Failed running extprograms execute via socket - fatal recv(MSG_PEEK) failed disconnected
I switched from running my extprograms execute script directly to running with dovecot socket. Log shows only this
dovecot: lmtp(test@example.com): Debug: wdi0Tb5VPlGfPnEAM/SpMA: sieve: action execute: running program: test dovecot: lmtp(test@example.com): Debug: Namespace : Using permissions from /vmail/example.com/test: mode=0770 gid=default dovecot: script: Fatal: recv(MSG_PEEK) failed: disconnected
For testing I opened up the script and socket with permissions 777 but the error seems to indicate less about permissions more about some kind of protocol problem i guessing.
Sieve script calls using this:
execute "test";
Plugin config:
plugin { sieve_plugins = sieve_extprograms sieve_global_extensions = +vnd.dovecot.execute sieve_execute_socket_dir = sieve-execute sieve_before = /usr/local/etc/dovecot/sieve } service test { executable = script /usr/local/etc/dovecot/sieve_globals/test.sh unix_listener sieve-execute/test { mode = 0660 group = vmail } }
FYI I have quota-warning sockets configured identical to this and they work good.
Dovecot 2.2.16 Pigeonhole 0.4.7
Help appreciate a lot.
I switched from running my extprograms execute script directly to running with dovecot socket. Log shows only this
dovecot: lmtp(test@example.com): Debug: wdi0Tb5VPlGfPnEAM/SpMA: sieve: action execute: running program: test dovecot: lmtp(test@example.com): Debug: Namespace : Using permissions from /vmail/example.com/test: mode=0770 gid=default dovecot: script: Fatal: recv(MSG_PEEK) failed: disconnected
For testing I opened up the script and socket with permissions 777 but the error seems to indicate less about permissions more about some kind of protocol problem i guessing.
No one can help? Is anybody using the Sieve extprograms execute via Dovecot socket service? I think my config is vanilla, no? All other Dovecot and Sieve things (including quota service scripts configured very similarly) work fine.
Taking a look at the code, the error seems to indicate that no input is available on the socket when Dovecot checks. Does my script need to behave differently? What exactly to do?
Should I just go back to direct execute? What's the difference anyway beside the user/permissions will be different?
Stephan? Anyone?
Sieve script calls using this:
execute "test";
Plugin config:
plugin { sieve_plugins = sieve_extprograms sieve_global_extensions = +vnd.dovecot.execute sieve_execute_socket_dir = sieve-execute sieve_before = /usr/local/etc/dovecot/sieve } service test { executable = script /usr/local/etc/dovecot/sieve_globals/test.sh unix_listener sieve-execute/test { mode = 0660 group = vmail } }
FYI I have quota-warning sockets configured identical to this and they work good.
Dovecot 2.2.16 Pigeonhole 0.4.7
Help appreciate a lot.
On 4/30/2015 8:50 PM, E.B. wrote:
I switched from running my extprograms execute script directly to running with dovecot socket. Log shows only this
dovecot: lmtp(test@example.com): Debug: wdi0Tb5VPlGfPnEAM/SpMA: sieve: action execute: running program: test dovecot: lmtp(test@example.com): Debug: Namespace : Using permissions from /vmail/example.com/test: mode=0770 gid=default dovecot: script: Fatal: recv(MSG_PEEK) failed: disconnected
For testing I opened up the script and socket with permissions 777 but the error seems to indicate less about permissions more about some kind of protocol problem i guessing. No one can help? Is anybody using the Sieve extprograms execute via Dovecot socket service? I think my config is vanilla, no? All other Dovecot and Sieve things (including quota service scripts configured very similarly) work fine.
Taking a look at the code, the error seems to indicate that no input is available on the socket when Dovecot checks. Does my script need to behave differently? What exactly to do?
Should I just go back to direct execute? What's the difference anyway beside the user/permissions will be different?
Stephan? Anyone?
Will look at this later this week.
Regards,
Stephan.
