Field Return-Path contains twice the domain
Dear exim & dovecot users, posting on both mailing lists as I am not sure who has the ultimate responsability for this field. I am trying to set up a mail server for multiple domains in my VPS. So I managed to set up the authentication through a dovecot authenticator, which relies to a sqlite database. I would like that, from the database perspective, a query has, as input parameters, both the username and the domain to check the password. For this purpose, I am requesting that the SMTP account is in the full form usern...@domain.com. When forwarded to the dovecot authenticator, I can extract the user with %n and %d. This works, but it has a utter drawback: emails are sent repeating twice the domain in the Return-Path field, e.g. : Return-Path: <"u...@domain.net"@domain.net> Subject: Re: Hello To: nuquaquara...@gmail.com From: user How do I properly fix the field Return-Path now? dovecot --version: 2.2.25 (7be1766) Exim version 4.87 #1 built 28-Jul-2016 18:38:04 Kind regards, Quaquaraqua # 2.2.25 (7be1766): /etc/dovecot/dovecot.conf # OS: Linux 4.7.1-1-ARCH x86_64 ext4 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = yes auth_worker_max_count = 5 base_dir = /var/run/dovecot/ disable_plaintext_auth = no first_valid_uid = 8 last_valid_uid = 8 log_path = /var/log/dovecot.log login_greeting = What's the craic? mail_debug = yes mail_gid = 12 mail_location = mbox:/var/mail/users/%n:INBOX=/var/mail/inbox/%n:INDEX=/var/mail/indexes/%n mail_privileged_group = mail mail_uid = 8 mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocols = imap lmtp service auth { unix_listener auth-client { group = mail mode = 0660 } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } ssl_cert = dovecot-sql.conf.ext Description: application/vnd.novadigm.ext ## # Runtime configuration file for Exim # ## # This is a default configuration file which will operate correctly in # uncomplicated installations. Please see the manual for a complete list # of all the runtime configuration options that can be included in a # configuration file. There are many more than are mentioned here. The # manual is in the file doc/spec.txt in the Exim distribution as a plain # ASCII file. Other formats (PostScript, Texinfo, HTML, PDF) are available # from the Exim ftp sites. The manual is also online at the Exim web sites. # This file is divided into several parts, all but the first of which are # headed by a line starting with the word "begin". Only those parts that # are required need to be present. Blank lines, and lines starting with # # are ignored. ### IMPORTANT ## IMPORTANT ### IMPORTANT ### # # # Whenever you change Exim's configuration file, you *must* remember to# # HUP the Exim daemon, because it will not pick up the new configuration # # until you do. However, any other Exim processes that are started, for# # example, a process started by an MUA in order to send a message, will# # see the new configuration as soon as it is in place. # # # # You do not need to HUP the daemon for changes in auxiliary files that# # are referenced from this file. They are read every time they are used. # # # # It is usually a good idea to test a new configuration for syntactic # # correctness before installing it (for example, by running the command# # "exim -C /config/file.new -bV"). # # # ### IMPORTANT ## IMPORTANT ### IMPORTANT ### ## #MAIN CONFIGURATION SETTINGS # ## # # Specify your host's canonical name here. This should normally be the fully # qualified "official" name of your host. If this option is not set, the # uname() function is called to obtain the name. In many cases this does # the right thing and you need not set anything explicitly. primary_hostnam
Re: Catch-all with LMTP and Postfix
On 08/22/2016 02:00 PM, Aki Tuomi wrote: Seems you accidentically replied to me only. Yup, whoops. Postfix uses the filename you provide as name for the db file, so running it against symlinks does follow the symlink, but it uses the symlink name as what it uses to create the .db file. You can test this by creating file and doing symlink for it and running postmap against the symlink. You'll see that it will create symlink-name.db file instead of file.db. Also good to know, although it seems like odd behavior. I would think that if Postfix followed the link then the corresponding .db would also be of the followed filename. No matter, I removed the link to simplify things.
