Hello all,
I updated the server tonight and with it Dovecot from 2.2.27 to
2:2.3.19-2+debian11. However, there seems to be a problem with the ACLs,
because since then fatal errors are logged (see core dump). I suspect
that some outdated configuration is causing this behavior, but so far I
couldn't figure out which one it could be. I also have no clue right now
how to debug this further.
Thank you very much for your help. If more information are needed, I
will of course be happy to provide them.
VG
Sebastian
======== Error logs ========May 16 13:33:43 Fatal: imap(user1 at
domain.com)<0r5YZR/fM4AfrHBI>: master:
service(imap): child 238359 killed with signal 11 (core dumped)
May 16 13:33:46 Fatal: imap(user2 at domain.com)<Ul+kZR/fA4AfrHBI>:
master:
service(imap): child 238386 killed with signal 11 (core dumped)
May 16 13:33:46 Fatal: imap(user3 at domain.com)<VGOkZR/fG4AfrHBI>:
master:
service(imap): child 238387 killed with signal 11 (core dumped)
May 16 13:34:54 Fatal: imap(user4 at domain.com)<1WS6aR/fHoAfrHBI>:
master:
service(imap): child 238509 killed with signal 11 (core dumped)
May 16 13:34:54 Fatal: imap(user2 at domain.com)<mQu6aR/fBIAfrHBI>:
master:
service(imap): child 238508 killed with signal 11 (core dumped)
May 16 13:35:27 Fatal: imap(user3 at domain.com)<pWGYax/fE4AfrHBI>:
master:
service(imap): child 238589 killed with signal 11 (core dumped)
May 16 13:35:27 Fatal: imap(user1 at domain.com)<s/mgax/fG4AfrHBI>:
master:
service(imap): child 238590 killed with signal 11 (core dumped)
======== END Error logs ========
======== dovecot.conf =========
# 2.3.19 (b3ad6004dc): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.19 (4eae2f79)
# OS: Linux 5.10.0-14-amd64 x86_64 Debian 11.3
# Hostname: wv-imap1.wavecloud.de
auth_mechanisms = plain login
default_vsz_limit = 4 G
dict {
acl = mysql:/etc/dovecot/dovecot-dict-sql.conf
}
first_valid_gid = 5000
first_valid_uid = 5000
imap_capability = +XDOVECOT
last_valid_gid = 5000
last_valid_uid = 5000
listen = 10.10.115.XX
login_trusted_networks = 10.10.115.XX 10.10.115.XX
mail_location = maildir:~/
mail_log_prefix = "%s(%u)<%{session}>: "
mail_plugins = acl notify quota fts fts_solr virtual
maildir_stat_dirs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
namespace {
inbox = yes
location mailbox Archive {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Items" {
auto = no
special_use = \Sent
}
mailbox "Sent Messages" {
auto = no
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix separator = /
type = private
}
namespace Virtual {
hidden = yes
list = no
location = virtual:/etc/dovecot/virtual:INDEX=/srv/vmail/_virtual/%u
prefix = Virtual/
separator = /
subscriptions = no
}
namespace shared {
list = yes
location = maildir:%%h:INDEX=~/shared/%%u
prefix = shared/%%u/
separator = /
subscriptions = no
type = shared
}
passdb {
args = /etc/dovecot/dovecot-sql-password.conf
driver = sql
}
passdb {
args = /etc/dovecot/admin-sql.conf
driver = sql
master = yes
pass = yes
}
plugin {
acl = vfile
