Acl sql dict error, dict crashes

Christian Kivalo ml+dovecot at valo.at
Thu Oct 29 10:15:10 UTC 2015 

Hi,

I configured shared mailboxes and get an error when i use SQL as the 
acl_shared_dict. It works when i use a file instead. With SQL as the 
shared_dict, dict crashes.

I have enabled sql query logs on the mariadb server, the table 
user_shares and anyone_shares are queried but there is no insert to the 
empty tables.

The dovecot-acl files are created in the mailbox when i add an acl with 
doveadm acl add ...

doveadm acl debug shows an error:

doveadm acl debug -u my at example.net shared/other at example.net/INBOX
doveadm(my at example.net): Info: Mailbox 'INBOX' is in namespace 
'shared/other at example.net/'
doveadm(my at example.net): Info: Mailbox path: 
/srv/mail/other at example.net/Maildir
doveadm(my at example.net): Info: Per-user private flags in mailbox: \Seen
doveadm(my at example.net): Info: User my at example.net has rights: lookup 
read
doveadm(my at example.net): Info: Mailbox found from dovecot-acl-list
doveadm(my at example.net): Error: User other at example.net not found from 
ACL shared dict, rebuilding
doveadm(my at example.net): Error: read(/var/run/dovecot/dict) failed: 
Connection reset by peer
doveadm(my at example.net): Error: acl: dict commit failed
doveadm(my at example.net): Fatal: ACL lookup dict rebuild failed

then the dict crashes

Oct 29 10:12:13 uschi dovecot: auth: Debug: master in: 
USER#0111#011my at example.net#011service=doveadm
  Oct 29 10:12:13 uschi dovecot: auth-worker(27393): Debug: 
sql(my at example.net): SELECT CONCAT("/srv/mail/", dir) AS home, 
CONCAT("maildir:/srv/mail/", dir, "/Maildir:LAYOUT=fs") AS mail, 5000 AS 
uid, 5000 AS gid FROM virtual_users WHERE email = 'my at example.net';
  Oct 29 10:12:13 uschi dovecot: auth: Debug: userdb out: 
USER#0111#011my at example.net#011home=/srv/mail/my at example.net#011mail=maildir:/srv/mail/my at example.net/Maildir:LAYOUT=fs#011uid=5000#011gid=5000
  Oct 29 10:12:13 uschi dovecot: auth: Debug: master in: 
USER#0112#011other at example.net#011service=doveadm
  Oct 29 10:12:13 uschi dovecot: auth-worker(27393): Debug: 
sql(other at example.net): SELECT CONCAT("/srv/mail/", dir) AS home, 
CONCAT("maildir:/srv/mail/", dir, "/Maildir:LAYOUT=fs") AS mail, 5000 AS 
uid, 5000 AS gid FROM virtual_users WHERE email = 'other at example.net';
  Oct 29 10:12:13 uschi dovecot: auth: Debug: userdb out: 
USER#0112#011other at example.net#011home=/srv/mail/other at example.net#011mail=maildir:/srv/mail/other at example.net/Maildir:LAYOUT=fs#011uid=5000#011gid=5000
  Oct 29 10:12:13 uschi dovecot: dict(27421): Panic: file dict-sql.c: 
line 670 (sql_dict_iterate): assertion failed: ((ctx->flags & 
DICT_ITERATE_FLAG_ASYNC) != 0)
  Oct 29 10:12:13 uschi dovecot: dict(27421): Error: Raw backtrace: 
/usr/lib/dovecot/libdovecot.so.0(+0x7e290) [0x7f823f032290] -> 
/usr/lib/dovecot/libdovecot.so.0(+0x7e37c) [0x7f823f03237c] -> 
/usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f823efdd65d] -> 
dovecot/dict() [0x407e84] -> dovecot/dict() [0x405890] -> dovecot/dict() 
[0x405b01] -> dovecot/dict(dict_command_input+0xa1) [0x405bd1] -> 
dovecot/dict() [0x404d96] -> 
/usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x4c) [0x7f823f044f7c] 
-> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xe1) 
[0x7f823f046231] -> 
/usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x25) 
[0x7f823f045005] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) 
[0x7f823f0451a8] -> 
/usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) 
[0x7f823efe2c23] -> dovecot/dict(main+0x149) [0x404809] -> 
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f823e4cdb45] 
-> dovecot/dict() [0x40488d]
  Oct 29 10:12:13 uschi dovecot: dict(27421): Fatal: master: 
service(dict): child 27421 killed with signal 6 (core dumps disabled)


