[Dovecot] mails delivered to the wrong user when using lmtp_proxy and reject_unverified_recipient
Peer Heinlein
p.heinlein at heinlein-support.de
Fri Jul 19 18:11:18 EEST 2013
Hi,
looks like we detected a serious bug in dovecot's lmtp proxying where
e-mails are delivered to the wrong user.
The setup is:
*) Dovecot is configured with "lmtp_proxy=yes"
# Support proxying to other LMTP/SMTP servers by performing passdb lookups.
lmtp_proxy = yes
*) Postfix uses "dynamic recipient verification", so Postfix starts
sending a (verify) mail by LMTP to dovecot, but quits the lmtp-session
right after the RCPT TO:. No DATA-stage is reached in the protocol and
no real e-mail is sent. But Postfix had a LMTP-connection for "user1".
*) Just some seconds later a "real" e-mail to "user2" has to be
delivered to dovecot by LMTP. But Dovecot will deliver this mail to the
wrong "user1" instead of "user2". Looks like dovecot re-uses the (still
opened?) lmtp-proxy-connection from "user1" to deliver an e-mail to "user2".
Have a log at the protocol:
1) There's a verify call to user1 from Postfix:
Jul 19 13:49:49 mailms postfix/lmtp[9842]: DE653280C51:
to=<user1 at example.com>, relay=localhost[127.0.0.1]:24, conn_use=2,
delay=120, delays=117/0.45/0/2.5, dsn=2.1.5, status=deliverable (250
2.1.5 OK)
2) Just five seconds later the e-mail to user2 (see Postfix' point of
view in the last line) is delivered to user2 (see result from Dovecot in
the last line):
Jul 19 13:50:04 mailms dovecot: lmtp(10965, kraemer): save: box=INBOX,
uid=49880, msgid=<59798276-E5D1-4053-A570-9901B731DF5D at example.come>,
size=11020
Jul 19 13:50:04 mailms dovecot: lmtp(10965, kraemer):
1zTeKrMn6VHVKgAAhyqEuA:
msgid=<59798276-E5D1-4053-A570-9901B731DF5D at example.com>: saved mail to
INBOX
Jul 19 13:50:04 mailms postfix/lmtp[10953]: C25FC280BE5:
to=<user2 at example.com>, relay=localhost[127.0.0.1]:24, conn_use=19,
delay=116, delays=115/0.53/0/0.33, dsn=2.0.0, status=sent (250 2.0.0
<user2> 1zTeKrMn6VHVKgAAhyqEuA Saved)
Same with user3 and user4:
Jul 19 14:47:53 mailms postfix/lmtp[10845]: C389A2809D7:
to=<user3 at example.com>, relay=localhost[127.0.0.1]:24, delay=4.7,
delays=3.7/0.87/0/0.19, dsn=2.1.5, status=deliverable (250 2.1.5 OK)
Jul 19 14:47:55 mailms dovecot: lmtp(26546, fs211113): save: box=INBOX,
uid=8504, msgid=<928729810.113.1374238063381 at example.com>, size=233151
Jul 19 14:47:55 mailms dovecot: lmtp(26546, fs211113):
MbMvI2816VGyZwAAhyqEuA: msgid=<928729810.113.1374238063381 at example.com>:
saved mail to INBOX
Jul 19 14:47:55 mailms postfix/lmtp[22524]: 6F0D2280A6E:
to=<user4 at example.com>, relay=localhost[127.0.0.1]:24, conn_use=2,
delay=10, delays=8.4/1/0/0.8, dsn=2.0.0, status=sent (250 2.0.0 <user3>
MbMvI2816VGyZwAAhyqEuA Saved)
The user itself is quite normal in the user database (but has a
mailhost=127.0.0.1 set):
root at mailms:/etc/dovecot/conf.d# doveadm user user2 at example.com
userdb: user2 at example.com
uid : 5000
gid : 5000
home : /srv/mail/user2
root at mailms:/etc/dovecot/conf.d# doveadm auth user2 at example.com
Password:
passdb: user2 at example.com auth failed
extra fields:
user=user2
Peer
--
Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin
http://www.heinlein-support.de
Tel: 030 / 405051-42
Fax: 030 / 405051-19
Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht
Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin
More information about the dovecot
mailing list