Matthieu Herrb
2021-Nov-03 10:34 UTC
stale (?) .dovecot.svbin causing segfault in dovecot-lda
Hi,
I've not touched the sieve filters I'm using for a long time (last
modification 2 years ago), but I've upgraded the dovecot package and
the system of my mail server.
~/.dovecot.svbin has not been updated, but I found out today that it
would cause dovecot-lda to crash on some specifig messages (and fail
to deliver them). Most of the mails (>99.9%) are delivered ok though.
Here's the trace of the crash in the system logs :
Nov 3 08:48:13 nowhere dovecot:
lda(matthieu)<33178><DvDOErY+gmGagQAAB9SSGw>: Panic: Buffer write
out of range (0 + 1)
Nov 3 08:48:15 nowhere smtpd[37379]: ac2aaecba4099baa mda delivery
evpid=b9346ef1d2a6c223 from=<REDACTED> to=<matthieu at herrb.eu>
rcpt=<matthieu at herrb.eu> user=matthieu delay=12s result=PermFail
stat=Error ("Abort trap (core dumped) ")
After removing the old file, dovecot-lda is able to deliver the
message that caused the crash whitout issues.
Shouldn't ~/.dovecot.svbin be automatically be re-generated on dovecot
version changes ? or is it dependant on other things (like system libs
changing) ?
Some details:
I'm running OpenBSD (7.0 right now, was 6.9 before and probably 6.5
the last time .dovecot.svbin was generated). My logs show that the
issue has also been happening with OpenBSD 6.9, but I never noticed
until today). OpenSMTP is configured to deliver the message through
dovecot-lda with:
action "deliver" \
mda "/usr/local/libexec/dovecot/dovecot-lda" \
alias <aliases>
in /etc/mail/smtpd.conf
Below is the output of doveadm config :
# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.16 (09c29328)
# OS: OpenBSD 7.0 amd64 ffs
# Hostname: nowhere.herrb.eu
# NOTE: Send doveconf -n output instead when asking for help.
auth_anonymous_username = anonymous
auth_cache_negative_ttl = 1 hours
auth_cache_size = 0
auth_cache_ttl = 1 hours
auth_cache_verify_password_with_worker = no
auth_debug = no
auth_debug_passwords = no
auth_default_realm =
auth_failure_delay = 2 secs
auth_gssapi_hostname =
auth_krb5_keytab =
auth_master_user_separator =
auth_mechanisms = plain
auth_policy_check_after_auth = yes
auth_policy_check_before_auth = yes
auth_policy_hash_mech = sha256
auth_policy_hash_nonce =
auth_policy_hash_truncate = 12
auth_policy_log_only = no
auth_policy_reject_on_fail = no
auth_policy_report_after_auth = yes
auth_policy_request_attributes = login=%{requested_username}
pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
session_id=%{session}
auth_policy_server_api_header =
auth_policy_server_timeout_msecs = 2000
auth_policy_server_url =
auth_proxy_self =
auth_realms =
auth_socket_path = auth-userdb
auth_ssl_require_client_cert = no
auth_ssl_username_from_cert = no
auth_stats = no
auth_use_winbind = no
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
auth_username_format = %Lu
auth_username_translation =
auth_verbose = yes
auth_verbose_passwords = no
auth_winbind_helper_path = /usr/bin/ntlm_auth
auth_worker_max_count = 30
base_dir = /var/dovecot
config_cache_size = 1 M
debug_log_path =
default_client_limit = 500
default_idle_kill = 1 mins
default_internal_group = _dovecot
default_internal_user = _dovecot
default_login_user = _dovenull
default_process_limit = 100
default_vsz_limit = 256 M
deliver_log_format = msgid=%m: %$
dict_db_config =
director_flush_socket =
director_mail_servers =
director_max_parallel_kicks = 100
director_max_parallel_moves = 100
director_output_buffer_size = 10 M
director_ping_idle_timeout = 30 secs
director_ping_max_timeout = 1 mins
director_servers =
director_user_expire = 15 mins
director_user_kick_delay = 2 secs
director_username_hash = %u
disable_plaintext_auth = yes
dotlock_use_excl = yes
doveadm_allowed_commands =
doveadm_api_key =
doveadm_http_rawlog_dir =
doveadm_password =
doveadm_port = 0
doveadm_socket_path = doveadm-server
doveadm_ssl = no
doveadm_username = doveadm
doveadm_worker_count = 0
dsync_alt_char = _
dsync_commit_msgs_interval = 100
dsync_features =
dsync_hashed_headers = Date Message-ID
dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U
first_valid_gid = 1
first_valid_uid = 1000
haproxy_timeout = 3 secs
haproxy_trusted_networks =
