Home / server / Questions / 1138566
Accepted
Alex
Asked: 2023-07-22 19:34:34 +0800 CST

After upgrading Ubuntu Dovecot fails to start with a fatal error: Argument list too long

  • 772

After upgrading Ubuntu from 20.04 to 22.04 I'm having a problem with starting dovecot and I'm getting the following error:

$ sudo dovecot -F
doveconf: Fatal: execvp(/usr/sbin/dovecot) failed: Argument list too long

After some searching I found out that you have to raise the ARG_MAX variable, but I don't know how.

I have tried finding solutions in ulimit, sysconf and exec.

$ sudo getconf ARG_MAX
2097152
$ getconf ARG_MAX
6291456

I have added the following to /etc/secutiry/limits.conf:

root    soft    nofile      65535
root    hard    nofile      65535

LimitNOFILE=65536 in dovecot.service but it still throws the same error!

$ sudo doveconf -n

auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = PLAIN
auth_verbose = yes
disable_plaintext_auth = no
log_path = /var/log/dovecot.log
mail_home = /home/vmail/%d/%u
mail_location = maildir:~
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
protocols = imap pop3
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  user = root
}
ssl = required
ssl_ca = </etc/ssl/certs/ca-certificates.crt
ssl_cert = </etc/letsencrypt/live/*.nl/fullchain.pem
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
userdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
local_name mail.*.nl {
  protocol imap {
    ssl_ca = </etc/ssl/certs/ca-certificates.crt
    ssl_cert = </etc/letsencrypt/live/*.nl/fullchain.pem
    ssl_key = # hidden, use -P to show it
  }
}
local_name mail.*.nl {
  protocol pop3 {
    ssl_ca = </etc/ssl/certs/ca-certificates.crt
    ssl_cert = </etc/letsencrypt/live/*.nl/fullchain.pem
    ssl_key = # hidden, use -P to show it
  }
}

Exit code: 89

dovecot

1 Answers

  1. Best Answer

    What if reasonable limit are effective.. but you are really passing something inappropriately large in an unexpected place?

    I can see one potential candidate: I do not think this is what you meant to configure:

    ssl_ca = </etc/ssl/certs/ca-certificates.crt

    That is for verification of client certificates sent to you. If you even used that, it would still not contain a substantial number of certificates.

    If you wanted to override what is used to verify only certificates when connecting in a client role, you would use ssl_client_ca_dir, but that already should have sensible defaults, so no need to.

    • 2