The SQL query log from mariadb shows

151029 10:18:06     5318 Connect    readuser at 10.1.1.50 as anonymous on 
mailserver
           5318 Query    SELECT CONCAT("/srv/mail/", dir) AS home, 
CONCAT("maildir:/srv/mail/", dir, "/Maildir:LAYOUT=fs") AS mail, 5000 AS 
uid, 5000 AS gid FROM virtual_users WHERE email = 'my at example.net'
           5318 Query    SELECT CONCAT("/srv/mail/", dir) AS home, 
CONCAT("maildir:/srv/mail/", dir, "/Maildir:LAYOUT=fs") AS mail, 5000 AS 
uid, 5000 AS gid FROM virtual_users WHERE email = 'other at example.net'
          5319 Connect    writeuser at 10.1.1.50 as anonymous on mailserver
          5319 Query    SELECT dummy,from_user FROM anyone_shares
           5319 Query    SELECT dummy,from_user FROM user_shares WHERE 
to_user = 'my at example.net'
          5319 Query    SELECT dummy,to_user,from_user FROM user_shares
          5319 Query    SELECT dummy,from_user FROM anyone_shares

There is no insert.

As far as i can tell everything works as it should with shared folders 
except that die sql based acl_shared_dict is not updated. The expire 
dict is properly updated.

Is there something i can test?


My Thunderbird shows me that the server does not support shareing of 
mailboxes so i can't share parts of my mailbox to other users. Is this a 
separate issue or related?