acl_shared_dict = proxy::acl
fts = solr
fts_autoindex = yes
fts_solr = url=http://wv-solr1.wavecloud.de:8983/solr/dovecot/
quota = maildir:User quota
quota_rule = *:storage=20G
quota_rule2 = Trash:storage=+100M
quota_rule3 = SPAM:ignore
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
quota_warning3 = -storage=100%% quota-warning below %u
sieve = ~/.dovecot.sieve
sieve_before = /var/vmail/globalsieverc
sieve_max_script_size = 1M
sieve_quota_max_scripts = 42
sieve_quota_max_storage = 10
}
protocols = imap pop3 sieve lmtp
service auth {
unix_listener /var/spool/postfix/private/auth {
group = vmail
mode = 0666
user = vmail
}
unix_listener auth-master {
mode = 0666
}
}
service dict {
unix_listener dict {
mode = 0600
user = vmail
}
}
service imap-login {
process_min_avail = 1
service_count = 0
vsz_limit = 500 M
}
service lmtp {
inet_listener lmtp {
address = 0.0.0.0
port = 24
}
}
service managesieve-login {
executable = /usr/lib/dovecot/managesieve-login
inet_listener sieve {
address = 10.10.115.10
port = 4190
}
process_min_avail = 1
service_count = 1
}
service managesieve {
executable = /usr/local/sbin/dovecot-managesieve.sh
}
service pop3-login {
process_min_avail = 1
service_count = 1
}
service quota-warning {
executable = script /usr/local/sbin/quota-warning.sh
user = vmail
}
service stats {
unix_listener stats-reader {
group = vmail
mode = 0660
user = vmail
}
unix_listener stats-writer {
group = vmail
mode = 0660
user = vmail
}
}
shutdown_clients = no
ssl_cert = </etc/ssl/cert.pem
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
verbose_proctitle = yes
protocol imap {
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
mail_max_userip_connections = 2048
mail_plugins = acl notify quota fts fts_solr virtual imap_quota imap_acl
}
protocol pop3 {
mail_plugins = acl notify quota fts fts_solr virtual
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_uidl_format = %08Xu%08Xv
}
protocol lda {
hostname = wv-imap1.wavecloud.de
mail_fsync = optimized
mail_plugins = acl notify quota fts fts_solr virtual sieve
postmaster_address = postmaster at example.com
quota_full_tempfail = yes
sendmail_path = /usr/lib/sendmail
}
protocol sieve {
managesieve_implementation_string = Dovecot Pigeonhole
}
protocol lmtp {
mail_fsync = optimized
mail_plugins = acl notify quota fts fts_solr virtual sieve
}
======== END dovecot.conf =========
======== Core-Dump ================
PID: 240475 (imap)
UID: 5000 (vmail)
GID: 5000 (vmail)
Signal: 11 (SEGV)
Timestamp: Mon 2022-05-16 13:49:56 CEST (1min 17s ago)
Command Line: dovecot/imap [user1 at domain.com XX.XX.XX.XX MYRIGHTS]
Executable: /usr/lib/dovecot/imap
Control Group: /system.slice/dovecot.service
Unit: dovecot.service
Slice: system.slice
Boot ID: acb78ce2252049778ff969755d277453
Machine ID: 1367ff1e75be457cacbf5e204a28711b
Hostname: wv-imap1
Storage:
/var/lib/systemd/coredump/core.imap.5000.acb78ce2252049778ff969755d277453.240475.1652701796000000.zst
Message: Process 240475 (imap) of user 5000 dumped core.
