SIG11/Auth/FreeBSD
Larry Rosenman
larryrtx at gmail.com
Sun Jun 4 22:35:01 EEST 2017
On Fri, Jun 02, 2017 at 11:15:41AM -0500, Larry Rosenman wrote:
> I'm seeing lots of:
[snipped]
> Jun 2 00:00:05 thebighonker exim[57437]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM
> IN) [52.40.16.7]:51339 I=[192.147.25.65]:465: 535 Incorrect authentication data (set_id=web)
> Jun 2 00:00:06 thebighonker exim[57439]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM
> of
> Jun 2 00:00:06 thebighonker dovecot: auth: Fatal: master: service(auth): child 55916 killed with signal 11 (core not dumped - set s
> ervice auth { drop_priv_before_exec=yes })
>
> The suggestion to drop_priv_before_exec=yes breaks auth totally.
>
> doveconf -n:
[snipped]
with auth_debug=yes, and auth_debug_passwords=yes, I got the following:
Jun 4 14:23:47 thebighonker dovecot: auth: Debug: client passdb out: FAIL 1 user=ncbbkbdoohhejcjhllpaaejoibaa.ler original_user=NCBBKBDOOHHEJCJHLLPAAEJOIBAA.ler
Jun 4 14:23:47 thebighonker exim[15791]: dovecot_login authenticator failed for (Gdosbzur) [14.210.76.12]:51337 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=ncbbkbdoohhejcjhllpaaejoiba
a.ler)
Jun 4 14:23:48 thebighonker exim[15938]: no host name found for IP address 14.210.76.12
Jun 4 14:23:48 thebighonker dovecot: auth: Debug: auth client connected (pid=0)
Jun 4 14:23:48 thebighonker dovecot: auth: Debug: client in: AUTH 1 LOGIN service=smtp rip=14.210.76.12 lip=192.147.25.65 nologin resp= (previous base64 data may contain sens
itive data)
Jun 4 14:23:48 thebighonker dovecot: auth: Debug: auth client connected (pid=0)
Jun 4 14:23:48 thebighonker dovecot: auth: Debug: client in: AUTH 1 LOGIN service=smtp rip=14.210.76.12 lip=192.147.25.65 nologin resp= (previous base64 data may contain sens
itive data)
Jun 4 14:23:55 thebighonker dovecot: imap(ler): Debug: SENT: Mailbox opened because: SELECT
Jun 4 14:23:55 thebighonker dovecot: imap(ler): Debug: INBOX: Mailbox opened because: SELECT
Jun 4 14:24:00 thebighonker dovecot: imap(ler): Debug: imapsieve: mailbox lists/mailman/users: FLAG event (changed flags: \Seen)
Jun 4 14:24:00 thebighonker dovecot: imap(ler): Debug: imapsieve: mailbox lists/mailman/users: Mailbox attribute /shared/imapsieve/script not found
Jun 4 14:24:00 thebighonker dovecot: imap(ler): Debug: imapsieve: mailbox lists/mailman/users: Server attribute /shared/imapsieve/script not found
Jun 4 14:24:00 thebighonker dovecot: imap(ler): Debug: sieve: Pigeonhole version 0.4.18 (29cc74d) initializing
Jun 4 14:24:00 thebighonker dovecot: imap(ler): Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts.
Jun 4 14:24:00 thebighonker dovecot: imap(ler): Debug: sieve: Sieve imapsieve plugin for Pigeonhole version 0.4.18 (29cc74d) loaded
Jun 4 14:24:00 thebighonker dovecot: imap(ler): flag_change: box=lists/mailman/users, uid=5500, msgid=<4625bfc7-13dc-38b4-25d6-277ce481aac3 at Damon-Family.org>, size=8014, vsize=8144, from=Richard Damon <R
ichard at Damon-Family.org>, subject=Re: [Mailman-Users] Moderator action requested for a new? subscription?, flags=(\Seen \Recent)
Jun 4 14:24:00 thebighonker dovecot: imap(ler): Logged out in=16182 out=58486 fhc=1 fhb=714 fbc=1 fbb=8144 del=0 exp=0 trash=0
Jun 4 14:24:03 thebighonker dovecot: auth: Debug: client passdb out: CONT 1 VXNlcm5hbWU6
Jun 4 14:24:03 thebighonker dovecot: auth: Debug: client in: CONT 1 QUIT (previous base64 data may contain sensitive data)
Jun 4 14:24:03 thebighonker dovecot: auth: login(?,14.210.76.12): Username character disallowed by auth_username_chars: 0x13 (username: AB?)
Jun 4 14:24:03 thebighonker dovecot: auth: Debug: client passdb out: CONT 1 VXNlcm5hbWU6
Jun 4 14:24:03 thebighonker dovecot: auth: Debug: client in: CONT 1 QUIT (previous base64 data may contain sensitive data)
Jun 4 14:24:03 thebighonker dovecot: auth: login(?,14.210.76.12): Username character disallowed by auth_username_chars: 0x13 (username: AB?)
