Re: Dovecot process died with assertion failed
Hi, This problem was solved at Dovecot v2.3.9.3. Thank you. Regards, - Original Message - > Hi, > > I'm testing Dovecot v2.3.9.2. > So, I found a problem that a Dovecot process termed with Panic, like below: > > Feb 10 08:50:09 imap(us...@example.com)<38440>: Panic: file > message-snippet.c: line 71 (snippet_add_content): assertion failed: (*count_r > <= size) > Feb 10 08:50:09 imap(us...@example.com)<38440>: Error: Raw > backtrace: > /usr/local/dovecot-2.3.9.2/lib/dovecot/libdovecot.so.0(backtrace_append+0x3b) > [0x7fee4c46331b] -> > /usr/local/dovecot-2.3.9.2/lib/dovecot/libdovecot.so.0(backtrace_get+0x1e) > [0x7fee4c46346e] -> > /usr/local/dovecot-2.3.9.2/lib/dovecot/libdovecot.so.0(+0xfc90b) > [0x7fee4c46f90b] -> > /usr/local/dovecot-2.3.9.2/lib/dovecot/libdovecot.so.0(+0xfc9c1) > [0x7fee4c46f9c1] -> > /usr/local/dovecot-2.3.9.2/lib/dovecot/libdovecot.so.0(i_fatal+0) > [0x7fee4c3b470a] -> > /usr/local/dovecot-2.3.9.2/lib/dovecot/libdovecot.so.0(+0xdea53) > [0x7fee4c451a53] -> > /usr/local/dovecot-2.3.9.2/lib/dovecot/libdovecot-storage.so.0(+0xdcd98) > [0x7fee4c80bd98] -> > /usr/local/dovecot-2.3.9.2/lib/dovecot/libdovecot-storage.so.0(+0xdd1a5) > [0x7fee4c80c1a5] -> > /usr/local/dovecot-2.3.9.2/lib/dovecot/libdovecot-storage.so.0(index_mail_get_special+0x2c1) > [0x7fee4c80c591] -> > /usr/local/dovecot-2.3.9.2/lib/dovecot/libdovecot-storage.so.0(dbox_mail_get_special+0x48) > [0x7fee4c7adeb8] -> > /usr/local/dovecot-2.3.9.2/lib/dovecot/libdovecot-storage.so.0(+0x78f2b) > [0x7fee4c7a7f2b] -> > /usr/local/dovecot-2.3.9.2/lib/dovecot/libdovecot-storage.so.0(mail_get_special+0x10) > [0x7fee4c76f3e0] -> dovecot-backend-server/imap [us...@example.com > 10.16.2.10 UID FETCH](+0x2645b) [0x55ffc6c5845b] -> > dovecot-backend-server/imap [us...@example.com 10.16.2.10 UID > FETCH](+0x239df) [0x55ffc6c559df] -> dovecot-backend-server/imap > [us...@example.com 10.16.2.10 UID FETCH](imap_fetch_more+0x35) > [0x55ffc6c578b5] -> dovecot-backend-server/imap [us...@example.com 10.16.2.10 > UID FETCH](cmd_fetch+0x35f) [0x55ffc6c44aaf] -> dovecot-backend-server/imap > [us...@example.com 10.16.2.10 UID FETCH](command_exec+0xb9) [0x55ffc6c535b9] > -> dovecot-backend-server/imap [us...@example.com 10.16.2.10 UID > FETCH](+0x1eacf) [0x55ffc6c50acf] -> dovecot-backend-server/imap > [us...@example.com 10.16.2.10 UID FETCH](+0x1eb87) [0x55ffc6c50b87] -> > dovecot-backend-server/imap [us...@example.com 10.16.2.10 UID > FETCH](client_handle_input+0x215) [0x55ffc6c51885] -> > dovecot-backend-server/imap [us...@example.com 10.16.2.10 UID > FETCH](client_input+0x7e) [0x55ffc6c5206e] -> > /usr/local/dovecot-2.3.9.2/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x7b) > [0x7fee4c48bcdb] -> > /usr/local/dovecot-2.3.9.2/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x105) > [0x7fee4c48dd55] -> > /usr/local/dovecot-2.3.9.2/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x59) > [0x7fee4c48bde9] -> > /usr/local/dovecot-2.3.9.2/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) > [0x7fee4c48c098] -> > /usr/local/dovecot-2.3.9.2/lib/dovecot/libdovecot.so.0(master_service_run+0x13) > [0x7fee4c3e9623] -> dovecot-backend-server/imap [us...@example.com > 10.16.2.10 UID FETCH](main+0x367) [0x55ffc6c40d37] -> > /lib64/libc.so.6(__libc_start_main+0xf5) [0x7fee4bfc7545] -> > dovecot-backend-server/imap [us...@example.com 10.16.2.10 UID FETCH](+0xefb4) > [0x55ffc6c40fb4] > Feb 10 08:50:09 imap(us...@example.com)<38440>: Fatal: > master: service(imap): child 38440 killed with signal 6 (core dumps disabled > - https://dovecot.org/bugreport.html#coredumps) > > It was occurred this by a mail had ISO-2022-JP content (Single part mail). > I saw that the mail was not strange. > When I appended the mail with IMAP APPEND command, that no problem happened. > I think the problem comes by LMTP only. > > Any idea? > > Regards, > > -- > Tachibana, Masashi QUALITIA CO., LTD. > mailto:tachib...@qualitia.co.jp > https://www.qualitia.co.jp/ > -- TACHIBANA Masashi QUALITIA CO., LTD. mailto:tachib...@qualitia.co.jp https://www.qualitia.co.jp/
Shared Mailboxes with Multiple Domains
