dovecot Digest, Vol 177, Issue 55

Matthew Brown sergey.travolskis at gmail.com
Thu Jan 25 14:42:56 EET 2018


No reason to tell me about security, I just need chmod for my tests. Where
to change it ?

On Thu, Jan 25, 2018 at 12:00 PM, <dovecot-request at dovecot.org> wrote:

> Send dovecot mailing list submissions to
>         dovecot at dovecot.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://dovecot.org/mailman/listinfo/dovecot
> or, via email, send a message with subject or body 'help' to
>         dovecot-request at dovecot.org
>
> You can reach the person managing the list at
>         dovecot-owner at dovecot.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of dovecot digest..."
>
>
> Today's Topics:
>
>    1. Re: Panic: data stack: Out of memory when allocating bytes
>       (Josef 'Jeff' Sipek)
>    2. Re: 777 permissions on mailbox, subfolders subfiles new
>       emails (Nikolai Lusan)
>    3. Re: problem with lda (Stephan Bosch)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 24 Jan 2018 17:39:36 -0500
> From: Josef 'Jeff' Sipek <jeff.sipek at dovecot.fi>
> To: Thomas Robers <robers at tutech.de>
> Cc: dovecot at dovecot.org
> Subject: Re: Panic: data stack: Out of memory when allocating bytes
> Message-ID: <20180124223936.GE14966 at meili>
> Content-Type: text/plain; charset=us-ascii
>
> On Wed, Jan 24, 2018 at 18:55:47 +0100, Thomas Robers wrote:
> > Am 23.01.2018 um 20:07 schrieb Josef 'Jeff' Sipek:
> > > On Tue, Jan 23, 2018 at 14:03:27 -0500, Josef 'Jeff' Sipek wrote:
> > > > On Tue, Jan 23, 2018 at 18:21:38 +0100, Thomas Robers wrote:
> ...
> > > > 1. Do you have any idea what the imap process was doing at the time
> of the
> > > >     allocation failure?
> >
> > Yes perhaps. We use shared mailboxes and at the time of failure the
> > imap process is reading acl files in a shared mailbox (and subfolder).
> > This shared mailbox has about 2800 subfolder and the acl files are read
> > in about 10sec and and during this reading the imap process dies with
> > the already mentioned error. It seems it has something to do with the
> > shared mailbox, because since yesterday morning 5 core dumps have been
> > created, 4 of them by one user accessing the shared mailbox and 1
> > by the user who is the owner of the shared mailbox. No other mailboxes
> > are affected until now.
>
> Based on the stack trace, the client was creating a new mailbox, which
> caused an acl list rebuild, which ended up triggering this oddly sized
> allocation.
>
> > > > 2. You snipped all the important parts of the back trace. :)  It
> *starts* on
> > > >     the line:
> > > >   #0  0x00007f73f1386495 in raise () from /lib64/libc.so.6
> > >
> > > In case you haven't used gdb before...  after starting up gdb, run "bt
> full"
> > > at the gdb prompt.  That'll print out a very detailed backtrace.  (You
> might
> > > want to sanity check it to make sure there aren't any user passwords
> in it
> > > before posting it here...)
> >
> > Yes, sorry I'm not very familiar in using gdb, but here is the full
> > backtrace:
>
> It looks like the binaries are stripped.  There should be a "debug" package
> you can install with symbol information.  Then, the backtrace should be
> much
> more helpful.
>
> > > >     Having the backtrace should help answer question number 1.
> > > > 3. How big is this process when it dies?
> >
> > I don't know which imap process dies beforehand so how do i get this
> > information?
>
> The size of the core file will give you an general idea.  gdb can also
> print
> out lots of info via "maintenance info sections", but I don't think that'll
> help figuring out why things blow up.
>
> Jeff.
>
> --
> Keyboard not found!
> Press F1 to enter Setup
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 25 Jan 2018 13:09:40 +1000
> From: Nikolai Lusan <nikolai at lusan.id.au>
> To: dovecot at dovecot.org
> Subject: Re: 777 permissions on mailbox, subfolders subfiles new
>         emails
> Message-ID: <1516849780.4714.5.camel at lusan.id.au>
> Content-Type: text/plain; charset="UTF-8"
