>>>>> "Aki" == Aki Tuomi <aki.tuomi at
open-xchange.com> writes:
Aki> This issue is now fixed for Dovecot on master with
Aki> https://github.com/dovecot/core/compare/ca2237e%5E..6fff8d5.patch
Looking at the patch, I've got a couple of comments.
1. Even your added comment says this issue could still happen is
   doveadm reads the config setting through doveconf, instead of the
   config socket.  To me that smells like the problem isn't really where
   you patched it, but more in the parsing of options in doveadm.
2. This is much more bike-shedding, but you have the following:
    -	if (input->module != NULL || input->extra_modules != NULL) {
    +	if ((service->flags & MASTER_SERVICE_FLAG_DISABLE_SSL_SET) =    0
&&
    +     (input->module != NULL || input->extra_modules != NULL)) {
And I would think that the last line would be more readable with:
    (input->module || input->extra_modules)) {
The != NULL test just seems really redundant.  I haven't looked at the
rest of the main.c to see if this pattern is repeated all over the
place or not.
John
Aki> and for pigeonhole master with
Aki>
https://github.com/dovecot/pigeonhole/commit/29750ba54c20eea0afd4ca436ddc1325723ce93f.patch
Aki> Regards,
Aki> Aki
>> On 01/11/2021 08:38 Aki Tuomi <aki.tuomi at open-xchange.com>
wrote:
>> 
>> 
>> Hi all!
>> 
>> We are looking into this issue.
>> 
>> Aki
>> 
>> > On 30/10/2021 19:36 TG Servers <srvrs at prvtmail.net>
wrote:
>> > 
>> > 
>> > Thanks Robert, I read that. I will also wait for a patch and stay
>> >  
>> >  Cheers
>> > 
>> > 
>> > On 30/10/2021 12:59, Robert Nowotny wrote:
>> > 
>> > > the reason is : 
>> > >  
>> > > ssl_ca = </etc/ssl/certs/ca-bundle.crt
>> > >  
>> > >  if "ca-bundle.crt"is too big, You will get that
error.
>> > >  this should be fixed, but as a workaround You might pull out
the certificates You need.
>> > >  I personally wait for the patch and stay at 2.3.16 for the
time beeing.
>> > >  
>> > >  yours sincerely
>> > >  Robert
>> > > 
>> > >  
>> > > 
>> > > Am 30.10.2021 um 10:34 schrieb TG Servers:
>> > > 
>> > > > Hello,
>> > > >  
>> > > >  tonight my dovecot upgraded to 2.3.17 and completely
broke on recent CentOS 8 installation.
>> > > >  
>> > > >  I found the service in status 
>> > > >  
>> > > >  [root at riot ~]# systemctl status dovecot
>> > > >  ? dovecot.service - Dovecot IMAP/POP3 email server
>> > > >  Loaded: loaded
(/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled)
>> > > >  Active: failed (Result: exit-code) since Sat 2021-10-30
09:59:11 CEST; 58s ago
>> > > >  Docs: man:dovecot(1)
>> > > >  https://doc.dovecot.org/
>> > > >  Process: 1515 ExecStart=/usr/sbin/dovecot -F
(code=exited, status=89)
>> > > >  Process: 1429
ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS)
>> > > >  Main PID: 1515 (code=exited, status=89)
>> > > >  
>> > > >  Oct 30 09:59:10 riot.<domain>.com systemd[1]:
Starting Dovecot IMAP/POP3 email server...
>> > > >  Oct 30 09:59:11 riot.<domain>.com dovecot[1515]:
doveconf: Fatal: execvp(/usr/libexec/dovecot/managesieve) failed: Argument list
too long
>> > > >  Oct 30 09:59:11 riot.<domain>.com dovecot[1515]:
doveconf: Error: managesieve-login: dump-capability process returned 89
>> > > >  Oct 30 09:59:11 riot.<domain>.com dovecot[1515]:
doveconf: Fatal: execvp(/usr/sbin/dovecot) failed: Argument list too long
>> > > >  Oct 30 09:59:11 riot.<domain>.com systemd[1]:
dovecot.service: Main process exited, code=exited, status=89/n/a
>> > > >  Oct 30 09:59:11 riot.<domain>.com systemd[1]:
dovecot.service: Failed with result 'exit-code'.
>> > > >  Oct 30 09:59:11 riot.<domain>.com systemd[1]:
Failed to start Dovecot IMAP/POP3 email server.