Trying to track down a problem I've been dealing with for a while. Everything else works fine - the problem is with shared mailboxes. My present, and desired, prefix for the shared namespace is: prefix = INBOX/shared/%%d/%%n/ Some mail clients, particularly Thunderbird and Android's AquaMail, have no problem with this. But other (presumably broken) clients don't show the shared mailboxes. This includes EM Client and Webmail Lite. Actually, Webmail Lite lists the mailboxes in the subscription window, but then the "live" folder list shows "shared" and "shared/domain" but none of the shared mailboxes below the domain. Changing to: prefix = INBOX/shared/%%u/ Works across all clients - but I'd rather have the domain separation. Testing with telnet ". LIST '' '*'" yields the full list with either config. The files /var/mail/%d/shared-mailboxes contain entries like: shared/shared-boxes/group/allshared/u...@domain.com 1 Below is "doveconf -n" output. # 2.3.9.3 (9f41b88fa): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.5.9 (db4e9a2f) # OS: Linux 5.3.0-28-generic x86_64 Ubuntu 18.04.4 LTS # Hostname: bubba.amfes.lan auth_cache_size = 4 k auth_master_user_separator = * auth_mechanisms = plain login auth_policy_hash_nonce = # hidden, use -P to show it auth_policy_hash_truncate = 8 auth_policy_server_api_header = Authorization: Basic d2ZvcmNlOnVsdHJhLXNlY3JldC1zZWN1cmUtc2FmZQ default_login_user = nobody default_vsz_limit = 2 G disable_plaintext_auth = no imap_client_workarounds = tb-extra-mailbox-sep imap_idle_notify_interval = 29 mins listen = * login_trusted_networks = 192.168.0.0/24 mail_attachment_hash = %{sha512} mail_plugins = fts fts_solr acl zlib virtual mail_prefetch_count = 10 mail_shared_explicit_inbox = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext mdbox_rotate_size = 20 M namespace archives { list = children location = mdbox:/var/mail/%d/%n/Archives/mdbox mailbox Unsorted { auto = no special_use = \Archive } prefix = INBOX/Archives/ separator = / subscriptions = no type = private } namespace inbox { hidden = no inbox = yes list = yes location = mailbox "Deleted Messages" { auto = no autoexpunge = 30 days special_use = \Trash } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Items" { auto = no special_use = \Sent } mailbox "Sent Messages" { auto = no special_use = \Sent } mailbox Trash { auto = subscribe autoexpunge = 30 days special_use = \Trash } prefix = INBOX/ separator = / subscriptions = no type = private } namespace lists { list = children location = mdbox:/var/mail/%d/%n/Lists/mdbox prefix = INBOX/Lists/ separator = / subscriptions = no type = private } namespace subscriptions { hidden = yes list = no location = prefix = subscriptions = yes } namespace usershares { list = children location = sdbox:/var/mail/%%d/%%n/sdbox:NO-NOSELECT prefix = INBOX/shared/%%d/%%n/ separator = / subscriptions = no type = shared } namespace virtual { list = children location = virtual:/var/mail/%d/%n/virtual mailbox Flagged { comment = All my flagged messages special_use = \Flagged } prefix = INBOX/virtual/ separator = / subscriptions = no } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile acl_shared_dict = file:/var/mail/%d/shared-mailboxes fts = solr fts_autoindex = yes fts_autoindex_exclude = \Trash fts_autoindex_exclude2 = \Junk fts_autoindex_exclude3 = \Spam fts_enforced = no fts_index_timeout = 20s fts_solr = url=http://127.0.0.1:8983/solr/dovecot/ mailbox_alias_new = Sent Messages mailbox_alias_new2 = Sent Items mailbox_alias_new3 = Deleted Messages mailbox_alias_old = Sent mailbox_alias_old2 = Sent mailbox_alias_old3 = Trash sieve = file:~/sieve;active=~/.dovecot.sieve } protocols = imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = mail mode = 0600 user = vmail } } service dict { unix_listener dict { group = mail mode = 0660 user = vmail } } service imap-login { process_min_avail = 10 service_count = 1 } service imap-postlogin { executable = script-login /usr/local/etc/dovecot/post-login.sh user = $default_internal_user } service imap { executable = imap imap-postlogin vsz_limit = 4 G } service indexer-worker { process_limit = 3 } service lmtp { process_min_avail = 5 unix_listener /var/spool/postfix/private/
encrypted storage on the fly using user's password without storing password on the server