Re: Change dovecot hostname
"Scott W. Sander" writes: Received: from mail.domain.test by appserver4.domain.com (Dovecot) with LMTP id z7RGLzH4uldlPAAAxdv4Dw for ; Mon, 22 Aug 2016 09:03:45 -0400 --- I want the part that says "by appserver4.domain.com (Dovecot)" to say "by mail.domain.test (Dovecot)". I don't want it to say the FQDN of the actual host server that is running Dovecot. The server currently referenced as "mail.domain.test" in the headers is postfix running on the same machine. Oh yeah, right, LMTP. I don't run LMTP myself, but I suspect the hostname is mapped from the IP of the LMTP listening interface (using /etc/hosts or DNS). Maybe you can change the IP of your listening interface to match mail.domain.test and firewall it off if that IP is public facing. From reading the code, I can't quite grok how LMTP derives the host label, but as a last resort, you can patch at src/lmtp/commands.c in client_get_added_headers(). Joseph Tam
Re: specifying elliptic curve
+1 I opened a ticket (a while ago) to add manual selection of the curves. On Mon, Aug 22, 2016 at 6:59 PM, Aki Tuomi <'aki.tu...@dovecot.fi'> wrote: On 22.08.2016 16:21, İhsan Doğan wrote: > Hi, > > I've noticed that Dovecot is using per default the elliptic curve > sect571r1. Because not all clients might support sect571r1, I would like > to set the elliptic curve manually. Is that possible? > > > > -Ihsan > Hi! If your openssl does not support automatic curve selection (>=1.0.2), we fall back to using what your private EC key uses, or NIST-P384 as last resort. Aki Tuomi Dovecot oy
Re: Catch-all with LMTP and Postfix
On 22.08.2016 21:53, Michael Starks wrote: On 08/22/2016 01:29 AM, Aki Tuomi wrote: It seems your postfix is misbehaving. Did you forget to run postmap? Aki Tuomi Dovecot oy Thanks for the response, Aki. I dug a little deeper and found this: lrwxrwxrwx. 1 root root20 Jul 24 01:37 virtual_alias_maps -> /etc/postfix/virtual I had been postmapping virtual_alias_maps, but not virtual. I guess postmap doesn't follow links. When I postmapped virtual and did a 'postfix reload' it started to work. Seems you accidentically replied to me only. Postfix uses the filename you provide as name for the db file, so running it against symlinks does follow the symlink, but it uses the symlink name as what it uses to create the .db file. You can test this by creating file and doing symlink for it and running postmap against the symlink. You'll see that it will create symlink-name.db file instead of file.db. Aki Tuomi Dovecot oy
Re: a question about certificates from letsencrypt
Hi Andreas, On 19/08/2016 10:11 PM, Andreas Meyer wrote: > Hello! > > Certificates from letsencrypt are renewed every three months. > > Does that mean a MUA has to accept the renewed certificates manually > everytime it is renewed? No, if the certificate is not a self-signed one, and if the MUA can follow the normal CA path, then there is no need to "accept" certs (same as in the browser). Cheers AndrewM signature.asc Description: OpenPGP digital signature
Re: Crash on opening mailbox
> I noticed you are using mbox format. Maybe the mbox file itself is > corrupted. The command you were supposed to run, by the way, was Possibly. Though I guess that should bring the bug along to the copy of a mbox? > doveadm index -u username INBOX Yes, that's what I was running, I just mistyped it into the email. > If the problem does reoccur please let us know. We will see if we can > figure out your problem in the mean time. I will, thanks! -- S pozdravem Ladislav "Krakonoš" Láskahttp://www.krakonos.org/
Re: Crash on opening mailbox
