May 2025 - dovecot - dovecot.org

[Dovecot] auth: Error: net_connect_unix(anvil-auth-penalty) failed: Permission denied
by mailing＠securitylabs.it 14 Sep '25

14 Sep '25

Hello, just upgraded one of my testing machine from dovecot 1.2.15 to 2.0.7. After some trouble with permissions now all seems working, but when I stop dovecot I have these errors in log: Nov 9 17:08:07 in dovecot: master: Warning: Killed with signal 15 (by pid=20362 uid=0 code=kill) Nov 9 17:08:07 in dovecot: pop3-login: Error: read(anvil) failed: EOF Nov 9 17:08:07 in dovecot: imap-login: Error: read(anvil) failed: EOF Nov 9 17:08:07 in dovecot: imap(mailing(a)securitylabs.it): Server shutting down. bytes=410/59361 Nov 9 17:08:07 in dovecot: imap(mailing(a)securitylabs.it): Server shutting down. bytes=79/26605 Nov 9 17:08:07 in dovecot: imap(mailing(a)securitylabs.it): Server shutting down. bytes=802/55708 Nov 9 17:08:07 in dovecot: imap(mailing(a)securitylabs.it): Server shutting down. bytes=258/1242 Nov 9 17:08:07 in dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF Nov 9 17:08:07 in dovecot: auth: Error: net_connect_unix(anvil-auth-penalty) failed: Permission denied dovecot -n: # 2.0.7: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-xen-686 i686 Debian squeeze/sid auth_cache_negative_ttl = 2 mins auth_cache_size = 1000 M auth_cache_ttl = 2 mins auth_master_user_separator = * auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@& disable_plaintext_auth = no dotlock_use_excl = yes first_valid_uid = 100 last_valid_uid = 105 lock_method = dotlock log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = Server ready. mail_fsync = never mail_gid = Debian-exim mail_location = maildir:~/Maildir:INDEX=/var/indexes/%d/%n mail_privileged_group = Debian-exim mail_uid = Debian-exim managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date namespace { inbox = yes location = prefix = separator = / type = private } namespace { location = maildir:~/Maildir/expunged prefix = EXPUNGED/ separator = / type = private } namespace { location = maildir:~/Maildir/deleted prefix = DELETED/ separator = / type = private } namespace { location = maildir:~/Maildir/deleted/expunged prefix = DELETED/EXPUNGED/ separator = / type = private } passdb { args = /usr/local/etc/dovecot-sql.conf driver = sql } passdb { args = /usr/local/etc/passwd.masterusers driver = passwd-file master = yes pass = yes } plugin { lazy_expunge = EXPUNGED/ DELETED/ DELETED/EXPUNGED/ mail_log_events = delete expunge mail_log_group_events = quota = maildir quota_warning = storage=80%% /usr/local/bin/dovecot-quota-warning.sh 80 quota_warning2 = storage=90%% /usr/local/bin/dovecot-quota-warning.sh 90 sieve = ~/.dovecot.sieve } pop3_no_flag_updates = yes protocols = imap pop3 service auth { unix_listener auth-userdb { group = Debian-exim mode = 0600 user = Debian-exim } } service imap-login { client_limit = 256 process_limit = 128 process_min_avail = 3 service_count = 1 } service imap { drop_priv_before_exec = yes process_limit = 256 vsz_limit = 256 B } service pop3-login { client_limit = 256 process_limit = 128 process_min_avail = 3 service_count = 1 } service pop3 { drop_priv_before_exec = yes process_limit = 256 vsz_limit = 256 B } ssl_cert = </usr/local/etc/dovecot.crt ssl_key = </usr/local/etc/dovecot.key userdb { args = /usr/local/etc/dovecot-sql.conf driver = sql } protocol imap { mail_max_userip_connections = 10 mail_plugins = " notify quota imap_quota mail_log lazy_expunge" } protocol pop3 { mail_max_userip_connections = 3 mail_plugins = " notify quota mail_log" pop3_uidl_format = %08Xu%08Xv } protocol lda { mail_plugins = quota sieve postmaster_address = postmaster(a)securitylabs.it } My /usr/local/var/run/dovecot directory: 4 drwxr-sr-x 4 root staff 4096 Nov 9 17:08 . 4 drwxrwsrwx 3 root staff 4096 Nov 9 17:05 .. 0 srw------- 1 root staff 0 Nov 9 17:05 anvil 0 srw------- 1 root staff 0 Nov 9 17:05 anvil-auth-penalty 0 srw------- 1 root staff 0 Nov 9 17:05 auth-client 0 srw------- 1 dovecot staff 0 Nov 9 17:05 auth-login 0 srw------- 1 root staff 0 Nov 9 17:05 auth-master 0 srw------- 1 Debian-exim Debian-exim 0 Nov 9 17:05 auth-userdb 0 srw------- 1 dovecot staff 0 Nov 9 17:05 auth-worker 0 srw------- 1 root staff 0 Nov 9 17:05 config 0 srw------- 1 root staff 0 Nov 9 17:05 dict 0 srw------- 1 root staff 0 Nov 9 17:05 director-admin 0 srw-rw-rw- 1 root staff 0 Nov 9 17:05 dns-client 0 srw------- 1 root staff 0 Nov 9 17:05 doveadm-server 0 lrwxrwxrwx 1 root staff 35 Nov 9 17:05 dovecot.conf -> /usr/local/etc/dovecot/dovecot.conf 4 drwxr-xr-x 2 root root 4096 Nov 9 17:05 empty 4 drwxr-x--- 2 root dovenull 4096 Nov 9 17:05 login My emails are delivered as user Debian-exim and users are virtual in a MySQL DB. This system is behind a proxy (so the master user)

