stale (?) .dovecot.svbin causing segfault in dovecot-lda
Hi, I've not touched the sieve filters I'm using for a long time (last modification 2 years ago), but I've upgraded the dovecot package and the system of my mail server. ~/.dovecot.svbin has not been updated, but I found out today that it would cause dovecot-lda to crash on some specifig messages (and fail to deliver them). Most of the mails (>99.9%) are delivered ok though. Here's the trace of the crash in the system logs : Nov 3 08:48:13 nowhere dovecot: lda(matthieu)<33178>: Panic: Buffer write out of range (0 + 1) Nov 3 08:48:15 nowhere smtpd[37379]: ac2aaecba4099baa mda delivery evpid=b9346ef1d2a6c223 from= to= rcpt= user=matthieu delay=12s result=PermFail stat=Error ("Abort trap (core dumped) ") After removing the old file, dovecot-lda is able to deliver the message that caused the crash whitout issues. Shouldn't ~/.dovecot.svbin be automatically be re-generated on dovecot version changes ? or is it dependant on other things (like system libs changing) ? Some details: I'm running OpenBSD (7.0 right now, was 6.9 before and probably 6.5 the last time .dovecot.svbin was generated). My logs show that the issue has also been happening with OpenBSD 6.9, but I never noticed until today). OpenSMTP is configured to deliver the message through dovecot-lda with: action "deliver" \ mda "/usr/local/libexec/dovecot/dovecot-lda" \ alias in /etc/mail/smtpd.conf Below is the output of doveadm config : # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.16 (09c29328) # OS: OpenBSD 7.0 amd64 ffs # Hostname: nowhere.herrb.eu # NOTE: Send doveconf -n output instead when asking for help. auth_anonymous_username = anonymous auth_cache_negative_ttl = 1 hours auth_cache_size = 0 auth_cache_ttl = 1 hours auth_cache_verify_password_with_worker = no auth_debug = no auth_debug_passwords = no auth_default_realm = auth_failure_delay = 2 secs auth_gssapi_hostname = auth_krb5_keytab = auth_master_user_separator = auth_mechanisms = plain auth_policy_check_after_auth = yes auth_policy_check_before_auth = yes auth_policy_hash_mech = sha256 auth_policy_hash_nonce = auth_policy_hash_truncate = 12 auth_policy_log_only = no auth_policy_reject_on_fail = no auth_policy_report_after_auth = yes auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s session_id=%{session} auth_policy_server_api_header = auth_policy_server_timeout_msecs = 2000 auth_policy_server_url = auth_proxy_self = auth_realms = auth_socket_path = auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_cert = no auth_stats = no auth_use_winbind = no auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_username_format = %Lu auth_username_translation = auth_verbose = yes auth_verbose_passwords = no auth_winbind_helper_path = /usr/bin/ntlm_auth auth_worker_max_count = 30 base_dir = /var/dovecot config_cache_size = 1 M debug_log_path = default_client_limit = 500 default_idle_kill = 1 mins default_internal_group = _dovecot default_internal_user = _dovecot default_login_user = _dovenull default_process_limit = 100 default_vsz_limit = 256 M deliver_log_format = msgid=%m: %$ dict_db_config = director_flush_socket = director_mail_servers = director_max_parallel_kicks = 100 director_max_parallel_moves = 100 director_output_buffer_size = 10 M director_ping_idle_timeout = 30 secs director_ping_max_timeout = 1 mins director_servers = director_user_expire = 15 mins director_user_kick_delay = 2 secs director_username_hash = %u disable_plaintext_auth = yes dotlock_use_excl = yes doveadm_allowed_commands = doveadm_api_key = doveadm_http_rawlog_dir = doveadm_password = doveadm_port = 0 doveadm_socket_path = doveadm-server doveadm_ssl = no doveadm_username = doveadm doveadm_worker_count = 0 dsync_alt_char = _ dsync_commit_msgs_interval = 100 dsync_features = dsync_hashed_headers = Date Message-ID dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U first_valid_gid = 1 first_valid_uid = 1000 haproxy_timeout = 3 secs haproxy_trusted_networks = hostname = imap_capability = imap_client_workarounds = imap_fetch_failure = disconnect-immediately imap_hibernate_timeout = 0 imap_id_log = imap_id_retain = no imap_id_send = name * imap_idle_notify_interval = 2 mins imap_literal_minus = no imap_logout_format = in=%i out=%o deleted=%{deleted} expunged=%{expunged} trashed=%{trashed} hdr_count=%{fetch_hdr_count} hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count} body_bytes=%{fetch_body_bytes} imap_max_line_length = 64 k imap_metadata = no imap_urlauth_host = imap_urlauth_logout_format = in=%i out=%o imap_urlauth_port = 143 imapc_cmd_timeout = 5 mins imapc_connection_retry_count = 1 imapc_connection_retry_interval = 1 secs imapc_features = imapc_host = imapc_list_prefix = imapc_master_user = imapc_max_idle_time = 29 mins imapc_max_line_length = 0
[Dovecot] proxy and master user
Hi For some application we need a master user on our IMAP servers. We use dovecot 1.1.7 in proxy mode, with proxy_maybe (some mailboxes are on the proxy itself, others are on remote servers, also running dovecot). But the proxy removes the '*master' suffix from the username when using the master user to log in on the proxy. So the base name of the user with the master password are submitted to the real server, which of course fails. Is there a way to tell the proxy to forward the master user to the real server, without forcing it in destuser, since we also need to have regular (non master) logins? Thanks in advance. -- Matthieu Herrb smime.p7s Description: S/MIME Cryptographic Signature
Re: [Dovecot] proxy_maybe and IPv6
Timo Sirainen wrote: On Aug 11, 2008, at 10:53 PM, Timo Sirainen wrote: On Aug 11, 2008, at 8:23 AM, Matthieu Herrb wrote: If an IPv4 address is specified as 'host', a dovecot proxy is created for clients connecting using IPv6 to this server, and symmetrically if the proxy is specified as an IPv6 address, clients connecting through IPv4 will get forwarded to the v6 address. Is there a way to avoid that? If you're using SQL passdb, you could probably return host as either IPv4 or IPv6 depending on if %l or %r is an IPv4 or IPv6 address? Other than that I don't really see an easy way to handle this, because dovecot-auth has to be the one to decide if the proxying should be done or not, and it doesn't know all the IP addresses the Dovecot installation is listening on. Or actually if Dovecot supported multiple proxy hosts it could contain both the IPv4 and IPv6 address and then Dovecot could check to see if any of them already matches. But this is pretty low on my TODO list.. Thanks for the answer. We're using LDAP here for the passdb, so we'll have to live with that until multiple proxies are implemented. -- Matthieu Herrb
[Dovecot] proxy_maybe and IPv6
Hi, Using dovecot 1.1.2 on a dual-stack server, with the 'proxy_maybe' attribute to forward some clients to another server, it seems that only clients connecting with the same protocol version as the one used by address in the 'host' attribute in the password db are recognized as local. If an IPv4 address is specified as 'host', a dovecot proxy is created for clients connecting using IPv6 to this server, and symmetrically if the proxy is specified as an IPv6 address, clients connecting through IPv4 will get forwarded to the v6 address. Is there a way to avoid that? -- Matthieu Herrb smime.p7s Description: S/MIME Cryptographic Signature