On 22.08.2016 16:50, Ladislav Laska wrote: Well, good news and bad news. I backed up the indexes (presumably the ~/.mbox/.imap/*) and started tinkering: dovecotadm -u username INBOX did nothing, it didn't event produce a message in the log, and the indexes were not updated. I deleted the indexes, and let dovecot rebuild them. This fixed my inbox (good news), unfortunately, even after copying the backed-up files back I can no longer reproduce the problem. I looked around but didn't find any other files that dovecot could be modifying, or did I miss something? Anyway, I think the problem will get back soon, as it did many times before. On Mon, Aug 22, 2016 at 04:18:58PM +0300, Aki Tuomi wrote: On 22.08.2016 15:10, Ladislav Laska wrote: Not really. I tried copying the inbox and wanted to delete half the messages to filter out the problematic one, but opening the copy works fine. What could be the culprit? Does dovecot keep some index that might be corrupted? On Mon, Aug 22, 2016 at 02:43:01PM +0300, Aki Tuomi wrote: On 21.08.2016 13:59, Ladislav Laska wrote: Hi! dovecot -n and backtrace are both attached in my original email, due to their size. Did the attachments not arrive? The relevant log does not contain much more than the trace, but here it is: Any chance to get the offending email somehow? Aki It is possible. Can you try backing up your current index and running doveadm index -u yourusername? Aki I noticed you are using mbox format. Maybe the mbox file itself is corrupted. The command you were supposed to run, by the way, was doveadm index -u username INBOX If the problem does reoccur please let us know. We will see if we can figure out your problem in the mean time. Aki
Re: specifying elliptic curve
On 22.08.2016 16:21, İhsan Doğan wrote: Hi, I've noticed that Dovecot is using per default the elliptic curve sect571r1. Because not all clients might support sect571r1, I would like to set the elliptic curve manually. Is that possible? -Ihsan Hi! If your openssl does not support automatic curve selection (>=1.0.2), we fall back to using what your private EC key uses, or NIST-P384 as last resort. Aki Tuomi Dovecot oy
Re: dovecot-lda core-dumps when antispam pipe script calls it
On 19/08/16 17:35, b...@indietorrent.org wrote: So, I'm back to where I was with this problem two years ago. Maybe this will help you. I've been using antispam plugin in the same way you intend to do it for years now. (script modification date Feb 2014). All the Maildirs on my system are under /var/vmail/%d/%u/ and chmod'ed as vmail:vmail user. This is the script that is working for sure. You can test it by changinf the output path, but anyway it has been with me since dovecot 1.x as far as I remember, no problems at all! #!/bin/bash T=`date +%s%N` cat<&0 >> /var/vmail/learn/$1/$T-$$.txt exit 0 Good luck! Karol -- Karol Augustin ka...@augustin.pl http://karolaugustin.pl/ +353 85 775 5312
Re: Change dovecot hostname
Removing the headers entirely was discussed: http://dovecot.markmail.org/search/?q=received#query:received+page:1+mid:t4utsjcionjcfwce+state:results Don't know if it was forgotten for 2.3, but hope not :) --- Tom On 2016-08-22 15:14, Scott W. Sander wrote: Here are some example headers from an email sent from an internal Exchange account to an account on Dovecot (u...@domain.test): --- Received: from mail.domain.test by appserver4.domain.com (Dovecot) with LMTP id z7RGLzH4uldlPAAAxdv4Dw for ; Mon, 22 Aug 2016 09:03:45 -0400 Received: from mail.domain.com (exchangefe1.domain.com [10.1.0.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.domain.test (Postfix) with ESMTPS id BEB1B200C4 for ; Mon, 22 Aug 2016 09:03:45 -0400 (EDT) Received: from exchangebe2.domain.com ([fe80::31cb:366e:5ce0:a40c]) by exchangefe1.domain.com ([::1]) with mapi id 14.03.0294.000; Mon, 22 Aug 2016 09:03:46 -0400 --- I want the part that says "by appserver4.domain.com (Dovecot)" to say "by mail.domain.test (Dovecot)". I don't want it to say the FQDN of the actual host server that is running Dovecot. The server currently referenced as "mail.domain.test" in the headers is postfix running on the same machine. Thanks in advance! On Fri, Aug 19, 2016 at 7:11 PM Joseph Tam wrote: "Scott W. Sander" writes: > I have noticed that the name of my private server running dovecot appears > in email headers rather than the public-friendly name of my server. Which headers are you taking about? If you're talking about Received: headers, that's usually inserted by your MTA, not dovecot. Joseph Tam
Re: LDA doing passdb queries ?
