Sven Hartge
2011-Mar-02 14:15 UTC
[Dovecot] Segfault in managesieve with "sieve_extensions = -redirect"
Hi!
I've got a segfault in managesieve while using:
sieve_extensions = -vacation -reject -spamtest -virustest -enotify -redirect
The problem seems to lie in "-redirect".
Reason for excluding "redirect" from sieve is my users should not use
sieve to forward or redirect mails but use an external method
(web-script to set LDAP attribute) which checks several things like
active spam-checker, existing target mailbox, etc.
The version ov dovecot ist 1:2.0.9-1~3.gbp785ad1~dvz60+1 on Debian
Squeeze which is from the Debian maintainers git repository recompiled
on Squeeze (I know, pretty wild.)
doveconf -n and backtrace follow:
-----------------------8<---------------------------------------------
# 2.0.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0
auth_username_format = %Ln
dict {
quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
disable_plaintext_auth = no
first_valid_gid = 1000
first_valid_uid = 1000
last_valid_gid = 1000
last_valid_uid = 1000
mail_access_groups = virtmail
mail_gid = virtmail
mail_location = mdbox:~/mdbox
mail_plugins = " quota zlib"
mail_uid = virtmail
mdbox_rotate_interval = 23 hours
mdbox_rotate_size = 25 M
namespace {
hidden = yes
inbox = yes
list = yes
location =
prefix = INBOX.
separator = .
subscriptions = yes
type = private
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
quota = dict:Benutzer-Quota::proxy::quota
quota_rule = *:storage=2G
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_extensions = -vacation -reject -spamtest -virustest -enotify -redirect
zlib_save = gz
zlib_save_level = 6
}
postmaster_address = postmaster at th-mittelhessen.de
protocols = imap pop3 sieve
service dict {
unix_listener dict {
group = virtmail
mode = 0660
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
driver = ldap
}
protocol lmtp {
mail_plugins = " quota zlib sieve"
}
protocol lda {
mail_plugins = " quota zlib sieve"
}
protocol imap {
mail_plugins = " quota zlib imap_quota imap_zlib"
}
-----------------------8<---------------------------------------------
(gdb) bt full
#0 sieve_extensions_set_string (svinst=<value optimized out>,
ext_string=<value optimized out>)
at sieve-extensions.c:567
ext = 0x0
op = 0 '\000'
name = 0x2375331 "redirect"
_data_stack_cur_id = 2
ext_reg = 0x23856c8
ext_names = 0x2375368
i = <value optimized out>
ext_count = <value optimized out>
relative = true
#1 0x00007fb2db4207c2 in sieve_extensions_init (svinst=0x2385680) at
sieve-extensions.c:256
extensions = <value optimized out>
ext = <value optimized out>
#2 0x00007fb2db426914 in sieve_init (env=0x40d700, context=<value optimized
out>, debug=false)
at sieve.c:83
svinst = 0x2385680
uint_setting = 0
size_setting = 37179544
pool = 0x2385660
#3 0x00000000004085ff in managesieve_capabilities_dump () at
managesieve-capabilities.c:125
svinst = <value optimized out>
notify_cap = <value optimized out>
#4 0x0000000000408af5 in main (argc=4, argv=0x237d370) at main.c:273
set_roots = {0x610040, 0x0}
service_flags = <value optimized out>
storage_service_flags = 0
postlogin_socket_path = 0x0
username = 0x0
c = <value optimized out>
-----------------------8<---------------------------------------------
Gr??e,
Sven.
--
Sig lost. Core dumped.
fakessh @
2011-Mar-02 15:46 UTC
[Dovecot] Segfault in managesieve with "sieve_extensions = -redirect"
I do not understand certain things in your dovecot-n
in my dovecot -n
there is a
plugin {
plugin = autocreate managesieve sieve
sieve = ~/.dovecot.sieve
sieve_before = /var/sieve-scripts/roundcube.sieve
sieve_dir = ~/sieve
sieve_global_path = whatever
autocreate = Trash
autocreate2 = Junk
autocreate3 = Sent
autocreate4 = Drafts
autosubscribe = Trash
autosubscribe2 = Junk
autosubscribe3 = Sent
autosubscribe4 = Drafts
}
this missing in your config
Le mercredi 02 mars 2011 ? 15:15 +0100, Sven Hartge a ?crit
:> Hi!