4 3

Crash in dovecot snippet when using imapc
by John van der Kamp 03 Sep '25

03 Sep '25

Hello, I've found a crash in a very specific setup. A dovecot server with imapc connection needs to receive an email with no body contents for the intent of generating a preview/snippet. It crashes somewhere deep in the jungle of istream and snapshots. I've included a script which sets up the systems to reproduce the crash. I've tested this with several versions. 2.3.16 doesn't seem to be affected, but 2.3.20 and 2.3.21 are affect. For me it produces a traceback like this, using the ubuntu version from here: https://packages.ubuntu.com/noble/dovecot-core (gdb) bt #0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140530132887360) at ./nptl/pthread_kill.c:44 #1 __pthread_kill_internal (signo=6, threadid=140530132887360) at ./nptl/pthread_kill.c:78 #2 __GI___pthread_kill (threadid=140530132887360, signo=signo@entry=6) at ./nptl/pthread_kill.c:89 #3 0x00007fcfb8842476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #4 0x00007fcfb88287f3 in __GI_abort () at ./stdlib/abort.c:79 #5 0x00007fcfb8b37fe5 in default_fatal_finish (status=0, type=LOG_TYPE_PANIC) at ../lib/failures.c:465 #6 fatal_handler_real (ctx=<optimized out>, format=<optimized out>, args=<optimized out>) at ../lib/failures.c:477 #7 0x00007fcfb8be50d7 in i_internal_fatal_handler (ctx=<optimized out>, format=<optimized out>, args=<optimized out>) at ../lib/failures.c:879 #8 0x00007fcfb8b37eea in i_panic (format=0x7fcfb8c29020 "file %s: line %d (%s): assertion failed: (%s)") at ../lib/failures.c:530 #9 0x00007fcfb8b3387b in i_stream_header_filter_snapshot_free (_snapshot=<optimized out>) at ../lib-mail/istream-header-filter.c:663 #10 i_stream_header_filter_snapshot_free (_snapshot=0x55dabe297a60) at ../lib-mail/istream-header-filter.c:655 #11 0x00007fcfb8bf25ac in i_stream_snapshot_free (_snapshot=_snapshot@entry=0x55dabe29b0d0) at ../lib/istream.c:253 #12 0x00007fcfb8bf2654 in i_stream_unref (stream=0x7ffc16cc7fa0) at ../lib/istream.c:66 #13 0x00007fcfb8d96baa in index_mail_write_body_snippet (mail=0x55dabe292058) at index/index-mail.c:1151 #14 0x00007fcfb8d97e48 in index_mail_parse_bodystructure (mail=0x55dabe292058, field=MAIL_CACHE_BODY_SNIPPET) at index/index-mail.c:1551 #15 0x00007fcfb8d97fe2 in index_mail_fetch_body_snippet (value_r=0x7ffc16cc8050, mail=0x55dabe292058) at index/index-mail.c:1602 #16 index_mail_get_special (_mail=0x55dabe292058, field=<optimized out>, value_r=0x7ffc16cc8050) at index/index-mail.c:1730 #17 0x00007fcfb8d16ffe in mail_get_special (mail=mail@entry=0x55dabe292058, field=field@entry=MAIL_FETCH_BODY_SNIPPET, value_r=value_r@entry=0x7ffc16cc8050) at /home/ubuntu/dovecot/new/dovecot-2.3.21+dfsg1/src/lib-storage/mail.c:418 #18 0x000055dabc52645c in fetch_snippet (ctx=0x55dabe26e050, mail=0x55dabe292058, preview=0x55dabe28f1f8) at ./src/imap/imap-fetch-body.c:615 #19 0x000055dabc52b5cc in imap_fetch_more_int (ctx=0x55dabe26e050, cancel=false) at ./src/imap/imap-fetch.c:562 #20 0x000055dabc52b8ad in imap_fetch_more (ctx=0x55dabe26e050, cmd=0x55dabe26de98) at ./src/imap/imap-fetch.c:617 #21 0x000055dabc51fd07 in cmd_fetch (cmd=0x55dabe26de98) at ./src/imap/cmd-fetch.c:382 #22 0x000055dabc528af4 in command_exec (cmd=0x55dabe26de98) at ./src/imap/imap-commands.c:201 #23 0x000055dabc52e9e2 in client_command_input (cmd=<optimized out>) at ./src/imap/imap-client.c:1237 #24 0x000055dabc52ea96 in client_command_input (cmd=<optimized out>) at ./src/imap/imap-client.c:1307 #25 0x000055dabc52eeed in client_handle_next_command (remove_io_r=<synthetic pointer>, client=0x55dabe26d2c8) at ./src/imap/imap-client.c:1349 #26 client_handle_input (client=0x55dabe26d2c8) at ./src/imap/imap-client.c:1363 #27 0x000055dabc52f2c4 in client_input (client=0x55dabe26d2c8) at ./src/imap/imap-client.c:1407 #28 0x00007fcfb8bfe27d in io_loop_call_io (io=0x55dabe26e660) at ../lib/ioloop.c:737 #29 0x00007fcfb8bff81a in io_loop_handler_run_internal (ioloop=0x55dabe243fd0) at ../lib/ioloop-epoll.c:222 #30 0x00007fcfb8bff8d4 in io_loop_handler_run (ioloop=0x55dabe243fd0) at ../lib/ioloop.c:789 #31 0x00007fcfb8bffa90 in io_loop_run (ioloop=0x55dabe243fd0) at ../lib/ioloop.c:762 #32 0x00007fcfb8b6ce57 in master_service_run (service=0x55dabe243e20, callback=callback@entry=0x55dabc533210 <client_connected>) at ../lib-master/master-service.c:878 #33 0x000055dabc51ad37 in main (argc=<optimized out>, argv=<optimized out>) at ./src/imap/main.c:575 John Hello, I've found a crash in a very specific setup. A dovecot server with imapc connection needs to receive an email with no body contents for the intent of generating a preview/snippet. It crashes somewhere deep in the jungle of istream and snapshots. I've included a script which sets up the systems to reproduce the crash. I've tested this with several versions. 