2.3.17 broken on CentOS8 / bug
Op 30 okt. 2021 om 10:35 heeft TG Servers srvrs@prvtmail.net het volgende geschreven:
Hello,
tonight my dovecot upgraded to 2.3.17 and completely broke on recent CentOS 8 installation.
I found the service in status
[root@riot ~]# systemctl status dovecot ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Sat 2021-10-30 09:59:11 CEST; 58s ago Docs: man:dovecot(1) https://doc.dovecot.org/ Process: 1515 ExecStart=/usr/sbin/dovecot -F (code=exited, status=89) Process: 1429 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) Main PID: 1515 (code=exited, status=89)
Oct 30 09:59:10 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server... Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/libexec/dovecot/managesieve) failed: Argument list too long Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Error: managesieve-login: dump-capability process returned 89 Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/sbin/dovecot) failed: Argument list too long Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Failed with result 'exit-code'. Oct 30 09:59:11 riot.<domain>.com systemd[1]: Failed to start Dovecot IMAP/POP3 email server.
Please check the archive. If I’m not mistaken, the same issue + possible solution was posted on the mailing list yesterday.
This seems to be like a bug as no configuration was changed by me in the middle of the night. I recall there were similar errors/bug reports in the past were it seemed it was managesieve but wasn't, people had some misconfigurations in the dovecot.conf. I did not change my dovecot.conf since April. But maybe here it is a pigeonhole issue.
As I did not find any reason for it I changed the repo and downgraded to 2.3.16-2 now and it runs without any flaws, like all the time before. I had no time to investigate this any longer thand 2 hours with 2.3.17 installed as this is a production server and I need the email access. I also did not find anything adressable in the logs.
[root@riot dovecot]# systemctl status dovecot ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2021-10-30 10:18:11 CEST; 2s ago Docs: man:dovecot(1) https://doc.dovecot.org/ Process: 32398 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) Main PID: 32452 (dovecot) Status: "v2.3.16 (7e2e900c1a) running" Tasks: 4 (limit: 99912) Memory: 4.4M CGroup: /system.slice/dovecot.service ├─32452 /usr/sbin/dovecot -F ├─32507 dovecot/anvil ├─32508 dovecot/log └─32513 dovecot/config
Oct 30 10:18:11 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server... Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: Warning: Corrected permissions for login directory /var/run/dovecot/token-login Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Warning: Corrected permissions for login directory /var/run/dovecot/token-login Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Dovecot v2.3.16 (7e2e900c1a) starting up for imap, lmtp, sieve Oct 30 10:18:11 riot.<domain>.com systemd[1]: Started Dovecot IMAP/POP3 email server.
This is the configuration # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.16 (09c29328) # OS: Linux 4.18.0-305.19.1.el8_4.x86_64 x86_64 AlmaLinux release 8.4 (Electric Cheetah) # Hostname: riot.<domain>.com auth_mechanisms = plain login auth_verbose = yes listen = * mail_gid = vmail mail_home = /var/vmail/mailboxes/%d/%n mail_location = maildir:~/mail:LAYOUT=fs mail_plugins = " quota fts fts_solr" mail_privileged_group = vmail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = . type = private } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { fts = solr fts_autoindex = yes fts_solr = url=http://localhost:
/solr/dovecot/ imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Spam imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * quota = maildir:User quota quota_exceeded_message = User %u is over the storage quota sieve = file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve sieve_before = /var/vmail/sieve/global/spam-global.sieve sieve_global_extensions = +vnd.dovecot.pipe sieve_pipe_bin_dir = /usr/bin sieve_plugins = sieve_imapsieve sieve_extprograms } protocols = imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } user = vmail } service managesieve-login { inet_listener sieve { port = 4190 } } ssl = required ssl_ca = .com { ssl_cert = .com_chain.crt ssl_key = # hidden, use -P to show it } local_name mail. .net { ssl_cert = .net_chain.crt ssl_key = # hidden, use -P to show it } local_name mail.<domain>.com { ssl_cert =
On October 30, 2021 12:00:40 PM GMT+02:00, TG Servers srvrs@prvtmail.net wrote:
Thanks for your reply William.
But the only thing I found in the meanwhile about this issue is that when the ca-bundles files is too "big" it does not work anymore. And if this file is shortened to one entry it will work, someone seems to have tested this. This is no fix, it is a bug that has to be fixed by dovecot from my pov. The ca-bundles file is used by countless applications without any issues, it is used by 2.3.16 without any issues. There should be no special treatment for a single application necessary. Do you use client certs? If not, there is no need to even have ssl_ca set, see https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/#id10
On 30/10/2021 11:35, William Edwards wrote:
Op 30 okt. 2021 om 10:35 heeft TG Servers srvrs@prvtmail.net het volgende geschreven:
Hello,
tonight my dovecot upgraded to 2.3.17 and completely broke on recent CentOS 8 installation.
I found the service in status
[root@riot ~]# systemctl status dovecot ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Sat 2021-10-30 09:59:11 CEST; 58s ago Docs: man:dovecot(1) https://doc.dovecot.org/ Process: 1515 ExecStart=/usr/sbin/dovecot -F (code=exited, status=89) Process: 1429 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) Main PID: 1515 (code=exited, status=89)
Oct 30 09:59:10 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server... Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/libexec/dovecot/managesieve) failed: Argument list too long Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Error: managesieve-login: dump-capability process returned 89 Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/sbin/dovecot) failed: Argument list too long Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Failed with result 'exit-code'. Oct 30 09:59:11 riot.<domain>.com systemd[1]: Failed to start Dovecot IMAP/POP3 email server.
Please check the archive. If I’m not mistaken, the same issue + possible solution was posted on the mailing list yesterday.