>
> I've got a segfault in managesieve while using:
> sieve_extensions = -vacation -reject -spamtest -virustest -enotify
-redirect
>
> The problem seems to lie in "-redirect".
>
> Reason for excluding "redirect" from sieve is my users should not
use
> sieve to forward or redirect mails but use an external method
> (web-script to set LDAP attribute) which checks several things like
> active spam-checker, existing target mailbox, etc.
>
> The version ov dovecot ist 1:2.0.9-1~3.gbp785ad1~dvz60+1 on Debian
> Squeeze which is from the Debian maintainers git repository recompiled
> on Squeeze (I know, pretty wild.)
>
> doveconf -n and backtrace follow:
>
> -----------------------8<---------------------------------------------
>
> # 2.0.9: /etc/dovecot/dovecot.conf
> # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0
> auth_username_format = %Ln
> dict {
> quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
> }
> disable_plaintext_auth = no
> first_valid_gid = 1000
> first_valid_uid = 1000
> last_valid_gid = 1000
> last_valid_uid = 1000
> mail_access_groups = virtmail
> mail_gid = virtmail
> mail_location = mdbox:~/mdbox
> mail_plugins = " quota zlib"
> mail_uid = virtmail
> mdbox_rotate_interval = 23 hours
> mdbox_rotate_size = 25 M
> namespace {
> hidden = yes
> inbox = yes
> list = yes
> location =
> prefix = INBOX.
> separator = .
> subscriptions = yes
> type = private
> }
> passdb {
> args = /etc/dovecot/dovecot-ldap.conf.ext
> driver = ldap
> }
> plugin {
> quota = dict:Benutzer-Quota::proxy::quota
> quota_rule = *:storage=2G
> sieve = ~/.dovecot.sieve
> sieve_dir = ~/sieve
> sieve_extensions = -vacation -reject -spamtest -virustest -enotify
-redirect
> zlib_save = gz
> zlib_save_level = 6
> }
> postmaster_address = postmaster at th-mittelhessen.de
> protocols = imap pop3 sieve
> service dict {
> unix_listener dict {
> group = virtmail
> mode = 0660
> }
> }
> service imap-login {
> inet_listener imap {
> port = 143
> }
> inet_listener imaps {
> port = 993
> ssl = yes
> }
> }
> service managesieve-login {
> inet_listener sieve {
> port = 4190
> }
> inet_listener sieve_deprecated {
> port = 2000
> }
> }
> service pop3-login {
> inet_listener pop3 {
> port = 110
> }
> inet_listener pop3s {
> port = 995
> ssl = yes
> }
> }
> ssl_cert = </etc/ssl/certs/dovecot.pem
> ssl_key = </etc/ssl/private/dovecot.pem
> userdb {
> args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
> driver = ldap
> }
> protocol lmtp {
> mail_plugins = " quota zlib sieve"
> }
> protocol lda {
> mail_plugins = " quota zlib sieve"
> }
> protocol imap {
> mail_plugins = " quota zlib imap_quota imap_zlib"
> }
>
> -----------------------8<---------------------------------------------
>
> (gdb) bt full
> #0 sieve_extensions_set_string (svinst=<value optimized out>,
ext_string=<value optimized out>)
> at sieve-extensions.c:567
> ext = 0x0
> op = 0 '\000'
> name = 0x2375331 "redirect"
> _data_stack_cur_id = 2
> ext_reg = 0x23856c8
> ext_names = 0x2375368
> i = <value optimized out>
> ext_count = <value optimized out>
> relative = true
> #1 0x00007fb2db4207c2 in sieve_extensions_init (svinst=0x2385680) at
sieve-extensions.c:256
> extensions = <value optimized out>
> ext = <value optimized out>
> #2 0x00007fb2db426914 in sieve_init (env=0x40d700, context=<value
optimized out>, debug=false)
> at sieve.c:83
> svinst = 0x2385680
> uint_setting = 0
> size_setting = 37179544
> pool = 0x2385660
> #3 0x00000000004085ff in managesieve_capabilities_dump () at
managesieve-capabilities.c:125
> svinst = <value optimized out>
> notify_cap = <value optimized out>
> #4 0x0000000000408af5 in main (argc=4, argv=0x237d370) at main.c:273
> set_roots = {0x610040, 0x0}
> service_flags = <value optimized out>
> storage_service_flags = 0
> postlogin_socket_path = 0x0
> username = 0x0
> c = <value optimized out>
>
> -----------------------8<---------------------------------------------
>
> Gr??e,
> Sven.