2.3.16 doesn't seem to be affected, but 2.3.20 and 2.3.21 are affect. For me it produces a traceback like this, using the ubuntu version from here: https://packages.ubuntu.com/noble/dovecot-core (gdb) bt #0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140530132887360) at ./nptl/pthread_kill.c:44 #1 __pthread_kill_internal (signo=6, threadid=140530132887360) at ./nptl/ pthread_kill.c:78 #2 __GI___pthread_kill (threadid=140530132887360, signo=signo@entry=6) at ./ nptl/pthread_kill.c:89 #3 0x00007fcfb8842476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/ raise.c:26 #4 0x00007fcfb88287f3 in __GI_abort () at ./stdlib/abort.c:79 #5 0x00007fcfb8b37fe5 in default_fatal_finish (status=0, type=LOG_TYPE_PANIC) at ../lib/failures.c:465 #6 fatal_handler_real (ctx=<optimized out>, format=<optimized out>, args=<optimized out>) at ../lib/failures.c:477 #7 0x00007fcfb8be50d7 in i_internal_fatal_handler (ctx=<optimized out>, format=<optimized out>, args=<optimized out>) at ../lib/failures.c:879 #8 0x00007fcfb8b37eea in i_panic (format=0x7fcfb8c29020 "file %s: line %d (%s): assertion failed: (%s)") at ../lib/failures.c:530 #9 0x00007fcfb8b3387b in i_stream_header_filter_snapshot_free (_snapshot=<optimized out>) at ../lib-mail/istream-header-filter.c:663 #10 i_stream_header_filter_snapshot_free (_snapshot=0x55dabe297a60) at ../lib- mail/istream-header-filter.c:655 #11 0x00007fcfb8bf25ac in i_stream_snapshot_free (_snapshot=_snapshot@entry=0x55dabe29b0d0) at ../lib/istream.c:253 #12 0x00007fcfb8bf2654 in i_stream_unref (stream=0x7ffc16cc7fa0) at ../lib/ istream.c:66 #13 0x00007fcfb8d96baa in index_mail_write_body_snippet (mail=0x55dabe292058) at index/index-mail.c:1151 #14 0x00007fcfb8d97e48 in index_mail_parse_bodystructure (mail=0x55dabe292058, field=MAIL_CACHE_BODY_SNIPPET) at index/index-mail.c:1551 #15 0x00007fcfb8d97fe2 in index_mail_fetch_body_snippet (value_r=0x7ffc16cc8050, mail=0x55dabe292058) at index/index-mail.c:1602 #16 index_mail_get_special (_mail=0x55dabe292058, field=<optimized out>, value_r=0x7ffc16cc8050) at index/index-mail.c:1730 #17 0x00007fcfb8d16ffe in mail_get_special (mail=mail@entry=0x55dabe292058, field=field@entry=MAIL_FETCH_BODY_SNIPPET, value_r=value_r@entry=0x7ffc16cc8050) at /home/ubuntu/dovecot/new/dovecot-2.3.21+dfsg1/src/lib-storage/mail.c:418 #18 0x000055dabc52645c in fetch_snippet (ctx=0x55dabe26e050, mail=0x55dabe292058, preview=0x55dabe28f1f8) at ./src/imap/imap-fetch-body.c: 615 #19 0x000055dabc52b5cc in imap_fetch_more_int (ctx=0x55dabe26e050, cancel=false) at ./src/imap/imap-fetch.c:562 #20 0x000055dabc52b8ad in imap_fetch_more (ctx=0x55dabe26e050, cmd=0x55dabe26de98) at ./src/imap/imap-fetch.c:617 #21 0x000055dabc51fd07 in cmd_fetch (cmd=0x55dabe26de98) at ./src/imap/cmd- fetch.c:382 #22 0x000055dabc528af4 in command_exec (cmd=0x55dabe26de98) at ./src/imap/imap- commands.c:201 #23 0x000055dabc52e9e2 in client_command_input (cmd=<optimized out>) at ./src/ imap/imap-client.c:1237 #24 0x000055dabc52ea96 in client_command_input (cmd=<optimized out>) at ./src/ imap/imap-client.c:1307 #25 0x000055dabc52eeed in client_handle_next_command (remove_io_r=<synthetic pointer>, client=0x55dabe26d2c8) at ./src/imap/imap-client.c:1349 #26 client_handle_input (client=0x55dabe26d2c8) at ./src/imap/imap-client.c: 1363 #27 0x000055dabc52f2c4 in client_input (client=0x55dabe26d2c8) at ./src/imap/ imap-client.c:1407 #28 0x00007fcfb8bfe27d in io_loop_call_io (io=0x55dabe26e660) at ../lib/ ioloop.c:737 #29 0x00007fcfb8bff81a in io_loop_handler_run_internal (ioloop=0x55dabe243fd0) at ../lib/ioloop-epoll.c:222 #30 0x00007fcfb8bff8d4 in io_loop_handler_run (ioloop=0x55dabe243fd0) at ../ lib/ioloop.c:789 #31 0x00007fcfb8bffa90 in io_loop_run (ioloop=0x55dabe243fd0) at ../lib/ ioloop.c:762 #32 0x00007fcfb8b6ce57 in master_service_run (service=0x55dabe243e20, callback=callback@entry=0x55dabc533210 <client_connected>) at ../lib-master/ master-service.c:878 #33 0x000055dabc51ad37 in main (argc=<optimized out>, argv=<optimized out>) at ./src/imap/main.c:575 John

