An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20211030/0be7f041/attachment-0001.html>
On October 30, 2021 12:00:40 PM GMT+02:00, TG Servers <srvrs at prvtmail.net> wrote:>Thanks for your reply William. > > But the only thing I found in the meanwhile about this issue is that when >the ca-bundles files is too "big" it does not work anymore. And if this >file is shortened to one entry it will work, someone seems to have tested >this. > This is no fix, it is a bug that has to be fixed by dovecot from my pov. > The ca-bundles file is used by countless applications without any issues, >it is used by 2.3.16 without any issues. There should be no special >treatment for a single application necessary.Do you use client certs? If not, there is no need to even have ssl_ca set, see https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/#id10> > >On 30/10/2021 11:35, William Edwards wrote: > > >Op 30 okt. 2021 om 10:35 heeft TG Servers <srvrs at prvtmail.net> het >volgende geschreven: > >? >Hello, > > tonight my dovecot upgraded to 2.3.17 and completely broke on recent >CentOS 8 installation. > > I found the service in status > > [root at riot ~]# systemctl status dovecot > ? dovecot.service - Dovecot IMAP/POP3 email server > Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor >preset: disabled) > Active: failed (Result: exit-code) since Sat 2021-10-30 09:59:11 CEST; >58s ago > Docs: man:dovecot(1) >https://doc.dovecot.org/ > Process: 1515 ExecStart=/usr/sbin/dovecot -F (code=exited, status=89) > Process: 1429 ExecStartPre=/usr/libexec/dovecot/prestartscript >(code=exited, status=0/SUCCESS) > Main PID: 1515 (code=exited, status=89) > > Oct 30 09:59:10 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 >email server... > Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: >execvp(/usr/libexec/dovecot/managesieve) failed: Argument list too long > Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Error: >managesieve-login: dump-capability process returned 89 > Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: >execvp(/usr/sbin/dovecot) failed: Argument list too long > Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Main >process exited, code=exited, status=89/n/a > Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Failed >with result 'exit-code'. > Oct 30 09:59:11 riot.<domain>.com systemd[1]: Failed to start Dovecot >IMAP/POP3 email server. > > > Please check the archive. If I?m not mistaken, the same issue + possible >solution was posted on the mailing list yesterday. > > > This seems to be like a bug as no configuration was changed by me in the >middle of the night. > I recall there were similar errors/bug reports in the past were it seemed >it was managesieve but wasn't, people had some misconfigurations in the >dovecot.conf. I did not change my dovecot.conf since April. > But maybe here it is a pigeonhole issue. > > As I did not find any reason for it I changed the repo and downgraded to >2.3.16-2 now and it runs without any flaws, like all the time before. I had >no time to investigate this any longer thand 2 hours with 2.3.17 installed >as this is a production server and I need the email access. I also did not >find anything adressable in the logs. > > [root at riot dovecot]# systemctl status dovecot > ? dovecot.service - Dovecot IMAP/POP3 email server > Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor >preset: disabled) > Active: active (running) since Sat 2021-10-30 10:18:11 CEST; 2s ago > Docs: man:dovecot(1) >https://doc.dovecot.org/ > Process: 32398 ExecStartPre=/usr/libexec/dovecot/prestartscript >(code=exited, status=0/SUCCESS) > Main PID: 32452 (dovecot) > Status: "v2.3.16 (7e2e900c1a) running" > Tasks: 4 (limit: 99912) > Memory: 4.4M > CGroup: /system.slice/dovecot.service > ??32452 /usr/sbin/dovecot -F > ??32507 dovecot/anvil > ??32508 dovecot/log > ??32513 dovecot/config > > Oct 30 10:18:11 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 >email server... > Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: Warning: Corrected >permissions for login directory /var/run/dovecot/token-login > Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Warning: >Corrected permissions for login directory /var/run/dovecot/token-login > Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Dovecot v2.3.16 >(7e2e900c1a) starting up for imap, lmtp, sieve > Oct 30 10:18:11 riot.