[dovecot] Re: Bug#175507: dovecot: Accidental denial of service via syslog
This bug was reported to Debian but I feel it is an upstream issue.
On Sat, 4 Jan 2003, Amelia A Lewis wrote:
If dovecot is misconfigured, such that imap-auth cannot find passwd.imap (which probably needs to get copied; maybe need more docco in the config file? This happens if the digest-md5 auth method is uncommented and the auth_userinfo is set to passwd-file /etc/passwd.imap), imap-auth dies once a second with error 89, which it reports to imap-master, and both log to syslog.
I've got 30,000 line pairs from a ten hour run. I would think that if it dies more than, say, a thousand times in a single hour, imap-master maybe ought to consider that there's a serious configuration problem preventing use, and exit instead of continuing to fill the log.
Granted, it's a shoot-yourself sort of error. But still ... after a certain point, the program ought to be able to die *gracefully* if the sysadmin has shot it, by accident or not.
Personally, I would be even stricter than Amelia is suggesting. If there is a serious configuration error, dovecot should die immediately.
-- Jaldhar H. Vyas jaldhar@debian.org
On Wed, 2003-01-08 at 21:50, Jaldhar H. Vyas wrote:
I've got 30,000 line pairs from a ten hour run. I would think that if it dies more than, say, a thousand times in a single hour, imap-master maybe ought to consider that there's a serious configuration problem preventing use, and exit instead of continuing to fill the log. Personally, I would be even stricter than Amelia is suggesting. If there is a serious configuration error, dovecot should die immediately.
Agreed. CVS contains such code now. If login or auth process die before master receives an "we're ok" notification from them, master shuts itself down. Only problem with this could be some temporary failure (eg. out of memory) which unneededly kills the whole Dovecot, but I think these are quite rare.
participants (2)
-
Jaldhar H. Vyas
-
Timo Sirainen