http://dovecot.procontrol.fi/test/
I should have released 0.99.10 already I think.. There's just two annoying problems that I think should be fixed first:
PAM: If user gives a wrong password, dovecot-auth process sleeps for two seconds, blocking everyone else who are trying to authenticate at the time. So using PAM isn't very good idea at the moment.
OpenSSL problems. Are they really my fault? I have no idea what I could be doing wrong. Maybe some compile option is wrong? Also I should try to use pkg-config to get compile flags if it exists in configure.
The new things in -test12 then:
We sync mailbox less often. Only NOOP and CHECK will force a mailbox sync now. Other commands do it also but only if mailbox hasn't been synced in last 5 seconds. Maybe this reduces some I/O. At least a bit less stat() calls :)
Dirty maildir flag flushing work now. Meaning that if you change message flags but rename() fails because you're out of quota, the flags are changed in index file and dirty-flag is set. Once in a while it tries to flush the dirty flags by rename()ing the file again.
IMAP RFC requires that NUL characters are never sent to client. We do now the same as UW-IMAP by sending ascii 128 chars instead.
src/lib/ioloop-select.c accesses a variable io_p that is not defined or declared. I assume you need to add **io_p to the struct io defines in that routine.
mm
On Sun, 2003-06-15 at 13:54, Mark E. Mallett wrote:
src/lib/ioloop-select.c accesses a variable io_p that is not defined or declared. I assume you need to add **io_p to the struct io defines in that routine.
Yes. And change io_destroy() to use io_p. Looks like I tested only the poll() version when I did the changes..
On Sat, 2003-06-14 at 23:58, Timo Sirainen wrote:
- OpenSSL problems. Are they really my fault? I have no idea what I could be doing wrong. Maybe some compile option is wrong?
Sorry, found out the answer to this on Friday afternoon (from our local ssl guru) and haven't had a chance to sit down and send the reasoning.
Basically, if you're using OpenSSL with the RSA blinding patch as supplied by the OpenSSL folks, then the blinding ends up not having entropy. This is because /dev/urandom won't exist in your chroot and so the SSL entropy isn't able to be setup.
Probably the best fix would be initializing SSL bits before the chroot (similar to the way timezone setup has to happen). That or making sure you have /dev/urandom in your chroot. I was going to look more at the former but just haven't had the cycles yet :/
Also I should try to use pkg-config to get compile flags if it exists in configure.
Would be nice, but won't help this :)
Cheers,
Jeremy
On Wed, 2003-06-18 at 01:27, Jeremy Katz wrote:
On Sat, 2003-06-14 at 23:58, Timo Sirainen wrote:
- OpenSSL problems. Are they really my fault? I have no idea what I could be doing wrong. Maybe some compile option is wrong?
Sorry, found out the answer to this on Friday afternoon (from our local ssl guru) and haven't had a chance to sit down and send the reasoning.
Basically, if you're using OpenSSL with the RSA blinding patch as supplied by the OpenSSL folks, then the blinding ends up not having entropy. This is because /dev/urandom won't exist in your chroot and so the SSL entropy isn't able to be setup.
I thought it would have required that in any case..
Probably the best fix would be initializing SSL bits before the chroot (similar to the way timezone setup has to happen). That or making sure you have /dev/urandom in your chroot. I was going to look more at the former but just haven't had the cycles yet :/
I just looked at OpenSSL sources how it work, I think this would fix it: diff -u -r1.16 ssl-proxy-openssl.c --- ssl-proxy-openssl.c 11 Jun 2003 23:26:13 -0000 1.16 +++ ssl-proxy-openssl.c 18 Jun 2003 01:08:07 -0000 @@ -13,6 +13,7 @@ #include <openssl/pem.h> #include <openssl/ssl.h> #include <openssl/err.h> +#include <openssl/rand.h> #define SSL_CIPHER_LIST "ALL:!LOW" @@ -403,6 +404,7 @@ void ssl_proxy_init(void) { const char *certfile, *keyfile, *paramfile; + char buf; certfile = getenv("SSL_CERT_FILE"); keyfile = getenv("SSL_KEY_FILE"); @@ -439,6 +441,11 @@ if (SSL_CTX_need_tmp_RSA(ssl_ctx)) SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key); + + /* PRNG initialization might want to use /dev/urandom, make sure it + does it before chrooting. */ + if (RAND_bytes(&buf, 1) != 1) + i_fatal("RAND_bytes() failed: %s\n", ssl_last_error()); ssl_proxies = hash_create(default_pool, default_pool, 0, NULL, NULL); ssl_initialized = TRUE;
I just upgraded from 0.99.6 to 0.99.10-test12 and I can no longer delete messages or move messages between folders from Mozilla. What information can I provide to you to help debug this?
Brad
Timo Sirainen wrote:
http://dovecot.procontrol.fi/test/
I should have released 0.99.10 already I think.. There's just two annoying problems that I think should be fixed first:
PAM: If user gives a wrong password, dovecot-auth process sleeps for two seconds, blocking everyone else who are trying to authenticate at the time. So using PAM isn't very good idea at the moment.
OpenSSL problems. Are they really my fault? I have no idea what I could be doing wrong. Maybe some compile option is wrong? Also I should try to use pkg-config to get compile flags if it exists in configure.
The new things in -test12 then:
We sync mailbox less often. Only NOOP and CHECK will force a mailbox sync now. Other commands do it also but only if mailbox hasn't been synced in last 5 seconds. Maybe this reduces some I/O. At least a bit less stat() calls :)
Dirty maildir flag flushing work now. Meaning that if you change message flags but rename() fails because you're out of quota, the flags are changed in index file and dirty-flag is set. Once in a while it tries to flush the dirty flags by rename()ing the file again.
