Horked is a technical termed for broken :)
Seriously though -- Dovecot configuration works appropriately up to version 7.0.1 and before. Upgrading to the latest or release-v7.1.0 image results in dovecot not starting on docker-mailserver, and consequently rejecting IMAP connections.
Using the same configuration on images up to 7.0.1 works appropriately.
Expectations: A working configuration from 7.0.1 should work in 7.0.1+, unless explicit changes are called out in the Announcements section.
Context
Pretty standard postfix/dovecot setup using imap/ssl w/ letsencrypt, dmarc, dkim, etc.
docker-compose.yml (redacted and paths simplified):
version: "3"
networks:
mail:
driver: bridge
ipam:
config:
- subnet: {MAIL NET}/24
db_db:
external: true
services:
mail:
image: tvial/docker-mailserver:release-v7.0.1
restart: "always"
stop_grace_period: "1m"
networks:
mail:
ipv4_address: {MAIL IP}
ports:
- "25:25/tcp"
- "587:587/tcp"
- "993:993/tcp"
hostname: "mail"
domainname: "{REDACTED}"
container_name: "mail"
environment:
- "DEFAULT_RELAY_HOST=''"
- "DMS_DEBUG=1"
- "DOVECOT_MAILBOX_FORMAT=maildir"
- "ENABLE_CLAMAV=0"
- "ENABLE_ELK_FORWARDER=0"
- "ENABLE_FAIL2BAN=0"
- "ENABLE_FETCHMAIL=0"
- "ENABLE_LDAP=''"
- "ENABLE_MANAGESIEVE=1"
- "ENABLE_POP3=''"
- "ENABLE_POSTFIX_VIRTUAL_TRANSPORT=''"
- "ENABLE_POSTGREY=1"
- "ENABLE_QUOTAS=0"
- "ENABLE_SASLAUTHD=0"
- "ENABLE_SPAMASSASSIN=1"
- "ENABLE_SRS=1"
- "LOGROTATE_INTERVAL=weekly"
- "LOGWATCH_INTERVAL=weekly"
- "ONE_DIR=1"
- "PERMIT_DOCKER=host"
- "PFLOGSUMM_TRIGGER=logrotate"
- "POSTFIX_DAGENT=''"
- "POSTFIX_INET_PROTOCOLS=ipv4"
- "POSTFIX_MAILBOX_SIZE_LIMIT=0"
- "POSTFIX_MESSAGE_SIZE_LIMIT=10480000"
- "POSTGREY_AUTO_WHITELIST_CLIENTS=0"
- "POSTGREY_DELAY=300"
- "POSTGREY_MAX_AGE=35"
- "POSTGREY_TEXT=Delayed by postgrey"
- "POSTMASTER_ADDRESS=postmaster@{REDACTED}"
- "POSTSCREEN_ACTION=enforce"
- "RELAY_HOST=''"
- "SA_KILL=6.31"
- "SA_SPAM_SUBJECT=***SPAM***"
- "SA_TAG2=6.31"
- "SA_TAG=3.0"
- "SASL_PASSWD=''"
- "SASLAUTHD_MECH_OPTIONS=''"
- "SASLAUTHD_MECHANISMS=''"
- "SMTP_ONLY=''"
- "SPOOF_PROTECTION=1"
- "SRS_EXCLUDE_DOMAINS=''"
- "SRS_SENDER_CLASSES=envelope_sender,header_sender"
- "SSL_TYPE=letsencrypt"
- "TLS_LEVEL=modern"
- "TZ=America/Los_Angeles"
- "VIRUSMAILS_DELETE_DELAY=7"
volumes:
- "/d/mail:/var/mail"
- "/d/config:/tmp/docker-mailserver"
- "/d/90-sieve.conf:/etc/dovecot/conf.d/90-sieve.conf"
- "/d/letsencrypt:/etc/letsencrypt:ro"
- "/var/log/docker/mail:/var/log/mail"
- "/etc/localtime:/etc/localtime:ro"IMAP/SSL works fine, can login without issue (and all versions before this).
