[Dovecot] CRAM-MD5 authentication memory leak problem.

Kenji Tonami tonami at designet.co.jp
Fri Jun 6 05:34:52 UTC 2014

I used dovecot Auth daemon for postfix SMTP Auth.
I saved clear password to OpenLDAP, then I set up that as the password
will be used.

There ware no trouble when authentication had sucessed.  But when
authentication failed by using "CRAM-MD5", it caused increasing memory
allocation of dovecot auth daemon.

In case of using "PLAIN" or "LOGIN", there were no problem even if
authentication had failed.

I got same result on dovecot-2.0.9(RHEL6) and dovecot-2.2.13.

Does anyone know similar case?

I tried restarting dovecot Auth daemon by using service_count parameter
in service auth settings.  When authentication failed, message on
postfix was as follows:

** 535 5.7.8 Error: authentication failed: "CRAM-MD5 string"

When authentication failed and restarting dovecot auth daemon at the
same time, message on postfix was changed as follows:

** 535 5.7.8 Error: authentication failed: Connection lost to
authentication server

It looks like that the failed authentication request is suspended by
restarting auth daemon.

-- config (10-auth.conf)
auth_mechanisms = plain login cram-md5

-- config (10-master.conf)
service auth {
  executable = auth

  unix_listener /var/spool/postfix/private/auth {
     mode = 0666
     user = postfix
     group = postfix

-- auth-ldap.conf.ext
passdb {
   driver = ldap

   args = /etc/dovecot/ldap-passdb.conf.ext

-- ldap-passdb.conf.ext
host = xxx.xxx.xxx.xxx
dn = LDAP Manager DN
dnpass = Manager DN password
base = ou=mail,dc=xxxxxx,dc=xx
scope = subtree
pass_attrs = mailID=user,mailClearPassword=password
pass_filter = (mailID=%u)
auth_bind = no
default_pass_scheme = plain


Kenji Tonami

More information about the dovecot mailing list