This seems to be like a bug as no configuration was changed by me in the middle of the night. I recall there were similar errors/bug reports in the past were it seemed it was managesieve but wasn't, people had some misconfigurations in the dovecot.conf. I did not change my dovecot.conf since April. But maybe here it is a pigeonhole issue.
As I did not find any reason for it I changed the repo and downgraded to 2.3.16-2 now and it runs without any flaws, like all the time before. I had no time to investigate this any longer thand 2 hours with 2.3.17 installed as this is a production server and I need the email access. I also did not find anything adressable in the logs.
[root@riot dovecot]# systemctl status dovecot ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2021-10-30 10:18:11 CEST; 2s ago Docs: man:dovecot(1) https://doc.dovecot.org/ Process: 32398 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) Main PID: 32452 (dovecot) Status: "v2.3.16 (7e2e900c1a) running" Tasks: 4 (limit: 99912) Memory: 4.4M CGroup: /system.slice/dovecot.service ├─32452 /usr/sbin/dovecot -F ├─32507 dovecot/anvil ├─32508 dovecot/log └─32513 dovecot/config
Oct 30 10:18:11 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server... Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: Warning: Corrected permissions for login directory /var/run/dovecot/token-login Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Warning: Corrected permissions for login directory /var/run/dovecot/token-login Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Dovecot v2.3.16 (7e2e900c1a) starting up for imap, lmtp, sieve Oct 30 10:18:11 riot.<domain>.com systemd[1]: Started Dovecot IMAP/POP3 email server.
This is the configuration # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.16 (09c29328) # OS: Linux 4.18.0-305.19.1.el8_4.x86_64 x86_64 AlmaLinux release 8.4 (Electric Cheetah) # Hostname: riot.<domain>.com auth_mechanisms = plain login auth_verbose = yes listen = * mail_gid = vmail mail_home = /var/vmail/mailboxes/%d/%n mail_location = maildir:~/mail:LAYOUT=fs mail_plugins = " quota fts fts_solr" mail_privileged_group = vmail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = . type = private } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { fts = solr fts_autoindex = yes fts_solr = url=http://localhost:
/solr/dovecot/ imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Spam imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * quota = maildir:User quota quota_exceeded_message = User %u is over the storage quota sieve = file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve sieve_before = /var/vmail/sieve/global/spam-global.sieve sieve_global_extensions = +vnd.dovecot.pipe sieve_pipe_bin_dir = /usr/bin sieve_plugins = sieve_imapsieve sieve_extprograms } protocols = imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } user = vmail } service managesieve-login { inet_listener sieve { port = 4190 } } ssl = required ssl_ca = .com { ssl_cert = .com_chain.crt ssl_key = # hidden, use -P to show it } local_name mail. .net { ssl_cert = .net_chain.crt ssl_key = # hidden, use -P to show it } local_name mail.<domain>.com { ssl_cert = Christian Kivalo
Op 30 okt. 2021 om 12:10 heeft TG Servers srvrs@prvtmail.net het volgende geschreven:
Thanks for your reply William.
But the only thing I found in the meanwhile about this issue is that when the ca-bundles files is too "big" it does not work anymore. And if this file is shortened to one entry it will work, someone seems to have tested this. This is no fix, it is a bug that has to be fixed by dovecot from my pov.
A fix and a bug are not mutually exclusive :)
The ca-bundles file is used by countless applications without any issues, it is used by 2.3.16 without any issues. There should be no special treatment for a single application necessary.
On 30/10/2021 11:35, William Edwards wrote:
Op 30 okt. 2021 om 10:35 heeft TG Servers srvrs@prvtmail.net het volgende geschreven:
Hello,
tonight my dovecot upgraded to 2.3.17 and completely broke on recent CentOS 8 installation.
I found the service in status
[root@riot ~]# systemctl status dovecot ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Sat 2021-10-30 09:59:11 CEST; 58s ago Docs: man:dovecot(1) https://doc.dovecot.org/ Process: 1515 ExecStart=/usr/sbin/dovecot -F (code=exited, status=89) Process: 1429 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) Main PID: 1515 (code=exited, status=89)
Oct 30 09:59:10 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server... Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/libexec/dovecot/managesieve) failed: Argument list too long Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Error: managesieve-login: dump-capability process returned 89 Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/sbin/dovecot) failed: Argument list too long Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Failed with result 'exit-code'. Oct 30 09:59:11 riot.<domain>.com systemd[1]: Failed to start Dovecot IMAP/POP3 email server.
Please check the archive. If I’m not mistaken, the same issue + possible solution was posted on the mailing list yesterday.
This seems to be like a bug as no configuration was changed by me in the middle of the night. I recall there were similar errors/bug reports in the past were it seemed it was managesieve but wasn't, people had some misconfigurations in the dovecot.conf. I did not change my dovecot.conf since April. But maybe here it is a pigeonhole issue.
As I did not find any reason for it I changed the repo and downgraded to 2.3.16-2 now and it runs without any flaws, like all the time before. I had no time to investigate this any longer thand 2 hours with 2.3.17 installed as this is a production server and I need the email access. I also did not find anything adressable in the logs.
[root@riot dovecot]# systemctl status dovecot ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2021-10-30 10:18:11 CEST; 2s ago Docs: man:dovecot(1) https://doc.dovecot.org/ Process: 32398 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) Main PID: 32452 (dovecot) Status: "v2.3.16 (7e2e900c1a) running" Tasks: 4 (limit: 99912) Memory: 4.4M CGroup: /system.slice/dovecot.service ├─32452 /usr/sbin/dovecot -F ├─32507 dovecot/anvil ├─32508 dovecot/log └─32513 dovecot/config
Oct 30 10:18:11 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server... Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: Warning: Corrected permissions for login directory /var/run/dovecot/token-login Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Warning: Corrected permissions for login directory /var/run/dovecot/token-login Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Dovecot v2.3.16 (7e2e900c1a) starting up for imap, lmtp, sieve Oct 30 10:18:11 riot.<domain>.com systemd[1]: Started Dovecot IMAP/POP3 email server.