>> > > >  
>> > > >  This seems to be like a bug as no configuration was
changed by me in the middle of the night.
>> > > >  I recall there were similar errors/bug reports in the
past were it seemed it was managesieve but wasn't, people had some
misconfigurations in the dovecot.conf. I did not change my dovecot.conf since
April.
>> > > >  But maybe here it is a pigeonhole issue.
>> > > >  
>> > > >  As I did not find any reason for it I changed the repo
and downgraded to 2.3.16-2 now and it runs without any flaws, like all the time
before. I had no time to investigate this any longer thand 2 hours with 2.3.17
installed as this is a production server and I need the email access. I also did
not find anything adressable in the logs.
>> > > >  
>> > > >  [root at riot dovecot]# systemctl status dovecot
>> > > >  ? dovecot.service - Dovecot IMAP/POP3 email server
>> > > >  Loaded: loaded
(/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled)
>> > > >  Active: active (running) since Sat 2021-10-30 10:18:11
CEST; 2s ago
>> > > >  Docs: man:dovecot(1)
>> > > >  https://doc.dovecot.org/
>> > > >  Process: 32398
ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS)
>> > > >  Main PID: 32452 (dovecot)
>> > > >  Status: "v2.3.16 (7e2e900c1a) running"
>> > > >  Tasks: 4 (limit: 99912)
>> > > >  Memory: 4.4M
>> > > >  CGroup: /system.slice/dovecot.service
>> > > >  ??32452 /usr/sbin/dovecot -F
>> > > >  ??32507 dovecot/anvil
>> > > >  ??32508 dovecot/log
>> > > >  ??32513 dovecot/config
>> > > >  
>> > > >  Oct 30 10:18:11 riot.<domain>.com systemd[1]:
Starting Dovecot IMAP/POP3 email server...
>> > > >  Oct 30 10:18:11 riot.<domain>.com dovecot[32452]:
Warning: Corrected permissions for login directory /var/run/dovecot/token-login
>> > > >  Oct 30 10:18:11 riot.<domain>.com dovecot[32452]:
master: Warning: Corrected permissions for login directory
/var/run/dovecot/token-login
>> > > >  Oct 30 10:18:11 riot.<domain>.com dovecot[32452]:
master: Dovecot v2.3.16 (7e2e900c1a) starting up for imap, lmtp, sieve
>> > > >  Oct 30 10:18:11 riot.<domain>.com systemd[1]:
Started Dovecot IMAP/POP3 email server.
>> > > >  
>> > > >  
>> > > >  This is the configuration
>> > > >  # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
>> > > >  # Pigeonhole version 0.5.16 (09c29328)
>> > > >  # OS: Linux 4.18.0-305.19.1.el8_4.x86_64 x86_64
AlmaLinux release 8.4 (Electric Cheetah)
>> > > >  # Hostname: riot.<domain>.com
>> > > >  auth_mechanisms = plain login
>> > > >  auth_verbose = yes
>> > > >  listen = *
>> > > >  mail_gid = vmail
>> > > >  mail_home = /var/vmail/mailboxes/%d/%n
>> > > >  mail_location = maildir:~/mail:LAYOUT=fs
>> > > >  mail_plugins = " quota fts fts_solr"
>> > > >  mail_privileged_group = vmail
>> > > >  mail_uid = vmail
>> > > >  managesieve_notify_capability = mailto
>> > > >  managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric relational
regex imap4flags copy include variables body enotify environment mailbox date
index ihave duplicate mime foreverypart extracttext imapsieve
vnd.dovecot.imapsieve
>> > > >  namespace inbox {
>> > > >  inbox = yes
>> > > >  location >> > > >  mailbox Drafts {
>> > > >  auto = subscribe
>> > > >  special_use = \Drafts
>> > > >  }
>> > > >  mailbox Sent {
>> > > >  auto = subscribe
>> > > >  special_use = \Sent
>> > > >  }
>> > > >  mailbox Spam {
>> > > >  auto = subscribe
>> > > >  special_use = \Junk
>> > > >  }
>> > > >  mailbox Trash {
>> > > >  auto = subscribe
>> > > >  special_use = \Trash
>> > > >  }
>> > > >  prefix >> > > >  separator = .