On 4/30/2015 8:50 PM, E.B. wrote:
I switched from running my extprograms execute script directly to running with dovecot socket. Log shows only this
dovecot: lmtp(test@example.com): Debug: wdi0Tb5VPlGfPnEAM/SpMA: sieve: action execute: running program: test dovecot: lmtp(test@example.com): Debug: Namespace : Using permissions from /vmail/example.com/test: mode=0770 gid=default dovecot: script: Fatal: recv(MSG_PEEK) failed: disconnected
For testing I opened up the script and socket with permissions 777 but the error seems to indicate less about permissions more about some kind of protocol problem i guessing. No one can help? Is anybody using the Sieve extprograms execute via Dovecot socket service? I think my config is vanilla, no? All other Dovecot and Sieve things (including quota service scripts configured very similarly) work fine.
Taking a look at the code, the error seems to indicate that no input is available on the socket when Dovecot checks. Does my script need to behave differently? What exactly to do?
Should I just go back to direct execute? What's the difference anyway beside the user/permissions will be different?
Stephan? Anyone?
Last two changes should fix this:
http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/05f8ce7b5c2e http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/1eb0362461f0
Regards,
Stephan.
I switched from running my extprograms execute script directly to running with dovecot socket. Log shows only this
dovecot: lmtp(test@example.com): Debug: wdi0Tb5VPlGfPnEAM/SpMA: sieve: action execute: running program: test dovecot: lmtp(test@example.com): Debug: Namespace : Using permissions from /vmail/example.com/test: mode=0770 gid=default dovecot: script: Fatal: recv(MSG_PEEK) failed: disconnected
For testing I opened up the script and socket with permissions 777 but the error seems to indicate less about permissions more about some kind of protocol problem i guessing. No one can help? Is anybody using the Sieve extprograms execute via Dovecot socket service? I think my config is vanilla, no? All other Dovecot and Sieve things (including quota service scripts configured very similarly) work fine.
Taking a look at the code, the error seems to indicate that no input is available on the socket when Dovecot checks. Does my script need to behave differently? What exactly to do?
Should I just go back to direct execute? What's the difference anyway beside the user/permissions will be different?
Stephan? Anyone?
Last two changes should fix this:
Not yet -- this may be unrelated(?) but here is what I have after installing the newest source package:
Error: Couldn't load required plugin /usr/local/lib/dovecot/lib90_sieve_plugin.so: dlopen() failed: /usr/local/lib/dovecot/lib90_sieve_plugin.so: undefined symbol: mail_deliver_ctx_get_log_var_expand_table
Help?
Last two changes should fix this:
Not yet -- this may be unrelated(?) but here is what I have after installing the newest source package:
Error: Couldn't load required plugin /usr/local/lib/dovecot/lib90_sieve_plugin.so: dlopen() failed: /usr/local/lib/dovecot/lib90_sieve_plugin.so: undefined symbol: mail_deliver_ctx_get_log_var_expand_table
Oh i guessing this requires the newest Dovecot source too (maybe you should put notice on the wiki that extprograms run-via-socket is broken until a new release?)
After installed newest Dovecot and Sieve, I getting this:
dovecot: lmtp(test@example.com): Debug: auth input: dovecot: lmtp(testl@example.com): Fatal: master: service(lmtp): child 7033 killed with signal 11 (core dumps disabled)
With set mail_debug=yes doesn't give anything else of interesting for this.
On 5/5/2015 8:39 AM, E.B. wrote:
Last two changes should fix this:
Not yet -- this may be unrelated(?) but here is what I have after installing the newest source package:
Error: Couldn't load required plugin /usr/local/lib/dovecot/lib90_sieve_plugin.so: dlopen() failed: /usr/local/lib/dovecot/lib90_sieve_plugin.so: undefined symbol: mail_deliver_ctx_get_log_var_expand_table Oh i guessing this requires the newest Dovecot source too (maybe you should put notice on the wiki that extprograms run-via-socket is broken until a new release?)
After installed newest Dovecot and Sieve, I getting this:
dovecot: lmtp(test@example.com): Debug: auth input: dovecot: lmtp(testl@example.com): Fatal: master: service(lmtp): child 7033 killed with signal 11 (core dumps disabled)
With set mail_debug=yes doesn't give anything else of interesting for this.
Could you create a backtrace (from core dump; http://www.dovecot.org/bugreport.html)?
Regards,
Stephan.
