[Dovecot] How to upgrade a running Dovecot?

Jerry Yeager jerry at scene-naturally.dyndns.org
Fri Oct 5 20:19:29 EEST 2007 

On Oct 5, 2007, at 12:41 PM, dovecot-request at dovecot.org wrote:

>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 5 Oct 2007 10:25:49 +0100
> From: Mike Brudenell <pmb1 at york.ac.uk>
> Subject: Re: [Dovecot] How to upgrade a running Dovecot?
> To: Dovecot Mailing List <dovecot at dovecot.org>
> Message-ID: <B9A4EC9A-82C0-4250-BC98-606695775041 at york.ac.uk>
> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
>
> Hi, Jerry/et al -
>

Hello Mike,


(stuff chomped out)

>
>>> Scenario 2:  Altered SSL Certificates
>>> =====================================
>>> I need to replace our current certificates and have prepared new
>>> files containing the replacement certificate and private key.  Am I
>>> right in thinking that I can simply modify dovecot.conf to point at
>>> the new files and send a HUP signal to dovecot?  Specifically, will
>>> new connections use the revised certificates, and existing
>>> connections continue to work OK without interruption?
>>
>> Ehh not really, the auth child processes can be killed and new ones
>> started. See your next scenario question.
>
> ...So here you're saying that although the "dovecot" master process
> re-reads the configuration file, it doing so has no effect on the
> existing authenticator child processes?  And is it these processes
> that are dealing with the SSL connection? ... I'd have thought it was
> either the "imap-login" or "imap" processes?
>

Just to be clear about this for myself, (instead of relying on the  
'ol saying 'that is how it used to work' -- because I am switching  
over to 1.1 from 1.0.n your question takes on new relevance for me as  
well)
I tested this and yes it works as before, the new files seem to be  
used for the new connections (all of the dovecot auth processes are  
killed on the HUP signal -- dovecot itself just rereads the conf file  
and new auth listeners are started -- assuming that you use Dovecot  
for the auth mechanism to Postfix) and existing connections seem to  
handle things okay.


I did find something new (or I have not noticed it before)

If you kill (not just restart) the Dovecot process itself and restart  
it with existing connections (someone was connected to IMAPS when you  
killed Dovecot) Dovecot will not restart, complaining that port 993  
is taken already. This happens regardless of the shutdown_clients =  
yes/no setting. This may be particular to the new version 1.1, I do  
not know.

> 		Jerry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2447 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20071005/91be8d15/attachment.bin

More information about the dovecot mailing list