dovecot - Jul 2016 - [2.2.25 auth issue] auth-request.c: line 1049 (auth_request_lookup_credentials): assertion failed: (request->credentials_scheme == scheme)

Hello Aki.

Here it is. Some sensitive data was replaced by ***.

# 2.2.25 (7be1766): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.15 (97b3da0)
# OS: Linux 3.10.0-***.el7.x86_64 x86_64 CentOS Linux release 7.***
(Core)  ext4
auth_cache_negative_ttl = 15 secs
auth_cache_size = 8 M
auth_cache_ttl = 15 secs
auth_default_realm = ***
auth_mechanisms = plain login digest-md5 cram-md5 ntlm
auth_username_chars = abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.,;=-_@
auth_username_format = %LTn@%LTd
auth_verbose = yes
auth_worker_max_count = 64
dict {
    last_login = mysql:/etc/dovecot/mailserver/last_login.dbconf
    sieve = mysql:/etc/dovecot/mailserver/sieve.dbconf
}
disable_plaintext_auth = no
import_environment = TZ
listen = *
lock_method = dotlock
log_timestamp = %F %T
login_greeting = *** Mail Server ready and serving (LXmail01).
mail_attachment_dir = /mailboxes/%1.16Nu/%Ld/.attachments
mail_attachment_hash = %{sha256}.%{size}
mail_attachment_min_size = 64 k
mail_cache_min_mail_count = 32
mail_gid = mailbox
mail_home = /mailboxes/%1.16Nu/%Ld/%2.256Nn/%Ln
mail_location = mdbox:/mailboxes/%1.16Nu/%Ld/%2.256Nn/%Ln
mail_max_keyword_length = 64
mail_plugins = quota fts fts_lucene zlib
mail_uid = mailbox
mailbox_idle_check_interval = 1 mins
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart extracttext
mdbox_rotate_interval = 90 days
mdbox_rotate_size = 4 M
namespace {
    inbox = yes
    location     mailbox Drafts {
      auto = no
      special_use = \Drafts
    }
    mailbox Sent {
      auto = subscribe
      special_use = \Sent
    }
    mailbox Spam {
      auto = create
      special_use = \Junk
    }
    mailbox Trash {
      auto = no
      special_use = \Trash
    }
    prefix     separator = /
}
passdb {
    args = /etc/dovecot/mailserver/mysql.dbconf
    driver = sql
}
plugin {
    fts = lucene
    fts_autoindex = yes
    fts_autoindex_max_recent_msgs = 65536
    fts_index_timeout = 900
    fts_lucene = whitespace_chars=@.,;-/
    last_login_dict = proxy::last_login
    last_login_key = last_login/%u
    quota = dict:user quota::file:%h/.quota
    quota_rule = *:bytes=2684354560
    quota_rule2 = Trash:bytes=+10%%
    quota_rule3 = Spam:bytes=+10%%
    sieve = dict:proxy::sieve;name=%Lu;bindir=/mail_local/sieve/cache
    sieve_dir = ~/sieve
    sieve_global_dir = /mail_local/sieve/global
    sieve_max_actions = 32
    sieve_max_redirects = 4
    sieve_max_script_size = 16K
    sieve_user_log = /mail_local/sieve/logs/%Lu.log
    sieve_vacation_dont_check_recipient = yes
    sieve_vacation_max_period = 0
    sieve_vacation_min_period = 0
    zlib_save = xz
    zlib_save_level = 1
}
service anvil {
    client_limit = 6666
}
service auth {
    client_limit = 6666
    unix_listener /var/spool/postfix/private/auth {
      group = postfix
      mode = 0660
      user = postfix
    }
    unix_listener auth-master {
      group = mailbox
      mode = 0600
      user = mailbox
    }
    user = $default_internal_user
}
service auth_worker {
    user = root
}
service dict {
    unix_listener dict {
      group = mailbox
      mode = 0600
      user = mailbox
    }
}
service imap-login {
    chroot = login
    client_limit = 2048
