Тема: Ошибка при doveadm -Dv purge (Прочитано 12297 раз)
Почтовый сервер (postfix+dovecot) авторизуется через 389-Directory Server. Учеток более 3500.
Выполнение такой команды:
doveadm -Dv purge -A > doveadm.debug
после обработки некоторого количества учеток, заканчивается ошибкой.
doveadm(test@primer.ru): Debug: acl: owner = 0
doveadm(test@primer.ru): Debug: acl vfile: Global ACL directory: (none)
doveadm(test@primer.ru): Debug: acl vfile: file /var/spool/dovecot/mailboxes/primer.ru/test/mailboxes/dovecot-acl not found
doveadm: Error: Failed to iterate through some users
Файл doveadm.debug содержит следующее:
10 / 2000
20 / 2000
30 / 2000
…
1950 / 2000
1960 / 2000
1970 / 2000
1980 / 2000
1990 / 2000
2000 / 2000
Где искать причину? Это какое-то ограничение в 2000 учеток? Или ошибки в директори сервере?
Записан
Здравствуйте! Ошибка, вероятнее всего, в ограничениях на количество возвращаемых записей в ответ на поисковый запрос. Как я понял из беглого гугления, 2000 — это как раз значение по умолчанию для sizelimit в 389-ds. Так как сам не являюсь пользователем этого сервера каталогов, могу только посоветовать посмотреть здесь и здесь.
Егор
Записан
Спасибо за ответ!
Удалось решить проблему самостоятельно следующим образом:
на директори сервере в свойствах ветки config заменила значение параметра nsslapd-sizelimit с 2000 на 4000
все учетки обработались и папки с почтой пожались даже больше, чем надеялась 
может быть кому-нибудь тоже поможет …
Записан
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Dovecot Maintainers <jaldhar-dovecot@debian.org>:
Bug#699121; Package dovecot-core.
(Sun, 27 Jan 2013 20:24:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Joel Lopes Da Silva <joel@lopes-da-silva.com>:
New Bug report received and forwarded. Copy sent to Dovecot Maintainers <jaldhar-dovecot@debian.org>.
(Sun, 27 Jan 2013 20:24:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: dovecot-core
Version: 1:2.1.7-6
Severity: normal
Problem description
-------------------
I was trying to setup dovecot SASL authentication for my postfix server, using
a postgresql database as the back end for authentication. I was able to get
this to work and tested it using the following technique:
http://qmail.jms1.net/test-auth.shtml
However, part of the SQL configuration of dovecot is defining the
iterate_query, and I could not get that to work. I have a valid SQL query,
and I'm using valid credentials for the database, but I get the following
error every time:
# doveadm fetch -A user ALL
doveadm(root): Error: userdb list: Disconnected unexpectedly
doveadm: Error: Failed to iterate through some users
zsh: exit 75 doveadm fetch -A user ALL
After enabling debug logs in both dovecot (cf. output of doveconf -n below) and
postgresql, here's what I see in /var/log/syslog when I issue that command:
Jan 27 11:47:18 orange dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Jan 27 11:47:18 orange dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_pgsql.so
Jan 27 11:47:18 orange dovecot: auth: Error: userdb connection: Failed to get peer's credentials
Jan 27 11:47:18 orange postgres[3177]: [2-1] 2013-01-27 11:47:18 PST LOG: 00000: connection received: host=::1 port=35751
Jan 27 11:47:18 orange postgres[3177]: [2-2] 2013-01-27 11:47:18 PST LOCATION: BackendInitialize, postmaster.c:3474
Jan 27 11:47:18 orange postgres[3177]: [3-1] 2013-01-27 11:47:18 PST LOG: 00000: connection authorized: user=dovecot database=mail
Jan 27 11:47:18 orange postgres[3177]: [3-2] 2013-01-27 11:47:18 PST LOCATION: PerformAuthentication, postinit.c:230
Jan 27 11:47:18 orange dovecot: auth: pgsql(localhost): Connected to database mail
Personal research
-----------------
I did some digging around the only useful log: userdb connection: Failed to get
peer's credentials
I found that it's generated by the following piece of code:
691 if (net_getunixcred(conn->fd, &cred) < 0) {
692 i_error("userdb connection: Failed to get peer's credentials");
693 return -1;
694 }
in auth-master-connection.c's auth_master_connection_set_permissions function.
