Dovecot 2.1.7 random login fails
From: Dario Meloni mellon85@gmail.com Subject: Dovecot 2.1.7 intermittent login issues Newsgroups: gmane.mail.imap.dovecot X-Draft-Attribution: X-Draft-Attribution-Author: X-Draft-Attribution-Date: X-Draft-Attribution-Id: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Hello,
Dovecot version 2.1.7, running in a debian:stable docker container.
I am having a weird issues with dovecot failing randomly sometimes with pop3 sometimes with imap but only in case of SSL for example from the logs I can see this:
Feb 17 07:48:32 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write session ticket A [172.17.2.5] Feb 17 07:48:32 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [172.17.2.5] Feb 17 07:48:32 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write finished A [172.17.2.5] Feb 17 07:48:32 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [172.17.2.5] Feb 17 07:48:32 imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [172.17.2.5] Feb 17 07:48:32 imap-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [172.17.2.5] Feb 17 07:48:32 imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [172.17.2.5] Feb 17 07:48:32 pop3-login: Fatal: read(ssl-params) failed: Permission denied
and from the debug log:
Feb 17 07:48:32 auth: Debug: auth client connected (pid=21)
Feb 17 07:48:32 auth: Debug: client in: AUTH 1 PLAIN
service=pop3 session=[REDACTED] lip=172.17.2.11 rip=172.17.2.5
lport=110 rport=38967 resp=[REDACTED]
Feb 17 07:48:32 auth-worker(16): Debug: pam(test,172.17.2.5): lookup
service=dovecot
Feb 17 07:48:32 auth-worker(16): Debug: pam(test,172.17.2.5): #1/1
style=1 msg=Password:
Feb 17 07:48:32 auth: Debug: client out: OK 1 user=test
Feb 17 07:48:32 auth: Debug: master in: REQUEST 951582721 21
1 1fb51b26a3656db28fa3d333bd7568a4
Feb 17 07:48:32 auth: Debug: passwd(test,172.17.2.5,[REDACTED]): lookup
Feb 17 07:48:32 auth: Debug: master out: USER 951582721 test
system_groups_user=test uid=1000 gid=8 home=/home/test
Feb 17 07:48:32 pop3(test): Debug: Effective uid=1000, gid=8, home=/home/
test
Feb 17 07:48:32 pop3(test): Debug: Namespace inbox: type=private,
prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes
location=mbox:~/mail:INBOX=/var/mail/test
Feb 17 07:48:32 pop3(test): Debug: fs: root=/home/test/mail, index=,
control=, inbox=/var/mail/test, alt=
Feb 17 07:48:32 pop3(test): Debug: Namespace : Using permissions from /
home/test/mail: mode=0700 gid=-1
Feb 17 07:48:32 auth: Debug: auth client connected (pid=23)
I checked in the code and found that the issue is from ssl-params.c apparently not being able to read from a file descriptor that it already opened...
Any idea?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 17 Feb 2015, Dario Meloni wrote:
Feb 17 07:48:32 pop3-login: Fatal: read(ssl-params) failed: Permission denied
I checked in the code and found that the issue is from ssl-params.c apparently not being able to read from a file descriptor that it already opened...
did you've verified that the file exists and has a reasonable file size?
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVOQ14Hz1H7kL/d9rAQICRAf/fX8WD3zgwdae+U2IH/PHkbiEuIcFrSjh nqtjpBQ8zcKLfGpVV13+okJ+Yt0uQDGXLoXmwrDuQD0IGZKwpFxAJXzZn1xzG7GM kma3jtUE5Jw//eTk2e3dLCsnYPU8XA8/pi5zYzpgITtScAA3LitLApT4uGfgLtMD GHZlxVxryHrRllYlkO8gECeuBBaDwpPHGz6cgImReTrHk1OEAoc61TOlamPxbIR/ PEWrEoohUNqbXY81qsdqtyrRbzmHWpMcJlFT6JvaCIXIZgFzbmIayE54klYSfSqh J9etOQz/gKdwT1QXT4w6DeVJUbvCTNGv6ZNT+CYDBVr7+DhpnTBjmg== =krXV -----END PGP SIGNATURE-----
On Wed, 18 Feb 2015 07:49:04 +0100, Steffen Kaiser wrote:
did you've verified that the file exists and has a reasonable file size?
The file in question is actually a unix socket that I guess is used to refresh the SSL data from the main privileged process. I don't know which process is actually logging the error, but the ssl- params file is root owned and is readable and writable by everyone.
On Wed, 18 Feb 2015 09:38:22 +0000, Dario Meloni wrote:
did you've verified that the file exists and has a reasonable file size?
The file in question is actually a unix socket that I guess is used to refresh the SSL data from the main privileged process. I don't know which process is actually logging the error, but the ssl- params file is root owned and is readable and writable by everyone.
No one has any idea why the ssl-param socket might not be working?
I tried also different distributions (centos, ubuntu, debian) and the dovecot repositories (to try the latest stable, 2.2) and I routinely get that error.
participants (2)
-
Dario Meloni
-
Steffen Kaiser