Re: stale (?) .dovecot.svbin causing segfault in dovecot-lda
On 03/11/2021 11:34, Matthieu Herrb wrote: Hi, I've not touched the sieve filters I'm using for a long time (last modification 2 years ago), but I've upgraded the dovecot package and the system of my mail server. ~/.dovecot.svbin has not been updated, but I found out today that it would cause dovecot-lda to crash on some specifig messages (and fail to deliver them). Most of the mails (>99.9%) are delivered ok though. Here's the trace of the crash in the system logs : Nov 3 08:48:13 nowhere dovecot: lda(matthieu)<33178>: Panic: Buffer write out of range (0 + 1) Nov 3 08:48:15 nowhere smtpd[37379]: ac2aaecba4099baa mda delivery evpid=b9346ef1d2a6c223 from= to= rcpt= user=matthieu delay=12s result=PermFail stat=Error ("Abort trap (core dumped) ") After removing the old file, dovecot-lda is able to deliver the message that caused the crash whitout issues. Shouldn't ~/.dovecot.svbin be automatically be re-generated on dovecot version changes ? Yes, definitely. Some details: I'm running OpenBSD (7.0 right now, was 6.9 before and probably 6.5 the last time .dovecot.svbin was generated). My logs show that the issue has also been happening with OpenBSD 6.9, but I never noticed until today). OpenSMTP is configured to deliver the message through dovecot-lda with: action "deliver" \ mda "/usr/local/libexec/dovecot/dovecot-lda" \ alias in /etc/mail/smtpd.conf I'd need at least the Sieve script and the .svbin or, better yet, a backtrace of the panic core dump. Regards, Stephan. Below is the output of doveadm config : # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.16 (09c29328) # OS: OpenBSD 7.0 amd64 ffs # Hostname: nowhere.herrb.eu # NOTE: Send doveconf -n output instead when asking for help. auth_anonymous_username = anonymous auth_cache_negative_ttl = 1 hours auth_cache_size = 0 auth_cache_ttl = 1 hours auth_cache_verify_password_with_worker = no auth_debug = no auth_debug_passwords = no auth_default_realm = auth_failure_delay = 2 secs auth_gssapi_hostname = auth_krb5_keytab = auth_master_user_separator = auth_mechanisms = plain auth_policy_check_after_auth = yes auth_policy_check_before_auth = yes auth_policy_hash_mech = sha256 auth_policy_hash_nonce = auth_policy_hash_truncate = 12 auth_policy_log_only = no auth_policy_reject_on_fail = no auth_policy_report_after_auth = yes auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s session_id=%{session} auth_policy_server_api_header = auth_policy_server_timeout_msecs = 2000 auth_policy_server_url = auth_proxy_self = auth_realms = auth_socket_path = auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_cert = no auth_stats = no auth_use_winbind = no auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_username_format = %Lu auth_username_translation = auth_verbose = yes auth_verbose_passwords = no auth_winbind_helper_path = /usr/bin/ntlm_auth auth_worker_max_count = 30 base_dir = /var/dovecot config_cache_size = 1 M debug_log_path = default_client_limit = 500 default_idle_kill = 1 mins default_internal_group = _dovecot default_internal_user = _dovecot default_login_user = _dovenull default_process_limit = 100 default_vsz_limit = 256 M deliver_log_format = msgid=%m: %$ dict_db_config = director_flush_socket = director_mail_servers = director_max_parallel_kicks = 100 director_max_parallel_moves = 100 director_output_buffer_size = 10 M director_ping_idle_timeout = 30 secs director_ping_max_timeout = 1 mins director_servers = director_user_expire = 15 mins director_user_kick_delay = 2 secs director_username_hash = %u disable_plaintext_auth = yes dotlock_use_excl = yes doveadm_allowed_commands = doveadm_api_key = doveadm_http_rawlog_dir = doveadm_password = doveadm_port = 0 doveadm_socket_path = doveadm-server doveadm_ssl = no doveadm_username = doveadm doveadm_worker_count = 0 dsync_alt_char = _ dsync_commit_msgs_interval = 100 dsync_features = dsync_hashed_headers = Date Message-ID dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U first_valid_gid = 1 first_valid_uid = 1000 haproxy_timeout = 3 secs haproxy_trusted_networks = hostname = imap_capability = imap_client_workarounds = imap_fetch_failure = disconnect-immediately imap_hibernate_timeout = 0 imap_id_log = imap_id_retain = no imap_id_send = name * imap_idle_notify_interval = 2 mins imap_literal_minus = no imap_logout_format = in=%i out=%o deleted=%{deleted} expunged=%{expunged} trashed=%{trashed} hdr_count=%{fetch_hdr_count} hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count} body_bytes=%{fetch_body_bytes} imap_max_line_length = 64 k imap_metadata = no imap_urlauth_host = imap_urlauth_logout_format = in=%i out=%o imap_urlauth_port = 143 imapc_cmd_timeout = 5 mins imapc_connection_retry_count = 1 imapc_connection_retry_interval = 1 secs imapc_features = imapc_host =
