2.3.17 broken on CentOS8 / bug

John Stoffel john at stoffel.org
Thu Nov 4 00:31:48 EET 2021


>>>>> "Aki" == Aki Tuomi <aki.tuomi at open-xchange.com> writes:

Aki> You are correct that the problem is not fully fixed yet. It,
Aki> however, only affects practically cases where you do doveadm -c
Aki> /path <command>

Thanks for the update.

Aki> We will fix it properly in a future release, now it has been
Aki> fixed to work as it used to before, so no new regression is
Aki> introduced.

As long as no one trips over this issue with too long certs some other way.

>> On 03/11/2021 14:54 John Stoffel <john at stoffel.org> wrote:
>> 
>> 
>> >>>>> "Aki" == Aki Tuomi <aki.tuomi at open-xchange.com> writes:
>> 
Aki> This issue is now fixed for Dovecot on master with
Aki> https://github.com/dovecot/core/compare/ca2237e%5E..6fff8d5.patch
>> 
>> Looking at the patch, I've got a couple of comments.
>> 
>> 1. Even your added comment says this issue could still happen is
>> doveadm reads the config setting through doveconf, instead of the
>> config socket.  To me that smells like the problem isn't really where
>> you patched it, but more in the parsing of options in doveadm.
>> 
>> 2. This is much more bike-shedding, but you have the following:
>> 
>> -	if (input->module != NULL || input->extra_modules != NULL) {
>> +	if ((service->flags & MASTER_SERVICE_FLAG_DISABLE_SSL_SET) ==
>> 0 &&
>> +     (input->module != NULL || input->extra_modules != NULL)) {
>> 
>> And I would think that the last line would be more readable with:
>> 
>> (input->module || input->extra_modules)) {
>> 
>> The != NULL test just seems really redundant.  I haven't looked at the
>> rest of the main.c to see if this pattern is repeated all over the
>> place or not.
>> 
>> John
>> 
>> 
Aki> and for pigeonhole master with
>> 
Aki> https://github.com/dovecot/pigeonhole/commit/29750ba54c20eea0afd4ca436ddc1325723ce93f.patch
>> 
Aki> Regards,
Aki> Aki
>> 
>> >> On 01/11/2021 08:38 Aki Tuomi <aki.tuomi at open-xchange.com> wrote:
>> >> 
>> >> 
>> >> Hi all!
>> >> 
>> >> We are looking into this issue.
>> >> 
>> >> Aki
>> >> 
>> >> > On 30/10/2021 19:36 TG Servers <srvrs at prvtmail.net> wrote:
>> >> > 
>> >> > 
>> >> > Thanks Robert, I read that. I will also wait for a patch and stay
>> >> >  
>> >> >  Cheers
>> >> > 
>> >> > 
>> >> > On 30/10/2021 12:59, Robert Nowotny wrote:
>> >> > 
>> >> > > the reason is : 
>> >> > >  
>> >> > > ssl_ca = </etc/ssl/certs/ca-bundle.crt
>> >> > >  
>> >> > >  if "ca-bundle.crt"is too big, You will get that error.
>> >> > >  this should be fixed, but as a workaround You might pull out the certificates You need.
>> >> > >  I personally wait for the patch and stay at 2.3.16 for the time beeing.
>> >> > >  
>> >> > >  yours sincerely
>> >> > >  Robert
>> >> > > 
>> >> > >  
>> >> > > 
>> >> > > Am 30.10.2021 um 10:34 schrieb TG Servers:
>> >> > > 
>> >> > > > Hello,
>> >> > > >  
>> >> > > >  tonight my dovecot upgraded to 2.3.17 and completely broke on recent CentOS 8 installation.
>> >> > > >  
>> >> > > >  I found the service in status 
>> >> > > >  
>> >> > > >  [root at riot ~]# systemctl status dovecot
>> >> > > >  ● dovecot.service - Dovecot IMAP/POP3 email server
>> >> > > >  Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled)
>> >> > > >  Active: failed (Result: exit-code) since Sat 2021-10-30 09:59:11 CEST; 58s ago
>> >> > > >  Docs: man:dovecot(1)
>> >> > > >  https://doc.dovecot.org/
>> >> > > >  Process: 1515 ExecStart=/usr/sbin/dovecot -F (code=exited, status=89)
>> >> > > >  Process: 1429 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS)
>> >> > > >  Main PID: 1515 (code=exited, status=89)
>> >> > > >  
>> >> > > >  Oct 30 09:59:10 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server...
>> >> > > >  Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/libexec/dovecot/managesieve) failed: Argument list too long