2 7

Missing IMAP METADATA Plugin
by Adam Miller 23 Aug '25

23 Aug '25

OS: Ubuntu 22.04.1 Dovecot: 2.3.16 (7e2e900c1a) When trying to enable the “imap_metadata” plugin, I get the following error: Plugin 'imap_metadata' not found from directory /usr/lib/dovecot/modules I have searched high and low via Google, StackOverflow and even ChatGPT (haha) but I cannot seem to find the package that provides the plugin. Does Dovecot have to be built from source for this plugin to be included? Any help is appreciated. Thank you!

8 8

Lots of problems with Dovecot 2.4
by sev+dovecot＠sev.monster 14 Aug '25

14 Aug '25

Hello all, I am trying to get Dovecot 2.4 running on Alpine Edge x86-64. But a myriad of problems have occurred that make it impossible to do so. First of all was the recent off-by-one bug that was recently fixed, which caused an unavoidable segfault on start under musl libc, which Alpine uses: https://gitlab.alpinelinux.org/alpine/aports/-/issues/17050 Then, I saw that the shadow driver was removed, which necessitated the installation of PAM and my learning about it... I haven't needed it before, so I'd never used it. I guess I understand why the decision was made to use PAM, though I still don't like it. After resolving those issue, I've run into new ones: 1. The passwd userdb does not seem to work correctly. It is able to get the first user and its information correctly, but any attempts to look up any user after that will seemingly always use the information from the first matched user. Setting max auths to 1 so that the auth process is discarded afterwards does not seem to help. For example, if the first user to log in to Dovecot is bob, and then user joe logs in, the information returned from the passwd userdb will all be that of user bob, not joe. This continues for all subsequent userdb lookups until Dovecot is restarted, and a new userdb lookup is persisted. Changing to passwd-file instead works and does not experience this problem. 2. Why is the only available username field for the passwd driver %{passwd:system_groups_user}? I understand what the purpose of the field is based on the docs, but shouldn't more than this be exposed? The fields available through passwd are also not documented, and I had to read the source to find them out. This should either be documented or a more standard username field be additionally exposed as with other drivers. Can this field even be relied on to use as the username, if the driver otherwise worked? 3. It seems the Exim auth driver is no longer able to successfully authenticate with Dovecot 2.4 against Exim 4.98.2. It works fine in the last version of 2.3.21.1. Has the authentication framework changed along with the other modifications that 2.4 underwent? Has any effort been made with the Exim team to resolve any incompatibilities? Can I somehow diagnose this issue if it's otherwise supposed to work? 4. The ldap driver can no longer look up missing fields from LDAP users. Some (but not all) of my users have the rfc2307bis schema posixAccount supplemental objectClass, and as such contain the posixHome, uidNumber, and gidNumber attributes—but even if I specify a default value, if one of the attributes is not queryable for the returned user, the lookup errors out and the login fails. This is a regression/undocumented change from 2.3.x, where instead of erroring out, the default_fields value would be used. Based on my interpretation of the design goals for 2.4, I would imagine the default filter would ignore the missing attribute error and set the default value like default_fields used to, no? Or am I missing something? 5. passdb_ldap_filter is always required for the ldap passdb driver, even if passdb_ldap_bind is enabled. Not only does this go against the docs, but the value is unused and it doesn't matter what it's set to. This is a regression from 2.3.x. Overall I am very unimpressed by 2.4. It clearly needed a lot more time in the oven and much more thorough testing. Relevant minimal config from my working 2.3.21.1 install: auth_username_format = %Ln auth_mechanisms = plain login passdb { driver = shadow } userdb { driver = passwd override_fields = gid=mail home=/var/mail/%Ln } passdb { driver = ldap args = /etc/dovecot/ldap-passdb.conf.ext #uris = ldapi://%2frun%2fopenldap%2fslapd.sock #base = ou=accounts,dc=ldap #auth_bind = yes #auth_bind_userdn = uid=%Ln,ou=accounts,dc=ldap } userdb { driver = ldap default_fields = uid=mail gid=mail home=/var/mail/%Ln args = /etc/dovecot/ldap-userdb.conf.ext #uris = ldapi://%2frun%2fopenldap%2fslapd.sock #dn = cn=dovecot,dc=ldap #dnpass = "some pw" #base = ou=accounts,dc=ldap #iterate_filter = (objectClass=inetOrgPerson) #iterate_attrs = uid=username #user_filter = (&(objectClass=inetOrgPerson)(uid=%Ln)) #user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid } mail_location = maildir:/var/mail/%Ln mail_plugins = $mail_plugins virtual namespace inbox { inbox = yes mailbox INBOX { auto = subscribe } } namespace virtual { type = private separator = . prefix = "Search Folders." location = virtual:/etc/dovecot/virtual:INDEX=~/dovecot-virtual.cache:CONTROL=~/dovecot-virtual.cache:VOLATILEDIR=~/dovecot-virtual.cache # virtual/All/dovecot-virtual: #!INBOX #* #-Junk #-Junk* #-Spam #-Spam* #-Trash #-Trash* #-Deleted #-Deleted* #-Deleted Items #-Deleted Items* # all hidden = yes list = children subscriptions = no mailbox All { auto = subscribe special_use = \All comment = All messages, excluding Junk and Trash } } namespace virtual-user { type = private separator = . prefix = "User Search Folders." location = virtual:~/.virtual:INDEX=~/dovecot-virtual-user.cache:CONTROL=~/dovecot-virtual-user.cache:VOLATILEDIR=~/dovecot-virtual-user.cache:LAYOUT=maildir++ hidden = yes list = children subscriptions = no } service auth { unix_listener auth-userdb { # restrict userdb to dovecot user/group only instead of world read/write mode = 0660 user = $default_internal_user group = $default_internal_group } unix_listener auth-client { # give Exim access to native authentication mode = 0660 group = exim } } service auth-worker { # no need to run as root user = $default_internal_user # allow pam passdb to read /etc/shadow group = shadow } !include_try /usr/share/dovecot/protocols.d/*.conf protocol imap { mail_max_userip_connections = 25 } protocol pop3 { mail_max_userip_connections = 25 } Converted config for 2.4: dovecot_config_version = 2.4.1 dovecot_storage_version = 2.4.1 mail_home = /var/mail/%{user | username | lower } mail_driver = maildir mail_path = $SET:mail_home mail_plugins = virtual auth_username_format = %{user | username | lower } auth_mechanisms = plain login passdb pam { failure_show_msg = yes max_requests = 1 } userdb passwd-file { passwd_file_path = /etc/passwd fields { gid = mail } } # BUG: doesn't work right #userdb passwd { # fields { # gid = mail # } #} passdb ldap { ldap_uris = ldapi://%2frun%2fopenldap%2fslapd.sock ldap_connection_group = login ldap_base = ou=accounts,dc=ldap ldap_bind = yes ldap_bind_userdn = uid=%{user | username | lower },ou=accounts,dc=ldap # XXX: thought this wasnt needed with bind? ldap_filter = z } userdb ldap { ldap_uris = ldapi://%2frun%2fopenldap%2fslapd.sock ldap_auth_dn = cn=dovecot,dc=ldap ldap_auth_dn_password = "some pw" ldap_base = ou=accounts,dc=ldap ldap_filter = (&(objectClass=inetOrgPerson)(uid=%{user | username | lower })) fields { username = %{ldap:uid} # BUG: causes errors if rfc2307bis posixAccount objectClass is not set home = %{ldap:homeDirectory | default($SET:mail_home)} uid = %{ldap:uidNumber | default(mail)} gid = %{ldap:gidNumber | default(mail)} } ldap_iterate_filter = (objectClass=inetOrgPerson) iterate_fields { username = %{ldap:uid} } } namespace inbox { inbox = yes mailbox INBOX { auto = subscribe } } namespace virtual { type = private separator = . prefix = "Search Folders." mail_driver = virtual mail_path = /etc/dovecot/virtual # virtual/All/dovecot-virtual: #!INBOX #* #-Junk #-Junk* #-Spam #-Spam* #-Trash #-Trash* #-Deleted #-Deleted* #-Deleted Items #-Deleted Items* # all mail_index_path = ~/dovecot-virtual.cache mail_control_path = ~/dovecot-virtual.cache mail_volatile_path = ~/dovecot-virtual.cache hidden = yes list = children subscriptions = no mailbox All { auto = subscribe special_use = \All comment = All messages, excluding Junk and Trash } } namespace virtual-user { type = private separator = . prefix = "User Search Folders." mail_driver = virtual mail_path = ~/dovecot-virtual-user mail_index_path = ~/dovecot-virtual-user.cache mail_control_path = ~/dovecot-virtual-user.cache mail_volatile_path = ~/dovecot-virtual-user.cache mailbox_list_layout = Maildir++ hidden = yes list = children subscriptions = no } service auth { unix_listener auth-userdb { # restrict userdb to dovecot user/group only instead of world read/write mode = 0660 } unix_listener auth-client { # give Exim access to native authentication mode = 0660 group = exim } } service auth-worker { # no need to run as root user = $SET:default_internal_user # allow pam passdb to read /etc/shadow group = shadow } protocols = imap pop3 protocol imap { mail_max_userip_connections = 25 } protocol pop3 { mail_max_userip_connections = 25 } In addition to help with the noted issues, I'd also love if anyone more knowledgeable on Dovecot 2.4 could give any pointers on my config and if I could improve the translation in any way, given I have been fumbling around with it for weeks and am not really sure if my various decisions are correct. Best regards.

7 8

[Patch] Allow sieve redirects to specified domains only
by Kadlecsik József 10 Aug '25