Stack trace of thread 240475:
#0 0x00007f5db938c17c acl_mailbox_get_aclobj
(lib01_acl_plugin.so + 0xf17c)
#1 0x00007f5db93776ed n/a (lib02_imap_acl_plugin.so +
0x36ed)
#2 0x000055f5568444d4 command_exec (imap + 0x224d4)
#3 0x000055f55684244f n/a (imap + 0x2044f)
#4 0x000055f5568424fa n/a (imap + 0x204fa)
#5 0x000055f5568429d5 client_handle_input (imap + 0x209d5)
#6 0x000055f556842f40 client_input (imap + 0x20f40)
#7 0x00007f5db9682529 io_loop_call_io (libdovecot.so.0
+ 0x118529)
#8 0x00007f5db9683c12 io_loop_handler_run_internal
(libdovecot.so.0 + 0x119c12)
#9 0x00007f5db96825d0 io_loop_handler_run
(libdovecot.so.0 + 0x1185d0)
#10 0x00007f5db9682790 io_loop_run (libdovecot.so.0 +
0x118790)
#11 0x00007f5db95f5353 master_service_run
(libdovecot.so.0 + 0x8b353)
#12 0x000055f556833f0a main (imap + 0x11f0a)
#13 0x00007f5db93c5d0a __libc_start_main (libc.so.6 +
0x26d0a)
#14 0x000055f556833fca _start (imap + 0x11fca)
=========== END Core-Dump ============
--
Wavecon GmbH
Anschrift: Gustavstra?e 18, 90762 F?rth
Website: www.wavecon.de
Support: support at wavecon.de
Telefon: +49 (0)911-1206581 (werktags von 9 - 17 Uhr)
Hotline 24/7: 0800-WAVECON
Fax: +49 (0)911-2129233
Registernummer: HRB F?rth 18164
GF: Cemil Degirmenci
UstID: DE251398082
Pflichtinformationen nach Art. 13 DSGVO siehe wavecon.de/de/datenschutz
Paul Kudla (SCOM.CA Internet Services Inc.)
2022-May-16 13:20 UTC
Fatal Error after upgrade to 2:2.3.19-2+debian11
ok the rights can be a bit confusing at times
assuming you are running virtual users (or not)
try these one at a time, i found that when dovecot starts it will adjust
the permissions on the control files accordingly to what is set in the
examples below, also note postfix can be a variable in this but would
probably not be
I had to fiddle with stuff a lot
also dovecot i start in my rc.local (root startup)
the root user starts dovecot, it then changes everything rights wise as
stated below and then changes to user dovecot (vmail whatever) to
auctually start processing emails etc.
Again this is a pretty loose explanation but will point you in a
direction for troubleshooting.
I typically use in dovecot.conf
---------------------------------------------------------
service aggregator {
process_limit = 1000
#vsz_limit = 1g
fifo_listener replication-notify-fifo {
user = vmail
group = vmail
mode = 0666
}
}
service lmtp {
process_limit=1000
vsz_limit = 512m
client_limit=1
unix_listener /usr/home/postfix.local/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service doveadm {
process_limit = 0
process_min_avail = 0
idle_kill = 0
client_limit = 1
user = vmail
inet_listener {
port = 12345
}
}
service config {
unix_listener config {
user = vmail
}
}
service anvil {
process_limit = 1
client_limit=5000
vsz_limit = 512m
unix_listener anvil {
group = vmail
mode = 0666
}
}
service auth {
process_limit = 1
client_limit=5000
vsz_limit = 1g
unix_listener auth-userdb {
mode = 0660
user = vmail
group = vmail
}
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
}
service stats {
process_limit = 1000
vsz_limit = 1g
unix_listener stats-reader {
group = vmail
mode = 0666
}
unix_listener stats-writer {
group = vmail
mode = 0666
}
}
-----------------------------------------------------------------
Happy Monday !!!
Thanks - paul
Paul Kudla
Scom.ca Internet Services <http://www.scom.ca>
004-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3
Toronto 416.642.7266
Main?1.866.411.7266
Fax?1.888.892.7266
On 5/16/2022 8:09 AM, Sebastian Kroczek wrote:>
> Hello all,
>
> I updated the server tonight and with it Dovecot from 2.2.27 to
> 2:2.3.19-2+debian11. However, there seems to be a problem with the ACLs,
> because since then fatal errors are logged (see core dump). I suspect
> that some outdated configuration is causing this behavior, but so far I
> couldn't figure out which one it could be. I also have no clue right
now
> how to debug this further.
> Thank you very much for your help. If more information are needed, I
> will of course be happy to provide them.
