mehler 
 wrote:


 Hello,

 Does dovecot 2.3.x have any issues recognizing or using
 certificates
 that are ECC and wildcard? I'm trying to switch my letsencrypt
 implementation from acme-client which does not support either of
 those
 capabilities to acme.sh which does. Since then external clients
 checking their email has not worked. A manual telnet to
 mail.example.com 993 gives a connected message but then nothing no
 greeting or capabilities.

 The certificate is for example.com with an alt name of
 *.example.com
 if that's not right let me know, i'm not sure about that one,
 connecting to the web sites of these pages seems noticeably
 slower,
 I'm wondering if both of these issues aren't key related?

 Thanks.
 Dave.
>>> These both should be fine.
>>>
>>> Port 993 is TLS encrypted, you should use openssl s_client -connect
>>> server:993
>>>
>>> Aki
>>>

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

[Felipe Gasper]

Revocation doesn’t remove the certificates; it just marks them as invalid when 
a TLS client bothers to check.

-FG

> On Jul 30, 2018, at 6:45 PM, David Mehler  wrote:
> 
> Hello,
> 
> I have discovered what I believe is the issue after hearing back from
> Aquamail. And that is that android 7 which I'm running 7.0 that is,
> only supports up to the p256 ecc curve. This brings up a question to
> users of letsencrypt, when you revoke a certificate does it take it
> out on the usage as well? I've got one domain that says i've issued to
> many certificates for it and no more can be issued, thought I was
> using the staging server. I'd like to get those certs off the
> letsencrypt servers so I can make a new one using the p256 curve. Does
> anyone know if this is doable? Using acme.sh I tried --revoke which
> revoked one cert but letsencrypt still would not let me issue another.
> 
> Thanks.
> Dave.
> 
> 
> On 7/30/18, Aki Tuomi  wrote:
>> I don't know how to get both RSA and ECC cert from letsencrypt.
>> 
>> Aki
>> 
>>> On 30 July 2018 at 20:43 David Mehler  wrote:
>>> 
>>> 
>>> Hello,
>>> 
>>> What acme implementation do you use for your letsencrypt certificates?
>>> If it's acme.sh how do you get both rsa and ecc certificates? What
>>> configuration options are you using in your configuration of services
>>> to allow access to both rsa and ecc?
>>> 
>>> Thanks.
>>> Dave.
>>> 
>>> 
>>> On 7/30/18, David Mehler  wrote:
 Hello,
 
 The client in question is the latest version of AquaMail running on
 android.
 
 Thanks.
 Dave.
 
 
 On 7/30/18, Aki Tuomi  wrote:
> You should, in practice, enable both. This gives best client
> compability.
> It
> is possible you have clients that cannot understand ECC certificates?
> You
> can use ssl_alt_cert to provide RSA cert too.
> 
> Aki
> 
>> On 30 July 2018 at 20:05 David Mehler  wrote:
>> 
>> 
>> Hi,
>> 
>> Thanks, good news is that worked. Bad news is it all looks good which
>> means I do not know hwhy my remote clients can't get their email,
>> looked like from the logs it was that.
>> 
>> Would 143 be better or 993 for the external clients?
>> 
>> Thanks.
>> Dave.
>> 
>> 
>> On 7/30/18, Aki Tuomi  wrote:
>>> 
 On 30 July 2018 at 19:16 David Mehler 
 wrote:
 
 
 Hello,
 
 Does dovecot 2.3.x have any issues recognizing or using
 certificates
 that are ECC and wildcard? I'm trying to switch my letsencrypt
 implementation from acme-client which does not support either of
 those
 capabilities to acme.sh which does. Since then external clients
 checking their email has not worked. A manual telnet to
 mail.example.com 993 gives a connected message but then nothing no
 greeting or capabilities.
 
 The certificate is for example.com with an alt name of
 *.example.com
 if that's not right let me know, i'm not sure about that one,
 connecting to the web sites of these pages seems noticeably
 slower,
 I'm wondering if both of these issues aren't key related?
 
 Thanks.
 Dave.
>>> 
>>> These both should be fine.
>>> 
>>> Port 993 is TLS encrypted, you should use openssl s_client -connect
>>> server:993
>>> 
>>> Aki
>>> 
> 
 
>> 

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

[David Mehler]

Hello,

I have discovered what I believe is the issue after hearing back from
Aquamail. And that is that android 7 which I'm running 7.0 that is,
only supports up to the p256 ecc curve. This brings up a question to
users of letsencrypt, when you revoke a certificate does it take it
out on the usage as well? I've got one domain that says i've issued to
many certificates for it and no more can be issued, thought I was
using the staging server. I'd like to get those certs off the
letsencrypt servers so I can make a new one using the p256 curve. Does
anyone know if this is doable? Using acme.sh I tried --revoke which
revoked one cert but letsencrypt still would not let me issue another.

Thanks.
Dave.


On 7/30/18, Aki Tuomi  wrote:
> I don't know how to get both RSA and ECC cert from letsencrypt.
>
> Aki
>
>> On 30 July 2018 at 20:43 David Mehler  wrote:
>>
>>
>> Hello,
>>
>> What acme implementation do you use for your letsencrypt certificates?
>> If it's acme.sh how do you get both rsa and ecc certificates? What
>> configuration options are you using in your configuration of services
>> to allow access to both rsa and ecc?
>>
>> Thanks.
>> Dave.
>>
>>
>> On 7/30/18, David Mehler  wrote:
>> > Hello,
>> >
>> > The client in question is the latest version of AquaMail running on
>> > android.
>> >
>> > Thanks.
>> > Dave.
>> >
>> >
>> > On 7/30/18, Aki Tuomi  wrote:
>> >> You should, in practice, enable both. This gives best client
>> >> compability.
>> >> It
>> >> is possible you have clients that cannot understand ECC certificates?
>> >> You
>> >> can use ssl_alt_cert to provide RSA cert too.
>> >>
>> >> Aki
>> >>
>> >>> On 30 July 2018 at 20:05 David Mehler  wrote:
>> >>>
>> >>>
>> >>> Hi,
>> >>>
>> >>> Thanks, good news is that worked. Bad news is it all looks good which
>> >>> means I do not know hwhy my remote clients can't get their email,
>> >>> looked like from the logs it was that.
>> >>>
>> >>> Would 143 be better or 993 for the external clients?
>> >>>
>> >>> Thanks.
>> >>> Dave.
>> >>>
>> >>>
>> >>> On 7/30/18, Aki Tuomi  wrote:
>> >>> >
>> >>> >> On 30 July 2018 at 19:16 David Mehler 
>> >>> >> wrote:
>> >>> >>
>> >>> >>
>> >>> >> Hello,
>> >>> >>
>> >>> >> Does dovecot 2.3.x have any issues recognizing or using
>> >>> >> certificates
>> >>> >> that are ECC and wildcard? I'm trying to switch my letsencrypt
>> >>> >> implementation from acme-client which does not support either of
>> >>> >> those
>> >>> >> capabilities to acme.sh which does. Since then external clients
>> >>> >> checking their email has not worked. A manual telnet to
>> >>> >> mail.example.com 993 gives a connected message but then nothing no
>> >>> >> greeting or capabilities.
>> >>> >>
>> >>> >> The certificate is for example.com with an alt name of
>> >>> >> *.example.com
>> >>> >> if that's not right let me know, i'm not sure about that one,
>> >>> >> connecting to the web sites of these pages seems noticeably
>> >>> >> slower,
>> >>> >> I'm wondering if both of these issues aren't key related?
>> >>> >>
>> >>> >> Thanks.
>> >>> >> Dave.
>> >>> >
>> >>> > These both should be fine.
>> >>> >
>> >>> > Port 993 is TLS encrypted, you should use openssl s_client -connect
>> >>> > server:993
>> >>> >
>> >>> > Aki
>> >>> >
>> >>
>> >
>

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

[Felipe Gasper]

FWIW, it’s relatively straightforward to do this with my Perl ACME 
implementation, Net::ACME2.

You’ll get your first certificate order using one key, then request another 
certificate with the other key.

-FG

> On Jul 30, 2018, at 1:49 PM, Aki Tuomi  wrote:
> 
> I don't know how to get both RSA and ECC cert from letsencrypt.
> 
> Aki
> 
>> On 30 July 2018 at 20:43 David Mehler  wrote:
>> 
>> 
>> Hello,
>> 
>> What acme implementation do you use for your letsencrypt certificates?
>> If it's acme.sh how do you get both rsa and ecc certificates? What
>> configuration options are you using in your configuration of services
>> to allow access to both rsa and ecc?
>> 
>> Thanks.
>> Dave.
>> 
>> 
>> On 7/30/18, David Mehler  wrote:
>>> Hello,
>>> 
>>> The client in question is the latest version of AquaMail running on
>>> android.
>>> 
>>> Thanks.
>>> Dave.
>>> 
>>> 
>>> On 7/30/18, Aki Tuomi  wrote:
 You should, in practice, enable both. This gives best client compability.
 It
 is possible you have clients that cannot understand ECC certificates? You
 can use ssl_alt_cert to provide RSA cert too.
 
 Aki
 
> On 30 July 2018 at 20:05 David Mehler  wrote:
> 
> 
> Hi,
> 
> Thanks, good news is that worked. Bad news is it all looks good which
> means I do not know hwhy my remote clients can't get their email,
> looked like from the logs it was that.
> 
> Would 143 be better or 993 for the external clients?
> 
> Thanks.
> Dave.
> 
> 
> On 7/30/18, Aki Tuomi  wrote:
>> 
>>> On 30 July 2018 at 19:16 David Mehler  wrote:
>>> 
>>> 
>>> Hello,
>>> 
>>> Does dovecot 2.3.x have any issues recognizing or using certificates
>>> that are ECC and wildcard? I'm trying to switch my letsencrypt
>>> implementation from acme-client which does not support either of
>>> those
>>> capabilities to acme.sh which does. Since then external clients
>>> checking their email has not worked. A manual telnet to
>>> mail.example.com 993 gives a connected message but then nothing no
>>> greeting or capabilities.
>>> 
>>> The certificate is for example.com with an alt name of *.example.com
>>> if that's not right let me know, i'm not sure about that one,
>>> connecting to the web sites of these pages seems noticeably slower,
>>> I'm wondering if both of these issues aren't key related?
>>> 
>>> Thanks.
>>> Dave.
>> 
>> These both should be fine.
>> 
>> Port 993 is TLS encrypted, you should use openssl s_client -connect
>> server:993
>> 
>> Aki
>> 
 
>>> 

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

[Aki Tuomi]

I don't know how to get both RSA and ECC cert from letsencrypt.