hostname =
imap_capability =
imap_client_workarounds =
imap_fetch_failure = disconnect-immediately
imap_hibernate_timeout = 0
imap_id_log =
imap_id_retain = no
imap_id_send = name *
imap_idle_notify_interval = 2 mins
imap_literal_minus = no
imap_logout_format = in=%i out=%o deleted=%{deleted} expunged=%{expunged}
trashed=%{trashed} hdr_count=%{fetch_hdr_count} hdr_bytes=%{fetch_hdr_bytes}
body_count=%{fetch_body_count} body_bytes=%{fetch_body_bytes}
imap_max_line_length = 64 k
imap_metadata = no
imap_urlauth_host =
imap_urlauth_logout_format = in=%i out=%o
imap_urlauth_port = 143
imapc_cmd_timeout = 5 mins
imapc_connection_retry_count = 1
imapc_connection_retry_interval = 1 secs
imapc_features =
imapc_host =
imapc_list_prefix =
imapc_master_user =
imapc_max_idle_time = 29 mins
imapc_max_line_length = 0
imapc_password =
imapc_port = 143
imapc_rawlog_dir =
imapc_sasl_mechanisms =
imapc_ssl = no
imapc_ssl_verify = yes
imapc_user =
import_environment = TZ CORE_OUTOFMEM CORE_ERROR
info_log_path =
instance_name = dovecot
last_valid_gid = 0
last_valid_uid = 0
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
lda_original_recipient_header =
libexec_dir = /usr/local/libexec/dovecot
listen = *, ::
lmtp_add_received_header = yes
lmtp_client_workarounds =
lmtp_hdr_delivery_address = final
lmtp_proxy = no
lmtp_proxy_rawlog_dir =
lmtp_rawlog_dir =
lmtp_rcpt_check_quota = no
lmtp_save_to_detail_mailbox = no
lmtp_user_concurrency_limit = 0
lock_method = fcntl
log_core_filter =
log_debug =
log_path = syslog
log_timestamp = "%b %d %H:%M:%S "
login_access_sockets =
login_greeting = Dovecot ready.
login_log_format = %$: %s
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
session=<%{session}>
login_plugin_dir = /usr/local/lib/dovecot/login
login_plugins =
login_proxy_max_disconnect_delay = 0
login_proxy_max_reconnects = 3
login_proxy_notify_path = proxy-notify
login_proxy_timeout = 30 secs
login_source_ips =
login_trusted_networks =
mail_access_groups =
mail_always_cache_fields =
mail_attachment_detection_options =
mail_attachment_dir =
mail_attachment_fs = sis posix
mail_attachment_hash = %{sha1}
mail_attachment_min_size = 128 k
mail_attribute_dict =
mail_cache_fields = flags
mail_cache_min_mail_count = 0
mail_chroot =
mail_debug = no
mail_fsync = optimized
mail_full_filesystem_access = no
mail_gid =
mail_home =
mail_location = maildir:/var/mail/Maildir/%u:INDEX=/var/mail/indexes/%u
mail_log_prefix = "%s(%u)<%{pid}><%{session}>: "
mail_max_keyword_length = 50
mail_max_lock_timeout = 0
mail_max_userip_connections = 10
mail_never_cache_fields = imap.envelope
mail_nfs_index = no
mail_nfs_storage = no
mail_plugin_dir = /usr/local/lib/dovecot
mail_plugins =
mail_prefetch_count = 0
mail_privileged_group =
mail_save_crlf = no
mail_server_admin =
mail_server_comment =
mail_shared_explicit_inbox = no
mail_sort_max_read_count = 0
mail_temp_dir = /tmp
mail_temp_scan_interval = 1 weeks
mail_uid =
mail_vsize_bg_after_count = 0
mailbox_idle_check_interval = 30 secs
mailbox_list_index = yes
mailbox_list_index_include_inbox = no
mailbox_list_index_very_dirty_syncs = no
maildir_broken_filename_sizes = no
maildir_copy_with_hardlinks = yes
maildir_empty_new = no
maildir_stat_dirs = no
maildir_very_dirty_syncs = no
managesieve_client_workarounds =
managesieve_implementation_string = Dovecot Pigeonhole
managesieve_logout_format = bytes=%i/%o
managesieve_max_compile_errors = 5
managesieve_max_line_length = 64 k
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext
master_user_separator =
mbox_dirty_syncs = yes
mbox_dotlock_change_timeout = 2 mins
mbox_lazy_writes = yes
mbox_lock_timeout = 5 mins
mbox_md5 = apop3d
mbox_min_index_size = 0
mbox_read_locks = fcntl
mbox_very_dirty_syncs = no
mbox_write_locks = fcntl
mdbox_preallocate_space = no
mdbox_rotate_interval = 0
mdbox_rotate_size = 10 M
mmap_disable = yes
namespace inbox {
disabled = no
hidden = no
ignore_on_failure = no
inbox = yes
list = yes
location =
mailbox Drafts {
auto = no
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Drafts
}
mailbox Junk {
auto = no
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Junk
}
mailbox Sent {
auto = no
