[Dovecot] submission_host problem
Hello,
I configured dovecot to use submission smtp host becouse of chroot.
submission_host = 127.0.0.1
Unfortunatelly:
Nov 12 05:11:15 myhost exim[23366]: 2011-11-12 05:11:15 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "EHLO myhost" H=localhost [127.0.0.1] next input="MAIL FROM:root@myhost\\r\\n" Nov 12 05:11:15 myhost exim[23366]: 2011-11-12 05:11:15 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "EHLO myhost" H=localhost [127.0.0.1] next input="MAIL FROM:root@myhost\\r\\n" Nov 12 05:11:15 myhost dovecot: lda(alias@apisoft.pl): Error: smtp(127.0.0.1): RCPT TO failed: 554 SMTP synchronization error Nov 12 05:11:15 myhost dovecot: lda(alias@apisoft.pl): Error: sieve: msgid=E1RP4uv-00043S-L7@myhost: failed to redirect message to bambero@gmail.com (refer to server log for more information)
Does anyone know how to fix it ?
Regards, Bambero
On Sat, 2011-11-12 at 05:32 +0100, Bambero wrote:
I configured dovecot to use submission smtp host becouse of chroot.
submission_host = 127.0.0.1
Unfortunatelly:
Nov 12 05:11:15 myhost exim[23366]: 2011-11-12 05:11:15 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "EHLO myhost" H=localhost [127.0.0.1] next input="MAIL FROM:root@myhost\\r\\n"
This basically says that Dovecot's SMTP client is being noncompliant, because Exim doesn't advertise PIPELINING extension. But I'd rather not add more code to fix this, since PIPELINING gives you a little bit better performance anyway and you can most likely fix this by modifying Exim's configs in some way (I can't believe Exim wouldn't support PIPENING..).
On Tue, Nov 15, 2011 at 8:49 PM, Timo Sirainen tss@iki.fi wrote:
On Sat, 2011-11-12 at 05:32 +0100, Bambero wrote:
I configured dovecot to use submission smtp host becouse of chroot.
submission_host = 127.0.0.1
Unfortunatelly:
Nov 12 05:11:15 myhost exim[23366]: 2011-11-12 05:11:15 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "EHLO myhost" H=localhost [127.0.0.1] next input="MAIL FROM:root@myhost\\r\\n"
This basically says that Dovecot's SMTP client is being noncompliant, because Exim doesn't advertise PIPELINING extension. But I'd rather not add more code to fix this, since PIPELINING gives you a little bit better performance anyway and you can most likely fix this by modifying Exim's configs in some way (I can't believe Exim wouldn't support PIPENING..).
Thanks for your reply. Indeed exim supports PIPELINING by default:
# telnet mail.apisoft.pl 25 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 zeus.apisoft.pl ESMTP Exim 4.76 Wed, 16 Nov 2011 14:55:25 +0100 EHLO test 250-zeus.apisoft.pl Hello localhost [127.0.0.1] 250-SIZE 52428800 250-PIPELINING 250-AUTH LOGIN PLAIN CRAM-MD5 DIGEST-MD5 250-STARTTLS 250 HELP
and PIPELINING seems to work fine. But maybe there is a problem with smtp dialog between dovecot and exim.
On Wed, 2011-11-16 at 15:00 +0100, Bambero wrote:
Nov 12 05:11:15 myhost exim[23366]: 2011-11-12 05:11:15 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "EHLO myhost" H=localhost [127.0.0.1] next input="MAIL FROM:root@myhost\\r\\n"
This basically says that Dovecot's SMTP client is being noncompliant, because Exim doesn't advertise PIPELINING extension. But I'd rather not add more code to fix this, since PIPELINING gives you a little bit better performance anyway and you can most likely fix this by modifying Exim's configs in some way (I can't believe Exim wouldn't support PIPENING..).
Thanks for your reply. Indeed exim supports PIPELINING by default:
Oh. Well, see if the attached patch helps? If it does, I'll add it to next version.
On Wed, Nov 16, 2011 at 3:37 PM, Timo Sirainen tss@iki.fi wrote:
On Wed, 2011-11-16 at 15:00 +0100, Bambero wrote:
Nov 12 05:11:15 myhost exim[23366]: 2011-11-12 05:11:15 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "EHLO myhost" H=localhost [127.0.0.1] next input="MAIL FROM:root@myhost\\r\\n"
This basically says that Dovecot's SMTP client is being noncompliant, because Exim doesn't advertise PIPELINING extension. But I'd rather not add more code to fix this, since PIPELINING gives you a little bit better performance anyway and you can most likely fix this by modifying Exim's configs in some way (I can't believe Exim wouldn't support PIPENING..).