IMAP RFC requires that NUL characters are never sent to client. We do now the same as UW-IMAP by sending ascii 128 chars instead.
-- Brad Figg - brad@triplepoint.com 503.601.0235 ext. 105 TriplePoint, Inc. - http://www.triplepoint.com
On Wed, 2003-06-18 at 03:48, Brad Figg wrote:
I just upgraded from 0.99.6 to 0.99.10-test12 and I can no longer delete messages or move messages between folders from Mozilla. What information can I provide to you to help debug this?
Anything in log file? There could be some index file incompatibilities though, so you could try deleting them (.imap.index*).
The log file contains:
dovecot: Jun 17 11:27:39 Error: child 3492 (imap) killed with signal 11 dovecot: Jun 17 17:44:56 Error: child 5906 (imap) killed with signal 11 dovecot: Jun 17 17:45:11 Error: child 5950 (imap) killed with signal 11
for each attempted delete or move. I deleted all index files and still have the same problem.
Brad
Timo Sirainen wrote:
On Wed, 2003-06-18 at 03:48, Brad Figg wrote:
I just upgraded from 0.99.6 to 0.99.10-test12 and I can no longer delete messages or move messages between folders from Mozilla. What information can I provide to you to help debug this?
Anything in log file? There could be some index file incompatibilities though, so you could try deleting them (.imap.index*).
-- Brad Figg - brad@triplepoint.com 503.601.0235 ext. 105 TriplePoint, Inc. - http://www.triplepoint.com
On Wed, 2003-06-18 at 08:26, Brad Figg wrote:
The log file contains:
dovecot: Jun 17 11:27:39 Error: child 3492 (imap) killed with signal 11 dovecot: Jun 17 17:44:56 Error: child 5906 (imap) killed with signal 11 dovecot: Jun 17 17:45:11 Error: child 5950 (imap) killed with signal 11
for each attempted delete or move. I deleted all index files and still have the same problem.
See "debugging crashes" in:
http://dovecot.procontrol.fi/bugreport.html
That should tell why it's crashing.
From the core file backtrace:
#0 _vstrconcat (str1=0x17 <Address 0x17 out of bounds>, args=0xbffffaec "", ret_len=0x809922f) at strfuncs.c:262 262 while (*str != '\0' && p != temp_end) (gdb) bt #0 _vstrconcat (str1=0x17 <Address 0x17 out of bounds>, args=0xbffffaec "", ret_len=0x809922f) at strfuncs.c:262 #1 0x0808ce88 in t_strconcat (str1=0x80a7518 "/home/brad/Maildir") at strfuncs.c:354 #2 0x0805bbf3 in hardlink_messageset (ctx=0x80a8f80, src=0x80a7580, dest=0x80a8c48) at maildir-copy.c:97 #3 0x0805bdb1 in copy_with_hardlinks (src=0x80a7580, dest=0x80a8c48, messageset=0x80a2048 "60", uidset=1) at maildir-copy.c:158 #4 0x0805bed3 in maildir_storage_copy (box=0x80a7580, destbox=0x80a8c48, messageset=0x80a2048 "60", uidset=1) at maildir-copy.c:192 #5 0x080516e1 in cmd_copy (client=0x80a1d80) at cmd-copy.c:31 #6 0x0805414a in cmd_uid (client=0x80a1d80) at cmd-uid.c:19 #7 0x08054878 in client_handle_input (client=0x80a1d80) at client.c:314 #8 0x08054999 in _client_input (context=0x80a1d80) at client.c:350 #9 0x08087b89 in io_loop_handler_run (ioloop=0x80a1400) at ioloop-poll.c:214 #10 0x08087529 in io_loop_run (ioloop=0x80a1400) at ioloop.c:258 #11 0x0805a6d5 in main (argc=1, argv=0xbffffce4, envp=0xbffffcec) at main.c:179 #12 0x4003e857 in __libc_start_main () from /lib/libc.so.6 (gdb) p p $1 = 0x809922f "" (gdb) p temp_end $2 = 0x8099417 "itted." (gdb) p str $3 = 0x1 <Address 0x1 out of bounds>
Timo Sirainen wrote:
On Wed, 2003-06-18 at 08:26, Brad Figg wrote:
The log file contains:
dovecot: Jun 17 11:27:39 Error: child 3492 (imap) killed with signal 11 dovecot: Jun 17 17:44:56 Error: child 5906 (imap) killed with signal 11 dovecot: Jun 17 17:45:11 Error: child 5950 (imap) killed with signal 11
for each attempted delete or move. I deleted all index files and still have the same problem.
See "debugging crashes" in:
http://dovecot.procontrol.fi/bugreport.html
That should tell why it's crashing.
-- Brad Figg - brad@triplepoint.com 503.601.0235 ext. 105 TriplePoint, Inc. - http://www.triplepoint.com
Thanks, that fixed my problems.
Brad
Timo Sirainen wrote:
On Thu, 2003-06-19 at 01:11, Brad Figg wrote:
From the core file backtrace:
#2 0x0805bbf3 in hardlink_messageset (ctx=0x80a8f80, src=0x80a7580, dest=0x80a8c48) at maildir-copy.c:97
Thanks. Hardlink-copying crashed. Fixed in test14 now.
-- Brad Figg - brad@triplepoint.com 503.601.0235 ext. 105 TriplePoint, Inc. - http://www.triplepoint.com
participants (5)
-
Brad Figg
-
Brad Figg
-
Jeremy Katz
-
Mark E. Mallett
-
Timo Sirainen