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Sent
}
mailbox "Sent Messages" {
auto = no
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Sent
}
mailbox Trash {
auto = no
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Trash
}
order = 0
prefix =
separator = /
subscriptions = yes
type = private
}
old_stats_carbon_interval = 30 secs
old_stats_carbon_name =
old_stats_carbon_server =
old_stats_command_min_time = 1 mins
old_stats_domain_min_time = 12 hours
old_stats_ip_min_time = 12 hours
old_stats_memory_limit = 16 M
old_stats_session_min_time = 15 mins
old_stats_user_min_time = 1 hours
passdb {
args =
auth_verbose = default
default_fields =
deny = no
driver = bsdauth
master = no
mechanisms =
name =
override_fields =
pass = no
result_failure = continue
result_internalfail = continue
result_success = return-ok
skip = never
username_filter =
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
}
pop3_client_workarounds =
pop3_delete_type = default
pop3_deleted_flag =
pop3_enable_last = no
pop3_fast_size_lookups = no
pop3_lock_session = no
pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
pop3_no_flag_updates = no
pop3_reuse_xuidl = no
pop3_save_uidl = no
pop3_uidl_duplicates = allow
pop3_uidl_format = %08Xu%08Xv
pop3c_features =
pop3c_host =
pop3c_master_user =
pop3c_password =
pop3c_port = 110
pop3c_quick_received_date = no
pop3c_rawlog_dir =
pop3c_ssl = no
pop3c_ssl_verify = yes
pop3c_user = %u
postmaster_address = postmaster@%{if;%d;ne;;%d;%{hostname}}
protocols = imap lmtp sieve
quota_full_tempfail = no
rawlog_dir =
recipient_delimiter = +
rejection_reason = Your message to <%t> was automatically rejected:%n%r
rejection_subject = Rejected: %s
replication_dsync_parameters = -d -N -l 30 -U
replication_full_sync_interval = 1 days
replication_max_conns = 10
replicator_host = replicator
replicator_port = 0
sendmail_path = /usr/sbin/sendmail
service aggregator {
chroot = .
client_limit = 0
drop_priv_before_exec = no
executable = aggregator
extra_groups =
fifo_listener replication-notify-fifo {
group =
mode = 0600
user =
}
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener replication-notify {
group =
mode = 0600
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service anvil {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = anvil
extra_groups =
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 1
protocol =
service_count = 0
type = anvil
unix_listener anvil-auth-penalty {
group =
mode = 0600
user =
}
unix_listener anvil {
group =
mode = 0600
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service auth-worker {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = auth -w
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type = worker
unix_listener auth-worker {
group =
mode = 0600
user = $default_internal_user
}
user =
vsz_limit = 18446744073709551615 B
}
service auth {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = auth
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener auth-client {
group =
mode = 0600
user = $default_internal_user
}
unix_listener auth-login {
group =
mode = 0600
user = $default_internal_user
}
unix_listener auth-master {
group =
mode = 0600
user =
}
unix_listener auth-userdb {
group =
mode = 0666
user = $default_internal_user
}
unix_listener login/login {
group =
mode = 0666
user =
}
unix_listener token-login/tokenlogin {
group =
mode = 0666
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service config {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = config
extra_groups =
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type = config
unix_listener config {
group =
mode = 0600
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service dict-async {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = dict
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener dict-async {
group = $default_internal_group
mode = 0660
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service dict {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = dict
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener dict {
group = $default_internal_group
mode = 0660
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service director {
chroot = .
