- dovecot - dovecot.org

[Dovecot] Solving CVE-2008-4870
by Michal Hlavinka 19 Nov '08

19 Nov '08

Hi, we're trying to solve CVE-2008-4870 = rhbz#436287 = dovecot.conf is world readable - possible password exposure. This problem seems to be little more complicated than we thought. dovecot.conf can contain passphrase for ssl key, which is available for everyone since dovecot.conf has world readable permissions. (In CVE's description is note that it RHEL's/Fedora's problem, but it affects all systems imo) We was thinking about few ways how to fix it: 1) 0640 permissions for dovecot.conf - but it can became not readable for dovecot 2) 0640 root:mail and set deliver to group mail with sgid - possible security problem 3) don't store passphrase in dovecot.conf, just ask for it when dovecot's started - can hang boot process, not good As part of investigating, I've found dovecot is storing all variables in environment variables - it means even passphrase? I'm not completely sure, but all variables can be read via /proc/<pid>/environ (I don't know if it becomes readable in some circumstances.) Is there any plan to solve this problem? Cheers, Michal

3 3

[Dovecot] patch: list shared namespace
by Bernhard Herzog 19 Nov '08

19 Nov '08

Hi, I've been working on a patch for dovecot 1.2 from the Kolab branch (http://hg.intevation.org/kolab/dovecot-1.2_kolab-branch/) that implements listing of shared namespaces. I've got something that works in some basic way but is still missing some pieces. See the attached patch, which also contains some installation and configuration notes. Implementation notes: One of the main problems the patch addresses is getting a list of all users that have mailboxes the logged in user can see. The patch uses a dict to cache information about which users have at least one mailbox that is visible to other users. The dict doesn't cache which other users, though. The cache entry for a given user is updated whenever the dovecot-acl-list file in the maildir root directory is updated. This ties the implementation to a specific acl backend to an extent, but that shouldn't be a problem at the moment. Another problem is that namespaces for all those users have to be created. The patch does that in shared-storage.c when the shared storage is created. At this stage of development of the patch that works well enough, I think, but it might be better to update the namespaces whenever a list iterator is created. To avoid unnecessary coupling between the shared namespace code and the ACL plugin, the shared namespace code has a hook that it calls when it needs a list of all the users who may have mailboxes visible to the current user. The ACL plugin sets that hook and uses the dict to produce that list. This way, the ACL plugin depends on the shared namespace code but not the other way round and all the dict handling is in the ACL plugin. I'm not sure the new hook is really needed. The patch could perhaps just as well extend the acl_next_hook_mail_storage_created and acl_next_hook_mailbox_list_created functions to do the namespace creation when they're called for a shared storage or mailbox list. Problems: All of my tests so far involved a shared namespace of the form namespace shared { separator = / prefix = users/%%u/ location = maildir:.../var/mail/%%u:... subscriptions = no list = yes hidden = no } Also, let's assume two users, ford and arthur with ford's "INBOX/hhgttg" available to arthur as "users/ford/INBOX/hhgttg". Arthur may not list ford's INBOX, though. In the following the current user is always arthur. I found the following problems: - LIST response includes namespaces the user doesn't really have access to. E.g. if there's another user, zaphod who's made some mailbox available to somebody else, but not arthur, arthur still sees * LIST (\Noselect \HasChildren) "/" "users/zaphod" Not sure it's worth fixing this, though. - List with "%" doesn't list all intermediate mailboxes. On the one hand arthur sees this: x LIST "" "*" ... * LIST (\Noselect \HasChildren) "/" "users/ford" * LIST (\HasNoChildren) "/" "users/ford/INBOX/hhgttg" x OK List completed. OTOH, with "%" only this: x LIST "" "users/ford/%" x OK List completed. cyrus shows x LIST "" "users/ford/%" * LIST (\Noselect \HasChildren) "/" "users/ford/INBOX" x OK List completed. At least Kontact resp. KMail rely on this. - The dovecot-acl-list is not always rebuilt, even when it should have been, AFAICT. In particular, if the file exists but is empty, it's never updated, even when ACL later change. Maybe this is a bug in the Kolab branch. Cheers, Bernhard -- Bernhard Herzog | ++49-541-335 08 30 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