<domain>.com systemd[1]: Started Dovecot IMAP/POP3 >email server. > > > This is the configuration > # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.5.16 (09c29328) > # OS: Linux 4.18.0-305.19.1.el8_4.x86_64 x86_64 AlmaLinux release 8.4 >(Electric Cheetah) > # Hostname: riot.<domain>.com > auth_mechanisms = plain login > auth_verbose = yes > listen = * > mail_gid = vmail > mail_home = /var/vmail/mailboxes/%d/%n > mail_location = maildir:~/mail:LAYOUT=fs > mail_plugins = " quota fts fts_solr" > mail_privileged_group = vmail > mail_uid = vmail > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character >vacation subaddress comparator-i;ascii-numeric relational regex imap4flags >copy include variables body enotify environment mailbox date index ihave >duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve > namespace inbox { > inbox = yes > location > mailbox Drafts { > auto = subscribe > special_use = \Drafts > } > mailbox Sent { > auto = subscribe > special_use = \Sent > } > mailbox Spam { > auto = subscribe > special_use = \Junk > } > mailbox Trash { > auto = subscribe > special_use = \Trash > } > prefix > separator = . > type = private > } > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > plugin { > fts = solr > fts_autoindex = yes > fts_solr = url=http://localhost:<solr_port>/solr/dovecot/ > imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve > imapsieve_mailbox1_causes = COPY > imapsieve_mailbox1_name = Spam > imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve > imapsieve_mailbox2_causes = COPY > imapsieve_mailbox2_from = Spam > imapsieve_mailbox2_name = * > quota = maildir:User quota > quota_exceeded_message = User %u is over the storage quota > sieve = >file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve > sieve_before = /var/vmail/sieve/global/spam-global.sieve > sieve_global_extensions = +vnd.dovecot.pipe > sieve_pipe_bin_dir = /usr/bin > sieve_plugins = sieve_imapsieve sieve_extprograms > } > protocols = imap lmtp sieve > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-userdb { > group = vmail > mode = 0660 > user = vmail > } > } > service imap-login { > inet_listener imap { > port = 0 > } > inet_listener imaps { > port = 993 > } > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0660 > user = postfix > } > user = vmail > } > service managesieve-login { > inet_listener sieve { > port = 4190 > } > } > ssl = required > ssl_ca = </etc/ssl/certs/ca-bundle.crt > ssl_cert = </etc/ssl/certs/<domain>.com_chain.crt > ssl_cipher_list = >TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:EECDH+AESGCM:EDH+AESGCM:@SECLEVEL=2 > ssl_client_ca_dir = /etc/ssl/certs > ssl_client_ca_file = /etc/ssl/certs/ca-bundle.crt > ssl_dh = # hidden, use -P to show it > ssl_key = # hidden, use -P to show it > ssl_prefer_server_ciphers = yes > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > protocol imap { > imap_idle_notify_interval = 24 mins > mail_max_userip_connections = 20 > mail_plugins = " quota fts fts_solr imap_quota imap_sieve" > } > protocol lmtp { > mail_plugins = " quota fts fts_solr sieve" > postmaster_address = postmaster@<domain>.com > } > local_name mail.<domain_3>.com { > ssl_cert = </etc/ssl/certs/<domain_3>.com_chain.crt > ssl_key = # hidden, use -P to show it > } > local_name mail.<domain_2>.net { > ssl_cert = </etc/ssl/certs/<domain_2>.net_chain.crt > ssl_key = # hidden, use -P to show it > } > local_name mail.<domain>.com { > ssl_cert = </etc/ssl/certs/<domain>.com_chain.crt > ssl_key = # hidden, use -P to show it > }-- Christian Kivalo
