dovecot-2.3 (-git) Warning and Fatal Compile Error
I haven't been tracking dovecot-2.3 until now, but I've just given it a quick run, and there are a few things that may need some attention.
Linux x86-64, Gentoo, GCC-7.2.0 Dovecot 2.3 @ commit 32c2612514a404ebc226f32bb88f28d76ceb1db1
Compiled with:
./configure --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --disable-dependency-tracking --disable-silent-rules --docdir=/usr/share/doc/dovecot-9999_p20171018 --htmldir=/usr/share/doc/dovecot-9999_p20171018/html --libdir=/usr/lib64 --localstatedir=/var --with-moduledir=/usr/lib64/dovecot --without-stemmer --disable-rpath --with-icu --with-systemdsystemunitdir=/usr/lib/systemd/system --enable-maintainer-mode --with-bzlib --without-libcap --without-gssapi --without-ldap --with-lucene --with-lz4 --with-lzma --without-mysql --with-pam --without-pgsql --without-sqlite --without-solr --with-ssl --with-libwrap --without-textcat --without-vpopmail --with-zlib --disable-static
Warnings:
(Lots of this one...)
/bin/sh ../../../libtool --tag=CC --mode=compile x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../src/lib -I../../../src/lib-settings -I../../../src/lib-fts -I../../../src/lib-ssl-iostream -I../../../src/lib-http -I../../../src/lib-mail -I../../../src/lib-imap -I../../../src/lib-index -I../../../src/lib-storage -I../../../src/lib-storage/index -I../../../src/doveadm -std=gnu99 -O0 -g -pipe -march=native -mtune=native -ggdb -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -c -o fts-user.lo fts-user.c libtool: compile: x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../src/lib -I../../../src/lib-settings -I../../../src/lib-fts -I../../../src/lib-ssl-iostream -I../../../src/lib-http -I../../../src/lib-mail -I../../../src/lib-imap -I../../../src/lib-index -I../../../src/lib-storage -I../../../src/lib-storage/index -I../../../src/doveadm -std=gnu99 -O0 -g -pipe -march=native -mtune=native -ggdb -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -c fts-storage.c -fPIC -DPIC -o .libs/fts-storage.o <command-line>:0:0: warning: "_FORTIFY_SOURCE" redefined <built-in>: note: this is the location of the previous definition In file included from /usr/include/bits/libc-header-start.h:33:0, from /usr/include/stdlib.h:25, from ../../../src/lib/lib.h:11, from fts-storage.c:3: /usr/include/features.h:376:4: warning: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Wcpp] # warning _FORTIFY_SOURCE requires compiling with optimization (-O) ^~~~~~~
The build then fails entirely with this:
/bin/sh ../../../libtool --tag=CC --mode=compile x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../../.. -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018 -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-dict -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-dns -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-http -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-mail -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-smtp -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-imap -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-fs -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-charset -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-auth -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-master -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-ssl-iostream -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-compression -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-settings -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-test -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-sasl -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-stats -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-dcrypt -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-program-client -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-index -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-storage -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-storage/list -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-storage/index -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-storage/index/raw -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-imap-storage -I/home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/plugins/quota -DMODULEDIR=\""/usr/lib64/dovecot"\" -O0 -g -pipe -march=native -mtune=native -ggdb -c -o realpath.lo realpath.c edit-mail.c: In function ‘edit_mail_wrap’: edit-mail.c:235:14: error: too few arguments to function ‘mailbox_transaction_begin’ raw_trans = mailbox_transaction_begin(raw_box, 0); ^~~~~~~~~~~~~~~~~~~~~~~~~ In file included from /home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-storage/mail-storage-private.h:7:0, from edit-mail.c:16: /home/portage/portage/net-mail/dovecot-9999_p20171018/work/dovecot-9999_p20171018/src/lib-storage/mail-storage.h:651:1: note: declared here mailbox_transaction_begin(struct mailbox *box, ^~~~~~~~~~~~~~~~~~~~~~~~~ edit-mail.c: In function ‘edit_mail_set_cache_corrupted’: edit-mail.c:1662:2: error: too few arguments to function ‘edmail->wrapped->v.set_cache_corrupted’ edmail->wrapped->v.set_cache_corrupted(&edmail->wrapped->mail, field); ^~~~~~ edit-mail.c: In function ‘edit_mail_set_cache_corrupted_reason’: edit-mail.c:1671:21: error: ‘struct mail_vfuncs’ has no member named ‘set_cache_corrupted_reason’; did you mean ‘set_cache_corrupted’? edmail->wrapped->v.set_cache_corrupted_reason ^~~~~~~~~~~~~~~~~~~~~~~~~~ set_cache_corrupted edit-mail.c: At top level: edit-mail.c:1701:2: warning: initialization from incompatible pointer type [-Wincompatible-pointer-types] edit_mail_get_real_mail, ^~~~~~~~~~~~~~~~~~~~~~~ edit-mail.c:1701:2: note: (near initialization for ‘edit_mail_vfuncs.get_backend_mail’) edit-mail.c:1708:2: warning: initialization from incompatible pointer type [-Wincompatible-pointer-types] edit_mail_set_cache_corrupted, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ edit-mail.c:1708:2: note: (near initialization for ‘edit_mail_vfuncs.set_cache_corrupted’) edit-mail.c:1710:2: warning: excess elements in struct initializer edit_mail_set_cache_corrupted_reason ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ edit-mail.c:1710:2: note: (near initialization for ‘edit_mail_vfuncs’) make[4]: *** [Makefile:481: edit-mail.lo] Error 1 make[4]: *** Waiting for unfinished jobs....
Reuben
On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dovecot@reub.net> wrote:
I haven't been tracking dovecot-2.3 until now, but I've just given it a quick run, and there are a few things that may need some attention.
/usr/include/features.h:376:4: warning: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Wcpp] # warning _FORTIFY_SOURCE requires compiling with optimization (-O)
Don't use -O0 or use configure --disable-hardening or just ignore it.
The build then fails entirely with this:
DMODULEDIR=\""/usr/lib64/dovecot"\" -O0 -g -pipe -march=native -mtune=native -ggdb -c -o realpath.lo realpath.c edit-mail.c: In function ‘edit_mail_wrap’: edit-mail.c:235:14: error: too few arguments to function ‘mailbox_transaction_begin’ raw_trans = mailbox_transaction_begin(raw_box, 0);
I don't think your pigeonhole is from git master.
On 18/10/2017 11:40 PM, Timo Sirainen wrote:
On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dovecot@reub.net> wrote:
I haven't been tracking dovecot-2.3 until now, but I've just given it a quick run, and there are a few things that may need some attention.
/usr/include/features.h:376:4: warning: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Wcpp] # warning _FORTIFY_SOURCE requires compiling with optimization (-O)
Don't use -O0 or use configure --disable-hardening or just ignore it.
The build then fails entirely with this:
DMODULEDIR=\""/usr/lib64/dovecot"\" -O0 -g -pipe -march=native -mtune=native -ggdb -c -o realpath.lo realpath.c edit-mail.c: In function ‘edit_mail_wrap’: edit-mail.c:235:14: error: too few arguments to function ‘mailbox_transaction_begin’ raw_trans = mailbox_transaction_begin(raw_box, 0);
I don't think your pigeonhole is from git master.
Thanks. That was it...
Now onto 2.3 -git, there is a repeatable crash occurring in lmtp. In fact it looks like there could be more than one problem, because even invoking lmtp (with gdb) and no arguments results in a gdb error about an unaddressable byte.
However when lmtp is used normally within dovecot it crashes out on a few but not all mails.
