2.3.17 broken on CentOS8 / bug
Robert Nowotny
rnowotny at rotek.at
Sat Oct 30 13:59:56 EEST 2021
the reason is :
ssl_ca = </etc/ssl/certs/ca-bundle.crt
if "ca-bundle.crt" is too big, You will get that error.
this should be fixed, but as a workaround You might pull out the
certificates You need.
I personally wait for the patch and stay at 2.3.16 for the time beeing.
yours sincerely
Robert
Am 30.10.2021 um 10:34 schrieb TG Servers:
> Hello,
>
> tonight my dovecot upgraded to 2.3.17 and completely broke on recent
> CentOS 8 installation.
>
> I found the service in status
>
> [root at riot ~]# systemctl status dovecot
> ● dovecot.service - Dovecot IMAP/POP3 email server
> Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled;
> vendor preset: disabled)
> Active: failed (Result: exit-code) since Sat 2021-10-30 09:59:11
> CEST; 58s ago
> Docs: man:dovecot(1)
> https://doc.dovecot.org/
> Process: 1515 ExecStart=/usr/sbin/dovecot -F (code=exited, status=89)
> Process: 1429 ExecStartPre=/usr/libexec/dovecot/prestartscript
> (code=exited, status=0/SUCCESS)
> Main PID: 1515 (code=exited, status=89)
>
> Oct 30 09:59:10 riot.<domain>.com systemd[1]: Starting Dovecot
> IMAP/POP3 email server...
> Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal:
> execvp(/usr/libexec/dovecot/managesieve) failed: Argument list too long
> Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Error:
> managesieve-login: dump-capability process returned 89
> Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal:
> execvp(/usr/sbin/dovecot) failed: Argument list too long
> Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Main
> process exited, code=exited, status=89/n/a
> Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Failed
> with result 'exit-code'.
> Oct 30 09:59:11 riot.<domain>.com systemd[1]: Failed to start Dovecot
> IMAP/POP3 email server.
>
> This seems to be like a bug as no configuration was changed by me in
> the middle of the night.
> I recall there were similar errors/bug reports in the past were it
> seemed it was managesieve but wasn't, people had some
> misconfigurations in the dovecot.conf. I did not change my
> dovecot.conf since April.
> But maybe here it is a pigeonhole issue.
>
> As I did not find any reason for it I changed the repo and downgraded
> to 2.3.16-2 now and it runs without any flaws, like all the time
> before. I had no time to investigate this any longer thand 2 hours
> with 2.3.17 installed as this is a production server and I need the
> email access. I also did not find anything adressable in the logs.
>
> [root at riot dovecot]# systemctl status dovecot
> ● dovecot.service - Dovecot IMAP/POP3 email server
> Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled;
> vendor preset: disabled)
> Active: active (running) since Sat 2021-10-30 10:18:11 CEST; 2s ago
> Docs: man:dovecot(1)
> https://doc.dovecot.org/
> Process: 32398 ExecStartPre=/usr/libexec/dovecot/prestartscript
> (code=exited, status=0/SUCCESS)
> Main PID: 32452 (dovecot)
> Status: "v2.3.16 (7e2e900c1a) running"
> Tasks: 4 (limit: 99912)
> Memory: 4.4M
> CGroup: /system.slice/dovecot.service
> ├─32452 /usr/sbin/dovecot -F
> ├─32507 dovecot/anvil
> ├─32508 dovecot/log
> └─32513 dovecot/config
>
> Oct 30 10:18:11 riot.<domain>.com systemd[1]: Starting Dovecot
> IMAP/POP3 email server...
> Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: Warning: Corrected
> permissions for login directory /var/run/dovecot/token-login
> Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Warning:
> Corrected permissions for login directory /var/run/dovecot/token-login
> Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Dovecot
> v2.3.16 (7e2e900c1a) starting up for imap, lmtp, sieve
> Oct 30 10:18:11 riot.<domain>.com systemd[1]: Started Dovecot
> IMAP/POP3 email server.