Aki

> On 30 July 2018 at 20:43 David Mehler  wrote:
> 
> 
> Hello,
> 
> What acme implementation do you use for your letsencrypt certificates?
> If it's acme.sh how do you get both rsa and ecc certificates? What
> configuration options are you using in your configuration of services
> to allow access to both rsa and ecc?
> 
> Thanks.
> Dave.
> 
> 
> On 7/30/18, David Mehler  wrote:
> > Hello,
> >
> > The client in question is the latest version of AquaMail running on
> > android.
> >
> > Thanks.
> > Dave.
> >
> >
> > On 7/30/18, Aki Tuomi  wrote:
> >> You should, in practice, enable both. This gives best client compability.
> >> It
> >> is possible you have clients that cannot understand ECC certificates? You
> >> can use ssl_alt_cert to provide RSA cert too.
> >>
> >> Aki
> >>
> >>> On 30 July 2018 at 20:05 David Mehler  wrote:
> >>>
> >>>
> >>> Hi,
> >>>
> >>> Thanks, good news is that worked. Bad news is it all looks good which
> >>> means I do not know hwhy my remote clients can't get their email,
> >>> looked like from the logs it was that.
> >>>
> >>> Would 143 be better or 993 for the external clients?
> >>>
> >>> Thanks.
> >>> Dave.
> >>>
> >>>
> >>> On 7/30/18, Aki Tuomi  wrote:
> >>> >
> >>> >> On 30 July 2018 at 19:16 David Mehler  wrote:
> >>> >>
> >>> >>
> >>> >> Hello,
> >>> >>
> >>> >> Does dovecot 2.3.x have any issues recognizing or using certificates
> >>> >> that are ECC and wildcard? I'm trying to switch my letsencrypt
> >>> >> implementation from acme-client which does not support either of
> >>> >> those
> >>> >> capabilities to acme.sh which does. Since then external clients
> >>> >> checking their email has not worked. A manual telnet to
> >>> >> mail.example.com 993 gives a connected message but then nothing no
> >>> >> greeting or capabilities.
> >>> >>
> >>> >> The certificate is for example.com with an alt name of *.example.com
> >>> >> if that's not right let me know, i'm not sure about that one,
> >>> >> connecting to the web sites of these pages seems noticeably slower,
> >>> >> I'm wondering if both of these issues aren't key related?
> >>> >>
> >>> >> Thanks.
> >>> >> Dave.
> >>> >
> >>> > These both should be fine.
> >>> >
> >>> > Port 993 is TLS encrypted, you should use openssl s_client -connect
> >>> > server:993
> >>> >
> >>> > Aki
> >>> >
> >>
> >

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

[David Mehler]

Hello,

What acme implementation do you use for your letsencrypt certificates?
If it's acme.sh how do you get both rsa and ecc certificates? What
configuration options are you using in your configuration of services
to allow access to both rsa and ecc?

Thanks.
Dave.


On 7/30/18, David Mehler  wrote:
> Hello,
>
> The client in question is the latest version of AquaMail running on
> android.
>
> Thanks.
> Dave.
>
>
> On 7/30/18, Aki Tuomi  wrote:
>> You should, in practice, enable both. This gives best client compability.
>> It
>> is possible you have clients that cannot understand ECC certificates? You
>> can use ssl_alt_cert to provide RSA cert too.
>>
>> Aki
>>
>>> On 30 July 2018 at 20:05 David Mehler  wrote:
>>>
>>>
>>> Hi,
>>>
>>> Thanks, good news is that worked. Bad news is it all looks good which
>>> means I do not know hwhy my remote clients can't get their email,
>>> looked like from the logs it was that.
>>>
>>> Would 143 be better or 993 for the external clients?
>>>
>>> Thanks.
>>> Dave.
>>>
>>>
>>> On 7/30/18, Aki Tuomi  wrote:
>>> >
>>> >> On 30 July 2018 at 19:16 David Mehler  wrote:
>>> >>
>>> >>
>>> >> Hello,
>>> >>
>>> >> Does dovecot 2.3.x have any issues recognizing or using certificates
>>> >> that are ECC and wildcard? I'm trying to switch my letsencrypt
>>> >> implementation from acme-client which does not support either of
>>> >> those
>>> >> capabilities to acme.sh which does. Since then external clients
>>> >> checking their email has not worked. A manual telnet to
>>> >> mail.example.com 993 gives a connected message but then nothing no
>>> >> greeting or capabilities.
>>> >>
>>> >> The certificate is for example.com with an alt name of *.example.com
>>> >> if that's not right let me know, i'm not sure about that one,
>>> >> connecting to the web sites of these pages seems noticeably slower,
>>> >> I'm wondering if both of these issues aren't key related?
>>> >>
>>> >> Thanks.
>>> >> Dave.
>>> >
>>> > These both should be fine.
>>> >
>>> > Port 993 is TLS encrypted, you should use openssl s_client -connect
>>> > server:993
>>> >
>>> > Aki
>>> >
>>
>

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

[David Mehler]

Hello,

The client in question is the latest version of AquaMail running on android.

Thanks.
Dave.


On 7/30/18, Aki Tuomi  wrote:
> You should, in practice, enable both. This gives best client compability. It
> is possible you have clients that cannot understand ECC certificates? You
> can use ssl_alt_cert to provide RSA cert too.
>
> Aki
>
>> On 30 July 2018 at 20:05 David Mehler  wrote:
>>
>>
>> Hi,
>>
>> Thanks, good news is that worked. Bad news is it all looks good which
>> means I do not know hwhy my remote clients can't get their email,
>> looked like from the logs it was that.
>>
>> Would 143 be better or 993 for the external clients?
>>
>> Thanks.
>> Dave.
>>
>>
>> On 7/30/18, Aki Tuomi  wrote:
>> >
>> >> On 30 July 2018 at 19:16 David Mehler  wrote:
>> >>
>> >>
>> >> Hello,
>> >>
>> >> Does dovecot 2.3.x have any issues recognizing or using certificates
>> >> that are ECC and wildcard? I'm trying to switch my letsencrypt
>> >> implementation from acme-client which does not support either of those
>> >> capabilities to acme.sh which does. Since then external clients
>> >> checking their email has not worked. A manual telnet to
>> >> mail.example.com 993 gives a connected message but then nothing no
>> >> greeting or capabilities.
>> >>
>> >> The certificate is for example.com with an alt name of *.example.com
>> >> if that's not right let me know, i'm not sure about that one,
>> >> connecting to the web sites of these pages seems noticeably slower,
>> >> I'm wondering if both of these issues aren't key related?
>> >>
>> >> Thanks.
>> >> Dave.
>> >
>> > These both should be fine.
>> >
>> > Port 993 is TLS encrypted, you should use openssl s_client -connect
>> > server:993
>> >
>> > Aki
>> >
>

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

[Aki Tuomi]

You should, in practice, enable both. This gives best client compability. It is 
possible you have clients that cannot understand ECC certificates? You can use 
ssl_alt_cert to provide RSA cert too.

Aki

> On 30 July 2018 at 20:05 David Mehler  wrote:
> 
> 
> Hi,
> 
> Thanks, good news is that worked. Bad news is it all looks good which
> means I do not know hwhy my remote clients can't get their email,
> looked like from the logs it was that.
> 
> Would 143 be better or 993 for the external clients?
> 
> Thanks.
> Dave.
> 
> 
> On 7/30/18, Aki Tuomi  wrote:
> >
> >> On 30 July 2018 at 19:16 David Mehler  wrote: 
> >>
> >>
> >> Hello,
> >>
> >> Does dovecot 2.3.x have any issues recognizing or using certificates
> >> that are ECC and wildcard? I'm trying to switch my letsencrypt
> >> implementation from acme-client which does not support either of those
> >> capabilities to acme.sh which does. Since then external clients
> >> checking their email has not worked. A manual telnet to
> >> mail.example.com 993 gives a connected message but then nothing no
> >> greeting or capabilities.
> >>
> >> The certificate is for example.com with an alt name of *.example.com
> >> if that's not right let me know, i'm not sure about that one,
> >> connecting to the web sites of these pages seems noticeably slower,
> >> I'm wondering if both of these issues aren't key related?
> >>
> >> Thanks.
> >> Dave.
> >
> > These both should be fine.
> >
> > Port 993 is TLS encrypted, you should use openssl s_client -connect
> > server:993
> >
> > Aki
> >

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

[David Mehler]

Hi,

Thanks, good news is that worked. Bad news is it all looks good which
means I do not know hwhy my remote clients can't get their email,
looked like from the logs it was that.

Would 143 be better or 993 for the external clients?

Thanks.
Dave.


On 7/30/18, Aki Tuomi  wrote:
>
>> On 30 July 2018 at 19:16 David Mehler  wrote:
>>
>>
>> Hello,
>>
>> Does dovecot 2.3.x have any issues recognizing or using certificates
>> that are ECC and wildcard? I'm trying to switch my letsencrypt
>> implementation from acme-client which does not support either of those
>> capabilities to acme.sh which does. Since then external clients
>> checking their email has not worked. A manual telnet to
>> mail.example.com 993 gives a connected message but then nothing no
>> greeting or capabilities.
>>
>> The certificate is for example.com with an alt name of *.example.com
>> if that's not right let me know, i'm not sure about that one,
>> connecting to the web sites of these pages seems noticeably slower,
>> I'm wondering if both of these issues aren't key related?
>>
>> Thanks.
>> Dave.
>
> These both should be fine.
>
> Port 993 is TLS encrypted, you should use openssl s_client -connect
> server:993
>
> Aki
>

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

[Aki Tuomi]

> On 30 July 2018 at 19:16 David Mehler  wrote:
> 
> 
> Hello,
> 
> Does dovecot 2.3.x have any issues recognizing or using certificates
> that are ECC and wildcard? I'm trying to switch my letsencrypt
> implementation from acme-client which does not support either of those
> capabilities to acme.sh which does. Since then external clients
> checking their email has not worked. A manual telnet to
> mail.example.com 993 gives a connected message but then nothing no
> greeting or capabilities.
> 
> The certificate is for example.com with an alt name of *.example.com
> if that's not right let me know, i'm not sure about that one,
> connecting to the web sites of these pages seems noticeably slower,
> I'm wondering if both of these issues aren't key related?
> 
> Thanks.
> Dave.