The full gdb output looks like this:
Oct 20 12:59:21 thunderstorm.reub.net dovecot: master: Dovecot v2.3.devel (c398eca6b) starting up for imap, lmtp, sieve Oct 20 12:59:30 thunderstorm.reub.net postfix/qmgr[5057]: 9A25122B50: from=<xxx@gmail.com>, size=18515, nrcpt=1 (queue active) Oct 20 12:59:30 thunderstorm.reub.net postfix/qmgr[5057]: 32D0722B4B: from=<xxx@youtube-subscriptions.bounces.google .com>, size=27030, nrcpt=1 (queue active) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Syscall param epoll_pwait(sigmask) points to unaddressable byte(s) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== at 0x58A7705: epoll_pwait (epoll_pwait.c:42) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x5504697: io_loop_handler_run_internal (ioloop-epoll.c:182) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x5501C4F: io_loop_handler_run (ioloop.c:666) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x5501B2E: io_loop_run (ioloop.c:639) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x5449F05: master_service_run (master-service.c:733) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x10D8E8: main (main.c:139) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Address 0x0 is not stack'd, malloc'd or (recently) free'd Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Oct 20 12:59:32 thunderstorm.reub.net dovecot: lmtp(28006): Connect from local Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== Syscall param epoll_pwait(sigmask) points to unaddressable byte(s) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== at 0x58A7705: epoll_pwait (epoll_pwait.c:42) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== by 0x5504697: io_loop_handler_run_internal (ioloop-epoll.c:182) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== by 0x5501C4F: io_loop_handler_run (ioloop.c:666) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== by 0x5501B2E: io_loop_run (ioloop.c:639) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== by 0x5449F05: master_service_run (master-service.c:733) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== by 0x10D8E8: main (main.c:139) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== Address 0x0 is not stack'd, malloc'd or (recently) free'd Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp(28009): Connect from local Oct 20 12:59:34 thunderstorm.reub.net dovecot: lmtp(liam)<28006><aFFxDIRY6VlmbQAAzkCIew>: aFFxDIRY6VlmbQAAzkCIew: sieve: msgid=<001a114bd6f6d2fc86055be257ba@google.com>: stored mail into mailbox 'INBOX' Oct 20 12:59:34 thunderstorm.reub.net dovecot: indexer-worker(liam)<28026><aFFxDIRY6VlmbQAAzkCIew:xdWnOIZY6Vl6bQAAzkCIew>: Indexed 1 messages in INBOX (UIDs 634..634) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Invalid read of size 8 Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== at 0x543AECB: smtp_submit_session_init (smtp-submit.c:61) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x543B05B: smtp_submit_init_simple (smtp-submit.c:100) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xAA8BC4B: lda_sieve_smtp_start (lda-sieve-plugin.c:77) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACBF4C0: sieve_smtp_start (sieve-smtp.c:31) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACBF679: sieve_smtp_start_single (sieve-smtp.c:63) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACF4E0F: act_redirect_send (cmd-redirect.c:351) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACF53F0: act_redirect_commit (cmd-redirect.c:495) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACDFC58: sieve_result_action_commit (sieve-result.c:1206) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACDFE9D: sieve_result_action_commit_or_rollback (sieve-result.c:1267) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACE0093: sieve_result_transaction_commit_or_rollback (sieve-result.c:1334) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACE02E0: sieve_result_execute (sieve-result.c:1413) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACF993C: sieve_multiscript_execute (sieve.c:666) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Address 0x0 is not stack'd, malloc'd or (recently) free'd Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Process terminating with default action of signal 11 (SIGSEGV): dumping core Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Access not within mapped region at address 0x0 Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== at 0x543AECB: smtp_submit_session_init (smtp-submit.c:61) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x543B05B: smtp_submit_init_simple (smtp-submit.c:100) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xAA8BC4B: lda_sieve_smtp_start (lda-sieve-plugin.c:77) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACBF4C0: sieve_smtp_start (sieve-smtp.c:31) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACBF679: sieve_smtp_start_single (sieve-smtp.c:63) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACF4E0F: act_redirect_send (cmd-redirect.c:351) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACF53F0: act_redirect_commit (cmd-redirect.c:495) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACDFC58: sieve_result_action_commit (sieve-result.c:1206) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACDFE9D: sieve_result_action_commit_or_rollback (sieve-result.c:1267) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACE0093: sieve_result_transaction_commit_or_rollback (sieve-result.c:1334) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACE02E0: sieve_result_execute (sieve-result.c:1413) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACF993C: sieve_multiscript_execute (sieve.c:666) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== If you believe this happened as a result of a stack Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== overflow in your program's main thread (unlikely but Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== possible), you can try to increase the size of the Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== main thread stack using the --main-stacksize= flag. Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== The main thread stack size used in this run was 8388608. Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp(liam)<28006><aFFxDIRY6VlmbQAAzkCIew>: Fatal: master: service(lmtp): child 28006 killed with signal 11 (core not dumped) Oct 20 12:59:35 thunderstorm.reub.net postfix/lmtp[28004]: 9A25122B50: to=<xxx@thunderstorm.reub.net>, orig_to=<xxx@farrelly.name>, relay=thunderstorm.reub.net[private/dovecot-lmtp], delay=62182, delays=62177/0.01/2/3, dsn=4.4.2, status=deferred (lost connection with thunderstorm.reub.net[private/dovecot-lmtp] while sending end of data -- message may be sent more than once) Oct 20 12:59:36 thunderstorm.reub.net dovecot: indexer-worker(liam)<28026><4I9/OIVY6VlpbQAAzkCIew:yNxBKIhY6Vl6bQAAzkCIew>: Indexed 1 messages in Youtube Notifications (UIDs 1544..1544) Oct 20 12:59:36 thunderstorm.reub.net dovecot: lmtp(liam)<28009><4I9/OIVY6VlpbQAAzkCIew>: 4I9/OIVY6VlpbQAAzkCIew: sieve: msgid=<001a11414af89d6783055bed7dee@google.com>: stored mail into mailbox 'Youtube Notifications'
[For some reason the core file is not being created, and I'm not sure why yet]
Secondly, this ssl_dh messages is always printed from doveconf:
doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem
Yet the file is there:
thunderstorm conf.d # ls -la /etc/dovecot/dh.pem -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem
And the config is there as well:
thunderstorm dovecot # doveconf -P | grep ssl_dh ssl_dh = </etc/dovecot/dh.pem doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- thunderstorm dovecot #
It appears that this warning is being triggered by the presence of the ssl-parameters.dat file because when I remove it the warning goes away. Perhaps the warning could be made a bit more specific about this file being removed if it is not required because at the moment the warning message is not related to the trigger.
Thanks, Reuben
Op 20-10-2017 om 4:23 schreef Reuben Farrelly:
On 18/10/2017 11:40 PM, Timo Sirainen wrote:
On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dovecot@reub.net> wrote:
I haven't been tracking dovecot-2.3 until now, but I've just given it a quick run, and there are a few things that may need some attention.
/usr/include/features.h:376:4: warning: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Wcpp] # warning _FORTIFY_SOURCE requires compiling with optimization (-O)
Don't use -O0 or use configure --disable-hardening or just ignore it.
The build then fails entirely with this:
DMODULEDIR=\""/usr/lib64/dovecot"\" -O0 -g -pipe -march=native -mtune=native -ggdb -c -o realpath.lo realpath.c edit-mail.c: In function ‘edit_mail_wrap’: edit-mail.c:235:14: error: too few arguments to function ‘mailbox_transaction_begin’ raw_trans = mailbox_transaction_begin(raw_box, 0);
I don't think your pigeonhole is from git master.
Thanks. That was it...
Now onto 2.3 -git, there is a repeatable crash occurring in lmtp. In fact it looks like there could be more than one problem, because even invoking lmtp (with gdb) and no arguments results in a gdb error about an unaddressable byte.
However when lmtp is used normally within dovecot it crashes out on a few but not all mails.
I see what that smtp-submit problem is already. Will push fix later today.
We're not sure that epoll_pwait() issue is an actual problem or valgrind being confused.
Regards,
Stephan.
The full gdb output looks like this:
