[Dovecot] mails delivered to the wrong user when using lmtp_proxy and reject_unverified_recipient
skdovecot at smail.inf.fh-brs.de
Mon Jul 22 10:45:40 EEST 2013
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 19 Jul 2013, Peer Heinlein wrote:
> looks like we detected a serious bug in dovecot's lmtp proxying where
> e-mails are delivered to the wrong user.
> The setup is:
> *) Dovecot is configured with "lmtp_proxy=yes"
> # Support proxying to other LMTP/SMTP servers by performing passdb lookups.
> lmtp_proxy = yes
> *) Postfix uses "dynamic recipient verification", so Postfix starts
> sending a (verify) mail by LMTP to dovecot, but quits the lmtp-session
> right after the RCPT TO:. No DATA-stage is reached in the protocol and
> no real e-mail is sent. But Postfix had a LMTP-connection for "user1".
> *) Just some seconds later a "real" e-mail to "user2" has to be
> delivered to dovecot by LMTP. But Dovecot will deliver this mail to the
> wrong "user1" instead of "user2". Looks like dovecot re-uses the (still
> opened?) lmtp-proxy-connection from "user1" to deliver an e-mail to "user2".
Is the communication between postfix and Dovecot LMTP encrypted? If not,
can you trace the LMTP transmission using something like wireshark or
strace? So one get the impression of:
+ how many connections uses postfix to communicate with LMTP
+ which LMTP commands are transmitted in which order on which connection
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the dovecot