These both should be fine.

Port 993 is TLS encrypted, you should use openssl s_client -connect server:993

Aki

Re: Dovecot 2.3 panic

[Aki Tuomi]

Hi!

Can you install debugging symbols and try get core?

A backtrace would help a lot!

https://dovecot.org/bugreport.html

Aki


On 29.03.2018 00:50, Martynas Bendorius wrote:
> Dovecot version: 2.3.1 (happens with 2.3.x too)
> OS: CentOS 7 64-bit
>
> Mar 28 16:29:24 lmtp(30383): Panic: file lib-event.c: line 182 
> (event_pop_global): assertion failed: (event != NULL)
> Mar 28 16:29:24 lmtp(30383): Error: Raw backtrace: 
> /usr/lib/dovecot/libdovecot.so.0(+0xcc7a4) [0x7fac7f5177a4] -> 
> /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7fac7f5177ea] 
> -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fac7f48826b] -> 
> /usr/lib/dovecot/libdovecot.so.0(+0xe8392) [0x7fac7f533392] -> 
> /usr/lib/dovecot/libdovecot-storage.so.0(+0x4ffc8) [0x7fac7f814fc8] -> 
> /usr/lib/dovecot/libdovecot.so.0(io_loop_context_deactivate+0x5d) 
> [0x7fac7f52ec5d] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x85) 
> [0x7fac7f52f055] -> 
> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) 
> [0x7fac7f53092f] -> 
> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7fac7f52f132] 
> -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fac7f52f358] -> 
> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fac7f4ab6e3] -> 
> dovecot/lmtp [local READY](main+0x229) [0x7fac7ff4a319] -> 
> /lib64/libc.so.6(__libc_start_main+0xf5) [0x7fac7f0a9c05] -> dovecot/lmtp 
> [local READY](+0x5445) [0x7fac7ff4a445]
> Mar 28 16:30:03 lmtp(17330): Panic: file lib-event.c: line 182 
> (event_pop_global): assertion failed: (event != NULL)
> Mar 28 16:30:03 lmtp(17330): Error: Raw backtrace: 
> /usr/lib/dovecot/libdovecot.so.0(+0xcc7a4) [0x7f31e1b977a4] -> 
> /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7f31e1b977ea] 
> -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f31e1b0826b] -> 
> /usr/lib/dovecot/libdovecot.so.0(+0xe8392) [0x7f31e1bb3392] -> 
> /usr/lib/dovecot/libdovecot-storage.so.0(+0x4ffc8) [0x7f31e1e94fc8] -> 
> /usr/lib/dovecot/libdovecot.so.0(io_loop_context_deactivate+0x5d) 
> [0x7f31e1baec5d] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x85) 
> [0x7f31e1baf055] -> 
> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) 
> [0x7f31e1bb092f] -> 
> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7f31e1baf132] 
> -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f31e1baf358] -> 
> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f31e1b2b6e3] -> 
> dovecot/lmtp [local READY](main+0x229) [0x7f31e25ca319] -> 
> /lib64/libc.so.6(__libc_start_main+0xf5) [0x7f31e1729c05] -> dovecot/lmtp 
> [local READY](+0x5445) [0x7f31e25ca445]
> Mar 28 16:31:52 lmtp(883): Panic: file lib-event.c: line 182 
> (event_pop_global): assertion failed: (event != NULL)
> Mar 28 16:31:52 lmtp(883): Error: Raw backtrace: 
> /usr/lib/dovecot/libdovecot.so.0(+0xcc7a4) [0x7feb746127a4] -> 
> /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7feb746127ea] 
> -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7feb7458326b] -> 
> /usr/lib/dovecot/libdovecot.so.0(+0xe8392) [0x7feb7462e392] -> 
> /usr/lib/dovecot/libdovecot-storage.so.0(+0x4ffc8) [0x7feb7490ffc8] -> 
> /usr/lib/dovecot/libdovecot.so.0(io_loop_context_deactivate+0x5d) 
> [0x7feb74629c5d] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x85) 
> [0x7feb7462a055] -> 
> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) 
> [0x7feb7462b92f] -> 
> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7feb7462a132] 
> -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7feb7462a358] -> 
> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7feb745a66e3] -> 
> dovecot/lmtp [local READY](main+0x229) [0x7feb75045319] -> 
> /lib64/libc.so.6(__libc_start_main+0xf5) [0x7feb741a4c05] -> dovecot/lmtp 
> [local READY](+0x5445) [0x7feb75045445]
>
> # 2.3.1 (8e2f634): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.1 (d9bc6dfe)
> # OS: Linux 3.10.0-714.10.2.lve1.5.12.el7.x86_64 x86_64 CloudLinux release 
> 7.4 (Georgy Grechko)  
> # Hostname: XXX
> auth_username_chars = 
> abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@&
> auth_verbose = yes
> default_client_limit = 12288
> default_login_user = dovecot
> default_process_limit = 2048
> default_vsz_limit = 512 M
> disable_plaintext_auth = no
> listen = *
> lmtp_rcpt_check_quota = yes
> login_greeting = Dovecot ready.
> mail_access_groups = mail
> mail_location = maildir:~/Maildir
> mail_max_userip_connections = 150
> mail_plugins = " quota"
> maildir_copy_with_hardlinks = no
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character 
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags 
> copy include variables body enotify environment mailbox date index ihave 
> duplicate mime foreverypart extracttext
> passdb {
>   driver = shadow
>   username_filter = !*@*
> 

Re: Dovecot 2.3 on CentOS 7.

[Voytek Eymont]

On Fri, February 2, 2018 8:58 am, Reio Remma wrote:

> What would be the preferred directory for storing all virtual mail
> without modification to system files?

on my Centos 7 Dovecit 2.2.32, as well as prior versions, I've always used
/var/vmail/vmail1/dom.tld

don't know about 'preferred', but, that works fine for me


-- 
Voytek

Re: Dovecot 2.3 on CentOS 7.

[Kenneth Porter]

--On Thursday, February 01, 2018 11:58 PM +0200 Reio Remma 
 wrote:



What would be the preferred directory for storing all virtual mail
without modification to system files?


I would guess something under /var/lib. If you plan to host multiple 
virtual servers, /srv might be a better place to locate it.

Re: Dovecot 2.3 on CentOS 7.

[Reio Remma]

Thanks for the pointer!

That didn't work though, but what worked was:

[Service]
ReadWriteDirectories=/home/dovecot

What would be the preferred directory for storing all virtual mail 
without modification to system files?


Thanks!
Reio

On 01.02.2018 21:57, Aki Tuomi wrote:

/etc/systemd/system/dovecot.service.d/writable-home.conf

[Service]
ProtectHome=false


maybe this helps?

---
Aki Tuomi
Dovecot oy

 Original message 
From: Reio Remma 
Date: 01/02/2018 21:44 (GMT+02:00)
To: dovecot@dovecot.org
Subject: Dovecot 2.3 on CentOS 7.

Greetings!

I'm having a bit of trouble trying out Dovecot 2.3 on CentOS 7.

Dovecot 2.2.33 works fine on the same system (same config as well, minus
the SSL changes) but after upgrading to 2.3 I'm getting the following
errors:

Feb  1 21:30:18 localhost dovecot:
imap(r...@bwo.mrstuudio.ee)<3566>: Debug:
INBOX.Templates: Mailbox opened because: STATUS
Feb  1 21:30:18 localhost dovecot: Error:
imap(r...@bwo.mrstuudio.ee)<3566>: open() failed with
file
/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot.index.log:
Read-only file system
Feb  1 21:30:18 localhost dovecot:
imap(r...@bwo.mrstuudio.ee)<3566>: Error:
open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist.lock) 


failed: Read-only file system
Feb  1 21:30:18 localhost dovecot: Error:
imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox
INBOX.Templates:
file_dotlock_create(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) 


failed: Read-only file system
Feb  1 21:30:18 localhost dovecot: Error:
imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox
INBOX.Templates:
open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) 


failed: Read-only file system

So far I've tried running it with SELinux enforce off and giving the
directories 777 permissions to no avail.

Is anyone else running 2.3 on CentOS 7?

Thanks and good luck!
Reio

Re: Dovecot 2.3 on CentOS 7.

[Aki Tuomi]

/etc/systemd/system/dovecot.service.d/writable-home.conf
[Service]ProtectHome=false

maybe this helps?
---Aki TuomiDovecot oy
 Original message From: Reio Remma  Date: 
01/02/2018  21:44  (GMT+02:00) To: dovecot@dovecot.org Subject: Dovecot 2.3 on 
CentOS 7. 
Greetings!

I'm having a bit of trouble trying out Dovecot 2.3 on CentOS 7.

Dovecot 2.2.33 works fine on the same system (same config as well, minus 
the SSL changes) but after upgrading to 2.3 I'm getting the following 
errors:

Feb  1 21:30:18 localhost dovecot: 
imap(r...@bwo.mrstuudio.ee)<3566>: Debug: 
INBOX.Templates: Mailbox opened because: STATUS
Feb  1 21:30:18 localhost dovecot: Error: 
imap(r...@bwo.mrstuudio.ee)<3566>: open() failed with 
file 
/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot.index.log: 
Read-only file system
Feb  1 21:30:18 localhost dovecot: 
imap(r...@bwo.mrstuudio.ee)<3566>: Error: 
open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist.lock)
 
failed: Read-only file system
Feb  1 21:30:18 localhost dovecot: Error: 
imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox 
INBOX.Templates: 
file_dotlock_create(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist)
 
failed: Read-only file system
Feb  1 21:30:18 localhost dovecot: Error: 
imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox 
INBOX.Templates: 
open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) 
failed: Read-only file system

So far I've tried running it with SELinux enforce off and giving the 
directories 777 permissions to no avail.

