Re: Dovecot sync broke after upgrade to OpenBSD 6.9

1 Jul 2021


      Hey
Thanks for the response. I finally got deeper into debugging this, and
while using the correct command didn't fix my problem, it did help me
figure out that my problem has nothing to do with dovecot. I'm having
other issues that are blocking file transfers over ssh, that I'll have
to debug separately.
Thanks again for the help!
Aki Tuomi aki.tuomi@open-xchange.com writes:
...
Your problem isn't related to those plugins, but the way you are running dsync.
Try doveadm sync -u worr@worrbase.com remoteprefix:worr@sabin.worrbase.com
Aki
...
On 10/06/2021 04:34 Brad Smith brad@comstyle.com wrote:
Aki?
On 5/25/2021 6:13 AM, William Orr wrote:
...
Hey,
I have two mailservers running OpenBSD 6.9, and I use bidirectional
syncing of my maildirs through doveadm. After the
upgrade, I noticed that the sync process was failing.
OpenBSD 6.8 shipped with Dovecot 2.3.13, 6.9 ships with 2.3.14. Here's
the output of the dovecot --build-options:
kefka|~|03:01:50|89$ dovecot --build-options
Build options: ioloop=kqueue notify=kqueue openssl io_block_size=8192
SQL driver plugins: mysql postgresql sqlite
Passdb: bsdauth checkpassword ldap passwd passwd-file sql
Userdb: checkpassword ldap(plugin) passwd prefetch passwd-file sql
I did not compile this manually, this is from packages. More info about
configure options passed are available here, in the Makefile from ports
https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/mail/dovecot/Makefile?rev=1.297&content-type=text/x-cvsweb-markup
Here's a sample run of the sync:
kefka|~|02:57:05|0$ doas doveadm sync -u worr@worrbase.com remote:sabin.worrbase.com
doveadm(VERSION	dsync	3	5): Error: User doesn't exist
dsync-local(worr)<FNQIMvI9omB4VwEADTvxNg>: Error: read(sabin.worrbase.com) failed: EOF (version not received)
dsync-local(worr)<FNQIMvI9omB4VwEADTvxNg>: Error: Remote command returned error 67: /usr/bin/ssh -i /root/.ssh/id_ed25519.dsync sabin.worrbase.com /usr/local/bin/dsync-in-wrapper.sh
kefka|~|02:57:08|75$ cat /usr/local/bin/dsync-in-wrapper.sh
#!/bin/ksh
read username
/usr/local/bin/doveadm dsync-server -u "$username"
I ktraced the process, and noticed that in the communication with the
remote mail server, that a bunch of doveadm plugins fail to load. It's
worth noting that these are plugins that are dlopen(3)ed in response to
certain commands sent over the wire, so they don't show up in ldd(1) output.
kefka|~|03:00:08|0$ doas kdump | grep symbol
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol 'acl_user_module'
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol 'acl_mailbox_get_aclobj'
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol 'acl_mailbox_list_get_backend'
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol 'acl_object_list_init'
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol 'acl_object_list_next'
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol 'acl_backend_rights_match_me'
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol 'acl_rights_get_id'
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol 'acl_object_list_deinit'
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol 'acl_object_get_my_rights'
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol 'acl_rights_update_import'
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol 'acl_mailbox_update_acl'
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol 'acl_lookup_dict_rebuild'
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol 'acl_backend_nonowner_lookups_iter_init'
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol 'acl_backend_nonowner_lookups_iter_next'
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol 'acl_backend_nonowner_lookups_iter_deinit'
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol 'acl_backend_nonowner_lookups_rebuild'
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol 'acl_lookup_dict_is_enabled'
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol 'acl_lookup_dict_iterate_visible_init'
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol 'acl_lookup_dict_iterate_visible_next'
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol 'acl_lookup_dict_iterate_visible_deinit'
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_quota_plugin.so: undefined symbol 'quota_user_module'
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_quota_plugin.so: undefined symbol 'quota_root_get_resources'
"doveadm:/usr/local/lib/dovecot/doveadm/lib10_doveadm_quota_plugin.so: undefined symbol 'quota_get_resource'
"doveadm:/usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol 'fts_list_backend'
"doveadm:/usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol 'fts_backend_lookup'
"doveadm:/usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol 'fts_backend_lookup_done'
