Hi!
Can you install dovecot-dbg to get debug symbols, open the core in gdb and run
bt full
Aki
On 30/03/2020 17:21 tim@linux-daus.de wrote:
Hi,
currently we deploying Dovecot as imap/pop3 proxy. Every few minutes some panic/assert occurred (we connect roughly 7k - 8k user at one imap proxy with a connection rate of 200/s).
We activate core dumps. Concerning the sensitive information in the dump we would prefer to not share the dump (e.g. i found our ssl private key in the dump).
Log/Stack trace:
Mar 30 15:54:06 imap16 dovecot: auth: Panic: file dns-lookup.c: line 371 (dns_client_lookup_common): assertion failed: (param != NULL && *param != '\0') Mar 30 15:54:06 imap16 dovecot: auth: Error: Raw backtrace: #0 t_askpass[0x7f27a219b5f0] -> #1 backtrace_append[0x7f27a219b860] -> #2 backtrace_get[0x7f27a219b9c0] -> #3 i_syslog_error_handler[0x7f27a21a6840] -> #4 i_syslog_fatal_handler[0x7f27a21a6970] -> #5 i_fatal[0x7f27a20fc3b7] -> #6 dns_client_connect[0x7f27a216ffb0] -> #7 dns_client_lookup[0x7f27a21702a0] -> #8 auth_request_proxy_finish[0x55c930e9b200] -> #9 auth_request_handler_reply[0x55c930e9cee0] -> #10 auth_policy_check[0x55c930e93a10] -> #11 auth_request_success[0x55c930e9bcf0] -> #12 auth_request_verify_plain_callback_finish[0x55c930e9a650] -> #13 auth_request_verify_plain_callback[0x55c930e9a7a0] -> #14 authdb_ldap_deinit[0x7f279faa9f10] -> #15 db_ldap_result_iterate_deinit[0x7f279faa7f70] -> #16 io_loop_call_io[0x7f27a21c0490] -> #17 io_loop_handler_run_internal[0x7f27a21c1e20] -> #18 io_loop_handler_run[0x7f27a21c05c0] -> #19 io_loop_run[0x7f27a21c0810] -> #20 master_service_run[0x7f27a212d5b0] -> #21 main[0x55c930 e8 dd10] -> #22 __libc_start_main[0x7f27a14901f0] -> #23 _start[0x55c930e8e2c0] -> #24 [no start/end information] Mar 30 15:54:06 imap16 dovecot: auth: Fatal: master: service(auth): child 6133 killed with signal 6 (core dumped)
Config:
# 2.3.9.2 (844fc8246): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.9 (db4e9a2f) # OS: Linux 4.9.0-12-amd64 x86_64 Debian 9.12 # Hostname: imap16.domain.de auth_default_realm = domain.de auth_failure_delay = 0 auth_mechanisms = plain login cram-md5 auth_username_format = %{if;%d;eq;domain.de;%n@olddomain.de;%u} auth_verbose = yes base_dir = /var/run/dovecot/ default_client_limit = 4096 default_internal_user = pop default_process_limit = 400 default_vsz_limit = 1 G doveadm_password = # hidden, use -P to show it first_valid_uid = 48 import_environment = TZ last_valid_uid = 48 login_trusted_networks = 192.168.11.0/24 mail_gid = pop mail_plugins = " mail_log notify zlib quota" mail_uid = pop passdb { args = /etc/dovecot/conf.d/dovecot-ldap-domain-proxy.conf.ext driver = ldap result_failure = return-fail result_success = continue-ok } passdb { args = allow_real_nets=192.168.11.0/24 driver = static result_failure = continue-ok } passdb { args = /etc/dovecot/conf.d/dovecot-ldap-domain-protocol-deny.conf.ext driver = ldap result_failure = return-ok result_success = return-fail } passdb { args = /etc/dovecot/passdb-domain-ldap-cram.conf.ext driver = ldap mechanisms = CRAM-MD5 result_failure = continue-fail result_success = continue-ok } passdb { args = /etc/dovecot/passdb-domain-ldap.conf.ext driver = ldap mechanisms = LOGIN,PLAIN result_failure = return-fail result_success = continue-ok } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size zlib_save = gz zlib_save_level = 6 } protocols = " imap pop3" service auth { unix_listener auth-client { group = dovecot_auth mode = 0660 user = $default_internal_user } } service doveadm { group = pop inet_listener { port = 12345 } user = pop } service imap-login { process_min_avail = 24 service_count = 0 } service pop3-login { process_min_avail = 24 service_count = 0 } ssl = required ssl_cert = </etc/ssl/certs/star_domain_de.crt ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it verbose_proctitle = yes