>> >> > > >  Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Error: managesieve-login: dump-capability process returned 89
>> >> > > >  Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/sbin/dovecot) failed: Argument list too long
>> >> > > >  Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a
>> >> > > >  Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Failed with result 'exit-code'.
>> >> > > >  Oct 30 09:59:11 riot.<domain>.com systemd[1]: Failed to start Dovecot IMAP/POP3 email server.
>> >> > > >  
>> >> > > >  This seems to be like a bug as no configuration was changed by me in the middle of the night.
>> >> > > >  I recall there were similar errors/bug reports in the past were it seemed it was managesieve but wasn't, people had some misconfigurations in the dovecot.conf. I did not change my dovecot.conf since April.
>> >> > > >  But maybe here it is a pigeonhole issue.
>> >> > > >  
>> >> > > >  As I did not find any reason for it I changed the repo and downgraded to 2.3.16-2 now and it runs without any flaws, like all the time before. I had no time to investigate this any longer thand 2 hours with 2.3.17 installed as this is a production server and I need the email access. I also did not find anything adressable in the logs.
>> >> > > >  
>> >> > > >  [root at riot dovecot]# systemctl status dovecot
>> >> > > >  ● dovecot.service - Dovecot IMAP/POP3 email server
>> >> > > >  Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled)
>> >> > > >  Active: active (running) since Sat 2021-10-30 10:18:11 CEST; 2s ago
>> >> > > >  Docs: man:dovecot(1)
>> >> > > >  https://doc.dovecot.org/
>> >> > > >  Process: 32398 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS)
>> >> > > >  Main PID: 32452 (dovecot)
>> >> > > >  Status: "v2.3.16 (7e2e900c1a) running"
>> >> > > >  Tasks: 4 (limit: 99912)
>> >> > > >  Memory: 4.4M
>> >> > > >  CGroup: /system.slice/dovecot.service
>> >> > > >  ├─32452 /usr/sbin/dovecot -F
>> >> > > >  ├─32507 dovecot/anvil
>> >> > > >  ├─32508 dovecot/log
>> >> > > >  └─32513 dovecot/config
>> >> > > >  
>> >> > > >  Oct 30 10:18:11 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server...
>> >> > > >  Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: Warning: Corrected permissions for login directory /var/run/dovecot/token-login
>> >> > > >  Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Warning: Corrected permissions for login directory /var/run/dovecot/token-login
>> >> > > >  Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Dovecot v2.3.16 (7e2e900c1a) starting up for imap, lmtp, sieve
>> >> > > >  Oct 30 10:18:11 riot.<domain>.com systemd[1]: Started Dovecot IMAP/POP3 email server.
>> >> > > >  
>> >> > > >  
>> >> > > >  This is the configuration
>> >> > > >  # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
>> >> > > >  # Pigeonhole version 0.5.16 (09c29328)
>> >> > > >  # OS: Linux 4.18.0-305.19.1.el8_4.x86_64 x86_64 AlmaLinux release 8.4 (Electric Cheetah)
>> >> > > >  # Hostname: riot.<domain>.com
>> >> > > >  auth_mechanisms = plain login
>> >> > > >  auth_verbose = yes
>> >> > > >  listen = *
>> >> > > >  mail_gid = vmail
>> >> > > >  mail_home = /var/vmail/mailboxes/%d/%n
>> >> > > >  mail_location = maildir:~/mail:LAYOUT=fs
>> >> > > >  mail_plugins = " quota fts fts_solr"
>> >> > > >  mail_privileged_group = vmail
>> >> > > >  mail_uid = vmail
>> >> > > >  managesieve_notify_capability = mailto
>> >> > > >  managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
>> >> > > >  namespace inbox {
>> >> > > >  inbox = yes
>> >> > > >  location =
>> >> > > >  mailbox Drafts {
>> >> > > >  auto = subscribe
>> >> > > >  special_use = \Drafts
>> >> > > >  }
>> >> > > >  mailbox Sent {
>> >> > > >  auto = subscribe
>> >> > > >  special_use = \Sent
>> >> > > >  }
>> >> > > >  mailbox Spam {
>> >> > > >  auto = subscribe
>> >> > > >  special_use = \Junk
>> >> > > >  }