This is the configuration # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.16 (09c29328) # OS: Linux 4.18.0-305.19.1.el8_4.x86_64 x86_64 AlmaLinux release 8.4 (Electric Cheetah) # Hostname: riot.<domain>.com auth_mechanisms = plain login auth_verbose = yes listen = * mail_gid = vmail mail_home = /var/vmail/mailboxes/%d/%n mail_location = maildir:~/mail:LAYOUT=fs mail_plugins = " quota fts fts_solr" mail_privileged_group = vmail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = . type = private } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { fts = solr fts_autoindex = yes fts_solr = url=http://localhost:
/solr/dovecot/ imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Spam imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * quota = maildir:User quota quota_exceeded_message = User %u is over the storage quota sieve = file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve sieve_before = /var/vmail/sieve/global/spam-global.sieve sieve_global_extensions = +vnd.dovecot.pipe sieve_pipe_bin_dir = /usr/bin sieve_plugins = sieve_imapsieve sieve_extprograms } protocols = imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } user = vmail } service managesieve-login { inet_listener sieve { port = 4190 } } ssl = required ssl_ca = .com { ssl_cert = .com_chain.crt ssl_key = # hidden, use -P to show it } local_name mail. .net { ssl_cert = .net_chain.crt ssl_key = # hidden, use -P to show it } local_name mail.<domain>.com { ssl_cert =
the reason is :
ssl_ca =
if "ca-bundle.crt" is too big, You will get that error. this should be fixed, but as a workaround You might pull out the certificates You need. I personally wait for the patch and stay at 2.3.16 for the time beeing.
yours sincerely Robert
Am 30.10.2021 um 10:34 schrieb TG Servers:
Hello,
tonight my dovecot upgraded to 2.3.17 and completely broke on recent CentOS 8 installation.
I found the service in status
[root@riot ~]# systemctl status dovecot ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Sat 2021-10-30 09:59:11 CEST; 58s ago Docs: man:dovecot(1) https://doc.dovecot.org/ Process: 1515 ExecStart=/usr/sbin/dovecot -F (code=exited, status=89) Process: 1429 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) Main PID: 1515 (code=exited, status=89)
Oct 30 09:59:10 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server... Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/libexec/dovecot/managesieve) failed: Argument list too long Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Error: managesieve-login: dump-capability process returned 89 Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/sbin/dovecot) failed: Argument list too long Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Failed with result 'exit-code'. Oct 30 09:59:11 riot.<domain>.com systemd[1]: Failed to start Dovecot IMAP/POP3 email server.
This seems to be like a bug as no configuration was changed by me in the middle of the night. I recall there were similar errors/bug reports in the past were it seemed it was managesieve but wasn't, people had some misconfigurations in the dovecot.conf. I did not change my dovecot.conf since April. But maybe here it is a pigeonhole issue.
As I did not find any reason for it I changed the repo and downgraded to 2.3.16-2 now and it runs without any flaws, like all the time before. I had no time to investigate this any longer thand 2 hours with 2.3.17 installed as this is a production server and I need the email access. I also did not find anything adressable in the logs.
[root@riot dovecot]# systemctl status dovecot ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2021-10-30 10:18:11 CEST; 2s ago Docs: man:dovecot(1) https://doc.dovecot.org/ Process: 32398 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) Main PID: 32452 (dovecot) Status: "v2.3.16 (7e2e900c1a) running" Tasks: 4 (limit: 99912) Memory: 4.4M CGroup: /system.slice/dovecot.service ├─32452 /usr/sbin/dovecot -F ├─32507 dovecot/anvil ├─32508 dovecot/log └─32513 dovecot/config
Oct 30 10:18:11 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server... Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: Warning: Corrected permissions for login directory /var/run/dovecot/token-login Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Warning: Corrected permissions for login directory /var/run/dovecot/token-login Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Dovecot v2.3.16 (7e2e900c1a) starting up for imap, lmtp, sieve Oct 30 10:18:11 riot.<domain>.com systemd[1]: Started Dovecot IMAP/POP3 email server.
This is the configuration # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.16 (09c29328) # OS: Linux 4.18.0-305.19.1.el8_4.x86_64 x86_64 AlmaLinux release 8.4 (Electric Cheetah) # Hostname: riot.<domain>.com auth_mechanisms = plain login auth_verbose = yes listen = * mail_gid = vmail mail_home = /var/vmail/mailboxes/%d/%n mail_location = maildir:~/mail:LAYOUT=fs mail_plugins = " quota fts fts_solr" mail_privileged_group = vmail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = . type = private } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { fts = solr fts_autoindex = yes fts_solr = url=http://localhost:
/solr/dovecot/ imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Spam imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * quota = maildir:User quota quota_exceeded_message = User %u is over the storage quota sieve = file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve sieve_before = /var/vmail/sieve/global/spam-global.sieve sieve_global_extensions = +vnd.dovecot.pipe sieve_pipe_bin_dir = /usr/bin sieve_plugins = sieve_imapsieve sieve_extprograms } protocols = imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } user = vmail } service managesieve-login { inet_listener sieve { port = 4190 } } ssl = required ssl_ca = .com { ssl_cert = .com_chain.crt ssl_key = # hidden, use -P to show it } local_name mail. .net { ssl_cert = .net_chain.crt ssl_key = # hidden, use -P to show it } local_name mail.<domain>.com { ssl_cert =
Hi all!
We are looking into this issue.
