2.3.13 broken submission relay smtp parser
Aki Tuomi
aki.tuomi at open-xchange.com
Wed Jun 9 09:08:04 EEST 2021
> On 09/06/2021 08:57 Tony Hain <tony at tndh.net> wrote:
>
<snip/>
> I have the dovecot-sysreport, but I am not encouraged about sending it when
> stdout presented:
> # dovecot-sysreport
> Gathering configurations ...
> grep: The -P option is not supportedgrep:
> The -P option is not supported
> grep: The -P option is not supported
> Gathering system informations ...
> Creating archive ...
> All done! Please report file dovecot-sysreport-TNDH-mail-1623209001.tar.gz
> Removing temp files at /tmp/tmp.kphlba44 ...
> #
>
> While dovecot -n stdout presented the line:
> ssl_key = # hidden, use -P to show it
>
> expecting people to put sensitive configuration on a public mail list
> without knowing what the tool is including is a challenge, but when the tool
> is errantly using the command line option that is also used for exposing the
> private data by a related tool, it is even less likely that I want to do
> that. While the dovecot -n option did hide passwords, it did not hide the
> username associated with that. I will put dovecot -n (redacted) here, but
> until I have time to see exactly what the sysreport included, I am not
> releasing that.
>
To alleviate your concerns:
from `man grep`
-P, --perl-regexp
Interpret PATTERNS as Perl-compatible regular expressions
(PCREs). This option is experimental when combined with the
-z (--null-data) option, and grep -P may warn of unimplemented
features.
dovecot-sysreport is a shell script, so you can easily verify that it is not attempting to call `doveconf -nP`, but instead, is trying to pass it to grep.
Aki
More information about the dovecot
mailing list