Last two changes should fix this:
Not yet -- this may be unrelated(?) but here is what I have after installing the newest source package:
Error: Couldn't load required plugin /usr/local/lib/dovecot/lib90_sieve_plugin.so: dlopen() failed: /usr/local/lib/dovecot/lib90_sieve_plugin.so: undefined symbol: mail_deliver_ctx_get_log_var_expand_table
Oh i guessing this requires the newest Dovecot source too (maybe you should put notice on the wiki that extprograms run-via-socket is broken until a new release?)
After installed newest Dovecot and Sieve, I getting this:
dovecot: lmtp(test@example.com): Debug: auth input: dovecot: lmtp( testl@example.com): Fatal: master: service(lmtp): child 7033 killed with signal 11 (core dumps disabled)
With set mail_debug=yes doesn't give anything else of interesting for this.
Sorrys. I decided to "make clean" and do new "./configure" "make" and "make install" for dovecot first, then pigeonhole to make sure nothing is off. After I do that I get same original error:
dovecot: script: Fatal: recv(MSG_PEEK) failed: disconnected
I went to go verifying in dovecot-pigeonhole that the two new patches are there by manual inspect the source files you patched. I found only the first one, not http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/1eb0362461f0 maybe this because I downloaded a snap shot link at the top that wasn't built with the 2nd change?
I put 2nd change in manually (its only one liner) rebuilded and after install..... same error with recv(MSG_PEEK)
Thanks for ongoing help
E.B. schreef op 5-5-2015 om 9:40:
Last two changes should fix this:
Not yet -- this may be unrelated(?) but here is what I have after installing the newest source package:
Error: Couldn't load required plugin /usr/local/lib/dovecot/lib90_sieve_plugin.so: dlopen() failed: /usr/local/lib/dovecot/lib90_sieve_plugin.so: undefined symbol: mail_deliver_ctx_get_log_var_expand_table Oh i guessing this requires the newest Dovecot source too (maybe you should put notice on the wiki that extprograms run-via-socket is broken until a new release?)
After installed newest Dovecot and Sieve, I getting this:
dovecot: lmtp(test@example.com): Debug: auth input: dovecot: lmtp( testl@example.com): Fatal: master: service(lmtp): child 7033 killed with signal 11 (core dumps disabled)
With set mail_debug=yes doesn't give anything else of interesting for this. Sorrys. I decided to "make clean" and do new "./configure" "make" and "make install" for dovecot first, then pigeonhole to make sure nothing is off. After I do that I get same original error:
dovecot: script: Fatal: recv(MSG_PEEK) failed: disconnected
I went to go verifying in dovecot-pigeonhole that the two new patches are there by manual inspect the source files you patched. I found only the first one, not http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/1eb0362461f0 maybe this because I downloaded a snap shot link at the top that wasn't built with the 2nd change?
I put 2nd change in manually (its only one liner) rebuilded and after install..... same error with recv(MSG_PEEK) Did you restart Dovecot?
Also, can you try running the script through sieve-test -D -t - -Tlevel=matching (see man page).
Regards,
Stephan.
Last two changes should fix this:
Not yet -- this may be unrelated(?) but here is what I have after installing the newest source package:
Error: Couldn't load required plugin /usr/local/lib/dovecot/lib90_sieve_plugin.so: dlopen() failed: /usr/local/lib/dovecot/lib90_sieve_plugin.so: undefined symbol: mail_deliver_ctx_get_log_var_expand_table Oh i guessing this requires the newest Dovecot source too (maybe you should put notice on the wiki that extprograms run-via-socket is broken until a new release?)
After installed newest Dovecot and Sieve, I getting this:
dovecot: lmtp(test@example.com): Debug: auth input: dovecot: lmtp( testl@example.com): Fatal: master: service(lmtp): child 7033 killed with signal 11 (core dumps disabled)
With set mail_debug=yes doesn't give anything else of interesting for this. Sorrys. I decided to "make clean" and do new "./configure" "make" and "make install" for dovecot first, then pigeonhole to make sure nothing is off. After I do that I get same original error:
dovecot: script: Fatal: recv(MSG_PEEK) failed: disconnected
I went to go verifying in dovecot-pigeonhole that the two new patches are there by manual inspect the source files you patched. I found only the first one, not http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/1eb0362461f0 maybe this because I downloaded a snap shot link at the top that wasn't built with the 2nd change?