>> > > >  type = private
>> > > >  }
>> > > >  passdb {
>> > > >  args = /etc/dovecot/dovecot-sql.conf
>> > > >  driver = sql
>> > > >  }
>> > > >  plugin {
>> > > >  fts = solr
>> > > >  fts_autoindex = yes
>> > > >  fts_solr =
url=http://localhost:<solr_port>/solr/dovecot/
>> > > >  imapsieve_mailbox1_before =
file:/var/vmail/sieve/global/learn-spam.sieve
>> > > >  imapsieve_mailbox1_causes = COPY
>> > > >  imapsieve_mailbox1_name = Spam
>> > > >  imapsieve_mailbox2_before =
file:/var/vmail/sieve/global/learn-ham.sieve
>> > > >  imapsieve_mailbox2_causes = COPY
>> > > >  imapsieve_mailbox2_from = Spam
>> > > >  imapsieve_mailbox2_name = *
>> > > >  quota = maildir:User quota
>> > > >  quota_exceeded_message = User %u is over the storage
quota
>> > > >  sieve =
file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve
>> > > >  sieve_before =
/var/vmail/sieve/global/spam-global.sieve
>> > > >  sieve_global_extensions = +vnd.dovecot.pipe
>> > > >  sieve_pipe_bin_dir = /usr/bin
>> > > >  sieve_plugins = sieve_imapsieve sieve_extprograms
>> > > >  }
>> > > >  protocols = imap lmtp sieve
>> > > >  service auth {
>> > > >  unix_listener /var/spool/postfix/private/auth {
>> > > >  group = postfix
>> > > >  mode = 0660
>> > > >  user = postfix
>> > > >  }
>> > > >  unix_listener auth-userdb {
>> > > >  group = vmail
>> > > >  mode = 0660
>> > > >  user = vmail
>> > > >  }
>> > > >  }
>> > > >  service imap-login {
>> > > >  inet_listener imap {
>> > > >  port = 0
>> > > >  }
>> > > >  inet_listener imaps {
>> > > >  port = 993
>> > > >  }
>> > > >  }
>> > > >  service lmtp {
>> > > >  unix_listener /var/spool/postfix/private/dovecot-lmtp {
>> > > >  group = postfix
>> > > >  mode = 0660
>> > > >  user = postfix
>> > > >  }
>> > > >  user = vmail
>> > > >  }
>> > > >  service managesieve-login {
>> > > >  inet_listener sieve {
>> > > >  port = 4190
>> > > >  }
>> > > >  }
>> > > >  ssl = required
>> > > >  ssl_ca = </etc/ssl/certs/ca-bundle.crt
>> > > >  ssl_cert =
</etc/ssl/certs/<domain>.com_chain.crt
>> > > >  ssl_cipher_list =
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:EECDH+AESGCM:EDH+AESGCM:@SECLEVEL=2
>> > > >  ssl_client_ca_dir = /etc/ssl/certs
>> > > >  ssl_client_ca_file = /etc/ssl/certs/ca-bundle.crt
>> > > >  ssl_dh = # hidden, use -P to show it
>> > > >  ssl_key = # hidden, use -P to show it
>> > > >  ssl_prefer_server_ciphers = yes
>> > > >  userdb {
>> > > >  args = /etc/dovecot/dovecot-sql.conf
>> > > >  driver = sql
>> > > >  }
>> > > >  protocol imap {
>> > > >  imap_idle_notify_interval = 24 mins
>> > > >  mail_max_userip_connections = 20
>> > > >  mail_plugins = " quota fts fts_solr imap_quota
imap_sieve"
>> > > >  }
>> > > >  protocol lmtp {
>> > > >  mail_plugins = " quota fts fts_solr sieve"
>> > > >  postmaster_address = postmaster@<domain>.com
>> > > >  }
>> > > >  local_name mail.<domain_3>.com {
>> > > >  ssl_cert =
</etc/ssl/certs/<domain_3>.com_chain.crt
>> > > >  ssl_key = # hidden, use -P to show it
>> > > >  }
>> > > >  local_name mail.<domain_2>.net {
>> > > >  ssl_cert =
</etc/ssl/certs/<domain_2>.net_chain.crt
>> > > >  ssl_key = # hidden, use -P to show it
>> > > >  }
>> > > >  local_name mail.<domain>.com {
>> > > >  ssl_cert =
</etc/ssl/certs/<domain>.com_chain.crt
>> > > >  ssl_key = # hidden, use -P to show it
>> > > >  }
>> > > >  
>> > > >  
>> > > >  
>> > > >  
>> > > >  
>> > > >  
>> > > > 
>> > > 
>> > > 
>> > 
>> >