Is anyone else running 2.3 on CentOS 7?

Thanks and good luck!
Reio

Re: Dovecot 2.3 - using doveadm as non-root?

[Rob Hoelz]

On Wed, 3 Jan 2018 13:37:07 -0500
Timo Sirainen  wrote:

> On 3 Jan 2018, at 11.38, Rob Hoelz  wrote:
> > 
> > Hi dovecot developers and users,
> > 
> > I recently upgraded my server running Arch Linux to dovecot 2.3.0,
> > and I noticed some of my cron jobs started issuing me error
> > messages.  These cron jobs run as a non-root user associated with
> > my mail account, and they use doveadm to tidy things up (ex.
> > purging the trash, moving old mail in certain folders into the
> > trash).  The error message is:
> > 
> >> Error: net_connect_unix(/var/run/dovecot/stats-writer) failed:
> >> Permission denied
> > 
> > I assume this is doveadm trying to participate in the new 2.3 stats
> > process, and after reading the code a bit, I can't see way to tell
> > doveadm to not connect to the stats writer.  The socket is owned by
> > root with 600 permissions.
> > 
> > What would be the right way to remedy this?  AFAICT, I could
> > potentially run doveadm as root (which I would prefer to avoid), or
> > I could change the permissions on the stats writer socket, but I
> > would hate to introduce any sort of security vulnerability by doing
> > so.  I currently have a scrappy Perl script that just runs doveadm
> > and filters out the error message (it doesn't seem to affect the
> > behavior of doveadm other than the message), but that feels dirty
> > and I would prefer a cleaner solution.  Any advice?
> 
> I was wondering what to do about this while developing it. I think
> you can disable this by clearing out the socket path:
> 
> doveadm -o stats_writer_socket_path=
> 
> But .. I think the changing the socket permissions is the better
> solution. The new stats process should know about everything that is
> going on in the system, and these doveadm calls are part of that. So
> if they're excluded then the stats aren't exactly correct. The
> stats-writer can't do all that much harm other than messing up the
> statistics or probably crashing stats process by using up all of its
> memory.
> 

Thanks for the advice, Timo - I went ahead and applied the permission change to 
my dovecot config.  On a side note, thanks for dovecot in general - it's a 
great piece of software!

-Rob

Re: Dovecot 2.3 - using doveadm as non-root?

[Timo Sirainen]

On 3 Jan 2018, at 11.38, Rob Hoelz  wrote:
> 
> Hi dovecot developers and users,
> 
> I recently upgraded my server running Arch Linux to dovecot 2.3.0, and I
> noticed some of my cron jobs started issuing me error messages.  These
> cron jobs run as a non-root user associated with my mail account, and
> they use doveadm to tidy things up (ex. purging the trash, moving
> old mail in certain folders into the trash).  The error message is:
> 
>> Error: net_connect_unix(/var/run/dovecot/stats-writer) failed:
>> Permission denied
> 
> I assume this is doveadm trying to participate in the new 2.3 stats
> process, and after reading the code a bit, I can't see way to tell
> doveadm to not connect to the stats writer.  The socket is owned by
> root with 600 permissions.
> 
> What would be the right way to remedy this?  AFAICT, I could potentially
> run doveadm as root (which I would prefer to avoid), or I could change
> the permissions on the stats writer socket, but I would hate to
> introduce any sort of security vulnerability by doing so.  I currently
> have a scrappy Perl script that just runs doveadm and filters out the
> error message (it doesn't seem to affect the behavior of doveadm other
> than the message), but that feels dirty and I would prefer a cleaner
> solution.  Any advice?

I was wondering what to do about this while developing it. I think you can 
disable this by clearing out the socket path:

doveadm -o stats_writer_socket_path=

But .. I think the changing the socket permissions is the better solution. The 
new stats process should know about everything that is going on in the system, 
and these doveadm calls are part of that. So if they're excluded then the stats 
aren't exactly correct. The stats-writer can't do all that much harm other than 
messing up the statistics or probably crashing stats process by using up all of 
its memory.

Re: Dovecot 2.3-rc Logging Format

[Stephan Bosch]

Op 12/21/2017 om 8:57 AM schreef Thomas Leuxner:
> Hi,
>
> the release candidate defaults to a log format with session IDs.
>
> mail_log_prefix = "%s(%u)<%{pid}><%{session}>: "
>
> As the LMTP service seems to have the session ID hardcoded, the IDs get 
> duplicated in the logs:
>
> Dec 21 08:48:03 edi dovecot: lmtp(26573): Connect from local
> Dec 21 08:48:03 edi dovecot: lmtp(t...@leuxner.net)[26573]: 
> : fCVaBjNnO1rNZwAAIROLbg: sieve: 
> msgid=<2323281.OorJHhdMHM@ylum>, time=158ms, status=stored mail into mailbox 
> ':public/Mailing-Lists/Debian-User'
> Dec 21 08:48:03 edi dovecot: lmtp(26573): Disconnect from local: Client has 
> quit the connection (state = READY)

Fixed in release.

Regards,

Stephan.

Re: Dovecot 2.3-rc1 SMTP submission proxy always gives TLS required error even when already using TLS

[Michael Marley]

On 2017-12-22 11:22, Michael Marley wrote:

> On 2017-12-21 16:48, Stephan Bosch wrote:
> 
> Op 12/18/2017 om 9:44 PM schreef Michael Marley: 
> 
> First of all, I apologize for my accidental empty message earlier.
> 
> I just set up the SMTP submission proxy in Dovecot 2.3, but whenever I
> try to connect to it, it always returns "530 5.7.0 TLS required." for
> any sort of AUTH or MAIL command.  This occurs even if TLS is being
> used.  It also occurs regardless of whether I connect with a real
> client (Thunderbird) or manually with openssl s_client and regardless
> of whether a loopback connection or a remote connection is used.  Here
> is the output of "dovecot -n".  Please let me know if I can provide
> any other data.  Thanks! 
> Confirmed. Working on a fix.
> 
> Regards,
> 
> Stephan.

I can confirm that it works correctly in 2.3.0, thanks! 

Michael 

I think I spoke too soon.  It works correctly (requiring TLS but working
once STARTTLS has been done) for remote connections, but it also is
requiring TLS for loopback connections, even though the rest of Dovecot
doesn't work this way. 

Michael

Re: Dovecot 2.3-rc1 SMTP submission proxy always gives TLS required error even when already using TLS

[Michael Marley]

On 2017-12-21 16:48, Stephan Bosch wrote:

> Op 12/18/2017 om 9:44 PM schreef Michael Marley: 
> 
>> First of all, I apologize for my accidental empty message earlier.
>> 
>> I just set up the SMTP submission proxy in Dovecot 2.3, but whenever I
>> try to connect to it, it always returns "530 5.7.0 TLS required." for
>> any sort of AUTH or MAIL command.  This occurs even if TLS is being
>> used.  It also occurs regardless of whether I connect with a real
>> client (Thunderbird) or manually with openssl s_client and regardless
>> of whether a loopback connection or a remote connection is used.  Here
>> is the output of "dovecot -n".  Please let me know if I can provide
>> any other data.  Thanks!
> 
> Confirmed. Working on a fix.
> 
> Regards,
> 
> Stephan.

I can confirm that it works correctly in 2.3.0, thanks! 

Michael

Re: Dovecot 2.3-rc Logging Format

[Aki Tuomi]

> On December 21, 2017 at 9:57 AM Thomas Leuxner  wrote:
> 
> 
> Hi,
> 
> the release candidate defaults to a log format with session IDs.
> 
> mail_log_prefix = "%s(%u)<%{pid}><%{session}>: "
> 
> As the LMTP service seems to have the session ID hardcoded, the IDs get 
> duplicated in the logs:
> 
> Dec 21 08:48:03 edi dovecot: lmtp(26573): Connect from local
> Dec 21 08:48:03 edi dovecot: lmtp(t...@leuxner.net)[26573]: 
> : fCVaBjNnO1rNZwAAIROLbg: sieve: 
> msgid=<2323281.OorJHhdMHM@ylum>, time=158ms, status=stored mail into mailbox 
> ':public/Mailing-Lists/Debian-User'
> Dec 21 08:48:03 edi dovecot: lmtp(26573): Disconnect from local: Client has 
> quit the connection (state = READY)
> 
> Regards
> Thomas

Hi! Thank you for your report, we'll look into it.

Aki

Re: Dovecot 2.3-rc1 SMTP submission proxy always gives TLS required error even when already using TLS

[Stephan Bosch]

Op 12/18/2017 om 9:44 PM schreef Michael Marley:
> First of all, I apologize for my accidental empty message earlier.
>
> I just set up the SMTP submission proxy in Dovecot 2.3, but whenever I
> try to connect to it, it always returns "530 5.7.0 TLS required." for
> any sort of AUTH or MAIL command.  This occurs even if TLS is being
> used.  It also occurs regardless of whether I connect with a real
> client (Thunderbird) or manually with openssl s_client and regardless
> of whether a loopback connection or a remote connection is used.  Here
> is the output of "dovecot -n".  Please let me know if I can provide
> any other data.  Thanks!

Confirmed. Working on a fix.

Regards,

Stephan.