$ openssl s_client -starttls imap -connect mail.{REDACTED}:993
CONNECTED(00000005)Dovecot is running on the server:
# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 1 23:05 ? 00:00:00 /usr/bin/python2 /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
root 8 1 0 23:05 ? 00:00:00 /bin/bash /usr/local/bin/start-mailserver.sh
root 457 0 0 23:05 pts/0 00:00:00 /bin/sh
root 525 1 0 23:05 ? 00:00:00 /usr/sbin/cron -f
root 527 1 0 23:05 ? 00:00:00 /usr/sbin/rsyslogd -n
root 533 1 0 23:05 ? 00:00:00 /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
dovecot 536 533 0 23:05 ? 00:00:00 dovecot/anvil
root 537 533 0 23:05 ? 00:00:00 dovecot/log
root 538 533 0 23:05 ? 00:00:00 dovecot/config
opendkim 540 1 0 23:05 ? 00:00:00 /usr/sbin/opendkim -f
opendkim 542 540 0 23:05 ? 00:00:00 /usr/sbin/opendkim -f
opendma+ 548 1 0 23:05 ? 00:00:00 /usr/sbin/opendmarc -f -p inet:8893@localhost -P /var/run/opendmarc/opendmarc.pid
postgrey 556 1 1 23:05 ? 00:00:00 postgrey --inet=127.0.0.1:10023 --syslog-facility=mail --delay=300 --max-age=35 --auto-whitelist-clients=0 --g
root 558 1 0 23:05 ? 00:00:00 bash /usr/local/bin/postfix-wrapper.sh
amavis 567 1 16 23:05 ? 00:00:01 /usr/sbin/amavisd-new (master)
root 569 8 0 23:05 ? 00:00:00 tail -fn 0 /var/log/mail/mail.log
postsrsd 661 1 0 23:05 ? 00:00:00 /usr/sbin/postsrsd -f 10001 -r 10002 -d {REDACTED} -s /etc/postsrsd.secret -a = -n 4 -N 4 -u postsrsd -p /var/r
root 1206 1 0 23:05 ? 00:00:00 /usr/lib/postfix/sbin/master
postfix 1208 1206 0 23:05 ? 00:00:00 pickup -l -t fifo -u -c -o content_filter= -o receive_override_options=no_header_body_checks
postfix 1209 1206 0 23:05 ? 00:00:00 qmgr -l -t unix -u
amavis 1210 567 0 23:05 ? 00:00:00 /usr/sbin/amavisd-new (virgin child)
amavis 1211 567 0 23:05 ? 00:00:00 /usr/sbin/amavisd-new (virgin child)
root 1214 558 0 23:05 ? 00:00:00 sleep 5
root 1215 457 0 23:05 pts/0 00:00:00 ps -efWhat is affected by this bug?
Upgrading beyond 7.0.1 without any changes causes dovecot not to run, and therefore, IMAP/SSL to fail.
docker-compose.yml (same as above, just version bump):
...
services:
mail:
image: tvial/docker-mailserver:release-v7.1.0
...IMAP/SSL fails.
$ openssl s_client -starttls imap -connect mail.{REDACTED}:993
140671805964736:error:0200206F:system library:connect:Connection refused:../crypto/bio/b_sock2.c:110:
140671805964736:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:111:
connect:errno=111Dovecot is not running on the server:
# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 2 23:03 ? 00:00:00 /usr/bin/python2 /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
root 8 1 0 23:03 ? 00:00:00 /bin/bash /usr/local/bin/start-mailserver.sh
root 552 1 0 23:03 ? 00:00:00 /usr/sbin/cron -f
root 554 1 0 23:03 ? 00:00:00 /usr/sbin/rsyslogd -n
opendkim 558 1 0 23:03 ? 00:00:00 /usr/sbin/opendkim -f
opendkim 560 558 0 23:03 ? 00:00:00 /usr/sbin/opendkim -f
opendma+ 566 1 0 23:03 ? 00:00:00 /usr/sbin/opendmarc -f -p inet:8893@localhost -P /var/run/opendmarc/opendmarc.pid
postgrey 574 1 3 23:03 ? 00:00:00 postgrey --inet=127.0.0.1:10023 --syslog-facility=mail --delay=300 --max-age=35 --auto-whitelist-clients=0 --g
root 576 1 0 23:03 ? 00:00:00 bash /usr/local/bin/postfix-wrapper.sh
amavis 585 1 44 23:03 ? 00:00:01 /usr/sbin/amavisd-new (master)
root 587 8 0 23:03 ? 00:00:00 tail -fn 0 /var/log/mail/mail.log
root 596 0 1 23:03 pts/0 00:00:00 /bin/sh
postsrsd 626 1 0 23:03 ? 00:00:00 /usr/sbin/postsrsd -f 10001 -r 10002 -d {REDACTED} -s /etc/postsrsd.secret -a = -n 4 -N 4 -u postsrsd -p /var/r
amavis 1141 585 0 23:04 ? 00:00:00 /usr/sbin/amavisd-new (virgin child)
amavis 1142 585 0 23:04 ? 00:00:00 /usr/sbin/amavisd-new (virgin child)
root 1225 1 0 23:04 ? 00:00:00 /usr/lib/postfix/sbin/master
