September 2025 - dovecot

Crash in dovecot snippet when using imapc
by John van der Kamp 03 Sep '25

03 Sep '25

Hello, I've found a crash in a very specific setup. A dovecot server with imapc connection needs to receive an email with no body contents for the intent of generating a preview/snippet. It crashes somewhere deep in the jungle of istream and snapshots. I've included a script which sets up the systems to reproduce the crash. I've tested this with several versions. 2.3.16 doesn't seem to be affected, but 2.3.20 and 2.3.21 are affect. For me it produces a traceback like this, using the ubuntu version from here: https://packages.ubuntu.com/noble/dovecot-core (gdb) bt #0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140530132887360) at ./nptl/pthread_kill.c:44 #1 __pthread_kill_internal (signo=6, threadid=140530132887360) at ./nptl/pthread_kill.c:78 #2 __GI___pthread_kill (threadid=140530132887360, signo=signo@entry=6) at ./nptl/pthread_kill.c:89 #3 0x00007fcfb8842476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #4 0x00007fcfb88287f3 in __GI_abort () at ./stdlib/abort.c:79 #5 0x00007fcfb8b37fe5 in default_fatal_finish (status=0, type=LOG_TYPE_PANIC) at ../lib/failures.c:465 #6 fatal_handler_real (ctx=<optimized out>, format=<optimized out>, args=<optimized out>) at ../lib/failures.c:477 #7 0x00007fcfb8be50d7 in i_internal_fatal_handler (ctx=<optimized out>, format=<optimized out>, args=<optimized out>) at ../lib/failures.c:879 #8 0x00007fcfb8b37eea in i_panic (format=0x7fcfb8c29020 "file %s: line %d (%s): assertion failed: (%s)") at ../lib/failures.c:530 #9 0x00007fcfb8b3387b in i_stream_header_filter_snapshot_free (_snapshot=<optimized out>) at ../lib-mail/istream-header-filter.c:663 #10 i_stream_header_filter_snapshot_free (_snapshot=0x55dabe297a60) at ../lib-mail/istream-header-filter.c:655 #11 0x00007fcfb8bf25ac in i_stream_snapshot_free (_snapshot=_snapshot@entry=0x55dabe29b0d0) at ../lib/istream.c:253 #12 0x00007fcfb8bf2654 in i_stream_unref (stream=0x7ffc16cc7fa0) at ../lib/istream.c:66 #13 0x00007fcfb8d96baa in index_mail_write_body_snippet (mail=0x55dabe292058) at index/index-mail.c:1151 #14 0x00007fcfb8d97e48 in index_mail_parse_bodystructure (mail=0x55dabe292058, field=MAIL_CACHE_BODY_SNIPPET) at index/index-mail.c:1551 #15 0x00007fcfb8d97fe2 in index_mail_fetch_body_snippet (value_r=0x7ffc16cc8050, mail=0x55dabe292058) at index/index-mail.c:1602 #16 index_mail_get_special (_mail=0x55dabe292058, field=<optimized out>, value_r=0x7ffc16cc8050) at index/index-mail.c:1730 #17 0x00007fcfb8d16ffe in mail_get_special (mail=mail@entry=0x55dabe292058, field=field@entry=MAIL_FETCH_BODY_SNIPPET, value_r=value_r@entry=0x7ffc16cc8050) at /home/ubuntu/dovecot/new/dovecot-2.3.21+dfsg1/src/lib-storage/mail.c:418 #18 0x000055dabc52645c in fetch_snippet (ctx=0x55dabe26e050, mail=0x55dabe292058, preview=0x55dabe28f1f8) at ./src/imap/imap-fetch-body.c:615 #19 0x000055dabc52b5cc in imap_fetch_more_int (ctx=0x55dabe26e050, cancel=false) at ./src/imap/imap-fetch.c:562 #20 0x000055dabc52b8ad in imap_fetch_more (ctx=0x55dabe26e050, cmd=0x55dabe26de98) at ./src/imap/imap-fetch.c:617 #21 0x000055dabc51fd07 in cmd_fetch (cmd=0x55dabe26de98) at ./src/imap/cmd-fetch.c:382 #22 0x000055dabc528af4 in command_exec (cmd=0x55dabe26de98) at ./src/imap/imap-commands.c:201 #23 0x000055dabc52e9e2 in client_command_input (cmd=<optimized out>) at ./src/imap/imap-client.c:1237 #24 0x000055dabc52ea96 in client_command_input (cmd=<optimized out>) at ./src/imap/imap-client.c:1307 #25 0x000055dabc52eeed in client_handle_next_command (remove_io_r=<synthetic pointer>, client=0x55dabe26d2c8) at ./src/imap/imap-client.c:1349 #26 client_handle_input (client=0x55dabe26d2c8) at ./src/imap/imap-client.c:1363 #27 0x000055dabc52f2c4 in client_input (client=0x55dabe26d2c8) at ./src/imap/imap-client.c:1407 #28 0x00007fcfb8bfe27d in io_loop_call_io (io=0x55dabe26e660) at ../lib/ioloop.c:737 #29 0x00007fcfb8bff81a in io_loop_handler_run_internal (ioloop=0x55dabe243fd0) at ../lib/ioloop-epoll.c:222 #30 0x00007fcfb8bff8d4 in io_loop_handler_run (ioloop=0x55dabe243fd0) at ../lib/ioloop.c:789 #31 0x00007fcfb8bffa90 in io_loop_run (ioloop=0x55dabe243fd0) at ../lib/ioloop.c:762 #32 0x00007fcfb8b6ce57 in master_service_run (service=0x55dabe243e20, callback=callback@entry=0x55dabc533210 <client_connected>) at ../lib-master/master-service.c:878 #33 0x000055dabc51ad37 in main (argc=<optimized out>, argv=<optimized out>) at ./src/imap/main.c:575 John Hello, I've found a crash in a very specific setup. A dovecot server with imapc connection needs to receive an email with no body contents for the intent of generating a preview/snippet. It crashes somewhere deep in the jungle of istream and snapshots. I've included a script which sets up the systems to reproduce the crash. I've tested this with several versions. 2.3.16 doesn't seem to be affected, but 2.3.20 and 2.3.21 are affect. For me it produces a traceback like this, using the ubuntu version from here: https://packages.ubuntu.com/noble/dovecot-core (gdb) bt #0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140530132887360) at ./nptl/pthread_kill.c:44 #1 __pthread_kill_internal (signo=6, threadid=140530132887360) at ./nptl/ pthread_kill.c:78 #2 __GI___pthread_kill (threadid=140530132887360, signo=signo@entry=6) at ./ nptl/pthread_kill.c:89 #3 0x00007fcfb8842476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/ raise.c:26 #4 0x00007fcfb88287f3 in __GI_abort () at ./stdlib/abort.c:79 #5 0x00007fcfb8b37fe5 in default_fatal_finish (status=0, type=LOG_TYPE_PANIC) at ../lib/failures.c:465 #6 fatal_handler_real (ctx=<optimized out>, format=<optimized out>, args=<optimized out>) at ../lib/failures.c:477 #7 0x00007fcfb8be50d7 in i_internal_fatal_handler (ctx=<optimized out>, format=<optimized out>, args=<optimized out>) at ../lib/failures.c:879 #8 0x00007fcfb8b37eea in i_panic (format=0x7fcfb8c29020 "file %s: line %d (%s): assertion failed: (%s)") at ../lib/failures.c:530 #9 0x00007fcfb8b3387b in i_stream_header_filter_snapshot_free (_snapshot=<optimized out>) at ../lib-mail/istream-header-filter.c:663 #10 i_stream_header_filter_snapshot_free (_snapshot=0x55dabe297a60) at ../lib- mail/istream-header-filter.c:655 #11 0x00007fcfb8bf25ac in i_stream_snapshot_free (_snapshot=_snapshot@entry=0x55dabe29b0d0) at ../lib/istream.c:253 #12 0x00007fcfb8bf2654 in i_stream_unref (stream=0x7ffc16cc7fa0) at ../lib/ istream.c:66 #13 0x00007fcfb8d96baa in index_mail_write_body_snippet (mail=0x55dabe292058) at index/index-mail.c:1151 #14 0x00007fcfb8d97e48 in index_mail_parse_bodystructure (mail=0x55dabe292058, field=MAIL_CACHE_BODY_SNIPPET) at index/index-mail.c:1551 #15 0x00007fcfb8d97fe2 in index_mail_fetch_body_snippet (value_r=0x7ffc16cc8050, mail=0x55dabe292058) at index/index-mail.c:1602 #16 index_mail_get_special (_mail=0x55dabe292058, field=<optimized out>, value_r=0x7ffc16cc8050) at index/index-mail.c:1730 #17 0x00007fcfb8d16ffe in mail_get_special (mail=mail@entry=0x55dabe292058, field=field@entry=MAIL_FETCH_BODY_SNIPPET, value_r=value_r@entry=0x7ffc16cc8050) at /home/ubuntu/dovecot/new/dovecot-2.3.21+dfsg1/src/lib-storage/mail.c:418 #18 0x000055dabc52645c in fetch_snippet (ctx=0x55dabe26e050, mail=0x55dabe292058, preview=0x55dabe28f1f8) at ./src/imap/imap-fetch-body.c: 615 #19 0x000055dabc52b5cc in imap_fetch_more_int (ctx=0x55dabe26e050, cancel=false) at ./src/imap/imap-fetch.c:562 #20 0x000055dabc52b8ad in imap_fetch_more (ctx=0x55dabe26e050, cmd=0x55dabe26de98) at ./src/imap/imap-fetch.c:617 #21 0x000055dabc51fd07 in cmd_fetch (cmd=0x55dabe26de98) at ./src/imap/cmd- fetch.c:382 #22 0x000055dabc528af4 in command_exec (cmd=0x55dabe26de98) at ./src/imap/imap- commands.c:201 #23 0x000055dabc52e9e2 in client_command_input (cmd=<optimized out>) at ./src/ imap/imap-client.c:1237 #24 0x000055dabc52ea96 in client_command_input (cmd=<optimized out>) at ./src/ imap/imap-client.c:1307 #25 0x000055dabc52eeed in client_handle_next_command (remove_io_r=<synthetic pointer>, client=0x55dabe26d2c8) at ./src/imap/imap-client.c:1349 #26 client_handle_input (client=0x55dabe26d2c8) at ./src/imap/imap-client.c: 1363 #27 0x000055dabc52f2c4 in client_input (client=0x55dabe26d2c8) at ./src/imap/ imap-client.c:1407 #28 0x00007fcfb8bfe27d in io_loop_call_io (io=0x55dabe26e660) at ../lib/ ioloop.c:737 #29 0x00007fcfb8bff81a in io_loop_handler_run_internal (ioloop=0x55dabe243fd0) at ../lib/ioloop-epoll.c:222 #30 0x00007fcfb8bff8d4 in io_loop_handler_run (ioloop=0x55dabe243fd0) at ../ lib/ioloop.c:789 #31 0x00007fcfb8bffa90 in io_loop_run (ioloop=0x55dabe243fd0) at ../lib/ ioloop.c:762 #32 0x00007fcfb8b6ce57 in master_service_run (service=0x55dabe243e20, callback=callback@entry=0x55dabc533210 <client_connected>) at ../lib-master/ master-service.c:878 #33 0x000055dabc51ad37 in main (argc=<optimized out>, argv=<optimized out>) at ./src/imap/main.c:575 John

