Purges now happen 5 times faster

Hi all, I use Claws-Mail to look inside my local (same metal) Dovecot server. All incoming mail is dumped into Dovecot folders via procmail. All of a sudden today, mass purges of "marked for delete" happen about 5 times faster. The process used to be a significant productivity destroyer, but now

Re: v2.2.27 Panic: file rfc822-parser.h: line 23 (rfc822_parser_deinit): assertion failed: (ctx->data <= ctx->end)

Hi Hendrik, Hendrik Boom via dovecot wrote on 29/3/19 4:03 am: > On Wed, Mar 27, 2019 at 10:25:02AM +1100, Jason Lewis via dovecot wrote: >> Hi Aki, >> >> debian jessie backports has been moved to archive.debian.org and >> initially I was unable to install dovecot-dbg because of that. But I've >>

Apparmor problem

Hi there, I know this isn't a Dovecot issue, but hope that somebody can helps me. I've successfully installed and configured Dovecot to a Debian 9 server. Looks like everything works as well, I just see a line in the log when I send a mail: Mar 28 22:21:47 mailng kernel: [3150146.825007] audit:

Re: configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed

Set ssl_client_ca_file=/path/to/cacert.pem to validate the certificate >>> >>> Can this be the Lets Encrypt cert that we already have? In other words we >>> have: >>> ssl_cert = >> ssl_key = >> >>> Can those be used? >> >> Set it to *CA* cert. You can also use >> >>

Re: configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed

On 28 March 2019 22:02 Aki Tuomi via dovecot wrote: On 28 March 2019 21:52 Robert Kudyba wrote: Set

Re: configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed

On 28 March 2019 21:52 Robert Kudyba wrote: Set ssl_client_ca_file=/path/to/cacert.pem to validate the certificate  Can this

Re: configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed

> Set > > ssl_client_ca_file=/path/to/cacert.pem to validate the certificate Can this be the Lets Encrypt cert that we already have? In other words we have: ssl_cert = Are you using haproxy or something in front of dovecot? No. Just Squirrelmail webmail with sendmail.

Re: configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed

On 28 March 2019 21:31 Robert Kudyba wrote: On Mar 28, 2019, at 10:29 AM, Aki Tuomi via dovecot < dovecot@dovecot.org> wrote: On 28 March 2019

Re: configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed

> On Mar 28, 2019, at 10:29 AM, Aki Tuomi via dovecot > wrote: > >> On 28 March 2019 16:08 Robert Kudyba via dovecot wrote: >> >> >> dovecot-2.3.3-1.fc29.x86_64 >> >> Mar 28 10:04:47 auth: Panic: file http-client-request.c: line 283 >> (http_client_request_unref): assertion failed:

Re: Hibernation and proxy

On 28 March 2019 20:12 azu...@pobox.sk wrote: Citát Aki Tuomi < aki.tu...@open-xchange.com>: >> On 28 March 2019 17:46 azurit--- via dovecot < dovecot@dovecot.org> >> wrote:

Re: Hibernation and proxy

Citát Aki Tuomi : On 28 March 2019 17:46 azurit--- via dovecot < dovecot@dovecot.org> wrote: Hi, does hibernation works well with proxy? Are proxy connections hibernated or not? azur hibernation only happens on backends. --- Aki Tuomi And if i have

Re: Regression ACL & namespace prefix

Hi, were you able to reproduce this problem? Do you need more information to reproduce this? Cheers, Michal Hlavinka On 3/12/19 3:29 PM, Michal Hlavinka wrote: Hi, thanks for the answer. I think your environment was not set up correctly to reproduce this bug. I've retested with 2.3.5 and I

Re: pigeonhole tests crashing in deleteheader.svtest

> On 28 March 2019 19:40 Michal Hlavinka via dovecot > wrote: > > > Hi, > > when trying to build dovecot 2.3.5.1 pigeonhole testsuite crashes in > Which version of pigeonhole are you using? Aki

pigeonhole tests crashing in deleteheader.svtest

Hi, when trying to build dovecot 2.3.5.1 pigeonhole testsuite crashes in Test case: ./tests/extensions/editheader/deleteheader.svtest: 1: Test 'Deleteheader - nonexistent' SUCCEEDED 2: Test 'Deleteheader - nonexistent (match)' SUCCEEDED 3: Test 'Deleteheader - one' SUCCEEDED 4: Test

