Re: dovecot & cap_net_admin capability
we've seen SELinux reports from our users that dovecot tried to use something that needs CAP_NET_ADMIN capability. Before enabling it, we would like to know where it originated from. I've checked the sources, but was not able to find anything that would require this capability. Do you know for what it is used? Is this something that changed recently? Anyway, no idea. Do they have any more details, like is it even the dovecot master process that causes it? Or does it say which syscall fails? Thanks for the answer. We've looked into this a little bit more and found out that this message is caused by what happens in kernel (and network configuration). It is not caused by what dovecot does. Cheers, Michal
Re: Dovecot 2.2.30* compiling error
Andrey Jr. Melnikov wrote: > Mart Pirita wrote: >> Hello. >> I cant build 2.2.30*, but I can build fine version 2.2.29* with same >> options: >> RedHat based customized distro, 2.6.28.10 kernel > [...] > >> Build error: >> ltest_lib-test-bits.o: In function `bits_required64': >> /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/bits.h:33: undefined >> reference to `__builtin_clzll' >> /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/bits.h:33: undefined >> reference to `__builtin_clzll' >> test_lib-test-bits.o: In function `test_bits_requiredXX': >> /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/test-bits.c:74: undefined >> reference to `__builtin_clzll' >> /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/test-bits.c:74: undefined >> reference to `__builtin_clzll' >> /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/test-bits.c:74: undefined >> reference to `__builtin_clzll' >> ./.libs/liblib.a(numpack.o): In function `numpack_decode': >> /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/numpack.c:43: undefined >> reference to `__builtin_clz' >> collect2: ld returned 1 exit status >> Please advise? > Time to upgrade ancient GCC? Well, I know it's old, but I didn't notice in changelog that something special new was added, so maybe this is somekind of bug? Edit, tested with newer gcc and got new error: db-checkpassword.c: In function 'sigchld_handler': db-checkpassword.c:434:6: error: assignment of read-only member '__in' db-checkpassword.c:437:26: error: assignment of read-only member '__in' db-checkpassword.c:439:13: error: assignment of read-only member '__in' db-checkpassword.c:440:26: error: assignment of read-only member '__in' make[3]: *** [db-checkpassword.lo] Error 1 Seems this is quite old error - https://dovecot.org/list/dovecot/2012-October/086033.html
Re: Dovecot 2.2.30* compiling error
On 21 Jun 2017, at 16.03, Mart Pirita wrote: > >>> ltest_lib-test-bits.o: In function `bits_required64': >>> /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/bits.h:33: undefined >>> reference to `__builtin_clzll' This can be fixed with the attached patch. diff Description: Binary data > Edit, tested with newer gcc and got new error: > > db-checkpassword.c: In function 'sigchld_handler': > db-checkpassword.c:434:6: error: assignment of read-only member '__in' > db-checkpassword.c:437:26: error: assignment of read-only member '__in' > db-checkpassword.c:439:13: error: assignment of read-only member '__in' > db-checkpassword.c:440:26: error: assignment of read-only member '__in' But this is weird. Why are your WIFSIGNALED(), WTERMSIG(), WIFEXITED() and WEXITSTATUS() macros trying to write to the status variable? Also this code hasn't even changed between 2.2.29 and 2.2.30.
Re: Dovecot 2.2.30* compiling error
Timo Sirainen wrote: > On 21 Jun 2017, at 16.03, Mart Pirita wrote: ltest_lib-test-bits.o: In function `bits_required64': /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/bits.h:33: undefined reference to `__builtin_clzll' > This can be fixed with the attached patch. Thanks, got this time new error, do You have fix for this: test_lib-test-bits.o: In function `bits_required16': /usr/src/redhat/BUILD/dovecot-2.2.30.2/src/lib/bits.h:41: undefined reference to `bits_required8' /usr/src/redhat/BUILD/dovecot-2.2.30.2/src/lib/bits.h:41: undefined reference to `bits_required8' /usr/src/redhat/BUILD/dovecot-2.2.30.2/src/lib/bits.h:41: undefined reference to `bits_required8' /usr/src/redhat/BUILD/dovecot-2.2.30.2/src/lib/bits.h:41: undefined reference to `bits_required8' /usr/src/redhat/BUILD/dovecot-2.2.30.2/src/lib/bits.h:41: undefined reference to `bits_required8' test_lib-test-bits.o:/usr/src/redhat/BUILD/dovecot-2.2.30.2/src/lib/bits.h:41: more undefined references to `bits_required8' follow collect2: ld returned 1 exit status make[4]: *** [test-lib] Error 1 > > >> Edit, tested with newer gcc and got new error: >> >> db-checkpassword.c: In function 'sigchld_handler': >> db-checkpassword.c:434:6: error: assignment of read-only member '__in' >> db-checkpassword.c:437:26: error: assignment of read-only member '__in' >> db-checkpassword.c:439:13: error: assignment of read-only member '__in' >> db-checkpassword.c:440:26: error: assignment of read-only member '__in' > But this is weird. Why are your WIFSIGNALED(), WTERMSIG(), WIFEXITED() and > WEXITSTATUS() macros trying to write to the status variable? Also this code > hasn't even changed between 2.2.29 and 2.2.30. > Like the previously included url said - "looks like this might be a bug in glibc 2.3.3". The previous builds was all made with older gcc and no such error. -- Mart
