Panic/Assert dns-lookup.c

tim at linux-daus.de tim at linux-daus.de
Mon Mar 30 17:21:53 EEST 2020 

Hi,

currently we deploying Dovecot as imap/pop3 proxy. Every few minutes some panic/assert occurred (we connect roughly 7k - 8k user at one imap proxy with a connection rate of 200/s).

We activate core dumps. Concerning the sensitive information in the dump we would prefer to not share the dump (e.g. i found our ssl private key in the dump).


Log/Stack trace:

Mar 30 15:54:06 imap16 dovecot: auth: Panic: file dns-lookup.c: line 371 (dns_client_lookup_common): assertion failed: (param != NULL && *param != '\0')
Mar 30 15:54:06 imap16 dovecot: auth: Error: Raw backtrace: #0 t_askpass[0x7f27a219b5f0] -> #1 backtrace_append[0x7f27a219b860] -> #2 backtrace_get[0x7f27a219b9c0] -> #3 i_syslog_error_handler[0x7f27a21a6840] -> #4 i_syslog_fatal_handler[0x7f27a21a6970] -> #5 i_fatal[0x7f27a20fc3b7] -> #6 dns_client_connect[0x7f27a216ffb0] -> #7 dns_client_lookup[0x7f27a21702a0] -> #8 auth_request_proxy_finish[0x55c930e9b200] -> #9 auth_request_handler_reply[0x55c930e9cee0] -> #10 auth_policy_check[0x55c930e93a10] -> #11 auth_request_success[0x55c930e9bcf0] -> #12 auth_request_verify_plain_callback_finish[0x55c930e9a650] -> #13 auth_request_verify_plain_callback[0x55c930e9a7a0] -> #14 authdb_ldap_deinit[0x7f279faa9f10] -> #15 db_ldap_result_iterate_deinit[0x7f279faa7f70] -> #16 io_loop_call_io[0x7f27a21c0490] -> #17 io_loop_handler_run_internal[0x7f27a21c1e20] -> #18 io_loop_handler_run[0x7f27a21c05c0] -> #19 io_loop_run[0x7f27a21c0810] -> #20 master_service_run[0x7f27a212d5b0] -> #21 main[0x55c930e8dd10] -> #22 __libc_start_main[0x7f27a14901f0] -> #23 _start[0x55c930e8e2c0] -> #24 [no start/end information]
Mar 30 15:54:06 imap16 dovecot: auth: Fatal: master: service(auth): child 6133 killed with signal 6 (core dumped)


Config:

# 2.3.9.2 (844fc8246): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.9 (db4e9a2f)
# OS: Linux 4.9.0-12-amd64 x86_64 Debian 9.12
# Hostname: imap16.domain.de
auth_default_realm = domain.de
auth_failure_delay = 0
auth_mechanisms = plain login cram-md5
auth_username_format = %{if;%d;eq;domain.de;%n at olddomain.de;%u}
auth_verbose = yes
base_dir = /var/run/dovecot/
default_client_limit = 4096
default_internal_user = pop
default_process_limit = 400
default_vsz_limit = 1 G
doveadm_password = # hidden, use -P to show it
first_valid_uid = 48
import_environment = TZ
last_valid_uid = 48
login_trusted_networks = 192.168.11.0/24
mail_gid = pop
mail_plugins = " mail_log notify zlib quota"
mail_uid = pop
passdb {
  args = /etc/dovecot/conf.d/dovecot-ldap-domain-proxy.conf.ext
  driver = ldap
  result_failure = return-fail
  result_success = continue-ok
}
passdb {
  args = allow_real_nets=192.168.11.0/24
  driver = static
  result_failure = continue-ok
}
passdb {
  args = /etc/dovecot/conf.d/dovecot-ldap-domain-protocol-deny.conf.ext
  driver = ldap
  result_failure = return-ok
  result_success = return-fail
}
passdb {
  args = /etc/dovecot/passdb-domain-ldap-cram.conf.ext
  driver = ldap
  mechanisms = CRAM-MD5
  result_failure = continue-fail
  result_success = continue-ok
}
passdb {
  args = /etc/dovecot/passdb-domain-ldap.conf.ext
  driver = ldap
  mechanisms = LOGIN,PLAIN
  result_failure = return-fail
  result_success = continue-ok
}
plugin {
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
  mail_log_fields = uid box msgid size
  zlib_save = gz
  zlib_save_level = 6
}
protocols = " imap pop3"
service auth {
  unix_listener auth-client {
    group = dovecot_auth
    mode = 0660
    user = $default_internal_user
  }
}
service doveadm {
  group = pop
  inet_listener {
    port = 12345
  }
  user = pop
}
service imap-login {
  process_min_avail = 24
  service_count = 0
}
service pop3-login {
  process_min_avail = 24
  service_count = 0
}
ssl = required
ssl_cert = </etc/ssl/certs/star_domain_de.crt
ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
verbose_proctitle = yes

More information about the dovecot mailing list