Jun 4 14:24:05 thebighonker exim[15938]: dovecot_login authenticator failed for (Gdosbzur) [14.210.76.12]:52901 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=AB\023)
Jun 4 14:24:05 thebighonker dovecot: auth: Debug: client passdb out: FAIL 1 user=AB^S original_user=AB^S
Jun 4 14:24:05 thebighonker exim[15881]: dovecot_login authenticator failed for (Gdosbzur) [14.210.76.12]:51819 I=[192.147.25.65]:25: 435 Unable to authenticate at present: authentication socket read err
or or premature eof
Jun 4 14:24:05 thebighonker dovecot: auth: Fatal: master: service(auth): child 95298 killed with signal 11 (core not dumped - set service auth { drop_priv_before_exec=yes })
(don't worry, the id/pw's are fake, but NOT obfuscated).
How can we find out what's causing the SIGSEGV?
Current doveconf -n:
# 2.2.30.1 (eebd877): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.18 (29cc74d)
# OS: FreeBSD 11.0-STABLE amd64
auth_debug_passwords = yes
auth_default_realm = lerctr.org
auth_mechanisms = plain login
auth_realms = lerctr.org thebighonker.lerctr.org tbh.lerctr.org
auth_username_format = %Ln
default_vsz_limit = 1 G
deliver_log_format = msgid=%m: %$ (subject=%s from=%f size=%w)
lda_mailbox_autocreate = yes
listen = 192.147.25.65, ::
lmtp_save_to_detail_mailbox = yes
login_access_sockets = tcpwrap
mail_attribute_dict = file:%h/mail/.imap/dovecot-mail-attributes
mail_debug = yes
mail_location = mbox:~/mail:INBOX=~/mail/INBOX
mail_plugins = " fts fts_solr notify stats virtual"
mail_privileged_group = mail
mail_server_admin = mailto:ler at lerctr.org
mail_server_comment = LERCTR Mail Server
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds editheader mboxmetadata servermetadata imapsieve vnd.dovecot.imapsieve
namespace archive {
hidden = no
list = no
location = mbox:~/MAIL-ARCHIVE
prefix = ARCHIVE/
separator = /
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox INBOX {
auto = create
}
mailbox Junk {
special_use = \Junk
}
mailbox SA/FN {
special_use = \Junk
}
mailbox SENT {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
mailbox virtual/Flagged {
special_use = \Flagged
}
mailbox virtual/all {
special_use = \All
}
prefix =
}
namespace virtual {
hidden = no
list = yes
location = virtual:~/MAIL-VIRTUAL:INDEX=MEMORY
prefix = Virtual/
separator = /
}
passdb {
args = failure_show_msg=yes session=yes max_requests=20
driver = pam
}
plugin {
fts = solr
fts_autoindex = yes
fts_solr = url=http://thebighonker.lerctr.org:8983/solr/dovecot/
fts_tika = http://localhost:9998/tika/
imapsieve_url = sieve://thebighonker.lerctr.org
mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change append
mail_log_fields = uid box msgid size from subject vsize flags
recipient_delimiter = +
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_extensions = +editheader +vacation-seconds +mboxmetadata +servermetadata
sieve_plugins = sieve_imapsieve
stats_command_min_time = 1 mins
stats_domain_min_time = 12 hours
stats_ip_min_time = 12 hours
stats_memory_limit = 16 M
stats_refresh = 5s
stats_session_min_time = 15 mins
stats_track_cmds = yes
stats_user_min_time = 1 hours
}
protocols = imap pop3 lmtp sieve
service auth {
unix_listener auth-client {
mode = 0666
}
unix_listener auth-master {
mode = 0666
}
}
service indexer-worker {
drop_priv_before_exec = yes
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
}
service stats {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = stats
extra_groups =
fifo_listener stats-mail {
group =
mode = 0666
user =
}
fifo_listener stats-user {
group =
mode = 0666
user =
}
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener stats {
group =
mode = 0666
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service tcpwrap {
unix_listener login/tcpwrap {
group = $default_login_user
mode = 0600
user = $default_login_user
}
}
ssl_cert = </home/ler/letsencrypt-home/lerctr.org/fullchain.cer
ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+AESGCM:EECDH:EDH+AESGCM:EDH+aRSA:HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!LOW:!RC4:!MD5:!EXP:!PSK:!SRP:!DSS
ssl_key = # hidden, use -P to show it
ssl_protocols = !SSLv2 !SSLv3
userdb {
driver = passwd
}
verbose_proctitle = yes
protocol lmtp {
mail_plugins = " fts fts_solr notify stats virtual sieve mail_log"
}
protocol lda {
mail_plugins = " fts fts_solr notify stats virtual sieve mail_log"
}
protocol pop3 {
mail_plugins = " fts fts_solr notify stats virtual mail_log"
}
protocol !doveadm {
mail_plugins = " fts fts_solr notify stats virtual mail_log"
}
protocol imap {
imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags
imap_logout_format = in=%i out=%o fhc=%{fetch_hdr_count} fhb=%{fetch_hdr_bytes} fbc=%{fetch_body_count} fbb=%{fetch_body_bytes} del=%{deleted} exp=%{expunged} trash=%{trashed}
imap_metadata = yes
mail_max_userip_connections = 50
mail_plugins = " fts fts_solr notify stats virtual mail_log imap_sieve imap_stats stats"
}
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 E-Mail: larryrtx at gmail.com
US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281
More information about the dovecot
mailing list