date:20190324

Panic

2019-03-24 Thread Odhiambo Washington via dovecot

Dovecot-2.3.5, FreeBSD-12 (amd64),

I will wait to see coredumps after setting up things to allow it.


Mar 24 20:56:08 imap(john@crownkenya.com)<82746>:
Panic: file mempool-system.c: line 137 (pool_system_realloc): assertion
failed: (old_size == (size_t)-1 || mem == NULL || old_size <=
malloc_usable_size(mem))
Mar 24 20:56:08 imap(john@crownkenya.com)<82746>:
Fatal: master: service(imap): child 82746 killed with signal 6 (core not
dumped - https://dovecot.org/bugreport.html#coredumps - set service imap {
drop_priv_before_
exec=yes })
Mar 24 20:56:08 imap(john@crownkenya.com)<81688>:
Panic: file mempool-system.c: line 137 (pool_system_realloc): assertion
failed: (old_size == (size_t)-1 || mem == NULL || old_size <=
malloc_usable_size(mem))
Mar 24 20:56:08 imap(john@crownkenya.com)<81688>:
Fatal: master: service(imap): child 81688 killed with signal 6 (core not
dumped - https://dovecot.org/bugreport.html#coredumps - set service imap {
drop_priv_before_
exec=yes })
Mar 24 20:56:08 imap(john@crownkenya.com)<82020>:
Panic: file mempool-system.c: line 137 (pool_system_realloc): assertion
failed: (old_size == (size_t)-1 || mem == NULL || old_size <=
malloc_usable_size(mem))
Mar 24 20:56:08 imap(john@crownkenya.com)<82020>:
Fatal: master: service(imap): child 82020 killed with signal 6 (core not
dumped - https://dovecot.org/bugreport.html#coredumps - set service imap {
drop_priv_before_
exec=yes })
Mar 24 20:56:08 imap(john@crownkenya.com)<83452>:
Panic: file mempool-system.c: line 137 (pool_system_realloc): assertion
failed: (old_size == (size_t)-1 || mem == NULL || old_size <=
malloc_usable_size(mem))
Mar 24 20:56:08 imap(john@crownkenya.com)<83452>:
Fatal: master: service(imap): child 83452 killed with signal 6 (core not
dumped - https://dovecot.org/bugreport.html#coredumps - set service imap {
drop_priv_before_
exec=yes })
Mar 24 20:56:08 imap(john@crownkenya.com)<84305><9vV0zdqEzueaTXHr>:
Panic: file mempool-system.c: line 137 (pool_system_realloc): assertion
failed: (old_size == (size_t)-1 || mem == NULL || old_size <=
malloc_usable_size(mem))
Mar 24 20:56:08 imap(john@crownkenya.com)<84305><9vV0zdqEzueaTXHr>:
Fatal: master: service(imap): child 84305 killed with signal 6 (core not
dumped - https://dovecot.org/bugreport.html#coredumps - set service imap {
drop_priv_before_
exec=yes })

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)

Re: imapsieve: script not triggered

2019-03-24 Thread Andreas Krischer via dovecot

Hello!

Sorry for replying on this quite old thread, but I just found the issue in my 
config and would like to share it if anyone else is having the same problem.

My passdb is ldap-based and I included a possibility to enable extra 
mail_plugins via LDAP (I used it for debug purposes).
There was the line:
pass_attrs = userPassword=password,=userdb_mail_plugins=%{ldap:mailPlugins}
Which caused the problem.

It seems like these setting does not added enabled plugins to IMAP but 
overwrote all other mail_plugins settings. Unfortunately just adding 
“$mail_plugins” does not work here as well, so I had to add all my plugins here 
manually.

Hope this help someone!