2 7

Re: "MitM" account to bypass quota
by Nick Howitt 03 Sep '25

03 Sep '25

Please can you reply to list rather than directly do me? I just know of the tool and not how to use it. It doesn't look like it supports continually running it in the background, but you can always put it in a loop in a shell script, perhaps with a delay between iterations. If you use cron, you have to be careful that it is not already running when it gets fires again. Nick On 02/09/2025 20:08, Carlos Mogas da Silva wrote: > Can doveadm-sync be configured to keep running on the background? > Can't seem to find anything related to this... > > > On 2 September 2025 20:00:01 WEST, Nick Howitt via dovecot > <dovecot(a)dovecot.org> wrote: > > How about doveadm-sync > (https://doc.dovecot.org/main/core/man/doveadm-sync.1.html) or > imapsync? On 02/09/2025 19:26, Carlos Mogas da Silva via dovecot > wrote: > > Hi list. I have an email address hosted on a server not > controlled by me which enforces quota on the accounts. No > issues there. What I want to know, is how can I use my mail > server, or in this case, dovecot, to act as a "client" to that > imap server and download all the messages from it storing them > locally (in my server) in effect, bypassing the quota > restriction. If you can point me to some documentation or give > a general idea on how I could accomplish this it would be > nice. Thanks in advance! Carlos Mogas da Silva > ------------------------------------------------------------------------ > dovecot mailing list --dovecot(a)dovecot.org To unsubscribe send > an email todovecot-leave(a)dovecot.org > Please can you reply to list rather than directly do me? I just know of the tool and not how to use it. It doesn't look like it supports continually running it in the background, but you can always put it in a loop in a shell script, perhaps with a delay between iterations. If you use cron, you have to be careful that it is not already running when it gets fires again. Nick On 02/09/2025 20:08, Carlos Mogas da Silva wrote: Can doveadm-sync be configured to keep running on the background? Can't seem to find anything related to this... On 2 September 2025 20:00:01 WEST, Nick Howitt via dovecot [1]<dovecot(a)dovecot.org> wrote: How about doveadm-sync ([2]https://doc.dovecot.org/main/core/man/doveadm-sync.1.html) or imapsync? On 02/09/2025 19:26, Carlos Mogas da Silva via dovecot wrote: Hi list. I have an email address hosted on a server not controlled by me which enforces quota on the accounts. No issues there. What I want to know, is how can I use my mail server, or in this case, dovecot, to act as a "client" to that imap server and download all the messages from it storing them locally (in my server) in effect, bypassing the quota restriction. If you can point me to some documentation or give a general idea on how I could accomplish this it would be nice. Thanks in advance! Carlos Mogas da Silva -------------------------------------------------------------------------- dovecot mailing list --dovecot(a)dovecot.org To unsubscribe send an email [3]todovecot-leave(a)dovecot.org References Visible links 1. mailto:dovecot@dovecot.org 2. https://doc.dovecot.org/main/core/man/doveadm-sync.1.html 3. mailto:todovecot-leave@dovecot.org

5 8

"MitM" account to bypass quota
by Carlos Mogas da Silva 02 Sep '25

02 Sep '25

Hi list. I have an email address hosted on a server not controlled by me which enforces quota on the accounts. No issues there. What I want to know, is how can I use my mail server, or in this case, dovecot, to act as a "client" to that imap server and download all the messages from it storing them locally (in my server) in effect, bypassing the quota restriction. If you can point me to some documentation or give a general idea on how I could accomplish this it would be nice. Thanks in advance! Carlos Mogas da Silva Hi list. I have an email address hosted on a server not controlled by me which enforces quota on the accounts. No issues there. What I want to know, is how can I use my mail server, or in this case, dovecot, to act as a "client" to that imap server and download all the messages from it storing them locally (in my server) in effect, bypassing the quota restriction. If you can point me to some documentation or give a general idea on how I could accomplish this it would be nice. Thanks in advance! Carlos Mogas da Silva

3 2

Dovecot 2.4.1: Domain part of user gets dropped in userdb_sql_query
by Robert Czechowski 01 Sep '25