    inet_listener imaps {
      address = *
    }
    process_limit = 2048
    process_min_avail = 1
    service_count = 1
    user = dovecot
}
service imap {
    drop_priv_before_exec = no
    process_limit = 2048
}
service indexer-worker {
    process_limit = 2
}
service ipc {
    unix_listener ipc {
      group       mode = 0600
      user     }
    unix_listener login/ipc-proxy {
      group = dovecot
      mode = 0660
      user = $default_login_user
    }
}
service lmtp {
    unix_listener /var/spool/postfix/private/dovecot-lmtp {
      group = postfix
      mode = 0600
      user = postfix
    }
    unix_listener lmtp {
      group = mailbox
      mode = 0600
      user = mailbox
    }
}
service pop3-login {
    chroot = login
    client_limit = 2048
    inet_listener pop3s {
      address = *
    }
    process_limit = 2048
    process_min_avail = 1
    service_count = 1
    user = dovecot
}
service pop3 {
    drop_priv_before_exec = no
    process_limit = 2048
}
shutdown_clients = no
ssl_cert = </etc/ssl/email.crt
ssl_key = </etc/ssl/email.key
syslog_facility = local2
userdb {
    args = /etc/dovecot/mailserver/mysql.dbconf
    driver = sql
}
verbose_proctitle = yes
protocol imap {
    imap_client_workarounds = delay-newmail
    mail_max_userip_connections = 16
    mail_plugins = quota fts fts_lucene zlib imap_quota last_login
}
protocol pop3 {
    mail_max_userip_connections = 16
    mail_plugins = quota fts fts_lucene zlib last_login
    pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
    pop3_enable_last = yes
    pop3_save_uidl = yes
    pop3_uidl_duplicates = rename
    pop3_uidl_format = %08Xu%08Xv
}
protocol lda {
    auth_socket_path = /var/run/dovecot/auth-master
    lda_original_recipient_header = X-Original-To
    mail_debug = no
    mail_plugins = quota fts fts_lucene zlib sieve
    postmaster_address = postmaster@***
    quota_full_tempfail = no
    recipient_delimiter = +
}
protocol lmtp {
    lda_original_recipient_header = X-Original-To
    lmtp_save_to_detail_mailbox = yes
    mail_debug = no
    mail_plugins = quota fts fts_lucene zlib sieve
    postmaster_address = postmaster@***
    quota_full_tempfail = no
    recipient_delimiter = +
}
local_name LXmail.*** {
    ssl_cert = </etc/ssl/***.net.crt
    ssl_key = </etc/ssl/***.net.key
}
local_name LXmail01.*** {
    ssl_cert = </etc/ssl/***.net.crt
    ssl_key = </etc/ssl/***.net.key
}
local_name LXmail02.*** {
    ssl_cert = </etc/ssl/***.net.crt
    ssl_key = </etc/ssl/***.net.key
}
local_name LXmail03.*** {
    ssl_cert = </etc/ssl/***.net.crt
    ssl_key = </etc/ssl/***.net.key
}
local_name LXmail04.*** {
    ssl_cert = </etc/ssl/***.net.crt
    ssl_key = </etc/ssl/***.net.key
}

> Hi!
>
> Could you provide your doveconf -n so we could debug this?
>
> Aki
>

On 11.07.2016 20:58, Alexey Asemov (Alex/AT) wrote:
> Hello Aki.
>
Did you by chance test if this happens always, or in particular conditions?

Aki

Checked logs, it looks like completely random to me.

We do have users with special chars in passwords, including + - { } and 
so on, but log content on crashes don't seem related at all.

KR,

Alex


On 12.07.2016 16:34, Aki Tuomi wrote:
>
>
> On 11.07.2016 20:58, Alexey Asemov (Alex/AT) wrote:
>> Hello Aki.
>>
>
> Did you by chance test if this happens always, or in particular 
> conditions?
>
> Aki
>