----- Original Message -----
From: "Zeffie" <bluequartzlist (at mark) hotmail.com>
To: <coba-e (at mark) bluequartz.org>
Sent: Tuesday, March 11, 2008 10:34 AM
Subject: [coba-e:12243] Re: [testing] dovecot udpate
>>> I have the following issues with this.
>>> #1 This will not fix to the db crashing problem
>>
>> I'm not sure this package fixes or not,
>> If you are right, what is the cause of db crashing issue?
>> And, will you send us your patch to fix it?
>
> The problem is in the way dovecot starts new child processes. they double
> their amount until the limit set by this setting is reached.. which by
> default is unlimited. When a dos attack and or a exchange server opens
> multiple auth sessions the db program can't keep up. The solution is to
> limit the potential processess... (The version update is just good
> pratice)
>
> @@ -159,7 +159,7 @@
> # we check only once in a second if new processes should be created - if
> all
> # of them are used at the time, we double their amount until the limit set
> by
> # this setting is reached.
> -#login_max_processes_count = 128
> +login_max_processes_count = 12
>
>
>>> #2 I don't like the change to the Release number format
>>> @@ -1,13 +1,13 @@
>>> Summary: Dovecot Secure imap server
>>> Name: dovecot
>>> -Version: 1.0
>>> -Release: 1.0.BQ
>>> +Version: 1.0.12
>>> +Release: 0BQ01
>>> License: LGPL
>>
>> What is your recommend numbering rule?
>
> 0BQ01 in not a number but instead a word and will not work well in a
> number based system.. This is the 1.0 release of the new version so it
> should stay the same. The Release number does not need to be changed and
> this change may cause problems since it is incorrectly formatted.
>
>>
>>> #3 I don't like the usage of perl in the spec file
>>
>> Hahaha... the post scripts exactly use some perl script.
>> You mean, if the spec file use perl, we need to add require perl, right?
>> Anyway, BlueQuartz uses perl by default, so it isn't big problem.
>>
>
> No it's just messy and I would consider it a bad hack job. A patch should
> be made for these changes as calling perl 6 times durring an install could
> cause a crash that could cause yum to report an error and allow for a
> mis-configured and or broken dovecot.conf. This would depend on the load,
> memory and overall health of the system.
>
> By making a patch you guarentee the conf will be adjusted as desired.
>
> (I made a patch)
>
>>
>>> #4 I posted my dovecot rpm and I have had 489 downloads from 175 unique
>>> ip's and the only problem found was if ssl is on then it was shut off
>>> but not in the gui. This update does not address that and still
>>> include the changes to the dovecot.conf.
>>
>> Your package will probably fix db issue, but I don't know how to fix and
>> it will fix correctly.
>> But, all users has ssl problem who are enabled imaps and pops, in fact.
>> I think we should release the package that doesn't break the function
>> and doesn't conflict GUI settings and configurations.
>> Because of BlueQuartz is the software for appliance.
>> Hisao
>
> the ssl problem would require a cce post script to to check the codb and
> adjust the dovecot.conf as needed... I would have to pay my programmer to
> do this work and I'm not sure it would be a good investment for me.
>
> I have made several other changes to the spec as well...