client_limit = 0
drop_priv_before_exec = no
executable = director
extra_groups =
fifo_listener login/proxy-notify {
group =
mode = 00
user =
}
group =
idle_kill = 4294967295 secs
inet_listener {
address =
haproxy = no
port = 0
reuse_port = no
ssl = no
}
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener director-admin {
group =
mode = 0600
user =
}
unix_listener director-userdb {
group =
mode = 0600
user =
}
unix_listener login/director {
group =
mode = 00
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service dns-client {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = dns-client
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener dns-client {
group =
mode = 0666
user =
}
unix_listener login/dns-client {
group =
mode = 0666
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service doveadm {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = doveadm-server
extra_groups = $default_internal_group
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 1
type =
unix_listener doveadm-server {
group =
mode = 0600
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service health-check {
chroot =
client_limit = 1
drop_priv_before_exec = yes
executable = script -p health-check.sh
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service imap-hibernate {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = imap-hibernate
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = imap
service_count = 0
type =
unix_listener imap-hibernate {
group = $default_internal_group
mode = 0660
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service imap-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = imap-login
extra_groups =
group =
idle_kill = 0
inet_listener imap {
address =
haproxy = no
port = 0
reuse_port = no
ssl = no
}
inet_listener imaps {
address =
haproxy = no
port = 993
reuse_port = no
ssl = yes
}
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = imap
service_count = 1
type = login
user = $default_login_user
vsz_limit = 18446744073709551615 B
}
service imap-urlauth-login {
chroot = token-login
client_limit = 0
drop_priv_before_exec = no
executable = imap-urlauth-login
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = imap
service_count = 1
type = login
unix_listener imap-urlauth {
group =
mode = 0666
user =
}
user = $default_login_user
vsz_limit = 18446744073709551615 B
}
service imap-urlauth-worker {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = imap-urlauth-worker
extra_groups = $default_internal_group
group =
idle_kill = 0
privileged_group =
process_limit = 1024
process_min_avail = 0
protocol = imap
service_count = 1
type =
unix_listener imap-urlauth-worker {
group =
mode = 0600
user = $default_internal_user
}
user =
vsz_limit = 18446744073709551615 B
}
service imap-urlauth {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = imap-urlauth
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1024
process_min_avail = 0
protocol = imap
service_count = 1
type =
unix_listener token-login/imap-urlauth {
group =
mode = 0666
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service imap {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = imap
extra_groups = $default_internal_group
group =
idle_kill = 0
privileged_group =
process_limit = 1024
process_min_avail = 0
protocol = imap
service_count = 1
type =
unix_listener imap-master {
group =
mode = 0600
user =
}
unix_listener login/imap {
group =
mode = 0666
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service indexer-worker {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = indexer-worker
extra_groups = $default_internal_group
group =
idle_kill = 0
privileged_group =
process_limit = 10
process_min_avail = 0
protocol =
service_count = 0
type = worker
unix_listener indexer-worker {
group =
mode = 0600
user = $default_internal_user
}
user =
vsz_limit = 18446744073709551615 B
}
service indexer {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = indexer
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener indexer {
group =
mode = 0666
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service ipc {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = ipc
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener ipc {
group =
mode = 0600
user = $default_internal_user
}
unix_listener login/ipc-proxy {
group =
mode = 0600
user = $default_login_user
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service lmtp {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = lmtp