Re: v2.2.27 Panic: file rfc822-parser.h: line 23 (rfc822_parser_deinit): assertion failed: (ctx->data <= ctx->end)

On Wed, Mar 27, 2019 at 10:25:02AM +1100, Jason Lewis via dovecot wrote: > Hi Aki, > > debian jessie backports has been moved to archive.debian.org and > initially I was unable to install dovecot-dbg because of that. But I've > managed to resolve that issue now. Just curious -- what deb line did

Re: CVE-2019-7524 backport patch for 2.2.33.2

On 28 March 2019 17:11 Gerald Galster via dovecot < dovecot@dovecot.org> wrote: Hello Aki, I'm currently stuck with 2.2.33.2 as 2.2.36 still duplicates mails after pop3 deletion on a two node dsync

Re: Hibernation and proxy

On 28 March 2019 17:46 azurit--- via dovecot < dovecot@dovecot.org> wrote: Hi, does hibernation works well with proxy? Are proxy connections hibernated or not? azur

Hibernation and proxy

Hi, does hibernation works well with proxy? Are proxy connections hibernated or not? azur

CVE-2019-7524 backport patch for 2.2.33.2

Hello Aki, I'm currently stuck with 2.2.33.2 as 2.2.36 still duplicates mails after pop3 deletion on a two node dsync cluster. Therefore I've created a small patch and it seems only these two files are affected: dovecot-2.2.36.3/src/lib-storage/index/index-pop3-uidl.c

Re: Mitigation / disable FTS and pop3-uidl plugin was Re: CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files

On 28 March 2019 16:44 Kevin A. McGrail via dovecot < dovecot@dovecot.org> wrote: On 3/28/2019 10:40 AM, Aki Tuomi wrote: > check for fts in mail_plugins. pop3-uidl is used by pop3_migration

Re: Mitigation / disable FTS and pop3-uidl plugin was Re: CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files

On 3/28/2019 10:40 AM, Aki Tuomi wrote: > > check for fts in mail_plugins. pop3-uidl is used by pop3_migration > plugin. Sorry if I'm dense but can you be more specific?  Are you talking about checking conf files or binary files?  For example, does the existence of

Re: Mitigation / disable FTS and pop3-uidl plugin was Re: CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files

On 28 March 2019 16:37 Kevin A. McGrail via dovecot < dovecot@dovecot.org> wrote: On 3/28/2019 7:42 AM, Aki Tuomi via dovecot wrote: olution: Operators should update to the latest Patch Release.

Mitigation / disable FTS and pop3-uidl plugin was Re: CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files

On 3/28/2019 7:42 AM, Aki Tuomi via dovecot wrote: > olution: > Operators should update to the latest Patch Release. The only workaround > is to disable FTS and pop3-uidl plugin. Hi Aki, thanks for the CVE.  For quick mitigation, can you confirm how to disable these plugins and what they provide? 

Re: configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed

On 28 March 2019 16:08 Robert Kudyba via dovecot wrote: dovecot-2.3.3-1.fc29.x86_64 Mar 28 10:04:47 auth: Panic: file http-client-request.c: line 283 (http_client_request_unref): assertion

configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed

dovecot-2.3.3-1.fc29.x86_64 Mar 28 10:04:47 auth: Panic: file http-client-request.c: line 283 (http_client_request_unref): assertion failed: (req->refcount > 0) Mar 28 10:04:47 auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0xe34fb) [0x7fe76e0834fb] ->

Re: v2.2.36.3 released

On 28.3.2019 13.41, Aki Tuomi via dovecot wrote: > https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz > https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig > >     * CVE-2019-7524: Missing input buffer size validation leads into >   arbitrary buffer overflow when reading fts or

Re: [Dovecot-news] v2.2.36.3 released

On 28.3.2019 13.41, Aki Tuomi via dovecot wrote: > https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz > https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig > >     * CVE-2019-7524: Missing input buffer size validation leads into >   arbitrary buffer overflow when reading fts or

Re: dovecot mailing list stopped delivering mail

Ahh, I had made some changes to our own server around the time, but couldn't for the life of me understand why it would selectively refuse to talk to the dovecot mailing list server. Thanks for clearing it up so promptly. Cheers, Christian. On 28/03/2019 13.21, Aki Tuomi wrote: Fixed, we