stale (?) .dovecot.svbin causing segfault in dovecot-lda
Hi, I've not touched the sieve filters I'm using for a long time (last modification 2 years ago), but I've upgraded the dovecot package and the system of my mail server. ~/.dovecot.svbin has not been updated, but I found out today that it would cause dovecot-lda to crash on some specifig messages (and fail to deliver them). Most of the mails (>99.9%) are delivered ok though. Here's the trace of the crash in the system logs : Nov 3 08:48:13 nowhere dovecot: lda(matthieu)<33178>: Panic: Buffer write out of range (0 + 1) Nov 3 08:48:15 nowhere smtpd[37379]: ac2aaecba4099baa mda delivery evpid=b9346ef1d2a6c223 from= to= rcpt= user=matthieu delay=12s result=PermFail stat=Error ("Abort trap (core dumped) ") After removing the old file, dovecot-lda is able to deliver the message that caused the crash whitout issues. Shouldn't ~/.dovecot.svbin be automatically be re-generated on dovecot version changes ? or is it dependant on other things (like system libs changing) ? Some details: I'm running OpenBSD (7.0 right now, was 6.9 before and probably 6.5 the last time .dovecot.svbin was generated). My logs show that the issue has also been happening with OpenBSD 6.9, but I never noticed until today). OpenSMTP is configured to deliver the message through dovecot-lda with: action "deliver" \ mda "/usr/local/libexec/dovecot/dovecot-lda" \ alias in /etc/mail/smtpd.conf Below is the output of doveadm config : # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.16 (09c29328) # OS: OpenBSD 7.0 amd64 ffs # Hostname: nowhere.herrb.eu # NOTE: Send doveconf -n output instead when asking for help. auth_anonymous_username = anonymous auth_cache_negative_ttl = 1 hours auth_cache_size = 0 auth_cache_ttl = 1 hours auth_cache_verify_password_with_worker = no auth_debug = no auth_debug_passwords = no auth_default_realm = auth_failure_delay = 2 secs auth_gssapi_hostname = auth_krb5_keytab = auth_master_user_separator = auth_mechanisms = plain auth_policy_check_after_auth = yes auth_policy_check_before_auth = yes auth_policy_hash_mech = sha256 auth_policy_hash_nonce = auth_policy_hash_truncate = 12 auth_policy_log_only = no auth_policy_reject_on_fail = no auth_policy_report_after_auth = yes auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s session_id=%{session} auth_policy_server_api_header = auth_policy_server_timeout_msecs = 2000 auth_policy_server_url = auth_proxy_self = auth_realms = auth_socket_path = auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_cert = no auth_stats = no auth_use_winbind = no auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_username_format = %Lu auth_username_translation = auth_verbose = yes auth_verbose_passwords = no auth_winbind_helper_path = /usr/bin/ntlm_auth auth_worker_max_count = 30 base_dir = /var/dovecot config_cache_size = 1 M debug_log_path = default_client_limit = 500 default_idle_kill = 1 mins default_internal_group = _dovecot default_internal_user = _dovecot default_login_user = _dovenull default_process_limit = 100 default_vsz_limit = 256 M deliver_log_format = msgid=%m: %$ dict_db_config = director_flush_socket = director_mail_servers = director_max_parallel_kicks = 100 director_max_parallel_moves = 100 director_output_buffer_size = 10 M director_ping_idle_timeout = 30 secs director_ping_max_timeout = 1 mins director_servers = director_user_expire = 15 mins director_user_kick_delay = 2 secs director_username_hash = %u disable_plaintext_auth = yes dotlock_use_excl = yes doveadm_allowed_commands = doveadm_api_key = doveadm_http_rawlog_dir = doveadm_password = doveadm_port = 0 doveadm_socket_path = doveadm-server doveadm_ssl = no doveadm_username = doveadm doveadm_worker_count = 0 dsync_alt_char = _ dsync_commit_msgs_interval = 100 dsync_features = dsync_hashed_headers = Date Message-ID dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U first_valid_gid = 1 first_valid_uid = 1000 haproxy_timeout = 3 secs haproxy_trusted_networks = hostname = imap_capability = imap_client_workarounds = imap_fetch_failure = disconnect-immediately imap_hibernate_timeout = 0 imap_id_log = imap_id_retain = no imap_id_send = name * imap_idle_notify_interval = 2 mins imap_literal_minus = no imap_logout_format = in=%i out=%o deleted=%{deleted} expunged=%{expunged} trashed=%{trashed} hdr_count=%{fetch_hdr_count} hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count} body_bytes=%{fetch_body_bytes} imap_max_line_length = 64 k imap_metadata = no imap_urlauth_host = imap_urlauth_logout_format = in=%i out=%o imap_urlauth_port = 143 imapc_cmd_timeout = 5 mins imapc_connection_retry_count = 1 imapc_connection_retry_interval = 1 secs imapc_features = imapc_host = imapc_list_prefix = imapc_master_user = imapc_max_idle_time = 29 mins imapc_max_line_length = 0