Fatal: setgid, imap connections dropped.

J. de Meijer dovecot at filter.demeijer.com
Fri Oct 19 12:39:12 EEST 2018 

>
> On 18.10.2018 21.24, J. de Meijer wrote:
>>> On 16.10.2018 21.32, J. de Meijer wrote:
>>>> I'm still trying to fix this problem. Hopefully someone can help.
>>>>
>>>> I've upgraded dovecot to 2.3.3
>>>> # dovecot --version
>>>> 2.3.3 (dcead646b)
>>>>
>>>> That didn't help.
>>>>
>>>> Next I switched 10-auth.conf to use a local password file (instead of
>>>> LDAP)
>>> Can you provide doveconf -n please?
>>>
>>> Aki
>> Here it is. Hopefully you can find what's wrong.
>>
>> # dovecot -n
>> # 2.3.3 (dcead646b): /usr/local/etc/dovecot/dovecot.conf
>> # Pigeonhole version 0.5.3 (f018bbab)
>> # OS: FreeBSD 11.2-RELEASE-p4 amd64
>> # Hostname: mailserver
>> auth_debug = yes
>> imap_idle_notify_interval = 29 mins
>> mail_debug = yes
>> mail_fsync = never
>> mail_location = maildir:~/Maildir
>> mail_plugins = " fts fts_solr"
>> managesieve_notify_capability = mailto
>> managesieve_sieve_capability = fileinto reject envelope
>> encoded-character
>> vacation subaddress comparator-i;ascii-numeric relational regex
>> imap4flags
>> copy include variables body enotify environment mailbox date index ihave
>> duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
>> namespace inbox {
>>   inbox = yes
>>   location =
>>   mailbox Archive {
>>     auto = subscribe
>>     special_use = \Archive
>>   }
>>   mailbox Drafts {
>>     auto = subscribe
>>     special_use = \Drafts
>>   }
>>   mailbox Sent {
>>     auto = subscribe
>>     special_use = \Sent
>>   }
>>   mailbox Spam {
>>     auto = subscribe
>>     special_use = \Junk
>>   }
>>   mailbox Trash {
>>     auto = subscribe
>>     special_use = \Trash
>>   }
>>   prefix =
>>   separator = /
>> }
>> passdb {
>>   args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext
>>   driver = ldap
>> }
>> plugin {
>>   fts = solr
>>   fts_autoindex = yes
>>   fts_solr = url=http://127.0.0.1:8983/solr/dovecot/
>>   imapsieve_mailbox1_before =
>> file:/usr/local/etc/dovecot/sieve/report-spam.sieve
>>   imapsieve_mailbox1_causes = COPY
>>   imapsieve_mailbox1_name = Spam
>>   imapsieve_mailbox2_before =
>> file:/usr/local/etc/dovecot/sieve/report-ham.sieve
>>   imapsieve_mailbox2_causes = COPY
>>   imapsieve_mailbox2_from = Spam
>>   imapsieve_mailbox2_name = *
>>   recipient_delimiter = +
>>   sieve = file:~/sieve;active=~/.dovecot.sieve
>>   sieve_after = /usr/local/etc/dovecot/sieve-after.d
>>   sieve_before = /usr/local/etc/dovecot/sieve-before.d
>>   sieve_global_extensions = +vnd.dovecot.pipe
>>   sieve_pipe_bin_dir = /usr/local/etc/dovecot/sieve
>>   sieve_plugins = sieve_imapsieve sieve_extprograms
>>   sieve_quota_max_storage = 50M
>> }
>> postmaster_address = webmaster at example.com
>> protocols = imap pop3 lmtp sieve
>> service auth {
>>   client_limit = 1600
>>   unix_listener /var/spool/postfix/private/auth {
>>     group = postfix
>>     mode = 0660
>>     user = postfix
>>   }
>> }
>> service imap-login {
>>   inet_listener imap {
>>     address = 127.0.0.1, ::1
>>   }
>>   process_min_avail = 3
>>   service_count = 1
>> }
>> service imap {
>>   process_min_avail = 3
>>   service_count = 256
>> }
>> service lmtp {
>>   unix_listener /var/spool/postfix/private/dovecot-lmtp {
>>     group = postfix
>>     mode = 0600
>>     user = postfix
>>   }
>> }
>> service pop3-login {
>>   inet_listener pop3 {
>>     address = 127.0.0.1, ::1
>>   }
>>   service_count = 1
>> }
>> ssl = required
>> ssl_cert = </usr/local/etc/ssl/mail.demeijer.com.dovecot.crt
>> ssl_cipher_list =
>> ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
>> ssl_dh = # hidden, use -P to show it
>> ssl_key = # hidden, use -P to show it
>> ssl_min_protocol = TLSv1.2
>> ssl_prefer_server_ciphers = yes
>> userdb {
>>   args = /usr/local/etc/dovecot/dovecot-ldap-user.conf.ext
>>   driver = ldap
>> }
>> protocol imap {
>>   mail_max_userip_connections = 50
>>   mail_plugins = " fts fts_solr imap_sieve"
>> }
>> protocol lmtp {
>>   lmtp_save_to_detail_mailbox = yes
>>   mail_fsync = optimized
>>   mail_plugins = " fts fts_solr quota sieve"
>> }
>>
>>
>>
> Hi!
>
> You can't set
>
> service imap {
>  service_count = 256
> }
>
> if you are using multiple system UIDs. See
> https://wiki.dovecot.org/Services#imap.2C_pop3.2C_submission.2C_managesieve
>
> *service_count* can be changed from 1 if only a single UID is used for
> mail users. This is improves performance, but it's less secure, because
> bugs in code may leak email data from another user's earlier connection.
>
> Aki
>

Aki, you're a live saver! :). I hoped it would be something very simple.
Just couldn't find it.
This configmistake is the drawback of starting out with someone elses
cookbook and modifying it for your own use I guess.

I'll have another good look at the whole config for other mismatches.

Many, many thanks!

J. de Meijer

More information about the dovecot mailing list