On 2016-08-22 13:21, Peter Mogensen wrote: === protocol lda { # passdb { #driver = static # } userdb { args = /etc/dovecot/dovecot-dict-auth.conf.ext driver = dict result_success = continue-ok result_failure = return-fail } userdb { driver = static args = uid=vmail gid=vmail home=/srv/vmail/%u mail=maildir:~ } } == I realized that the passdb is needed when using the static driver to find out which users actually exist. And that you have to use args=allow_all_users=yes. But it seems the logic to detect that a passdb is needed doesn't discover that I have a dict userdb before the static one ?!?! Anyway ... I think I got what I wanted by not trying to change the user in a userdb, but doing it in a passdb: == protocol !lmtp { passdb { driver = passwd-file args = /etc/dovecot/accounts } } protocol lmtp { passdb { args = /etc/dovecot/dovecot-dict-auth.conf.ext driver = dict } } userdb { driver = static args = uid=vmail gid=vmail home=/srv/imip/vmail mail=maildir:~ } == Where the dict passdb returns something like: O{"nopassword":"yes", "user": "static-user"} This leaves me with 1 question though: Shouldn't you be able to do this with a userdb rewriting "user" on delivery (LMTP RCPT) and no passdb? /Peter
Re: Crash on opening mailbox
Well, good news and bad news. I backed up the indexes (presumably the ~/.mbox/.imap/*) and started tinkering: dovecotadm -u username INBOX did nothing, it didn't event produce a message in the log, and the indexes were not updated. I deleted the indexes, and let dovecot rebuild them. This fixed my inbox (good news), unfortunately, even after copying the backed-up files back I can no longer reproduce the problem. I looked around but didn't find any other files that dovecot could be modifying, or did I miss something? Anyway, I think the problem will get back soon, as it did many times before. On Mon, Aug 22, 2016 at 04:18:58PM +0300, Aki Tuomi wrote: > > > On 22.08.2016 15:10, Ladislav Laska wrote: > > Not really. I tried copying the inbox and wanted to delete half the > > messages to filter out the problematic one, but opening the copy works > > fine. > > > > What could be the culprit? Does dovecot keep some index that might be > > corrupted? > > > > On Mon, Aug 22, 2016 at 02:43:01PM +0300, Aki Tuomi wrote: > >> On 21.08.2016 13:59, Ladislav Laska wrote: > >>> Hi! > >>> > >>> dovecot -n and backtrace are both attached in my original email, due to > >>> their > >>> size. Did the attachments not arrive? > >>> > >>> The relevant log does not contain much more than the trace, but here it > >>> is: > >>> > >> Any chance to get the offending email somehow? > >> > >> Aki > It is possible. Can you try backing up your current index and running > doveadm index -u yourusername? > > Aki -- S pozdravem Ladislav "Krakonoš" Láskahttp://www.krakonos.org/
specifying elliptic curve
Hi, I've noticed that Dovecot is using per default the elliptic curve sect571r1. Because not all clients might support sect571r1, I would like to set the elliptic curve manually. Is that possible? -Ihsan -- ih...@dogan.chhttp://blog.dogan.ch/
