Hi folks, I have a mailcow server for < 10 accounts running on ARM architecture (4 CPUs 8GB RAM). I have run the update.sh script to update to the latest release (nightly, as this host was set up before the ARM was released to stable and this is the first update that has been run since). After doing this my sogo container fails to start properly, just showing the following logs `sogo-mailcow-1 | Waiting for schema update... ` Further to this, when I try and browse to the MailCow admin UI for the server I just get a blank page displayed. There are no errors logged in the php-fpm container. Checking the sogo version I can see that the schema is out of date when performing the commands in the [bootstrap-sogo.sh script](https://github.com/mailcow/mailcow-dockerized/blob/master/data/Dockerfiles/sogo/bootstrap-sogo.sh#L17) ``` root@ac844a7fcd7a:/# grep -oE '\$db_version = .*;' init_db.inc.php | sed 's/$db_version = //g;s/;//g' | cut -d \" -f2 15082024_1212 root@ac844a7fcd7a:/# mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT version FROM versions;" +------------------------------------------------------------------+ | version | +------------------------------------------------------------------+ | 25072022_2300 | | 2eadaa7787a7a2fbebd54bc0c97a5caab9d2e8f3743ace372142b8a022742a1b | +------------------------------------------------------------------+ ``` The SQL update scripts look to be missing from the container using the `mailcow/sogo:nightly-20240905` image, so I'm not sure how the container is meant to update the schema ``` root@7a92cfb1cfb9:/# ls -l /usr/share/doc/sogo total 4 -rw-r--r-- 1 root root 1144 Jul 24 2016 copyright -rw-r--r-- 1 root root 0 Sep 5 12:23 empty.sh root@7a92cfb1cfb9:/# ``` Should I look at changing to the stable release from the nightly with an update?

It looks like this might be related to this bug report https://github.com/mailcow/mailcow-dockerized/issues/5718

SoGo container "Waiting for schema update" after running update.sh

bloatyfloat

Hi folks, I have a mailcow server for < 10 accounts running on ARM architecture (4 CPUs 8GB RAM).
I have run the update.sh script to update to the latest release (nightly, as this host was set up before the ARM was released to stable and this is the first update that has been run since).

After doing this my sogo container fails to start properly, just showing the following logs
sogo-mailcow-1 | Waiting for schema update...

Further to this, when I try and browse to the MailCow admin UI for the server I just get a blank page displayed. There are no errors logged in the php-fpm container.

Checking the sogo version I can see that the schema is out of date when performing the commands in the bootstrap-sogo.sh script

root@ac844a7fcd7a:/# grep -oE '\$db_version = .*;' init_db.inc.php | sed 's/$db_version = //g;s/;//g' | cut -d \" -f2
15082024_1212

root@ac844a7fcd7a:/# mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT version FROM versions;"
+------------------------------------------------------------------+
| version                                                          |
+------------------------------------------------------------------+
| 25072022_2300                                                    |
| 2eadaa7787a7a2fbebd54bc0c97a5caab9d2e8f3743ace372142b8a022742a1b |
+------------------------------------------------------------------+

The SQL update scripts look to be missing from the container using the mailcow/sogo:nightly-20240905 image, so I’m not sure how the container is meant to update the schema

root@7a92cfb1cfb9:/# ls -l /usr/share/doc/sogo
total 4
-rw-r--r-- 1 root root 1144 Jul 24  2016 copyright
-rw-r--r-- 1 root root    0 Sep  5 12:23 empty.sh
root@7a92cfb1cfb9:/#

Should I look at changing to the stable release from the nightly with an update?

bloatyfloat

It looks like this might be related to this bug report
mailcow/mailcow-dockerized5718

DocFraggle

I guess it’s a problem with the nightly branch then…

changing to the stable branch, but keeping the mysql container version the same, resolved it for me.

bloatyfloat

Running ./update.sh --current has resolved the issue of the SoGo container failing to start, and the webadmin interface does now load, however after transitioning to the stable release I am now unable to access historical emails when logged in, dovecot is returning an error about the private encryption key being unavailable:

dovecot-mailcow-1 | Oct 21 17:24:19 d361e7e45276 dovecot: imap(user@domain.com)<217><oWpA7P8knNysFgH4>: Disconnected: FETCH failed: Mailbox INBOX: UID=3059: read() failed: read(/var/vmail/domain.com/user/Maildir/cur/1729512072.M902144P180822.afd87ad3782a,S=30783,W=31163:2,) failed: Decryption error: no private key available (read reason=prefetch) in=105 out=1966 deleted=0 expunged=0 trashed=0 hdr_count=1 hdr_bytes=0 body_count=0 body_bytes=0

Before performing the switch to the current branch I took a copy of my docker volumes directory, so hopefully I should still have a copy of the correct key - is it possible my checkout from git is too old? I had to switch to the nightly git branch in order to do the initial installation on the ARM service, and I know that since then the dovecot container has been migrated to an Alpine based image which I know had an issue with needing a specific patch that was applied in Debian but not in Alpine that caused a similar looking issue? https://gitlab.alpinelinux.org/alpine/aports/-/issues/15365

Are there any suggestions on how to resolve this particular issue? My dovecot image is currently: mailcow/dovecot:2.1

bloatyfloat

My issue with my emails being reporting an issue with the private key was caused by a bug in an old nightly image that meant that the same keys generated encrypted data that could only be decrypted from the same container image. This information was mentioned to me in the Telegram channel.

The container image I was running before updating/migrating to stable was mailcow/dovecot:nightly-20231016

The recommendation I was given in the mailcow telegram following the failed update/migration was to backup and then roll back the upgrade to the previous version I was coming from, decrypt the mail in all mailboxes, and then update back to stable and re-encrypt all the mail in all the mailboxes.

I had previously had an override defined in the docker-compose.overrides.yml for the dovecot container image, so rather than perform a full rollback I started a temporary container with the older container image, using bind mounts to point to the crypt and vmail volumes (which allowed me to keep my production mail system up and running)

docker run --rm -it --entrypoint /bin/bash -v /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data:/var/vmail:rw -v /var/lib/docker/volumes/mailcowdockerized_crypt-vol-1/_data:/mail_crypt:ro mailcow/dovecot:nightly-20231016

Once this temporary container was running I used the documentation to decrypt mail inside the temporary container using the old image. This worked cleanly (I had to make a minor adjestment to the find command which didn’t support the -regextype egrep flag), and this left me with unencrypted mails in each account.

I then activated a bash prompt inside the production dovecot container (as per the documentation linked above) and used a variation on the command included there to re-compress and re-encrypt the mail files.

find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do
if [[ $(head -c7 "$file") != "CRYPTED" ]]; then
doveadm fs put compress lz4:1:crypt:private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \
  "$file" "$file"
  chmod 600 "$file"
  chown 5000:5000 "$file"
fi
done

After logging into SoGo I was able to read emails that had been delivered before the update procedure was initiated, and refreshing my Android email client showed emails again.
I hope this provides useful information for people struggling in future!