On 19.7.2013, at 18.11, Peer Heinlein p.heinlein@heinlein-support.de wrote:
looks like we detected a serious bug in dovecot's lmtp proxying where e-mails are delivered to the wrong user.
The setup is:
*) Dovecot is configured with "lmtp_proxy=yes"
# Support proxying to other LMTP/SMTP servers by performing passdb lookups. lmtp_proxy = yes
*) Postfix uses "dynamic recipient verification", so Postfix starts sending a (verify) mail by LMTP to dovecot, but quits the lmtp-session right after the RCPT TO:. No DATA-stage is reached in the protocol and no real e-mail is sent. But Postfix had a LMTP-connection for "user1".
*) Just some seconds later a "real" e-mail to "user2" has to be delivered to dovecot by LMTP. But Dovecot will deliver this mail to the wrong "user1" instead of "user2". Looks like dovecot re-uses the (still opened?) lmtp-proxy-connection from "user1" to deliver an e-mail to "user2".
As others mentioned, seeing what Postfix <-> Dovecot (and Dovecot proxy <-> Dovecot backend) talk to each others would help. I can't reproduce this in an easy way and the code looks correct also: All proxied connections are dropped on LHLO and RSET. The proxy connections also aren't being reused between different incoming LMTP connections.