Thanks for your reply William.

But the only thing I found in the meanwhile about this issue is that when the ca-bundles files is too "big" it does not work anymore. And if this file is shortened to one entry it will work, someone seems to have tested this.
This is no fix, it is a bug that has to be fixed by dovecot from my pov.
The ca-bundles file is used by countless applications without any issues, it is used by 2.3.16 without any issues. There should be no special treatment for a single application necessary.



On 30/10/2021 11:35, William Edwards wrote:

Op 30 okt. 2021 om 10:35 heeft TG Servers <srvrs@prvtmail.net> het volgende geschreven:

 Hello,

tonight my dovecot upgraded to 2.3.17 and completely broke on recent CentOS 8 installation.

I found the service in status

[root@riot ~]# systemctl status dovecot
● dovecot.service - Dovecot IMAP/POP3 email server
   Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sat 2021-10-30 09:59:11 CEST; 58s ago
     Docs: man:dovecot(1)
           https://doc.dovecot.org/
  Process: 1515 ExecStart=/usr/sbin/dovecot -F (code=exited, status=89)
  Process: 1429 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS)
 Main PID: 1515 (code=exited, status=89)

Oct 30 09:59:10 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server...
Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/libexec/dovecot/managesieve) failed: Argument list too long
Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Error: managesieve-login: dump-capability process returned 89
Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/sbin/dovecot) failed: Argument list too long
Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a
Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Failed with result 'exit-code'.
Oct 30 09:59:11 riot.<domain>.com systemd[1]: Failed to start Dovecot IMAP/POP3 email server.

Please check the archive. If I’m not mistaken, the same issue + possible solution was posted on the mailing list yesterday.


This seems to be like a bug as no configuration was changed by me in the middle of the night.
I recall there were similar errors/bug reports in the past were it seemed it was managesieve but wasn't, people had some misconfigurations in the dovecot.conf. I did not change my dovecot.conf since April.
But maybe here it is a pigeonhole issue.

As I did not find any reason for it I changed the repo and downgraded to 2.3.16-2 now and it runs without any flaws, like all the time before. I had no time to investigate this any longer thand 2 hours with 2.3.17 installed as this is a production server and I need the email access. I also did not find anything adressable in the logs.

[root@riot dovecot]# systemctl status dovecot
● dovecot.service - Dovecot IMAP/POP3 email server
   Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2021-10-30 10:18:11 CEST; 2s ago
     Docs: man:dovecot(1)
           https://doc.dovecot.org/
  Process: 32398 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS)
 Main PID: 32452 (dovecot)
   Status: "v2.3.16 (7e2e900c1a) running"
    Tasks: 4 (limit: 99912)
   Memory: 4.4M
   CGroup: /system.slice/dovecot.service
           ├─32452 /usr/sbin/dovecot -F
           ├─32507 dovecot/anvil
           ├─32508 dovecot/log
           └─32513 dovecot/config

Oct 30 10:18:11 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server...
Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: Warning: Corrected permissions for login directory /var/run/dovecot/token-login
Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Warning: Corrected permissions for login directory /var/run/dovecot/token-login
Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Dovecot v2.3.16 (7e2e900c1a) starting up for imap, lmtp, sieve
Oct 30 10:18:11 riot.<domain>.com systemd[1]: Started Dovecot IMAP/POP3 email server.


This is the configuration
# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.16 (09c29328)
# OS: Linux 4.18.0-305.19.1.el8_4.x86_64 x86_64 AlmaLinux release 8.4 (Electric Cheetah)
# Hostname: riot.<domain>.com
auth_mechanisms = plain login
auth_verbose = yes
listen = *
mail_gid = vmail
mail_home = /var/vmail/mailboxes/%d/%n
mail_location = maildir:~/mail:LAYOUT=fs
mail_plugins = " quota fts fts_solr"
mail_privileged_group = vmail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox Spam {
    auto = subscribe
    special_use = \Junk
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
  prefix =
  separator = .
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
plugin {
  fts = solr
  fts_autoindex = yes
  fts_solr = url=http://localhost:<solr_port>/solr/dovecot/
  imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve
  imapsieve_mailbox1_causes = COPY
  imapsieve_mailbox1_name = Spam
  imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve
  imapsieve_mailbox2_causes = COPY
  imapsieve_mailbox2_from = Spam
  imapsieve_mailbox2_name = *
  quota = maildir:User quota
  quota_exceeded_message = User %u is over the storage quota
  sieve = file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve
  sieve_before = /var/vmail/sieve/global/spam-global.sieve
  sieve_global_extensions = +vnd.dovecot.pipe
  sieve_pipe_bin_dir = /usr/bin
  sieve_plugins = sieve_imapsieve sieve_extprograms
}
protocols = imap lmtp sieve
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0660
    user = vmail
  }
}
service imap-login {
  inet_listener imap {
    port = 0
  }
  inet_listener imaps {
    port = 993
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0660
    user = postfix
  }
  user = vmail
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
}
ssl = required
ssl_ca = </etc/ssl/certs/ca-bundle.crt
ssl_cert = </etc/ssl/certs/<domain>.com_chain.crt
ssl_cipher_list = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:EECDH+AESGCM:EDH+AESGCM:@SECLEVEL=2
ssl_client_ca_dir = /etc/ssl/certs
ssl_client_ca_file = /etc/ssl/certs/ca-bundle.crt
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
userdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
protocol imap {
  imap_idle_notify_interval = 24 mins
  mail_max_userip_connections = 20
  mail_plugins = " quota fts fts_solr imap_quota imap_sieve"
}
protocol lmtp {
  mail_plugins = " quota fts fts_solr sieve"
  postmaster_address = postmaster@<domain>.com
}
local_name mail.<domain_3>.com {
  ssl_cert = </etc/ssl/certs/<domain_3>.com_chain.crt
  ssl_key = # hidden, use -P to show it
}
local_name mail.<domain_2>.net {
  ssl_cert = </etc/ssl/certs/<domain_2>.net_chain.crt
  ssl_key = # hidden, use -P to show it
}
local_name mail.<domain>.com {
  ssl_cert = </etc/ssl/certs/<domain>.com_chain.crt
  ssl_key = # hidden, use -P to show it
}