Best,
Andreas

> On 8. May 2018, at 08:53, Andreas Krischer  wrote:
> 
>> Check that sieve-test actually shows it would do what you expect it to do.
> 
> sieve-test just shows: learn-spam: error: the imapsieve extension cannot be 
> used outside IMAP.
> 
> Andreas
> 
>> Am 07.05.2018 um 20:56 schrieb Aki Tuomi > >:
>> 
>> 
>> 
>> On 2018-05-07 20:58, Andreas Krischer wrote:
>>> Hi, folks!
>>> 
>>> My problem:
>>> I set up dovecot with imapsieve to execute a script whenever a user copies 
>>> a mail to his Spam folder (spam autolearning). Unfortunately this script is 
>>> never executed regardless what I’m configuring for imapsieve. It looks like 
>>> dovecot doesn’t really load the plugin…
>>> 
>>> The "dovecot -n" output is attached.
>>> 
>>> I already tried setting imapsieve_mailbox1_name to *, but even this does 
>>> not execute the script… Also I tried a mailbox without mail_crypt enabled, 
>>> no success as well.
>>> 
>>> In the attached mail.log (mail_debug=yes) you can see, that 
>>> imap_sieve_plugin is loaded, but it isn’t really executed.
>>> 
>>> The normal (LMTP) sieve is working - if a mail is incoming the sieve module 
>>> shows it work in mail.log:
>>> 
>>> May  7 17:54:04 dovecot dovecot: lmtp(postmas...@myhost.name 
>>> ): Debug: YEm9ILyS8FqSaAAAujt/SA: sieve: 
>>> file storage: Storage path `/var/vmail/myhost.name/postmaster/sieve' not 
>>> found
>>> May  7 17:54:04 dovecot dovecot: lmtp(postmas...@myhost.name 
>>> ): Debug: YEm9ILyS8FqSaAAAujt/SA: sieve: 
>>> file storage: Storage path 
>>> `/var/vmail/myhost.name/postmaster/.dovecot.sieve' not found
>>> May  7 17:54:04 dovecot dovecot: lmtp(postmas...@myhost.name 
>>> ): Debug: YEm9ILyS8FqSaAAAujt/SA: sieve: 
>>> storage: No default script location configured
>>> May  7 17:54:04 dovecot dovecot: lmtp(postmas...@myhost.name 
>>> ): Debug: YEm9ILyS8FqSaAAAujt/SA: sieve: 
>>> User has no personal script
>>> May  7 17:54:04 dovecot dovecot: lmtp(postmas...@myhost.name 
>>> ): Debug: YEm9ILyS8FqSaAAAujt/SA: sieve: 
>>> file storage: Using script storage path: /etc/dovecot/sieve/after/
>>> May  7 17:54:04 dovecot dovecot: lmtp(postmas...@myhost.name 
>>> ): Debug: YEm9ILyS8FqSaAAAujt/SA: sieve: 
>>> file script: Opened script `spam' from `/etc/dovecot/sieve/after/spam.sieve'
>>> May  7 17:54:04 dovecot dovecot: lmtp(postmas...@myhost.name 
>>> ): Debug: YEm9ILyS8FqSaAAAujt/SA: sieve: 
>>> executed after user's Sieve script(1): /etc/dovecot/sieve/after/spam.sieve
>>> May  7 17:54:04 dovecot dovecot: lmtp(postmas...@myhost.name 
>>> ): Debug: Mailbox : Opened mail 
>>> UID=1 because: header Message-ID (Cache file is unusable)
>>> May  7 17:54:04 dovecot dovecot: lmtp(postmas...@myhost.name 
>>> ): Debug: YEm9ILyS8FqSaAAAujt/SA: sieve: 
>>> Opening script 1 of 1 from `/etc/dovecot/sieve/after/spam.sieve'
>>> May  7 17:54:04 dovecot dovecot: lmtp(postmas...@myhost.name 
>>> ): Debug: YEm9ILyS8FqSaAAAujt/SA: sieve: 
>>> Loading script /etc/dovecot/sieve/after/spam.sieve
>>> May  7 17:54:04 dovecot dovecot: lmtp(postmas...@myhost.name 
>>> ): Debug: YEm9ILyS8FqSaAAAujt/SA: sieve: 
>>> Script binary /etc/dovecot/sieve/after/spam.svbin successfully loaded
>>> May  7 17:54:04 dovecot dovecot: lmtp(postmas...@myhost.name 
>>> ): Debug: YEm9ILyS8FqSaAAAujt/SA: sieve: 
>>> binary save: not saving binary /etc/dovecot/sieve/after/spam.svbin, because 
>>> it is already stored
>>> May  7 17:54:04 dovecot dovecot: lmtp(postmas...@myhost.name 
>>> ): Debug: YEm9ILyS8FqSaAAAujt/SA: sieve: 
>>> Executing script from `/etc/dovecot/sieve/after/spam.svbin'
>>> 
>>> 
>>> I already spent hours on this problem so please let me know if you have any 
>>> idea what the problem could be… :(
>>> 
>>> Thanks in advance!
>>> 
>>> Andreas
>>> 
>>> 
>>> 
>> 
>> Check that sieve-test actually shows it would do what you expect it to do.
>> 
>> Aki

v2.2.27 Panic: file rfc822-parser.h: line 23 (rfc822_parser_deinit): assertion failed: (ctx->data <= ctx->end)

2019-03-24 Thread Jason Lewis via dovecot

Hi,

I've been having an issue with the indexer giving me errors on mailbox
in dovecot.

