I'm seeing lots of: Jun 2 00:00:05 thebighonker exim[57437]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM IN) [52.40.16.7]:51339 I=[192.147.25.65]:465: 535 Incorrect authentication data (set_id=web) Jun 2 00:00:06 thebighonker exim[57439]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM IN) [52.40.16.7]:51363 I=[192.147.25.65]:465: 535 Incorrect authentication data (set_id=web) Jun 2 00:00:06 thebighonker exim[57438]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM IN) [52.40.16.7]:51355 I=[192.147.25.65]:465: 535 Incorrect authentication data (set_id=web) Jun 2 00:00:06 thebighonker exim[57443]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM IN) [52.40.16.7]:51385 I=[192.147.25.65]:465: 435 Unable to authenticate at present: authentication socket read error or premature e of Jun 2 00:00:06 thebighonker exim[57442]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM IN) [52.40.16.7]:51368 I=[192.147.25.65]:465: 435 Unable to authenticate at present: authentication socket read error or premature e of Jun 2 00:00:06 thebighonker exim[57441]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM IN) [52.40.16.7]:51361 I=[192.147.25.65]:465: 435 Unable to authenticate at present: authentication socket read error or premature e of Jun 2 00:00:06 thebighonker exim[57440]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM IN) [52.40.16.7]:51362 I=[192.147.25.65]:465: 435 Unable to authenticate at present: authentication socket read error or premature e of Jun 2 00:00:06 thebighonker dovecot: auth: Fatal: master: service(auth): child 55916 killed with signal 11 (core not dumped - set s ervice auth { drop_priv_before_exec=yes })
The suggestion to drop_priv_before_exec=yes breaks auth totally.
doveconf -n:
# 2.2.30.1 (eebd877): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.18 (29cc74d)
# OS: FreeBSD 11.0-STABLE amd64
auth_default_realm = lerctr.org
auth_mechanisms = plain login
auth_realms = lerctr.org thebighonker.lerctr.org tbh.lerctr.org
auth_username_format = %Ln
default_vsz_limit = 1 G
deliver_log_format = msgid=%m: %$ (subject=%s from=%f size=%w)
lda_mailbox_autocreate = yes
listen = 192.147.25.65, ::
lmtp_save_to_detail_mailbox = yes
login_access_sockets = tcpwrap
mail_attribute_dict = file:%h/mail/.imap/dovecot-mail-attributes
mail_debug = yes
mail_location = mbox:~/mail:INBOX=~/mail/INBOX
mail_plugins = " fts fts_solr notify stats virtual"
mail_privileged_group = mail
mail_server_admin = mailto:ler@lerctr.org
mail_server_comment = LERCTR Mail Server
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds editheader mboxmetadata servermetadata imapsieve vnd.dovecot.imapsieve
namespace archive {
hidden = no
list = no
location = mbox:~/MAIL-ARCHIVE
prefix = ARCHIVE/
separator = /
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox INBOX {
auto = create
}
mailbox Junk {
special_use = \Junk
}
mailbox SA/FN {
special_use = \Junk
}
mailbox SENT {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
mailbox virtual/Flagged {
special_use = \Flagged
}
mailbox virtual/all {
special_use = \All
}
prefix =
}
namespace virtual {
hidden = no
list = yes
location = virtual:~/MAIL-VIRTUAL:INDEX=MEMORY
prefix = Virtual/
separator = /
}
passdb {
args = failure_show_msg=yes session=yes max_requests=20
driver = pam
}
plugin {
fts = solr
fts_autoindex = yes
fts_solr = url=http://thebighonker.lerctr.org:8983/solr/dovecot/
fts_tika = http://localhost:9998/tika/
imapsieve_url = sieve://thebighonker.lerctr.org
mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change append
mail_log_fields = uid box msgid size from subject vsize flags
recipient_delimiter = +
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_extensions = +editheader +vacation-seconds +mboxmetadata +servermetadata
sieve_plugins = sieve_imapsieve
stats_command_min_time = 1 mins
stats_domain_min_time = 12 hours
stats_ip_min_time = 12 hours
stats_memory_limit = 16 M
stats_refresh = 5s
stats_session_min_time = 15 mins
stats_track_cmds = yes
stats_user_min_time = 1 hours
}
protocols = imap pop3 lmtp sieve
service auth {
unix_listener auth-client {
mode = 0666
}
unix_listener auth-master {
mode = 0666
}
}
service indexer-worker {
drop_priv_before_exec = yes
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
}
service stats {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = stats
extra_groups =
fifo_listener stats-mail {
group =
mode = 0666
user =
}
fifo_listener stats-user {
group =
mode = 0666
user =
}
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener stats {
group =
mode = 0666
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service tcpwrap {
unix_listener login/tcpwrap {
group = $default_login_user
mode = 0600
user = $default_login_user
}
}
ssl_cert =
Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 E-Mail: larryrtx@gmail.com US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281
On Fri, Jun 02, 2017 at 11:15:41AM -0500, Larry Rosenman wrote:
I'm seeing lots of: [snipped] Jun 2 00:00:05 thebighonker exim[57437]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM IN) [52.40.16.7]:51339 I=[192.147.25.65]:465: 535 Incorrect authentication data (set_id=web) Jun 2 00:00:06 thebighonker exim[57439]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM of Jun 2 00:00:06 thebighonker dovecot: auth: Fatal: master: service(auth): child 55916 killed with signal 11 (core not dumped - set s ervice auth { drop_priv_before_exec=yes })
The suggestion to drop_priv_before_exec=yes breaks auth totally.
