stale (?) .dovecot.svbin causing segfault in dovecot-lda
Stephan Bosch
stephan at rename-it.nl
Fri Nov 5 21:53:00 UTC 2021
On 03/11/2021 11:34, Matthieu Herrb wrote:
> Hi,
>
> I've not touched the sieve filters I'm using for a long time (last
> modification 2 years ago), but I've upgraded the dovecot package and
> the system of my mail server.
>
> ~/.dovecot.svbin has not been updated, but I found out today that it
> would cause dovecot-lda to crash on some specifig messages (and fail
> to deliver them). Most of the mails (>99.9%) are delivered ok though.
>
> Here's the trace of the crash in the system logs :
>
> Nov 3 08:48:13 nowhere dovecot: lda(matthieu)<33178><DvDOErY+gmGagQAAB9SSGw>: Panic: Buffer write out of range (0 + 1)
> Nov 3 08:48:15 nowhere smtpd[37379]: ac2aaecba4099baa mda delivery evpid=b9346ef1d2a6c223 from=<REDACTED> to=<matthieu at herrb.eu> rcpt=<matthieu at herrb.eu> user=matthieu delay=12s result=PermFail stat=Error ("Abort trap (core dumped) ")
>
> After removing the old file, dovecot-lda is able to deliver the
> message that caused the crash whitout issues.
>
> Shouldn't ~/.dovecot.svbin be automatically be re-generated on dovecot
> version changes ?
Yes, definitely.
> Some details:
>
> I'm running OpenBSD (7.0 right now, was 6.9 before and probably 6.5
> the last time .dovecot.svbin was generated). My logs show that the
> issue has also been happening with OpenBSD 6.9, but I never noticed
> until today). OpenSMTP is configured to deliver the message through
> dovecot-lda with:
>
> action "deliver" \
> mda "/usr/local/libexec/dovecot/dovecot-lda" \
> alias <aliases>
>
> in /etc/mail/smtpd.conf
>
I'd need at least the Sieve script and the .svbin or, better yet, a
backtrace of the panic core dump.
Regards,
Stephan.
> Below is the output of doveadm config :
>
> # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.16 (09c29328)
> # OS: OpenBSD 7.0 amd64 ffs
> # Hostname: nowhere.herrb.eu
> # NOTE: Send doveconf -n output instead when asking for help.
> auth_anonymous_username = anonymous
> auth_cache_negative_ttl = 1 hours
> auth_cache_size = 0
> auth_cache_ttl = 1 hours
> auth_cache_verify_password_with_worker = no
> auth_debug = no
> auth_debug_passwords = no
> auth_default_realm =
> auth_failure_delay = 2 secs
> auth_gssapi_hostname =
> auth_krb5_keytab =
> auth_master_user_separator =
> auth_mechanisms = plain
> auth_policy_check_after_auth = yes
> auth_policy_check_before_auth = yes
> auth_policy_hash_mech = sha256
> auth_policy_hash_nonce =
> auth_policy_hash_truncate = 12
> auth_policy_log_only = no
> auth_policy_reject_on_fail = no
> auth_policy_report_after_auth = yes
> auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s session_id=%{session}
> auth_policy_server_api_header =
> auth_policy_server_timeout_msecs = 2000
> auth_policy_server_url =
> auth_proxy_self =
> auth_realms =
> auth_socket_path = auth-userdb
> auth_ssl_require_client_cert = no
> auth_ssl_username_from_cert = no
> auth_stats = no
> auth_use_winbind = no
> auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
> auth_username_format = %Lu
> auth_username_translation =
> auth_verbose = yes
> auth_verbose_passwords = no
> auth_winbind_helper_path = /usr/bin/ntlm_auth
> auth_worker_max_count = 30
> base_dir = /var/dovecot
> config_cache_size = 1 M
> debug_log_path =
> default_client_limit = 500
> default_idle_kill = 1 mins
> default_internal_group = _dovecot
> default_internal_user = _dovecot
> default_login_user = _dovenull
> default_process_limit = 100
> default_vsz_limit = 256 M
> deliver_log_format = msgid=%m: %$
> dict_db_config =
> director_flush_socket =
> director_mail_servers =
> director_max_parallel_kicks = 100
> director_max_parallel_moves = 100
