Bug 38811

Summary: Errors during dovercot listener init
Product: UCS Reporter: Sönke Schwardt-Krummrich <schwardt>
Component: Mail - DovecotAssignee: Daniel Tröder <troeder>
Status: CLOSED FIXED QA Contact: Sönke Schwardt-Krummrich <schwardt>
Severity: normal    
Priority: P5 CC: walkenhorst
Version: UCS 4.0   
Target Milestone: ---   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Bug Depends on:    
Bug Blocks: 34839    

Description Sönke Schwardt-Krummrich univentionstaff 2015-07-01 17:24:17 CEST 
These error messages have been found in /var/log/univention/listener.log:

01.07.15 14:49:03.931  LISTENER    ( WARN    ) : initializing module dovecot-shared-folder
01.07.15 14:49:03.990  LISTENER    ( WARN    ) : finished initializing module dovecot-shared-folder
01.07.15 14:49:03.990  LISTENER    ( WARN    ) : initializing module dovecot
Sieve/IMAP Password:
Authentication refused by server
: "Authentication failed."
Sieve/IMAP Password:
Authentication refused by server
: "Authentication failed."
01.07.15 14:49:58.233  LISTENER    ( PROCESS ) : dovecot: Added mail account ''.
Sieve/IMAP Password:
Authentication refused by server
: "Authentication failed."
Sieve/IMAP Password:
Authentication refused by server
: "Authentication failed."
01.07.15 14:50:25.232  LISTENER    ( PROCESS ) : dovecot: Added mail account ''.
Sieve/IMAP Password:
Authentication refused by server
: "Authentication failed."
Sieve/IMAP Password:
Authentication refused by server
: "Authentication failed."
01.07.15 14:50:59.371  LISTENER    ( PROCESS ) : dovecot: Added mail account ''.
01.07.15 14:50:59.372  LISTENER    ( WARN    ) : finished initializing module dovecot
Sieve/IMAP Password:
Sieve/IMAP Password:
01.07.15 14:52:23.432  LISTENER    ( PROCESS ) : dovecot: Added mail account 'mail1@nstx.local'.
Sieve/IMAP Password:
Sieve/IMAP Password:
Comment 1 Daniel Tröder univentionstaff 2015-07-03 09:03:26 CEST 
This was fixed by changing two things:
* waiting for ssl-parameters generation before restarting listener in postinst: 61648 & 61651
* ignoring users without mail address during listener init: 61663
Comment 2 Sönke Schwardt-Krummrich univentionstaff 2015-07-06 23:26:04 CEST 
univention-mail-dovecot/debian/univention-mail-dovecot.postinst:
+if [ -e /var/lib/dovecot/ssl-parameters.dat.tmp ]; then
+       echo -n "Waiting for Dovecot ssl-parameters generation (this can take a long time)."
+       while [ -e /var/lib/dovecot/ssl-parameters.dat.tmp ]; do
+               echo -n "."
+               sleep 1
+       done
+echo
→ please add a timeout; otherwise if the generation failed and the file is not removed, the installation process will never end.
→ how long does the regeneration take on low-entropy system? 
  Is 120 seconds as timeout enough?

(In reply to Daniel Tröder from comment #1)
> * ignoring users without mail address during listener init: 61663

→ OK, this fixed the previously reported error messages
Comment 3 Daniel Tröder univentionstaff 2015-07-07 13:04:16 CEST 
(In reply to Sönke Schwardt-Krummrich from comment #2)
> univention-mail-dovecot/debian/univention-mail-dovecot.postinst:
> +if [ -e /var/lib/dovecot/ssl-parameters.dat.tmp ]; then
> +       echo -n "Waiting for Dovecot ssl-parameters generation (this can
> take a long time)."
> +       while [ -e /var/lib/dovecot/ssl-parameters.dat.tmp ]; do
> +               echo -n "."
> +               sleep 1
> +       done
> +echo
> → please add a timeout; otherwise if the generation failed and the file is
> not removed, the installation process will never end.
A timeout of 180s was added to the loop in revision 61834.

> → how long does the regeneration take on low-entropy system? 
>   Is 120 seconds as timeout enough?
The process is single-threaded. The longest time I have seen was in a VM of a 2 GHz Opteron with 2:30 min.
Comment 4 Sönke Schwardt-Krummrich univentionstaff 2015-07-08 00:28:29 CEST 
(In reply to Daniel Tröder from comment #3)
> A timeout of 180s was added to the loop in revision 61834.

→ OK

> > → how long does the regeneration take on low-entropy system? 
> >   Is 120 seconds as timeout enough?
> The process is single-threaded. The longest time I have seen was in a VM of
> a 2 GHz Opteron with 2:30 min.

VM on spoka took 109 seconds.
→ VERIFIED
Comment 5 Janek Walkenhorst univentionstaff 2015-07-09 18:15:40 CEST 
<http://errata.univention.de/ucs/4.0/237.html>