Aki
On 30/10/2021 19:36 TG Servers srvrs@prvtmail.net wrote:
Thanks Robert, I read that. I will also wait for a patch and stay
Cheers
On 30/10/2021 12:59, Robert Nowotny wrote:
the reason is :
ssl_ca =
if "ca-bundle.crt"is too big, You will get that error. this should be fixed, but as a workaround You might pull out the certificates You need. I personally wait for the patch and stay at 2.3.16 for the time beeing.
yours sincerely Robert
Am 30.10.2021 um 10:34 schrieb TG Servers:
Hello,
tonight my dovecot upgraded to 2.3.17 and completely broke on recent CentOS 8 installation.
I found the service in status
[root@riot ~]# systemctl status dovecot ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Sat 2021-10-30 09:59:11 CEST; 58s ago Docs: man:dovecot(1) https://doc.dovecot.org/ Process: 1515 ExecStart=/usr/sbin/dovecot -F (code=exited, status=89) Process: 1429 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) Main PID: 1515 (code=exited, status=89)
Oct 30 09:59:10 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server... Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/libexec/dovecot/managesieve) failed: Argument list too long Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Error: managesieve-login: dump-capability process returned 89 Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/sbin/dovecot) failed: Argument list too long Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Failed with result 'exit-code'. Oct 30 09:59:11 riot.<domain>.com systemd[1]: Failed to start Dovecot IMAP/POP3 email server.
This seems to be like a bug as no configuration was changed by me in the middle of the night. I recall there were similar errors/bug reports in the past were it seemed it was managesieve but wasn't, people had some misconfigurations in the dovecot.conf. I did not change my dovecot.conf since April. But maybe here it is a pigeonhole issue.
As I did not find any reason for it I changed the repo and downgraded to 2.3.16-2 now and it runs without any flaws, like all the time before. I had no time to investigate this any longer thand 2 hours with 2.3.17 installed as this is a production server and I need the email access. I also did not find anything adressable in the logs.
[root@riot dovecot]# systemctl status dovecot ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2021-10-30 10:18:11 CEST; 2s ago Docs: man:dovecot(1) https://doc.dovecot.org/ Process: 32398 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) Main PID: 32452 (dovecot) Status: "v2.3.16 (7e2e900c1a) running" Tasks: 4 (limit: 99912) Memory: 4.4M CGroup: /system.slice/dovecot.service ├─32452 /usr/sbin/dovecot -F ├─32507 dovecot/anvil ├─32508 dovecot/log └─32513 dovecot/config
Oct 30 10:18:11 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server... Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: Warning: Corrected permissions for login directory /var/run/dovecot/token-login Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Warning: Corrected permissions for login directory /var/run/dovecot/token-login Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Dovecot v2.3.16 (7e2e900c1a) starting up for imap, lmtp, sieve Oct 30 10:18:11 riot.<domain>.com systemd[1]: Started Dovecot IMAP/POP3 email server.
This is the configuration # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.16 (09c29328) # OS: Linux 4.18.0-305.19.1.el8_4.x86_64 x86_64 AlmaLinux release 8.4 (Electric Cheetah) # Hostname: riot.<domain>.com auth_mechanisms = plain login auth_verbose = yes listen = * mail_gid = vmail mail_home = /var/vmail/mailboxes/%d/%n mail_location = maildir:~/mail:LAYOUT=fs mail_plugins = " quota fts fts_solr" mail_privileged_group = vmail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = . type = private } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { fts = solr fts_autoindex = yes fts_solr = url=http://localhost:
/solr/dovecot/ imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Spam imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * quota = maildir:User quota quota_exceeded_message = User %u is over the storage quota sieve = file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve sieve_before = /var/vmail/sieve/global/spam-global.sieve sieve_global_extensions = +vnd.dovecot.pipe sieve_pipe_bin_dir = /usr/bin sieve_plugins = sieve_imapsieve sieve_extprograms } protocols = imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } user = vmail } service managesieve-login { inet_listener sieve { port = 4190 } } ssl = required ssl_ca = .com { ssl_cert = .com_chain.crt ssl_key = # hidden, use -P to show it } local_name mail. .net { ssl_cert = .net_chain.crt ssl_key = # hidden, use -P to show it } local_name mail.<domain>.com { ssl_cert =
This issue is now fixed for Dovecot on master with
https://github.com/dovecot/core/compare/ca2237e%5E..6fff8d5.patch
and for pigeonhole master with
https://github.com/dovecot/pigeonhole/commit/29750ba54c20eea0afd4ca436ddc132...
Regards, Aki
On 01/11/2021 08:38 Aki Tuomi aki.tuomi@open-xchange.com wrote:
Hi all!
We are looking into this issue.
Aki
On 30/10/2021 19:36 TG Servers srvrs@prvtmail.net wrote:
Thanks Robert, I read that. I will also wait for a patch and stay
Cheers
On 30/10/2021 12:59, Robert Nowotny wrote:
the reason is :
ssl_ca =
if "ca-bundle.crt"is too big, You will get that error. this should be fixed, but as a workaround You might pull out the certificates You need. I personally wait for the patch and stay at 2.3.16 for the time beeing.
yours sincerely Robert
Am 30.10.2021 um 10:34 schrieb TG Servers:
Hello,
tonight my dovecot upgraded to 2.3.17 and completely broke on recent CentOS 8 installation.
I found the service in status
[root@riot ~]# systemctl status dovecot ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Sat 2021-10-30 09:59:11 CEST; 58s ago Docs: man:dovecot(1) https://doc.dovecot.org/ Process: 1515 ExecStart=/usr/sbin/dovecot -F (code=exited, status=89) Process: 1429 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) Main PID: 1515 (code=exited, status=89)
Oct 30 09:59:10 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server... Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/libexec/dovecot/managesieve) failed: Argument list too long Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Error: managesieve-login: dump-capability process returned 89 Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/sbin/dovecot) failed: Argument list too long Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Failed with result 'exit-code'. Oct 30 09:59:11 riot.<domain>.com systemd[1]: Failed to start Dovecot IMAP/POP3 email server.