10 Aug '25

Hello, The use case is simple: we have to forbid sieve redirects to outside, but should be able to redirect inside. The patch below adds a new sieve configuration option sieve_allowed_redirects to list the domains to which redirects are permitted and otherwise are not allowed. Please consider it. diff --git a/pigeonhole/doc/example-config/conf.d/90-sieve.conf b/pigeonhole/doc/example-config/conf.d/90-sieve.conf index 238bcf4..3b4ac65 100644 --- a/pigeonhole/doc/example-config/conf.d/90-sieve.conf +++ b/pigeonhole/doc/example-config/conf.d/90-sieve.conf @@ -126,6 +126,10 @@ plugin { # script execution. If set to 0, no redirect actions are allowed. #sieve_max_redirects = 4 + # The comma/space separated list of email domains where redirection is allowed. + # If the list is empty, there is no restriction. + sieve_allowed_redirects = + # The maximum number of personal Sieve scripts a single user can have. If set # to 0, no limit on the number of scripts is enforced. # (Currently only relevant for ManageSieve) diff --git a/pigeonhole/src/lib-sieve/cmd-redirect.c b/pigeonhole/src/lib-sieve/cmd-redirect.c index 6a3b0a4..17e9031 100644 --- a/pigeonhole/src/lib-sieve/cmd-redirect.c +++ b/pigeonhole/src/lib-sieve/cmd-redirect.c @@ -107,6 +107,24 @@ const struct sieve_action_def act_redirect = { .commit = act_redirect_commit, }; +static bool +cmd_redirect_allowed(struct sieve_instance *svinst, + const struct smtp_address *to_address) +{ + const char **domain; + bool result = TRUE; + + if (!svinst->allowed_redirects) + return TRUE; + for (domain = svinst->allowed_redirects; *domain != NULL; ++domain) { + if (strcasecmp(*domain, to_address->domain) == 0) { + return TRUE; + } + result = FALSE; + } + return result; +} + /* * Validation */ @@ -127,6 +145,12 @@ cmd_redirect_validate(struct sieve_validator *validator, if (!sieve_validator_argument_activate(validator, cmd, arg, FALSE)) return FALSE; + if (svinst->max_redirects == 0) { + sieve_command_validate_error(validator, cmd, + "local policy prohibits the use of a redirect action"); + return FALSE; + } + /* We can only assess the validity of the outgoing address when it is * a string literal. For runtime-generated strings this needs to be * done at runtime. @@ -148,14 +172,17 @@ cmd_redirect_validate(struct sieve_validator *validator, } } T_END; + if (!result && + !cmd_redirect_allowed(svinst, + sieve_address_parse_str(raw_address, &error))) { + sieve_command_validate_error(validator, cmd, + "local policy prohibits the use of a redirect action"); + return FALSE; + } + return result; } - if (svinst->max_redirects == 0) { - sieve_command_validate_error(validator, cmd, - "local policy prohibits the use of a redirect action"); - return FALSE; - } return TRUE; } @@ -238,6 +265,11 @@ cmd_redirect_operation_execute(const struct sieve_runtime_env *renv, "local policy prohibits the use of a redirect action"); return SIEVE_EXEC_FAILURE; } + if (!cmd_redirect_allowed(svinst, to_address)) { + sieve_runtime_error(renv, NULL, + "local policy prohibits the use of a redirect action"); + return SIEVE_EXEC_FAILURE; + } if (sieve_runtime_trace_active(renv, SIEVE_TRLVL_ACTIONS)) { sieve_runtime_trace(renv, 0, "redirect action"); diff --git a/pigeonhole/src/lib-sieve/sieve-common.h b/pigeonhole/src/lib-sieve/sieve-common.h index e79fb4d..d980c9d 100644 --- a/pigeonhole/src/lib-sieve/sieve-common.h +++ b/pigeonhole/src/lib-sieve/sieve-common.h @@ -209,6 +209,7 @@ struct sieve_instance { const struct smtp_address *user_email, *user_email_implicit; struct sieve_address_source redirect_from; unsigned int redirect_duplicate_period; + const char **allowed_redirects; }; /* diff --git a/pigeonhole/src/lib-sieve/sieve-settings.c b/pigeonhole/src/lib-sieve/sieve-settings.c index 47f70da..70addc7 100644 --- a/pigeonhole/src/lib-sieve/sieve-settings.c +++ b/pigeonhole/src/lib-sieve/sieve-settings.c @@ -267,4 +267,10 @@ void sieve_settings_load(struct sieve_instance *svinst) svinst->user_email = address; } } + svinst->allowed_redirects = NULL; + str_setting = sieve_setting_get(svinst, "sieve_allowed_redirects"); + if (str_setting != NULL && *str_setting != '\0') { + svinst->allowed_redirects = + (const char **)p_strsplit_spaces(svinst->pool, str_setting, ", "); + } } Best regards, Jozsef -- E-mail : kadlecsik.jozsef(a)wigner.hun-ren.hu PGP key: https://wigner.hu/~kadlec/pgp_public_key.txt Address: Wigner Research Centre for Physics H-1525 Budapest 114, POB. 49, Hungary

2 1

Re: Problem email client iPhone ios18.2
by Michael Slusarz 17 Jun '25

17 Jun '25

Timo confirmed this type of message (see below) breaks iOS mail clients regardless of the IMAP server used. So it is almost certainly a client issue. We are in contact with the Apple Mail developers and have provided this debug information to them. michael > On 02/10/2025 7:19 AM MST Timo Sirainen via dovecot <dovecot(a)dovecot.org> wrote: > > > On 10. Feb 2025, at 15.24, Florian Effenberger via dovecot <dovecot(a)dovecot.org> wrote: > > > > Hello, > > > > frido--- via dovecot wrote on 10.02.25 at 14:07: > >> The problem as described at the start of this thread is not solved in iOS 18.3. A bit more testing shows that it only appears to happen with attachments around 1MB and bigger. > > > > there seem to be two kind of problems, at least on my devices. > > I'm also wondering if there are multiple issues. I have one way of easily reproducing, but it has nothing to do with IMAP IDLE. Here's a test email which causes the hang - snipped it a bit in the middle which you can fill out yourself with: > > dd if=/dev/urandom bs=1024 count=3432 | base64 -w76 > > If you want to test multiple times, change Message-Id for every delivery. This mail can be simply saved to INBOX, e.g. with doveadm save: > > To: <user(a)example.com> > Subject: testing > Content-Type: multipart/mixed; boundary="foo" > Date: Tue, 17 Dec 2024 06:46:17 +0000 > From: <user(a)example.com> > Message-Id: <fooab(a)example.com> > > > > --foo > Content-Type: multipart/alternative; boundary="bar" > > --bar > Content-Transfer-Encoding: quoted-printable > Content-Type: text/html; charset=UTF-8 > > asdf > --bar-- > > --foo > Content-Description: test.pdf > Content-Disposition: attachment; filename="test.pdf" > Content-Transfer-Encoding: base64 > Content-Type: application/octet-stream; name="test.pdf" > > > lBjZO0luFuyUiOqQ8KPTTpMyPoNhlSTPPJauDuCVSwbZgaNyhnObul5qrdyPKo0NGiQKA3Kha34A > <61642 lines of random> > 4cNyk39T2wMsnQavfl8LXwG1vNQylpgmSN4p6fOpmGqQ > > --foo-- > > _______________________________________________ > dovecot mailing list -- dovecot(a)dovecot.org > To unsubscribe send an email to dovecot-leave(a)dovecot.org