> Op 30 okt. 2021 om 12:10 heeft TG Servers <srvrs at prvtmail.net> het volgende geschreven: > > ? Thanks for your reply William. > > But the only thing I found in the meanwhile about this issue is that when the ca-bundles files is too "big" it does not work anymore. And if this file is shortened to one entry it will work, someone seems to have tested this. > This is no fix, it is a bug that has to be fixed by dovecot from my pov.A fix and a bug are not mutually exclusive :)> The ca-bundles file is used by countless applications without any issues, it is used by 2.3.16 without any issues. There should be no special treatment for a single application necessary. > > > > On 30/10/2021 11:35, William Edwards wrote: >> >>>> Op 30 okt. 2021 om 10:35 heeft TG Servers <srvrs at prvtmail.net> het volgende geschreven: >>>> >>> ? Hello, >>> >>> tonight my dovecot upgraded to 2.3.17 and completely broke on recent CentOS 8 installation. >>> >>> I found the service in status >>> >>> [root at riot ~]# systemctl status dovecot >>> ? dovecot.service - Dovecot IMAP/POP3 email server >>> Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) >>> Active: failed (Result: exit-code) since Sat 2021-10-30 09:59:11 CEST; 58s ago >>> Docs: man:dovecot(1) >>> https://doc.dovecot.org/ >>> Process: 1515 ExecStart=/usr/sbin/dovecot -F (code=exited, status=89) >>> Process: 1429 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) >>> Main PID: 1515 (code=exited, status=89) >>> >>> Oct 30 09:59:10 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server... >>> Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/libexec/dovecot/managesieve) failed: Argument list too long >>> Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Error: managesieve-login: dump-capability process returned 89 >>> Oct 30 09:59:11 riot.<domain>.com dovecot[1515]: doveconf: Fatal: execvp(/usr/sbin/dovecot) failed: Argument list too long >>> Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a >>> Oct 30 09:59:11 riot.<domain>.com systemd[1]: dovecot.service: Failed with result 'exit-code'. >>> Oct 30 09:59:11 riot.<domain>.com systemd[1]: Failed to start Dovecot IMAP/POP3 email server. >> >> Please check the archive. If I?m not mistaken, the same issue + possible solution was posted on the mailing list yesterday. >> >>> >>> This seems to be like a bug as no configuration was changed by me in the middle of the night. >>> I recall there were similar errors/bug reports in the past were it seemed it was managesieve but wasn't, people had some misconfigurations in the dovecot.conf. I did not change my dovecot.conf since April. >>> But maybe here it is a pigeonhole issue. >>> >>> As I did not find any reason for it I changed the repo and downgraded to 2.3.16-2 now and it runs without any flaws, like all the time before. I had no time to investigate this any longer thand 2 hours with 2.3.17 installed as this is a production server and I need the email access. I also did not find anything adressable in the logs. >>> >>> [root at riot dovecot]# systemctl status dovecot >>> ? dovecot.service - Dovecot IMAP/POP3 email server >>> Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) >>> Active: active (running) since Sat 2021-10-30 10:18:11 CEST; 2s ago >>> Docs: man:dovecot(1) >>> https://doc.dovecot.org/ >>> Process: 32398 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) >>> Main PID: 32452 (dovecot) >>> Status: "v2.3.16 (7e2e900c1a) running" >>> Tasks: 4 (limit: 99912) >>> Memory: 4.4M >>> CGroup: /system.slice/dovecot.service >>> ??32452 /usr/sbin/dovecot -F >>> ??32507 dovecot/anvil >>> ??32508 dovecot/log >>> ??32513 dovecot/config >>> >>> Oct 30 10:18:11 riot.<domain>.com systemd[1]: Starting Dovecot IMAP/POP3 email server... >>> Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: Warning: Corrected permissions for login directory /var/run/dovecot/token-login >>> Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Warning: Corrected permissions for login directory /var/run/dovecot/token-login >>> Oct 30 10:18:11 riot.