I managed to narrow it down to a specific email in that mailbox.

Various dovecot functions have issues with this email.

The email itself is just spam. I can email it to you if you want to
analyse it. I did run it through mbox-anonymize but its not clear to me
that that would be of any use. Happy to email the suspect email
privately to anyone who wants it.

/home is mounted nfs4 and is zfs on the nfs server.


Dovecot is installed from Debian Jessie.
$ /usr/sbin/dovecot --version
2.2.27 (c0f36b0)

dovecot-core:
  Installed: 1:2.2.27-3+deb9u2~bpo8+1
  Candidate: 1:2.2.27-3+deb9u2~bpo8+1
  Version table:
 *** 1:2.2.27-3+deb9u2~bpo8+1 0
100 /var/lib/dpkg/status
 1:2.2.13-12~deb8u5 0
400 http://security.debian.org/ jessie/updates/main amd64 Packages
 1:2.2.13-12~deb8u4 0
400 http://deb.debian.org/debian/ jessie/main amd64 Packages


~# dovecot -n
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.9.0-0.bpo.6-amd64 x86_64 Debian 8.10
imap_hibernate_timeout = 5 secs
mail_location = maildir:~/Maildir
mail_plugins = fts fts_solr
mailbox_list_index = yes
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
}
passdb {
  driver = pam
}
plugin {
  fts = solr
  fts_autoindex = yes
  fts_enforced = yes
  fts_solr = url=http://10.0.2.19:8080/solr/
  imapsieve_mailbox1_before = file:/etc/dovecot/train-as-spam.sieve
  imapsieve_mailbox1_causes = COPY
  imapsieve_mailbox1_name = Junk
  imapsieve_mailbox2_before = file:/etc/dovecot/train-as-ham.sieve
  imapsieve_mailbox2_causes = COPY
  imapsieve_mailbox2_from = Junk
  imapsieve_mailbox2_name = *
  sieve = file:~/sieve;active=~/.dovecot.sieve
  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
  sieve_pipe_bin_dir = /usr/bin
  sieve_plugins = sieve_imapsieve sieve_extprograms
}
protocols = " imap"
service anvil {
  client_limit = 1127
}
service auth {
  client_limit = 2200
  unix_listener /var/spool/postfix/private/auth {
mode = 0666
  }
}
service imap-hibernate {
  unix_listener imap-hibernate {
group = dovecot
mode = 0660
  }
}
service imap-login {
  process_limit = 1024
  process_min_avail = 12
  service_count = 0
  vsz_limit = 1 G
}
service imap {
  extra_groups = dovecot
  unix_listener imap-master {
user = dovecot
  }
}
ssl_cert = data <= ctx->end)
doveadm(jason): Error: Raw backtrace:
/usr/lib/dovecot/libdovecot.so.0(+0x989ae) [0x7f170b1389ae] ->
/usr/lib/dovecot/libdovecot.so.0(+0x98a28) [0x7f170b138a28] ->
/usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f170b0ce67e] ->
/usr/lib/dovecot/libdovecot.so.0(+0x7c97d) [0x7f170b11c97d] ->
/usr/lib/dovecot/libdovecot.so.0(message_address_parse+0x55)
[0x7f170b11c9e5] ->
/usr/lib/dovecot/libdovecot.so.0(imap_envelope_parse_header+0x144)
[0x7f170b110374] ->
/usr/lib/dovecot/libdovecot-storage.so.0(index_mail_parse_header+0xfe)
[0x7f170b47422e] -> /usr/lib/dovecot/libdovecot.so.0(+0x7979f)
[0x7f170b11979f] -> /usr/lib/dovecot/libdovecot.so.0(i_stream_read+0x53)
[0x7f170b1437e3] ->
/usr/lib/dovecot/libdovecot.so.0(i_stream_read_data+0x3d)
[0x7f170b14422d] ->
/usr/lib/dovecot/libdovecot.so.0(message_parse_header_next+0x72)
[0x7f170b11f3d2] ->
/usr/lib/dovecot/libdovecot.so.0(message_parse_header+0x4f)
[0x7f170b11fd7f] ->
/usr/lib/dovecot/libdovecot-storage.so.0(index_mail_headers_get_envelope+0x138)
[0x7f170b475448] ->
/usr/lib/dovecot/libdovecot-storage.so.0(index_mail_get_special+0x1a1)
[0x7f170b4796c1] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x69dd3)
[0x7f170b42fdd3] ->
/usr/lib/dovecot/libdovecot-storage.so.0(mail_get_special+0xd)
[0x7f170b400a8d] -> /usr/bin/doveadm(+0x2dca8) [0x562378dd4ca8] ->
/usr/bin/doveadm(+0x2ed7e) [0x562378dd5d7e] ->
/usr/bin/doveadm(+0x2a57c) [0x562378dd157c] ->
/usr/bin/doveadm(+0x2b0da) [0x562378dd20da] ->
/usr/bin/doveadm(doveadm_cmd_ver2_to_mail_cmd_wrapper+0x21f)
[0x562378dd2f5f] -> /usr/bin/doveadm(doveadm_cmd_run_ver2+0x560)
[0x562378de2390] -> /usr/bin/doveadm(doveadm_cmd_try_run_ver2+0x37)
[0x562378de23e7] -> /usr/bin/doveadm(main+0x1e4) [0x562378dc1f44] ->
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f170ad16b45]
-> /usr/bin/doveadm(+0x1b32c) [0x562378dc232c]
Aborted (core dumped)