(cf. http://fossies.org/dox/dovecot-2.1.13/auth-master-connection_8c_source.html)
So I looked at net_getunixcred and I found that my version of dovecot-core
could not possibly be running the following code:
697 #if defined(HAVE_GETPEEREID)
698 /* OSX 10.4+, FreeBSD 4.6+, OpenBSD 3.0+, NetBSD 5.0+ */
699 if (getpeereid(fd, &cred_r->uid, &cred_r->gid) < 0) {
700 i_error("getpeereid() failed: %m");
701 return -1;
702 }
703 return 0;
otherwise I would have seen this log like I did the other:
"getpeereid() failed: %m"
Similarly, we cannot possibly be running the Linux branch starting with:
704 #elif defined(SO_PEERCRED)
705 /* Linux */
So we must be going through:
716 #elif defined(HAVE_GETPEERUCRED)
717 /* Solaris */
718 ucred_t *ucred = NULL;
719
720 if (getpeerucred(fd, &ucred) < 0) {
721 i_error("getpeerucred() failed: %m");
722 return -1;
723 }
724 cred_r->uid = ucred_geteuid(ucred);
725 cred_r->gid = ucred_getrgid(ucred);
726 ucred_free(ucred);
727
728 if (cred_r->uid == (uid_t)-1 ||
729 cred_r->gid == (gid_t)-1) {
730 errno = EINVAL;
731 return -1;
732 }
733 return 0;
734 #else
735 errno = EINVAL;
736 return -1;
737 #endif
(cf. http://fossies.org/dox/dovecot-2.1.13/network_8c_source.html#l00695)
Looking at the comment, I'd easily speculate that we're probably not even
running the Solaris branch, so I suspect dovecot-core is being built for
kfreebsd-amd64 with neither of the following definitions:
HAVE_GETPEEREID
SO_PEERCRED
HAVE_GETPEERUCRED
If I am right, then there's no chance this could ever work on this
architecture; in that case, fixing the bug might be a matter of making sure
one of these libraries/APIs is used for compiling dovecot-core.
Additional debugging information
--------------------------------
Here's the content of my /etc/dovecot/dovecot-sql.conf.ext with my postgresql
user password redacted:
driver = pgsql
connect = host=localhost dbname=mail user=dovecot password=REDACTED
default_pass_scheme = SHA512-CRYPT
password_query =
SELECT address AS user, password
FROM mailboxes
INNER JOIN domains
ON domains.domain = '%L{domain}' AND domains.active = true AND domains.mailboxes = true
WHERE address = '%L{user}' AND mailboxes.active = true
user_query =
SELECT concat_ws('/', '%d', '%u', '') AS home, 114 AS uid, 114 AS gid
FROM mailboxes
INNER JOIN domains
ON domains.domain = '%d' AND domains.active = true AND domains.mailboxes = true
WHERE address = '%s' AND mailboxes.active = true
iterate_query =
SELECT address AS user
FROM mailboxes
INNER JOIN domains
ON domain = split_part(address, '@', 2) AND domains.active = true AND domains.mailboxes = true
WHERE mailboxes.active = true
Here's my postgresql database model:
CREATE TABLE domains (
domain varchar(255) NOT NULL,
aliases boolean NOT NULL DEFAULT true,
mailboxes boolean NOT NULL DEFAULT false,
maxquota bigint NOT NULL DEFAULT 0,
active boolean NOT NULL DEFAULT true,
created timestamptz NOT NULL DEFAULT current_timestamp,
modified timestamptz NOT NULL DEFAULT current_timestamp,
PRIMARY KEY (domain)
);
CREATE TABLE aliases (
source varchar(255) NOT NULL,
destination text NOT NULL,
active boolean NOT NULL DEFAULT true,
created timestamptz NOT NULL DEFAULT current_timestamp,
modified timestamptz NOT NULL DEFAULT current_timestamp,
PRIMARY KEY (source)
);
CREATE TABLE mailboxes (
address varchar(255) NOT NULL,
password varchar(255) NOT NULL,
quota bigint NOT NULL DEFAULT 0,
active boolean NOT NULL DEFAULT true,
created timestamptz NOT NULL DEFAULT current_timestamp,
modified timestamptz NOT NULL DEFAULT current_timestamp,
PRIMARY KEY (address)
);
And here are the permissions I granted to the dovecot postgresql user:
GRANT CONNECT ON DATABASE mail TO dovecot;
GRANT SELECT ON TABLE domains TO dovecot;
GRANT SELECT ON TABLE aliases TO dovecot;
GRANT SELECT ON TABLE mailboxes TO dovecot;
Here's what I get when running that iterate_query in the psql query
interpretor (domains redacted):
mail=# SELECT address AS user FROM mailboxes INNER JOIN domains ON domain = split_part(address, '@', 2) AND domains.active = true AND domains.mailboxes = true WHERE mailboxes.active = true;
user
--------------------
addr-1@REDACTED.com
addr-3@REDACTED.com
(2 rows)
I don't think it's very important for this bug report, but for your
information, 114 refers to the uid and gid of my virtual_mail unix account and
group:
# grep 114 /etc/passwd /etc/shadow /etc/group
/etc/passwd:virtual_mail:x:114:114:Virtual mail administrator,,,:/var/mail/virtual:/bin/false
/etc/group:virtual_mail:x:114:
Please let me know if you need any additional information.