Hi all, I just joined the list. I've read through the mail-crypt plugin docs here https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/ I'm still unclear (I'm not an expert) about the following: Is it possible to obtain on-the-fly encrypted storage using the user's password without the password being stored on the server? Basically a zero-knowledge solution. Theoretically this should be possible as the user provides the password when storing or retrieving emails. The above plugin docs don't make it clear for me whether it is supported. Could a kind clarify? I'd also be very grateful for a working conf as an example. Best wishes and thanks in advance, Alex.
[FOR THE RECORD] CLIENTID Extension for IMAP/SMTP AUTH in dovecot
More and more email clients are now starting to support the CLIENTID extension for IMAP, including 'libetpan', SaneBox, BlueMail, and now as of Thunderbird 68.5.0, available there as well. This allows for a form of native two factor support, permission token, and/or access control to prevent the unauthorized use of email address and password. (For more information, please see the RFC Drafts, or reach out to us off list for details) While the version of dovecot we use has supported it for some time now, we would like to make it available for more email providers who use dovecot. For the record, for those interested in having your dovecot support transparent multi-factor, in your implementation, you will have to compile it with the patch listed in: https://github.com/dovecot/core/pull/86 Once that is done, please feel free to reach out to us for the dovecot plugin, that enables CLIENTID to be supported in the IMAP protocol. -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company.
Re: feature request for setting alternative pidfile
On 12.02.20 17:32, Aki Tuomi wrote: > You can use base_dir to specify an instance directory where files are stored > under. that works well, thanks! Björn
Doveadm Sync problem with symbolic folders
Hi, i have two servers (debian 10) that synchronize the emails bidirectionally with Doveadm Sync (dovecot 2.3.4.1). Before updating to debian 10, then with dovecot 2.2, I could also synchronize symbolic folders (made with ln-s) without any problems. Now, however, it continues to create temporary folders (e.g. Sent-temp-1 etc.) and I am forced to stop synchronization. Is there any way to make Doveadm Sync ignore symbolic folders? Thanks a lot, Luca Scaglia
tcpwraper errors with v2.3.9.3
My system was working fine with version 2.3.9.2. I upgraded to 2.3.9.3 and I am getting tcpwraper errors: imap-login: Error: connect(tcpwrap) failed: No such file or directory Here's my config: login_access_sockets = tcpwrap service tcpwrap { unix_listener login/tcpwrap { group = $default_login_user mode = 0600 user = $default_login_user } } Any ideas what's happening? -- Bob Wooldridge EDM Incorporated
tcpwraper errors with v2.3.9.3
My system was working fine with version 2.3.9.2. I upgraded to 2.3.9.3 and I am getting tcpwraper errors: imap-login: Error: connect(tcpwrap) failed: No such file or directory Here's my config: login_access_sockets = tcpwrap service tcpwrap { unix_listener login/tcpwrap { group = $default_login_user mode = 0600 user = $default_login_user } } Any ideas what's happening? -- Bob Wooldridge
Re: feature request for setting alternative pidfile
> On 12/02/2020 17:43 Bjoern Jacke wrote: > > > Hi, > > because of an unsupported combination of configuration parameters for > different dovecot services I looked into setting up two dovecot > instances with different configurations on the same host. It looks like > running two different dovecot instances on the same host is not easily > possible because the pidfile seems to be hard-coded and there is no way > to tell dovecot to use a different one, right? It would be great if this > could be made customizable. > > Björn You can use base_dir to specify an instance directory where files are stored under. Aki
feature request for setting alternative pidfile
Hi, because of an unsupported combination of configuration parameters for different dovecot services I looked into setting up two dovecot instances with different configurations on the same host. It looks like running two different dovecot instances on the same host is not easily possible because the pidfile seems to be hard-coded and there is no way to tell dovecot to use a different one, right? It would be great if this could be made customizable. Björn
Re: Dovecot/doveadm quota
