"Aki" == Aki Tuomi aki.tuomi@open-xchange.com writes:
Aki> You are correct that the problem is not fully fixed yet. It, Aki> however, only affects practically cases where you do doveadm -c Aki> /path <command>
Thanks for the update.
Aki> We will fix it properly in a future release, now it has been Aki> fixed to work as it used to before, so no new regression is Aki> introduced.
As long as no one trips over this issue with too long certs some other way.
On 03/11/2021 14:54 John Stoffel john@stoffel.org wrote:
> "Aki" == Aki Tuomi aki.tuomi@open-xchange.com writes:
Aki> This issue is now fixed for Dovecot on master with Aki> https://github.com/dovecot/core/compare/ca2237e%5E..6fff8d5.patch
Looking at the patch, I've got a couple of comments.
Even your added comment says this issue could still happen is doveadm reads the config setting through doveconf, instead of the config socket. To me that smells like the problem isn't really where you patched it, but more in the parsing of options in doveadm.
This is much more bike-shedding, but you have the following:
- if (input->module != NULL || input->extra_modules != NULL) {
- if ((service->flags & MASTER_SERVICE_FLAG_DISABLE_SSL_SET) == 0 &&
(input->module != NULL || input->extra_modules != NULL)) {And I would think that the last line would be more readable with:
(input->module || input->extra_modules)) {
The != NULL test just seems really redundant. I haven't looked at the rest of the main.c to see if this pattern is repeated all over the place or not.
John
Aki> and for pigeonhole master with
Aki> https://github.com/dovecot/pigeonhole/commit/29750ba54c20eea0afd4ca436ddc132...
Aki> Regards, Aki> Aki
On 01/11/2021 08:38 Aki Tuomi aki.tuomi@open-xchange.com wrote:
Hi all!
We are looking into this issue.
Aki
On 30/10/2021 19:36 TG Servers srvrs@prvtmail.net wrote:
Thanks Robert, I read that. I will also wait for a patch and stay
Cheers
On 30/10/2021 12:59, Robert Nowotny wrote:
the reason is :
ssl_ca =
if "ca-bundle.crt"is too big, You will get that error. this should be fixed, but as a workaround You might pull out the certificates You need. I personally wait for the patch and stay at 2.3.16 for the time beeing.
yours sincerely Robert
Am 30.10.2021 um 10:34 schrieb TG Servers:
> Hello, >
> tonight my dovecot upgraded to 2.3.17 and completely broke on recent CentOS 8 installation. >
> I found the service in status >
> [root@riot ~]# systemctl status dovecot > ● dovecot.service - Dovecot IMAP/POP3 email server > Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) > Active: failed (Result: exit-code) since Sat 2021-10-30 09:59:11 CEST; 58s ago > Docs: man:dovecot(1) > https://doc.dovecot.org/ > Process: 1515 ExecStart=/usr/sbin/dovecot -F (code=exited, status=89) > Process: 1429 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) > Main PID: 1515 (code=exited, status=89) >
> Oct 30 09:59:10 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server... > Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/libexec/dovecot/managesieve) failed: Argument list too long > Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Error: managesieve-login: dump-capability process returned 89 > Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/sbin/dovecot) failed: Argument list too long > Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a > Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Failed with result 'exit-code'. > Oct 30 09:59:11 riot.<domain>.com systemd[1]: Failed to start Dovecot IMAP/POP3 email server. >
> This seems to be like a bug as no configuration was changed by me in the middle of the night. > I recall there were similar errors/bug reports in the past were it seemed it was managesieve but wasn't, people had some misconfigurations in the dovecot.conf. I did not change my dovecot.conf since April. > But maybe here it is a pigeonhole issue. >
> As I did not find any reason for it I changed the repo and downgraded to 2.3.16-2 now and it runs without any flaws, like all the time before. I had no time to investigate this any longer thand 2 hours with 2.3.17 installed as this is a production server and I need the email access. I also did not find anything adressable in the logs. >