extra_groups = $default_internal_group
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = lmtp
service_count = 0
type =
unix_listener lmtp {
group =
mode = 0666
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service log {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = log
extra_groups =
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type = log
unix_listener log-errors {
group =
mode = 0600
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service managesieve-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = managesieve-login
extra_groups =
group =
idle_kill = 0
inet_listener sieve {
address =
haproxy = no
port = 4190
reuse_port = no
ssl = no
}
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = sieve
service_count = 1
type = login
user = $default_login_user
vsz_limit = 18446744073709551615 B
}
service managesieve {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = managesieve
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = sieve
service_count = 1
type =
unix_listener login/sieve {
group =
mode = 0666
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service old-stats {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = old-stats
extra_groups =
fifo_listener old-stats-mail {
group =
mode = 0600
user =
}
fifo_listener old-stats-user {
group =
mode = 0600
user =
}
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener old-stats {
group =
mode = 0600
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service pop3-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = pop3-login
extra_groups =
group =
idle_kill = 0
inet_listener pop {
address =
haproxy = no
port = 0
reuse_port = no
ssl = no
}
inet_listener pop3 {
address =
haproxy = no
port = 110
reuse_port = no
ssl = no
}
inet_listener pop3s {
address =
haproxy = no
port = 995
reuse_port = no
ssl = yes
}
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = pop3
service_count = 1
type = login
user = $default_login_user
vsz_limit = 18446744073709551615 B
}
service pop3 {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = pop3
extra_groups = $default_internal_group
group =
idle_kill = 0
privileged_group =
process_limit = 1024
process_min_avail = 0
protocol = pop3
service_count = 1
type =
unix_listener login/pop3 {
group =
mode = 0666
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service replicator {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = replicator
extra_groups =
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener replicator-doveadm {
group =
mode = 00
user = $default_internal_user
}
unix_listener replicator {
group =
mode = 0600
user = $default_internal_user
}
user =
vsz_limit = 18446744073709551615 B
}
service stats {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = stats
extra_groups =
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener stats-reader {
group =
mode = 0600
user =
}
unix_listener stats-writer {
group = $default_internal_group
mode = 0666
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service submission-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = submission-login
extra_groups =
group =
idle_kill = 0
inet_listener submission {
address =
haproxy = no
port = 587
reuse_port = no
ssl = no
}
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = submission
service_count = 1
type = login
user = $default_login_user
vsz_limit = 18446744073709551615 B
}
service submission {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = submission
extra_groups = $default_internal_group
group =
idle_kill = 0
privileged_group =
process_limit = 1024
process_min_avail = 0
protocol = submission
service_count = 1
type =
unix_listener login/submission {
group =
mode = 0666
user =
}
user =
vsz_limit = 18446744073709551615 B
}
shutdown_clients = yes
ssl = yes
ssl_alt_cert =
ssl_alt_key =
ssl_ca =
ssl_cert = </etc/ssl/herrb.eu.fullchain.pem
ssl_cert_username_field = commonName
ssl_cipher_list =
ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW
at STRENGTH
ssl_cipher_suites =
ssl_client_ca_dir =
ssl_client_ca_file =
ssl_client_cert =
ssl_client_key =
ssl_client_require_valid_cert = yes
ssl_crypto_device =
ssl_curve_list =
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_key_password =
ssl_min_protocol = TLSv1.2
ssl_options =
ssl_prefer_server_ciphers = no
ssl_require_crl = yes
ssl_verify_client_cert = no
state_dir = /var/dovecot
stats_http_rawlog_dir =
stats_writer_socket_path = stats-writer