Oct 20 12:59:21 thunderstorm.reub.net dovecot: master: Dovecot v2.3.devel (c398eca6b) starting up for imap, lmtp, sieve Oct 20 12:59:30 thunderstorm.reub.net postfix/qmgr[5057]: 9A25122B50: from=<xxx@gmail.com>, size=18515, nrcpt=1 (queue active) Oct 20 12:59:30 thunderstorm.reub.net postfix/qmgr[5057]: 32D0722B4B: from=<xxx@youtube-subscriptions.bounces.google .com>, size=27030, nrcpt=1 (queue active) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Syscall param epoll_pwait(sigmask) points to unaddressable byte(s) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== at 0x58A7705: epoll_pwait (epoll_pwait.c:42) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x5504697: io_loop_handler_run_internal (ioloop-epoll.c:182) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x5501C4F: io_loop_handler_run (ioloop.c:666) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x5501B2E: io_loop_run (ioloop.c:639) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x5449F05: master_service_run (master-service.c:733) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x10D8E8: main (main.c:139) Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Address 0x0 is not stack'd, malloc'd or (recently) free'd Oct 20 12:59:31 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Oct 20 12:59:32 thunderstorm.reub.net dovecot: lmtp(28006): Connect from local Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== Syscall param epoll_pwait(sigmask) points to unaddressable byte(s) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== at 0x58A7705: epoll_pwait (epoll_pwait.c:42) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== by 0x5504697: io_loop_handler_run_internal (ioloop-epoll.c:182) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== by 0x5501C4F: io_loop_handler_run (ioloop.c:666) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== by 0x5501B2E: io_loop_run (ioloop.c:639) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== by 0x5449F05: master_service_run (master-service.c:733) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== by 0x10D8E8: main (main.c:139) Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== Address 0x0 is not stack'd, malloc'd or (recently) free'd Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp: Error: ==28009== Oct 20 12:59:33 thunderstorm.reub.net dovecot: lmtp(28009): Connect from local Oct 20 12:59:34 thunderstorm.reub.net dovecot: lmtp(liam)<28006><aFFxDIRY6VlmbQAAzkCIew>: aFFxDIRY6VlmbQAAzkCIew: sieve: msgid=<001a114bd6f6d2fc86055be257ba@google.com>: stored mail into mailbox 'INBOX' Oct 20 12:59:34 thunderstorm.reub.net dovecot: indexer-worker(liam)<28026><aFFxDIRY6VlmbQAAzkCIew:xdWnOIZY6Vl6bQAAzkCIew>: Indexed 1 messages in INBOX (UIDs 634..634) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Invalid read of size 8 Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== at 0x543AECB: smtp_submit_session_init (smtp-submit.c:61) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x543B05B: smtp_submit_init_simple (smtp-submit.c:100) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xAA8BC4B: lda_sieve_smtp_start (lda-sieve-plugin.c:77) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACBF4C0: sieve_smtp_start (sieve-smtp.c:31) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACBF679: sieve_smtp_start_single (sieve-smtp.c:63) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACF4E0F: act_redirect_send (cmd-redirect.c:351) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACF53F0: act_redirect_commit (cmd-redirect.c:495) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACDFC58: sieve_result_action_commit (sieve-result.c:1206) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACDFE9D: sieve_result_action_commit_or_rollback (sieve-result.c:1267) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACE0093: sieve_result_transaction_commit_or_rollback (sieve-result.c:1334) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACE02E0: sieve_result_execute (sieve-result.c:1413) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACF993C: sieve_multiscript_execute (sieve.c:666) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Address 0x0 is not stack'd, malloc'd or (recently) free'd Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Process terminating with default action of signal 11 (SIGSEGV): dumping core Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== Access not within mapped region at address 0x0 Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== at 0x543AECB: smtp_submit_session_init (smtp-submit.c:61) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0x543B05B: smtp_submit_init_simple (smtp-submit.c:100) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xAA8BC4B: lda_sieve_smtp_start (lda-sieve-plugin.c:77) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACBF4C0: sieve_smtp_start (sieve-smtp.c:31) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACBF679: sieve_smtp_start_single (sieve-smtp.c:63) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACF4E0F: act_redirect_send (cmd-redirect.c:351) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACF53F0: act_redirect_commit (cmd-redirect.c:495) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACDFC58: sieve_result_action_commit (sieve-result.c:1206) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACDFE9D: sieve_result_action_commit_or_rollback (sieve-result.c:1267) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACE0093: sieve_result_transaction_commit_or_rollback (sieve-result.c:1334) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACE02E0: sieve_result_execute (sieve-result.c:1413) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== by 0xACF993C: sieve_multiscript_execute (sieve.c:666) Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== If you believe this happened as a result of a stack Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== overflow in your program's main thread (unlikely but Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== possible), you can try to increase the size of the Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== main thread stack using the --main-stacksize= flag. Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp: Error: ==28006== The main thread stack size used in this run was 8388608. Oct 20 12:59:35 thunderstorm.reub.net dovecot: lmtp(liam)<28006><aFFxDIRY6VlmbQAAzkCIew>: Fatal: master: service(lmtp): child 28006 killed with signal 11 (core not dumped) Oct 20 12:59:35 thunderstorm.reub.net postfix/lmtp[28004]: 9A25122B50: to=<xxx@thunderstorm.reub.net>, orig_to=<xxx@farrelly.name>, relay=thunderstorm.reub.net[private/dovecot-lmtp], delay=62182, delays=62177/0.01/2/3, dsn=4.4.2, status=deferred (lost connection with thunderstorm.reub.net[private/dovecot-lmtp] while sending end of data -- message may be sent more than once) Oct 20 12:59:36 thunderstorm.reub.net dovecot: indexer-worker(liam)<28026><4I9/OIVY6VlpbQAAzkCIew:yNxBKIhY6Vl6bQAAzkCIew>: Indexed 1 messages in Youtube Notifications (UIDs 1544..1544) Oct 20 12:59:36 thunderstorm.reub.net dovecot: lmtp(liam)<28009><4I9/OIVY6VlpbQAAzkCIew>: 4I9/OIVY6VlpbQAAzkCIew: sieve: msgid=<001a11414af89d6783055bed7dee@google.com>: stored mail into mailbox 'Youtube Notifications'
[For some reason the core file is not being created, and I'm not sure why yet]
Secondly, this ssl_dh messages is always printed from doveconf:
doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem
Yet the file is there:
thunderstorm conf.d # ls -la /etc/dovecot/dh.pem -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem
And the config is there as well:
thunderstorm dovecot # doveconf -P | grep ssl_dh ssl_dh = </etc/dovecot/dh.pem doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- thunderstorm dovecot #
It appears that this warning is being triggered by the presence of the ssl-parameters.dat file because when I remove it the warning goes away. Perhaps the warning could be made a bit more specific about this file being removed if it is not required because at the moment the warning message is not related to the trigger.
Thanks, Reuben
Op 10/20/2017 om 12:22 PM schreef Stephan Bosch:
Op 20-10-2017 om 4:23 schreef Reuben Farrelly:
On 18/10/2017 11:40 PM, Timo Sirainen wrote:
On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dovecot@reub.net> wrote:
I haven't been tracking dovecot-2.3 until now, but I've just given it a quick run, and there are a few things that may need some attention.
/usr/include/features.h:376:4: warning: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Wcpp] # warning _FORTIFY_SOURCE requires compiling with optimization (-O)
Don't use -O0 or use configure --disable-hardening or just ignore it.
The build then fails entirely with this:
DMODULEDIR=\""/usr/lib64/dovecot"\" -O0 -g -pipe -march=native -mtune=native -ggdb -c -o realpath.lo realpath.c edit-mail.c: In function ‘edit_mail_wrap’: edit-mail.c:235:14: error: too few arguments to function ‘mailbox_transaction_begin’ raw_trans = mailbox_transaction_begin(raw_box, 0);
I don't think your pigeonhole is from git master.
Thanks. That was it...
Now onto 2.3 -git, there is a repeatable crash occurring in lmtp. In fact it looks like there could be more than one problem, because even invoking lmtp (with gdb) and no arguments results in a gdb error about an unaddressable byte.
However when lmtp is used normally within dovecot it crashes out on a few but not all mails.
I see what that smtp-submit problem is already. Will push fix later today.
Fix is merged: https://github.com/dovecot/core/commit/9dd47ae5c1f0c20f1994a7ec1a862fe8beef8...
Regards,
Stephan.
Hi again,
Chasing down one last problem which seems to have been missed from my last email:
On 20/10/2017 9:22 PM, Stephan Bosch wrote:
Op 20-10-2017 om 4:23 schreef Reuben Farrelly:
On 18/10/2017 11:40 PM, Timo Sirainen wrote:
On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dovecot@reub.net> wrote:
This problem below is still present in 2.3 -git, as of version 2.3.devel (6fc40674e)
Secondly, this ssl_dh messages is always printed from doveconf:
doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem
Yet the file is there:
thunderstorm conf.d # ls -la /etc/dovecot/dh.pem -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem
And the config is there as well:
thunderstorm dovecot # doveconf -P | grep ssl_dh ssl_dh = </etc/dovecot/dh.pem doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- thunderstorm dovecot #
It appears that this warning is being triggered by the presence of the ssl-parameters.dat file because when I remove it the warning goes away. Perhaps the warning could be made a bit more specific about this file being removed if it is not required because at the moment the warning message is not related to the trigger.