doveconf -n: [snipped]
with auth_debug=yes, and auth_debug_passwords=yes, I got the following:
Jun 4 14:23:47 thebighonker dovecot: auth: Debug: client passdb out: FAIL 1 user=ncbbkbdoohhejcjhllpaaejoibaa.ler original_user=NCBBKBDOOHHEJCJHLLPAAEJOIBAA.ler
Jun 4 14:23:47 thebighonker exim[15791]: dovecot_login authenticator failed for (Gdosbzur) [14.210.76.12]:51337 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=ncbbkbdoohhejcjhllpaaejoiba
a.ler)
Jun 4 14:23:48 thebighonker exim[15938]: no host name found for IP address 14.210.76.12
Jun 4 14:23:48 thebighonker dovecot: auth: Debug: auth client connected (pid=0)
Jun 4 14:23:48 thebighonker dovecot: auth: Debug: client in: AUTH 1 LOGIN service=smtp rip=14.210.76.12 lip=192.147.25.65 nologin resp= (previous base64 data may contain sens
itive data)
Jun 4 14:23:48 thebighonker dovecot: auth: Debug: auth client connected (pid=0)
Jun 4 14:23:48 thebighonker dovecot: auth: Debug: client in: AUTH 1 LOGIN service=smtp rip=14.210.76.12 lip=192.147.25.65 nologin resp= (previous base64 data may contain sens
itive data)
Jun 4 14:23:55 thebighonker dovecot: imap(ler): Debug: SENT: Mailbox opened because: SELECT
Jun 4 14:23:55 thebighonker dovecot: imap(ler): Debug: INBOX: Mailbox opened because: SELECT
Jun 4 14:24:00 thebighonker dovecot: imap(ler): Debug: imapsieve: mailbox lists/mailman/users: FLAG event (changed flags: \Seen)
Jun 4 14:24:00 thebighonker dovecot: imap(ler): Debug: imapsieve: mailbox lists/mailman/users: Mailbox attribute /shared/imapsieve/script not found
Jun 4 14:24:00 thebighonker dovecot: imap(ler): Debug: imapsieve: mailbox lists/mailman/users: Server attribute /shared/imapsieve/script not found
Jun 4 14:24:00 thebighonker dovecot: imap(ler): Debug: sieve: Pigeonhole version 0.4.18 (29cc74d) initializing
Jun 4 14:24:00 thebighonker dovecot: imap(ler): Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts.
Jun 4 14:24:00 thebighonker dovecot: imap(ler): Debug: sieve: Sieve imapsieve plugin for Pigeonhole version 0.4.18 (29cc74d) loaded
Jun 4 14:24:00 thebighonker dovecot: imap(ler): flag_change: box=lists/mailman/users, uid=5500, msgid=4625bfc7-13dc-38b4-25d6-277ce481aac3@Damon-Family.org, size=8014, vsize=8144, from=Richard Damon
(don't worry, the id/pw's are fake, but NOT obfuscated).
How can we find out what's causing the SIGSEGV?
Current doveconf -n:
# 2.2.30.1 (eebd877): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.18 (29cc74d)
# OS: FreeBSD 11.0-STABLE amd64
auth_debug_passwords = yes
auth_default_realm = lerctr.org
auth_mechanisms = plain login
auth_realms = lerctr.org thebighonker.lerctr.org tbh.lerctr.org
auth_username_format = %Ln
default_vsz_limit = 1 G
deliver_log_format = msgid=%m: %$ (subject=%s from=%f size=%w)
lda_mailbox_autocreate = yes
listen = 192.147.25.65, ::
lmtp_save_to_detail_mailbox = yes
login_access_sockets = tcpwrap
mail_attribute_dict = file:%h/mail/.imap/dovecot-mail-attributes
mail_debug = yes
mail_location = mbox:~/mail:INBOX=~/mail/INBOX
mail_plugins = " fts fts_solr notify stats virtual"
mail_privileged_group = mail
mail_server_admin = mailto:ler@lerctr.org
mail_server_comment = LERCTR Mail Server
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds editheader mboxmetadata servermetadata imapsieve vnd.dovecot.imapsieve
namespace archive {
hidden = no
list = no
location = mbox:~/MAIL-ARCHIVE
prefix = ARCHIVE/
separator = /
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox INBOX {
auto = create
}
mailbox Junk {
special_use = \Junk
}
mailbox SA/FN {
special_use = \Junk
}
mailbox SENT {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
mailbox virtual/Flagged {
special_use = \Flagged
}
mailbox virtual/all {
special_use = \All
}
prefix =
}
namespace virtual {
hidden = no
list = yes
location = virtual:~/MAIL-VIRTUAL:INDEX=MEMORY
prefix = Virtual/
separator = /
}
passdb {
args = failure_show_msg=yes session=yes max_requests=20
driver = pam
}
plugin {
fts = solr
fts_autoindex = yes
fts_solr = url=http://thebighonker.lerctr.org:8983/solr/dovecot/
fts_tika = http://localhost:9998/tika/
imapsieve_url = sieve://thebighonker.lerctr.org
mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change append
mail_log_fields = uid box msgid size from subject vsize flags
recipient_delimiter = +
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_extensions = +editheader +vacation-seconds +mboxmetadata +servermetadata