jason@debian:~$ gdb /usr/bin/doveadm /home/jason/core
GNU gdb (Debian 7.7.1+dfsg-5) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later

This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show confi

Re: Sieve matching "size" with user variable?

2019-03-24 Thread Ralph Seichter via dovecot

* Ed W. via dovecot:

> How would you generate scripts for some few thousand users? How would
> you maintain those thousands of scripts when you make changes to the
> template?

A dozen or a few thousand, it makes no difference in terms of the
mechanics involved. Templates and generator scripts should be version
controlled. All part of decent software configuration management.

> Now it's a per person script, but I want the user to have a web front
> end so they can say if they want (some mangling) to happen to mails
> over a certain size? How to read that size in the filter file and act
> on it?

Are you seriously asking how to use parameters/placeholders when
generating text files?

-Ralph

Re: Sieve matching "size" with user variable?

2019-03-24 Thread Ed W via dovecot


On 19/03/2019 17:19, Ralph Seichter via dovecot wrote:

* Ed W. via dovecot:


My goal is that users can set a user configurable setting (in an
external front end) and if the email size is greater than this size
then we will do some processing on it. This particular filter is
actually in a global sieve filter.

A global script using per-user parameters? Not what I would choose. I
like to generate sieve scripts for individual users (taking their wishes
into account of course), because it gives me the ability to perform some
sanity checks.

-Ralph



How would you generate scripts for some few thousand users? How would 
you maintain those thousands of scripts when you make changes to the 
template?


However, even then the problem still remains. Now it's a per person 
script, but I want the user to have a web front end so they can say if 
they want (some mangling) to happen to mails over a certain size? How to 
read that size in the filter file and act on it? (no, I do not want my 
web front end to be pushing files into the backend of a cluster of mail 
server machines)


Thanks for other thoughts (for now I passed the variable to some 
external script which does the check there)


Cheers

Ed W

Re: dovecot sasl support - solved

2019-03-24 Thread Wojciech Puchar via dovecot


login_trusted_networks = 127.0.0.1

fixed the speed problem

Re: dovecot sasl support

2019-03-24 Thread Wojciech Puchar via dovecot


Why authenticating over imap takes so slow?

my saslauthd runs like that

/usr/local/sbin/saslauthd -a rimap -O 127.0.0.1 -n 0 -r

imap server is handled by dovecot of course.

to be sure it's not sendmail i've tried testsaslauthd

testsaslauthd -u woj...@puchar.net  -p mypassword

works but takes 5-10 seconds. server is lightly loaded.

telnet 127.0.0.1 imap responds instantly.

what to check?


seems like saslauthd problem, tried telnetting to imap server and entering 
login command by hand - works instantly

Re: dovecot sasl support

2019-03-24 Thread Wojciech Puchar via dovecot


but it seems sendmail strips domain name from entered login.