Re: Dovecot 2.2.30* compiling error
On 21 Jun 2017, at 16.42, Mart Pirita wrote: > > Timo Sirainen wrote: >> On 21 Jun 2017, at 16.03, Mart Pirita wrote: > ltest_lib-test-bits.o: In function `bits_required64': > /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/bits.h:33: undefined > reference to `__builtin_clzll' >> This can be fixed with the attached patch. > > > Thanks, got this time new error, do You have fix for this: > > > test_lib-test-bits.o: In function `bits_required16': > /usr/src/redhat/BUILD/dovecot-2.2.30.2/src/lib/bits.h:41: undefined > reference to `bits_required8' Oh, didn't notice that one. Add the attached patch on top of the other patch. diff Description: Binary data
Re: Dovecot 2.2.30* compiling error
Timo Sirainen wrote: > On 21 Jun 2017, at 16.42, Mart Pirita wrote: >> Timo Sirainen wrote: >>> On 21 Jun 2017, at 16.03, Mart Pirita wrote: >> ltest_lib-test-bits.o: In function `bits_required64': >> /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/bits.h:33: undefined >> reference to `__builtin_clzll' >>> This can be fixed with the attached patch. >> Thanks, got this time new error, do You have fix for this: >> >> >> test_lib-test-bits.o: In function `bits_required16': >> /usr/src/redhat/BUILD/dovecot-2.2.30.2/src/lib/bits.h:41: undefined >> reference to `bits_required8' > Oh, didn't notice that one. Add the attached patch on top of the other patch. > Timo - thank You! You fixed it, v2.2.30.2 compiled fine with gcc-3.3.6. Also please add both patches into v2.2.31. -- Mart
Re: Dovecot >=2.2.29 + Filesystem quota = incorrect storage information
W dniu 20.06.2017 o 21:25, Timo Sirainen pisze:
> On 20 Jun 2017, at 15.49, Macka wrote:
>> Hi,
>>
>> I have problem with quota storage information in dovecot-2.2.29 (and
>> newer versions, too - 2.2.30.2).
>> I use FS quota backend.
> .
>> After upgrade from 2.2.27 to 2.2.29 (newest 2.2.30.2 too), dovecot
>> returns incorrect informations about quota storage:
> Hmm. There are zero differences in quota-fs code between 2.2.27 and 2.2.30.
> Are you sure the difference isn't something else than Dovecot version?
>
>
>
You are probably right.
It took me some time but it looks like the problem is in the glibc-2.25
library or rather in the header files used during the compilation (or
maybe in something else). I recompiled (.src.rpm's from PLD linux
distribution) v2.2.27 and v2.2.30.2 on another machine with glibc-2.24
and then I installed them on a machine with glibc-2.25 libraries.
Both dovecot's versions correctly show used space.
All dovecot's versions, compiled on a machine with glibc-2.25 and
installed on the same machine, returns incorrect account used space.
Found differences quota.h files but do not know if it depends on it?
*/usr/include/sys/quota.h (from glibc-headers-2.24-4.x86_64) - 7974 bytes*
=
/* This just represents the non-kernel parts of .
*
* here's the corresponding copyright:
* Copyright (c) 1982, 1986 Regents of the University of California.
* All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Robert Elz at The University of Melbourne.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
*notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
*notice, this list of conditions and the following disclaimer in the
*documentation and/or other materials provided with the distribution.
* 4. Neither the name of the University nor the names of its contributors
*may be used to endorse or promote products derived from this software
*without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef _SYS_QUOTA_H
#define _SYS_QUOTA_H 1
#include
#include
/*
* Select between different incompatible quota versions.
* Default to the version used by Linux kernel version 2.4.22
* or later. */
#ifndef _LINUX_QUOTA_VERSION
# define _LINUX_QUOTA_VERSION 2
#endif
/*
* Convert diskblocks to blocks and the other way around.
* currently only to fool the BSD source. :-)
*/
#define dbtob(num) ((num) << 10)
#define btodb(num) ((num) >> 10)
/*
* Convert count of filesystem blocks to diskquota blocks, meant
* for filesystems where i_blksize != BLOCK_SIZE
*/
#define fs_to_dq_blocks(num, blksize) (((num) * (blksize)) / BLOCK_SIZE)
/*
* Definitions for disk quotas imposed on the average user
* (big brother finally hits Linux).
*
* The following constants define the amount of time given a user
* before the soft limits are treated as hard limits (usually resulting
* in an allocation failure). The timer is started when the user crosses
* their soft limit, it is reset when they go below their soft limit.
