Hello,

I've just found that if vpopmail is compiled with --enable-roaming-users=y, but tcprules binary is missing there is kind of denial of service situation, which is not very obvious for debugging.

I know this is result of misconfiguration and I suppose this is more of a vpopmail() bug, but it is somewhat hard to debug and causes greater harm to dovecot long running auth process than vpopmail's short living vchkpw process.

Symptoms

Login to dovecot imap takes very long time. There are auth processes in D state:

USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 9873 0.0 0.0 2884 1396 ? D 14:04 0:00 dovecot/auth -w root 11292 0.0 0.0 2884 1396 ? S 14:25 0:00 \_ dovecot/auth -w

Cause

When new user has to be authenticated from vpopmail, the sequence of events goes something like this:

• libexec/dovecot/auth -w process is doing the authentication (passdb-vpopmail.c)

• passdb-vpopmail.c: at some point user is authenticated and open_smtp_relay() is called

• vpopmail.c: open_smtp_relay() gets a write lock on ~vpopmail/etc/open-smtp.lock adds new IP to ~vpopmail/etc/open-smtp and calls update_rules() etc. to rebuild the tcp.cdb file

• vpopmailc: tcprules_open() is called and it fork()s and tries to execv() tcprules

• if tcprules is not found, execv() fails silently, and we are left with a forked libexec/dovecot/auth instance, which runs all over again up to the open_smtp_relay() point where it tries to obtain write lock on ~vpopmail/etc/open-smtp.lock again (it is already locked by parent)

Hope this helps someone.