2 16

[Dovecot] Bug in 1.1.4: New line required in ACL files
by sleeper-＠gmx.net 19 Nov '08

19 Nov '08

Hello, just wanted to notify you about a bug i found in 1.1.4 ACL handling: Global ACLs are ignored, when there is no line break (i.e. "owner lr" is ignored while "owner lr\n" works). I didn't track this down to see if the same happens for per-user ACLs, but it should be quite obvious in the source anyways. Regards -- Sensationsangebot nur bis 30.11: GMX FreeDSL - Telefonanschluss + DSL für nur 16,37 Euro/mtl.!* http://dsl.gmx.de/?ac=OM.AD.PD003K11308T4569a

2 1

[Dovecot] Mail.app & Subscriptions
by Neil 19 Nov '08

19 Nov '08

Client: Mail.app v.3.5 Server: Dovecot 1.1.6 I've noticed that when I go to "Account Info" in Mail.app, and then to the "Subscription List" tab, Mail.app will spin for a bit, and then give up, without showing any folders and all the buttons are grayed out. Does anyone know if this a Mail.app issue or a Dovecot issue, if there're any work-arounds, and/or if this is something I should be concerned about? Thanks, Neil.

2 1

[Dovecot] Password authentication and character set
by Fredrik Grönqvist 19 Nov '08

19 Nov '08

Hi, I've searched in the wiki and in the mailinglist archives but haven't found anything about password character sets within the dovecot authentication deamon. My problem is that we have users with passwords containing scandinavian characters (äöå, umlauts) and the debug log shows that different clients send the password in different charsets. The passwords are stored in a Mysql table, if that makes any difference. Outlook Express with LATIN 1 (ISO-8859-1): Nov 18 16:56:39 resilar dovecot: auth-worker(default): sql(fgr-1,193.64.206.190): Password mismatch Nov 18 16:56:39 resilar dovecot: auth-worker(default): sql(fgr-1,193.64.206.190): MD5(<E4><E4>kk<F6>si<E4>) != '$1$xMPPHRdL$I0mrlPi5FMtwauSf20vjz0' MacMail UTF8: Nov 18 17:23:37 resilar dovecot: auth-worker(default): sql(fgr-1,193.64.206.190): Password mismatch Nov 18 17:23:37 resilar dovecot: auth-worker(default): sql(fgr-1,193.64.206.190): MD5(ääkkösiä12) != '$1$xMPPHRdL$I0mrlPi5FMtwauSf20vjz0' Is there a setting that "forces" the authentication daemon to convert the provided password to a specific charset before the comparison takes place, or how should one handle this? dovecot -n # 1.1.4: /etc/dovecot/dovecot.conf log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 pop3s managesieve ssl_cert_file: /etc/ssl/certs/mail.crt ssl_key_file: /etc/ssl/private/mail.key ssl_cipher_list: ALL:!LOW disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login login_greeting: mail ready. login_process_per_connection: no mail_privileged_group: mail mail_location: maildir:~/mail mail_debug: yes mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): delay-newmail outlook-idle imap_client_workarounds(imap): delay-newmail outlook-idle imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): sieve_storage(default): sieve_storage(imap): sieve_storage(pop3): sieve_storage(managesieve): ~/ sieve(default): sieve(imap): sieve(pop3): sieve(managesieve): ~/.dovecot.sieve auth default: mechanisms: plain login username_chars: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@+ verbose: yes debug: yes debug_passwords: yes worker_max_count: 50 passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: prefetch userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail plugin: quota: maildir Chears Fredrik -- ------------------------------------------------------------------------ Fredrik Grönqvist ------------------------------------------------------------------------