> director_output_buffer_size = 10 M
> director_ping_idle_timeout = 30 secs
> director_ping_max_timeout = 1 mins
> director_servers =
> director_user_expire = 15 mins
> director_user_kick_delay = 2 secs
> director_username_hash = %u
> disable_plaintext_auth = yes
> dotlock_use_excl = yes
> doveadm_allowed_commands =
> doveadm_api_key =
> doveadm_http_rawlog_dir =
> doveadm_password =
> doveadm_port = 0
> doveadm_socket_path = doveadm-server
> doveadm_ssl = no
> doveadm_username = doveadm
> doveadm_worker_count = 0
> dsync_alt_char = _
> dsync_commit_msgs_interval = 100
> dsync_features =
> dsync_hashed_headers = Date Message-ID
> dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U
> first_valid_gid = 1
> first_valid_uid = 1000
> haproxy_timeout = 3 secs
> haproxy_trusted_networks =
> hostname =
> imap_capability =
> imap_client_workarounds =
> imap_fetch_failure = disconnect-immediately
> imap_hibernate_timeout = 0
> imap_id_log =
> imap_id_retain = no
> imap_id_send = name *
> imap_idle_notify_interval = 2 mins
> imap_literal_minus = no
> imap_logout_format = in=%i out=%o deleted=%{deleted} expunged=%{expunged} trashed=%{trashed} hdr_count=%{fetch_hdr_count} hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count} body_bytes=%{fetch_body_bytes}
> imap_max_line_length = 64 k
> imap_metadata = no
> imap_urlauth_host =
> imap_urlauth_logout_format = in=%i out=%o
> imap_urlauth_port = 143
> imapc_cmd_timeout = 5 mins
> imapc_connection_retry_count = 1
> imapc_connection_retry_interval = 1 secs
> imapc_features =
> imapc_host =
> imapc_list_prefix =
> imapc_master_user =
> imapc_max_idle_time = 29 mins
> imapc_max_line_length = 0
> imapc_password =
> imapc_port = 143
> imapc_rawlog_dir =
> imapc_sasl_mechanisms =
> imapc_ssl = no
> imapc_ssl_verify = yes
> imapc_user =
> import_environment = TZ CORE_OUTOFMEM CORE_ERROR
> info_log_path =
> instance_name = dovecot
> last_valid_gid = 0
> last_valid_uid = 0
> lda_mailbox_autocreate = yes
> lda_mailbox_autosubscribe = yes
> lda_original_recipient_header =
> libexec_dir = /usr/local/libexec/dovecot
> listen = *, ::
> lmtp_add_received_header = yes
> lmtp_client_workarounds =
> lmtp_hdr_delivery_address = final
> lmtp_proxy = no
> lmtp_proxy_rawlog_dir =
> lmtp_rawlog_dir =
> lmtp_rcpt_check_quota = no
> lmtp_save_to_detail_mailbox = no
> lmtp_user_concurrency_limit = 0
> lock_method = fcntl
> log_core_filter =
> log_debug =
> log_path = syslog
> log_timestamp = "%b %d %H:%M:%S "
> login_access_sockets =
> login_greeting = Dovecot ready.
> login_log_format = %$: %s
> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c session=<%{session}>
> login_plugin_dir = /usr/local/lib/dovecot/login
> login_plugins =
> login_proxy_max_disconnect_delay = 0
> login_proxy_max_reconnects = 3
> login_proxy_notify_path = proxy-notify
> login_proxy_timeout = 30 secs
> login_source_ips =
> login_trusted_networks =
> mail_access_groups =
> mail_always_cache_fields =
> mail_attachment_detection_options =
> mail_attachment_dir =
> mail_attachment_fs = sis posix
> mail_attachment_hash = %{sha1}
> mail_attachment_min_size = 128 k
> mail_attribute_dict =
> mail_cache_fields = flags
> mail_cache_min_mail_count = 0
> mail_chroot =
> mail_debug = no
> mail_fsync = optimized
> mail_full_filesystem_access = no
> mail_gid =
> mail_home =
> mail_location = maildir:/var/mail/Maildir/%u:INDEX=/var/mail/indexes/%u
> mail_log_prefix = "%s(%u)<%{pid}><%{session}>: "
> mail_max_keyword_length = 50
> mail_max_lock_timeout = 0
> mail_max_userip_connections = 10
> mail_never_cache_fields = imap.envelope
> mail_nfs_index = no
> mail_nfs_storage = no
> mail_plugin_dir = /usr/local/lib/dovecot
> mail_plugins =
> mail_prefetch_count = 0
> mail_privileged_group =
> mail_save_crlf = no