Re: Crash on opening mailbox
On 22.08.2016 15:10, Ladislav Laska wrote: > Not really. I tried copying the inbox and wanted to delete half the > messages to filter out the problematic one, but opening the copy works > fine. > > What could be the culprit? Does dovecot keep some index that might be > corrupted? > > On Mon, Aug 22, 2016 at 02:43:01PM +0300, Aki Tuomi wrote: >> On 21.08.2016 13:59, Ladislav Laska wrote: >>> Hi! >>> >>> dovecot -n and backtrace are both attached in my original email, due to >>> their >>> size. Did the attachments not arrive? >>> >>> The relevant log does not contain much more than the trace, but here it is: >>> >> Any chance to get the offending email somehow? >> >> Aki It is possible. Can you try backing up your current index and running doveadm index -u yourusername? Aki
Re: Change dovecot hostname
Here are some example headers from an email sent from an internal Exchange account to an account on Dovecot (u...@domain.test): --- Received: from mail.domain.test by appserver4.domain.com (Dovecot) with LMTP id z7RGLzH4uldlPAAAxdv4Dw for ; Mon, 22 Aug 2016 09:03:45 -0400 Received: from mail.domain.com (exchangefe1.domain.com [10.1.0.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.domain.test (Postfix) with ESMTPS id BEB1B200C4 for ; Mon, 22 Aug 2016 09:03:45 -0400 (EDT) Received: from exchangebe2.domain.com ([fe80::31cb:366e:5ce0:a40c]) by exchangefe1.domain.com ([::1]) with mapi id 14.03.0294.000; Mon, 22 Aug 2016 09:03:46 -0400 --- I want the part that says "by appserver4.domain.com (Dovecot)" to say "by mail.domain.test (Dovecot)". I don't want it to say the FQDN of the actual host server that is running Dovecot. The server currently referenced as "mail.domain.test" in the headers is postfix running on the same machine. Thanks in advance! On Fri, Aug 19, 2016 at 7:11 PM Joseph Tam wrote: > "Scott W. Sander" writes: > > > I have noticed that the name of my private server running dovecot appears > > in email headers rather than the public-friendly name of my server. > > Which headers are you taking about? > > If you're talking about Received: headers, that's usually inserted by > your MTA, not dovecot. > > Joseph Tam >
RFC 3501 violation in FETCH BODY responses
Hi there, Quoting RFC 3501 sec. 7.4.2 “FETCH Response” (data item BODYSTRUCTURE): “A body type of type MESSAGE and subtype RFC822 contains, immediately after the basic fields, the envelope structure, body structure, and size in text lines of the encapsulated message.” According the ABNF (RFC 3501 sec. 9) the envelope structure is that of the ENVELOPE FETCH data item, and the env-{from,sender,reply-to,to,cc, bcc} fields are non-space-separated address lists: body-type-msg = media-message SP body-fields SP envelope SP body SP body-fld-lines envelope = "(" env-from SP … SP env-to SP … ")" env-from = "(" 1*address ")" / nil env-to= "(" 1*address ")" / nil While this is indeed the case for ‘FETCH … (ENVELOPE)’, for ‘FETCH … (BODY)’ dovecot 2.2.25 adds a space between addresses of an address list of the envelope structure of an