<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div><blockquote type="cite" class=""><div class="">On Mar 28, 2019, at 10:29 AM, Aki Tuomi via dovecot <<a href="mailto:dovecot@dovecot.org" class="">dovecot@dovecot.org</a>> wrote:</div><div class="">
<meta charset="UTF-8" class="">
<div class="">
<div class="">
<br class="">
</div>
<blockquote type="cite" class="">
<div class="">
On 28 March 2019 16:08 Robert Kudyba via dovecot <<a href="mailto:dovecot@dovecot.org" class="">dovecot@dovecot.org</a>> wrote:
</div>
<div class="">
<br class="">
</div>
<div class="">
<br class="">
</div>
<div class="">
<div class="" style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;">
<span class="" style="font-variant-ligatures: no-common-ligatures;">dovecot-2.3.3-1.fc29.x86_64</span>
</div>
</div>
<div class="">
<br class="">
</div>
<div class="">
<div class="" style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;">
<span class="" style="font-variant-ligatures: no-common-ligatures;">Mar 28 10:04:47 auth: Panic: file http-client-request.c: line 283 (http_client_request_unref): assertion failed: (req->refcount > 0)</span>
</div>
<div class="" style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;">
<span class="" style="font-variant-ligatures: no-common-ligatures;">Mar 28 10:04:47 auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0xe34fb) [0x7fe76e0834fb] -> /usr/lib64/dovecot/libdovecot.so.0(+0xe3597) [0x7fe76e083597] -> /usr/lib64/dovecot/libdovecot.so.0(+0x51207) [0x7fe76dff1207] -> /usr/lib64/dovecot/libdovecot.so.0(+0x4972b) [0x7fe76dfe972b] -> /usr/lib64/dovecot/libdovecot.so.0(http_client_request_destroy+0x107) [0x7fe76e02cf87] -> /usr/lib64/dovecot/libdovecot.so.0(http_client_deinit+0x4c) [0x7fe76e03b9ec] -> dovecot/auth(auth_policy_deinit+0x1e) [0x55facfdb350e] -> dovecot/auth(main+0x3e1) [0x55facfdae3c1] -> /lib64/libc.so.6(__libc_start_main+0xf3) [0x7fe76dd93413] -> dovecot/auth(_start+0x2e) [0x55facfdae57e]</span>
</div>
<div class="" style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;">
<span class="" style="font-variant-ligatures: no-common-ligatures;">Mar 28 10:04:47 auth: Fatal: master: service(auth): child 31162 killed with signal 6 (core not dumped - <a class="" href="https://urldefense.proofpoint.com/v2/url?u=https-3A__dovecot.org_bugreport.html-23coredumps&d=DwMCaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=IGBmGF0IssHPP5aIO3xrxNm2mUwwDP12018rdFC0vuo&s=IoU3mYEwgiux42XqobrYw4SyE39GjhvuBXoXWA42HKY&e=">https://dovecot.org/bugreport.html#coredumps</a> - set /proc/sys/fs/suid_dumpable to 2)</span>
</div>
<div class="" style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;">
<span class="" style="font-variant-ligatures: no-common-ligatures;">Mar 28 10:04:48 master: Info: Dovecot v2.3.3 (dcead646b) starting up for imap, pop3</span>
</div>
</div>
<div class="">
<span class="" style="font-variant-ligatures: no-common-ligatures;"><br class=""></span>
</div>
</blockquote>
<div class="">
Hi,
</div>
<div class="">
<br class="">
</div>
<div class="">
this is a known issue as DOV-3019 and we are fixing this. It happens during auth process shutdown if there are pending requests.</div></div></div></blockquote></div><div class=""><br class=""></div>Another issue is that the dovecot logs always report the offending URL or IP as what’s in <span style="font-family: Menlo; font-size: 11px;" class="">/etc/dovecot/conf.d/95-auth.conf</span><span style="font-family: Menlo; font-size: 11px;" class=""> in our case:</span><div class=""><span style="font-family: Menlo; font-size: 11px;" class="">auth_policy_server_url = </span><a href="https://dsm.dsm.fordham.edu:8084/" style="font-family: Menlo; font-size: 11px;" class=""><span style="-webkit-font-kerning: none; color: rgb(53, 134, 255);" class="">https://ourdomain:8084/</span></a><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; min-height: 13px;" class=""><span style="font-kerning: none" class=""></span><br class=""></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-kerning: none" class="">These are HTTP errors in the logs:</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; min-height: 13px;" class=""><span style="font-kerning: none" class=""></span><br class=""></div><div style="margin: 0px; font-stretch: normal; line-height: normal; min-height: 14px;" class=""><span style="font-family: Menlo; font-size: 11px;" class="">Mar 28 09:58:04 auth: Debug: client in: AUTH</span><span class="Apple-tab-span" style="font-family: Menlo; font-size: 11px; white-space: pre;"> </span><span style="font-family: Menlo; font-size: 11px;" class="">1</span><span