-- Package-specific info:
dovecot configuration
---------------------
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: GNU/kFreeBSD 9.0-2-amd64 x86_64
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
mail_debug = yes
mail_location = maildir:%{home}/mail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = Drafts
}
mailbox Junk {
special_use = Junk
}
mailbox Sent {
special_use = Sent
}
mailbox "Sent Messages" {
special_use = Sent
}
mailbox Trash {
special_use = Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
ssl = no
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
verbose_ssl = yes
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: kfreebsd-amd64 (x86_64)
Kernel: kFreeBSD 9.0-2-amd64
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages dovecot-core depends on:
ii adduser 3.113+nmu3
ii libbz2-1.0 1.0.6-4
ii libc0.1 2.13-37
ii libpam-runtime 1.1.3-7.1
ii libpam0g 1.1.3-7.1
ii libssl1.0.0 1.0.1c-4
ii openssl 1.0.1c-4
ii ucf 3.0025+nmu3
ii zlib1g 1:1.2.7.dfsg-13
dovecot-core recommends no packages.
Versions of packages dovecot-core suggests:
pn dovecot-gssapi <none>
pn dovecot-imapd <none>
pn dovecot-ldap <none>
pn dovecot-lmtpd <none>
pn dovecot-managesieved <none>
pn dovecot-mysql <none>
ii dovecot-pgsql 1:2.1.7-6
pn dovecot-pop3d <none>
pn dovecot-sieve <none>
pn dovecot-solr <none>
pn dovecot-sqlite <none>
ii ntp 1:4.2.6.p5+dfsg-2
Versions of packages dovecot-core is related to:
ii dovecot-core [dovecot-common] 1:2.1.7-6
pn dovecot-dbg <none>
pn dovecot-dev <none>
pn dovecot-gssapi <none>
pn dovecot-imapd <none>
pn dovecot-ldap <none>
pn dovecot-lmtpd <none>
pn dovecot-managesieved <none>
pn dovecot-mysql <none>
ii dovecot-pgsql 1:2.1.7-6
pn dovecot-pop3d <none>
pn dovecot-sieve <none>
pn dovecot-sqlite <none>
-- no debconf information
Information forwarded
to debian-bugs-dist@lists.debian.org, Dovecot Maintainers <jaldhar-dovecot@debian.org>:
Bug#699121; Package dovecot-core.
(Tue, 19 Feb 2013 08:48:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Timo Sirainen <tss@iki.fi>:
Extra info received and forwarded to list. Copy sent to Dovecot Maintainers <jaldhar-dovecot@debian.org>.
(Tue, 19 Feb 2013 08:48:05 GMT) (full text, mbox, link).
Message #10 received at 699121@bugs.debian.org (full text, mbox, reply):
On Sun, 2013-01-27 at 12:21 -0800, Joel Lopes Da Silva wrote:
> # doveadm fetch -A user ALL
> doveadm(root): Error: userdb list: Disconnected unexpectedly
> doveadm: Error: Failed to iterate through some users
> zsh: exit 75 doveadm fetch -A user ALL
..
> Jan 27 11:47:18 orange dovecot: auth: Error: userdb connection: Failed to get peer's credentials
As you noticed, apparently getsockopt(SO_PEERCRED) doesn't work with
kFreeBSD. You can anyway work around the problem by giving everyone
access to the userdb socket:
service auth {
unix_listener userdb {
mode = 0777
}
}
Information forwarded
to debian-bugs-dist@lists.debian.org, Dovecot Maintainers <jaldhar-dovecot@debian.org>:
Bug#699121; Package dovecot-core.