01 Sep '25

Hi, I stumbled upon a problem where documentation and logs no longer help me. After upgrading to Debian Trixie / Dovecot 2.4.1-4 I have run into the following problem after fixing up most of my configuration. I'm using a vmail setup with user information in a mysql database and mailboxes in maildir format. Apparently %{user | domain} will not get set in my SQL query when looking up users for lmtp transport: With the setting userdb_sql_query = SELECT 150 AS uid, 8 AS gid FROM users WHERE username = '%{user | username}' AND domain = '%{user | domain}' I get the following debug log: dovecot: lmtp(118509): Connect from local dovecot: lmtp(robert(a)czecho.de)<118509><hXWpLOzOtGjtzgEAp35xQg>: Debug: auth-master: userdb lookup(robert(a)czecho.de): Started userdb lookup dovecot: lmtp(robert(a)czecho.de)<118509><hXWpLOzOtGjtzgEAp35xQg>: Debug: auth-master: conn unix:/var/run/dovecot//auth-userdb: Connecting dovecot: lmtp(robert(a)czecho.de)<118509><hXWpLOzOtGjtzgEAp35xQg>: Debug: auth-master: conn unix:/var/run/dovecot//auth-userdb (pid=115443,uid=0): Client connected (fd=14) dovecot: auth: Debug: conn unix:/var/run/dovecot/auth-userdb (pid=118509,uid=150): Server accepted connection (fd=23) dovecot: auth: Debug: master in: USER#0111#011robert(a)czecho.de#011protocol=lmtp dovecot: auth(robert): Debug: sql: Performing userdb lookup dovecot: auth-worker(115838): Debug: conn unix:auth-worker (pid=115833,uid=109): auth-worker<7>: Handling USER request dovecot: auth-worker(robert)<115838>: request [7]: Debug: sql: Performing userdb lookup dovecot: auth-worker(robert)<115838>: request [7]: Debug: sql: SELECT 150 AS uid, 8 AS gid FROM users WHERE username = 'robert' AND domain = '' dovecot: auth-worker(115838): Debug: mysql(127.0.0.1): Finished query 'SELECT 150 AS uid, 8 AS gid FROM users WHERE username = 'robert' AND domain = ''' in 0 msecs dovecot: auth-worker(robert)<115838>: request [7]: sql: unknown user dovecot: auth-worker(robert)<115838>: request [7]: Debug: sql: Finished userdb lookup dovecot: auth-worker(115838): Debug: conn unix:auth-worker (pid=115833,uid=109): auth-worker<7>: Finished: user_unknown dovecot: auth(robert): Debug: sql: Finished userdb lookup dovecot: auth: Debug: userdb out: NOTFOUND#0111 Note the SELECT 150 AS uid, 8 AS gid FROM users WHERE username = 'robert' AND domain = '' Resulting in poostfix/lmtp[118495]: A7D6F5A0350: to=<robert(a)czecho.de>, relay=alyx.czecho.de[private/dovecot-lmtp], delay=0.11, delays=0.03/0.04/0.02/0.02, dsn=5.1.1, status=bounced (host alyx.czecho.de[private/dovecot-lmtp] said: 550 5.1.1 <robert(a)czecho.de> User doesn't exist: robert(a)czecho.de (in reply to RCPT TO command)) Apparently, somewhere, the domain part of the users gets lost. My current workaround is to use the query without the domain part: userdb_sql_query = SELECT 150 AS uid, 8 AS gid FROM users WHERE username = '%{user | username}' However this places the mail in the wrong maildir directory. I've worked around that by creating symlinks for all users, but it seems a bit more effort than necessary. Also this will break as soon as two domains have the same username. :( For completeness: # dovecot -n # 2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf # Pigeonhole version 2.4.1-4 (0a86619f) # OS: Linux 6.12.41+deb13-amd64 x86_64 Debian 13.0 # Hostname: alyx.czecho.de # 4 default setting changes since version 2.4.0 dovecot_config_version = 2.4.0 auth_debug = yes auth_mechanisms = plain login auth_verbose = yes base_dir = /var/run/dovecot/ dovecot_storage_version = 2.4.0 first_valid_uid = 150 fts_autoindex = yes fts_autoindex_max_recent_msgs = 999 fts_search_add_missing = yes language_filters = normalizer-icu snowball stopwords language_tokenizers = generic email-address listen = * :: mail_debug = yes mail_driver = maildir mail_gid = mail mail_home = /var/vmail/%{user | domain}/%{user | username} mail_path = ~/mail mail_plugins { fts = yes fts_flatcurve = yes } mail_privileged_group = mail mail_uid = vmail protocols = imap lmtp namespace inbox { inbox = yes mailbox Drafts { special_use = "\\Drafts" } mailbox Junk { special_use = "\\Junk" } mailbox Trash { special_use = "\\Trash" } mailbox Sent { special_use = "\\Sent" } mailbox "Sent Messages" { special_use = "\\Sent" } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service lmtp { user = vmail unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service imap { } service pop3 { } service auth { unix_listener auth-userdb { group = mail mode = 0600 user = vmail } unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service auth-worker { } service dict { unix_listener dict { } } ssl_server { cert_file = /etc/ssl/certs/letsencrypt/mail.scrt key_file = /etc/ssl/private/letsencrypt/mail.priv } protocol lmtp { auth_username_format = %{user | username} } language en { default = yes filters = lowercase snowball english-possessive stopwords } fts flatcurve { substring_search = yes } mysql 127.0.0.1 { dbname = vmail password = # hidden, use -P to show it user = vmail } passdb sql { default_password_scheme = SHA512-CRYPT query = SELECT username, domain, password FROM users WHERE username = '%{user | username}' AND domain = '%{user | domain}' sql_driver = mysql } userdb sql { sql_driver = mysql iterate_query = SELECT CONCAT(username, '@', domain) as user FROM users query = SELECT 150 AS uid, 8 AS gid FROM users WHERE username = '%{user | username}' }

2 2