Re: dovecot mailing list stopped delivering mail

Fixed, we had smtp_security_level=verify, which I forgot to remove when we removed the relay server we used. Now it should work. Aki On 28.3.2019 13.59, Christian Anthon via dovecot wrote: > Strangest thing. Since some time Marts 25. I'm no longer receiving > mails from the dovecot mailing list

CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files

Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-2964 (Bug ID) Vulnerability type: CWE-120 Vulnerable version: 2.0.14 - 2.3.5 Vulnerable component: fts, pop3-uidl-plugin Report confidence: Confirmed Researcher credits: Found in internal testing Solution status: Fixed by Vendor

v2.3.5.1 released

https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig Binary packages in https://repo.dovecot.org/     * CVE-2019-7524: Missing input buffer size validation leads into   arbitrary buffer overflow when reading fts or pop3 uidl

doveadm backup doesn't transfer mail from root INBOX

Hi, I'm trying to migrate IMAP mails from dovecot 1.1.20apple0.5 (osx) to dovecot 2.2.33.2 (ubuntu). I'm using "doveadm backup" to migrate my data. It works fine for all subfolders, but the root INBOX stay empty on the new server. I suspect a problem related with hierarchy separator ("." on

Maildir permissions issue with Postfix

Hi all, We have a Postfix server that serves as an alias MTA to route to other mail systems. I've recently installed Dovecot on it because we have three service accounts that need simple POP3 mailboxes. I have the accounts set up on the system and mail does get delivered to their ~/Maildir/

Re: Panic: file mail-transaction-log-file.c: line 105 (mail_transaction_log_file_free): assertion failed: (!file->locked)

On 28 Mar 2019, at 10.15, Arkadiusz Miśkiewicz wrote: > > error = 0x55e3e2b40ac0 "Fixed index file > /var/mail/piast_efaktury/dovecot.index: log_file_seq 13 -> 15", > nodiskspace = true, This was one of the things I was first wondering, but I'm not sure why it's not logging an error. Anyway,

Re: v2.2.27 Panic: file rfc822-parser.h: line 23 (rfc822_parser_deinit): assertion failed: (ctx->data <= ctx->end)

> On 28 Mar 2019, at 1.08, Jason Lewis via dovecot wrote: > > Thanks Timo. > > Given the age of these dovecot packages, and this being on debian > oldstable, what should we do next? I'm inclined to just delete the email > in question and move on. > https://repo.dovecot.org/

Re: Maildir permissions issue with Postfix

> On 27 Mar 2019, at 17.03, Randall R. Sargent via dovecot > wrote: > > Hi all, > > We have a Postfix server that serves as an alias MTA to route to other mail > systems. I’ve recently installed Dovecot on it because we have three service > accounts that need simple POP3 mailboxes. I have

Re: v2.2.27 Panic: file rfc822-parser.h: line 23 (rfc822_parser_deinit): assertion failed: (ctx->data <= ctx->end)

After some investigation, it turns out it is non trivial to install dovecot-dbg on debian jessie. Sorry I can't investigate further. Jason Aki Tuomi wrote on 25/3/19 6:12 pm: > Can you install dovecot-dbg and try gdb again? > > Aki > > On 25.3.2019 3.20, Jason Lewis via dovecot wrote: >> Hi,

Re: v2.2.27 Panic: file rfc822-parser.h: line 23 (rfc822_parser_deinit): assertion failed: (ctx->data <= ctx->end)

What's non-trivial about apt-get install dovecot-dbg? Aki On 26.3.2019 5.38, Jason Lewis via dovecot wrote: > After some investigation, it turns out it is non trivial to install > dovecot-dbg on debian jessie. > > Sorry I can't investigate further. > > Jason > > Aki Tuomi wrote on 25/3/19 6:12

Re: dovecot 2.3.5 - tests fail: http payload echo (ssl)

On 2019-03-18 19:04, Marcus Rueckert via dovecot wrote: > Just a guess ... maybe it is lack of entropy on the build machine? > Try running haveged. Nope, the entropy is just fine. But thanks for the idea. Cheers, K. C. -- regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944