Thanks, Reuben
Thanks, Reuben
On October 29, 2017 at 1:55 PM Reuben Farrelly <reuben-dovecot@reub.net> wrote:
Hi again,
Chasing down one last problem which seems to have been missed from my last email:
On 20/10/2017 9:22 PM, Stephan Bosch wrote:
Op 20-10-2017 om 4:23 schreef Reuben Farrelly:
On 18/10/2017 11:40 PM, Timo Sirainen wrote:
On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dovecot@reub.net> wrote:
This problem below is still present in 2.3 -git, as of version 2.3.devel (6fc40674e)
Secondly, this ssl_dh messages is always printed from doveconf:
doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem
Yet the file is there:
thunderstorm conf.d # ls -la /etc/dovecot/dh.pem -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem
And the config is there as well:
thunderstorm dovecot # doveconf -P | grep ssl_dh ssl_dh = </etc/dovecot/dh.pem doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- thunderstorm dovecot #
It appears that this warning is being triggered by the presence of the ssl-parameters.dat file because when I remove it the warning goes away. Perhaps the warning could be made a bit more specific about this file being removed if it is not required because at the moment the warning message is not related to the trigger.
Thanks, Reuben
Thanks, Reuben
It is triggered when there is ssl-parameters.dat file *AND* there is no ssl_dh=< explicitly set in config file.
Aki
Hi Aki,
On 30/10/2017 12:43 AM, Aki Tuomi wrote:
On October 29, 2017 at 1:55 PM Reuben Farrelly <reuben-dovecot@reub.net> wrote:
Hi again,
Chasing down one last problem which seems to have been missed from my last email:
On 20/10/2017 9:22 PM, Stephan Bosch wrote:
Op 20-10-2017 om 4:23 schreef Reuben Farrelly:
On 18/10/2017 11:40 PM, Timo Sirainen wrote:
On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dovecot@reub.net> wrote:
This problem below is still present in 2.3 -git, as of version 2.3.devel (6fc40674e)
Secondly, this ssl_dh messages is always printed from doveconf:
doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem
Yet the file is there:
thunderstorm conf.d # ls -la /etc/dovecot/dh.pem -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem
And the config is there as well:
thunderstorm dovecot # doveconf -P | grep ssl_dh ssl_dh = </etc/dovecot/dh.pem doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- thunderstorm dovecot #
It appears that this warning is being triggered by the presence of the ssl-parameters.dat file because when I remove it the warning goes away. Perhaps the warning could be made a bit more specific about this file being removed if it is not required because at the moment the warning message is not related to the trigger.
Thanks, Reuben Thanks, Reuben It is triggered when there is ssl-parameters.dat file *AND* there is no ssl_dh=< explicitly set in config file.
Aki
I have this already in my 10-ssl.conf file:
lightning dovecot # /etc/init.d/dovecot reload doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem * Reloading dovecot configs and restarting auth/login processes ... [ ok ] lightning dovecot #
However:
lightning dovecot # grep ssl_dh conf.d/10-ssl.conf # gives on startup when ssl_dh is unset. ssl_dh=</etc/dovecot/dh.pem lightning dovecot #
and the file is there:
lightning dovecot # ls -la /etc/dovecot/dh.pem -rw-r--r-- 1 root root 769 Oct 19 19:06 /etc/dovecot/dh.pem lightning dovecot #
So it is actually configured and yet the warning still is present.
Reuben
On 30.10.2017 00:23, Reuben Farrelly wrote:
Hi Aki,
On 30/10/2017 12:43 AM, Aki Tuomi wrote:
On October 29, 2017 at 1:55 PM Reuben Farrelly <reuben-dovecot@reub.net> wrote:
Hi again,
Chasing down one last problem which seems to have been missed from my last email:
On 20/10/2017 9:22 PM, Stephan Bosch wrote:
Op 20-10-2017 om 4:23 schreef Reuben Farrelly:
On 18/10/2017 11:40 PM, Timo Sirainen wrote:
On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dovecot@reub.net> wrote:
This problem below is still present in 2.3 -git, as of version 2.3.devel (6fc40674e)
Secondly, this ssl_dh messages is always printed from doveconf:
doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem
Yet the file is there:
thunderstorm conf.d # ls -la /etc/dovecot/dh.pem -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem
And the config is there as well:
thunderstorm dovecot # doveconf -P | grep ssl_dh ssl_dh = </etc/dovecot/dh.pem doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- thunderstorm dovecot #
It appears that this warning is being triggered by the presence of the ssl-parameters.dat file because when I remove it the warning goes away. Perhaps the warning could be made a bit more specific about this file being removed if it is not required because at the moment the warning message is not related to the trigger.