>
> VG
> Sebastian
>
>
> ======== Error logs ========> May 16 13:33:43 Fatal: imap(user1 at
domain.com)<0r5YZR/fM4AfrHBI>: master:
> service(imap): child 238359 killed with signal 11 (core dumped)
> May 16 13:33:46 Fatal: imap(user2 at domain.com)<Ul+kZR/fA4AfrHBI>:
master:
> service(imap): child 238386 killed with signal 11 (core dumped)
> May 16 13:33:46 Fatal: imap(user3 at domain.com)<VGOkZR/fG4AfrHBI>:
master:
> service(imap): child 238387 killed with signal 11 (core dumped)
> May 16 13:34:54 Fatal: imap(user4 at domain.com)<1WS6aR/fHoAfrHBI>:
master:
> service(imap): child 238509 killed with signal 11 (core dumped)
> May 16 13:34:54 Fatal: imap(user2 at domain.com)<mQu6aR/fBIAfrHBI>:
master:
> service(imap): child 238508 killed with signal 11 (core dumped)
> May 16 13:35:27 Fatal: imap(user3 at domain.com)<pWGYax/fE4AfrHBI>:
master:
> service(imap): child 238589 killed with signal 11 (core dumped)
> May 16 13:35:27 Fatal: imap(user1 at domain.com)<s/mgax/fG4AfrHBI>:
master:
> service(imap): child 238590 killed with signal 11 (core dumped)
> ======== END Error logs ========>
> ======== dovecot.conf =========>
> # 2.3.19 (b3ad6004dc): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.19 (4eae2f79)
> # OS: Linux 5.10.0-14-amd64 x86_64 Debian 11.3
> # Hostname: wv-imap1.wavecloud.de
> auth_mechanisms = plain login
> default_vsz_limit = 4 G
> dict {
> ? acl = mysql:/etc/dovecot/dovecot-dict-sql.conf
> }
> first_valid_gid = 5000
> first_valid_uid = 5000
> imap_capability = +XDOVECOT
> last_valid_gid = 5000
> last_valid_uid = 5000
> listen = 10.10.115.XX
> login_trusted_networks = 10.10.115.XX 10.10.115.XX
> mail_location = maildir:~/
> mail_log_prefix = "%s(%u)<%{session}>: "
> mail_plugins = acl notify quota fts fts_solr virtual
> maildir_stat_dirs = yes
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date ihave
> namespace {
> ? inbox = yes
> ? location > ? mailbox Archive {
> ??? auto = subscribe
> ??? special_use = \Archive
> ? }
> ? mailbox Drafts {
> ??? auto = subscribe
> ??? special_use = \Drafts
> ? }
> ? mailbox Junk {
> ??? special_use = \Junk
> ? }
> ? mailbox Sent {
> ??? auto = subscribe
> ??? special_use = \Sent
> ? }
> ? mailbox "Sent Items" {
> ??? auto = no
> ??? special_use = \Sent
> ? }
> ? mailbox "Sent Messages" {
> ??? auto = no
> ??? special_use = \Sent
> ? }
> ? mailbox Spam {
> ??? auto = subscribe
> ??? special_use = \Junk
> ? }
> ? mailbox Trash {
> ??? auto = subscribe
> ??? special_use = \Trash
> ? }
> ? prefix > ? separator = /
> ? type = private
> }
> namespace Virtual {
> ? hidden = yes
> ? list = no
> ? location = virtual:/etc/dovecot/virtual:INDEX=/srv/vmail/_virtual/%u
> ? prefix = Virtual/
> ? separator = /
> ? subscriptions = no
> }
> namespace shared {
> ? list = yes
> ? location = maildir:%%h:INDEX=~/shared/%%u
> ? prefix = shared/%%u/
> ? separator = /
> ? subscriptions = no
> ? type = shared
> }
> passdb {
> ? args = /etc/dovecot/dovecot-sql-password.conf
> ? driver = sql
> }
> passdb {
> ? args = /etc/dovecot/admin-sql.conf
> ? driver = sql
> ? master = yes
> ? pass = yes
> }
> plugin {
> ? acl = vfile
> ? acl_shared_dict = proxy::acl
> ? fts = solr
> ? fts_autoindex = yes
> ? fts_solr = url=http://wv-solr1.wavecloud.de:8983/solr/dovecot/
> ? quota = maildir:User quota
> ? quota_rule = *:storage=20G
> ? quota_rule2 = Trash:storage=+100M
> ? quota_rule3 = SPAM:ignore