Re: IMAP coredumps for one user

This seems to be a problem with xapian fts plugin, perhaps you should open issue there? Aki On 26.3.2019 10.15, Odhiambo Washington via dovecot wrote: > FreeBSD-12 > Dovecot-2.3.5 > > I am having problems with one use > > Mar 25 21:30:12 imap(gau@crownkenya.com >

dovecot mailing list stopped delivering mail

Strangest thing. Since some time Marts 25. I'm no longer receiving mails from the dovecot mailing list server. Mails from other sources are behaving fine. Instead I'm just seing Mar 26 08:27:54 dna01 postfix/smtpd[107746]: Anonymous TLS connection established from

Re: index problems after update

Hello, Am 21.02.2019 um 23:06 schrieb Adi Pircalabu via dovecot: On 2019-02-21 22:18, Sami Ketola via dovecot wrote: On 21 Feb 2019, at 12.23, Hajo Locke via dovecot wrote: I think mbox+procmail is a classic setup and wide used and good solution for many usecases. Same setup we use many

Re: Panic: file mail-transaction-log-file.c: line 105 (mail_transaction_log_file_free): assertion failed: (!file->locked)

On 28/03/2019 09:36, Timo Sirainen wrote: > On 28 Mar 2019, at 10.15, Arkadiusz Miśkiewicz > wrote: >> >>  error = 0x55e3e2b40ac0 "Fixed index file >> /var/mail/piast_efaktury/dovecot.index: log_file_seq 13 -> 15", >>  nodiskspace = true, > > This was one of the things I

Re: Panic: file mail-transaction-log-file.c: line 105 (mail_transaction_log_file_free): assertion failed: (!file->locked)

On 27/03/2019 16:12, Timo Sirainen wrote: > On 27 Mar 2019, at 14.58, Timo Sirainen via dovecot > wrote: >> >>> dovecot isn't able to auto fix the indexes and manual deletion is >>> required in all such cases >> >> So if it keeps repeating, it's very strange. Could you

Panic: file mail-transaction-log-file.c: line 105 (mail_transaction_log_file_free): assertion failed: (!file->locked)

Hello. I have one account with heavy traffic (big mails) and quite often indexes get corrupted. This is dovecot 2.3.5 on local fs (xfs), Linux kernel 4.19.20, glibc 2.28. When corruption happens lmtp and pop3 segfault on accessing it like: > Mar 27 11:13:50 mbox dovecot[22370]: lmtp(24428):

Re: v2.2.27 Panic: file rfc822-parser.h: line 23 (rfc822_parser_deinit): assertion failed: (ctx->data <= ctx->end)

On 27 Mar 2019, at 1.25, Jason Lewis via dovecot wrote: > > Hi Aki, > > debian jessie backports has been moved to archive.debian.org and > initially I was unable to install dovecot-dbg because of that. But I've > managed to resolve that issue now. > > This was the command I ran: > doveadm -D

IMAP coredumps for one user

FreeBSD-12 Dovecot-2.3.5 I am having problems with one use Mar 25 21:30:12 imap(gau@crownkenya.com)<91364>: Fatal: master: service(imap): child 91364 killed with signal 6 (core dumped) Mar 25 21:30:14 imap(gau@crownkenya.com)<2381>: Fatal: master: service(imap): child 2381 killed with

MailCrypt: Encrypted user keys configuration with LDAP & cryptokey generate

Hi, I try to use the MailCrypt plugin with Floder encryption and encrypted user keys, using LDAP. I use Dovecot 2.2.27 (c0f36b0) I follow the wiki: https://wiki2.dovecot.org/Plugins/MailCrypt doveconf -n and dovecot-ldap.conf.ext attached to this message. I well configured slapd to let dovecot's

Re: v2.2.27 Panic: file rfc822-parser.h: line 23 (rfc822_parser_deinit): assertion failed: (ctx->data <= ctx->end)

Hi Aki, debian jessie backports has been moved to archive.debian.org and initially I was unable to install dovecot-dbg because of that. But I've managed to resolve that issue now. This was the command I ran: doveadm -D -f flow fetch imap.envelope mailbox crm-spam.2008.g Backtrace follows.