"doveadm:/usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol 'fts_search_args_expand'
"doveadm:/usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol 'fts_language_find'
"doveadm:/usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol 'fts_user_get_language_list'
"doveadm:/usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol 'fts_language_detect'
"doveadm:/usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol 'fts_language_list_get_first'
"doveadm:/usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol 'fts_user_language_find'
"doveadm:/usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol 'fts_tokenizer_reset'
"doveadm:/usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol 'fts_tokenizer_final'
"doveadm:/usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol 'fts_tokenizer_next'
"doveadm:/usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol 'fts_filter_filter'
"doveadm:/usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol 'fts_backend_optimize'
"doveadm:/usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol 'fts_backend_rescan'
"doveadm:/usr/local/lib/dovecot/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol 'mail_crypt_user_get_public_key'
"doveadm:/usr/local/lib/dovecot/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol 'mail_crypt_user_generate_keypair'
"doveadm:/usr/local/lib/dovecot/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol 'mail_crypt_box_get_public_key'
"doveadm:/usr/local/lib/dovecot/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol 'mail_crypt_box_generate_keypair'
"doveadm:/usr/local/lib/dovecot/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol 'mail_crypt_box_get_pvt_digests'
"doveadm:/usr/local/lib/dovecot/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol 'mail_crypt_acl_secure_sharing_enabled'"
"doveadm:/usr/local/lib/dovecot/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol 'mail_crypt_box_share_private_keys'
"doveadm:/usr/local/lib/dovecot/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol 'mail_crypt_box_set_shared_key'
"doveadm:/usr/local/lib/dovecot/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol 'mail_crypt_get_private_key'
I checked on both machines, and these symbols are all undefined in the
associated libraries. I do notice though, that these symbols seem to be
present in similar dovecot, non-doveadm plugins:
kefka|~|03:04:56|130$ nm -A /usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so  | grep acl_user_module
/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so:         U acl_user_module
kefka|~|03:05:14|0$ nm -A /usr/local/lib/dovecot/lib01_acl_plugin.so   | grep acl_user_module
/usr/local/lib/dovecot/lib01_acl_plugin.so:0001b008 D acl_user_module
However, the doveadm plugins don't link against them?
kefka|~|03:04:24|1$ ldd /usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so
/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so:
Start            End              Type  Open Ref GrpRef Name
000001d89e043000 000001d89e04d000 dlib  1    0   0      /usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so
Is anyone else seeing issues like this? Is there perhaps a
misconfiguration on my end?
Here's the full output of dovecot -n
# 2.3.14 (cee3cbc0d): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.14 (1b5c82b2)
# OS: OpenBSD 6.9 amd64
# Hostname: kefka.worrbase.com
auth_username_format = %n
default_vsz_limit = 512 M
doveadm_password = # hidden, use -P to show it
dsync_remote_cmd = /usr/bin/ssh -i /root/.ssh/id_ed25519.dsync %{host} /usr/local/bin/dsync-in-wrapper.sh
first_valid_uid = 1000
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags
mail_location = maildir:~/Maildir
mail_plugins = " notify replication"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
mbox_write_locks = fcntl
mmap_disable = yes
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Sent {
special_use = \Sent
}
mailbox Spam {
special_use = \Junk
}
mailbox Trash {
special_use = \Trash
}
prefix =
separator = /
}
passdb {
driver = bsdauth
}
plugin {
mail_replica = remoteprefix:root@sabin.worrbase.com
sieve = ~/.dovecot.sieve
sieve_dir = ~/.sieve
sieve_user_log = ~/.dovecot.sieve.log
}
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
postmaster_address = postmaster@worrbase.com
protocols = imap lmtp
service aggregator {
fifo_listener replication-notify-fifo {
mode = 0666
}
unix_listener replication-notify {
mode = 0666
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service lmtp {
inet_listener lmtp {
address = localhost
port = 2525
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
}
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 0
}
}
service replicator {
process_min_avail = 1
unix_listener replicator-doveadm {
mode = 0666
}
}
ssl = required
ssl_cert = 
Let me know if I need to provide more info.
Thanks so much for the help!