3 3

GSSAPI authentication for sieve
by Paul Zirnik 05 Jun '25

05 Jun '25

Hi all, I try to get GSSAPI working for sieve. I already found there was an issue with GSSAPI in dovecot 2.4 and applied the patch from this thread https://dovecot.org/mailman3/archives/list/dovecot@dovecot.org/thread/MWCLQ… With the patch GSSAPI now works for imap. I do test this with "imtest" from cyrus tools imat@speedy:~> imtest -v -p 143 -u imat -m GSSAPI manitou.disconnected.homeip.net S: * OK [CAPABILITY IMAP4rev1 LOGIN-REFERRALS ID ENABLE IDLE SASL-IR LITERAL+ STARTTLS LOGINDISABLED AUTH=GSSAPI] Dovecot ready. C: A01 AUTHENTICATE GSSAPI YIIDIgYJKoZIhvcSAQICAQBuggMRMIIDDaADAgEFoQMCAQ6iBwMFACAAAACjggIaYYICFjCCAhKgAwIBBaEZGxdESVNDT05ORUNURUQuSE9NRUlQLk5FVKIyMDCgAwIBA6EpMCcbBGltYXAbH21hbml0b3UuZGlzY29ubmVjdGVkLmhvbWVpcC5uZXSjggG6MIIBtqADAgESoQMCAQKiggGoBIIBpFcei+vGql9tb5TpNjKFgdKAo7p1IiSW8DXPJR2GkCrHVrm0LdtsUaky4zOCskwEQkLURA8CuxM5HGmXT38O56434VTStpRHWZx7Xu43UHHJpOjdf76YYqnIA7WEk76QQyUpnO3hQWCEwyAPf1GhQKGDWCosHEuvn3jNE8t8fWmnRtWSgr35w5GD9OHsYKwca14yUruNU/qfVL9I41bjiFcJ1FFjMyVa/+ogghBm4jDoiFTV7vB8WYpx8Vuuev0d48TZDqv7Kf5/G8TgH3bc59VLjCemLAzTjOQ4mZxTXBEh9OpibKPUozRd266ao7dAD4OHMWNORXKqWl/Ch0iC7q/QEg/qY7E0dm7wqMDROrzmaxWW8p5+y69AbjwylsgivknVcTmbQjVnGGvniDLTke8O6CvqeIum/uUli2FyBmSUt8kVju1GIfoysFP8BEu6gDXdbcsG2XbuoTvfzLyJNT7eomILhF9nZI1vFariqF3TJLo14/L4OCG05RrAH3o8kHTkUMz8rrZj5y0yzfQqlME66yBRezRRSccrrD5AWdHzRMvw26SB2TCB1qADAgESooHOBIHLTo7UMx+G8Q+Ly+Mmj35JBfLm+SWeCV1YGcJQ8O1hI6F3pKh4fMjx5L9v4v4NzbDWpZ8YlQtSBcDgyebiZjHaeqGf4bIcOaGyzfor3DhAn0q0n0Zx/SKJiTJuT9eT0pHwb/yaT9MzOZTP6C5HuXgxUN/2Po2qNwkzaU5gOH+sOYu6Y0AKoKGlkIQHejzns70FehWRn8wBbu8T9+8zKRU0qmBQXnqg/C10pSW7EUVD37VPhY0kLY6SB77KS/8aguWWC3OVAfw6bcAXVVM= S: + YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvzFWfR5FTOl77CqiMZ7qWR4I6JqXdi0JbIG4xTYJNYvQSsvxAxyfEiGINTMW5QytlcMvfiJpTj0U2Fd3Hr/MzLcCeCRwJ9jTg8m2E1ZgpmzmpXzl7xGq+MRIvetu3Wdgxum+ZQ8jPS1obTnI1Vh7I C: S: + BQQF/wAMAAAAAAAAHJz31AH///+2dWHfKNY/6f01FUw= C: BQQE/wAMAAAAAAAABI42iwEAAABpbWF0C53m6npnJwjAfaEu S: A01 OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE REPLACE SNIPPET=FUZZY PREVIEW=FUZZY PREVIEW SPECIAL-USE STATUS=SIZE SAVEDATE COMPRESS=DEFLATE INPROGRESS NOTIFY LITERAL+] Logged in Authenticated. Security strength factor: 0 C: Q01 LOGOUT * BYE Logging out Q01 OK Logout completed (0.001 + 0.000 secs). Connection closed. When i try to use "sivtest" from cyrus tools, this does hang and it looks like sievtest is still waiting for some data imat@speedy:~> sivtest -v -p 4190 -u imat -m GSSAPI manitou.disconnected.homeip.net S: "IMPLEMENTATION" "Dovecot Pigeonhole" S: "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include body variables enotify environment mailbox date index ihave duplicate mime foreverypart extracttext" S: "NOTIFY" "mailto" S: "SASL" "GSSAPI" S: "STARTTLS" S: "VERSION" "1.0" S: OK "Dovecot ready." C: AUTHENTICATE "GSSAPI" {1076+} YIIDIwYJKoZIhvcSAQICAQBuggMSMIIDDqADAgEFoQMCAQ6iBwMFACAAAACjggIbYYICFzCCAhOgAwIBBaEZGxdESVNDT05ORUNURUQuSE9NRUlQLk5FVKIzMDGgAwIBA6EqMCgbBXNpZXZlGx9tYW5pdG91LmRpc2Nvbm5lY3RlZC5ob21laXAubmV0o4IBujCCAbagAwIBEqEDAgECooIBqASCAaTS89GNFHQk6FCilKJkEP8Xl27g/A8b1T0pxGwipjYBug0+bprqG0xJucYaULvqi1PnTI+A6WJesi2434B+L0WAv1sdWhI60SpmmfnsZPD8uqbJmZEFMj9bQnS4VbNgduhEA+pgYp85q0PcP3I5DcMeypIC7rk2hv15qYnVSYhND/P3tOANikXc5JB3cWnnPc79gRW+Ozi75waihMIv7C3UvllUtb2tTUKqdGwz2D9/BT3e1ZfcueaWznhXmzieh4dHZyqvbm4UVVUuc4paI1QMUrImy6zEfXjEH0O8dbZN3FbiKjCdP7E/zFtd6PkWaI0lgk8qGP1JqaFtGgqo+EcDEgyh4DoTRuNGGJp7n1zmQGkgIHzsUNR+SydUhWijdWJSegeIrGsZ4/s8YZupdxpC8g1qComP0+holawe9/iAnCxmRNGrNXDSRnL8wMaVAgm7t0SrBUSOm/YHKZSlHpMIWw438Dp/FdWwuCm2jA5pTksRbzmpS9fguMwp65bX0xh/a0NkI2VWJfwUmgqws3LRv1WHsn2FB/k+w55oOMboOtO3SCCkgdkwgdagAwIBEqKBzgSBy9PZObV0yc813IAR4TwEzPtKepfhzLvT0vFekCieE0sCu7jig2m+bpKt1IbIngs+hiztVx4TXYJu/UjH8UKNYct7xFWAOamuh/Fp4AnTBQXxieMM9TGZsiot7NzH75kRUY6SifNYYbz579wBAMbPzId5n2NVdp2blEpaCDKhMdZf/AQqUj3eFbafs5ociy4cOfmQSNuW7hY4KpQ0JU0cdWQyh0+Xl+fE9tz1ctmRoTA4WIF3U1UcwB0CPxlFxlw6cW+OAP0mlWqJE5Yx S: "YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvEb5fwEVTKq3wm3xJawxEVD9Ngdz3tmzW5a8wJAh9lSRYSE0aJS97LvUtT1mWqZTFx5AZMJGfM7KpcbmJc3cOkVhe5lTUQDir58n1RywkyWYM6RvKd1Vzeonxt/AyJi7rN1CMR9VIh2KZUItIsz1y" here it hangs until timeout. May 24 10:10:36 manitou dovecot[45007]: auth(imat@disconnected.homeip.net,192.168.42.24,sasl:gssapi)<mh73Nt01+OHAqCoY>: Request timed out waiting for client to continue authentication (150 secs) May 24 10:11:06 manitou dovecot[45007]: managesieve-login: Login aborted: Inactivity during authentication (client didn't finish SASL auth, 1 attempts in 180 secs) (auth_waiting_client): user=<>, method=GSSAPI, rip=192.168.42.24, lip=192.168.42.42, session=<mh73Nt01+OHAqCoY> and sievtest does end with this S: BYE "Disconnected for inactivity during authentication." base64 decoding error Authentication failed. generic failure Security strength factor: 0 Connection closed. The "base64 decoding error" probably is unrelated as it does try to decode the "S: BYE .....". I also tested with other sieve clients, none does work (however different issues reported), while all tested imap clients do work. My guess is some small fix like the one from above is also needed for dovecot-pigeonhole. This is my used config manitou:~ # dovecot -n # 2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf # Pigeonhole version 2.4.1-4 (0a86619f) # OS: Linux 6.14.6-1-default x86_64 # Hostname: manitou.disconnected.homeip.net # 4 default setting changes since version 2.4.0 dovecot_config_version = 2.4.0 auth_debug = yes auth_debug_passwords = yes auth_gssapi_hostname = manitou.disconnected.homeip.net auth_krb5_keytab = /etc/dovecot/dovecot.keytab auth_mechanisms = plain login gssapi dovecot_storage_version = 2.4.0 protocols { imap = yes lmtp = yes sieve = yes } protocol lmtp { auth_username_format = %{user | username} mail_plugins = sieve } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { } } namespace inbox { mail_driver = maildir mail_inbox_path = ~/Maildir/.INBOX mail_path = ~/Maildir inbox = yes separator = / } passdb pam { service_name = dovecot } userdb passwd { use_worker = yes } ssl_server { cert_file = /etc/ssl/servercerts/servercert.pem key_file = /etc/ssl/servercerts/serverkey.pem } service managesieve-login { } service managesieve { } sieve_script personal { active_path = ~/.dovecot.sieve path = ~/.sieve } What logs/infos are needed to dig into it ? thanks and regards, Tami

