Panic/Assert dns-lookup.c

Aki Tuomi aki.tuomi at open-xchange.com
Mon Mar 30 17:23:41 EEST 2020 

Hi!

Can you install dovecot-dbg to get debug symbols, open the core in gdb and run 

bt full

Aki

> On 30/03/2020 17:21 tim at linux-daus.de wrote:
> 
>  
> Hi,
> 
> currently we deploying Dovecot as imap/pop3 proxy. Every few minutes some panic/assert occurred (we connect roughly 7k - 8k user at one imap proxy with a connection rate of 200/s).
> 
> We activate core dumps. Concerning the sensitive information in the dump we would prefer to not share the dump (e.g. i found our ssl private key in the dump).
> 
> 
> Log/Stack trace:
> 
> Mar 30 15:54:06 imap16 dovecot: auth: Panic: file dns-lookup.c: line 371 (dns_client_lookup_common): assertion failed: (param != NULL && *param != '\0')
> Mar 30 15:54:06 imap16 dovecot: auth: Error: Raw backtrace: #0 t_askpass[0x7f27a219b5f0] -> #1 backtrace_append[0x7f27a219b860] -> #2 backtrace_get[0x7f27a219b9c0] -> #3 i_syslog_error_handler[0x7f27a21a6840] -> #4 i_syslog_fatal_handler[0x7f27a21a6970] -> #5 i_fatal[0x7f27a20fc3b7] -> #6 dns_client_connect[0x7f27a216ffb0] -> #7 dns_client_lookup[0x7f27a21702a0] -> #8 auth_request_proxy_finish[0x55c930e9b200] -> #9 auth_request_handler_reply[0x55c930e9cee0] -> #10 auth_policy_check[0x55c930e93a10] -> #11 auth_request_success[0x55c930e9bcf0] -> #12 auth_request_verify_plain_callback_finish[0x55c930e9a650] -> #13 auth_request_verify_plain_callback[0x55c930e9a7a0] -> #14 authdb_ldap_deinit[0x7f279faa9f10] -> #15 db_ldap_result_iterate_deinit[0x7f279faa7f70] -> #16 io_loop_call_io[0x7f27a21c0490] -> #17 io_loop_handler_run_internal[0x7f27a21c1e20] -> #18 io_loop_handler_run[0x7f27a21c05c0] -> #19 io_loop_run[0x7f27a21c0810] -> #20 master_service_run[0x7f27a212d5b0] -> #21 main[0x55c930
 e8
>  dd10] -> #22 __libc_start_main[0x7f27a14901f0] -> #23 _start[0x55c930e8e2c0] -> #24 [no start/end information]
> Mar 30 15:54:06 imap16 dovecot: auth: Fatal: master: service(auth): child 6133 killed with signal 6 (core dumped)
> 
> 
> Config:
> 
> # 2.3.9.2 (844fc8246): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.9 (db4e9a2f)
> # OS: Linux 4.9.0-12-amd64 x86_64 Debian 9.12
> # Hostname: imap16.domain.de
> auth_default_realm = domain.de
> auth_failure_delay = 0
> auth_mechanisms = plain login cram-md5
> auth_username_format = %{if;%d;eq;domain.de;%n at olddomain.de;%u}
> auth_verbose = yes
> base_dir = /var/run/dovecot/
> default_client_limit = 4096
> default_internal_user = pop
> default_process_limit = 400
> default_vsz_limit = 1 G
> doveadm_password = # hidden, use -P to show it
> first_valid_uid = 48
> import_environment = TZ
> last_valid_uid = 48
> login_trusted_networks = 192.168.11.0/24
> mail_gid = pop
> mail_plugins = " mail_log notify zlib quota"
> mail_uid = pop
> passdb {
>   args = /etc/dovecot/conf.d/dovecot-ldap-domain-proxy.conf.ext
>   driver = ldap
>   result_failure = return-fail
>   result_success = continue-ok
> }
> passdb {
>   args = allow_real_nets=192.168.11.0/24
>   driver = static
>   result_failure = continue-ok
> }
> passdb {
>   args = /etc/dovecot/conf.d/dovecot-ldap-domain-protocol-deny.conf.ext
>   driver = ldap
>   result_failure = return-ok
>   result_success = return-fail
> }
> passdb {
>   args = /etc/dovecot/passdb-domain-ldap-cram.conf.ext
>   driver = ldap
>   mechanisms = CRAM-MD5
>   result_failure = continue-fail
>   result_success = continue-ok
> }
> passdb {
>   args = /etc/dovecot/passdb-domain-ldap.conf.ext
>   driver = ldap
>   mechanisms = LOGIN,PLAIN
>   result_failure = return-fail
>   result_success = continue-ok
> }
> plugin {
>   mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
>   mail_log_fields = uid box msgid size
>   zlib_save = gz
>   zlib_save_level = 6
> }
> protocols = " imap pop3"
> service auth {
>   unix_listener auth-client {
>     group = dovecot_auth
>     mode = 0660
>     user = $default_internal_user
>   }
> }
> service doveadm {
>   group = pop
>   inet_listener {
>     port = 12345
>   }
>   user = pop
> }
> service imap-login {
>   process_min_avail = 24
>   service_count = 0
> }
> service pop3-login {
>   process_min_avail = 24
>   service_count = 0
> }
> ssl = required
> ssl_cert = </etc/ssl/certs/star_domain_de.crt
> ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> verbose_proctitle = yes

More information about the dovecot mailing list