This seems to be like a bug as no configuration was changed by me in the middle of the night. I recall there were similar errors/bug reports in the past were it seemed it was managesieve but wasn't, people had some misconfigurations in the dovecot.conf. I did not change my dovecot.conf since April. But maybe here it is a pigeonhole issue.
As I did not find any reason for it I changed the repo and downgraded to 2.3.16-2 now and it runs without any flaws, like all the time before. I had no time to investigate this any longer thand 2 hours with 2.3.17 installed as this is a production server and I need the email access. I also did not find anything adressable in the logs.
[root@riot dovecot]# systemctl status dovecot ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2021-10-30 10:18:11 CEST; 2s ago Docs: man:dovecot(1) https://doc.dovecot.org/ Process: 32398 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) Main PID: 32452 (dovecot) Status: "v2.3.16 (7e2e900c1a) running" Tasks: 4 (limit: 99912) Memory: 4.4M CGroup: /system.slice/dovecot.service ├─32452 /usr/sbin/dovecot -F ├─32507 dovecot/anvil ├─32508 dovecot/log └─32513 dovecot/config
Oct 30 10:18:11 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server... Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: Warning: Corrected permissions for login directory /var/run/dovecot/token-login Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Warning: Corrected permissions for login directory /var/run/dovecot/token-login Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Dovecot v2.3.16 (7e2e900c1a) starting up for imap, lmtp, sieve Oct 30 10:18:11 riot.<domain>.com systemd[1]: Started Dovecot IMAP/POP3 email server.
This is the configuration # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.16 (09c29328) # OS: Linux 4.18.0-305.19.1.el8_4.x86_64 x86_64 AlmaLinux release 8.4 (Electric Cheetah) # Hostname: riot.<domain>.com auth_mechanisms = plain login auth_verbose = yes listen = * mail_gid = vmail mail_home = /var/vmail/mailboxes/%d/%n mail_location = maildir:~/mail:LAYOUT=fs mail_plugins = " quota fts fts_solr" mail_privileged_group = vmail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = . type = private } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { fts = solr fts_autoindex = yes fts_solr = url=http://localhost:
/solr/dovecot/ imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Spam imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * quota = maildir:User quota quota_exceeded_message = User %u is over the storage quota sieve = file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve sieve_before = /var/vmail/sieve/global/spam-global.sieve sieve_global_extensions = +vnd.dovecot.pipe sieve_pipe_bin_dir = /usr/bin sieve_plugins = sieve_imapsieve sieve_extprograms } protocols = imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } user = vmail } service managesieve-login { inet_listener sieve { port = 4190 } } ssl = required ssl_ca = .com { ssl_cert = .com_chain.crt ssl_key = # hidden, use -P to show it } local_name mail. .net { ssl_cert = .net_chain.crt ssl_key = # hidden, use -P to show it } local_name mail.<domain>.com { ssl_cert =
"Aki" == Aki Tuomi aki.tuomi@open-xchange.com writes:
Aki> This issue is now fixed for Dovecot on master with Aki> https://github.com/dovecot/core/compare/ca2237e%5E..6fff8d5.patch
Looking at the patch, I've got a couple of comments.
Even your added comment says this issue could still happen is doveadm reads the config setting through doveconf, instead of the config socket. To me that smells like the problem isn't really where you patched it, but more in the parsing of options in doveadm.
This is much more bike-shedding, but you have the following:
- if (input->module != NULL || input->extra_modules != NULL) {
- if ((service->flags & MASTER_SERVICE_FLAG_DISABLE_SSL_SET) == 0 &&
(input->module != NULL || input->extra_modules != NULL)) {
And I would think that the last line would be more readable with:
(input->module || input->extra_modules)) {
The != NULL test just seems really redundant. I haven't looked at the rest of the main.c to see if this pattern is repeated all over the place or not.
John
Aki> and for pigeonhole master with
Aki> https://github.com/dovecot/pigeonhole/commit/29750ba54c20eea0afd4ca436ddc132...
Aki> Regards, Aki> Aki
On 01/11/2021 08:38 Aki Tuomi aki.tuomi@open-xchange.com wrote:
Hi all!
We are looking into this issue.
Aki
On 30/10/2021 19:36 TG Servers srvrs@prvtmail.net wrote:
Thanks Robert, I read that. I will also wait for a patch and stay
Cheers
On 30/10/2021 12:59, Robert Nowotny wrote:
the reason is :
ssl_ca =
if "ca-bundle.crt"is too big, You will get that error. this should be fixed, but as a workaround You might pull out the certificates You need. I personally wait for the patch and stay at 2.3.16 for the time beeing.
yours sincerely Robert
Am 30.10.2021 um 10:34 schrieb TG Servers:
Hello,
tonight my dovecot upgraded to 2.3.17 and completely broke on recent CentOS 8 installation.
I found the service in status
[root@riot ~]# systemctl status dovecot ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Sat 2021-10-30 09:59:11 CEST; 58s ago Docs: man:dovecot(1) https://doc.dovecot.org/ Process: 1515 ExecStart=/usr/sbin/dovecot -F (code=exited, status=89) Process: 1429 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) Main PID: 1515 (code=exited, status=89)
Oct 30 09:59:10 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server... Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/libexec/dovecot/managesieve) failed: Argument list too long Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Error: managesieve-login: dump-capability process returned 89 Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/sbin/dovecot) failed: Argument list too long Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Failed with result 'exit-code'. Oct 30 09:59:11 riot.<domain>.com systemd[1]: Failed to start Dovecot IMAP/POP3 email server.
This seems to be like a bug as no configuration was changed by me in the middle of the night. I recall there were similar errors/bug reports in the past were it seemed it was managesieve but wasn't, people had some misconfigurations in the dovecot.conf. I did not change my dovecot.conf since April. But maybe here it is a pigeonhole issue.
