dovecot failure

Today I ran a routine apt-get update/apt-get upgrade on my mailserver and dovecot failed afterwards. This is a “bad thing” (TM). No routine software upgrade should cause a failure of the kind I experienced.

Two things happened which should not have done. Firstly the SSL certificates appeared to have changed (which meant that mail clients immediately complained and flagged the error). Secondly, the back end authentication in my mysql database also seemed to fail. Actually, neither of these symptoms was really true, but nevertheless it took me some time to figure out what had happened and then to fix it.

The SSL certificate error occured because the upgrade replaced one of the configuration files (/etc/dovecot/conf.d/10-ssl.conf) without telling me. This meant that my locally configured SSL certificates, which are stored in a non-standard directory, were ignored and instead the standard /etc/ssl/certs/dovecot.pem and /etc/ssl/private/dovecot.pem were substituted. This is particularly annoying because apt-get normally flags any changed configuration files on an upgrade and asks if you wish to retain your locally changed file or replace it with the new one distributed. It didn’t this time and I got caught out.

Having fixed that problem, I then hit the apparent authentication failure. My mail client said that authentication with the server had failed whilst the server logs said: “Initialization failed: namespace configuration error: inbox=yes namespace missing“. This didn’t initally mean much to me, but a search for the error message brought me examples of others who had hit this problem. In particular, Bill Ryder’s email on the dovecot email list archive gave me the answer I needed to fix the problem. Once I had added the configuration option he suggests to /etc/dovecot/conf.d/10-mail.conf and reloaded dovecot, my problems disappeared.

But this shouldn’t happen. OK, maybe I should have read the changelog before upgrading, but no minor upgrade should so change a previously working configuration that it fails. I nearly dumped dovecot back in 2010 when version 2.xx release superceded
the earlier 1.2.xx version. The changes between those branches was significant and it took me some time to figure out what I needed to do to get a working migration between the two. But at least I expected changes between a version 1.xx and a version 2,xx.

I may now reconsider my decision to stick with dovecot and look again at courier, or even look for another IMAP/POP server entirely.

Permanent link to this article: https://baldric.net/2013/01/11/dovecot-failure/

2 comments

    • Lanny Waters on 2013/02/02 at 2:37 am

    when I follow the tutorial of upgrading dovecot under Debian lenny the upgrade process wants to upgrade several other packages.Because there is no hint in the tutorial I aborted upgrade. So my question is if it’s ok to upgrade also all other packages?

    • Mick on 2013/02/02 at 8:44 am
      Author

    Hi

    It is quite usual for a package upgrade (or indeed install) to result in upgrades or installation of other packages. The debian apt-get package management system is quite smart about handling package dependencies – one of the reasons I like debian (and its derivatives) so much. I think it is pretty safe for you to go ahead with your upgrade (but read the release notes!)

    Mick

Comments have been disabled.