encapsulated MESSAGE/RFC822 message. See the attached patch to ‘src/lib-imap/test-imap-bodystructure.c’, which currently (2.2.25) fails as follows test-imap-bodystructure.c:122: Assert failed: strcmp(str_c(str), testmsg_body) == 0 test-imap-bodystructure.c:129: Assert failed: strcmp(str_c(str), testmsg_bodystructure) == 0 imap bodystructure parser : FAILED because the ‘env-to’ field of the envelope structure of the encapsulated MESSAGE/RFC822 message is printed as ((NIL NIL "sub-to1" "domain.org") (NIL NIL "sub-to2" "domain.org")) while it should be ((NIL NIL "sub-to1" "domain.org")(NIL NIL "sub-to2" "domain.org")) After a quick look at the source, this seems to be due to src/lib-imap/imap-bodystructure.c:imap_write_list, which always separates list items with spaces. In the case of an envelope, only the top-level list should be space-separated. Indeed, not adding a space between items of type IMAP_ARG_LIST in the recursive call makes the test pass again. Cheers, -- Guilhem. --- a/src/lib-imap/test-imap-bodystructure.c +++ b/src/lib-imap/test-imap-bodystructure.c @@ -31,6 +31,7 @@ static const char testmsg[] = "Content-Type: message/rfc822\n" "\n" "From: s...@domain.org\n" +"To: sub-...@domain.org, sub-...@domain.org\n" "Date: Sun, 12 Aug 2012 12:34:56 +0300\n" "Subject: submsg\n" "Content-Type: multipart/alternative; boundary=\"sub1\"\n" @@ -55,10 +56,10 @@ static const char testmsg[] = "Root MIME epilogue\n"; static const char testmsg_bodystructure[] = -"(\"text\" \"x-myown\" (\"charset\" \"us-ascii\" \"foo\" \"quoted\\\"string\") \"\" \"hellodescription\" \"7bit\" 7 1 \"Q2hlY2sgSW50ZWdyaXR5IQ==\" (\"inline\" (\"foo\" \"bar\")) (\"en\" \"fi\" \"se\") \"http://example.com/test.txt\";)(\"message\" \"rfc822\" NIL NIL NIL \"7bit\" 368 (\"Sun, 12 Aug 2012 12:34:56 +0300\" \"submsg\" ((NIL NIL \"sub\" \"domain.org\")) ((NIL NIL \"sub\" \"domain.org\")) ((NIL NIL \"sub\" \"domain.org\")) NIL NIL NIL NIL NIL) ((\"text\" \"html\" (\"charset\" \"us-ascii\") NIL NIL \"8bit\" 20 1 NIL NIL NIL NIL)(\"text\" \"plain\" (\"charset\" \"us-ascii\") NIL NIL \"7bit\" 21 1 NIL NIL NIL NIL) \"alternative\" (\"boundary\" \"sub1\") NIL NIL NIL) 20 NIL NIL NIL NIL) \"mixed\" (\"boundary\" \"foo bar\") NIL NIL NIL"; +"(\"text\" \"x-myown\" (\"charset\" \"us-ascii\" \"foo\" \"quoted\\\"string\") \"\" \"hellodescription\" \"7bit\" 7 1 \"Q2hlY2sgSW50ZWdyaXR5IQ==\" (\"inline\" (\"foo\" \"bar\")) (\"en\" \"fi\" \"se\") \"http://example.com/test.txt\";)(\"message\" \"rfc822\" NIL NIL NIL \"7bit\" 412 (\"Sun, 12 Aug 2012 12:34:56 +0300\" \"submsg\" ((NIL NIL \"sub\" \"domain.org\")) ((NIL NIL \"sub\" \"domain.org\")) ((NIL NIL \"sub\" \"domain.org\")) ((NIL NIL \"sub-to1\" \"domain.org\")(NIL NIL \"sub-to2\" \"domain.org\")) NIL NIL NIL NIL) ((\"text\" \"html\" (\"charset\" \"us-ascii\") NIL NIL \"8bit\" 20 1 NIL NIL NIL NIL)(\"text\" \"plain\" (\"charset\" \"us-ascii\") NIL NIL \"7bit\" 21 1 NIL NIL NIL NIL) \"alternative\" (\"boundary\" \"sub1\") NIL NIL NIL) 21 NIL NIL NIL NIL) \"mixed\" (\"boundary\" \"foo bar\") NIL NIL NIL"; static const char