As I did not find any reason for it I changed the repo and downgraded to 2.3.16-2 now and it runs without any flaws, like all the time before. I had no time to investigate this any longer thand 2 hours with 2.3.17 installed as this is a production server and I need the email access. I also did not find anything adressable in the logs.
[root@riot dovecot]# systemctl status dovecot ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2021-10-30 10:18:11 CEST; 2s ago Docs: man:dovecot(1) https://doc.dovecot.org/ Process: 32398 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) Main PID: 32452 (dovecot) Status: "v2.3.16 (7e2e900c1a) running" Tasks: 4 (limit: 99912) Memory: 4.4M CGroup: /system.slice/dovecot.service ├─32452 /usr/sbin/dovecot -F ├─32507 dovecot/anvil ├─32508 dovecot/log └─32513 dovecot/config
Oct 30 10:18:11 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server... Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: Warning: Corrected permissions for login directory /var/run/dovecot/token-login Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Warning: Corrected permissions for login directory /var/run/dovecot/token-login Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Dovecot v2.3.16 (7e2e900c1a) starting up for imap, lmtp, sieve Oct 30 10:18:11 riot.<domain>.com systemd[1]: Started Dovecot IMAP/POP3 email server.
This is the configuration # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.16 (09c29328) # OS: Linux 4.18.0-305.19.1.el8_4.x86_64 x86_64 AlmaLinux release 8.4 (Electric Cheetah) # Hostname: riot.<domain>.com auth_mechanisms = plain login auth_verbose = yes listen = * mail_gid = vmail mail_home = /var/vmail/mailboxes/%d/%n mail_location = maildir:~/mail:LAYOUT=fs mail_plugins = " quota fts fts_solr" mail_privileged_group = vmail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = . type = private } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { fts = solr fts_autoindex = yes fts_solr = url=http://localhost:
/solr/dovecot/ imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Spam imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * quota = maildir:User quota quota_exceeded_message = User %u is over the storage quota sieve = file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve sieve_before = /var/vmail/sieve/global/spam-global.sieve sieve_global_extensions = +vnd.dovecot.pipe sieve_pipe_bin_dir = /usr/bin sieve_plugins = sieve_imapsieve sieve_extprograms } protocols = imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } user = vmail } service managesieve-login { inet_listener sieve { port = 4190 } } ssl = required ssl_ca = .com { ssl_cert = .com_chain.crt ssl_key = # hidden, use -P to show it } local_name mail. .net { ssl_cert = .net_chain.crt ssl_key = # hidden, use -P to show it } local_name mail.<domain>.com { ssl_cert =
You are correct that the problem is not fully fixed yet. It, however, only affects practically cases where you do
doveadm -c /path <command>
We will fix it properly in a future release, now it has been fixed to work as it used to before, so no new regression is introduced.
Aki
On 03/11/2021 14:54 John Stoffel john@stoffel.org wrote:
"Aki" == Aki Tuomi aki.tuomi@open-xchange.com writes:
Aki> This issue is now fixed for Dovecot on master with Aki> https://github.com/dovecot/core/compare/ca2237e%5E..6fff8d5.patch
Looking at the patch, I've got a couple of comments.
Even your added comment says this issue could still happen is doveadm reads the config setting through doveconf, instead of the config socket. To me that smells like the problem isn't really where you patched it, but more in the parsing of options in doveadm.
This is much more bike-shedding, but you have the following:
- if (input->module != NULL || input->extra_modules != NULL) {
- if ((service->flags & MASTER_SERVICE_FLAG_DISABLE_SSL_SET) == 0 &&
(input->module != NULL || input->extra_modules != NULL)) {
And I would think that the last line would be more readable with:
(input->module || input->extra_modules)) {
The != NULL test just seems really redundant. I haven't looked at the rest of the main.c to see if this pattern is repeated all over the place or not.
John
Aki> and for pigeonhole master with
Aki> https://github.com/dovecot/pigeonhole/commit/29750ba54c20eea0afd4ca436ddc132...
Aki> Regards, Aki> Aki
On 01/11/2021 08:38 Aki Tuomi aki.tuomi@open-xchange.com wrote:
Hi all!
We are looking into this issue.
Aki
On 30/10/2021 19:36 TG Servers srvrs@prvtmail.net wrote:
Thanks Robert, I read that. I will also wait for a patch and stay
Cheers
On 30/10/2021 12:59, Robert Nowotny wrote:
the reason is :
ssl_ca =
if "ca-bundle.crt"is too big, You will get that error. this should be fixed, but as a workaround You might pull out the certificates You need. I personally wait for the patch and stay at 2.3.16 for the time beeing.
yours sincerely Robert
Am 30.10.2021 um 10:34 schrieb TG Servers:
Hello,
tonight my dovecot upgraded to 2.3.17 and completely broke on recent CentOS 8 installation.
I found the service in status
[root@riot ~]# systemctl status dovecot ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Sat 2021-10-30 09:59:11 CEST; 58s ago Docs: man:dovecot(1) https://doc.dovecot.org/ Process: 1515 ExecStart=/usr/sbin/dovecot -F (code=exited, status=89) Process: 1429 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) Main PID: 1515 (code=exited, status=89)
Oct 30 09:59:10 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server... Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/libexec/dovecot/managesieve) failed: Argument list too long Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Error: managesieve-login: dump-capability process returned 89 Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/sbin/dovecot) failed: Argument list too long Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Failed with result 'exit-code'. Oct 30 09:59:11 riot.<domain>.com systemd[1]: Failed to start Dovecot IMAP/POP3 email server.
This seems to be like a bug as no configuration was changed by me in the middle of the night. I recall there were similar errors/bug reports in the past were it seemed it was managesieve but wasn't, people had some misconfigurations in the dovecot.conf. I did not change my dovecot.conf since April. But maybe here it is a pigeonhole issue.