Thanks for your reply. Indeed exim supports PIPELINING by default:
Oh. Well, see if the attached patch helps? If it does, I'll add it to next version.
Thanks a lot it almost helped. But now there is another problem: Nov 16 17:13:45 zeus exim[10613]: 2011-11-16 17:13:45 1RQi7C-0001lG-BX ** test@apisoft.pl R=localuser T=local_delivery: Child process of local_delivery transport (running command "/usr/local/libexec/dovecot/dovecot-lda -d $local_part@$domain -f $sender_address -a $original_local_part@$original_domain") was terminated by signal 11 (Segmentation fault)
But it anly appear if user has .sieve filter with mail redirection (uses submission_host)
On Wed, 2011-11-16 at 17:28 +0100, Bambero wrote:
Thanks a lot it almost helped. But now there is another problem: Nov 16 17:13:45 zeus exim[10613]: 2011-11-16 17:13:45 1RQi7C-0001lG-BX ** test@apisoft.pl R=localuser T=local_delivery: Child process of local_delivery transport (running command "/usr/local/libexec/dovecot/dovecot-lda -d $local_part@$domain -f $sender_address -a $original_local_part@$original_domain") was terminated by signal 11 (Segmentation fault)
But it anly appear if user has .sieve filter with mail redirection (uses submission_host)
It's difficult to debug crashes without gdb backtrace. But since you're running in a strange chrooted environment, it may be difficult to get a core file..
Probably the easiest way would be if you apply the attached patch, then try to deliver a mail that causes this crash (and no other mails), and attach gdb into the process during the 10 second wait:
gdb -p pidof dovecot-lda
cont
<wait for crash>
bt full
On Wed, Nov 16, 2011 at 5:38 PM, Timo Sirainen tss@iki.fi wrote:
On Wed, 2011-11-16 at 17:28 +0100, Bambero wrote:
Thanks a lot it almost helped. But now there is another problem: Nov 16 17:13:45 zeus exim[10613]: 2011-11-16 17:13:45 1RQi7C-0001lG-BX ** test@apisoft.pl R=localuser T=local_delivery: Child process of local_delivery transport (running command "/usr/local/libexec/dovecot/dovecot-lda -d $local_part@$domain -f $sender_address -a $original_local_part@$original_domain") was terminated by signal 11 (Segmentation fault)
But it anly appear if user has .sieve filter with mail redirection (uses submission_host)
It's difficult to debug crashes without gdb backtrace. But since you're running in a strange chrooted environment, it may be difficult to get a core file..
Probably the easiest way would be if you apply the attached patch, then try to deliver a mail that causes this crash (and no other mails), and attach gdb into the process during the 10 second wait:
gdb -p
pidof dovecot-ldacont <wait for crash> bt full
Can you see something here:
gdb -p pgrep dovecot-lda
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-unknown-openbsd5.0".
Attaching to process 4118
0x030e6719 in ?? ()
(gdb) cont
Continuing.
Program received signal SIGSEGV, Segmentation fault. 0x0c96c825 in ?? () (gdb) bt full #0 0x0c96c825 in ?? () No symbol table info available. #1 0x7dfa61c0 in ?? () No symbol table info available. #2 0x00000001 in ?? () No symbol table info available. #3 0x00000001 in ?? () No symbol table info available. #4 0x00000002 in ?? () No symbol table info available. #5 0x2665d31c in ?? () No symbol table info available. #6 0x2665d31c in ?? () No symbol table info available. #7 0xcfbe13e8 in ?? () No symbol table info available. #8 0x0665fd79 in ?? () No symbol table info available. #9 0x00000000 in ?? () No symbol table info available. (gdb) quit The program is running. Quit anyway (and detach it)? (y or n) y Detaching from program: , process 4118
On Wed, Nov 16, 2011 at 8:25 PM, Bambero bambero@gmail.com wrote:
On Wed, Nov 16, 2011 at 5:38 PM, Timo Sirainen tss@iki.fi wrote:
On Wed, 2011-11-16 at 17:28 +0100, Bambero wrote:
Thanks a lot it almost helped. But now there is another problem: Nov 16 17:13:45 zeus exim[10613]: 2011-11-16 17:13:45 1RQi7C-0001lG-BX ** test@apisoft.pl R=localuser T=local_delivery: Child process of local_delivery transport (running command "/usr/local/libexec/dovecot/dovecot-lda -d $local_part@$domain -f $sender_address -a $original_local_part@$original_domain") was terminated by signal 11 (Segmentation fault)
But it anly appear if user has .sieve filter with mail redirection (uses submission_host)
It's difficult to debug crashes without gdb backtrace. But since you're running in a strange chrooted environment, it may be difficult to get a core file..