Re: dovecot-2.3 (-git) Warning (Was Re: dovecot Digest, Vol 174, Issue 64)

[Aki Tuomi]

On 02.11.2017 02:01, Timo Sirainen wrote:
> On 1 Nov 2017, at 13.51, Reuben Farrelly  wrote:
>>
>> That's the thing.  Those extra ssl_dh lines aren't actually specified in my 
>> conf files, they have been inherited from somewhere - so I can't change them 
>> to be of any particular form because they aren't defined as being that way 
>> in my configuration files.
>>
>> There is only one place where ssl_dh is defined and that's in the global 
>> 10-ssl.conf file.  See here:
>>
>> lightning dovecot # grep ssl_dh *
>> grep: conf.d: Is a directory
>> lightning dovecot # grep ssl_dh */*
>> conf.d/10-ssl.conf:# gives on startup when ssl_dh is unset.
>> conf.d/10-ssl.conf:ssl_dh=> lightning dovecot #
>>
>> The rest of them must be being inherited from that statement above.
>>
>> But back to the original question, if I *remove* the ssl-parameters.dat file 
>> from /var/lib/dovecot/ then without any other configuration changes the 
>> error goes away on reload and from doveconf  output.  Not only that, but if 
>> the ssl-parameters.dat file is removed then those ssl_dh lines per-protocol 
>> in doveconf -n also disappear too.
>>
>> To me that indicates that the mere presence of the ssl-parameters.dat file 
>> is doing something odd with the way the ssl_dh configuration statements are 
>> being handled.  Something buggy with backwards compatibility perhaps?
>>
>> [Also tested with latest 2.3 -git as of today - same result]
> Looks like this is pretty easily reproducible:
>
> a) ok: printf "ssl_dh =  foo; doveconf -n 
> -c foo
>
> b) not ok: printf "ssl_dh =  {\n}\n" > foo; doveconf -n -c foo
> doveconf: Warning: please set ssl_dh=https://github.com/dovecot/core/commit/a70d867d1fe3584149811c65eb6213deb72be824.patch

Aki

Re: dovecot-2.3 (-git) Warning (Was Re: dovecot Digest, Vol 174, Issue 64)

[Timo Sirainen]

On 1 Nov 2017, at 13.51, Reuben Farrelly  wrote:
> 
> 
> That's the thing.  Those extra ssl_dh lines aren't actually specified in my 
> conf files, they have been inherited from somewhere - so I can't change them 
> to be of any particular form because they aren't defined as being that way in 
> my configuration files.
> 
> There is only one place where ssl_dh is defined and that's in the global 
> 10-ssl.conf file.  See here:
> 
> lightning dovecot # grep ssl_dh *
> grep: conf.d: Is a directory
> lightning dovecot # grep ssl_dh */*
> conf.d/10-ssl.conf:# gives on startup when ssl_dh is unset.
> conf.d/10-ssl.conf:ssl_dh= lightning dovecot #
> 
> The rest of them must be being inherited from that statement above.
> 
> But back to the original question, if I *remove* the ssl-parameters.dat file 
> from /var/lib/dovecot/ then without any other configuration changes the error 
> goes away on reload and from doveconf  output.  Not only that, but if the 
> ssl-parameters.dat file is removed then those ssl_dh lines per-protocol in 
> doveconf -n also disappear too.
> 
> To me that indicates that the mere presence of the ssl-parameters.dat file is 
> doing something odd with the way the ssl_dh configuration statements are 
> being handled.  Something buggy with backwards compatibility perhaps?
> 
> [Also tested with latest 2.3 -git as of today - same result]

Looks like this is pretty easily reproducible:

a) ok: printf "ssl_dh =  foo; doveconf -n -c 
foo

b) not ok: printf "ssl_dh =  foo; doveconf -n -c foo
doveconf: Warning: please set ssl_dh=

Re: dovecot-2.3 (-git) Warning (Was Re: dovecot Digest, Vol 174, Issue 64)

[Reuben Farrelly]

Hi again,


On 1/11/2017 12:01 AM, Aki Tuomi wrote:


On 31.10.2017 15:00, Reuben Farrelly wrote:

Hi,

On 30/10/2017 7:22 PM, dovecot-requ...@dovecot.org wrote:

Message: 6
Date: Mon, 30 Oct 2017 10:22:42 +0200
From: Teemu Huovila <teemu.huov...@dovecot.fi>
To: dovecot@dovecot.org
Subject: Re: dovecot-2.3 (-git) Warning and Fatal Compile Error
Message-ID: <7d2c0b5b-019a-067c-c6be-f36571ed9...@dovecot.fi>
Content-Type: text/plain; charset=utf-8



On 30.10.2017 09:10, Aki Tuomi wrote:


On 30.10.2017 00:23, Reuben Farrelly wrote:

Hi Aki,

On 30/10/2017 12:43 AM, Aki Tuomi wrote:

On October 29, 2017 at 1:55 PM Reuben Farrelly
<reuben-dove...@reub.net> wrote:


Hi again,

Chasing down one last problem which seems to have been missed
from my
last email:

On 20/10/2017 9:22 PM, Stephan Bosch wrote:

Op 20-10-2017 om 4:23 schreef Reuben Farrelly:

On 18/10/2017 11:40 PM, Timo Sirainen wrote:

On 18 Oct 2017, at 6.34, Reuben Farrelly
<reuben-dove...@reub.net>
wrote:

This problem below is still present in 2.3 -git, as of version
2.3.devel
(6fc40674e)


Secondly, this ssl_dh messages is always printed from doveconf:

doveconf: Warning: please set ssl_dh= /etc/dovecot/dh.pem

Yet the file is there:

thunderstorm conf.d # ls -la /etc/dovecot/dh.pem
-rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem

And the config is there as well:

thunderstorm dovecot # doveconf -P | grep ssl_dh
ssl_dh =  /etc/dovecot/dh.pem
?? ssl_dh = -BEGIN DH PARAMETERS-
?? ssl_dh = -BEGIN DH PARAMETERS-
?? ssl_dh = -BEGIN DH PARAMETERS-
?? ssl_dh = -BEGIN DH PARAMETERS-
?? ssl_dh = -BEGIN DH PARAMETERS-
?? ssl_dh = -BEGIN DH PARAMETERS-
?? ssl_dh = -BEGIN DH PARAMETERS-
?? ssl_dh = -BEGIN DH PARAMETERS-
thunderstorm dovecot #

It appears that this warning is being triggered by the
presence of
the ssl-parameters.dat file because when I remove it the warning
goes away. Perhaps the warning could be made a bit more specific
about this file being removed if it is not required because at
the
moment the warning message is not related to the trigger.

Thanks,
Reuben

Thanks,
Reuben

It is triggered when there is ssl-parameters.dat file *AND* there is
no ssl_dh=< explicitly set in config file.

Aki

I have this already in my 10-ssl.conf file:

lightning dovecot # /etc/init.d/dovecot reload
doveconf: Warning: please set ssl_dh= /etc/dovecot/dh.pem
?* Reloading dovecot configs and restarting auth/login processes
...? [ ok ]
lightning dovecot #

However:

lightning dovecot # grep ssl_dh conf.d/10-ssl.conf
# gives on startup when ssl_dh is unset.
ssl_dh=
Hi!

I gave this a try, and I was not able to repeat this issue. Perhaps you
are still missing ssl_dh somewhere?

Aki


Hello

Just a guess, but at this point I would recommend reviewing the
output of "doveconf -n" to make sure the appropriate settings are
present.

br,
Teemu

I still can't see anything amiss.  Here's the output from doveconf -n:

# 2.3.devel (65ef8330e): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.devel (f4659224)
# OS: Linux 4.9.56-x86_64-linode87 x86_64 Gentoo Base System release
2.4.1
auth_mechanisms = plain login
auth_socket_path = /var/run/dovecot/auth-userdb
auth_username_format = %Ln
doveadm_password =  # hidden, use -P to show it
first_valid_uid = 1000
imap_client_workarounds = tb-lsub-flags tb-extra-mailbox-sep
last_valid_uid = 1100
login_log_format_elements = user=<%u> auth-method=%m remote=%r
local=%l %k
login_trusted_networks = 192.168.0.0/16
mail_location = maildir:~/Maildir
mail_plugins = stats notify replication fts fts_lucene
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart
extracttext
namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix =
}
passdb {
   args = failure_show_msg=yes %s
   driver = pam
}
plugin {
   fts = lucene
   fts_autoindex = yes
   fts_languages = en
   fts_lucene = whitespace_chars=@.
   mail_replica = tcps:inside-mail.reub.net:4813
   replication_full_sync_interval = 4 hours
   sieve = file:~/sieve;active=~/.dovecot.sieve
   stats_refresh = 30 secs
   stats_track_cmds = yes
}
protocols = imap lmtp sieve
recipient_delimiter = -
service aggregator {
   fifo_listener replication-notify-fifo {
     mode = 0666
     user = root
   }
   unix_listener replication-notify {
     mode = 0666
     user = root
   }
}
service auth {
   unix_listener /var/spool/postfix/private/auth {
     group = postfix
     mode = 0666
     user = 

Re: dovecot-2.3 (-git) Warning (Was Re: dovecot Digest, Vol 174, Issue 64)

[Aki Tuomi]