No, it is saslauthd. Check the documention and see the "-r" parameter of 
saslauthd.


found it a minute before reading this e-mail. thank you

works fine. almost ;)

Why authenticating over imap takes so slow?

my saslauthd runs like that

/usr/local/sbin/saslauthd -a rimap -O 127.0.0.1 -n 0 -r

imap server is handled by dovecot of course.

to be sure it's not sendmail i've tried testsaslauthd

testsaslauthd -u woj...@puchar.net  -p mypassword

works but takes 5-10 seconds. server is lightly loaded.

telnet 127.0.0.1 imap responds instantly.

what to check?

Cannot get sieve script replication to work

2019-03-24 Thread Marcel Menzel via dovecot

Hello,


I've set up dsync replication on 2 nodes and mail replication is working
flawlessly, however it seems that replicating the sieve scripts won't work.
Managesieve and sieve filter in gerneral seems to work on both nodes,
however in order to have a synchronized state, I have to log onto both
nodes with managesieve and save & activate the script.

What's funny about this is that only deactivating the active sieve
script (which removes the symlink) replicates from one node to the other
(it's gone on both nodes then), but saving a new sieve script and
activating it does not work. I cannot find anything on the internet
about this problem (only old threads where an old commit should've fixed
it), so I am asking here.

Enabling mail_debug = yes and sieve_trace_debug = yes does not print
anything useful here, the only thing I spotted was after creating and
deleting the script afterwards, the other node complained about not
being able to find the script:

dovecot[15942]: doveadm: Debug: sieve: file script: File
`/var/vmail/mcl.gg/mail/sieve/unnamed.sieve' not found
dovecot[15942]: doveadm: Debug: doveadm-sieve: Value missing for key
`vendor/vendor.dovecot/pvt/server/sieve/files/unnamed' (last change:
2019-03-24 15:24:27)

All the messages about "Debug: sieve: file storage:" are correct.

I am using Dovecot 2.3.5 (513208660) with Pigeonhole version 0.5.4
(60b0f48d) on Arch Linux 4.20.16.a-1-hardened.
I've attached both node's doveconf -n.


Kind regards,

Marcel Menzel

# 2.3.5 (513208660): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 (60b0f48d)
# OS: Linux 4.20.16.a-1-hardened x86_64 Arch Linux
# Hostname: node1
auth_verbose = yes
dict {
  quota = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}
doveadm_password = # hidden, use -P to show it
first_valid_uid = 8
imap_idle_notify_interval = 29 mins
last_valid_uid = 8
lmtp_rcpt_check_quota = yes
login_greeting = Pedo mellon a minno
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k
mail_attribute_dict = file:/var/vmail/%d/%n/dovecot-attributes
mail_debug = yes
mail_gid = mail
mail_home = /var/vmail/%d/%n
mail_location = maildir:~
mail_plugins = quota old_stats notify replication listescape
mail_privileged_group = mail
mail_uid = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date index ihave duplicate 
mime foreverypart extracttext
mbox_lock_timeout = 1 mins
mbox_write_locks = fcntl
namespace inbox {
  inbox = yes
  location =
  mailbox Archief {
special_use = \Archive
  }
  mailbox Archiv {
special_use = \Archive
  }
  mailbox Archive {
auto = subscribe
special_use = \Archive
  }
  mailbox Archives {
special_use = \Archive
  }
  mailbox Arquivo {
special_use = \Archive
  }
  mailbox Arquivos {
special_use = \Archive
  }
  mailbox Concepten {
special_use = \Drafts
  }
  mailbox "Deleted Items" {
special_use = \Trash
  }
  mailbox "Deleted Messages" {
special_use = \Trash
  }
  mailbox Drafts {
auto = subscribe
special_use = \Drafts
  }
  mailbox Entwürfe {
special_use = \Drafts
  }
  mailbox Enviados {
special_use = \Sent
  }
  mailbox "Gelöschte Objekte" {
special_use = \Trash
  }
  mailbox Gesendet {
special_use = \Sent
  }
  mailbox "Gesendete Objekte" {
special_use = \Sent
  }
  mailbox "Itens Enviados" {
special_use = \Sent
  }
  mailbox "Itens Excluídos" {
special_use = \Trash
  }
  mailbox "Itens Excluidos" {
special_use = \Trash
  }
  mailbox Junk-E-Mail {
special_use = \Junk
  }
  mailbox Junk {
auto = subscribe
autoexpunge = 30 days
special_use = \Junk
  }
  mailbox "Junk E-Mail" {
special_use = \Junk
  }
  mailbox Lixeira {
special_use = \Trash
  }
  mailbox "Lixo Eletrônico" {
special_use = \Junk
  }
  mailbox "Ongewenste e-mail" {
special_use = \Junk
  }
  mailbox Papierkorb {
special_use = \Trash
  }
  mailbox Prullenbak {
special_use = \Trash
  }
  mailbox Rascunhos {
special_use = \Drafts
  }
  mailbox Rubbish {
special_use = \Trash
  }
  mailbox Sent {
auto = subscribe
special_use = \Sent
  }
  mailbox "Sent Items" {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Spam {
special_use = \Junk
  }
  mailbox Trash {
auto = subscribe
autoexpunge = 120 days
special_use = \Trash
  }
  mailbox "Verwijderde items" {
special_use = \Trash
  }
  mailbox Verzonden {
special_use = \Sent
  }
  mailbox "Verzonden items" {
special_use = \Sent
  }
  prefix =
  separator = /
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  listescape_char = %%
  mail_replica = tcp:10.5.0.2:12345
  old_stats_refresh = 30 secs
  old_stats_track_cmds = yes
  quota = dict:User quota::proxy::quota
  quota_grace = 1

