Read-flag of mails don't update

older
executing script on mail arrival...

Marius Rasch

10 Jun 2020 10 Jun '20

10:42 a.m.

Hi,

since one or two month I have a problem with Dovecot not updating the read-flag on mails using IMAP. I receive new mails, but when reading, they still unread on other devices (but shown as read on the first device).

When I remember correct, this problem doesn't come with an update of dovecot, but just occured at some time. But I've updated dovecot since then a few times.

Whenever a client connects to dovecot I get an panic in the log. I therefore added a log file and my dovecot configuration (is this fine or does it need to be in the mail body?). There are system information in the output of dovecot -n; the filesystem dovecot is running on is ext4.

I hope I provided all information needed and seeing forward to get a hint what the problem might be.

Marius

Attachments:

dovecot-journalctl.rtf (text/rtf — 7.1 KB)
dovecot-n.rtf (text/rtf — 2.5 KB)

Show replies by date

＠lbutlr

11 Jun 11 Jun

8:18 a.m.

On 10 Jun 2020, at 01:42, Marius Rasch dovecot@email.marius-rasch.de wrote:

...

since one or two month I have a problem with Dovecot not updating the read-flag on mails using IMAP. I receive new mails, but when reading, they still unread on other devices (but shown as read on the first device).

When this has happened to me its been a permission error on the server in the user’s mail folders.

...

Whenever a client connects to dovecot I get an panic in the log.

Well, that is not good and knowing what the panic is might be helpful. Panic is always bad and whatever this is you need to fix it.

...

I hope I provided all information needed and seeing forward to get a hint what the problem might be.

IF it’s not permissions you need to provide doveconf -n output. Bloglines for any fall, panic, or error level events at a minimum.

＠lbutlr

8:19 a.m.

On 10 Jun 2020, at 23:18, @lbutlr kremels@kreme.com wrote:

...

IF it’s not permissions you need to provide doveconf -n output. Bloglines for any fall, panic, or error level events at a minimum.

Apologies, I did not see the attachments. Will look on a real screen later.

＠lbutlr

7:08 p.m.

On 10 Jun 2020, at 23:19, @lbutlr kremels@kreme.com wrote:

...

On 10 Jun 2020, at 23:18, @lbutlr kremels@kreme.com wrote:

...
IF it’s not permissions you need to provide doveconf -n output. Bloglines for any fall, panic, or error level events at a minimum.

Apologies, I did not see the attachments. Will look on a real screen later.

Looks like your main problem has ben solved, but I have a couple of comments on your doveconf:

...

args = scheme=CRYPT

CRYPT is a poor choice. SHA256-CRYPT is a decent choice. SHA512-CRYPT too. I din't go with ARGON because at the time my toolchain didn't support libsodium and my machine doesn't have the memory for it.

...

ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

Why are you doing this?

-- When this kiss is over it will start again But not be any different could be exactly the same It's hard to imagine that nothing at all Could be so exciting, could be this much fun

Marius Rasch

12 Jun 12 Jun

10:02 a.m.

Am 11.06.20 um 18:08 schrieb @lbutlr:

...

On 10 Jun 2020, at 23:19, @lbutlr kremels@kreme.com wrote:

...
On 10 Jun 2020, at 23:18, @lbutlr kremels@kreme.com wrote:

...
IF it’s not permissions you need to provide doveconf -n output. Bloglines for any fall, panic, or error level events at a minimum.

Apologies, I did not see the attachments. Will look on a real screen later.

Looks like your main problem has ben solved, but I have a couple of comments on your doveconf:

...
args = scheme=CRYPT

CRYPT is a poor choice. SHA256-CRYPT is a decent choice. SHA512-CRYPT too. I din't go with ARGON because at the time my toolchain didn't support libsodium and my machine doesn't have the memory for it.

Thank you! I actually set this to a better value for each password in the passwd-file explicit, but it seems to be a good idea to change the default value in the config as well.

...