I put 2nd change in manually (its only one liner) rebuilded and after install..... same error with recv(MSG_PEEK)
Did you restart Dovecot?
Yes. One more restart now to make sure.
Also, can you try running the script through
sieve-test -D -t - -Tlevel=matching(see man page).
I cannot make this working. I'm logg in as unix user "adm" and the sieve-test thinks that is the user it's delivering to?? I tried to tell the recipient with both -a and -r and I put hard-coded -l mail location but output still showing it wants to deliver to mailbox for "adm" user. Also mail file has To: header with the correct recipient but doesn't help. Users are virtual I cant logg in as the correct recipient to run sieve-test. What do I do?
E.B. schreef op 5-5-2015 om 9:40:
Sorrys. I decided to "make clean" and do new "./configure" "make" and "make install" for dovecot first, then pigeonhole to make sure nothing is off. After I do that I get same original error:
dovecot: script: Fatal: recv(MSG_PEEK) failed: disconnected
I went to go verifying in dovecot-pigeonhole that the two new patches are there by manual inspect the source files you patched. I found only the first one, not http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/1eb0362461f0 maybe this because I downloaded a snap shot link at the top that wasn't built with the 2nd change?
I put 2nd change in manually (its only one liner) rebuilded and after install..... same error with recv(MSG_PEEK)
Thanks for ongoing help
Argh! Ok, that fix was a bit incomplete still:
http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/89e0cef5b264
I wonder why my test didn't fail.
The extent of this bug is limited to using execute as a command (as opposed to using it as a test in an `if' statement) and not providing it with any input.
Regards,
Stephan.
I went to go verifying in dovecot-pigeonhole that the two new patches are there by manual inspect the source files you patched. I found only the first one, not http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/1eb0362461f0 maybe this because I downloaded a snap shot link at the top that wasn't built with the 2nd change?
I put 2nd change in manually (its only one liner) rebuilded and after install..... same error with recv(MSG_PEEK)
Thanks for ongoing help
Argh! Ok, that fix was a bit incomplete still:
http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/89e0cef5b264
Sorry I over-looking this. I just tested with this new fix. IT WORKS.
I wonder why my test didn't fail.
The extent of this bug is limited to using execute as a command (as opposed to using it as a test in an `if' statement) and not providing it with any input.
That's not matching to my environment. My script is calling execute within a if block but not as a test but it IS providing input (but not get any output if that matters)
if ... { execute :input "test input" "test"; }
Only thing still unsolved is my other thread don't know why the exectued script has no filesystem access? (like "touch /tmp/test" ignored no error)
Also is the only different between direct and socket execute that with socket I can run the script with more restricted owner and permissions? Are there other differences?
On 5/5/2015 9:28 PM, E.B. wrote:
I wonder why my test didn't fail.
The extent of this bug is limited to using execute as a command (as opposed to using it as a test in an `if' statement) and not providing it with any input. That's not matching to my environment. My script is calling execute within a if block but not as a test but it IS providing input (but not get any output if that matters)
if ... { execute :input "test input" "test"; }
Oh right, it happens when the script is not using the output of the external program. If execute is not a test and the output from the program is not used, there is no input stream to be read from the remote service. Discussing what is input and output in this context is highly confusing. :)
Only thing still unsolved is my other thread don't know why the exectued script has no filesystem access? (like "touch /tmp/test" ignored no error)
So far, I still haven't seen your full config from dovecot -n output.
Also is the only different between direct and socket execute that with socket I can run the script with more restricted owner and permissions? Are there other differences?
Either side could be run in a different chroot, if any.
Some of the environment variables such as SENDER and RECIPIENT are not available in the service (that is a TODO item).
Regards,
Stephan.
Only thing still unsolved is my other thread don't know why the exectued script has no filesystem access? (like "touch /tmp/test" ignored no error)
See my other post. Problem is systemd PrivateTmp=true hides anything you do with /tmp from view by anyone else. Wondering if its in memory or stashed away somewhere i can see it on the CLI
participants (2)
-
E.B.
-
Stephan Bosch