Bypass quota check
Hi all, I have the following quota configuration: lmtp_rcpt_check_quota = no mail_plugins = notify mail_log quota quota = dict:User quota::file:%h/dovecot-quota quota_exceeded_message = Quota exceeded quota_rule2 = Trash:storage=+100M quota_warning = storage=100%% quota-warning -q 100 -n %n -d %d -e OverQuota quota_warning2 = storage=80%% quota-warning -q 80 -n %n -d %d -e FillQuota quota_warning3 = -storage=99%% quota-warning -q 99 -n %n -d %d -e InQuota quota_full_tempfail = yes service quota-warning { executable = script /usr/local/dovecot/quotamanager.sh unix_listener quota-warning { mail_plugins = notify mail_log quota imap_quota imap_sieve mail_plugins = notify mail_log quota sieve and the quota_rule (per-user) is retrieved by a specific SQL query in my userdb. I'm wondering if there is a way to send an email to an account even if it's in overquota? In other words: is there a way to bypass (or skip) the quota check, maybe setting a sort of ACL, for example if an email comes from a specific ip address? Thanks in advance Regards, -- Gabriele Nencioni
CVE-2019-11500 and LMTP error
Hi all, does the dovecot fixed version: 2.3.7.2, 2.2.36.4 (as the CVE-2019-11500 says) fix the LMTP error "Got unexpected reply" as well? The LMTP error "Got unexpected reply" is described here: https://dovecot.org/pipermail/dovecot/2018-August/112562.html https://dovecot.org/pipermail/dovecot/2018-August/112666.html Thanks in advance Regards, -- Gabriele Nencioni
Re: Message delivered twice caused by an LMTP error "Got unexpected reply" during upgrade to 2.3
On 10/8/18 5:33 PM, Stephan Bosch wrote: > Op 8-10-2018 om 11:43 schreef Gabriele Nencioni: >> On 8/17/18 8:17 AM, Gabriele Nencioni wrote: >>> On 08/16/2018 11:48 PM, Stephan Bosch wrote: >>>> Op 16/08/2018 om 12:01 schreef Stephan Bosch: >>>>> I have a theory. Will try something later today. >>>> Yes, I can reproduce the problem. I am working on a fix. >>> Thank you very much! >>> I'm here if you need something. >> Hi, >> does the release 2.3.3 fix this problem? > > Unfortunately, no. > > Regards, > > Stephan. Hi Stephan, does the release v2.2.36.4 or v2.3.7.2 fix this problem? Thanks in advance Regards, -- Gabriele Nencioni
Message delivered twice caused by an LMTP error "Got unexpected reply" during upgrade to 2.3
On 8/17/18 8:17 AM, Gabriele Nencioni wrote: > On 08/16/2018 11:48 PM, Stephan Bosch wrote: >> Op 16/08/2018 om 12:01 schreef Stephan Bosch: >>> I have a theory. Will try something later today. >> >> Yes, I can reproduce the problem. I am working on a fix. > > Thank you very much! > I'm here if you need something. Hi, does the release 2.3.3 fix this problem? Thanks in advance Regards, -- Gabriele Nencioni System Administrator eml gabriele.nenci...@register.it GPG Key 0x619f3b75 http://pool.sks-keyservers.net
Re: lmtp Panic Buffer write out of range
On 08/22/2018 04:03 PM, Stephan Bosch wrote: > Op 21-8-2018 om 14:57 schreef Gabriele Nencioni: >> Hi all, >> as described here: >> https://www.dovecot.org/pipermail/dovecot/2018-July/112173.html >> >> we are experiencing the same error on dovecot version 2.3.2.1 >> while it never occurs on an old version as 2.2.15 > > This looks a lot like: > https://dovecot.org/list/dovecot/2018-July/112167.html > > That one is fixed pending release. Great! Thank you very much! Do you know the release date approximately? Regards, -- Gabriele Nencioni System Administrator eml gabriele.nenci...@register.it
lmtp Panic Buffer write out of range
Hi all, as described here: https://www.dovecot.org/pipermail/dovecot/2018-July/112173.html we are experiencing the same error on dovecot version 2.3.2.1 while it never occurs on an old version as 2.2.15 It followings the error logs: On an upgraded dovecot backend: Aug 21 12:03:51 backend20 dovecot: lmtp(te...@internalinboundcm.eu): Panic: Buffer write out of range (789 + 18446744073709551606) /var/log/dovecot_lmtp_20180821.12.log-Aug 21 12:03:51 monti-backend20 dovecot: lmtp(te...@internalinboundcm.eu): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0xcb851) [0x7f78e6f0a851] -> /usr/lib/dovecot/libdovecot.so.0(+0xcb8e9) [0x7f78e6f0a8e9] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f78e6e78851] -> /usr/lib/dovecot/libdovecot.so.0(buffer_write+0x131) [0x7f78e6f04871] -> /usr/lib/dovecot/libdovecot-sieve.so.0(rfc2822_header_append+0xcf) [0x7f78e531613f] -> /usr/lib/dovecot/libdovecot-sieve.so.0(+0x7d35b) [0x7f78e531335b] -> /usr/lib/dovecot/libdovecot-sieve.so.0(edit_mail_header_add+0x1b) [0x7f78e531525b] -> /usr/lib/dovecot/libdovecot-sieve.so.0(+0x73014) [0x7f78e5309014] -> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_interpreter_continue+0x81) [0x7f78e52d2a11] -> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_interpreter_run+0x2b) [0x7f78e52d2c7b] -> /usr/lib/dovecot/libdovecot-sieve.so.0(+0x51000) [0x7f78e52e7000] -> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_multiscript_run+0x3a) [0x7f78e52e7eba] -> /usr/lib/dovecot/modules/lib90_sieve_plugin.so(+0x38f0) [0x7f78e554e8f0] -> /usr/lib/dovecot/libdovecot-lda.so.0(mail_deliver+0xf0) [0x7f78e750da30] -> dovecot/lmtp [81.88.49.172 DATA](lmtp_local_data+0x4f1) [0x5582554451d1] -> dovecot/lmtp [81.88.49.172 DATA](cmd_data_continue+0x243) [0x558255443ee3] -> /usr/lib/dovecot/libdovecot.so.0(+0x4c402) [0x7f78e6e8b402] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7f78e6f228a9] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) [0x7f78e6f24199] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7f78e6f229b2] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f78e6f22bc8] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f78e6e9cff3] -> dovecot/lmtp [81.88.49.172 DATA](main+0x240) [0x558255442f70] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f78e6ac02e1] -> dovecot/lmtp [81.88.49.172 DATA](_start+0x2a) [0x5582554430ba] while once the user te...@internalinboundcm.eu has been moved on an old dovecot backend, with the "doveadm director move" command the message has been properly delivered at next retry attempt: Aug 21 12:32:31 backend01 dovecot: lmtp(te...@internalinboundcm.eu): copy from : box=Spam, uid=1, msgid= Aug 21 12:32:31 backend01 dovecot: lmtp(te...@internalinboundcm.eu): Zv32Lzbqe1tSLQAAF5Yx/g: sieve: msgid=: stored mail into mailbox 'Spam' As you can see the message was detected as spam Let me know if you need more info or details (such us the original message or the sieve filter that trigger the problem) Thanks in advance Regards -- Gabriele Nencioni System Administrator eml gabriele.nenci...@register.it
Re: Message delivered twice caused by an LMTP error "Got unexpected reply" during upgrade to 2.3
On 08/16/2018 11:48 PM, Stephan Bosch wrote: > Op 16/08/2018 om 12:01 schreef Stephan Bosch: >> I have a theory. Will try something later today. > > Yes, I can reproduce the problem. I am working on a fix. Thank you very much! I'm here if you need something. Regards, -- Gabriele Nencioni System Administrator eml gabriele.nenci...@register.it
Re: Message delivered twice caused by an LMTP error "Got unexpected reply" during upgrade to 2.3
>>> On 08/09/2018 09:12 AM, Stephan Bosch wrote >>>>>> Can you make a pcap log of the LMTP communication between the two >>>>>> Dovecot hosts? That may give me a clue on which side of the >>>>>> communication is causing the issue. >>>>> Yes sure, where I can send it? >>>>> Here on list or at your address? >>>> >>>> Just send it to me. On 08/16/2018 10:21 AM, Stephan Bosch wrote: > Op 16/08/2018 om 09:46 schreef Gabriele Nencioni: >> On 08/15/2018 06:39 PM, Stephan Bosch wrote: >>> Op 15-8-2018 om 17:19 schreef Stephan Bosch: >>>> >>>> Op 13-8-2018 om 15:50 schreef Gabriele Nencioni: >>>>> So the scenario seems to be: >>>>> the error occurs between old directors and new backends >>>>> and between the new backends and the smtp submission_host (for >>>>> redirection) >>>>> and using the pipeline capability and attaching a file >>>>> >>>>> Let me know if you need more info >>>> In this case it is possible to obtain a debug log by enabling >>>> mail_debug=yes. Can you obtain a full debug log for such a failing >>>> submission session? >> Ok! It is attached. > > That is just weird. Dovecot reports that it cannot fully send the last > bits of the message and right thereafter the reply is received, which > Dovecot then interprets as out-of-sequence. The PCAP files tell me the > final CRLF.CRLF is actually sent to the other side, but somehow Dovecot > thinks it couldn't do that yet. > > Is this problem occurring for any and all SMTP client interactions, or > just every once in a while? Unfortunately it occurs just every once in a while and it is weird because at the second attempt the message is successful delivered or redirected. >>> Also, I don't see anything weird in the PCAP files: the command-reply >>> sequence is OK. This means that this is likely a bug in the current >>> Dovecot version. Those debug logs should tell me more. >> Ok! Which version of dovecot do you suggest to install? >> On debian current stable (stretch) repository there is the version >> number 2.2.27, have we to install it? > > If you're facing big trouble it is usually best to revert to the > previous version that worked I guess. Ok I'm agree! So, about you, which version can I try to install the 2.2.27 or the previous release of the 2.3 version such as v2.3.2 2018-06-29 or v2.3.1 2018-02-29? Regards, -- Gabriele Nencioni System Administrator eml gabriele.nenci...@register.it
Re: Message delivered twice caused by an LMTP error "Got unexpected reply" during upgrade to 2.3