On 31.10.2017 15:00, Reuben Farrelly wrote:
> Hi,
>
> On 30/10/2017 7:22 PM, dovecot-requ...@dovecot.org wrote:
>> Message: 6
>> Date: Mon, 30 Oct 2017 10:22:42 +0200
>> From: Teemu Huovila <teemu.huov...@dovecot.fi>
>> To: dovecot@dovecot.org
>> Subject: Re: dovecot-2.3 (-git) Warning and Fatal Compile Error
>> Message-ID: <7d2c0b5b-019a-067c-c6be-f36571ed9...@dovecot.fi>
>> Content-Type: text/plain; charset=utf-8
>>
>>
>>
>> On 30.10.2017 09:10, Aki Tuomi wrote:
>>>
>>>
>>> On 30.10.2017 00:23, Reuben Farrelly wrote:
>>>> Hi Aki,
>>>>
>>>> On 30/10/2017 12:43 AM, Aki Tuomi wrote:
>>>>>> On October 29, 2017 at 1:55 PM Reuben Farrelly
>>>>>> <reuben-dove...@reub.net> wrote:
>>>>>>
>>>>>>
>>>>>> Hi again,
>>>>>>
>>>>>> Chasing down one last problem which seems to have been missed
>>>>>> from my
>>>>>> last email:
>>>>>>
>>>>>> On 20/10/2017 9:22 PM, Stephan Bosch wrote:
>>>>>>>
>>>>>>> Op 20-10-2017 om 4:23 schreef Reuben Farrelly:
>>>>>>>> On 18/10/2017 11:40 PM, Timo Sirainen wrote:
>>>>>>>>> On 18 Oct 2017, at 6.34, Reuben Farrelly
>>>>>>>>> <reuben-dove...@reub.net>
>>>>>>>>> wrote:
>>>>>> This problem below is still present in 2.3 -git, as of version
>>>>>> 2.3.devel
>>>>>> (6fc40674e)
>>>>>>
>>>>>>>>> Secondly, this ssl_dh messages is always printed from doveconf:
>>>>>>>>>
>>>>>>>>> doveconf: Warning: please set ssl_dh=>>>>>>>> doveconf: Warning: You can generate it with: dd
>>>>>>>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh
>>>>>>>>> -inform der > /etc/dovecot/dh.pem
>>>>>>>>>
>>>>>>>>> Yet the file is there:
>>>>>>>>>
>>>>>>>>> thunderstorm conf.d # ls -la /etc/dovecot/dh.pem
>>>>>>>>> -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem
>>>>>>>>>
>>>>>>>>> And the config is there as well:
>>>>>>>>>
>>>>>>>>> thunderstorm dovecot # doveconf -P | grep ssl_dh
>>>>>>>>> ssl_dh = >>>>>>>> doveconf: Warning: please set ssl_dh=>>>>>>>> doveconf: Warning: You can generate it with: dd
>>>>>>>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh
>>>>>>>>> -inform der > /etc/dovecot/dh.pem
>>>>>>>>> ?? ssl_dh = -BEGIN DH PARAMETERS-
>>>>>>>>> ?? ssl_dh = -BEGIN DH PARAMETERS-
>>>>>>>>> ?? ssl_dh = -BEGIN DH PARAMETERS-
>>>>>>>>> ?? ssl_dh = -BEGIN DH PARAMETERS-
>>>>>>>>> ?? ssl_dh = -BEGIN DH PARAMETERS-
>>>>>>>>> ?? ssl_dh = -BEGIN DH PARAMETERS-
>>>>>>>>> ?? ssl_dh = -BEGIN DH PARAMETERS-
>>>>>>>>> ?? ssl_dh = -BEGIN DH PARAMETERS-
>>>>>>>>> thunderstorm dovecot #
>>>>>>>>>
>>>>>>>>> It appears that this warning is being triggered by the
>>>>>>>>> presence of
>>>>>>>>> the ssl-parameters.dat file because when I remove it the warning
>>>>>>>>> goes away. Perhaps the warning could be made a bit more specific
>>>>>>>>> about this file being removed if it is not required because at
>>>>>>>>> the
>>>>>>>>> moment the warning message is not related to the trigger.
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Reuben
>>>>>> Thanks,
>>>>>> Reuben
>>>>> It is triggered when there is ssl-parameters.dat file *AND* there is
>>>>> no ssl_dh=< explicitly set in config file.
>>>>>
>>>>> Aki
>>>>
>>>> I have this already in my 10-ssl.conf file:
>>>>
>&

Re: dovecot-2.3 (-git) Warning and Fatal Compile Error

[Teemu Huovila]

On 30.10.2017 09:10, Aki Tuomi wrote:
> 
> 
> On 30.10.2017 00:23, Reuben Farrelly wrote:
>> Hi Aki,
>>
>> On 30/10/2017 12:43 AM, Aki Tuomi wrote:
 On October 29, 2017 at 1:55 PM Reuben Farrelly
  wrote:


 Hi again,

 Chasing down one last problem which seems to have been missed from my
 last email:

 On 20/10/2017 9:22 PM, Stephan Bosch wrote:
>
> Op 20-10-2017 om 4:23 schreef Reuben Farrelly:
>> On 18/10/2017 11:40 PM, Timo Sirainen wrote:
>>> On 18 Oct 2017, at 6.34, Reuben Farrelly 
>>> wrote:
 This problem below is still present in 2.3 -git, as of version
 2.3.devel
 (6fc40674e)

>>> Secondly, this ssl_dh messages is always printed from doveconf:
>>>
>>> doveconf: Warning: please set ssl_dh=>> doveconf: Warning: You can generate it with: dd
>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh
>>> -inform der > /etc/dovecot/dh.pem
>>>
>>> Yet the file is there:
>>>
>>> thunderstorm conf.d # ls -la /etc/dovecot/dh.pem
>>> -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem
>>>
>>> And the config is there as well:
>>>
>>> thunderstorm dovecot # doveconf -P | grep ssl_dh
>>> ssl_dh = >> doveconf: Warning: please set ssl_dh=>> doveconf: Warning: You can generate it with: dd
>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh
>>> -inform der > /etc/dovecot/dh.pem
>>>    ssl_dh = -BEGIN DH PARAMETERS-
>>>    ssl_dh = -BEGIN DH PARAMETERS-
>>>    ssl_dh = -BEGIN DH PARAMETERS-
>>>    ssl_dh = -BEGIN DH PARAMETERS-
>>>    ssl_dh = -BEGIN DH PARAMETERS-
>>>    ssl_dh = -BEGIN DH PARAMETERS-
>>>    ssl_dh = -BEGIN DH PARAMETERS-
>>>    ssl_dh = -BEGIN DH PARAMETERS-
>>> thunderstorm dovecot #
>>>
>>> It appears that this warning is being triggered by the presence of
>>> the ssl-parameters.dat file because when I remove it the warning
>>> goes away. Perhaps the warning could be made a bit more specific
>>> about this file being removed if it is not required because at the
>>> moment the warning message is not related to the trigger.
>>>
>>> Thanks,
>>> Reuben
 Thanks,
 Reuben
>>> It is triggered when there is ssl-parameters.dat file *AND* there is
>>> no ssl_dh=< explicitly set in config file.
>>>
>>> Aki
>>
>> I have this already in my 10-ssl.conf file:
>>
>> lightning dovecot # /etc/init.d/dovecot reload
>> doveconf: Warning: please set ssl_dh=> doveconf: Warning: You can generate it with: dd
>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh
>> -inform der > /etc/dovecot/dh.pem
>>  * Reloading dovecot configs and restarting auth/login processes
>> ...  [ ok ]
>> lightning dovecot #
>>
>> However:
>>
>> lightning dovecot # grep ssl_dh conf.d/10-ssl.conf
>> # gives on startup when ssl_dh is unset.
>> ssl_dh=> lightning dovecot #
>>
>> and the file is there:
>>
>> lightning dovecot # ls -la /etc/dovecot/dh.pem
>> -rw-r--r-- 1 root root 769 Oct 19 19:06 /etc/dovecot/dh.pem
>> lightning dovecot #
>>
>> So it is actually configured and yet the warning still is present.
>>
>> Reuben
> 
> Hi!
> 
> I gave this a try, and I was not able to repeat this issue. Perhaps you
> are still missing ssl_dh somewhere?
> 
> Aki
> 
Hello

Just a guess, but at this point I would recommend reviewing the output of 
"doveconf -n" to make sure the appropriate settings are present.

br,
Teemu

Re: dovecot-2.3 (-git) Warning and Fatal Compile Error

[Aki Tuomi]

On 30.10.2017 00:23, Reuben Farrelly wrote:
> Hi Aki,
>
> On 30/10/2017 12:43 AM, Aki Tuomi wrote:
>>> On October 29, 2017 at 1:55 PM Reuben Farrelly
>>>  wrote:
>>>
>>>
>>> Hi again,
>>>
>>> Chasing down one last problem which seems to have been missed from my
>>> last email:
>>>
>>> On 20/10/2017 9:22 PM, Stephan Bosch wrote:

 Op 20-10-2017 om 4:23 schreef Reuben Farrelly:
> On 18/10/2017 11:40 PM, Timo Sirainen wrote:
>> On 18 Oct 2017, at 6.34, Reuben Farrelly 
>> wrote:
>>> This problem below is still present in 2.3 -git, as of version
>>> 2.3.devel
>>> (6fc40674e)
>>>
>> Secondly, this ssl_dh messages is always printed from doveconf:
>>
>> doveconf: Warning: please set ssl_dh=> doveconf: Warning: You can generate it with: dd
>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh
>> -inform der > /etc/dovecot/dh.pem
>>
>> Yet the file is there:
>>
>> thunderstorm conf.d # ls -la /etc/dovecot/dh.pem
>> -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem
>>
>> And the config is there as well:
>>
>> thunderstorm dovecot # doveconf -P | grep ssl_dh
>> ssl_dh = > doveconf: Warning: please set ssl_dh=> doveconf: Warning: You can generate it with: dd
>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh
>> -inform der > /etc/dovecot/dh.pem
>>    ssl_dh = -BEGIN DH PARAMETERS-
>>    ssl_dh = -BEGIN DH PARAMETERS-
>>    ssl_dh = -BEGIN DH PARAMETERS-
>>    ssl_dh = -BEGIN DH PARAMETERS-
>>    ssl_dh = -BEGIN DH PARAMETERS-
>>    ssl_dh = -BEGIN DH PARAMETERS-
>>    ssl_dh = -BEGIN DH PARAMETERS-
>>    ssl_dh = -BEGIN DH PARAMETERS-
>> thunderstorm dovecot #
>>
>> It appears that this warning is being triggered by the presence of
>> the ssl-parameters.dat file because when I remove it the warning
>> goes away. Perhaps the warning could be made a bit more specific
>> about this file being removed if it is not required because at the
>> moment the warning message is not related to the trigger.
>>
>> Thanks,
>> Reuben
>>> Thanks,
>>> Reuben
>> It is triggered when there is ssl-parameters.dat file *AND* there is
>> no ssl_dh=< explicitly set in config file.
>>
>> Aki
>
> I have this already in my 10-ssl.conf file:
>
> lightning dovecot # /etc/init.d/dovecot reload
> doveconf: Warning: please set ssl_dh= doveconf: Warning: You can generate it with: dd
> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh
> -inform der > /etc/dovecot/dh.pem
>  * Reloading dovecot configs and restarting auth/login processes
> ...  [ ok ]
> lightning dovecot #
>
> However:
>
> lightning dovecot # grep ssl_dh conf.d/10-ssl.conf
> # gives on startup when ssl_dh is unset.
> ssl_dh= lightning dovecot #
>
> and the file is there:
>
> lightning dovecot # ls -la /etc/dovecot/dh.pem
> -rw-r--r-- 1 root root 769 Oct 19 19:06 /etc/dovecot/dh.pem
> lightning dovecot #
>
> So it is actually configured and yet the warning still is present.
>
> Reuben

Hi!