> mail_server_admin =
> mail_server_comment =
> mail_shared_explicit_inbox = no
> mail_sort_max_read_count = 0
> mail_temp_dir = /tmp
> mail_temp_scan_interval = 1 weeks
> mail_uid =
> mail_vsize_bg_after_count = 0
> mailbox_idle_check_interval = 30 secs
> mailbox_list_index = yes
> mailbox_list_index_include_inbox = no
> mailbox_list_index_very_dirty_syncs = no
> maildir_broken_filename_sizes = no
> maildir_copy_with_hardlinks = yes
> maildir_empty_new = no
> maildir_stat_dirs = no
> maildir_very_dirty_syncs = no
> managesieve_client_workarounds =
> managesieve_implementation_string = Dovecot Pigeonhole
> managesieve_logout_format = bytes=%i/%o
> managesieve_max_compile_errors = 5
> managesieve_max_line_length = 64 k
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
> master_user_separator =
> mbox_dirty_syncs = yes
> mbox_dotlock_change_timeout = 2 mins
> mbox_lazy_writes = yes
> mbox_lock_timeout = 5 mins
> mbox_md5 = apop3d
> mbox_min_index_size = 0
> mbox_read_locks = fcntl
> mbox_very_dirty_syncs = no
> mbox_write_locks = fcntl
> mdbox_preallocate_space = no
> mdbox_rotate_interval = 0
> mdbox_rotate_size = 10 M
> mmap_disable = yes
> namespace inbox {
> disabled = no
> hidden = no
> ignore_on_failure = no
> inbox = yes
> list = yes
> location =
> mailbox Drafts {
> auto = no
> autoexpunge = 0
> autoexpunge_max_mails = 0
> comment =
> driver =
> special_use = \Drafts
> }
> mailbox Junk {
> auto = no
> autoexpunge = 0
> autoexpunge_max_mails = 0
> comment =
> driver =
> special_use = \Junk
> }
> mailbox Sent {
> auto = no
> autoexpunge = 0
> autoexpunge_max_mails = 0
> comment =
> driver =
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> auto = no
> autoexpunge = 0
> autoexpunge_max_mails = 0
> comment =
> driver =
> special_use = \Sent
> }
> mailbox Trash {
> auto = no
> autoexpunge = 0
> autoexpunge_max_mails = 0
> comment =
> driver =
> special_use = \Trash
> }
> order = 0
> prefix =
> separator = /
> subscriptions = yes
> type = private
> }
> old_stats_carbon_interval = 30 secs
> old_stats_carbon_name =
> old_stats_carbon_server =
> old_stats_command_min_time = 1 mins
> old_stats_domain_min_time = 12 hours
> old_stats_ip_min_time = 12 hours
> old_stats_memory_limit = 16 M
> old_stats_session_min_time = 15 mins
> old_stats_user_min_time = 1 hours
> passdb {
> args =
> auth_verbose = default
> default_fields =
> deny = no
> driver = bsdauth
> master = no
> mechanisms =
> name =
> override_fields =
> pass = no
> result_failure = continue
> result_internalfail = continue
> result_success = return-ok
> skip = never
> username_filter =
> }
> plugin {
> sieve = file:~/sieve;active=~/.dovecot.sieve
> }
> pop3_client_workarounds =
> pop3_delete_type = default
> pop3_deleted_flag =
> pop3_enable_last = no
> pop3_fast_size_lookups = no
> pop3_lock_session = no
> pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
> pop3_no_flag_updates = no
> pop3_reuse_xuidl = no
> pop3_save_uidl = no
> pop3_uidl_duplicates = allow
> pop3_uidl_format = %08Xu%08Xv
> pop3c_features =
> pop3c_host =
> pop3c_master_user =
> pop3c_password =
> pop3c_port = 110
> pop3c_quick_received_date = no
> pop3c_rawlog_dir =
> pop3c_ssl = no
> pop3c_ssl_verify = yes
> pop3c_user = %u
> postmaster_address = postmaster@%{if;%d;ne;;%d;%{hostname}}
> protocols = imap lmtp sieve
> quota_full_tempfail = no
> rawlog_dir =
> recipient_delimiter = +
> rejection_reason = Your message to <%t> was automatically rejected:%n%r
> rejection_subject = Rejected: %s
> replication_dsync_parameters = -d -N -l 30 -U
> replication_full_sync_interval = 1 days
> replication_max_conns = 10
> replicator_host = replicator
> replicator_port = 0
> sendmail_path = /usr/sbin/sendmail
> service aggregator {
> chroot = .
