stale (?) .dovecot.svbin causing segfault in dovecot-lda
Hi,
I've not touched the sieve filters I'm using for a long time (last
modification 2 years ago), but I've upgraded the dovecot package and
the system of my mail server.
~/.dovecot.svbin has not been updated, but I found out today that it
would cause dovecot-lda to crash on some specifig messages (and fail
to deliver them). Most of the mails (>99.9%) are delivered ok though.
Here's the trace of the crash in the system logs :
Nov 3 08:48:13 nowhere dovecot: lda(matthieu)<33178>:
Panic: Buffer write out of range (0 + 1)
Nov 3 08:48:15 nowhere smtpd[37379]: ac2aaecba4099baa mda delivery
evpid=b9346ef1d2a6c223 from= to=
rcpt= user=matthieu delay=12s result=PermFail stat=Error
("Abort trap (core dumped) ")
After removing the old file, dovecot-lda is able to deliver the
message that caused the crash whitout issues.
Shouldn't ~/.dovecot.svbin be automatically be re-generated on dovecot
version changes ? or is it dependant on other things (like system libs
changing) ?
Some details:
I'm running OpenBSD (7.0 right now, was 6.9 before and probably 6.5
the last time .dovecot.svbin was generated). My logs show that the
issue has also been happening with OpenBSD 6.9, but I never noticed
until today). OpenSMTP is configured to deliver the message through
dovecot-lda with:
action "deliver" \
mda "/usr/local/libexec/dovecot/dovecot-lda" \
alias
in /etc/mail/smtpd.conf
Below is the output of doveadm config :
# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.16 (09c29328)
# OS: OpenBSD 7.0 amd64 ffs
# Hostname: nowhere.herrb.eu
# NOTE: Send doveconf -n output instead when asking for help.
auth_anonymous_username = anonymous
auth_cache_negative_ttl = 1 hours
auth_cache_size = 0
auth_cache_ttl = 1 hours
auth_cache_verify_password_with_worker = no
auth_debug = no
auth_debug_passwords = no
auth_default_realm =
auth_failure_delay = 2 secs
auth_gssapi_hostname =
auth_krb5_keytab =
auth_master_user_separator =
auth_mechanisms = plain
auth_policy_check_after_auth = yes
auth_policy_check_before_auth = yes
auth_policy_hash_mech = sha256
auth_policy_hash_nonce =
auth_policy_hash_truncate = 12
auth_policy_log_only = no
auth_policy_reject_on_fail = no
auth_policy_report_after_auth = yes
auth_policy_request_attributes = login=%{requested_username}
pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
session_id=%{session}
auth_policy_server_api_header =
auth_policy_server_timeout_msecs = 2000
auth_policy_server_url =
auth_proxy_self =
auth_realms =
auth_socket_path = auth-userdb
auth_ssl_require_client_cert = no
auth_ssl_username_from_cert = no
auth_stats = no
auth_use_winbind = no
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
auth_username_format = %Lu
auth_username_translation =
auth_verbose = yes
auth_verbose_passwords = no
auth_winbind_helper_path = /usr/bin/ntlm_auth
auth_worker_max_count = 30
base_dir = /var/dovecot
config_cache_size = 1 M
debug_log_path =
default_client_limit = 500
default_idle_kill = 1 mins
default_internal_group = _dovecot
default_internal_user = _dovecot
default_login_user = _dovenull
default_process_limit = 100
default_vsz_limit = 256 M
deliver_log_format = msgid=%m: %$
dict_db_config =
director_flush_socket =
director_mail_servers =
director_max_parallel_kicks = 100
director_max_parallel_moves = 100
director_output_buffer_size = 10 M
director_ping_idle_timeout = 30 secs
director_ping_max_timeout = 1 mins
director_servers =
director_user_expire = 15 mins
director_user_kick_delay = 2 secs
director_username_hash = %u
disable_plaintext_auth = yes
dotlock_use_excl = yes
doveadm_allowed_commands =
doveadm_api_key =
doveadm_http_rawlog_dir =
doveadm_password =
doveadm_port = 0
doveadm_socket_path = doveadm-server