Re: dovecot sasl support

2019-03-24 Thread Alexander Dalloz via dovecot


Am 24.03.2019 um 10:01 schrieb Wojciech Puchar via dovecot:
solved by setting saslauthd to authenticate over imap - through dovecot 
server.

testsaslauthd shows it works fine.

but it seems sendmail strips domain name from entered login.


No, it is saslauthd. Check the documention and see the "-r" parameter of 
saslauthd.


Alexander

Re: Is this assumption correct?

2019-03-24 Thread Tobi Schindler via dovecot

Thanks a lot for the hint with haveged. Installed it and entropy went up by
factor 10. Seems that the SSL connections now are back to normal again.
Is there a plausible explanation why starttls has been affected much less
by this issue compared to SSL?

Christian Kivalo  schrieb am Sa., 23. März 2019, 17:09:

>
>
> On March 23, 2019 12:39:13 PM GMT+01:00, Tobi via dovecot <
> dovecot@dovecot.org> wrote:
> >Hello list
> >
> >we encounter a weird SSL issue with one of our dovecot (2.2.24 on
> >Centos6) which we can only explain if our assumtion is correct
> >Symptoms are that imaps connections (on port 993) suddenly get vry
> >slow. Up to 180s for one connection with openssl s_client The thing we
> >do not understand is that in the same time imap connections with
> >starttls are just 1s.
> >We can see that entropy on the affected system is not so high
> >
> >cat /proc/sys/kernel/random/entropy_avail
> >138
> >
> >So our current theory is: we're running short of entropy but imaps
> >connections are much more affected because they are encrypted from
> >first
> >bit. Whereas a starttls connection has an unencrypted part which
> >generates some entropy it does not use. So I can add entropy to the
> >system that other connections can use.
> >
> >We're open for any other theory but for the moment we believe (tm) that
> >this is the reason that starttls is far more less affected than SSL
> Test your assumption, install haveged and see if that helps
> >Cheers
> >
> >tobi
>
> --
> Christian Kivalo
>

Re: Weird things in the mail queue

2019-03-24 Thread Daniel Lange via dovecot

Hi Aki,

Am 21.02.19 um 12:55 schrieb Aki Tuomi:
> 
> On 21.2.2019 13.47, Lionel Elie Mamane via dovecot wrote:
>> I noticed a mail stuck in my mail queue. dovecot-lda was returning
>> error 64 Invalid parameter given. (EX_USAGE).
>>
>> Weird, weird, weird. After some sleuthing, I found the sender address
>> was firstl...@domain.tld, with a UTF8-encoded Unicode U+FEFF ZERO
>> WIDTH NO-BREAK SPACE character (AKA byte order mark) between "First"
>> and "Last" :)
>>
>> Since that is passed as the -f parameter to dovecot-lda, it was giving
>> the 64 error.
> 
> Your MTA should not be passing this along.