In webhosting customers usually see their physical disk usage used (quota on filesystem), and it causes a lot of confusion when numbers don't match with doveadm quota at all. What's your opinion on these: 1) Should indexes (including FTS indexes stored in Maildir) be counted in the mail quota? 2) Shouldn't doveadm quota have a flag for real disk usage, so that if emails are compressed, their real size would be quoted? 3) Shouldn't dovecot rely on st_blocks instead of fstat's st_size? (a benefit for this: in this case converted maildir files without S=... would still be counted into the space used) A short yes/no to 1, 2, 3 would be appreciated. Thank you! -- Best regards, Martynas Bendorius > On 2020-02-12, at 14:21, Aki Tuomi wrote: > > I think that most admins do not really care about physical disk usage as > long as it's not exceeded, and most service providers prefer calculating > quota against apparent usage instead of real usage, so they can charge > you for that. > > Aki > > On 8.2.2020 18.16, Martynas Bendorius wrote: >> Doesn't it currently confuse them? Because they'd reach their quota, while >> actually there would be a lot of disk space left :) + their whole mailbox >> could take a lot more space due to indexes and other files in the >> filesystem, and quota would not be reached. >> >> Also, I've dovecot is using fstat's st_size parameter. This is not >> "correct", in that the actual space used on disk is always higher. >> >> If we count the number of 512B blocks used (st_blocks), and multiply by 512 >> to get the true disk usage. >> >> I'll be looking forward for your feedback/ideas. >> >> Thank you! >> >> -- >> Best regards, >> Martynas Bendorius >> >> >>> On 2020-02-08, at 17:57, Max Kostikov wrote: >>> >>> I think these changes will confuse users because calculated quota wouldn't >>> be equals with total messages sizes. >>> >>> Marsistynas Bendorius писал 2020-02-07 11:07: Is there any reason why dovecot relies on S= instead of real disk size email takes? 1) compressed mails take less than than the S= specified 2) we could avoid using "S=" for the lookups and count every file there, including indexes and mails without S=... if we'd read filesizes >>> >>> -- >>> With best regards, >>> Max Kostikov >>> >>> W: https://kostikov.co | DeltaChat: m...@eprove.net
Re: Dovecot/doveadm quota
I think that most admins do not really care about physical disk usage as long as it's not exceeded, and most service providers prefer calculating quota against apparent usage instead of real usage, so they can charge you for that. Aki On 8.2.2020 18.16, Martynas Bendorius wrote: > Doesn't it currently confuse them? Because they'd reach their quota, while > actually there would be a lot of disk space left :) + their whole mailbox > could take a lot more space due to indexes and other files in the filesystem, > and quota would not be reached. > > Also, I've dovecot is using fstat's st_size parameter. This is not "correct", > in that the actual space used on disk is always higher. > > If we count the number of 512B blocks used (st_blocks), and multiply by 512 > to get the true disk usage. > > I'll be looking forward for your feedback/ideas. > > Thank you! > > -- > Best regards, > Martynas Bendorius > > >> On 2020-02-08, at 17:57, Max Kostikov wrote: >> >> I think these changes will confuse users because calculated quota wouldn't >> be equals with total messages sizes. >> >> Marsistynas Bendorius писал 2020-02-07 11:07: >>> Is there any reason why dovecot relies on S= instead of real disk size >>> email takes? >>> 1) compressed mails take less than than the S= specified >>> 2) we could avoid using "S=" for the lookups and count every file >>> there, including indexes and mails without S=... if we'd read >>> filesizes >> >> -- >> With best regards, >> Max Kostikov >> >> W: https://kostikov.co | DeltaChat: m...@eprove.net
Re: Dovecot v2.3.9.3 released