*/
#define MAX_IQ_TIME 604800 /* (7*24*60*60) 1 week */
#define MAX_DQ_TIME 604800 /* (7*24*60*60) 1 week */
#define MAXQUOTAS 2
#define USRQUOTA 0 /* element used for user quotas */
#define GRPQUOTA 1 /* element used for group quotas */
/*
* Definitions for the default names of the quotas files.
*/
#define INITQFNAMES { \
"user", /* USRQUOTA */ \
"group", /* GRPQUOTA */ \
"undefined", \
};
#define QUOTAFILENAME "quota"
#define QUOTAGROUP "staff"
#define NR_DQHASH 43 /* Just an arbitrary number any
suggestions ? */
#define NR_DQUOTS 256 /* Number of quotas active at one time */
/*
* Command definitions for the 'quotactl' system call.
* The commands are broken into a main command defined below
* and a subcommand that is used to convey the type of
* quota that is being manipulated (see above)
Re: +vnd.dovecot.duplicate for Bogofilter duplication shortcomings
Hello, Yes but how to activate this for all users, not on a per user basis or without writing out thousands of sieve files to users directories. Thank you. On 2017-06-15 13:33, Stephan Bosch wrote: Op 6/15/2017 om 12:19 PM schreef Luescher Claude: I have +vnd.dovecot.duplicate plugin enabled but it seems to be ineffective. Any other tips for a workaround? Enabling that extension does nothing by itself. You need to add a corresponding rule to your Sieve script. Also, that is the deprecated name for that extension. It is explained fully here: https://tools.ietf.org/html/rfc7352 Regards, Stephan.
Re: +vnd.dovecot.duplicate for Bogofilter duplication shortcomings
Op 6/21/2017 om 9:36 PM schreef Luescher Claude: > Hello, > > Yes but how to activate this for all users, not on a per user basis or > without writing out thousands of sieve files to users directories. > Use sieve_before. Then you can have one script that applies to all users, before their personal script is executed. https://wiki.dovecot.org/Pigeonhole/Sieve/Configuration#Executing_Multiple_Scripts_Sequentially Regards, Stephan. > Thank you. > > On 2017-06-15 13:33, Stephan Bosch wrote: >> Op 6/15/2017 om 12:19 PM schreef Luescher Claude: >>> I have +vnd.dovecot.duplicate plugin enabled but it seems to be >>> ineffective. Any other tips for a workaround? >>> >> >> Enabling that extension does nothing by itself. You need to add a >> corresponding rule to your Sieve script. >> >> Also, that is the deprecated name for that extension. It is explained >> fully here: >> >> https://tools.ietf.org/html/rfc7352 >> >> Regards, >> >> Stephan.
Trouble after Upgrade to v2.2.30.2 missing value for DOVECOT_
Hi,
I keep getting these errors after upgraded to 2.2.30.2. I can't seems to
find what is going on. This is running a Freebsd 10.3-RELEASE-p11 :(
Can someone please assist ?
Jun 22 14:45:23 starlite2 dovecot: auth: Debug: Loading modules from
directory: /usr/local/lib/dovecot/auth
Jun 22 14:45:23 starlite2 dovecot: auth: Debug: Module loaded:
/usr/local/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
Jun 22 14:45:23 starlite2 dovecot: auth: Debug: Read auth token secret from
/var/run/dovecot/auth-token-secret.dat
Jun 22 14:45:23 starlite2 dovecot: auth: Error: auth: environment corrupt;
missing value for DOVECOT_
Jun 22 14:45:23 starlite2 dovecot: auth: Fatal: unsetenv(RESTRICT_SETUID)
failed: Bad address
Jun 22 14:45:23 starlite2 dovecot: master: Error: service(auth): command
startup failed, throttling for 4 secs
root@starlite2:/usr/ports/mail/dovecot2/work/dovecot-2.2.30.2/src/auth #
dovecot -n
# 2.2.30.2 (c0c463e): /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 10.3-RELEASE-p11 amd64
auth_debug = yes
auth_default_realm = ispworkshop.com
auth_mechanisms = plain login
auth_realms = ispworkshop.com
auth_verbose = yes
disable_plaintext_auth = no
first_valid_uid = 5000
hostname = www3.ispworkshop.net
last_valid_uid = 5000
lda_mailbox_autocreate = yes
login_greeting = Ready.
mail_gid = 5000
mail_location = maildir:~/
mail_plugins = quota expire mail_log notify
mail_temp_dir = /var/tmp
mail_uid = 5000
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = /
type = private
}
passdb {
args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
postmaster_address = on...@ispworkshop.net
sendmail_path = /usr/local/sbin/sendmail
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0600
user = vmail
}
}
service imap-login {
process_min_avail = 1
}
ssl = no
userdb {
driver = passwd
}
userdb {
args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol imap {
mail_max_userip_connections = 100
}
protocol pop3 {
mail_max_userip_connections = 100
}