On 08/08/2018 06:04 PM, Stephan Bosch wrote: > Hi Hi and thanks for your reply. > Can you make a pcap log of the LMTP communication between the two > Dovecot hosts? That may give me a clue on which side of the > communication is causing the issue. Yes sure, where I can send it? Here on list or at your address? Regards -- Gabriele Nencioni System Administrator eml gabriele.nenci...@register.it
Message delivered twice caused by an LMTP error "Got unexpected reply" during upgrade to 2.3
il_log_prefix = "%s(%Lu)<%{session}>: " mail_max_userip_connections = 500 passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql skip = authenticated } protocols = imap pop3 lmtp service auth-worker { user = dovecot } service auth { client_limit = 0 } service director { fifo_listener login/proxy-notify { mode = 0666 } inet_listener { port = 9090 } unix_listener director-userdb { mode = 0600 } unix_listener login/director { mode = 0666 } } service doveadm { inet_listener { port = 24242 } } service imap-login { client_limit = 12000 executable = imap-login director process_limit = 0 process_min_avail = 4 service_count = 0 } service ipc { unix_listener ipc { user = $default_internal_user } } service lmtp { client_limit = 1 executable = lmtp -L inet_listener lmtp { port = 24 } process_limit = 240 process_min_avail = 20 service_count = 1 } service pop3-login { client_limit = 12000 executable = pop3-login director process_limit = 0 process_min_avail = 4 service_count = 0 } ssl = no userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } verbose_proctitle = yes protocol doveadm { auth_socket_path = director-userdb } protocol lmtp { auth_socket_path = director-userdb mail_plugins = } # 2.2.15.14 (39f57c379ded+): /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.9 auth_cache_negative_ttl = 0 auth_worker_max_count = 500 default_vsz_limit = 1 G disable_plaintext_auth = no doveadm_password = first_valid_uid = 508 last_valid_uid = 508 lda_mailbox_autocreate = yes log_timestamp = "%Y-%m-%d %H:%M:%S " login_log_format_elements = user=<%Lu> method=%m rip=%r lip=%l mpid=%e %c session=<%{session}> login_trusted_networks = 192.168.72.201 192.168.72.202 192.168.72.203 192.168.72.204 192.168.72.205 192.168.72.206 192.168.72.207 192.168.72.208 mail_fsync = always mail_gid = 508 mail_location = maildir:~/Maildir mail_log_prefix = "%s(%Lu)<%{session}>: " mail_max_userip_connections = 30 mail_plugins = notify mail_log quota mail_uid = 508 maildir_very_dirty_syncs = yes mmap_disable = yes namespace { hidden = yes list = no location = prefix = separator = . } namespace inbox { inbox = yes location = mailbox Drafts { auto = create special_use = \Drafts } mailbox Sent { auto = create special_use = \Sent } mailbox Spam { auto = create special_use = \Junk } mailbox Trash { auto = create special_use = \Trash } prefix = INBOX. separator = . } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql skip = authenticated } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid quota = dict:User quota::file:%h/dovecot-quota quota_exceeded_message = Quota exceeded quota_rule2 = Trash:storage=+100M quota_warning = storage=100%% quota-warning -q 100 -n %n -d %d -e OverQuota quota_warning2 = storage=80%% quota-warning -q 80 -n %n -d %d -e FillQuota quota_warning3 = -storage=99%% quota-warning -q 99 -n %n -d %d -e InQuota sieve = ~/.dovecot.sieve sieve_extensions = +editheader sieve_max_redirects = 15 sieve_vacation_default_period = 1h } quota_full_tempfail = yes service auth-worker { user = dovecot } service auth { client_limit = 15000 } service doveadm { inet_listener { port = 24242 } } service imap-login { process_limit = 0 process_min_avail = 16 service_count = 0 } service imap { executable = imap postlogin process_limit = 7000 service_count = 2300 } service lmtp { client_limit = 1 executable = lmtp -L inet_listener lmtp { address = 192.168.72.129 127.0.0.1 port = 24 } process_limit = 240 process_min_avail = 20 service_count = 10 } service pop3-login { process_limit = 0 process_min_avail = 16 service_count = 0 } service pop3 { executable = pop3 postlogin process_limit = 7000 service_count = 2300 } ssl = no submission_host = userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } verbose_proctitle = yes protocol imap { imap_client_workarounds = delay-newmail mail_plugins = notify mail_log quota imap_quota } protocol pop3 { pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_fast_size_lookups = yes pop3_no_flag_updates = yes pop3_uidl_format = %f } protocol lmtp { mail_plugins = notify mail_log quota sieve passdb { args = /etc/dovecot/dovecot-lmtp.conf driver = sql name = } userdb { args = /etc/dovecot/dovecot-lmtp.conf driver = sql name = result_failure = return-fail skip = never } } Please could someone help me? How can I fix that error, in order to avoid the duplicated email? Thanks in advance Regards, -- Gabriele Nencioni System Administrator eml gabriele.nenci...@register.it