testmsg_body[] = -"(\"text\" \"x-myown\" (\"charset\" \"us-ascii\" \"foo\" \"quoted\\\"string\") \"\" \"hellodescription\" \"7bit\" 7 1)(\"message\" \"rfc822\" NIL NIL NIL \"7bit\" 368 (\"Sun, 12 Aug 2012 12:34:56 +0300\" \"submsg\" ((NIL NIL \"sub\" \"domain.org\")) ((NIL NIL \"sub\" \"domain.org\")) ((NIL NIL \"sub\" \"domain.org\")) NIL NIL NIL NIL NIL) ((\"text\" \"html\" (\"charset\" \"us-ascii\") NIL NIL \"8bit\" 20 1)(\"text\" \"plain\" (\"charset\" \"us-ascii\") NIL NIL \"7bit\" 21 1) \"alternative\") 20) \"mixed\""; +"(\"text\" \"x-myown\" (\"charset\" \"us-ascii\" \"foo\" \"quoted\\\"string\") \"\" \"hellodescription\" \"7bit\" 7 1)(\"message\" \"rfc822\" NIL NIL NIL \"7bit\" 412 (\"Sun, 12 Aug 2012 12:34:56 +0300\" \"submsg\" ((NIL NIL \"sub\" \"domain.org\")) ((NIL NIL \"sub\" \"domain.org\")) ((NIL NIL \"sub\" \"domain.org\")) ((NIL NIL \"sub-to1\" \"domain.org\")(NIL NIL \"sub-to2\" \"domain.org\")) NIL NIL NIL NIL) (
Re: Crash on opening mailbox
Not really. I tried copying the inbox and wanted to delete half the messages to filter out the problematic one, but opening the copy works fine. What could be the culprit? Does dovecot keep some index that might be corrupted? On Mon, Aug 22, 2016 at 02:43:01PM +0300, Aki Tuomi wrote: > On 21.08.2016 13:59, Ladislav Laska wrote: > > Hi! > > > > dovecot -n and backtrace are both attached in my original email, due to > > their > > size. Did the attachments not arrive? > > > > The relevant log does not contain much more than the trace, but here it is: > > > > Any chance to get the offending email somehow? > > Aki -- S pozdravem Ladislav "Krakonoš" Láskahttp://www.krakonos.org/
Re: Crash on opening mailbox
On 21.08.2016 13:59, Ladislav Laska wrote: > Hi! > > dovecot -n and backtrace are both attached in my original email, due to their > size. Did the attachments not arrive? > > The relevant log does not contain much more than the trace, but here it is: > Any chance to get the offending email somehow? Aki
Re: LDA doing passdb queries ?
Sorry... I meant LDA - not LMTP. More specifically ... the delivery happening during an LMTP session. I'm trying something like this: === protocol !lda { passdb { driver = passwd-file args = /etc/dovecot/accounts } userdb { driver = static args = uid=vmail gid=vmail home=/srv/vmail/%u mail=maildir:~ } } protocol lda { # passdb { #driver = static # } userdb { args = /etc/dovecot/dovecot-dict-auth.conf.ext driver = dict result_success = continue-ok result_failure = return-fail } userdb { driver = static args = uid=vmail gid=vmail home=/srv/vmail/%u mail=maildir:~ } } == The point being that delivery is done to an address which needs an external userdb to rewrite the "user" value. All other access (IMAP...) uses the defined accounts. The above config won't do, since dovecot complains about a missing passdb database (and that PLAIN needs one) ... even if there's no actual authentication done during delivery. It doesn't seem to work, since trying to do delivery via LMTP still consults /etc/dovecot/accounts /Peter
LMTP doing passdb queries ?