doveconf -n
# 2.2.19: /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.9 (357ac0a0e68b+)
# OS: Linux 4.2.1 x86_64 Debian 8.2 ext4
auth_debug = yes
auth_mechanisms = plain login
auth_verbose = yes
default_vsz_limit = 512 M
  deliver_log_format = msgid=%m, from=%f, envelope from=%{from_envelope}, 
envelope to=%{to_envelope}, delivery time=%{delivery_time}ms, lmtp 
session time=%{session_time}ms, status=%$
dict {
   acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
   expire = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
first_valid_gid = 5000
first_valid_uid = 5000
imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags
last_valid_gid = 5000
last_valid_uid = 5000
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
  login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e 
%c %k session=<%{session}>
mail_access_groups = vmail
mail_debug = yes
mail_gid = vmail
mail_location = maildir:/srv/mail/%u/Maildir:LAYOUT=fs
mail_plugins = fts fts_solr virtual stats expire acl
mail_uid = vmail
managesieve_notify_capability = mailto
  managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date index ihave duplicate
namespace {
   list = children
   location = maildir:%%h/Maildir:INDEXPVT=%h/shared/%%u:LAYOUT=fs
   prefix = shared/%%u/
   separator = /
   subscriptions = no
   type = shared
}
namespace inbox {
   inbox = yes
   location =
   mailbox Archives {
     auto = subscribe
     special_use = \Archive
   }
   mailbox "Deleted Items" {
     special_use = \Trash
   }
   mailbox Draft {
     special_use = \Drafts
   }
   mailbox Drafts {
     auto = subscribe
     special_use = \Drafts
   }
   mailbox "Gel&APY-schte Objekte" {
     special_use = \Trash
   }
   mailbox "Gesendete Objekte" {
     special_use = \Sent
   }
   mailbox Junk-E-Mail {
     special_use = \Junk
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     auto = subscribe
     special_use = \Sent
   }
   mailbox "Sent Items" {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Spam {
     auto = subscribe
     special_use = \Junk
   }
   mailbox Trash {
     auto = subscribe
     special_use = \Trash
   }
   prefix =
   separator = /
   subscriptions = yes
   type = private
}
namespace virtual {
   hidden = no
   inbox = no
   list = children
   location = virtual:/srv/mail/%u/virtual
   mailbox All {
     special_use = \All
   }
   prefix = virtual/
   separator = /
   subscriptions = yes
}
passdb {
   args = /etc/dovecot/dovecot-sql.conf.ext
   driver = sql
}
plugin {
   acl = vfile
   acl_shared_dict = proxy::acl
   antispam_backend = dspam
   antispam_debug_target = syslog
    antispam_dspam_args = 
--client;--user;%u;--source=error;--signature=%%s
   antispam_dspam_binary = /usr/bin/dspam
   antispam_dspam_notspam = --class=innocent
   antispam_dspam_spam = --class=spam
   antispam_signature = X-DSPAM-Signature
   antispam_signature_missing = error
   antispam_spam_pattern_ignorecase = Junk;SPAM
    antispam_trash_pattern_ignorecase = trash;Deleted *;Gel&APY-schte 
*;Gelöschte *
   expire = Trash
   expire2 = Spam
   expire_dict = proxy::expire
   fts = solr
   fts_autoindex = yes
   fts_solr = break-imap-search url=http://10.1.1.50:8983/solr/
    mail_log_events = delete undelete expunge copy mailbox_delete 
mailbox_rename append
   mail_log_fields = uid box msgid size from vsize flags
   mailbox_alias_new = Sent Messages
   mailbox_alias_new10 = Draft
   mailbox_alias_new11 = Entw&APw-rfe
   mailbox_alias_new2 = Sent Items
   mailbox_alias_new3 = Gesendete Objekte
   mailbox_alias_new4 = Sent Messages
   mailbox_alias_new5 = Junk
   mailbox_alias_new6 = Junk-E-Mail
   mailbox_alias_new7 = Deleted Items
   mailbox_alias_new8 = Deleted Messages
   mailbox_alias_new9 = Gel&APY-schte Objekte
   mailbox_alias_old = Sent
   mailbox_alias_old10 = Drafts
   mailbox_alias_old11 = Drafts
   mailbox_alias_old2 = Sent
   mailbox_alias_old3 = Sent
   mailbox_alias_old4 = Sent
   mailbox_alias_old5 = Spam
   mailbox_alias_old6 = Spam
   mailbox_alias_old7 = Trash
   mailbox_alias_old8 = Trash
   mailbox_alias_old9 = Trash
   sieve = file:/srv/sieve/%u/;active=/srv/sieve/%u/.dovecot.sieve
   sieve_before = /srv/sieve/before
   stats_refresh = 30 secs
   stats_track_cmds = yes
}
postmaster_address = postmaster at sec-svcs.eu
protocols = imap pop3 lmtp sieve
service auth-worker {
   user = doveauth
}
service auth {
   inet_listener {
     address = 10.1.1.10
     port = 12987
   }
   unix_listener /var/spool/postfix/private/auth {
     group = postfix
     mode = 0660
     user = postfix
   }
   unix_listener auth-userdb {
     group = doveauth
     mode = 0666
     user = doveauth
   }
}
service dict {
   unix_listener dict {
     group = vmail
     mode = 0660
   }
}
service imap-login {
   inet_listener imap {
     port = 143
   }
   inet_listener imaps {
     port = 993
     ssl = yes
   }
   process_min_avail = 2
}
service lmtp {
   unix_listener /var/spool/postfix/private/dovecot-lmtp {
     group = postfix
     mode = 0666
     user = postfix
   }
}
service managesieve-login {
   inet_listener sieve {
     port = 4190
   }
}
service pop3-login {
   inet_listener pop3 {
     port = 0
   }
   inet_listener pop3s {
     port = 0
   }
}
service stats {
   fifo_listener stats-mail {
     mode = 0600
     user = vmail
   }
}
ssl = required
  ssl_cert = 
</srv/cert/public/uschi.sec-svcs.eu_20141030_comodo_ca_intermediate.crt
ssl_key = </srv/cert/private/uschi.sec-svcs.eu_20141030_comodo.key
ssl_options = no_compression
ssl_protocols = !SSLv2,!SSLv3
syslog_facility = local5
userdb {
   args = /etc/dovecot/dovecot-sql.conf.ext
   driver = sql
}
verbose_proctitle = yes
protocol lmtp {
   mail_plugins = fts fts_solr virtual stats expire acl sieve
}
protocol lda {
   mail_plugins = fts fts_solr virtual stats expire acl sieve
}
protocol imap {
    mail_plugins = fts fts_solr virtual stats expire acl antispam 
mailbox_alias imap_stats imap_acl
}

Thanks in advance
Christian

More information about the dovecot mailing list