3 13

[Dovecot] pam_start() failed: system error
by Peter Orlowski 18 Nov '08

18 Nov '08

Hi, I'm using dovecot 1.1.3 on FreeBSD 6.3, x86, files are on NFS, except control and index files, which are local, on UFS2. It's moderately loaded, there are usually not more than 30 clients simultaneously. dovecot runs fine for 3-10 days, then people can't connect any more, and dovecot says: Nov 18 13:20:44 dizzy dovecot-auth: pam_ldap: ldap_simple_bind Can't contact LDAP server Nov 18 13:20:44 dizzy dovecot-auth: pam_ldap: reconnecting to LDAP server... Nov 18 13:20:44 dizzy dovecot-auth: pam_ldap: ldap_simple_bind Can't contact LDAP server Nov 18 13:20:44 dizzy dovecot-auth: pam_ldap: ldap_simple_bind Can't contact LDAP server Nov 18 13:20:44 dizzy dovecot-auth: pam_ldap: ldap_simple_bind Can't contact LDAP server Nov 18 13:21:46 dizzy dovecot: auth-worker(default): pam(xxxx,xxx.xxx.xxx.xxx): pam_start() failed: system error Nov 18 13:21:46 dizzy dovecot-auth: in openpam_load_module(): no pam_permit.so found Nov 18 13:22:12 dizzy dovecot-auth: in openpam_load_module(): no pam_login_access.so found Nov 18 13:22:31 dizzy dovecot-auth: in openpam_load_module(): no pam_unix.so found Nov 18 13:22:42 dizzy dovecot-auth: in openpam_load_module(): no /usr/local/lib/pam_ldap.so found After restarting dovecot things are back to normal. I have tried different settings for worker_max_count, and I had blocking=no in the passdb config until a few day ago; changing that didn't help either. Here's my current config: # 1.1.3: /usr/local/etc/dovecot.conf protocols: imaps pop3s ssl_cert_file: /etc/ssl/certs/mailitp-chain.pem ssl_key_file: /etc/ssl/certs/mailkey2.pem login_dir: /var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login verbose_proctitle: yes first_valid_gid: 0 mail_privileged_group: mail mail_location: mbox:~/mail/:INDEX=/srv/dovecot/indexes/%u.oldmail:INBOX=/var/mail/%u mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_plugins(default): zlib mail_plugins(imap): zlib mail_plugins(pop3): mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh namespace: type: private separator: / prefix: NEWmail/ location: maildir:~/Maildir/:INDEX=/srv/dovecot/indexes/%u:CONTROL=/srv/dovecot/control/%u list: yes subscriptions: yes namespace: type: private separator: / location: mbox:~/mail/:INBOX=/var/mail/%u:INDEX=/srv/dovecot/indexes/%u.oldmail:CONTROL=/srv/dovecot/control/%u.oldmail inbox: yes list: yes subscriptions: yes auth default: worker_max_count: 20 passdb: driver: pam args: blocking=yes userdb: driver: passwd Greetings, -- Peter Orlowski

2 2

[Dovecot] MESSAGE Quota not RFC2087 compliant
by Braun, Martin 18 Nov '08

18 Nov '08

Hi, the configuration of my Dovecot 1.1.3 quota plugin looks like this: quota_rule = *:storage=1G quota_rule2 = *:messages=1337 this leads to the following GETQUOTAROOT response: 01 GETQUOTAROOT INBOX * QUOTAROOT "INBOX" "mbraun quota" * QUOTA "mbraun quota" (STORAGE 6553 1048576 MESSAGES 122 1337) 01 OK Getquotaroot completed. RFC2087 (http://www.faqs.org/rfcs/rfc2087.html) describes the response like as: STORAGE: Sum of messages' RFC822.SIZE, in units of 1024 octets MESSAGE: Number of messages As you can see, the response "MESSAGES" differs from the specified "MESSAGE" which leads to parsing issues on RFC compliant IMAP client implementations. Using *:message=1337 throws a configuration error on Dovecot startup. dovecot-1.1.6/src/plugins/quota/quota.h /* Number of messages. */ #define QUOTA_NAME_MESSAGES "MESSAGES" Greetings, Martin

2 1

[Dovecot] [PATCH] dovecot-1.2: fix build with Sun C compiler
by Andrey Panin 18 Nov '08

18 Nov '08

This small patch fixes dovecot-1.2 build with Sun C compiler.