Probably the easiest way would be if you apply the attached patch, then try to deliver a mail that causes this crash (and no other mails), and attach gdb into the process during the 10 second wait:
gdb -p
pidof dovecot-ldacont <wait for crash> bt fullCan you see something here:
gdb -p
pgrep dovecot-ldaGNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-unknown-openbsd5.0". Attaching to process 4118 0x030e6719 in ?? () (gdb) cont Continuing.Program received signal SIGSEGV, Segmentation fault. 0x0c96c825 in ?? () (gdb) bt full #0 0x0c96c825 in ?? () No symbol table info available. #1 0x7dfa61c0 in ?? () No symbol table info available. #2 0x00000001 in ?? () No symbol table info available. #3 0x00000001 in ?? () No symbol table info available. #4 0x00000002 in ?? () No symbol table info available. #5 0x2665d31c in ?? () No symbol table info available. #6 0x2665d31c in ?? () No symbol table info available. #7 0xcfbe13e8 in ?? () No symbol table info available. #8 0x0665fd79 in ?? () No symbol table info available. #9 0x00000000 in ?? () No symbol table info available. (gdb) quit The program is running. Quit anyway (and detach it)? (y or n) y Detaching from program: , process 4118
I forgot to say that mails are delivered using SMTP so submission_host works, mails are strored i destination mailbox too. Only this Segmentation Fault ...
On Wed, 2011-11-16 at 20:25 +0100, Bambero wrote:
Can you see something here:
No, the "??" isn't very helpful.
gdb -p
pgrep dovecot-ldaThis GDB was configured as "i386-unknown-openbsd5.0".
Oh, this is OpenBSD. Try if this works instead:
gdb /usr/local/libexec/dovecot/dovecot-lda pgrep dovecot-lda
If it still gives only "??" output, that didn't work either..
On Tue, Nov 15, 2011 at 09:49:20PM +0200, Timo Sirainen wrote:
On Sat, 2011-11-12 at 05:32 +0100, Bambero wrote:
I configured dovecot to use submission smtp host becouse of chroot.
submission_host = 127.0.0.1
Unfortunatelly:
Nov 12 05:11:15 myhost exim[23366]: 2011-11-12 05:11:15 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "EHLO myhost" H=localhost [127.0.0.1] next input="MAIL FROM:root@myhost\\r\\n"
This basically says that Dovecot's SMTP client is being noncompliant, because Exim doesn't advertise PIPELINING extension. But I'd rather not add more code to fix this, since PIPELINING gives you a little bit better performance anyway and you can most likely fix this by modifying Exim's configs in some way (I can't believe Exim wouldn't support PIPENING..).
I have always interpreted the standard in the way that a client MUST NOT assume that the server supports pipelining before it has advertised PIPELINING. Since PIPELINING is only advertised after the client has identified itself as being ESMTP compliant by saying EHLO instead of HELO, I believe that the client MUST wait with his EHLO until the server has shown its banner.
Forcing synchronization is a very effective means of spam protection since most spam bots just blast away with EHLO, MAIL FROM without bothering to wait for the server's banner.
Greetings Marc
--
Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 31958061 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062
this and several other features are tools i use with tremendous success at battling spam. every MTA connection that violates protocol by making an assumption or posts invalid data for the SMTP phase, gets kicked off with a 421.
-david
On 11/16/2011 09:11 AM, Marc Haber wrote:
I have always interpreted the standard in the way that a client MUST NOT assume that the server supports pipelining before it has advertised PIPELINING. Since PIPELINING is only advertised after the client has identified itself as being ESMTP compliant by saying EHLO instead of HELO, I believe that the client MUST wait with his EHLO until the server has shown its banner. Forcing synchronization is a very effective means of spam protection since most spam bots just blast away with EHLO, MAIL FROM without bothering to wait for the server's banner. Greetings Marc
participants (4)
-
Bambero
-
David Ford
-
Marc Haber
-
Timo Sirainen