1 1

Fatal: Couldn't load required plugin /usr/lib/dovecot/lib90_sieve_plugin.so: dlopen() failed: Error relocating /usr/lib/dovecot/lib90_sieve_plugin.so: mail_deliver_get_return_address: symbol not found
by paradoor 04 Jun '25

04 Jun '25

Hi there, I have a Postfix/Dovecot server which today I upgraded from Alpine Linux 3.21 to 3.22. In the process, Dovecot updated from 2.3.21 to 2.4.1, and I updated my Dovecot config accordingly. At least `doveconf -n` runs without any error, and I'm able to start and run Dovecot. For context, I am using a passwd file where I enter usernames and argon2id passwords manually, since it's just a small mail server where I am the only user. The setup was working fine with Dovecot 2.3.x, and I've sent and received lots of mail before the update. However, I noticed that I'm no longer able to authenticate to the server since doing all the updates. I thought, maybe I should make sure the passwd file is correct with my password, so I tried running `doveadm pw -s argon2id`. I then got the error: `Fatal: Couldn't load required plugin /usr/lib/dovecot/lib90_sieve_plugin.so: dlopen() failed: Error relocating /usr/lib/dovecot/lib90_sieve_plugin.so: mail_deliver_get_return_address: symbol not found` I assume this is the cause of the problem, ie Dovecot isn't able to authenticate as this error occurs when a login attempt is made (I think?). I am not sure if this is an Alpine packaging issue or a Dovecot user issue, but just in case it's a user issue that I can fix myself, I thought to post here and ask if people know if there's something I can do to resolve this. I'm also posting to the Alpine mailing list in the case of it being an Alpine packaging issue. I've attached the output of `doveconf -n`; let me know if it's preferable to put this in the body of the email and I can send a reply with it in the body. `dovecot --version` is `2.4.1-4 (7d8c0e5759)`. Example `/var/log/dovecot.conf` authentication attempt: May 31 21:50:41 auth: Debug: conn unix:login (pid=21015,uid=91) [1]: client in: AUTH 4 PLAIN protocol=imap final-resp-ok secured=tls session=ElBsg3U25ou51Zrs lip=93.113.25.226 rip=185.213.154.236 lport=993 rport=35814 ssl_ja3_hash=422b5eb1ed3e9bdf65e87a42ed96ba1f local_name=mail.revsuine.xyz resp=<hidden> May 31 21:50:41 auth(${user | username},185.213.154.236,sasl:plain)<ElBsg3U25ou51Zrs>: Debug: passwd-file: Performing passdb lookup May 31 21:50:41 auth(${user | username},185.213.154.236,sasl:plain)<ElBsg3U25ou51Zrs>: Debug: passwd-file: lookup: user=${user | username} file=/etc/dovecot/passwd May 31 21:50:41 auth(${user | username},185.213.154.236,sasl:plain)<ElBsg3U25ou51Zrs>: Info: passwd-file: unknown user May 31 21:50:41 auth(${user | username},185.213.154.236,sasl:plain)<ElBsg3U25ou51Zrs>: Debug: passwd-file: Finished passdb lookup May 31 21:50:41 auth(${user | username},185.213.154.236,sasl:plain)<ElBsg3U25ou51Zrs>: Debug: Auth request finished May 31 21:50:41 auth(${user | username},185.213.154.236,sasl:plain)<ElBsg3U25ou51Zrs>: Debug: delaying auth failure May 31 21:50:43 auth: Debug: conn unix:login (pid=21015,uid=91) [1]: client passdb out: FAIL 4 user=${user | username} original_user=pid1 (The IP addresses are my public server IP address and a Mullvad VPN IP address, so not sensitive.) I'm using the same credentials and passwd file as before the update. Thanks in advance, appreciate any responses.