> [root@riot dovecot]# systemctl status dovecot > ● dovecot.service - Dovecot IMAP/POP3 email server > Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) > Active: active (running) since Sat 2021-10-30 10:18:11 CEST; 2s ago > Docs: man:dovecot(1) > https://doc.dovecot.org/ > Process: 32398 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) > Main PID: 32452 (dovecot) > Status: "v2.3.16 (7e2e900c1a) running" > Tasks: 4 (limit: 99912) > Memory: 4.4M > CGroup: /system.slice/dovecot.service > ├─32452 /usr/sbin/dovecot -F > ├─32507 dovecot/anvil > ├─32508 dovecot/log > └─32513 dovecot/config >
> Oct 30 10:18:11 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server... > Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: Warning: Corrected permissions for login directory /var/run/dovecot/token-login > Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Warning: Corrected permissions for login directory /var/run/dovecot/token-login > Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Dovecot v2.3.16 (7e2e900c1a) starting up for imap, lmtp, sieve > Oct 30 10:18:11 riot.<domain>.com systemd[1]: Started Dovecot IMAP/POP3 email server. >
>
> This is the configuration > # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.5.16 (09c29328) > # OS: Linux 4.18.0-305.19.1.el8_4.x86_64 x86_64 AlmaLinux release 8.4 (Electric Cheetah) > # Hostname: riot.<domain>.com > auth_mechanisms = plain login > auth_verbose = yes > listen = * > mail_gid = vmail > mail_home = /var/vmail/mailboxes/%d/%n > mail_location = maildir:~/mail:LAYOUT=fs > mail_plugins = " quota fts fts_solr" > mail_privileged_group = vmail > mail_uid = vmail > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve > namespace inbox { > inbox = yes > location = > mailbox Drafts { > auto = subscribe > special_use = \Drafts > } > mailbox Sent { > auto = subscribe > special_use = \Sent > } > mailbox Spam { > auto = subscribe > special_use = \Junk > } > mailbox Trash { > auto = subscribe > special_use = \Trash > } > prefix = > separator = . > type = private > } > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > plugin { > fts = solr > fts_autoindex = yes > fts_solr = url=http://localhost:/solr/dovecot/ > imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve > imapsieve_mailbox1_causes = COPY > imapsieve_mailbox1_name = Spam > imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve > imapsieve_mailbox2_causes = COPY > imapsieve_mailbox2_from = Spam > imapsieve_mailbox2_name = * > quota = maildir:User quota > quota_exceeded_message = User %u is over the storage quota > sieve = file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve > sieve_before = /var/vmail/sieve/global/spam-global.sieve > sieve_global_extensions = +vnd.dovecot.pipe > sieve_pipe_bin_dir = /usr/bin > sieve_plugins = sieve_imapsieve sieve_extprograms > } > protocols = imap lmtp sieve > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-userdb { > group = vmail > mode = 0660 > user = vmail > } > } > service imap-login { > inet_listener imap { > port = 0 > } > inet_listener imaps { > port = 993 > } > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0660 > user = postfix > } > user = vmail > } > service managesieve-login { > inet_listener sieve { > port = 4190 > } > } > ssl = required > ssl_ca = ssl_cert = ssl_cipher_list = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:EECDH+AESGCM:EDH+AESGCM:@SECLEVEL=2 > ssl_client_ca_dir = /etc/ssl/certs > ssl_client_ca_file = /etc/ssl/certs/ca-bundle.crt > ssl_dh = # hidden, use -P to show it > ssl_key = # hidden, use -P to show it > ssl_prefer_server_ciphers = yes > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > protocol imap { > imap_idle_notify_interval = 24 mins > mail_max_userip_connections = 20 > mail_plugins = " quota fts fts_solr imap_quota imap_sieve" > } > protocol lmtp { > mail_plugins = " quota fts fts_solr sieve" > postmaster_address = postmaster@<domain>.com > } > local_name mail. .com { > ssl_cert = .com_chain.crt > ssl_key = # hidden, use -P to show it > } > local_name mail. .net { > ssl_cert = .net_chain.crt > ssl_key = # hidden, use -P to show it > } > local_name mail.<domain>.com { > ssl_cert = ssl_key = # hidden, use -P to show it > } >
>
>
>
>
>
>