I gave this a try, and I was not able to repeat this issue. Perhaps you
are still missing ssl_dh somewhere?

Aki

Re: dovecot-2.3 (-git) Warning and Fatal Compile Error

[Reuben Farrelly]

Hi Aki,

On 30/10/2017 12:43 AM, Aki Tuomi wrote:

On October 29, 2017 at 1:55 PM Reuben Farrelly  wrote:


Hi again,

Chasing down one last problem which seems to have been missed from my
last email:

On 20/10/2017 9:22 PM, Stephan Bosch wrote:


Op 20-10-2017 om 4:23 schreef Reuben Farrelly:

On 18/10/2017 11:40 PM, Timo Sirainen wrote:

On 18 Oct 2017, at 6.34, Reuben Farrelly 
wrote:

This problem below is still present in 2.3 -git, as of version 2.3.devel
(6fc40674e)


Secondly, this ssl_dh messages is always printed from doveconf:

doveconf: Warning: please set ssl_dh= /etc/dovecot/dh.pem

Yet the file is there:

thunderstorm conf.d # ls -la /etc/dovecot/dh.pem
-rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem

And the config is there as well:

thunderstorm dovecot # doveconf -P | grep ssl_dh
ssl_dh =  /etc/dovecot/dh.pem
   ssl_dh = -BEGIN DH PARAMETERS-
   ssl_dh = -BEGIN DH PARAMETERS-
   ssl_dh = -BEGIN DH PARAMETERS-
   ssl_dh = -BEGIN DH PARAMETERS-
   ssl_dh = -BEGIN DH PARAMETERS-
   ssl_dh = -BEGIN DH PARAMETERS-
   ssl_dh = -BEGIN DH PARAMETERS-
   ssl_dh = -BEGIN DH PARAMETERS-
thunderstorm dovecot #

It appears that this warning is being triggered by the presence of
the ssl-parameters.dat file because when I remove it the warning
goes away. Perhaps the warning could be made a bit more specific
about this file being removed if it is not required because at the
moment the warning message is not related to the trigger.

Thanks,
Reuben

Thanks,
Reuben

It is triggered when there is ssl-parameters.dat file *AND* there is no 
ssl_dh=< explicitly set in config file.

Aki


I have this already in my 10-ssl.conf file:

lightning dovecot # /etc/init.d/dovecot reload
doveconf: Warning: please set ssl_dh=doveconf: Warning: You can generate it with: dd 
if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform 
der > /etc/dovecot/dh.pem
 * Reloading dovecot configs and restarting auth/login processes 
...  [ ok ]

lightning dovecot #

However:

lightning dovecot # grep ssl_dh conf.d/10-ssl.conf
# gives on startup when ssl_dh is unset.
ssl_dh=

Re: dovecot-2.3 (-git) Warning and Fatal Compile Error

[Aki Tuomi]

> On October 29, 2017 at 1:55 PM Reuben Farrelly  
> wrote:
> 
> 
> Hi again,
> 
> Chasing down one last problem which seems to have been missed from my 
> last email:
> 
> On 20/10/2017 9:22 PM, Stephan Bosch wrote:
> >
> >
> > Op 20-10-2017 om 4:23 schreef Reuben Farrelly:
> >> On 18/10/2017 11:40 PM, Timo Sirainen wrote:
> >>> On 18 Oct 2017, at 6.34, Reuben Farrelly  
> >>> wrote:
> 
> This problem below is still present in 2.3 -git, as of version 2.3.devel 
> (6fc40674e)
> 
> >>> Secondly, this ssl_dh messages is always printed from doveconf:
> >>>
> >>> doveconf: Warning: please set ssl_dh= >>> doveconf: Warning: You can generate it with: dd 
> >>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh 
> >>> -inform der > /etc/dovecot/dh.pem
> >>>
> >>> Yet the file is there:
> >>>
> >>> thunderstorm conf.d # ls -la /etc/dovecot/dh.pem
> >>> -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem
> >>>
> >>> And the config is there as well:
> >>>
> >>> thunderstorm dovecot # doveconf -P | grep ssl_dh
> >>> ssl_dh =  >>> doveconf: Warning: please set ssl_dh= >>> doveconf: Warning: You can generate it with: dd 
> >>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh 
> >>> -inform der > /etc/dovecot/dh.pem
> >>>   ssl_dh = -BEGIN DH PARAMETERS-
> >>>   ssl_dh = -BEGIN DH PARAMETERS-
> >>>   ssl_dh = -BEGIN DH PARAMETERS-
> >>>   ssl_dh = -BEGIN DH PARAMETERS-
> >>>   ssl_dh = -BEGIN DH PARAMETERS-
> >>>   ssl_dh = -BEGIN DH PARAMETERS-
> >>>   ssl_dh = -BEGIN DH PARAMETERS-
> >>>   ssl_dh = -BEGIN DH PARAMETERS-
> >>> thunderstorm dovecot #
> >>>
> >>> It appears that this warning is being triggered by the presence of 
> >>> the ssl-parameters.dat file because when I remove it the warning 
> >>> goes away. Perhaps the warning could be made a bit more specific 
> >>> about this file being removed if it is not required because at the 
> >>> moment the warning message is not related to the trigger.
> >>>
> >>> Thanks,
> >>> Reuben
> >
> 
> Thanks,
> Reuben

It is triggered when there is ssl-parameters.dat file *AND* there is no 
ssl_dh=< explicitly set in config file.

Aki

Re: dovecot-2.3 (-git) Warning and Fatal Compile Error

[Reuben Farrelly]

Hi again,

Chasing down one last problem which seems to have been missed from my 
last email:


On 20/10/2017 9:22 PM, Stephan Bosch wrote:



Op 20-10-2017 om 4:23 schreef Reuben Farrelly:

On 18/10/2017 11:40 PM, Timo Sirainen wrote:
On 18 Oct 2017, at 6.34, Reuben Farrelly  
wrote:


This problem below is still present in 2.3 -git, as of version 2.3.devel 
(6fc40674e)



Secondly, this ssl_dh messages is always printed from doveconf:

doveconf: Warning: please set ssl_dh=doveconf: Warning: You can generate it with: dd 
if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh 
-inform der > /etc/dovecot/dh.pem


Yet the file is there:

thunderstorm conf.d # ls -la /etc/dovecot/dh.pem
-rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem

And the config is there as well:

thunderstorm dovecot # doveconf -P | grep ssl_dh
ssl_dh = doveconf: Warning: You can generate it with: dd 
if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh 
-inform der > /etc/dovecot/dh.pem

  ssl_dh = -BEGIN DH PARAMETERS-
  ssl_dh = -BEGIN DH PARAMETERS-
  ssl_dh = -BEGIN DH PARAMETERS-
  ssl_dh = -BEGIN DH PARAMETERS-
  ssl_dh = -BEGIN DH PARAMETERS-
  ssl_dh = -BEGIN DH PARAMETERS-
  ssl_dh = -BEGIN DH PARAMETERS-
  ssl_dh = -BEGIN DH PARAMETERS-
thunderstorm dovecot #

It appears that this warning is being triggered by the presence of 
the ssl-parameters.dat file because when I remove it the warning 
goes away. Perhaps the warning could be made a bit more specific 
about this file being removed if it is not required because at the 
moment the warning message is not related to the trigger.


Thanks,
Reuben




Thanks,
Reuben

Re: dovecot-2.3 (-git) Warning and Fatal Compile Error

[Stephan Bosch]

Op 10/20/2017 om 12:22 PM schreef Stephan Bosch:
>
>
> Op 20-10-2017 om 4:23 schreef Reuben Farrelly:
>> On 18/10/2017 11:40 PM, Timo Sirainen wrote:
>>> On 18 Oct 2017, at 6.34, Reuben Farrelly 
>>> wrote:

 I haven't been tracking dovecot-2.3 until now, but I've just given
 it a quick run, and there are a few things that may need some
 attention.

 /usr/include/features.h:376:4: warning: #warning _FORTIFY_SOURCE
 requires compiling with optimization (-O) [-Wcpp]
 #  warning _FORTIFY_SOURCE requires compiling with optimization (-O)
>>>
>>> Don't use -O0 or use configure --disable-hardening or just ignore it.
>>>
 The build then fails entirely with this:

 DMODULEDIR=\""/usr/lib64/dovecot"\"   -O0 -g -pipe -march=native
 -mtune=native -ggdb -c -o realpath.lo realpath.c
 edit-mail.c: In function ‘edit_mail_wrap’:
 edit-mail.c:235:14: error: too few arguments to function
 ‘mailbox_transaction_begin’
   raw_trans = mailbox_transaction_begin(raw_box, 0);
>>>
>>> I don't think your pigeonhole is from git master.
>>
>> Thanks.  That was it...
>>
>> Now onto 2.3 -git, there is a repeatable crash occurring in lmtp. In
>> fact it looks like there could be more than one problem, because even
>> invoking lmtp (with gdb) and no arguments results in a gdb error
>> about an unaddressable byte.
>>
>> However when lmtp is used normally within dovecot it crashes out on a
>> few but not all mails.
>
> I see what that smtp-submit problem is already. Will push fix later
> today.
>

Fix is merged:
https://github.com/dovecot/core/commit/9dd47ae5c1f0c20f1994a7ec1a862fe8beef8913

Regards,

Stephan.

Re: dovecot-2.3 (-git) Warning and Fatal Compile Error

[Stephan Bosch]

Op 20-10-2017 om 4:23 schreef Reuben Farrelly:

On 18/10/2017 11:40 PM, Timo Sirainen wrote:
On 18 Oct 2017, at 6.34, Reuben Farrelly  
wrote:


I haven't been tracking dovecot-2.3 until now, but I've just given 
it a quick run, and there are a few things that may need some 
attention.


/usr/include/features.h:376:4: warning: #warning _FORTIFY_SOURCE 
requires compiling with optimization (-O) [-Wcpp]

#  warning _FORTIFY_SOURCE requires compiling with optimization (-O)


Don't use -O0 or use configure --disable-hardening or just ignore it.