>
--
gpg --keyserver pgp.mit.edu --recv-key 092164A7
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20110302/6f51ff52/attachment-0002.bin>
Sven Hartge
2011-Mar-02 16:17 UTC
[Dovecot] Segfault in managesieve with "sieve_extensions?=?-redirect"
fakessh @ <fakessh at fakessh.eu> wrote:> I do not understand certain things in your dovecot-n> in my dovecot -n > there is a > plugin { > plugin = autocreate managesieve sieve > sieve = ~/.dovecot.sieve > sieve_before = /var/sieve-scripts/roundcube.sieve > sieve_dir = ~/sieve > sieve_global_path = whatever > autocreate = Trash > autocreate2 = Junk > autocreate3 = Sent > autocreate4 = Drafts > autosubscribe = Trash > autosubscribe2 = Junk > autosubscribe3 = Sent > autosubscribe4 = Drafts > }> this missing in your configYeah, so? I don't need autosubscritption, a global path or autocreation of folders. Of course those config options are missing then. My config is from a working example, I can toggle between "works fine" and "managesieve process segfaults" by removing or adding "-redirect" to the sieve_extensions parameter. Gr??e, Sven. -- Sig lost. Core dumped.
Stephan Bosch
2011-Mar-02 17:21 UTC
[Dovecot] Segfault in managesieve with "sieve_extensions = -redirect"
Op 2-3-2011 15:15, Sven Hartge schreef:> Hi! > > I've got a segfault in managesieve while using: > sieve_extensions = -vacation -reject -spamtest -virustest -enotify -redirect > > The problem seems to lie in "-redirect".The redirect command is part of the Sieve core specification and it is thus no extension. It's availability can therefore not be disabled using the sieve_extensions setting. When I wouldn't have made a bug here, you would have been warned with the following message: "ignored unknown extension 'redirect' while configuring available extensions" Instead, you got a segfault, which is now fixed: http://hg.rename-it.nl/dovecot-2.0-pigeonhole/rev/bb26cdb18bdf> Reason for excluding "redirect" from sieve is my users should not use > sieve to forward or redirect mails but use an external method > (web-script to set LDAP attribute) which checks several things like > active spam-checker, existing target mailbox, etc. > > The version ov dovecot ist 1:2.0.9-1~3.gbp785ad1~dvz60+1 on Debian > Squeeze which is from the Debian maintainers git repository recompiled > on Squeeze (I know, pretty wild.)Hmm, considering what Sieve RFC 5228 says: "Implementations MAY ignore a redirect action silently due to policy reasons. For example, an implementation MAY choose not to redirect to an address that is known to be undeliverable. Any ignored redirect MUST NOT cancel the implicit keep." (page 24) "(2) MUST provide the means for administrators to limit the ability of users to abuse redirect. In particular, it MUST be possible to limit the number of redirects a script can perform. Additionally, if no use cases exist for using redirect to multiple destinations, this limit SHOULD be set to 1. Additional limits, such as the ability to restrict redirect to local users, MAY also be implemented." (page 38) "Allowing redirects at all may not be appropriate in situations where email accounts are freely available and/or not trackable to a human who can be held accountable for creating message bombs or other abuse." (page 39) Unfortunately, we currently don't have a means to actually disable redirect. The number of redirects can be limited using the existing sieve_max_redirects option, but a value of 0 stands for 'unlimited', meaning that 1 is the minimum. In hindsight, this was a really bad choice :) So we have two options: - Change the meaning of 0 for sieve_max_redirects. It's quite likely no one has set this to 0. - Add a separate setting to disable redirect, e.g. sieve_redirect_disable. Not sure what to choose yet. Regards, Stephan.