Dovecot 2.1.7 random login fails

17 Feb 2015

      From: Dario Meloni mellon85@gmail.com
Subject: Dovecot 2.1.7 intermittent login issues
Newsgroups: gmane.mail.imap.dovecot
X-Draft-Attribution:
X-Draft-Attribution-Author:
X-Draft-Attribution-Date:
X-Draft-Attribution-Id:
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Hello,
Dovecot version 2.1.7, running in a debian:stable docker container.
I am having a weird issues with dovecot failing randomly sometimes with
pop3 sometimes with imap but only in case of SSL for example from the
logs I can see this:
Feb 17 07:48:32 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3
write session ticket A [172.17.2.5]
Feb 17 07:48:32 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3
write change cipher spec A [172.17.2.5]
Feb 17 07:48:32 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3
write finished A [172.17.2.5]
Feb 17 07:48:32 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3
flush data [172.17.2.5]
Feb 17 07:48:32 imap-login: Warning: SSL: where=0x20, ret=1: SSL
negotiation finished successfully [172.17.2.5]
Feb 17 07:48:32 imap-login: Warning: SSL: where=0x2002, ret=1: SSL
negotiation finished successfully [172.17.2.5]
Feb 17 07:48:32 imap-login: Warning: SSL alert: where=0x4008, ret=256:
warning close notify [172.17.2.5]
Feb 17 07:48:32 pop3-login: Fatal: read(ssl-params) failed: Permission
denied
and from the debug log:
Feb 17 07:48:32 auth: Debug: auth client connected (pid=21)
Feb 17 07:48:32 auth: Debug: client in: AUTH    1       PLAIN

service=pop3    session=[REDACTED]        lip=172.17.2.11 rip=172.17.2.5

lport=110       rport=38967     resp=[REDACTED]
Feb 17 07:48:32 auth-worker(16): Debug: pam(test,172.17.2.5): lookup
service=dovecot
Feb 17 07:48:32 auth-worker(16): Debug: pam(test,172.17.2.5): #1/1
style=1 msg=Password:
Feb 17 07:48:32 auth: Debug: client out: OK     1       user=test
Feb 17 07:48:32 auth: Debug: master in: REQUEST 951582721       21

1       1fb51b26a3656db28fa3d333bd7568a4
Feb 17 07:48:32 auth: Debug: passwd(test,172.17.2.5,[REDACTED]): lookup
Feb 17 07:48:32 auth: Debug: master out: USER   951582721       test

system_groups_user=test uid=1000        gid=8   home=/home/test
Feb 17 07:48:32 pop3(test): Debug: Effective uid=1000, gid=8, home=/home/
test
Feb 17 07:48:32 pop3(test): Debug: Namespace inbox: type=private,
prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes
location=mbox:~/mail:INBOX=/var/mail/test
Feb 17 07:48:32 pop3(test): Debug: fs: root=/home/test/mail, index=,
control=, inbox=/var/mail/test, alt=
Feb 17 07:48:32 pop3(test): Debug: Namespace : Using permissions from /
home/test/mail: mode=0700 gid=-1
Feb 17 07:48:32 auth: Debug: auth client connected (pid=23)
I checked in the code and found that the issue is from ssl-params.c
apparently not being able to read from a file descriptor that it already
opened...
Any idea?