Hi, I can see dovecot is doing a passdb query when handling the LMTP RCPT command. That's kinda unexpected for me. I would have thought it only did a userdb lookup. I have disabled lmtp_proxy to be sure it didn't do a passdb lookup to check the proxy field. Is this expected? Doesn't the LDA only do userdb lookups? /Peter
Re: dovecot-lda core-dumps when antispam pipe script calls it
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 19 Aug 2016, b...@indietorrent.org wrote: On 2016-08-19 12:17, b...@indietorrent.org wrote: Aha! Clearly, the vmail user cannot read from nor write to /tmp. (Why that is, I have no idea, as the /tmp directory's permissions certainly Do you have SELinux active? See almost at the end of http://wiki2.dovecot.org/WhyDoesItNotWork?highlight=%28selinux%29 allow for both; maybe Dovecot implements this as a security measure.) No. Dovecot does not implement anything like that. Do you chroot ? This prompted me to change all references to /tmp in the pipe script to ~/tmp, and create this directory: $ whoami vmail $ mkdir ~/tmp && chmod 770 ~/tmp $ /bin/bash /usr/local/bin/sa-learn-pipe.sh --ham < /var/vmail/gtube.txt No errors this time (at least not on the console). But I do get this in /var/log/mail.err: Aug 19 12:04:24 example.com dovecot: lda(sa-train...@example.com): Fatal: Can't open delivery mail as raw: Permission denied I'm not sure how to interpret this message. Where is permission being denied? More importantly, what's the fix? Thanks for any hints! -Ben Apologies for the rapid-fire replies here. The strace output that I'm capturing in the pipe script pinpointed the problem: open("/root/~/tmp/sendmail-msg-26272.txt", O_RDONLY) = -1 EACCES (Permission denied) Er, '/root/~/tmp/' ?? There seems to be some expansion occurring that assumes the root user, despite executing the pipe script as the vmail user, so I changed all references to ~/tmp in the pipe script to /var/vmail/tmp and permission is no longer denied. But, now dovecot-lda is core-dumping. Here is the strace output: http://pastebin.com/RrKmFhzC So, I'm back to where I was with this problem two years ago. At that time, I gave-up, because I couldn't invest the time required to compile the latest versions of Dovecot and all plugins from scratch in an effort to prove that the bug exists in the latest source. "Dovecot always logs a detailed error message if something goes wrong. If it doesn't, it's considered a bug and will be fixed." - http://wiki2.dovecot.org/Logging I'm happy to help identify the root-cause, but I need some guidance here. First: check the SELinux thing. Second: Do you run in a chrooted environment? Third: Enclose all your script with logging, e.g.: #!/bin/bash ( date echo "$@" id id -a echo environment env set # check for chroot echo stat / stat / echo /proc/1/mountinfo awk '$5=="/" {print}' > /var/tmp/antispam.$$.log 2>&1 Make sure /var/tmp/antispam.$$.log is writeable, maybe create a new directory with owner vmail. Make sure you have 2>&1 at the end. Your log misses all the error messages. Also, you will now have a log file for each run of the script. To check for chroot: stat / should print inode 2, but any mountpoint has inode 2. /proc/$$/mountinfo displays the physical information of a mount, if both differ, the current process is chrooted. "1" should be the init process. In your script: for opt; do if [[ "$*" =~ .*ham.* ]] This makes no sense, either use for loop and test "$opt" here, or do not use for, but use "$*"; .*ham.* should be quoted anyway. cat<&0 >> /tmp/sendmail-msg-$$.txt Well, if for any reason this file exists, .. cat - >/tmp/sendmail-msg-$$.txt /usr/lib/dovecot/deliver -d "sa-train...@example.com" -m "Training.$mode" You've already scraped the message from stdin into a file, so add: < /tmp/sendmail-msg-$$.txt About the '-p' switch present in the strace-variant: Please scan the mailing list for the status of it, IMHO, there had been lots of trouble in certain cases. The strace variant should use -oLogfile.strace.$$.log in order to separate the output of the command and strace logging. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBV7qnd3z1H7kL/d9rAQJXWQf9E/ucaEXMy10IE5f7JY3tbZVlROGrz+wk 5rA0/Xe/aFwgNvCzyTX+MV7BblHH//aDwlNs3L4P+bZatCjAVCmoDdQ/WDZ7wr51 mBq/vOjcullnzz8NHv2+gQgRCKhGGd8M+mVjGUlyK6jXEFjwAaivEnRA86AudZi4 ybK0CZKw+Pg+VzDcfGjvO4PHZWAxvbqktqVOUhQwEL/+A/CZ7FNSsBuuZug42TGK tmghQmAKuwY96djSV/vFax8J8WyVnGKBVLpONP9iMllGkZ7MHGacpfm0MSgsIgPv DTTdjdk1P6FIQ615rp6BRg0JKaTn7COC6YxMnuaNtlXJ2t/M5zoCNA== =/xgA -END PGP SIGNATURE-