> client_limit = 0
> drop_priv_before_exec = no
> executable = aggregator
> extra_groups =
> fifo_listener replication-notify-fifo {
> group =
> mode = 0600
> user =
> }
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol =
> service_count = 0
> type =
> unix_listener replication-notify {
> group =
> mode = 0600
> user =
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service anvil {
> chroot = empty
> client_limit = 0
> drop_priv_before_exec = no
> executable = anvil
> extra_groups =
> group =
> idle_kill = 4294967295 secs
> privileged_group =
> process_limit = 1
> process_min_avail = 1
> protocol =
> service_count = 0
> type = anvil
> unix_listener anvil-auth-penalty {
> group =
> mode = 0600
> user =
> }
> unix_listener anvil {
> group =
> mode = 0600
> user =
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service auth-worker {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = auth -w
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol =
> service_count = 0
> type = worker
> unix_listener auth-worker {
> group =
> mode = 0600
> user = $default_internal_user
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> service auth {
> chroot =
> client_limit = 0
> drop_priv_before_exec = no
> executable = auth
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 1
> process_min_avail = 0
> protocol =
> service_count = 0
> type =
> unix_listener auth-client {
> group =
> mode = 0600
> user = $default_internal_user
> }
> unix_listener auth-login {
> group =
> mode = 0600
> user = $default_internal_user
> }
> unix_listener auth-master {
> group =
> mode = 0600
> user =
> }
> unix_listener auth-userdb {
> group =
> mode = 0666
> user = $default_internal_user
> }
> unix_listener login/login {
> group =
> mode = 0666
> user =
> }
> unix_listener token-login/tokenlogin {
> group =
> mode = 0666
> user =
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service config {
> chroot =
> client_limit = 0
> drop_priv_before_exec = no
> executable = config
> extra_groups =
> group =
> idle_kill = 4294967295 secs
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol =
> service_count = 0
> type = config
> unix_listener config {
> group =
> mode = 0600
> user =
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> service dict-async {
> chroot =
> client_limit = 0
> drop_priv_before_exec = no
> executable = dict
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol =
> service_count = 0
> type =
> unix_listener dict-async {
> group = $default_internal_group
> mode = 0660
> user =
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service dict {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = dict
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol =
> service_count = 0
> type =
> unix_listener dict {
> group = $default_internal_group
> mode = 0660
> user =
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service director {
> chroot = .
> client_limit = 0
> drop_priv_before_exec = no
> executable = director
> extra_groups =
> fifo_listener login/proxy-notify {
> group =
> mode = 00
> user =
> }
> group =
> idle_kill = 4294967295 secs
> inet_listener {
> address =
> haproxy = no
> port = 0
> reuse_port = no
> ssl = no
> }
> privileged_group =
> process_limit = 1
> process_min_avail = 0
> protocol =
> service_count = 0
> type =
> unix_listener director-admin {
> group =
> mode = 0600
> user =
> }
> unix_listener director-userdb {
> group =
> mode = 0600
> user =
> }
> unix_listener login/director {
> group =
> mode = 00
> user =
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service dns-client {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = dns-client
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol =
> service_count = 0
> type =
> unix_listener dns-client {
> group =
> mode = 0666
> user =
> }
> unix_listener login/dns-client {
> group =
> mode = 0666
> user =
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service doveadm {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = doveadm-server
> extra_groups = $default_internal_group
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol =
> service_count = 1
> type =
> unix_listener doveadm-server {
> group =
> mode = 0600
> user =
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> service health-check {
> chroot =
> client_limit = 1
> drop_priv_before_exec = yes
> executable = script -p health-check.sh
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol =
> service_count = 0
> type =
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service imap-hibernate {
> chroot =
> client_limit = 0
> drop_priv_before_exec = no
> executable = imap-hibernate
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol = imap
> service_count = 0
> type =
> unix_listener imap-hibernate {
> group = $default_internal_group
> mode = 0660
> user =
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service imap-login {