Unfortunately Postfix does.
It honors the robustness principle (~Postel's law) and therefore
accepts envelope senders like

from=
or
from=sm...@nampaichuanlondon.com>
or
from=
(invalid 3-byte UTF-8 .)

which are increasingly making rounds.

With a working local delivery these will just feed spamassassin or
rspamd and all is well. And may be the occasional poor Exchange
customer's email is delivered, too.

With Dovecot 2.3.4.1 and 2.3.5 dovecot-lda and lmtp
these will generate bounces that lead to backscatter spam:

postfix/pipe[22438]: D8C5E35C2600: to=, relay=dovecot, 
delay=0.22, delays=0.14/0.01/0/0.08, dsn=5.3.0, status=bounced (command line 
usage error. Command output: lda: Fatal: Invalid -f parameter: Invalid 
character in localpart )
postfix/cleanup[22433]: 0D95435C25EF: message-id=
postfix/bounce[22440]: D8C5E35C2600: sender non-delivery notification: 
0D95435C25EF
(dovecot-lda case)

and

postfix/lmtp[12829]: 6ADF135C2671: to=, 
relay=redacted[private/dovecot-lmtp], delay=0.17, delays=0.15/0.01/0.01/0, 
dsn=5.5.2, status=bounced (host redacted[private/dovecot-lmtp] said: 500 5.5.2 
Invalid command syntax (in reply to MAIL FROM command))
...
(lmtp case)

In my book an LDA should do its job and deliver the email. It should
complain about an invalid envelope sender if (and only if) it needs to
send a bounce (and thus will send that to MAILER-DAEMON instead). But it
must in no case refuse to deliver the email to a perfectly valid local
recipient. Yes, the envelope sender is flawed. But that is not the LDAs
concern. If the SMTPD was happy enough, the email has been accepted and
must not lead to a late bounce. In the case we're currently seeing this
leads to backscatter spam.

I think the right logic would be to not smtp_address_parse_path the
enveloper sender unless it is needed for legitimate bounces (e.g.
mailbox over quota). In that case a failing enveloper sender should be
replaced for the bounce. In any other case dovecot-lda and lmtp must not
bother.

Kind regards,
Daniel

Re: dovecot sasl support

2019-03-24 Thread Yassine Chaouche via dovecot


On 3/24/19 10:01 AM, Wojciech Puchar via dovecot wrote:




so it will listen on the same socket.


the effect with sendmail is as below

Mar 23 21:23:29 <2.3> puchar dovecot: auth: Error: Authentication 
client not compatible with this server (mixed old and new binaries?)



do i need to specify something while compiling sendmail to make it 
compatible?



solved by setting saslauthd to authenticate over imap - through 
dovecot server.

testsaslauthd shows it works fine.


The optimum setup though would be to auth directly against dovecot. A 
redirection through saslauthd seems unnecessary.


> but it seems sendmail strips domain name from entered login.

What backend do you use for authentication ? (system / virtual users ?)

Yassine.

Re: dovecot sasl support

2019-03-24 Thread Wojciech Puchar via dovecot


}

so it will listen on the same socket.


the effect with sendmail is as below

Mar 23 21:23:29 <2.3> puchar dovecot: auth: Error: Authentication client not 
compatible with this server (mixed old and new binaries?)



do i need to specify something while compiling sendmail to make it 
compatible?



solved by setting saslauthd to authenticate over imap - through dovecot 
server.

testsaslauthd shows it works fine.

but it seems sendmail strips domain name from entered login.

Panic

Re: imapsieve: script not triggered

v2.2.27 Panic: file rfc822-parser.h: line 23 (rfc822_parser_deinit): assertion failed: (ctx->data <= ctx->end)

Re: Sieve matching "size" with user variable?

Re: Sieve matching "size" with user variable?

Re: dovecot sasl support - solved

Re: dovecot sasl support

Re: dovecot sasl support

Cannot get sieve script replication to work

Re: dovecot sasl support

Re: Is this assumption correct?

Re: Weird things in the mail queue

Re: dovecot sasl support

Re: dovecot sasl support

14 matches

Site Navigation

Mail list logo

Footer information