As I did not find any reason for it I changed the repo and downgraded to 2.3.16-2 now and it runs without any flaws, like all the time before. I had no time to investigate this any longer thand 2 hours with 2.3.17 installed as this is a production server and I need the email access. I also did not find anything adressable in the logs.
[root@riot dovecot]# systemctl status dovecot ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2021-10-30 10:18:11 CEST; 2s ago Docs: man:dovecot(1) https://doc.dovecot.org/ Process: 32398 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) Main PID: 32452 (dovecot) Status: "v2.3.16 (7e2e900c1a) running" Tasks: 4 (limit: 99912) Memory: 4.4M CGroup: /system.slice/dovecot.service ├─32452 /usr/sbin/dovecot -F ├─32507 dovecot/anvil ├─32508 dovecot/log └─32513 dovecot/config
Oct 30 10:18:11 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server... Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: Warning: Corrected permissions for login directory /var/run/dovecot/token-login Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Warning: Corrected permissions for login directory /var/run/dovecot/token-login Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Dovecot v2.3.16 (7e2e900c1a) starting up for imap, lmtp, sieve Oct 30 10:18:11 riot.<domain>.com systemd[1]: Started Dovecot IMAP/POP3 email server.
This is the configuration # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.16 (09c29328) # OS: Linux 4.18.0-305.19.1.el8_4.x86_64 x86_64 AlmaLinux release 8.4 (Electric Cheetah) # Hostname: riot.<domain>.com auth_mechanisms = plain login auth_verbose = yes listen = * mail_gid = vmail mail_home = /var/vmail/mailboxes/%d/%n mail_location = maildir:~/mail:LAYOUT=fs mail_plugins = " quota fts fts_solr" mail_privileged_group = vmail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = . type = private } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { fts = solr fts_autoindex = yes fts_solr = url=http://localhost:
/solr/dovecot/ imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Spam imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * quota = maildir:User quota quota_exceeded_message = User %u is over the storage quota sieve = file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve sieve_before = /var/vmail/sieve/global/spam-global.sieve sieve_global_extensions = +vnd.dovecot.pipe sieve_pipe_bin_dir = /usr/bin sieve_plugins = sieve_imapsieve sieve_extprograms } protocols = imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } user = vmail } service managesieve-login { inet_listener sieve { port = 4190 } } ssl = required ssl_ca = .com { ssl_cert = .com_chain.crt ssl_key = # hidden, use -P to show it } local_name mail. .net { ssl_cert = .net_chain.crt ssl_key = # hidden, use -P to show it } local_name mail.<domain>.com { ssl_cert =
"Aki" == Aki Tuomi aki.tuomi@open-xchange.com writes:
Aki> You are correct that the problem is not fully fixed yet. It, Aki> however, only affects practically cases where you do doveadm -c Aki> /path <command>
Thanks for the update.
Aki> We will fix it properly in a future release, now it has been Aki> fixed to work as it used to before, so no new regression is Aki> introduced.
As long as no one trips over this issue with too long certs some other way.
On 03/11/2021 14:54 John Stoffel john@stoffel.org wrote:
> "Aki" == Aki Tuomi aki.tuomi@open-xchange.com writes:
Aki> This issue is now fixed for Dovecot on master with Aki> https://github.com/dovecot/core/compare/ca2237e%5E..6fff8d5.patch
Looking at the patch, I've got a couple of comments.
Even your added comment says this issue could still happen is doveadm reads the config setting through doveconf, instead of the config socket. To me that smells like the problem isn't really where you patched it, but more in the parsing of options in doveadm.
This is much more bike-shedding, but you have the following:
- if (input->module != NULL || input->extra_modules != NULL) {
- if ((service->flags & MASTER_SERVICE_FLAG_DISABLE_SSL_SET) == 0 &&
(input->module != NULL || input->extra_modules != NULL)) {
And I would think that the last line would be more readable with:
(input->module || input->extra_modules)) {
The != NULL test just seems really redundant. I haven't looked at the rest of the main.c to see if this pattern is repeated all over the place or not.
John
Aki> and for pigeonhole master with
Aki> https://github.com/dovecot/pigeonhole/commit/29750ba54c20eea0afd4ca436ddc132...
Aki> Regards, Aki> Aki
On 01/11/2021 08:38 Aki Tuomi aki.tuomi@open-xchange.com wrote:
Hi all!
We are looking into this issue.
Aki
On 30/10/2021 19:36 TG Servers srvrs@prvtmail.net wrote:
Thanks Robert, I read that. I will also wait for a patch and stay
Cheers
On 30/10/2021 12:59, Robert Nowotny wrote:
the reason is :
ssl_ca =
if "ca-bundle.crt"is too big, You will get that error. this should be fixed, but as a workaround You might pull out the certificates You need. I personally wait for the patch and stay at 2.3.16 for the time beeing.