doveadm_ssl = no
doveadm_username = doveadm
doveadm_worker_count = 0
dsync_alt_char = _
dsync_commit_msgs_interval = 100
dsync_features =
dsync_hashed_headers = Date Message-ID
dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U
first_valid_gid = 1
first_valid_uid = 1000
haproxy_timeout = 3 secs
haproxy_trusted_networks =
hostname =
imap_capability =
imap_client_workarounds =
imap_fetch_failure = disconnect-immediately
imap_hibernate_timeout = 0
imap_id_log =
imap_id_retain = no
imap_id_send = name *
imap_idle_notify_interval = 2 mins
imap_literal_minus = no
imap_logout_format = in=%i out=%o deleted=%{deleted} expunged=%{expunged}
trashed=%{trashed} hdr_count=%{fetch_hdr_count} hdr_bytes=%{fetch_hdr_bytes}
body_count=%{fetch_body_count} body_bytes=%{fetch_body_bytes}
imap_max_line_length = 64 k
imap_metadata = no
imap_urlauth_host =
imap_urlauth_logout_format = in=%i out=%o
imap_urlauth_port = 143
imapc_cmd_timeout = 5 mins
imapc_connection_retry_count = 1
imapc_connection_retry_interval = 1 secs
imapc_features =
imapc_host =
imapc_list_prefix =
imapc_master_user =
imapc_max_idle_time = 29 mins
imapc_max_line_length = 0
[Dovecot] proxy and master user
Hi For some application we need a master user on our IMAP servers. We use dovecot 1.1.7 in proxy mode, with proxy_maybe (some mailboxes are on the proxy itself, others are on remote servers, also running dovecot). But the proxy removes the '*master' suffix from the username when using the master user to log in on the proxy. So the base name of the user with the master password are submitted to the real server, which of course fails. Is there a way to tell the proxy to forward the master user to the real server, without forcing it in destuser, since we also need to have regular (non master) logins? Thanks in advance. -- Matthieu Herrb smime.p7s Description: S/MIME Cryptographic Signature
Re: [Dovecot] proxy_maybe and IPv6
Timo Sirainen wrote: On Aug 11, 2008, at 10:53 PM, Timo Sirainen wrote: On Aug 11, 2008, at 8:23 AM, Matthieu Herrb wrote: If an IPv4 address is specified as 'host', a dovecot proxy is created for clients connecting using IPv6 to this server, and symmetrically if the proxy is specified as an IPv6 address, clients connecting through IPv4 will get forwarded to the v6 address. Is there a way to avoid that? If you're using SQL passdb, you could probably return host as either IPv4 or IPv6 depending on if %l or %r is an IPv4 or IPv6 address? Other than that I don't really see an easy way to handle this, because dovecot-auth has to be the one to decide if the proxying should be done or not, and it doesn't know all the IP addresses the Dovecot installation is listening on. Or actually if Dovecot supported multiple proxy hosts it could contain both the IPv4 and IPv6 address and then Dovecot could check to see if any of them already matches. But this is pretty low on my TODO list.. Thanks for the answer. We're using LDAP here for the passdb, so we'll have to live with that until multiple proxies are implemented. -- Matthieu Herrb
[Dovecot] proxy_maybe and IPv6
Hi, Using dovecot 1.1.2 on a dual-stack server, with the 'proxy_maybe' attribute to forward some clients to another server, it seems that only clients connecting with the same protocol version as the one used by address in the 'host' attribute in the password db are recognized as local. If an IPv4 address is specified as 'host', a dovecot proxy is created for clients connecting using IPv6 to this server, and symmetrically if the proxy is specified as an IPv6 address, clients connecting through IPv4 will get forwarded to the v6 address. Is there a way to avoid that? -- Matthieu Herrb smime.p7s Description: S/MIME Cryptographic Signature