> chroot = login
> client_limit = 0
> drop_priv_before_exec = no
> executable = imap-login
> extra_groups =
> group =
> idle_kill = 0
> inet_listener imap {
> address =
> haproxy = no
> port = 0
> reuse_port = no
> ssl = no
> }
> inet_listener imaps {
> address =
> haproxy = no
> port = 993
> reuse_port = no
> ssl = yes
> }
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol = imap
> service_count = 1
> type = login
> user = $default_login_user
> vsz_limit = 18446744073709551615 B
> }
> service imap-urlauth-login {
> chroot = token-login
> client_limit = 0
> drop_priv_before_exec = no
> executable = imap-urlauth-login
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol = imap
> service_count = 1
> type = login
> unix_listener imap-urlauth {
> group =
> mode = 0666
> user =
> }
> user = $default_login_user
> vsz_limit = 18446744073709551615 B
> }
> service imap-urlauth-worker {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = imap-urlauth-worker
> extra_groups = $default_internal_group
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 1024
> process_min_avail = 0
> protocol = imap
> service_count = 1
> type =
> unix_listener imap-urlauth-worker {
> group =
> mode = 0600
> user = $default_internal_user
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> service imap-urlauth {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = imap-urlauth
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 1024
> process_min_avail = 0
> protocol = imap
> service_count = 1
> type =
> unix_listener token-login/imap-urlauth {
> group =
> mode = 0666
> user =
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service imap {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = imap
> extra_groups = $default_internal_group
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 1024
> process_min_avail = 0
> protocol = imap
> service_count = 1
> type =
> unix_listener imap-master {
> group =
> mode = 0600
> user =
> }
> unix_listener login/imap {
> group =
> mode = 0666
> user =
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> service indexer-worker {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = indexer-worker
> extra_groups = $default_internal_group
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 10
> process_min_avail = 0
> protocol =
> service_count = 0
> type = worker
> unix_listener indexer-worker {
> group =
> mode = 0600
> user = $default_internal_user
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> service indexer {
> chroot =
> client_limit = 0
> drop_priv_before_exec = no
> executable = indexer
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 1
> process_min_avail = 0
> protocol =
> service_count = 0
> type =
> unix_listener indexer {
> group =
> mode = 0666
> user =
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service ipc {
> chroot = empty
> client_limit = 0
> drop_priv_before_exec = no
> executable = ipc
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 1
> process_min_avail = 0
> protocol =
> service_count = 0
> type =
> unix_listener ipc {
> group =
> mode = 0600
> user = $default_internal_user
> }
> unix_listener login/ipc-proxy {
> group =
> mode = 0600
> user = $default_login_user
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service lmtp {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = lmtp
> extra_groups = $default_internal_group
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol = lmtp
> service_count = 0
> type =
> unix_listener lmtp {
> group =
> mode = 0666
> user =
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> service log {
> chroot =
> client_limit = 0
> drop_priv_before_exec = no
> executable = log
> extra_groups =
> group =
> idle_kill = 4294967295 secs
> privileged_group =
> process_limit = 1
> process_min_avail = 0
> protocol =
> service_count = 0
> type = log
> unix_listener log-errors {
> group =
> mode = 0600
> user =
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> service managesieve-login {
> chroot = login
> client_limit = 0
> drop_priv_before_exec = no
> executable = managesieve-login
> extra_groups =
> group =
> idle_kill = 0
> inet_listener sieve {
> address =
> haproxy = no
> port = 4190
> reuse_port = no
> ssl = no
> }
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol = sieve
> service_count = 1
> type = login
> user = $default_login_user
> vsz_limit = 18446744073709551615 B
> }
> service managesieve {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = managesieve
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol = sieve
> service_count = 1
> type =
> unix_listener login/sieve {
> group =
> mode = 0666
> user =
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> service old-stats {
> chroot = empty
> client_limit = 0
> drop_priv_before_exec = no
> executable = old-stats
> extra_groups =
> fifo_listener old-stats-mail {
> group =
> mode = 0600
> user =
> }