(Wed, 13 Mar 2013 07:03:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Joel Lopes Da Silva <joel@lopes-da-silva.com>:
Extra info received and forwarded to list. Copy sent to Dovecot Maintainers <jaldhar-dovecot@debian.org>.
(Wed, 13 Mar 2013 07:03:03 GMT) (full text, mbox, link).
Message #15 received at 699121@bugs.debian.org (full text, mbox, reply):
On Feb 19, 2013, at 12:19 AM, Timo Sirainen <tss@iki.fi> wrote:
> On Sun, 2013-01-27 at 12:21 -0800, Joel Lopes Da Silva wrote:
>
>> # doveadm fetch -A user ALL
>> doveadm(root): Error: userdb list: Disconnected unexpectedly
>> doveadm: Error: Failed to iterate through some users
>> zsh: exit 75 doveadm fetch -A user ALL
> ..
>> Jan 27 11:47:18 orange dovecot: auth: Error: userdb connection: Failed to get peer's credentials
>
> As you noticed, apparently getsockopt(SO_PEERCRED) doesn't work with
> kFreeBSD. You can anyway work around the problem by giving everyone
> access to the userdb socket:
>
> service auth {
> unix_listener userdb {
> mode = 0777
> }
> }
This workaround works for me. Thanks Timo.
Do you think there might be an equivalent API we could use on kFreeBSD to accomplish the same behavior as the one available on Linux?
--
Joel Lopes Da Silva
Information forwarded
to debian-bugs-dist@lists.debian.org, Dovecot Maintainers <jaldhar-dovecot@debian.org>:
Bug#699121; Package dovecot-core.
(Wed, 20 Mar 2013 19:12:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Timo Sirainen <tss@iki.fi>:
Extra info received and forwarded to list. Copy sent to Dovecot Maintainers <jaldhar-dovecot@debian.org>.
(Wed, 20 Mar 2013 19:12:04 GMT) (full text, mbox, link).
Message #20 received at 699121@bugs.debian.org (full text, mbox, reply):
On Wed, 2013-03-13 at 00:00 -0700, Joel Lopes Da Silva wrote:
> > As you noticed, apparently getsockopt(SO_PEERCRED) doesn't work with
> > kFreeBSD. You can anyway work around the problem by giving everyone
> > access to the userdb socket:
> >
> > service auth {
> > unix_listener userdb {
> > mode = 0777
> > }
> > }
>
> This workaround works for me. Thanks Timo.
>
> Do you think there might be an equivalent API we could use on kFreeBSD to accomplish the same behavior as the one available on Linux?
src/lib/net.c net_getunixcred() has multiple ways to do it for different
OSes. You could try if one of them works.
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Thu Feb 9 10:24:04 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
I’d like to use doveadm to expunge (and more). When I run
doveadm search -u 'some@email.com' mailbox Trash savedbefore 90d
it works. But when I use -A, it doesn’t.
doveadm search -A mailbox Trash savedbefore 90d
The result is (with debug option)
doveadm(root): Error: userdb list: Request timed out
doveadm(root): Debug: expire: Couldn't optimize search query: mailbox Trash not in expire database
doveadm: Error: Failed to iterate through some users
my dovecot.conf interesting settings:
first_valid_gid = 107
first_valid_uid = 107
last_valid_gid = 107
last_valid_uid = 107
protocols = imap
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-master {
group = mail
mode = 0666
user = vmail
}
user = nobody
}
protocol imap {
mail_plugins = $mail_plugins imap_acl
}
protocol lda {
auth_socket_path = /var/run/dovecot/auth-master
hostname = brzezina.com.pl
mail_plugin_dir = /usr/lib/dovecot/modules/
mail_plugins = sieve
postmaster_address = postmaster@brzezina.com.pl
sendmail_path = /usr/sbin/sendmail
}
mail_plugins = $mail_plugins expire
plugin {
expire = Trash
expire = Trash/*
expire = Spam
expire_dict = proxy::expire
}
My userdb is in postgresql, and dovecot-sql.conf.ext has iterate_query uncommented:
# Query to get a list of all usernames.
iterate_query = SELECT address AS user FROM users
I suppose, that because I run it from root, it tries to find system userdb but it should use sql userdb. But don’t know how to force it. I tried to use -S but don’t know what.