> ? quota_warning = storage=95%% quota-warning 95 %u
> ? quota_warning2 = storage=80%% quota-warning 80 %u
> ? quota_warning3 = -storage=100%% quota-warning below %u
> ? sieve = ~/.dovecot.sieve
> ? sieve_before = /var/vmail/globalsieverc
> ? sieve_max_script_size = 1M
> ? sieve_quota_max_scripts = 42
> ? sieve_quota_max_storage = 10
> }
> protocols = imap pop3 sieve lmtp
> service auth {
> ? unix_listener /var/spool/postfix/private/auth {
> ??? group = vmail
> ??? mode = 0666
> ??? user = vmail
> ? }
> ? unix_listener auth-master {
> ??? mode = 0666
> ? }
> }
> service dict {
> ? unix_listener dict {
> ??? mode = 0600
> ??? user = vmail
> ? }
> }
> service imap-login {
> ? process_min_avail = 1
> ? service_count = 0
> ? vsz_limit = 500 M
> }
> service lmtp {
> ? inet_listener lmtp {
> ??? address = 0.0.0.0
> ??? port = 24
> ? }
> }
> service managesieve-login {
> ? executable = /usr/lib/dovecot/managesieve-login
> ? inet_listener sieve {
> ??? address = 10.10.115.10
> ??? port = 4190
> ? }
> ? process_min_avail = 1
> ? service_count = 1
> }
> service managesieve {
> ? executable = /usr/local/sbin/dovecot-managesieve.sh
> }
> service pop3-login {
> ? process_min_avail = 1
> ? service_count = 1
> }
> service quota-warning {
> ? executable = script /usr/local/sbin/quota-warning.sh
> ? user = vmail
> }
> service stats {
> ? unix_listener stats-reader {
> ??? group = vmail
> ??? mode = 0660
> ??? user = vmail
> ? }
> ? unix_listener stats-writer {
> ??? group = vmail
> ??? mode = 0660
> ??? user = vmail
> ? }
> }
> shutdown_clients = no
> ssl_cert = </etc/ssl/cert.pem
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> userdb {
> ? args = /etc/dovecot/dovecot-sql.conf
> ? driver = sql
> }
> verbose_proctitle = yes
> protocol imap {
> ? imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
> ? mail_max_userip_connections = 2048
> ? mail_plugins = acl notify quota fts fts_solr virtual imap_quota imap_acl
> }
> protocol pop3 {
> ? mail_plugins = acl notify quota fts fts_solr virtual
> ? pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
> ? pop3_uidl_format = %08Xu%08Xv
> }
> protocol lda {
> ? hostname = wv-imap1.wavecloud.de
> ? mail_fsync = optimized
> ? mail_plugins = acl notify quota fts fts_solr virtual sieve
> ? postmaster_address = postmaster at example.com
> ? quota_full_tempfail = yes
> ? sendmail_path = /usr/lib/sendmail
> }
> protocol sieve {
> ? managesieve_implementation_string = Dovecot Pigeonhole
> }
> protocol lmtp {
> ? mail_fsync = optimized
> ? mail_plugins = acl notify quota fts fts_solr virtual sieve
> }
>
>
> ======== END dovecot.conf =========>
>
>
> ======== Core-Dump ================>
> ?????????? PID: 240475 (imap)
> ?????????? UID: 5000 (vmail)
> ?????????? GID: 5000 (vmail)
> ??????? Signal: 11 (SEGV)
> ???? Timestamp: Mon 2022-05-16 13:49:56 CEST (1min 17s ago)
> ? Command Line: dovecot/imap [user1 at domain.com XX.XX.XX.XX MYRIGHTS]
> ??? Executable: /usr/lib/dovecot/imap
> ?Control Group: /system.slice/dovecot.service
> ????????? Unit: dovecot.service
> ???????? Slice: system.slice
> ?????? Boot ID: acb78ce2252049778ff969755d277453
> ??? Machine ID: 1367ff1e75be457cacbf5e204a28711b
> ????? Hostname: wv-imap1
> ?????? Storage:
>
/var/lib/systemd/coredump/core.imap.5000.acb78ce2252049778ff969755d277453.240475.1652701796000000.zst
>
> ?????? Message: Process 240475 (imap) of user 5000 dumped core.