> fifo_listener old-stats-user {
> group =
> mode = 0600
> user =
> }
> group =
> idle_kill = 4294967295 secs
> privileged_group =
> process_limit = 1
> process_min_avail = 0
> protocol =
> service_count = 0
> type =
> unix_listener old-stats {
> group =
> mode = 0600
> user =
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service pop3-login {
> chroot = login
> client_limit = 0
> drop_priv_before_exec = no
> executable = pop3-login
> extra_groups =
> group =
> idle_kill = 0
> inet_listener pop {
> address =
> haproxy = no
> port = 0
> reuse_port = no
> ssl = no
> }
> inet_listener pop3 {
> address =
> haproxy = no
> port = 110
> reuse_port = no
> ssl = no
> }
> inet_listener pop3s {
> address =
> haproxy = no
> port = 995
> reuse_port = no
> ssl = yes
> }
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol = pop3
> service_count = 1
> type = login
> user = $default_login_user
> vsz_limit = 18446744073709551615 B
> }
> service pop3 {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = pop3
> extra_groups = $default_internal_group
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 1024
> process_min_avail = 0
> protocol = pop3
> service_count = 1
> type =
> unix_listener login/pop3 {
> group =
> mode = 0666
> user =
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> service replicator {
> chroot =
> client_limit = 0
> drop_priv_before_exec = no
> executable = replicator
> extra_groups =
> group =
> idle_kill = 4294967295 secs
> privileged_group =
> process_limit = 1
> process_min_avail = 0
> protocol =
> service_count = 0
> type =
> unix_listener replicator-doveadm {
> group =
> mode = 00
> user = $default_internal_user
> }
> unix_listener replicator {
> group =
> mode = 0600
> user = $default_internal_user
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> service stats {
> chroot =
> client_limit = 0
> drop_priv_before_exec = no
> executable = stats
> extra_groups =
> group =
> idle_kill = 4294967295 secs
> privileged_group =
> process_limit = 1
> process_min_avail = 0
> protocol =
> service_count = 0
> type =
> unix_listener stats-reader {
> group =
> mode = 0600
> user =
> }
> unix_listener stats-writer {
> group = $default_internal_group
> mode = 0666
> user =
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service submission-login {
> chroot = login
> client_limit = 0
> drop_priv_before_exec = no
> executable = submission-login
> extra_groups =
> group =
> idle_kill = 0
> inet_listener submission {
> address =
> haproxy = no
> port = 587
> reuse_port = no
> ssl = no
> }
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol = submission
> service_count = 1
> type = login
> user = $default_login_user
> vsz_limit = 18446744073709551615 B
> }
> service submission {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = submission
> extra_groups = $default_internal_group
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 1024
> process_min_avail = 0
> protocol = submission
> service_count = 1
> type =
> unix_listener login/submission {
> group =
> mode = 0666
> user =
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> shutdown_clients = yes
> ssl = yes
> ssl_alt_cert =
> ssl_alt_key =
> ssl_ca =
> ssl_cert = </etc/ssl/herrb.eu.fullchain.pem
> ssl_cert_username_field = commonName
> ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
> ssl_cipher_suites =
> ssl_client_ca_dir =
> ssl_client_ca_file =
> ssl_client_cert =
> ssl_client_key =
> ssl_client_require_valid_cert = yes
> ssl_crypto_device =
> ssl_curve_list =
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> ssl_key_password =
> ssl_min_protocol = TLSv1.2
> ssl_options =
> ssl_prefer_server_ciphers = no
> ssl_require_crl = yes
> ssl_verify_client_cert = no
> state_dir = /var/dovecot
> stats_http_rawlog_dir =
> stats_writer_socket_path = stats-writer
> submission_client_workarounds =
> submission_host =
> submission_logout_format = in=%i out=%o
> submission_max_mail_size = 0
> submission_max_recipients = 0
> submission_relay_command_timeout = 5 mins
> submission_relay_connect_timeout = 30 secs
> submission_relay_host =
> submission_relay_master_user =
> submission_relay_max_idle_time = 29 mins
> submission_relay_password =
> submission_relay_port = 25
> submission_relay_rawlog_dir =
> submission_relay_ssl = no
> submission_relay_ssl_verify = yes
> submission_relay_trusted = no
> submission_relay_user =
> submission_ssl = no
> submission_timeout = 30 secs
> syslog_facility = mail
> userdb {
> args =
> auth_verbose = default
> default_fields =
> driver = passwd
> name =
> override_fields =
> result_failure = continue
> result_internalfail = continue
> result_success = return-ok
> skip = never
> }
> valid_chroot_dirs =
> verbose_proctitle = no
> verbose_ssl = yes
> version_ignore = no
> protocol lmtp {
> mail_plugins = " sieve"
> }
> protocol lda {
> mail_plugins = " sieve"
> }
>
More information about the dovecot
mailing list