I found imap core in coredump dir:

(gdb) bt #0 0x00000000004abdea in message_parse_header_next (ctx=0x79c150, hdr_r=0x7fffffffe478) at message-header-parser.c:114 #1 0x00000000004a8193 in read_header (mstream=0x795330) at istream-header-filter.c:162 #2 0x00000000004a84e7 in i_stream_header_filter_read (stream=0x795330) at istream-header-filter.c:288 #3 0x00000000004bc216 in i_stream_read (stream=0x795380) at istream.c:70 #4 0x00000000004bca0d in i_stream_read_data (stream=0x795380, data_r=0x7fffffffe5c0, size_r=0x7fffffffe5b8, threshold=0) at istream.c:283 #5 0x00000000004afbd7 in message_get_body_size (input=0x795380, body=0x7fffffffe610, has_nuls=0x0) at message-size.c:76 #6 0x0000000000421c5f in fetch_body_header_fields (ctx=0x75c130, mail=0x713048, body=0x75c640) at imap-fetch-body.c:458 #7 0x00000000004201a1 in imap_fetch_more (ctx=0x75c130) at imap-fetch.c:309 #8 0x0000000000420400 in imap_fetch (ctx=0x75c130) at imap-fetch.c:361 #9 0x0000000000417742 in cmd_fetch (cmd=0x75c048) at cmd-fetch.c:152 #10 0x000000000041c0c2 in cmd_uid (cmd=0x75c048) at cmd-uid.c:26 #11 0x000000000041d7b4 in client_command_input (cmd=0x75c048) at client.c:580 #12 0x000000000041d9f1 in client_command_input (cmd=0x75c048) at client.c:629 #13 0x000000000041db33 in client_handle_next_command (client=0x744180, remove_io_r=0x7fffffffe81d) at client.c:670 #14 0x000000000041db79 in client_handle_input (client=0x744180) at client.c:680 #15 0x000000000041dd14 in client_input (client=0x744180) at client.c:725 #16 0x00000000004c1669 in io_loop_handler_run (ioloop=0x71e140) at ioloop-kqueue.c:150 #17 0x00000000004c070b in io_loop_run (ioloop=0x71e140) at ioloop.c:320 #18 0x0000000000428e39 in main (argc=3, argv=0x7fffffffe978, envp=0x7fffffffe998) at main.c:293 (gdb) f 0 #0 0x00000000004abdea in message_parse_header_next (ctx=0x79c150, hdr_r=0x7fffffffe478) at message-header-parser.c:114 114 if (msg[0] == '\n' || (gdb) p msg[0] Cannot access memory at address 0x0

Lines in log file before crash: Sep 16 11:40:17 mailsupport deliver(spamhog): copy: uid=1, box=Dovecot Delivery Mail, dest=z_topshop, msgid=000801c917cf$0623e47b$693cbc80@nuwqn, size=19779 Sep 16 11:40:17 mailsupport deliver(spamhog): msgid=000801c917cf$0623e47b$693cbc80@nuwqn: saved mail to z_topshop Sep 16 11:40:17 mailsupport dovecot: IMAP(spamhog): Next message unexpectedly lost from 216637 Sep 16 11:40:17 mailsupport dovecot: IMAP(spamhog): Next message unexpectedly lost from 216637 Sep 16 11:40:17 mailsupport dovecot: child 33373 (imap) killed with signal 11

OS: FreeBSD 7.0-STABLE #0: Sun May 4 13:15:10 MSD 2008, amd64

mbox located on zfs silesystem.

related lines in dovecot -n output:

mmap_disable: yes mbox_write_locks: fcntl mbox_min_index_size: 1024 mail_plugins(imap): acl mail_log zlib

mail for this account stored in mbox:

user_query = SELECT uid, gid, home, mail FROM tbl_users WHERE login = '%Lu' AND home IS NOT NULL;

sqlite> SELECT uid, gid, home, mail FROM tbl_users WHERE login = 'spamhog' AND home IS NOT NULL; 8008|8008|/home/spamhog|mbox:~/mail

-- WBR, Anton Yuzhaninov