sieve_plugins = sieve_imapsieve
stats_command_min_time = 1 mins
stats_domain_min_time = 12 hours
stats_ip_min_time = 12 hours
stats_memory_limit = 16 M
stats_refresh = 5s
stats_session_min_time = 15 mins
stats_track_cmds = yes
stats_user_min_time = 1 hours
}
protocols = imap pop3 lmtp sieve
service auth {
unix_listener auth-client {
mode = 0666
}
unix_listener auth-master {
mode = 0666
}
}
service indexer-worker {
drop_priv_before_exec = yes
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
}
service stats {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = stats
extra_groups =
fifo_listener stats-mail {
group =
mode = 0666
user =
}
fifo_listener stats-user {
group =
mode = 0666
user =
}
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener stats {
group =
mode = 0666
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service tcpwrap {
unix_listener login/tcpwrap {
group = $default_login_user
mode = 0600
user = $default_login_user
}
}
ssl_cert =
Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 E-Mail: larryrtx@gmail.com US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281
On 04.06.2017 22:35, Larry Rosenman wrote:
On Fri, Jun 02, 2017 at 11:15:41AM -0500, Larry Rosenman wrote:
I'm seeing lots of: [snipped] Jun 2 00:00:05 thebighonker exim[57437]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM IN) [52.40.16.7]:51339 I=[192.147.25.65]:465: 535 Incorrect authentication data (set_id=web) Jun 2 00:00:06 thebighonker exim[57439]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM of Jun 2 00:00:06 thebighonker dovecot: auth: Fatal: master: service(auth): child 55916 killed with signal 11 (core not dumped - set s ervice auth { drop_priv_before_exec=yes })
The suggestion to drop_priv_before_exec=yes breaks auth totally.
doveconf -n: [snipped]
You need to enable core dumping with coreadm
Aki
On Mon, Jun 05, 2017 at 10:18:13AM +0300, Aki Tuomi wrote:
On 04.06.2017 22:35, Larry Rosenman wrote:
On Fri, Jun 02, 2017 at 11:15:41AM -0500, Larry Rosenman wrote:
I'm seeing lots of: [snipped] Jun 2 00:00:05 thebighonker exim[57437]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM IN) [52.40.16.7]:51339 I=[192.147.25.65]:465: 535 Incorrect authentication data (set_id=web) Jun 2 00:00:06 thebighonker exim[57439]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM of Jun 2 00:00:06 thebighonker dovecot: auth: Fatal: master: service(auth): child 55916 killed with signal 11 (core not dumped - set s ervice auth { drop_priv_before_exec=yes })
The suggestion to drop_priv_before_exec=yes breaks auth totally.
doveconf -n: [snipped]
You need to enable core dumping with coreadm
Err, this is FreeBSD. That said, I upgraded the whole OS to 11.1-PRERELEASE, and this issue hasn't happened since that reboot.
I'll keep an eye on it.
Aki
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 E-Mail: larryrtx@gmail.com US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281
On Mon, Jun 05, 2017 at 07:22:11AM -0500, Larry Rosenman wrote:
On Mon, Jun 05, 2017 at 10:18:13AM +0300, Aki Tuomi wrote:
On 04.06.2017 22:35, Larry Rosenman wrote:
On Fri, Jun 02, 2017 at 11:15:41AM -0500, Larry Rosenman wrote:
I'm seeing lots of: [snipped] Jun 2 00:00:05 thebighonker exim[57437]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM IN) [52.40.16.7]:51339 I=[192.147.25.65]:465: 535 Incorrect authentication data (set_id=web) Jun 2 00:00:06 thebighonker exim[57439]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM of Jun 2 00:00:06 thebighonker dovecot: auth: Fatal: master: service(auth): child 55916 killed with signal 11 (core not dumped - set s ervice auth { drop_priv_before_exec=yes })
The suggestion to drop_priv_before_exec=yes breaks auth totally.
doveconf -n: [snipped]
You need to enable core dumping with coreadm
Err, this is FreeBSD. That said, I upgraded the whole OS to 11.1-PRERELEASE, and this issue hasn't happened since that reboot.
I'll keep an eye on it. Of course, as soon as I post that, I get 3 of them. I've set: kern.sugid_coredump: 1
But after those 3 so, we'll see if I get a core on the NEXT one.
Aki
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 E-Mail: larryrtx@gmail.com US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 E-Mail: larryrtx@gmail.com US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281
participants (2)
-
Aki Tuomi
-
Larry Rosenman