1 0

[Dovecot] ManageSieve SECURITY hole: virtual users can edit scripts of other virtual users (all versions)
by Stephan Bosch 17 Nov '08

17 Nov '08

Hello, While updating the ManageSieve implementation to the latest draft specification I noticed a major omission in the way script names are handled. Essentially, script names are directly appended to the sieve storage directory path and suffixed with '.sieve'. This does not take the use of '../' in script names into account. Therefore, clever virtual users that know the directory structure of the server can read and edit script files of other virtual users with the same system uid. The added '.sieve' suffix prevents further security breach, because only sieve scripts are accessible this way. Note that of course any publicly accessible sieve script is also affected. I am sorry to report that this bug was introduced pretty much from the start, meaning that all versions of the ManageSieve patch/package are affected. To quickly resolve this issue, I provide patches against the existing releases and I release new versions for Dovecot v1.1 through v1.2. The security patches against the existing releases are very small and should therefore also apply to older versions or can be adjusted to apply cleanly with relative ease. The security patches are available as follows: http://www.rename-it.nl/dovecot/1.0/dovecot-1.0.15-managesieve-v9.3-securit… http://www.rename-it.nl/dovecot/1.0/dovecot-1.0.15-managesieve-v9.3-securit… http://www.rename-it.nl/dovecot/1.1/dovecot-1.1-managesieve-0.10.3-security… http://www.rename-it.nl/dovecot/1.1/dovecot-1.1-managesieve-0.10.3-security… http://www.rename-it.nl/dovecot/1.2/dovecot-1.2-managesieve-0.11.0-security… http://www.rename-it.nl/dovecot/1.2/dovecot-1.2-managesieve-0.11.0-security… The security patch for v1.0 is applied against the patched Dovecot tree, while patches for v1.1 and v1.2 are applied against the ManageSieve package. The new releases are available as follows (v1.1 and v1.2 versions have additional changes, read the NEWS files for more info): http://www.rename-it.nl/dovecot/1.0/dovecot-1.0.15-MANAGESIEVE-v9.4.diff.gz http://www.rename-it.nl/dovecot/1.0/dovecot-1.0.15-MANAGESIEVE-v9.4.diff.gz… http://www.rename-it.nl/dovecot/1.1/dovecot-1.1-managesieve-0.10.4.tar.gz http://www.rename-it.nl/dovecot/1.1/dovecot-1.1-managesieve-0.10.4.tar.gz.s… http://www.rename-it.nl/dovecot/1.2/dovecot-1.2-managesieve-0.11.1.tar.gz http://www.rename-it.nl/dovecot/1.2/dovecot-1.2-managesieve-0.11.1.tar.gz.s… Refreshed ManageSieve patches for v1.1 and v1.2 are available to avoid confusion, but an existing patched Dovecot should work fine. I hope package maintainers will quickly incorporate the security patches to get rid of this stupidity as soon as possible. Don't hesitate to notify me when there are problems! Regards, -- Stephan Bosch stephan(a)rename-it.nl

1 0

[Dovecot] Dovecot error with Symbian mail client
by jeeger＠thenybble.de 17 Nov '08

17 Nov '08

Greetings list, I have recently acquired an Nokia E71 (which comes with Symbian 3rd edition, feature pack 3 I believe). Accessing my emails has worked before, but now, I cannot connect to the mail server any longer. If I enable verbose_ssl, I get the following error in the log: SSL_accept() failed: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message [141.84.69.67] I cannot access my mail, the dialog just closes and the wireless connection ends. I am using dovecot version 1.0.13 and my config is # 1.0.13: /etc/dovecot/dovecot.conf log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps ssl_cert_file: /etc/dovecot/dovecot.crt ssl_key_file: /etc/dovecot/dovecot.pem verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login auth default: passdb: driver: pam userdb: driver: passwd Thanks for your answers! Regards, Jan Seeger PS: I have tested the symbian client with gmail, and it works. So the problem is probably a bug in the communication between the symbian client and dovecot.

7 8