3 6

Crash in imapd
by Peter Chubb 02 Jun '25

02 Jun '25

Hi Folks, I'm seeing imapd crash when an evolution user accesses her primary mailbox. She can see the mailbox perfectly well using thunderbird or Apple Mail on an iPad; just not from her evolution instance. Version is 2.4.1-4 (7d8c0e5759) The error is an assertion failure: Panic: file istream-header-filter.c: line 665 (i_stream_header_filter_snapshot_free): assertion failed: (snapshot->mstream->snapshot_pending) I'm running on Debian unstable in an LXC container, using the Debian packaged version of dovecot. Filesystem for INBOX (mbox format) is XFS; home directories are mounted via NFS. The backtrace in gdb is: #0 0x00007f996709e95c in ?? () from /lib/x86_64-linux-gnu/libc.so.6 #1 0x00007f9967049cc2 in raise () from /lib/x86_64-linux-gnu/libc.so.6 #2 0x00007f99670324ac in abort () from /lib/x86_64-linux-gnu/libc.so.6 #3 0x00007f9967265964 in ?? () from /usr/lib/dovecot/libdovecot.so.0 #4 0x00007f9967333cb7 in ?? () from /usr/lib/dovecot/libdovecot.so.0 #5 0x00007f99672656c0 in i_panic () from /usr/lib/dovecot/libdovecot.so.0 #6 0x00007f996725eab1 in ?? () from /usr/lib/dovecot/libdovecot.so.0 #7 0x00007f9967345bdc in i_stream_snapshot_free () from /usr/lib/dovecot/libdovecot.so.0 #8 0x00007f9967345bdc in i_stream_snapshot_free () from /usr/lib/dovecot/libdovecot.so.0 #9 0x00007f9967345c6c in i_stream_unref () from /usr/lib/dovecot/libdovecot.so.0 #10 0x00007f996752bf99 in ?? () from /usr/lib/dovecot/libdovecot-storage.so.0 #11 0x00007f996752c391 in ?? () from /usr/lib/dovecot/libdovecot-storage.so.0 #12 0x00007f996752c64c in index_mail_get_special () from /usr/lib/dovecot/libdovecot-storage.so.0 #13 0x00007f99674a570e in mail_get_special () from /usr/lib/dovecot/libdovecot-storage.so.0 #14 0x000055fb1f1b298a in fetch_snippet (ctx=0x55fb4c044168, mail=0x55fb4c070e88, preview=0x55fb4c070230) at ./src/imap/imap-fetch-body.c:610 #15 0x000055fb1f1b7ce3 in imap_fetch_more_int (ctx=ctx@entry=0x55fb4c044168, cancel=false) at ./src/imap/imap-fetch.c:562 #16 0x000055fb1f1b7fbd in imap_fetch_more (ctx=0x55fb4c044168, cmd=0x55fb4c043e98) at ./src/imap/imap-fetch.c:617 #17 0x000055fb1f1ac1c8 in cmd_fetch (cmd=0x55fb4c043e98) at ./src/imap/cmd-fetch.c:382 #18 0x000055fb1f1b5124 in command_exec (cmd=cmd@entry=0x55fb4c043e98) at ./src/imap/imap-commands.c:208 #19 0x000055fb1f1bb650 in client_command_input (cmd=<optimized out>, cmd@entry=0x55fb4c043e98) at ./src/imap/imap-client.c:1271 #20 0x000055fb1f1bb6e6 in client_command_input (cmd=<optimized out>, cmd@entry=0x55fb4c043e98) at ./src/imap/imap-client.c:1341 #21 0x000055fb1f1bb97d in client_command_input (cmd=<optimized out>) at ./src/imap/imap-client.c:1305 #22 0x000055fb1f1bbb55 in client_handle_next_command (client=0x55fb4c042a68, remove_io_r=<synthetic pointer>) at ./src/imap/imap-client.c:1383 #23 client_handle_input (client=client@entry=0x55fb4c042a68) at ./src/imap/imap-client.c:1397 #24 0x000055fb1f1bbf47 in client_input (client=0x55fb4c042a68) at ./src/imap/imap-client.c:1441 #25 0x00007f996735177b in io_loop_call_io () from /usr/lib/dovecot/libdovecot.so.0 #26 0x00007f99673535ea in io_loop_handler_run_internal () from /usr/lib/dovecot/libdovecot.so.0 #27 0x00007f9967353694 in io_loop_handler_run () from /usr/lib/dovecot/libdovecot.so.0 #28 0x00007f9967353868 in io_loop_run () from /usr/lib/dovecot/libdovecot.so.0 #29 0x00007f99672a6347 in master_service_run () from /usr/lib/dovecot/libdovecot.so.0 #30 0x000055fb1f1a6e27 in main (argc=<optimized out>, argv=<optimized out>) at ./src/imap/main.c:601 dovecot -n === # 2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf # Pigeonhole version 2.4.1-4 (0a86619f) # OS: Linux 6.12.16-amd64 x86_64 Debian 13.0 # Hostname: wombat.chubb.wattle.id.au # 4 default setting changes since version 2.4.0 dovecot_config_version = 2.4.0 dovecot_storage_version = 2.4.0 first_valid_uid = 130 fts_autoindex = yes fts_autoindex_max_recent_msgs = 999 fts_search_add_missing = yes mail_access_groups = mail mail_driver = mbox mail_full_filesystem_access = yes mail_home = /home/%{user|username} mail_inbox_path = /var/mail/%{user} mail_index_path = /var/indices/%{user} mail_nfs_storage = yes mail_path = ~/Mail/ mail_privileged_group = mail protocols { imap = yes } ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+ECDHE-RSA-AES256-GCM-SHA384:+AES256:+CAMELLIA128:+AES128:+SSLv3:DES-CBC3-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA ssl_min_protocol = TLSv1 passdb pam { } userdb passwd { } namespace inbox { inbox = yes mailbox Drafts { special_use = "\\Drafts" } mailbox Junk { special_use = "\\Junk" } mailbox Trash { special_use = "\\Trash" } mailbox Sent { special_use = "\\Sent" } mailbox "Sent Messages" { special_use = "\\Sent" } mailbox Spam { special_use = "\\Junk" } } service imap-login { inet_listener imap { } inet_listener imaps { } } service pop3-login { inet_listener pop3 { } inet_listener pop3s { } } service submission-login { inet_listener submission { } inet_listener submissions { } } service lmtp { unix_listener lmtp { } } service imap { } service submission { } service auth { unix_listener auth-userdb { } } service auth-worker { } service dict { unix_listener dict { } } ssl_server { cert_file = /etc/dovecot/private/dovecot.pem key_file = /etc/dovecot/private/dovecot.key } passdb local { driver = pam } userdb local { driver = passwd } ---

2 1

Help Translating Dovecot 2.3 Proxy Configuration to 2.4
by Brent Clark 31 May '25

31 May '25

Hi all, I'm in the process of upgrading from Dovecot 2.3 to 2.4 and would appreciate some help translating an existing configuration that uses a proxy lookup for user and password databases. Here's the relevant 2.3 configuration: |passdb { driver =dict args =/etc/dovecot/dovecot-dict-auth.conf.ext } userdb { driver =dict args =/etc/dovecot/dovecot-dict-auth.conf.ext } uri= proxy:/var/run/mail_directory_service/socket:somewhere password_key= passdb/%u user_key= userdb/%u iterate_disable= yes | This configuration was working fine in 2.3 to proxy user and password lookups to an external service via a Unix socket. However, Dovecot 2.4 has reworked configuration parsing, and this syntax no longer appears valid. I couldn’t find a direct equivalent in the 2.4 documentation. Could someone advise how this should be adapted for 2.4? What’s the correct way to specify the proxy: URI in 2.4? Are password_key and user_key still supported, or should I be using a different mechanism? Is iterate_disable = yes still relevant or required in this context? Any guidance, examples, or pointers to migration resources would be very helpful. Thanks in advance, Brent Clark Hi all, I'm in the process of upgrading from Dovecot 2.3 to 2.4 and would appreciate some help translating an existing configuration that uses a proxy lookup for user and password databases. Here's the relevant 2.3 configuration: passdb { driver =dict args =/etc/dovecot/dovecot-dict-auth.conf.ext } userdb { driver =dict args =/etc/dovecot/dovecot-dict-auth.conf.ext } uri = proxy:/var/run/mail_directory_service/socket:somewhere password_key = passdb/%u user_key = userdb/%u iterate_disable = yes This configuration was working fine in 2.3 to proxy user and password lookups to an external service via a Unix socket. However, Dovecot 2.4 has reworked configuration parsing, and this syntax no longer appears valid. I couldn’t find a direct equivalent in the 2.4 documentation. Could someone advise how this should be adapted for 2.4? What’s the correct way to specify the proxy: URI in 2.4? Are password_key and user_key still supported, or should I be using a different mechanism? Is iterate_disable = yes still relevant or required in this context? Any guidance, examples, or pointers to migration resources would be very helpful. Thanks in advance, Brent Clark

6 11