>> >> > > >  mailbox Trash {
>> >> > > >  auto = subscribe
>> >> > > >  special_use = \Trash
>> >> > > >  }
>> >> > > >  prefix =
>> >> > > >  separator = .
>> >> > > >  type = private
>> >> > > >  }
>> >> > > >  passdb {
>> >> > > >  args = /etc/dovecot/dovecot-sql.conf
>> >> > > >  driver = sql
>> >> > > >  }
>> >> > > >  plugin {
>> >> > > >  fts = solr
>> >> > > >  fts_autoindex = yes
>> >> > > >  fts_solr = url=http://localhost:<solr_port>/solr/dovecot/
>> >> > > >  imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve
>> >> > > >  imapsieve_mailbox1_causes = COPY
>> >> > > >  imapsieve_mailbox1_name = Spam
>> >> > > >  imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve
>> >> > > >  imapsieve_mailbox2_causes = COPY
>> >> > > >  imapsieve_mailbox2_from = Spam
>> >> > > >  imapsieve_mailbox2_name = *
>> >> > > >  quota = maildir:User quota
>> >> > > >  quota_exceeded_message = User %u is over the storage quota
>> >> > > >  sieve = file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve
>> >> > > >  sieve_before = /var/vmail/sieve/global/spam-global.sieve
>> >> > > >  sieve_global_extensions = +vnd.dovecot.pipe
>> >> > > >  sieve_pipe_bin_dir = /usr/bin
>> >> > > >  sieve_plugins = sieve_imapsieve sieve_extprograms
>> >> > > >  }
>> >> > > >  protocols = imap lmtp sieve
>> >> > > >  service auth {
>> >> > > >  unix_listener /var/spool/postfix/private/auth {
>> >> > > >  group = postfix
>> >> > > >  mode = 0660
>> >> > > >  user = postfix
>> >> > > >  }
>> >> > > >  unix_listener auth-userdb {
>> >> > > >  group = vmail
>> >> > > >  mode = 0660
>> >> > > >  user = vmail
>> >> > > >  }
>> >> > > >  }
>> >> > > >  service imap-login {
>> >> > > >  inet_listener imap {
>> >> > > >  port = 0
>> >> > > >  }
>> >> > > >  inet_listener imaps {
>> >> > > >  port = 993
>> >> > > >  }
>> >> > > >  }
>> >> > > >  service lmtp {
>> >> > > >  unix_listener /var/spool/postfix/private/dovecot-lmtp {
>> >> > > >  group = postfix
>> >> > > >  mode = 0660
>> >> > > >  user = postfix
>> >> > > >  }
>> >> > > >  user = vmail
>> >> > > >  }
>> >> > > >  service managesieve-login {
>> >> > > >  inet_listener sieve {
>> >> > > >  port = 4190
>> >> > > >  }
>> >> > > >  }
>> >> > > >  ssl = required
>> >> > > >  ssl_ca = </etc/ssl/certs/ca-bundle.crt
>> >> > > >  ssl_cert = </etc/ssl/certs/<domain>.com_chain.crt
>> >> > > >  ssl_cipher_list = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:EECDH+AESGCM:EDH+AESGCM:@SECLEVEL=2
>> >> > > >  ssl_client_ca_dir = /etc/ssl/certs
>> >> > > >  ssl_client_ca_file = /etc/ssl/certs/ca-bundle.crt
>> >> > > >  ssl_dh = # hidden, use -P to show it
>> >> > > >  ssl_key = # hidden, use -P to show it
>> >> > > >  ssl_prefer_server_ciphers = yes
>> >> > > >  userdb {
>> >> > > >  args = /etc/dovecot/dovecot-sql.conf
>> >> > > >  driver = sql
>> >> > > >  }
>> >> > > >  protocol imap {
>> >> > > >  imap_idle_notify_interval = 24 mins
>> >> > > >  mail_max_userip_connections = 20
>> >> > > >  mail_plugins = " quota fts fts_solr imap_quota imap_sieve"
>> >> > > >  }
>> >> > > >  protocol lmtp {
>> >> > > >  mail_plugins = " quota fts fts_solr sieve"
>> >> > > >  postmaster_address = postmaster@<domain>.com
>> >> > > >  }
>> >> > > >  local_name mail.<domain_3>.com {
>> >> > > >  ssl_cert = </etc/ssl/certs/<domain_3>.com_chain.crt
>> >> > > >  ssl_key = # hidden, use -P to show it
>> >> > > >  }
>> >> > > >  local_name mail.<domain_2>.net {
>> >> > > >  ssl_cert = </etc/ssl/certs/<domain_2>.net_chain.crt
>> >> > > >  ssl_key = # hidden, use -P to show it
>> >> > > >  }
>> >> > > >  local_name mail.<domain>.com {
>> >> > > >  ssl_cert = </etc/ssl/certs/<domain>.com_chain.crt
>> >> > > >  ssl_key = # hidden, use -P to show it
>> >> > > >  }
>> >> > > >  
>> >> > > >  
>> >> > > >  
>> >> > > >  
>> >> > > >  
>> >> > > >  
>> >> > > > 
>> >> > > 
>> >> > > 
>> >> > 
>> >> >


More information about the dovecot mailing list