Generate dhparam and dovecot cert on start

[erik-wramner]

Moved dhparam generation and dovecot mkcert from Dockerfile to start-mailserver.sh.

[massada]

Hi,
dovecot keeps crashing and I think it might have been these changes.

Initializing setup
Checking configuration
Configuring mail server
rm: cannot remove '/etc/dovecot/dh.pem': No such file or directory
rm: cannot remove '/etc/postfix/dhparams.pem': No such file or directory
/tmp/docker-mailserver /
/
Starting Misc
Starting mail server
2019-08-13 00:15:49,370 INFO spawned: 'cron' with pid 174
2019-08-13 00:15:49,371 INFO success: cron entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
cron: started
2019-08-13 00:15:50,006 INFO spawned: 'rsyslog' with pid 176
2019-08-13 00:15:50,007 INFO success: rsyslog entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
rsyslog: started
2019-08-13 00:15:50,639 INFO spawned: 'dovecot' with pid 180
2019-08-13 00:15:50,640 INFO success: dovecot entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
dovecot: started
2019-08-13 00:15:50,688 INFO exited: dovecot (exit status 89; not expected)
2019-08-13 00:15:50,692 INFO spawned: 'dovecot' with pid 183
2019-08-13 00:15:50,740 INFO success: dovecot entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2019-08-13 00:15:50,740 INFO exited: dovecot (exit status 89; not expected)
2019-08-13 00:15:50,742 INFO spawned: 'dovecot' with pid 185
2019-08-13 00:15:50,792 INFO success: dovecot entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2019-08-13 00:15:50,793 INFO exited: dovecot (exit status 89; not expected)
...

tail dovecot.log 
doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 49: ssl_dh: Can't open file /etc/dovecot/dh.pem: No such file or directory
doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 49: ssl_dh: Can't open file /etc/dovecot/dh.pem: No such file or directory
doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 49: ssl_dh: Can't open file /etc/dovecot/dh.pem: No such file or directory
doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 49: ssl_dh: Can't open file /etc/dovecot/dh.pem: No such file or directory
doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 49: ssl_dh: Can't open file /etc/dovecot/dh.pem: No such file or directory
doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 49: ssl_dh: Can't open file /etc/dovecot/dh.pem: No such file or directory
doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 49: ssl_dh: Can't open file /etc/dovecot/dh.pem: No such file or directory
doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 49: ssl_dh: Can't open file /etc/dovecot/dh.pem: No such file or directory
doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 49: ssl_dh: Can't open file /etc/dovecot/dh.pem: No such file or directory
doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 49: ssl_dh: Can't open file /etc/dovecot/dh.pem: No such file or directory

If I copy from /var/mail-state/lib-shared/dhparams.pem to /etc/dovecot/dh.pem (and /etc/postfix/dhparams.pem) it stays up:

2019-08-13 00:23:57,286 INFO spawned: 'dovecot' with pid 20779
Aug 13 00:23:57 mail dovecot: master: Dovecot v2.3.4.1 (f79e8e7e4) starting up for imap, lmtp, sieve
2019-08-13 00:23:58,139 INFO success: dovecot entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)

Removing the rm commands should fix the issue, since they aren't being generated anymore:

rm /etc/postfix/dhparams.pem && cp $DHPARAMS_FILE /etc/postfix/dhparams.pem
...
rm /etc/dovecot/dh.pem && cp $DHPARAMS_FILE /etc/dovecot/dh.pem

[mcastillof]

I'm having the same problem after an update today.
The copy from /var/mail-state/lib-shared/dhparams.pem to /etc/dovecot/dh.pem worked as massada suggests.

[roens]

I too am facing this, starting today. The "fix" I've implemented is to add a couple lines to volumes: in the Compose YAML:

  - /var/mail-state/lib-shared/dhparams.pem:/etc/dovecot/dh.pem
  - /var/mail-state/lib-shared/dhparams.pem:/etc/postfix/dhparams.pem

Then on container restart, dovecot is again able to launch and I again have SMTP service.

[cybermcm]

2nd that, today dovecot wasn't working anymore (server reboot and container update) @massada's solution works, just

cp /var/mail-state/lib-shared/dhparams.pem /etc/dovecot/dh.pem && /etc/init.d/dovecot restart

[erik-wramner]

Hopefully #1226 will fix this, sorry that we didn't catch it before release.

[massada]

All good with the latest package. Thanks @erik-wramner

[swiesend]

I still have problems here with a running ONE_DIR=1 server.

Aug 13 23:01:15 mail postfix/smtpd[17007]: warning: cannot load 1024-bit DH parameters from file /etc/postfix/dhparams.pem: No such file or directory -- using compiled-in defaults
Aug 13 23:01:15 mail postfix/smtpd[17007]: connect from ***
Aug 13 23:01:15 mail postfix/smtpd[17007]: warning: SASL: Connect to /var/spool/postfix/private/auth failed: Connection refused
Aug 13 23:01:15 mail postfix/smtpd[17007]: fatal: no SASL authentication mechanisms
Aug 13 23:01:16 mail postfix/master[1511]: warning: process /usr/lib/postfix/sbin/smtpd pid 17007 exit status 1
Aug 13 23:01:16 mail postfix/master[1511]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling

I tried @roens approach with my docker-compose.yml, but without success:

      - ./ssl/dhparams.pem:/etc/dovecot/dh.pem
      - ./ssl/dhparams.pem:/etc/postfix/dhparams.pem

At least postfix is not complaining about not finding dhparams.pem anymore, but SASL is still not working:

Aug 13 23:56:07 mail postfix/smtpd[19678]: connect from ***
Aug 13 23:56:07 mail postfix/smtpd[19678]: warning: SASL: Connect to /var/spool/postfix/private/auth failed: Connection refused
Aug 13 23:56:07 mail postfix/smtpd[19678]: fatal: no SASL authentication mechanisms
Aug 13 23:56:08 mail postfix/master[1440]: warning: process /usr/lib/postfix/sbin/smtpd pid 19678 exit status 1
Aug 13 23:56:08 mail postfix/master[1440]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling

[swiesend]

Ah, this worked

$ ./setup.sh debug login

cp /var/mail-state/lib-shared/dhparams.pem /etc/dovecot/dh.pem
cp /var/mail-state/lib-shared/dhparams.pem /etc/postfix/dhparams.pem
/etc/init.d/dovecot restart

$ docker-compose restart

[erik-wramner]

Hm, @swiesend you shouldn't need to copy the files manually, the startup script should do that. If this was a one-off and nobody else complains I'll leave it at that. If you need to repeat the procedure please log an issue so that we can fix it permanently.

Again, sorry that this got past the tests.

[sischnei]

I see this same warning message for each incoming mail:

Dec 29 20:43:43 mail postfix/smtpd[6442]: warning: cannot load 1024-bit DH parameters from file /etc/postfix/dhparams.pem -- using compiled-in defaults
Dec 29 20:43:43 mail postfix/smtpd[6442]: warning: TLS library problem: error:0906D06C:PEM routines:PEM_read_bio:no start line:../crypto/pem/pem_lib.c:686:Expecting: DH PARAMETERS:
Dec 29 20:43:43 mail postfix/smtpd[6442]: connect from localhost[127.0.0.1]

I haven't tried the above posted workaround, but as you said, recreating the docker container would remove the fix anyways, so that's not a proper solution I guess!

Also please know that the server seems to be running without issues, sending and receiving mails as it should apart from that warn message!

[erik-wramner]

@sischnei please don't resurrect an old PR, log a new issue instead and don't forget to fill in all the relevant parts of the template.