> On 12/02/2020 14:10 Martynas Bendorius wrote: > > > # wget https://dovecot.org/releases/2.3/dovecot-2.3.9.3.tar.gz > --2020-02-12 05:09:26-- > https://dovecot.org/releases/2.3/dovecot-2.3.9.3.tar.gz > Resolving dovecot.org (dovecot.org)... 94.237.12.234, > 2a04:3545:1000:720:acc1:5bff:fe5e:4e9 > Connecting to dovecot.org (dovecot.org)|94.237.12.234|:443... connected. > HTTP request sent, awaiting response... 403 Forbidden > 2020-02-12 05:09:26 ERROR 403: Forbidden. > > -- > Best regards, > Martynas Bendorius > > > > On 2020-02-12, at 14:04, Aki Tuomi wrote: > > > > We are pleased to release v2.3.9.3 of Dovecot. Please find it from > > locations below > > > > https://dovecot.org/releases/2.3/dovecot-2.3.9.3.tar.gz > > https://dovecot.org/releases/2.3/dovecot-2.3.9.3.tar.gz.sig > > Binary packages in https://repo.dovecot.org/ > > Docker images in https://hub.docker.com/r/dovecot/dovecot > > > > --- > > > > v2.3.9.3 2019-02-12 Aki Tuomi > > > > * CVE-2020-7046: Truncated UTF-8 can be used to DoS > > submission-login and lmtp processes. > > * CVE-2020-7957: Specially crafted mail can crash snippet generation. > > > > > > Thanks for reporting this, it has been fixed! Sorry! Aki
Re: Dovecot v2.3.9.3 released
# wget https://dovecot.org/releases/2.3/dovecot-2.3.9.3.tar.gz --2020-02-12 05:09:26-- https://dovecot.org/releases/2.3/dovecot-2.3.9.3.tar.gz Resolving dovecot.org (dovecot.org)... 94.237.12.234, 2a04:3545:1000:720:acc1:5bff:fe5e:4e9 Connecting to dovecot.org (dovecot.org)|94.237.12.234|:443... connected. HTTP request sent, awaiting response... 403 Forbidden 2020-02-12 05:09:26 ERROR 403: Forbidden. -- Best regards, Martynas Bendorius > On 2020-02-12, at 14:04, Aki Tuomi wrote: > > We are pleased to release v2.3.9.3 of Dovecot. Please find it from > locations below > > https://dovecot.org/releases/2.3/dovecot-2.3.9.3.tar.gz > https://dovecot.org/releases/2.3/dovecot-2.3.9.3.tar.gz.sig > Binary packages in https://repo.dovecot.org/ > Docker images in https://hub.docker.com/r/dovecot/dovecot > > --- > > v2.3.9.3 2019-02-12 Aki Tuomi > > * CVE-2020-7046: Truncated UTF-8 can be used to DoS > submission-login and lmtp processes. > * CVE-2020-7957: Specially crafted mail can crash snippet generation. > > >
CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and lmtp processes
Open-Xchange Security Advisory 2020-02-12 Affected product: Dovecot Core Internal reference: DOV-3744 (JIRA ID) Vulnerability type: Improper Input Validation (CWE-30) Vulnerable version: 2.3.9 Vulnerable component: submission-login, lmtp Fixed version: 2.3.9.3 Report confidence: Confirmed Solution status: Fixed Researcher credits: Open-Xchange oy Vendor notification: 2020-01-14 CVE reference: CVE-2020-7046 CVSS: 7.5 (CVSS3.1:AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Vulnerability Details: lib-smtp doesn't handle truncated command parameters properly, resulting in infinite loop taking 100% CPU for the process. This happens for LMTP (where it doesn't matter so much) and also for submission-login where unauthenticated users can trigger it. Risk: Attacker can cause submission-login and lmtp processes to be exhausted, leading into denial of service and CPU resource exhaustion. Solution: Upgrade to 2.3.9.3. signature.asc Description: OpenPGP digital signature
CVE-2020-7957: Specially crafted mail can crash snippet generation
Open-Xchange Security Advisory 2020-02-12 Affected product: Dovecot Core Internal reference: DOV-3743 (JIRA ID) Vulnerability type: Improper Input Validation (CWE-30) Vulnerable version: 2.3.9 Vulnerable component: lmtp, imap Fixed version: 2.3.9.3 Report confidence: Confirmed Solution status: Fixed Researcher credits: Open-Xchange oy Vendor notification: 2020-01-14 CVE reference: CVE-2020-7957 CVSS: 3.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) Vulnerability Details: Snippet generation crashes if: message is large enough that message-parser returns multiple body blocks The first block(s) don't contain the full snippet (e.g. full of whitespace) input ends with '>' Risk: Sending specially crafted email can cause mailbox to have permanently unaccessible mail, or the mail can be stuck in delivery. Solution: Upgrade to 2.3.9.3 signature.asc Description: OpenPGP digital signature
Dovecot v2.3.9.3 released
We are pleased to release v2.3.9.3 of Dovecot. Please find it from locations below https://dovecot.org/releases/2.3/dovecot-2.3.9.3.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.9.3.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot --- v2.3.9.3 2019-02-12 Aki Tuomi * CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and lmtp processes. * CVE-2020-7957: Specially crafted mail can crash snippet generation. signature.asc Description: OpenPGP digital signature