IMAP preauth and stats-writer

John Fawcett john at voipsupport.it
Sun Jan 6 04:35:56 EET 2019 

On 06/01/2019 02:26, John Fawcett wrote:
> On 05/01/2019 15:49, Mark Hills wrote:
>> I use IMAP preauth; I connect with Alpine over SSH which is very useful.
>>
>> The last few upgrades this has become more difficult to to. Last time 
>> (moving 2.2 -> 2.3, I think) I had to put in a workaround:
>>
>>   stats_writer_socket_path =
>>
>> It prevented /usr/local/libexec/dovecot/imap attempting to 
>> connect to a central stats service.
>>
>> As of an upgrade today (2.3.2.1_1 -> 2.3.4_3 on FreeBSD) it looks like 
>> that 'fix' stopped working, and I get:
>>
>>   imap(mark,)Error: net_connect_unix() failed: Permission denied
>>
>> It goes to stderr, which breaks Alpine.
>>
>> "()" is actually the filename. It seems that the empty string is no longer 
>> an indication to disable it. Here it is with the default configuration:
>>
>>   imap(mark,)Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied
>>
>> I do also have a dovecot running as a system daemon, and, interestingly, 
>> disable this and it's 'fixed'; no attempt to connect. However, disabling 
>> the service is not an option (needed for smartphone)
>>
>> The best I've come up with so far is when using preauth to hack it to send 
>> stderr to /dev/null. And yes, probably Alpine is at fault for interpreting 
>> stderr content (separate issue)
>>
>> * Is there a way to cleanly disable reporting to the stats service?  
>>   Previously, running as preauth was all very clean.
>>
>> * Just wanted to highlight that IMAP preauth is really useful.  Even 
>>   though it might not be mainstream, it seems healthy to be able to easily 
>>   install dovecot as an unprivilidged user in a "unixy" way.
>>
>> I'm on FreeBSD 11.2, with dovecot from ports. dovecot.conf below.
>>
> Can't see anything in the Dovecot 2.3.4 code that would give this
> problem, setting
>
> stats_writer_socket_path =
>
> will overwrite the default value and dovecot does not attempt to open a socket in that case.
>
> Using your configuration (though not FreeBSD) I don't get the net_connect_unix error whether I use a blank setting or leave the default. In the case of leaving the default I do get an additional process (dovecot/stats). No errors on connecting to the imap service or by running preauth (with the dovecot daemon already running).
>
> The net_connect_unix() error with a zero length socket name is inexplicable to me, unless it's got a non printing character in it or there is something different happening on FreeBSD.
>
> One suggestion is to run with the default setting, but look at resolving the permission problem for the default socket creation at 
> /var/run/dovecot/stats-writer rather than working round it.
>
> John 
>
Just following up, I don't get the error when I run preauth as root with
-u parameter. I do get something similar when I run as the user (this
wil the socket path set to blank)

Centos 7:

Error: net_connect_unix() failed: Connection refused

FreeBSD 11.2:

Error: net_connect_unix() failed: No such file or directory

So it's close. If I get time I'll see if I can track it down.

John

More information about the dovecot mailing list