Thanks, Reuben Thanks, Reuben It is triggered when there is ssl-parameters.dat file *AND* there is no ssl_dh=< explicitly set in config file.
Aki
I have this already in my 10-ssl.conf file:
lightning dovecot # /etc/init.d/dovecot reload doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem * Reloading dovecot configs and restarting auth/login processes ... [ ok ] lightning dovecot #
However:
lightning dovecot # grep ssl_dh conf.d/10-ssl.conf # gives on startup when ssl_dh is unset. ssl_dh=</etc/dovecot/dh.pem lightning dovecot #
and the file is there:
lightning dovecot # ls -la /etc/dovecot/dh.pem -rw-r--r-- 1 root root 769 Oct 19 19:06 /etc/dovecot/dh.pem lightning dovecot #
So it is actually configured and yet the warning still is present.
Reuben
Hi!
I gave this a try, and I was not able to repeat this issue. Perhaps you are still missing ssl_dh somewhere?
Aki
On 30.10.2017 09:10, Aki Tuomi wrote:
On 30.10.2017 00:23, Reuben Farrelly wrote:
Hi Aki,
On 30/10/2017 12:43 AM, Aki Tuomi wrote:
On October 29, 2017 at 1:55 PM Reuben Farrelly <reuben-dovecot@reub.net> wrote:
Hi again,
Chasing down one last problem which seems to have been missed from my last email:
On 20/10/2017 9:22 PM, Stephan Bosch wrote:
Op 20-10-2017 om 4:23 schreef Reuben Farrelly:
On 18/10/2017 11:40 PM, Timo Sirainen wrote: > On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dovecot@reub.net> > wrote:
This problem below is still present in 2.3 -git, as of version 2.3.devel (6fc40674e)
> Secondly, this ssl_dh messages is always printed from doveconf: > > doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem > doveconf: Warning: You can generate it with: dd > if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh > -inform der > /etc/dovecot/dh.pem > > Yet the file is there: > > thunderstorm conf.d # ls -la /etc/dovecot/dh.pem > -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem > > And the config is there as well: > > thunderstorm dovecot # doveconf -P | grep ssl_dh > ssl_dh = </etc/dovecot/dh.pem > doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem > doveconf: Warning: You can generate it with: dd > if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh > -inform der > /etc/dovecot/dh.pem > ssl_dh = -----BEGIN DH PARAMETERS----- > ssl_dh = -----BEGIN DH PARAMETERS----- > ssl_dh = -----BEGIN DH PARAMETERS----- > ssl_dh = -----BEGIN DH PARAMETERS----- > ssl_dh = -----BEGIN DH PARAMETERS----- > ssl_dh = -----BEGIN DH PARAMETERS----- > ssl_dh = -----BEGIN DH PARAMETERS----- > ssl_dh = -----BEGIN DH PARAMETERS----- > thunderstorm dovecot # > > It appears that this warning is being triggered by the presence of > the ssl-parameters.dat file because when I remove it the warning > goes away. Perhaps the warning could be made a bit more specific > about this file being removed if it is not required because at the > moment the warning message is not related to the trigger. > > Thanks, > Reuben Thanks, Reuben It is triggered when there is ssl-parameters.dat file *AND* there is no ssl_dh=< explicitly set in config file.
Aki
I have this already in my 10-ssl.conf file:
lightning dovecot # /etc/init.d/dovecot reload doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem * Reloading dovecot configs and restarting auth/login processes ... [ ok ] lightning dovecot #
However:
lightning dovecot # grep ssl_dh conf.d/10-ssl.conf # gives on startup when ssl_dh is unset. ssl_dh=</etc/dovecot/dh.pem lightning dovecot #
and the file is there:
lightning dovecot # ls -la /etc/dovecot/dh.pem -rw-r--r-- 1 root root 769 Oct 19 19:06 /etc/dovecot/dh.pem lightning dovecot #
So it is actually configured and yet the warning still is present.
Reuben
Hi!
I gave this a try, and I was not able to repeat this issue. Perhaps you are still missing ssl_dh somewhere?
Aki
Hello
Just a guess, but at this point I would recommend reviewing the output of "doveconf -n" to make sure the appropriate settings are present.
br, Teemu
participants (5)
-
Aki Tuomi
-
Reuben Farrelly
-
Stephan Bosch
-
Teemu Huovila
-
Timo Sirainen