[dovecot] Re: Bug#175507: dovecot: Accidental denial of service via syslog
Jaldhar H. Vyas
jaldhar at debian.org
Wed Jan 8 21:50:34 EET 2003
This bug was reported to Debian but I feel it is an upstream issue.
On Sat, 4 Jan 2003, Amelia A Lewis wrote:
> If dovecot is misconfigured, such that imap-auth cannot find passwd.imap
> (which probably needs to get copied; maybe need more docco in the config
> file? This happens if the digest-md5 auth method is uncommented and the
> auth_userinfo is set to passwd-file /etc/passwd.imap), imap-auth dies once a
> second with error 89, which it reports to imap-master, and both log to
> syslog.
>
> I've got 30,000 line pairs from a ten hour run. I would think that if it
> dies more than, say, a thousand times in a single hour, imap-master maybe
> ought to consider that there's a serious configuration problem preventing
> use, and exit instead of continuing to fill the log.
>
> Granted, it's a shoot-yourself sort of error. But still ... after a certain
> point, the program ought to be able to die *gracefully* if the sysadmin has
> shot it, by accident or not.
>
Personally, I would be even stricter than Amelia is suggesting. If there
is a serious configuration error, dovecot should die immediately.
--
Jaldhar H. Vyas <jaldhar at debian.org>
More information about the dovecot
mailing list