root 1226 576 0 23:04 ? 00:00:00 sleep 5
postfix 1227 1225 0 23:04 ? 00:00:00 pickup -l -t fifo -u -c -o content_filter= -o receive_override_options=no_header_body_checks
postfix 1228 1225 0 23:04 ? 00:00:00 qmgr -l -t unix -u
root 1229 596 0 23:04 pts/0 00:00:00 ps -efroundcube (web UI using IMAP/SSL) is not happy either:
/var/log/syslog:
Oct 12 20:18:47 {SERVER} roundcube[7483]: errors: <eb34b0a6> IMAP Error: Login failed for {USER} against {REDACTED} from {GATEWAY IP}(X-Real-IP:
{CLIENT IP},X-Forwarded-For: {CLIENT IP}). Could not connect to ssl://{REDACTED}:993: Unknown reason in /var/www/html/program/lib/Roundcube/rcube_imap.php on line 200 (POST /?_task=login&_action=login)When does this occur?
Any version beyond 7.0.1
How do we replicate the issue?
See above for replication. I can provide additional files for postfix conf and dovecot sieve, but that doesn't seem to be the issue.
Actual Behavior
IMAP/SSL logins fail. Dovecot not running on the server.
Expected behavior (i.e. solution)
Expectations: A working configuration from 7.0.1 should work in 7.0.1+, unless explicit changes are called out in the Announcements section.
Your Environment
- Amount of RAM available: 128GB
- Mailserver version used:
- working: release-v7.0.0, release-v7.0.1
- non-working: release-v7.1.0, latest
- Docker version used: Docker version 19.03.13, build 4484c46d9d
- Environment settings relevant to the config: See config.
- Any relevant stack traces ("Full trace" preferred):
Horked is a technical termed for broken :)
Seriously though -- Dovecot configuration works appropriately up to version
7.0.1and before. Upgrading to thelatestorrelease-v7.1.0image results in dovecot not starting on docker-mailserver, and consequently rejecting IMAP connections.Using the same configuration on images up to 7.0.1 works appropriately.
Expectations: A working configuration from 7.0.1 should work in 7.0.1+, unless explicit changes are called out in the Announcements section.
Context
Pretty standard postfix/dovecot setup using imap/ssl w/ letsencrypt, dmarc, dkim, etc.
docker-compose.yml (redacted and paths simplified):
IMAP/SSL works fine, can login without issue (and all versions before this).
$ openssl s_client -starttls imap -connect mail.{REDACTED}:993 CONNECTED(00000005)Dovecot is running on the server:
What is affected by this bug?
Upgrading beyond
7.0.1without any changes causes dovecot not to run, and therefore, IMAP/SSL to fail.docker-compose.yml (same as above, just version bump):
IMAP/SSL fails.
$ openssl s_client -starttls imap -connect mail.{REDACTED}:993 140671805964736:error:0200206F:system library:connect:Connection refused:../crypto/bio/b_sock2.c:110: 140671805964736:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:111: connect:errno=111Dovecot is not running on the server:
roundcube (web UI using IMAP/SSL) is not happy either:
/var/log/syslog:
Oct 12 20:18:47 {SERVER} roundcube[7483]: errors: <eb34b0a6> IMAP Error: Login failed for {USER} against {REDACTED} from {GATEWAY IP}(X-Real-IP: {CLIENT IP},X-Forwarded-For: {CLIENT IP}). Could not connect to ssl://{REDACTED}:993: Unknown reason in /var/www/html/program/lib/Roundcube/rcube_imap.php on line 200 (POST /?_task=login&_action=login)When does this occur?
Any version beyond
7.0.1How do we replicate the issue?
See above for replication. I can provide additional files for postfix conf and dovecot sieve, but that doesn't seem to be the issue.
Actual Behavior
IMAP/SSL logins fail. Dovecot not running on the server.
Expected behavior (i.e. solution)
Expectations: A working configuration from 7.0.1 should work in 7.0.1+, unless explicit changes are called out in the Announcements section.
Your Environment