>
>
> This is the configuration
> # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.16 (09c29328)
> # OS: Linux 4.18.0-305.19.1.el8_4.x86_64 x86_64 AlmaLinux release 8.4
> (Electric Cheetah)
> # Hostname: riot.<domain>.com
> auth_mechanisms = plain login
> auth_verbose = yes
> listen = *
> mail_gid = vmail
> mail_home = /var/vmail/mailboxes/%d/%n
> mail_location = maildir:~/mail:LAYOUT=fs
> mail_plugins = " quota fts fts_solr"
> mail_privileged_group = vmail
> mail_uid = vmail
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date index ihave duplicate mime foreverypart
> extracttext imapsieve vnd.dovecot.imapsieve
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> auto = subscribe
> special_use = \Drafts
> }
> mailbox Sent {
> auto = subscribe
> special_use = \Sent
> }
> mailbox Spam {
> auto = subscribe
> special_use = \Junk
> }
> mailbox Trash {
> auto = subscribe
> special_use = \Trash
> }
> prefix =
> separator = .
> type = private
> }
> passdb {
> args = /etc/dovecot/dovecot-sql.conf
> driver = sql
> }
> plugin {
> fts = solr
> fts_autoindex = yes
> fts_solr = url=http://localhost:<solr_port>/solr/dovecot/
> imapsieve_mailbox1_before =
> file:/var/vmail/sieve/global/learn-spam.sieve
> imapsieve_mailbox1_causes = COPY
> imapsieve_mailbox1_name = Spam
> imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve
> imapsieve_mailbox2_causes = COPY
> imapsieve_mailbox2_from = Spam
> imapsieve_mailbox2_name = *
> quota = maildir:User quota
> quota_exceeded_message = User %u is over the storage quota
> sieve =
> file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve
> sieve_before = /var/vmail/sieve/global/spam-global.sieve
> sieve_global_extensions = +vnd.dovecot.pipe
> sieve_pipe_bin_dir = /usr/bin
> sieve_plugins = sieve_imapsieve sieve_extprograms
> }
> protocols = imap lmtp sieve
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0660
> user = postfix
> }
> unix_listener auth-userdb {
> group = vmail
> mode = 0660
> user = vmail
> }
> }
> service imap-login {
> inet_listener imap {
> port = 0
> }
> inet_listener imaps {
> port = 993
> }
> }
> service lmtp {
> unix_listener /var/spool/postfix/private/dovecot-lmtp {
> group = postfix
> mode = 0660
> user = postfix
> }
> user = vmail
> }
> service managesieve-login {
> inet_listener sieve {
> port = 4190
> }
> }
> ssl = required
> ssl_ca = </etc/ssl/certs/ca-bundle.crt
> ssl_cert = </etc/ssl/certs/<domain>.com_chain.crt
> ssl_cipher_list =
> TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:EECDH+AESGCM:EDH+AESGCM:@SECLEVEL=2
> ssl_client_ca_dir = /etc/ssl/certs
> ssl_client_ca_file = /etc/ssl/certs/ca-bundle.crt
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> ssl_prefer_server_ciphers = yes
> userdb {
> args = /etc/dovecot/dovecot-sql.conf
> driver = sql
> }
> protocol imap {
> imap_idle_notify_interval = 24 mins
> mail_max_userip_connections = 20
> mail_plugins = " quota fts fts_solr imap_quota imap_sieve"
> }
> protocol lmtp {
> mail_plugins = " quota fts fts_solr sieve"
> postmaster_address = postmaster@<domain>.com
> }
> local_name mail.<domain_3>.com {
> ssl_cert = </etc/ssl/certs/<domain_3>.com_chain.crt
> ssl_key = # hidden, use -P to show it
> }
> local_name mail.<domain_2>.net {
> ssl_cert = </etc/ssl/certs/<domain_2>.net_chain.crt
> ssl_key = # hidden, use -P to show it
> }
> local_name mail.<domain>.com {
> ssl_cert = </etc/ssl/certs/<domain>.com_chain.crt
> ssl_key = # hidden, use -P to show it
> }
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20211030/727c7929/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4486 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20211030/727c7929/attachment-0001.p7s>
More information about the dovecot
mailing list