<domain>.com dovecot[32452]: master: Dovecot v2.3.16 (7e2e900c1a) starting up for imap, lmtp, sieve >>> Oct 30 10:18:11 riot.<domain>.com systemd[1]: Started Dovecot IMAP/POP3 email server. >>> >>> >>> This is the configuration >>> # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf >>> # Pigeonhole version 0.5.16 (09c29328) >>> # OS: Linux 4.18.0-305.19.1.el8_4.x86_64 x86_64 AlmaLinux release 8.4 (Electric Cheetah) >>> # Hostname: riot.<domain>.com >>> auth_mechanisms = plain login >>> auth_verbose = yes >>> listen = * >>> mail_gid = vmail >>> mail_home = /var/vmail/mailboxes/%d/%n >>> mail_location = maildir:~/mail:LAYOUT=fs >>> mail_plugins = " quota fts fts_solr" >>> mail_privileged_group = vmail >>> mail_uid = vmail >>> managesieve_notify_capability = mailto >>> managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve >>> namespace inbox { >>> inbox = yes >>> location >>> mailbox Drafts { >>> auto = subscribe >>> special_use = \Drafts >>> } >>> mailbox Sent { >>> auto = subscribe >>> special_use = \Sent >>> } >>> mailbox Spam { >>> auto = subscribe >>> special_use = \Junk >>> } >>> mailbox Trash { >>> auto = subscribe >>> special_use = \Trash >>> } >>> prefix >>> separator = . >>> type = private >>> } >>> passdb { >>> args = /etc/dovecot/dovecot-sql.conf >>> driver = sql >>> } >>> plugin { >>> fts = solr >>> fts_autoindex = yes >>> fts_solr = url=http://localhost:<solr_port>/solr/dovecot/ >>> imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve >>> imapsieve_mailbox1_causes = COPY >>> imapsieve_mailbox1_name = Spam >>> imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve >>> imapsieve_mailbox2_causes = COPY >>> imapsieve_mailbox2_from = Spam >>> imapsieve_mailbox2_name = * >>> quota = maildir:User quota >>> quota_exceeded_message = User %u is over the storage quota >>> sieve = file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve >>> sieve_before = /var/vmail/sieve/global/spam-global.sieve >>> sieve_global_extensions = +vnd.dovecot.pipe >>> sieve_pipe_bin_dir = /usr/bin >>> sieve_plugins = sieve_imapsieve sieve_extprograms >>> } >>> protocols = imap lmtp sieve >>> service auth { >>> unix_listener /var/spool/postfix/private/auth { >>> group = postfix >>> mode = 0660 >>> user = postfix >>> } >>> unix_listener auth-userdb { >>> group = vmail >>> mode = 0660 >>> user = vmail >>> } >>> } >>> service imap-login { >>> inet_listener imap { >>> port = 0 >>> } >>> inet_listener imaps { >>> port = 993 >>> } >>> } >>> service lmtp { >>> unix_listener /var/spool/postfix/private/dovecot-lmtp { >>> group = postfix >>> mode = 0660 >>> user = postfix >>> } >>> user = vmail >>> } >>> service managesieve-login { >>> inet_listener sieve { >>> port = 4190 >>> } >>> } >>> ssl = required >>> ssl_ca = </etc/ssl/certs/ca-bundle.crt >>> ssl_cert = </etc/ssl/certs/<domain>.com_chain.crt >>> ssl_cipher_list = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:EECDH+AESGCM:EDH+AESGCM:@SECLEVEL=2 >>> ssl_client_ca_dir = /etc/ssl/certs >>> ssl_client_ca_file = /etc/ssl/certs/ca-bundle.crt >>> ssl_dh = # hidden, use -P to show it >>> ssl_key = # hidden, use -P to show it >>> ssl_prefer_server_ciphers = yes >>> userdb { >>> args = /etc/dovecot/dovecot-sql.conf >>> driver = sql >>> } >>> protocol imap { >>> imap_idle_notify_interval = 24 mins >>> mail_max_userip_connections = 20 >>> mail_plugins = " quota fts fts_solr imap_quota imap_sieve" >>> } >>> protocol lmtp { >>> mail_plugins = " quota fts fts_solr sieve" >>> postmaster_address = postmaster@<domain>.com >>> } >>> local_name mail.<domain_3>.com { >>> ssl_cert = </etc/ssl/certs/<domain_3>.com_chain.crt >>> ssl_key = # hidden, use -P to show it >>> } >>> local_name mail.<domain_2>.net { >>> ssl_cert = </etc/ssl/certs/<domain_2>.net_chain.crt >>> ssl_key = # hidden, use -P to show it >>> } >>> local_name mail.<domain>.com { >>> ssl_cert = </etc/ssl/certs/<domain>.com_chain.crt >>> ssl_key = # hidden, use -P to show it >>> } >>> >>> >>> >>> >>> >>> >-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20211030/acbc4dd8/attachment.html>