> --- SPECS/dovecot.spec 2007-04-16 18:23:08.000000000 -0500
> +++ SPECS/dovecot.spec.mine 2008-03-06 19:14:31.000000000 -0600
> @@ -1,13 +1,15 @@
> Summary: Dovecot Secure imap server
> Name: dovecot
> -Version: 1.0
> -Release: 1.0.BQ
> +Version: 1.0.12
> +Release: 1.0.Z1.centos4.Zeffie.com.BQ
> License: LGPL
> Group: System Environment/Daemons
> +URL: http://www.dovecot.org/download.html
>
> +%define _unpackaged_files_terminate_build 0
> %define build_postgres 0
> %define build_mysql 0
> -%define upstream 1.0.0
> +%define upstream %{version}
>
> Source: %{name}-%{upstream}.tar.gz
> Source1: dovecot.init
> @@ -18,8 +20,8 @@
> Source6: perfect_maildir.pl
> Source7: dovecot-REDHAT-FAQ.txt
> Source100: dovecot-bluequartz.pam
> +Patch: dovecot.patch
>
> -URL: http://www.dovecot.org/
> Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root
> BuildRequires: openssl-devel
> BuildRequires: openldap-devel
> @@ -64,6 +66,7 @@
> %prep
>
> %setup -q -n %{name}-%{upstream}
> +%patch0
>
> %build
> #rm -f ./configure
> @@ -141,12 +144,8 @@
> fi
>
> %post
> -/usr/bin/perl -pi -e "s|#auth_cache_size.*|auth_cache_size = 1024|;"
> /etc/dovecot.conf
> -/usr/bin/perl -pi -e "s|#auth_cache_ttl.*|auth_cache_ttl = 3600|;"
> /etc/dovecot.conf
> -/usr/bin/perl -pi -e "s|.*disable_plaintext_auth.*|disable_plaintext_auth
> = no|;" /etc/dovecot.conf
> -/usr/bin/perl -pi -e "s|.*pop3_uidl_format.*| pop3_uidl_format =
> %08Xu%08Xv|;" /etc/dovecot.conf
> -/usr/bin/perl -pi -e "s|^#mail_location =|mail_location =
> mbox:~/mail/:INBOX=mbox|;" /etc/dovecot.conf
> -/usr/bin/perl -pi -e 'if ( /^.*passdb pam/ ) {$change = 1;} if ($change
> && /#args/) {s/#args = dovecot/args = session=yes cache_key=%u%s dovecot/;
> $change = 0;}' /etc/dovecot.conf
> +# reboot notice
> +echo "Updates require you to reboot" | mail -s "REBOOT REQUIRED on
> `hostname`" root
>
> /sbin/chkconfig --add %{name}
> # create a ssl cert
> @@ -172,10 +171,10 @@
> # Restart if it had been running before installation
> if [ -e %{restart_flag} ]; then
> rm %{restart_flag}
> - /sbin/service %{name} start >/dev/null 2>&1
> + /sbin/service %{name} restart >/dev/null 2>&1
> fi
>
> -/sbin/service cced.init restart >/dev/null 2>&1
> +# why???? /sbin/service cced.init restart >/dev/null 2>&1
>
> exit 0
>
> @@ -201,8 +200,8 @@
> %attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5
> size mtime) %{ssldir}/private/dovecot.pem
> %dir %{_libexecdir}/%{name}
> %{_libexecdir}/%{name}/*
> -%{_libdir}/%{name}/imap/*
> -%{_libdir}/%{name}/lda/*
> +# listed twice error %{_libdir}/%{name}/imap/*
> +# listed twice error %{_libdir}/%{name}/lda/*
> %{_libdir}/%{name}/*
> %{_sbindir}/dovecot
> %{_sbindir}/dovecotpw
> @@ -213,6 +212,30 @@
>
>
> %changelog
> +* Thu Mar 6 2008 Jeff Ball <zeffie>
> +- fix url location in spec
> +- update to 1.0.12
> +- change the upstream var to %{version}
> +- specify centos4 in the filename
> +
> +* Thu Dec 13 2007 Jeff Ball <zeffie>
> +- disable disable_plaintext_auth perl adjustment again....
> +- it's just gone!
> +
> +* Fri Dec 7 2007 Jeff Ball <zeffie>
> +- add the Microsoft Exchange Server fix
> +
> +* Sat Dec 1 2007 Jeff Ball <zeffie>
> +- disable disable_plaintext_auth perl adjustment
> +
> +* Wed Nov 28 2007 Jeff Ball <zeffie>
> +- rev to 1.0.8
> +- review spec
> +- define _unpackaged_files_terminate_build 0
> +- don't list the lib twice
> +- why is the lib packaged anyway....
> +- this needs to go into a devel rpm
> +
> * Mon Apr 16 2007 Brian Smith <brian> 1.0.BQ
> - 1.0 finally released!! Changed cache TTL to 3600
>
> you can find the SRPM here
> http://www.bqforge.com/FREE/dovecot-1.0.12-1.0.Z1.centos4.Zeffie.com.BQ.src.rpm
> if you would like to review my exact work...
>
> there are additional changes that need to be done as well but since I'm
> not sure about my staying here today I'm not sure I will make them...
>
> hope this helps
>
>
> --
> Zeffie...
It looks like there is a new version out March 9 and the old version 1.011 +
versions could allow users to log in without a password.
http://www.dovecot.org/
----
Ken Marcus
Ecommerce Web Hosting by
Precision Web Hosting, Inc.
http://www.precisionweb.net