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi,
>
> On Thu, 2018-01-25 at 00:35 +0200, Matthew Brown wrote:
> > What I have to change, so dovecot on new email create, sets chmod 777 on
> > Mailbox and all subfolders subfiles all new emails/sent emails etc.
>
> This is a really bad idea. It is possible to setup in dovecot if you're
> using dovecot as your LDA. The only reason I can think of for anything
> close to this is virtual mailboxes ... and even then I set things up with a
> specific user to own the files and set them as 770 for the directories and
> 660 for the files. With that setup dovecot limits users to their own mail
> directories with values returned via the passdb/userdb.
>
> As a general rule anything on a *nix system that is chmod 777 is to be
> avoided - it's a massive security risk.
>
> - --
> Nikolai Lusan <nikolai at lusan.id.au>
> -----BEGIN PGP SIGNATURE-----
>
> iQIzBAEBCgAdFiEEVfd4GW6z4nsBxdLo4ZaDRV2VL6QFAlppSnQACgkQ4ZaDRV2V
> L6To/BAAjKeTi6reaRrcSClKm6PEbgewtF1KvHgO1zr+hv9T2XOnVGFSajeFwSXR
> rDSXGQ/H9s97KDGZB4VKxuSKZsDRFkF9u7ILttuXOgj8kG8XZl4sqg/w0FIrTC1K
> GD8T0TZWSJGFIzrLXTpgzoO1LeQXIuXgnZIMbcaneCHKZc1do/GwQ4DEFVdUnxRJ
> n+76nbs8RdQwZKGXYGGTU/BXPniTSW1pmTFxnlruxE7fuWBYeEyQGQRke/CT2rFF
> ET+d7LlV4Nds6eGjalyf7m5tCNS87Zm78xegANuMNaMdzPI8NlbnFO82bAlC7kP/
> WkCFSfhJL3s9daEnMWT/dxY2lNKy3kTyOZssXM6ROkNhOFRipNwRr77tO6qzu8l9
> pvaVxr8a0pMVQwxGAyW84vS9GWmeMNMMiY0k7XdPSBS/6CVlQm8eUhnDo6GFZoH9
> Tbn4XNkEKysbZEjImjXb6eQpRwQLniIULjeyoX8aqmN2sh4kDndLJwjxpz7Jd6v2
> j2tuS7+79G9qU8dqpCSwzvWYTteOLJeqJLy6s5F+zf8FHGLcHdNasoo+/Sdzg4+E
> tZm31wp7iQdzKMwbOnRk9FceYXbb9WjxI1QY+7U11Rx25y44UDPzUYYOL+ZoWOXJ
> zAr/F9fhUP/u8AubOgOn6BLaguiWcFK0g6HhCqDkVAUibEMzC+0=
> =YUek
> -----END PGP SIGNATURE-----
>
>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 25 Jan 2018 09:35:57 +0100
> From: Stephan Bosch <stephan at rename-it.nl>
> To: Infoomatic <infoomatic at gmx.at>, dovecot at dovecot.org
> Subject: Re: problem with lda
> Message-ID: <2544728b-5441-c163-34fd-bd155e28f591 at rename-it.nl>
> Content-Type: text/plain; charset=utf-8
>
> Op 1/24/2018 om 5:30 PM schreef Infoomatic:
> > Hello,
> >
> > I am currently testing the upgrade from our dovecot v2.2.23 to 2.3.0. I
> have a strange problem with lda.
> > We use bounce mails for internal users if they try to send
> virus/spammails. The exact same config works with 2.2.23, but not with
> 2.3.0.
> >
> > The relevant postfix/master.cf part:
> > dovecot   unix  -       n       n       -       -       pipe
> >   flags=DRhu user=vmail:vmail argv=/opt/dovecot/libexec/dovecot/deliver
> -d ${recipient} -f ${sender}
> >
> > On the same machine, with 2.2.23 I get a bounce mail when trying to send
> a virus, with the subject "VIRUS in message apparently from you
> (Eicar-Test-Signature)", to both the users inbox as well as to the mailbox
> of virusalert at ourdomain.internal
> >
> > With 2.3.0, in the logs I get an error:
> >
> > relay=dovecot, delay=0.01, delays=0/0/0/0, dsn=5.3.0, status=bounced
> (command line usage error. Command output: lda: Fatal: Invalid -f
> parameter: Missing domain
> >
> > and the alert message is only sent to virusalert at ourdomain.internal,
> but not to the user who tried to send the mail.
> >
> > The relevant part of our dovecot.conf:
> > protocol lda {
> >   mail_plugins = " quota zlib sieve acl mail_log notify"
> >   postmaster_address = postmaster at ourdomain.internal
> > }
> >
> > Does anyone know how to solve this problem? Or is there a workaround via
> postfix/amavis/spamassassin? Any hints are highly appreciated, thanks!
>
> Apparently, the ${sender} has no @domain part. Why?
>
> Regards,
>
> Stephan.
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> dovecot mailing list
> dovecot at dovecot.org
> https://dovecot.org/mailman/listinfo/dovecot
>
> ------------------------------
>
> End of dovecot Digest, Vol 177, Issue 55
> ****************************************
>



-- 
zxzzzzzzzzzzzzz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180125/33fbf482/attachment.html>


More information about the dovecot mailing list