yours sincerely Robert
Am 30.10.2021 um 10:34 schrieb TG Servers:
> Hello, >
> tonight my dovecot upgraded to 2.3.17 and completely broke on recent CentOS 8 installation. >
> I found the service in status >
> [root@riot ~]# systemctl status dovecot > ● dovecot.service - Dovecot IMAP/POP3 email server > Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) > Active: failed (Result: exit-code) since Sat 2021-10-30 09:59:11 CEST; 58s ago > Docs: man:dovecot(1) > https://doc.dovecot.org/ > Process: 1515 ExecStart=/usr/sbin/dovecot -F (code=exited, status=89) > Process: 1429 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) > Main PID: 1515 (code=exited, status=89) >
> Oct 30 09:59:10 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server... > Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/libexec/dovecot/managesieve) failed: Argument list too long > Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Error: managesieve-login: dump-capability process returned 89 > Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/sbin/dovecot) failed: Argument list too long > Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a > Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Failed with result 'exit-code'. > Oct 30 09:59:11 riot.<domain>.com systemd[1]: Failed to start Dovecot IMAP/POP3 email server. >
> This seems to be like a bug as no configuration was changed by me in the middle of the night. > I recall there were similar errors/bug reports in the past were it seemed it was managesieve but wasn't, people had some misconfigurations in the dovecot.conf. I did not change my dovecot.conf since April. > But maybe here it is a pigeonhole issue. >
> As I did not find any reason for it I changed the repo and downgraded to 2.3.16-2 now and it runs without any flaws, like all the time before. I had no time to investigate this any longer thand 2 hours with 2.3.17 installed as this is a production server and I need the email access. I also did not find anything adressable in the logs. >
> [root@riot dovecot]# systemctl status dovecot > ● dovecot.service - Dovecot IMAP/POP3 email server > Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) > Active: active (running) since Sat 2021-10-30 10:18:11 CEST; 2s ago > Docs: man:dovecot(1) > https://doc.dovecot.org/ > Process: 32398 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) > Main PID: 32452 (dovecot) > Status: "v2.3.16 (7e2e900c1a) running" > Tasks: 4 (limit: 99912) > Memory: 4.4M > CGroup: /system.slice/dovecot.service > ├─32452 /usr/sbin/dovecot -F > ├─32507 dovecot/anvil > ├─32508 dovecot/log > └─32513 dovecot/config >
> Oct 30 10:18:11 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server... > Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: Warning: Corrected permissions for login directory /var/run/dovecot/token-login > Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Warning: Corrected permissions for login directory /var/run/dovecot/token-login > Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Dovecot v2.3.16 (7e2e900c1a) starting up for imap, lmtp, sieve > Oct 30 10:18:11 riot.<domain>.com systemd[1]: Started Dovecot IMAP/POP3 email server. >
>
> This is the configuration > # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.5.16 (09c29328) > # OS: Linux 4.18.0-305.19.1.el8_4.x86_64 x86_64 AlmaLinux release 8.4 (Electric Cheetah) > # Hostname: riot.<domain>.com > auth_mechanisms = plain login > auth_verbose = yes > listen = * > mail_gid = vmail > mail_home = /var/vmail/mailboxes/%d/%n > mail_location = maildir:~/mail:LAYOUT=fs > mail_plugins = " quota fts fts_solr" > mail_privileged_group = vmail > mail_uid = vmail > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve > namespace inbox { > inbox = yes > location = > mailbox Drafts { > auto = subscribe > special_use = \Drafts > } > mailbox Sent { > auto = subscribe > special_use = \Sent > } > mailbox Spam { > auto = subscribe > special_use = \Junk > } > mailbox Trash { > auto = subscribe > special_use = \Trash > } > prefix = > separator = . > type = private > } > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > plugin { > fts = solr > fts_autoindex = yes > fts_solr = url=http://localhost:/solr/dovecot/ > imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve > imapsieve_mailbox1_causes = COPY > imapsieve_mailbox1_name = Spam > imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve > imapsieve_mailbox2_causes = COPY > imapsieve_mailbox2_from = Spam > imapsieve_mailbox2_name = * > quota = maildir:User quota > quota_exceeded_message = User %u is over the storage quota > sieve = file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve > sieve_before = /var/vmail/sieve/global/spam-global.sieve > sieve_global_extensions = +vnd.dovecot.pipe > sieve_pipe_bin_dir = /usr/bin > sieve_plugins = sieve_imapsieve sieve_extprograms > } > protocols = imap lmtp sieve > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-userdb { > group = vmail > mode = 0660 > user = vmail > } > } > service imap-login { > inet_listener imap { > port = 0 > } > inet_listener imaps { > port = 993 > } > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0660 > user = postfix > } > user = vmail > } > service managesieve-login { > inet_listener sieve { > port = 4190 > } > } > ssl = required > ssl_ca = ssl_cert = ssl_cipher_list = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:EECDH+AESGCM:EDH+AESGCM:@SECLEVEL=2 > ssl_client_ca_dir = /etc/ssl/certs > ssl_client_ca_file = /etc/ssl/certs/ca-bundle.crt > ssl_dh = # hidden, use -P to show it > ssl_key = # hidden, use -P to show it > ssl_prefer_server_ciphers = yes > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > protocol imap { > imap_idle_notify_interval = 24 mins > mail_max_userip_connections = 20 > mail_plugins = " quota fts fts_solr imap_quota imap_sieve" > } > protocol lmtp { > mail_plugins = " quota fts fts_solr sieve" > postmaster_address = postmaster@<domain>.com > } > local_name mail. .com { > ssl_cert = .com_chain.crt > ssl_key = # hidden, use -P to show it > } > local_name mail. .net { > ssl_cert = .net_chain.crt > ssl_key = # hidden, use -P to show it > } > local_name mail.<domain>.com { > ssl_cert = ssl_key = # hidden, use -P to show it > } >
>
>
>
>
>
>
Aki Tuomi:
This issue is now fixed for Dovecot on master with https://github.com/dovecot/core/compare/ca2237e%5E..6fff8d5.patch
Can someone hint us how we should process this fix (sorry, blond)?
/elise
Op 3 nov. 2021 om 19:14 heeft Elise dovecot_ML@cloudzeeland.nl het volgende geschreven:
Aki Tuomi:
This issue is now fixed for Dovecot on master with https://github.com/dovecot/core/compare/ca2237e%5E..6fff8d5.patch
Can someone hint us how we should process this fix (sorry, blond)?
Patch + compile?
/elise
participants (7)
-
Aki Tuomi
-
Christian Kivalo
-
Elise
-
John Stoffel
-
Robert Nowotny
-
TG Servers
-
William Edwards