>
> ??????????????? Stack trace of thread 240475:
> ??????????????? #0? 0x00007f5db938c17c acl_mailbox_get_aclobj
> (lib01_acl_plugin.so + 0xf17c)
> ??????????????? #1? 0x00007f5db93776ed n/a (lib02_imap_acl_plugin.so +
> 0x36ed)
> ??????????????? #2? 0x000055f5568444d4 command_exec (imap + 0x224d4)
> ??????????????? #3? 0x000055f55684244f n/a (imap + 0x2044f)
> ??????????????? #4? 0x000055f5568424fa n/a (imap + 0x204fa)
> ??????????????? #5? 0x000055f5568429d5 client_handle_input (imap +
> 0x209d5)
> ??????????????? #6? 0x000055f556842f40 client_input (imap + 0x20f40)
> ??????????????? #7? 0x00007f5db9682529 io_loop_call_io (libdovecot.so.0
> + 0x118529)
> ??????????????? #8? 0x00007f5db9683c12 io_loop_handler_run_internal
> (libdovecot.so.0 + 0x119c12)
> ??????????????? #9? 0x00007f5db96825d0 io_loop_handler_run
> (libdovecot.so.0 + 0x1185d0)
> ??????????????? #10 0x00007f5db9682790 io_loop_run (libdovecot.so.0 +
> 0x118790)
> ??????????????? #11 0x00007f5db95f5353 master_service_run
> (libdovecot.so.0 + 0x8b353)
> ??????????????? #12 0x000055f556833f0a main (imap + 0x11f0a)
> ??????????????? #13 0x00007f5db93c5d0a __libc_start_main (libc.so.6 +
> 0x26d0a)
> ??????????????? #14 0x000055f556833fca _start (imap + 0x11fca)
>
> =========== END Core-Dump ============>
>
> --
> Wavecon GmbH
>
> Anschrift:????? Gustavstra?e 18, 90762 F?rth
> Website:??????? www.wavecon.de
> Support:??????? support at wavecon.de
>
> Telefon:??????? +49 (0)911-1206581 (werktags von 9 - 17 Uhr)
> Hotline 24/7:?? 0800-WAVECON
> Fax:??????????? +49 (0)911-2129233
>
> Registernummer: HRB F?rth 18164
> GF:???????????? Cemil Degirmenci
> UstID:????????? DE251398082
>
> Pflichtinformationen nach Art. 13 DSGVO siehe wavecon.de/de/datenschutz
>
On 16. May 2022, at 14.09, Sebastian Kroczek <skroczek at wavecon.de> wrote:> > Hello all, > > I updated the server tonight and with it Dovecot from 2.2.27 to 2:2.3.19-2+debian11. However, there seems to be a problem with the ACLs, because since then fatal errors are logged (see core dump). I suspect that some outdated configuration is causing this behavior, but so far I couldn't figure out which one it could be. I also have no clue right now how to debug this further. > Thank you very much for your help. If more information are needed, I will of course be happy to provide them...> #0 0x00007f5db938c17c acl_mailbox_get_aclobj (lib01_acl_plugin.so + 0xf17c) > #1 0x00007f5db93776ed n/a (lib02_imap_acl_plugin.so + 0x36ed)It looks like one of the IMAP ACL commands causes the crash, but other than that this isn't enough information and I can't easily reproduce. Can you install dovecot-dbg package and see if you can get a gdb backtrace? : gdb /usr/lib/dovecot/imap /path/to/core bt full