Re: Panic: file mail-transaction-log-file.c: line 105 (mail_transaction_log_file_free): assertion failed: (!file->locked)

On 27 Mar 2019, at 14.58, Timo Sirainen via dovecot wrote: > >> dovecot isn't able to auto fix the indexes and manual deletion is >> required in all such cases > > So if it keeps repeating, it's very strange. Could you send me such broken > dovecot.index and dovecot.index.log files (without

Test SASL authentication via telnet (or similar)

Hi, I'm looking for a way to autenticate my email users via Dovecot SASL TCP connections from an external nodejs or python script. Dovecot configuration is fine, if I set in postfix smtpd_sasl_path = inet:127.0.0.1:12345 works fine. But if a try via "telnet 127.0.0.1 12345" to chat with

Re: v2.3.5.1 released

Hi, Why didn’t you apply this patch to v2.3.5.1? commit df8addd41d87e61113de22a21a0e61506a8d74c2 Author: Stephan Bosch Date: Tue Mar 12 03:18:33 2019 +0100 submission-login: client-authenticate - Fix crash occurring when client disconnects during authentication. diff --git

Restoring mailboxes from backup duplicates messages in POP clients

Hello I had a disk problem and had to reformat it. All mailboxes were backed up using rsync. After I restored the mailboxes, the POP clients (Thunderbird) that were configured to leave the messages on the mailserver for, let's say, 30 days, didn't understand that some messages were already

Re: v2.2.27 Panic: file rfc822-parser.h: line 23 (rfc822_parser_deinit): assertion failed: (ctx->data <= ctx->end)

Thanks Timo. Given the age of these dovecot packages, and this being on debian oldstable, what should we do next? I'm inclined to just delete the email in question and move on. Jason Timo Sirainen wrote on 28/3/19 12:16 am: > On 27 Mar 2019, at 1.25, Jason Lewis via dovecot wrote: >> >> Hi

Re: Panic: file mail-transaction-log-file.c: line 105 (mail_transaction_log_file_free): assertion failed: (!file->locked)

On 27 Mar 2019, at 12.42, Arkadiusz Miśkiewicz via dovecot wrote: > > > Hello. > > I have one account with heavy traffic (big mails) and quite often > indexes get corrupted. > > This is dovecot 2.3.5 on local fs (xfs), Linux kernel 4.19.20, glibc 2.28. > > When corruption happens lmtp and

Re: Weird things in the mail queue

> On 24 March 2019 12:43 Daniel Lange wrote: > > > Hi Aki, > > Am 21.02.19 um 12:55 schrieb Aki Tuomi: > > > > On 21.2.2019 13.47, Lionel Elie Mamane via dovecot wrote: > >> I noticed a mail stuck in my mail queue. dovecot-lda was returning > >> error 64 Invalid parameter given.

[Dovecot-news] v2.3.5.1 released

https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig Binary packages in https://repo.dovecot.org/     * CVE-2019-7524: Missing input buffer size validation leads into   arbitrary buffer overflow when reading fts or pop3 uidl

v2.2.36.3 released

https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig     * CVE-2019-7524: Missing input buffer size validation leads into   arbitrary buffer overflow when reading fts or pop3 uidl header   from Dovecot index. Exploiting this

[Dovecot-news] CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files

Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-2964 (Bug ID) Vulnerability type: CWE-120 Vulnerable version: 2.0.14 - 2.3.5 Vulnerable component: fts, pop3-uidl-plugin Report confidence: Confirmed Researcher credits: Found in internal testing Solution status: Fixed by Vendor

[Dovecot-news] v2.2.36.3 released

https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz https://dovecot.org/releases/2.3/dovecot-2.2.36.3.tar.gz.sig     * CVE-2019-7524: Missing input buffer size validation leads into   arbitrary buffer overflow when reading fts or pop3 uidl header   from Dovecot index. Exploiting this

Re: v2.3.5.1 released

2.3.5.1 was only for releasing CVE. We have decided not to add non-related fixes into patch releases containing CVE releases for clarity. Aki On 28.3.2019 13.57, Marcelo Coelho via dovecot wrote: > Hi, > > Why didn’t you apply this patch to v2.3.5.1? > > > commit

Re: MailCrypt: Encrypted user keys configuration with LDAP & cryptokey generate

Here are attachments. -- f00wl FELINN https://felinn.org # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.15.18-9-pve x86_64 Debian 9.8 auth_username_format = %n auth_verbose = yes lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes