[dovecot] Re: Bug#175507: dovecot: Accidental denial of service via syslog

Jaldhar H. Vyas jaldhar at debian.org
Wed Jan 8 21:50:34 EET 2003


This bug was reported to Debian but I feel it is an upstream issue.

On Sat, 4 Jan 2003, Amelia A Lewis wrote:

> If dovecot is misconfigured, such that imap-auth cannot find passwd.imap
> (which probably needs to get copied; maybe need more docco in the config
> file?  This happens if the digest-md5 auth method is uncommented and the
> auth_userinfo is set to passwd-file /etc/passwd.imap), imap-auth dies once a
> second with error 89, which it reports to imap-master, and both log to
> syslog.
>
> I've got 30,000 line pairs from a ten hour run.  I would think that if it
> dies more than, say, a thousand times in a single hour, imap-master maybe
> ought to consider that there's a serious configuration problem preventing
> use, and exit instead of continuing to fill the log.
>
> Granted, it's a shoot-yourself sort of error.  But still ... after a certain
> point, the program ought to be able to die *gracefully* if the sysadmin has
> shot it, by accident or not.
>

Personally, I would be even stricter than Amelia is suggesting.  If there
is a serious configuration error, dovecot should die immediately.


-- 
Jaldhar H. Vyas <jaldhar at debian.org>



More information about the dovecot mailing list