class="Apple-tab-span" style="font-family: Menlo; font-size: 11px; white-space: pre;"> </span><span style="font-family: Menlo; font-size: 11px;" class="">PLAIN</span><span class="Apple-tab-span" style="font-family: Menlo; font-size: 11px; white-space: pre;"> </span><span style="font-family: Menlo; font-size: 11px;" class="">service=imap</span><span class="Apple-tab-span" style="font-family: Menlo; font-size: 11px; white-space: pre;"> </span><span style="font-family: Menlo; font-size: 11px;" class="">secured</span><span class="Apple-tab-span" style="font-family: Menlo; font-size: 11px; white-space: pre;"> </span><span style="font-family: Menlo; font-size: 11px;" class="">session=lmNw8SeFoMl/AAAB</span><span class="Apple-tab-span" style="font-family: Menlo; font-size: 11px; white-space: pre;"> </span><span style="font-family: Menlo; font-size: 11px;" class="">lip=127.0.0.1</span><span class="Apple-tab-span" style="font-family: Menlo; font-size: 11px; white-space: pre;"> </span><span style="font-family: Menlo; font-size: 11px;" class="">rip=127.0.0.1</span><span class="Apple-tab-span" style="font-family: Menlo; font-size: 11px; white-space: pre;"> </span><span style="font-family: Menlo; font-size: 11px;" class="">lport=143</span><span class="Apple-tab-span" style="font-family: Menlo; font-size: 11px; white-space: pre;"> </span><span style="font-family: Menlo; font-size: 11px;" class="">rport=51616</span><span class="Apple-tab-span" style="font-family: Menlo; font-size: 11px; white-space: pre;"> </span><span style="font-family: Menlo; font-size: 11px;" class="">resp=<hidden></span><span style="font-kerning: none" class=""></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-kerning: none" class="">Mar 28 09:58:04 auth: Debug: policy(unclroot,127.0.0.1,<lmNw8SeFoMl/AAAB>): Policy request <a href="https://dsm.dsm.fordham.edu:8084/?command=allow" class=""><span style="-webkit-font-kerning: none; color: rgb(53, 134, 255);" class="">https://ourdomain:8084/?command=allow</span></a></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-kerning: none" class="">Mar 28 09:58:04 auth: Debug: policy(unclroot,127.0.0.1,<lmNw8SeFoMl/AAAB>): Policy server request JSON: {"device_id":"","login":"unclroot","protocol":"imap","pwhash":"68","remote":"127.0.0.1","tls":false}</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-kerning: none" class="">Mar 28 09:58:04 auth: Debug: http-client[1]: request [Req11: POST <a href="https://dsm.dsm.fordham.edu:8084/?command=allow%5D:" class=""><span style="-webkit-font-kerning: none; color: rgb(53, 134, 255);" class="">https://ourdomain:8084/?command=allow]:</span></a> Error: 9003 Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-kerning: none" class="">Mar 28 09:58:04 auth: Debug: http-client[1]: request [Req11: POST <a href="https://dsm.dsm.fordham.edu:8084/?command=allow%5D:" class=""><span style="-webkit-font-kerning: none; color: rgb(53, 134, 255);" class="">https://ourdomain:8084/?command=allow]:</span></a> Submitted (requests left=3)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-kerning: none" class="">Mar 28 09:58:04 auth: Error: policy(unclroot,127.0.0.1,<lmNw8SeFoMl/AAAB>): Policy server HTTP error: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-kerning: none" class="">Mar 28 09:58:04 auth: Debug: http-client[1]: request [Req11: POST <a href="https://dsm.dsm.fordham.edu:8084/?command=allow%5D:" class=""><span style="-webkit-font-kerning: none; color: rgb(53, 134, 255);" class="">https://ourdomain:8084/?command=allow]:</span></a> Destroy (requests left=3)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-kerning: none" class="">Mar 28 09:58:04 auth: Debug: http-client[1]: request [Req11: POST <a href="https://dsm.dsm.fordham.edu:8084/?command=allow%5D:" class=""><span style="-webkit-font-kerning: none; color: rgb(53, 134, 255);" class="">https://ourdomain:8084/?command=allow]:</span></a> Free (requests left=2)</span></div></div><div class=""><span style="font-kerning: none" class=""><br class=""></span></div></div><div class=""><span style="font-kerning: none" class=""><br class=""></span></div><div class=""><span style="font-kerning: none" class="">So wforce is always recording the “bad” IP as 127.0.0.1 or the FQDN, and not the actual user IP. Is there another place to set this?</span></div><div class=""><span style="font-kerning: none" class=""><br class=""></span></div><div class=""><span style="font-kerning: none" class="">Perhaps I have to set this in wforce.conf?</span></div><div class=""><span style="font-kerning: none" class="">webserver("0.0.0.0:8084", “ourpassword")</span></div></body></html>