The build then fails entirely with this:

DMODULEDIR=\""/usr/lib64/dovecot"\"   -O0 -g -pipe -march=native 
-mtune=native -ggdb -c -o realpath.lo realpath.c

edit-mail.c: In function ‘edit_mail_wrap’:
edit-mail.c:235:14: error: too few arguments to function 
‘mailbox_transaction_begin’

  raw_trans = mailbox_transaction_begin(raw_box, 0);


I don't think your pigeonhole is from git master.


Thanks.  That was it...

Now onto 2.3 -git, there is a repeatable crash occurring in lmtp. In 
fact it looks like there could be more than one problem, because even 
invoking lmtp (with gdb) and no arguments results in a gdb error about 
an unaddressable byte.


However when lmtp is used normally within dovecot it crashes out on a 
few but not all mails.


I see what that smtp-submit problem is already. Will push fix later today.

We're not sure that epoll_pwait() issue is an actual problem or valgrind 
being confused.


Regards,

Stephan.



The full gdb output looks like this:

Oct 20 12:59:21 thunderstorm.reub.net dovecot: master: Dovecot 
v2.3.devel (c398eca6b) starting up for imap, lmtp, sieve
Oct 20 12:59:30 thunderstorm.reub.net postfix/qmgr[5057]: 9A25122B50: 
from=, size=18515, nrcpt=1 (queue active)
Oct 20 12:59:30 thunderstorm.reub.net postfix/qmgr[5057]: 32D0722B4B: 
from=, size=27030, nrcpt=1 (queue active)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
Syscall param epoll_pwait(sigmask) points to unaddressable byte(s)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
at 0x58A7705: epoll_pwait (epoll_pwait.c:42)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0x5504697: io_loop_handler_run_internal (ioloop-epoll.c:182)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0x5501C4F: io_loop_handler_run (ioloop.c:666)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0x5501B2E: io_loop_run (ioloop.c:639)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0x5449F05: master_service_run (master-service.c:733)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0x10D8E8: main (main.c:139)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
Address 0x0 is not stack'd, malloc'd or (recently) free'd

Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006==
Oct 20 12:59:32 thunderstorm.reub.net dovecot: lmtp(28006): Connect 
from local
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
Syscall param epoll_pwait(sigmask) points to unaddressable byte(s)
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
at 0x58A7705: epoll_pwait (epoll_pwait.c:42)
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
by 0x5504697: io_loop_handler_run_internal (ioloop-epoll.c:182)
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
by 0x5501C4F: io_loop_handler_run (ioloop.c:666)
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
by 0x5501B2E: io_loop_run (ioloop.c:639)
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
by 0x5449F05: master_service_run (master-service.c:733)
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
by 0x10D8E8: main (main.c:139)
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
Address 0x0 is not stack'd, malloc'd or (recently) free'd

Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009==
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp(28009): Connect 
from local
Oct 20 12:59:34 thunderstorm.reub.net dovecot: 
lmtp(liam)<28006>: aFFxDIRY6VlmbQAAzkCIew: 
sieve: msgid=<001a114bd6f6d2fc86055be25...@google.com>: stored mail 
into mailbox 'INBOX'
Oct 20 12:59:34 thunderstorm.reub.net dovecot: 
indexer-worker(liam)<28026>: 
Indexed 1 messages in INBOX (UIDs 634..634)
Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
Invalid read of size 8
Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
at 0x543AECB: smtp_submit_session_init (smtp-submit.c:61)
Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0x543B05B: smtp_submit_init_simple (smtp-submit.c:100)
Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0xAA8BC4B: lda_sieve_smtp_start 

Re: dovecot-2.3 (-git) Warning and Fatal Compile Error

[Reuben Farrelly]

On 18/10/2017 11:40 PM, Timo Sirainen wrote:

On 18 Oct 2017, at 6.34, Reuben Farrelly  wrote:


I haven't been tracking dovecot-2.3 until now, but I've just given it a quick 
run, and there are a few things that may need some attention.

/usr/include/features.h:376:4: warning: #warning _FORTIFY_SOURCE requires 
compiling with optimization (-O) [-Wcpp]
#  warning _FORTIFY_SOURCE requires compiling with optimization (-O)


Don't use -O0 or use configure --disable-hardening or just ignore it.


The build then fails entirely with this:

DMODULEDIR=\""/usr/lib64/dovecot"\"   -O0 -g -pipe -march=native -mtune=native 
-ggdb -c -o realpath.lo realpath.c
edit-mail.c: In function ‘edit_mail_wrap’:
edit-mail.c:235:14: error: too few arguments to function 
‘mailbox_transaction_begin’
  raw_trans = mailbox_transaction_begin(raw_box, 0);


I don't think your pigeonhole is from git master.


Thanks.  That was it...

Now onto 2.3 -git, there is a repeatable crash occurring in lmtp.  In 
fact it looks like there could be more than one problem, because even 
invoking lmtp (with gdb) and no arguments results in a gdb error about 
an unaddressable byte.


However when lmtp is used normally within dovecot it crashes out on a 
few but not all mails.


The full gdb output looks like this:

Oct 20 12:59:21 thunderstorm.reub.net dovecot: master: Dovecot 
v2.3.devel (c398eca6b) starting up for imap, lmtp, sieve
Oct 20 12:59:30 thunderstorm.reub.net postfix/qmgr[5057]: 9A25122B50: 
from=, size=18515, nrcpt=1 (queue active)
Oct 20 12:59:30 thunderstorm.reub.net postfix/qmgr[5057]: 32D0722B4B: 
from=, size=27030, nrcpt=1 (queue active)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
Syscall param epoll_pwait(sigmask) points to unaddressable byte(s)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
at 0x58A7705: epoll_pwait (epoll_pwait.c:42)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0x5504697: io_loop_handler_run_internal (ioloop-epoll.c:182)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0x5501C4F: io_loop_handler_run (ioloop.c:666)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0x5501B2E: io_loop_run (ioloop.c:639)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0x5449F05: master_service_run (master-service.c:733)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0x10D8E8: main (main.c:139)
Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
Address 0x0 is not stack'd, malloc'd or (recently) free'd

Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006==
Oct 20 12:59:32 thunderstorm.reub.net dovecot: lmtp(28006): Connect from 
local
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
Syscall param epoll_pwait(sigmask) points to unaddressable byte(s)
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
at 0x58A7705: epoll_pwait (epoll_pwait.c:42)
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
by 0x5504697: io_loop_handler_run_internal (ioloop-epoll.c:182)
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
by 0x5501C4F: io_loop_handler_run (ioloop.c:666)
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
by 0x5501B2E: io_loop_run (ioloop.c:639)
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
by 0x5449F05: master_service_run (master-service.c:733)
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
by 0x10D8E8: main (main.c:139)
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== 
Address 0x0 is not stack'd, malloc'd or (recently) free'd

Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009==
Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp(28009): Connect from 
local
Oct 20 12:59:34 thunderstorm.reub.net dovecot: 
lmtp(liam)<28006>: aFFxDIRY6VlmbQAAzkCIew: 
sieve: msgid=<001a114bd6f6d2fc86055be25...@google.com>: stored mail into 
mailbox 'INBOX'
Oct 20 12:59:34 thunderstorm.reub.net dovecot: 
indexer-worker(liam)<28026>: 
Indexed 1 messages in INBOX (UIDs 634..634)
Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
Invalid read of size 8
Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
at 0x543AECB: smtp_submit_session_init (smtp-submit.c:61)
Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0x543B05B: smtp_submit_init_simple (smtp-submit.c:100)
Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0xAA8BC4B: lda_sieve_smtp_start (lda-sieve-plugin.c:77)
Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0xACBF4C0: sieve_smtp_start (sieve-smtp.c:31)
Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== 
by 0xACBF679: 

Re: dovecot-2.3 (-git) Warning and Fatal Compile Error

[Timo Sirainen]

On 18 Oct 2017, at 6.34, Reuben Farrelly  wrote:
> 
> I haven't been tracking dovecot-2.3 until now, but I've just given it a quick 
> run, and there are a few things that may need some attention.
> 
> /usr/include/features.h:376:4: warning: #warning _FORTIFY_SOURCE requires 
> compiling with optimization (-O) [-Wcpp]
> #  warning _FORTIFY_SOURCE requires compiling with optimization (-O)

Don't use -O0 or use configure --disable-hardening or just ignore it.

> The build then fails entirely with this:
> 
> DMODULEDIR=\""/usr/lib64/dovecot"\"   -O0 -g -pipe -march=native 
> -mtune=native -ggdb -c -o realpath.lo realpath.c
> edit-mail.c: In function ‘edit_mail_wrap’:
> edit-mail.c:235:14: error: too few arguments to function 
> ‘mailbox_transaction_begin’
>  raw_trans = mailbox_transaction_begin(raw_box, 0);

I don't think your pigeonhole is from git master.

Re: Dovecot 2.3 ?

[Reuben Farrelly]

Whoops.   I meant from -git.

Reuben


On 24/04/2017 7:54 PM, Aki Tuomi wrote:



On 24.04.2017 12:30, Ralf Hildebrandt wrote:

* Reuben Farrelly :

Hi,

Is anyone here running dovecot-2.3 from hg?

I'm using the daily builds on a low traffic machine. It's proxying
traffic to a Exchange IMAP server.



Please do not run it from hg, as we no longer provide hg repository.

Aki

Re: Dovecot 2.3 ?

[Ralf Hildebrandt]

* Aki Tuomi :

> > I'm using the daily builds on a low traffic machine. It's proxying
> > traffic to a Exchange IMAP server.
> >
> 
> Please do not run it from hg, as we no longer provide hg repository.

What I meant to say: I use the daily builds. Fair enough :)

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | https://www.charite.de

Re: Dovecot 2.3 ?

[Aki Tuomi]

On 24.04.2017 12:30, Ralf Hildebrandt wrote:
> * Reuben Farrelly :
>> Hi,
>>
>> Is anyone here running dovecot-2.3 from hg?
> I'm using the daily builds on a low traffic machine. It's proxying
> traffic to a Exchange IMAP server.
>

Please do not run it from hg, as we no longer provide hg repository.

Aki

Re: Dovecot 2.3 ?

[Ralf Hildebrandt]

* Reuben Farrelly :
> Hi,
> 
> Is anyone here running dovecot-2.3 from hg?

I'm using the daily builds on a low traffic machine. It's proxying
traffic to a Exchange IMAP server.

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | https://www.charite.de