Read-flag of mails don't update
Hi,
since one or two month I have a problem with Dovecot not updating the read-flag on mails using IMAP. I receive new mails, but when reading, they still unread on other devices (but shown as read on the first device).
When I remember correct, this problem doesn't come with an update of dovecot, but just occured at some time. But I've updated dovecot since then a few times.
Whenever a client connects to dovecot I get an panic in the log. I therefore added a log file and my dovecot configuration (is this fine or does it need to be in the mail body?). There are system information in the output of dovecot -n; the filesystem dovecot is running on is ext4.
I hope I provided all information needed and seeing forward to get a hint what the problem might be.
Marius
On 10 Jun 2020, at 01:42, Marius Rasch <dovecot@email.marius-rasch.de> wrote:
since one or two month I have a problem with Dovecot not updating the read-flag on mails using IMAP. I receive new mails, but when reading, they still unread on other devices (but shown as read on the first device).
When this has happened to me its been a permission error on the server in the user’s mail folders.
Whenever a client connects to dovecot I get an panic in the log.
Well, that is not good and knowing what the panic is might be helpful. Panic is always bad and whatever this is you need to fix it.
I hope I provided all information needed and seeing forward to get a hint what the problem might be.
IF it’s not permissions you need to provide doveconf -n output. Bloglines for any fall, panic, or error level events at a minimum.
On 10 Jun 2020, at 23:19, @lbutlr <kremels@kreme.com> wrote:
On 10 Jun 2020, at 23:18, @lbutlr <kremels@kreme.com> wrote:
IF it’s not permissions you need to provide doveconf -n output. Bloglines for any fall, panic, or error level events at a minimum.
Apologies, I did not see the attachments. Will look on a real screen later.
Looks like your main problem has ben solved, but I have a couple of comments on your doveconf:
args = scheme=CRYPT
CRYPT is a poor choice. SHA256-CRYPT is a decent choice. SHA512-CRYPT too. I din't go with ARGON because at the time my toolchain didn't support libsodium and my machine doesn't have the memory for it.
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
Why are you doing this?
-- When this kiss is over it will start again But not be any different could be exactly the same It's hard to imagine that nothing at all Could be so exciting, could be this much fun
Am 11.06.20 um 18:08 schrieb @lbutlr:
On 10 Jun 2020, at 23:19, @lbutlr <kremels@kreme.com> wrote:
On 10 Jun 2020, at 23:18, @lbutlr <kremels@kreme.com> wrote:
IF it’s not permissions you need to provide doveconf -n output. Bloglines for any fall, panic, or error level events at a minimum.
Apologies, I did not see the attachments. Will look on a real screen later.
Looks like your main problem has ben solved, but I have a couple of comments on your doveconf:
args = scheme=CRYPT
CRYPT is a poor choice. SHA256-CRYPT is a decent choice. SHA512-CRYPT too. I din't go with ARGON because at the time my toolchain didn't support libsodium and my machine doesn't have the memory for it.
Thank you! I actually set this to a better value for each password in the passwd-file explicit, but it seems to be a good idea to change the default value in the config as well.
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
Why are you doing this?
I set this according to this page: https://weakdh.org/sysadmin.html It was recommended in the ArchLinux wiki page for dovecot, but it might be outdated.
On 12 Jun 2020, at 01:02, Marius Rasch <dovecot@email.marius-rasch.de> wrote:
Am 11.06.20 um 18:08 schrieb @lbutlr:
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
Why are you doing this?
I set this according to this page: https://weakdh.org/sysadmin.html
Hmm. I am generally dismissive of anything about security that is undated.
It was recommended in the ArchLinux wiki page for dovecot, but it might be outdated.
All I have in my conf is ssl_min_protocol - TLSv1.1 and I don't recall ever seeing anyone set a cipher list in dovceot unless it was to try to allow older protocols.
Generally, it is better to exclude the protocols and ciphers you do not want. There is no reason to restrict yourself to a specific list of cyphers which is likely to exclude future cyphers when you forget to update it.
Certainly the recommendations made for postfix (which I am more familiar with) are unnecessary)
-- An edge witch is one who makes her living on the edges, in that moment when boundary conditions apply - between life and death, light and dark, good and evil and, most dangerously of all, today and tomorrow.
On 10. Jun 2020, at 10.42, Marius Rasch <dovecot@email.marius-rasch.de> wrote:
Hi,
since one or two month I have a problem with Dovecot not updating the read-flag on mails using IMAP. I receive new mails, but when reading, they still unread on other devices (but shown as read on the first device).
When I remember correct, this problem doesn't come with an update of dovecot, but just occured at some time. But I've updated dovecot since then a few times.
Whenever a client connects to dovecot I get an panic in the log. I therefore added a log file and my dovecot configuration (is this fine or does it need to be in the mail body?). There are system information in the output of dovecot -n; the filesystem dovecot is running on is ext4.
Thanks! This crash is another v2.3.10 regression in the COPY/MOVE code. Fix will be in v2.3.11 and here also: https://github.com/dovecot/core/commit/203b2b709b0477be8753ea4ae7830bedbfebb... <https://github.com/dovecot/core/commit/203b2b709b0477be8753ea4ae7830bedbfebb268> If the read-flag problem happened before v2.3.10 also, it's probably not related to the crash but something to do with virtual folders not syncing flags correctly. There aren't any known problems with it right now though, so I'm not sure about it.
Thank you alot! I'll wait for v2.3.11 to check if the problem is solved!
Am 11.06.20 um 15:04 schrieb Timo Sirainen:
On 10. Jun 2020, at 10.42, Marius Rasch <dovecot@email.marius-rasch.de <mailto:dovecot@email.marius-rasch.de>> wrote:
Hi,
since one or two month I have a problem with Dovecot not updating the read-flag on mails using IMAP. I receive new mails, but when reading, they still unread on other devices (but shown as read on the first device).
When I remember correct, this problem doesn't come with an update of dovecot, but just occured at some time. But I've updated dovecot since then a few times.
Whenever a client connects to dovecot I get an panic in the log. I therefore added a log file and my dovecot configuration (is this fine or does it need to be in the mail body?). There are system information in the output of dovecot -n; the filesystem dovecot is running on is ext4.
Thanks! This crash is another v2.3.10 regression in the COPY/MOVE code. Fix will be in v2.3.11 and here also: https://github.com/dovecot/core/commit/203b2b709b0477be8753ea4ae7830bedbfebb...
If the read-flag problem happened before v2.3.10 also, it's probably not related to the crash but something to do with virtual folders not syncing flags correctly. There aren't any known problems with it right now though, so I'm not sure about it.
participants (3)
-
@lbutlr
-
Marius Rasch
-
Timo Sirainen