hschramm
Basic Pleskian
Username: hschramm
TITLE
Extension SSLit: Dovecot unable to start due to too many SNI ssl certificate config files
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
PLESK 18.0.36, Debian Linux Buster, SSLit 1.9.0 1242
PROBLEM DESCRIPTION
With 600+ Domains on a Server and SSLit extension it may happen that dovecot is no longer startable if too many domain certificates are added to dovecot.
STEPS TO REPRODUCE
Create 600+ Domains on a server
Enable SSLit
Secure all Domains especially for IMAP, POP3
Try to restart dovecot or enable pci_compliance for dovecot (which triggers a restart)
ACTUAL RESULT
plesk sbin pci_compliance_resolver --enable dovecot
Job for dovecot.service failed.
See "systemctl status dovecot.service" and "journalctl -xe" for details.
INFO: [Sat Jul 10 03:47:13 CEST 2021]: Service: dovecot, Action: reload
Trying to reload service dovecot... active
Jul 10 03:47:13 server1 systemd[1]: Started Dovecot IMAP/POP3 email server.
Jul 10 03:47:13 server1 systemd[1]: Reloading Dovecot IMAP/POP3 email server.
Jul 10 03:47:14 server1 dovecot[16034]: doveconf: Warning: service auth { client_limit=1000 } is lower than required under max. load (2248)
Jul 10 03:47:14 server1 dovecot[16034]: doveconf: Warning: service anvil { client_limit=1000 } is lower than required under max. load (2251)
Jul 10 03:47:14 server1 doveadm[16087]: Fatal: Dovecot is not running (read from /var/run/dovecot/master.pid)
Jul 10 03:47:14 server1 systemd[1]: dovecot.service: Control process exited, code=exited, status=75/TEMPFAIL
Jul 10 03:47:14 server1 systemd[1]: Reload failed for Dovecot IMAP/POP3 email server.
***** problem report *****
Warning: reload service dovecot failed
ERROR: Command '['/opt/psa/admin/sbin/pleskrc', 'dovecot', 'reload']' returned non-zero exit status 1
exit status 1
Jul 10 03:47:28 server1 dovecot[16143]: config: Fatal: pool_system_malloc(1608): Out of memory
Jul 10 03:47:28 server1 dovecot[16034]: master: Error: Error reading configuration: read(/var/run/dovecot/config) failed: EOF
Jul 10 03:47:28 server1 dovecot[16143]: config: Fatal: master: service(config): child 16277 returned error 83 (Out of memory (service config { vsz_limit=256 MB }, you may need to increase it) - set CORE_OUTOFMEM=1 environment to get core dump)
EXPECTED RESULT
It should not fail but set the vsz_limit to 1G
ANY ADDITIONAL INFORMATION
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM
Confirm bug
TITLE
Extension SSLit: Dovecot unable to start due to too many SNI ssl certificate config files
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
PLESK 18.0.36, Debian Linux Buster, SSLit 1.9.0 1242
PROBLEM DESCRIPTION
With 600+ Domains on a Server and SSLit extension it may happen that dovecot is no longer startable if too many domain certificates are added to dovecot.
STEPS TO REPRODUCE
Create 600+ Domains on a server
Enable SSLit
Secure all Domains especially for IMAP, POP3
Try to restart dovecot or enable pci_compliance for dovecot (which triggers a restart)
ACTUAL RESULT
plesk sbin pci_compliance_resolver --enable dovecot
Job for dovecot.service failed.
See "systemctl status dovecot.service" and "journalctl -xe" for details.
INFO: [Sat Jul 10 03:47:13 CEST 2021]: Service: dovecot, Action: reload
Trying to reload service dovecot... active
Jul 10 03:47:13 server1 systemd[1]: Started Dovecot IMAP/POP3 email server.
Jul 10 03:47:13 server1 systemd[1]: Reloading Dovecot IMAP/POP3 email server.
Jul 10 03:47:14 server1 dovecot[16034]: doveconf: Warning: service auth { client_limit=1000 } is lower than required under max. load (2248)
Jul 10 03:47:14 server1 dovecot[16034]: doveconf: Warning: service anvil { client_limit=1000 } is lower than required under max. load (2251)
Jul 10 03:47:14 server1 doveadm[16087]: Fatal: Dovecot is not running (read from /var/run/dovecot/master.pid)
Jul 10 03:47:14 server1 systemd[1]: dovecot.service: Control process exited, code=exited, status=75/TEMPFAIL
Jul 10 03:47:14 server1 systemd[1]: Reload failed for Dovecot IMAP/POP3 email server.
***** problem report *****
Warning: reload service dovecot failed
ERROR: Command '['/opt/psa/admin/sbin/pleskrc', 'dovecot', 'reload']' returned non-zero exit status 1
exit status 1
Jul 10 03:47:28 server1 dovecot[16143]: config: Fatal: pool_system_malloc(1608): Out of memory
Jul 10 03:47:28 server1 dovecot[16034]: master: Error: Error reading configuration: read(/var/run/dovecot/config) failed: EOF
Jul 10 03:47:28 server1 dovecot[16143]: config: Fatal: master: service(config): child 16277 returned error 83 (Out of memory (service config { vsz_limit=256 MB }, you may need to increase it) - set CORE_OUTOFMEM=1 environment to get core dump)
EXPECTED RESULT
It should not fail but set the vsz_limit to 1G
ANY ADDITIONAL INFORMATION
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM
Confirm bug