...
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

Why are you doing this?

I set this according to this page: https://weakdh.org/sysadmin.html It was recommended in the ArchLinux wiki page for dovecot, but it might be outdated.

...

＠lbutlr

4:57 p.m.

On 12 Jun 2020, at 01:02, Marius Rasch dovecot@email.marius-rasch.de wrote:

...

Am 11.06.20 um 18:08 schrieb @lbutlr:

...

...
...
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

...

...
Why are you doing this?

...

I set this according to this page: https://weakdh.org/sysadmin.html

Hmm. I am generally dismissive of anything about security that is undated.

...

It was recommended in the ArchLinux wiki page for dovecot, but it might be outdated.

All I have in my conf is ssl_min_protocol - TLSv1.1 and I don't recall ever seeing anyone set a cipher list in dovceot unless it was to try to allow older protocols.

Generally, it is better to exclude the protocols and ciphers you do not want. There is no reason to restrict yourself to a specific list of cyphers which is likely to exclude future cyphers when you forget to update it.

Certainly the recommendations made for postfix (which I am more familiar with) are unnecessary)

-- An edge witch is one who makes her living on the edges, in that moment when boundary conditions apply - between life and death, light and dark, good and evil and, most dangerously of all, today and tomorrow.

Timo Sirainen

11 Jun 11 Jun

4:04 p.m.

On 10. Jun 2020, at 10.42, Marius Rasch dovecot@email.marius-rasch.de wrote:

...

Hi,

since one or two month I have a problem with Dovecot not updating the read-flag on mails using IMAP. I receive new mails, but when reading, they still unread on other devices (but shown as read on the first device).

When I remember correct, this problem doesn't come with an update of dovecot, but just occured at some time. But I've updated dovecot since then a few times.

Whenever a client connects to dovecot I get an panic in the log. I therefore added a log file and my dovecot configuration (is this fine or does it need to be in the mail body?). There are system information in the output of dovecot -n; the filesystem dovecot is running on is ext4.

Thanks! This crash is another v2.3.10 regression in the COPY/MOVE code. Fix will be in v2.3.11 and here also: https://github.com/dovecot/core/commit/203b2b709b0477be8753ea4ae7830bedbfebb... https://github.com/dovecot/core/commit/203b2b709b0477be8753ea4ae7830bedbfebb... If the read-flag problem happened before v2.3.10 also, it's probably not related to the crash but something to do with virtual folders not syncing flags correctly. There aren't any known problems with it right now though, so I'm not sure about it.

Marius Rasch

4:09 p.m.

Thank you alot! I'll wait for v2.3.11 to check if the problem is solved!

Am 11.06.20 um 15:04 schrieb Timo Sirainen:

...

On 10. Jun 2020, at 10.42, Marius Rasch mailto:dovecot@email.marius-rasch.de> wrote:

...
Hi,

since one or two month I have a problem with Dovecot not updating the read-flag on mails using IMAP. I receive new mails, but when reading, they still unread on other devices (but shown as read on the first device).

When I remember correct, this problem doesn't come with an update of dovecot, but just occured at some time. But I've updated dovecot since then a few times.

Whenever a client connects to dovecot I get an panic in the log. I therefore added a log file and my dovecot configuration (is this fine or does it need to be in the mail body?). There are system information in the output of dovecot -n; the filesystem dovecot is running on is ext4.

Thanks! This crash is another v2.3.10 regression in the COPY/MOVE code. Fix will be in v2.3.11 and here also: https://github.com/dovecot/core/commit/203b2b709b0477be8753ea4ae7830bedbfebb...

If the read-flag problem happened before v2.3.10 also, it's probably not related to the crash but something to do with virtual folders not syncing flags correctly. There aren't any known problems with it right now though, so I'm not sure about it.

1568

Age (days ago)

1570

Last active (days ago)

List overview

7 comments

3 participants

participants (3)

＠lbutlr
Marius Rasch
Timo Sirainen