submission_client_workarounds =
submission_host =
submission_logout_format = in=%i out=%o
submission_max_mail_size = 0
submission_max_recipients = 0
submission_relay_command_timeout = 5 mins
submission_relay_connect_timeout = 30 secs
submission_relay_host =
submission_relay_master_user =
submission_relay_max_idle_time = 29 mins
submission_relay_password =
submission_relay_port = 25
submission_relay_rawlog_dir =
submission_relay_ssl = no
submission_relay_ssl_verify = yes
submission_relay_trusted = no
submission_relay_user =
submission_ssl = no
submission_timeout = 30 secs
syslog_facility = mail
userdb {
args =
auth_verbose = default
default_fields =
driver = passwd
name =
override_fields =
result_failure = continue
result_internalfail = continue
result_success = return-ok
skip = never
}
valid_chroot_dirs =
verbose_proctitle = no
verbose_ssl = yes
version_ignore = no
protocol lmtp {
mail_plugins = " sieve"
}
protocol lda {
mail_plugins = " sieve"
}
--
Matthieu Herrb
Stephan Bosch
2021-Nov-05 21:53 UTC
stale (?) .dovecot.svbin causing segfault in dovecot-lda
On 03/11/2021 11:34, Matthieu Herrb wrote:> Hi, > > I've not touched the sieve filters I'm using for a long time (last > modification 2 years ago), but I've upgraded the dovecot package and > the system of my mail server. > > ~/.dovecot.svbin has not been updated, but I found out today that it > would cause dovecot-lda to crash on some specifig messages (and fail > to deliver them). Most of the mails (>99.9%) are delivered ok though. > > Here's the trace of the crash in the system logs : > > Nov 3 08:48:13 nowhere dovecot: lda(matthieu)<33178><DvDOErY+gmGagQAAB9SSGw>: Panic: Buffer write out of range (0 + 1) > Nov 3 08:48:15 nowhere smtpd[37379]: ac2aaecba4099baa mda delivery evpid=b9346ef1d2a6c223 from=<REDACTED> to=<matthieu at herrb.eu> rcpt=<matthieu at herrb.eu> user=matthieu delay=12s result=PermFail stat=Error ("Abort trap (core dumped) ") > > After removing the old file, dovecot-lda is able to deliver the > message that caused the crash whitout issues. > > Shouldn't ~/.dovecot.svbin be automatically be re-generated on dovecot > version changes ?Yes, definitely.> Some details: > > I'm running OpenBSD (7.0 right now, was 6.9 before and probably 6.5 > the last time .dovecot.svbin was generated). My logs show that the > issue has also been happening with OpenBSD 6.9, but I never noticed > until today). OpenSMTP is configured to deliver the message through > dovecot-lda with: > > action "deliver" \ > mda "/usr/local/libexec/dovecot/dovecot-lda" \ > alias <aliases> > > in /etc/mail/smtpd.conf >I'd need at least the Sieve script and the .svbin or, better yet, a backtrace of the panic core dump. Regards, Stephan.> Below is the output of doveadm config : > > # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.5.16 (09c29328) > # OS: OpenBSD 7.0 amd64 ffs > # Hostname: nowhere.herrb.eu > # NOTE: Send doveconf -n output instead when asking for help. > auth_anonymous_username = anonymous > auth_cache_negative_ttl = 1 hours > auth_cache_size = 0 > auth_cache_ttl = 1 hours > auth_cache_verify_password_with_worker = no > auth_debug = no > auth_debug_passwords = no > auth_default_realm > auth_failure_delay = 2 secs > auth_gssapi_hostname > auth_krb5_keytab > auth_master_user_separator > auth_mechanisms = plain > auth_policy_check_after_auth = yes > auth_policy_check_before_auth = yes > auth_policy_hash_mech = sha256 > auth_policy_hash_nonce > auth_policy_hash_truncate = 12 > auth_policy_log_only = no > auth_policy_reject_on_fail = no > auth_policy_report_after_auth = yes > auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s session_id=%{session} > auth_policy_server_api_header > auth_policy_server_timeout_msecs = 2000 > auth_policy_server_url > auth_proxy_self > auth_realms > auth_socket_path = auth-userdb > auth_ssl_require_client_cert = no > auth_ssl_username_from_cert = no > auth_stats = no > auth_use_winbind = no > auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ > auth_username_format = %Lu > auth_username_translation > auth_verbose = yes > auth_verbose_passwords = no > auth_winbind_helper_path = /usr/bin/ntlm_auth > auth_worker_max_count = 30 > base_dir = /var/dovecot > config_cache_size = 1 M > debug_log_path > default_client_limit = 500 > default_idle_kill = 1 mins > default_internal_group = _dovecot > default_internal_user = _dovecot > default_login_user = _dovenull > default_process_limit = 100 > default_vsz_limit = 256 M > deliver_log_format = msgid=%m: %$ > dict_db_config > director_flush_socket > director_mail_servers > director_max_parallel_kicks = 100 > director_max_parallel_moves = 100 > director_output_buffer_size = 10 M > director_ping_idle_timeout = 30 secs > director_ping_max_timeout = 1 mins > director_servers > director_user_expire = 15 mins > director_user_kick_delay = 2 secs > director_username_hash = %u > disable_plaintext_auth = yes > dotlock_use_excl = yes > doveadm_allowed_commands > doveadm_api_key > doveadm_http_rawlog_dir > doveadm_password > doveadm_port = 0 > doveadm_socket_path = doveadm-server > doveadm_ssl = no > doveadm_username = doveadm > doveadm_worker_count = 0 > dsync_alt_char = _ > dsync_commit_msgs_interval = 100 > dsync_features > dsync_hashed_headers = Date Message-ID > dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U > first_valid_gid = 1 > first_valid_uid = 1000 > haproxy_timeout = 3 secs > haproxy_trusted_networks > hostname > imap_capability > imap_client_workarounds > imap_fetch_failure = disconnect-immediately > imap_hibernate_timeout = 0 > imap_id_log > imap_id_retain = no > imap_id_send = name * > imap_idle_notify_interval = 2 mins > imap_literal_minus = no > imap_logout_format = in=%i out=%o deleted=%{deleted} expunged=%{expunged} trashed=%{trashed} hdr_count=%{fetch_hdr_count} hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count} body_bytes=%{fetch_body_bytes} > imap_max_line_length = 64 k > imap_metadata = no > imap_urlauth_host > imap_urlauth_logout_format = in=%i out=%o > imap_urlauth_port = 143 > imapc_cmd_timeout = 5 mins > imapc_connection_retry_count = 1 > imapc_connection_retry_interval = 1 secs > imapc_features > imapc_host > imapc_list_prefix > imapc_master_user > imapc_max_idle_time = 29 mins > imapc_max_line_length = 0 > imapc_password > imapc_port = 143 > imapc_rawlog_dir > imapc_sasl_mechanisms > imapc_ssl = no > imapc_ssl_verify = yes > imapc_user > import_environment = TZ CORE_OUTOFMEM CORE_ERROR > info_log_path > instance_name = dovecot > last_valid_gid = 0 > last_valid_uid = 0 > lda_mailbox_autocreate = yes > lda_mailbox_autosubscribe = yes > lda_original_recipient_header > libexec_dir = /usr/local/libexec/dovecot > listen = *, :: > lmtp_add_received_header = yes > lmtp_client_workarounds > lmtp_hdr_delivery_address = final > lmtp_proxy = no > lmtp_proxy_rawlog_dir > lmtp_rawlog_dir > lmtp_rcpt_check_quota = no > lmtp_save_to_detail_mailbox = no > lmtp_user_concurrency_limit = 0 > lock_method = fcntl > log_core_filter > log_debug > log_path = syslog > log_timestamp = "%b %d %H:%M:%S " > login_access_sockets > login_greeting = Dovecot ready. > login_log_format = %$: %s > login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c session=<%{session}> > login_plugin_dir = /usr/local/lib/dovecot/login > login_plugins > login_proxy_max_disconnect_delay = 0 > login_proxy_max_reconnects = 3 > login_proxy_notify_path = proxy-notify > login_proxy_timeout = 30 secs > login_source_ips > login_trusted_networks > mail_access_groups > mail_always_cache_fields > mail_attachment_detection_options > mail_attachment_dir > mail_attachment_fs = sis posix > mail_attachment_hash = %{sha1} > mail_attachment_min_size = 128 k > mail_attribute_dict > mail_cache_fields = flags > mail_cache_min_mail_count = 0 > mail_chroot > mail_debug = no > mail_fsync = optimized > mail_full_filesystem_access = no > mail_gid > mail_home > mail_location = maildir:/var/mail/Maildir/%u:INDEX=/var/mail/indexes/%u > mail_log_prefix = "%s(%u)<%{pid}><%{session}>: " > mail_max_keyword_length = 50 > mail_max_lock_timeout = 0 > mail_max_userip_connections = 10 > mail_never_cache_fields = imap.envelope > mail_nfs_index = no > mail_nfs_storage = no > mail_plugin_dir = /usr/local/lib/dovecot > mail_plugins > mail_prefetch_count = 0 > mail_privileged_group > mail_save_crlf = no > mail_server_admin > mail_server_comment > mail_shared_explicit_inbox = no > mail_sort_max_read_count = 0 > mail_temp_dir = /tmp > mail_temp_scan_interval = 1 weeks > mail_uid > mail_vsize_bg_after_count = 0 > mailbox_idle_check_interval = 30 secs > mailbox_list_index = yes > mailbox_list_index_include_inbox = no > mailbox_list_index_very_dirty_syncs = no > maildir_broken_filename_sizes = no > maildir_copy_with_hardlinks = yes > maildir_empty_new = no > maildir_stat_dirs = no > maildir_very_dirty_syncs = no > managesieve_client_workarounds > managesieve_implementation_string = Dovecot Pigeonhole > managesieve_logout_format = bytes=%i/%o > managesieve_max_compile_errors = 5 > managesieve_max_line_length = 64 k > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext > master_user_separator > mbox_dirty_syncs = yes > mbox_dotlock_change_timeout = 2 mins > mbox_lazy_writes = yes > mbox_lock_timeout = 5 mins > mbox_md5 = apop3d > mbox_min_index_size = 0 > mbox_read_locks = fcntl > mbox_very_dirty_syncs = no > mbox_write_locks = fcntl > mdbox_preallocate_space = no > mdbox_rotate_interval = 0 > mdbox_rotate_size = 10 M > mmap_disable = yes > namespace inbox { > disabled = no > hidden = no > ignore_on_failure = no > inbox = yes > list = yes > location > mailbox Drafts { > auto = no > autoexpunge = 0 > autoexpunge_max_mails = 0 > comment > driver > special_use = \Drafts > } > mailbox Junk { > auto = no > autoexpunge = 0 > autoexpunge_max_mails = 0 > comment > driver > special_use = \Junk > } > mailbox Sent { > auto = no > autoexpunge = 0 > autoexpunge_max_mails = 0 > comment > driver > special_use = \Sent > } > mailbox "Sent Messages" { > auto = no > autoexpunge = 0 > autoexpunge_max_mails = 0 > comment > driver > special_use = \Sent > } > mailbox Trash { > auto = no > autoexpunge = 0 > autoexpunge_max_mails = 0 > comment > driver > special_use = \Trash > } > order = 0 > prefix > separator = / > subscriptions = yes > type = private > } > old_stats_carbon_interval = 30 secs > old_stats_carbon_name > old_stats_carbon_server > old_stats_command_min_time = 1 mins > old_stats_domain_min_time = 12 hours > old_stats_ip_min_time = 12 hours > old_stats_memory_limit = 16 M > old_stats_session_min_time = 15 mins > old_stats_user_min_time = 1 hours > passdb { > args > auth_verbose = default > default_fields > deny = no > driver = bsdauth > master = no > mechanisms > name > override_fields > pass = no > result_failure = continue > result_internalfail = continue > result_success = return-ok > skip = never > username_filter > } > plugin { > sieve = file:~/sieve;active=~/.dovecot.sieve > } > pop3_client_workarounds > pop3_delete_type = default > pop3_deleted_flag > pop3_enable_last = no > pop3_fast_size_lookups = no > pop3_lock_session = no > pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s > pop3_no_flag_updates = no > pop3_reuse_xuidl = no > pop3_save_uidl = no > pop3_uidl_duplicates = allow > pop3_uidl_format = %08Xu%08Xv > pop3c_features > pop3c_host > pop3c_master_user > pop3c_password > pop3c_port = 110 > pop3c_quick_received_date = no > pop3c_rawlog_dir > pop3c_ssl = no > pop3c_ssl_verify = yes > pop3c_user = %u > postmaster_address = postmaster@%{if;%d;ne;;%d;%{hostname}} > protocols = imap lmtp sieve > quota_full_tempfail = no > rawlog_dir > recipient_delimiter = + > rejection_reason = Your message to <%t> was automatically rejected:%n%r > rejection_subject = Rejected: %s > replication_dsync_parameters = -d -N -l 30 -U > replication_full_sync_interval = 1 days > replication_max_conns = 10 > replicator_host = replicator > replicator_port = 0 > sendmail_path = /usr/sbin/sendmail > service aggregator { > chroot = . > client_limit = 0 > drop_priv_before_exec = no > executable = aggregator > extra_groups > fifo_listener replication-notify-fifo { > group > mode = 0600 > user > } > group > idle_kill = 0 > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol > service_count = 0 > type > unix_listener replication-notify { > group > mode = 0600 > user > } > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > service anvil { > chroot = empty > client_limit = 0 > drop_priv_before_exec = no > executable = anvil > extra_groups > group > idle_kill = 4294967295 secs > privileged_group > process_limit = 1 > process_min_avail = 1 > protocol > service_count = 0 > type = anvil > unix_listener anvil-auth-penalty { > group > mode = 0600 > user > } > unix_listener anvil { > group > mode = 0600 > user > } > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > service auth-worker { > chroot > client_limit = 1 > drop_priv_before_exec = no > executable = auth -w > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol > service_count = 0 > type = worker > unix_listener auth-worker { > group > mode = 0600 > user = $default_internal_user > } > user > vsz_limit = 18446744073709551615 B > } > service auth { > chroot > client_limit = 0 > drop_priv_before_exec = no > executable = auth > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 1 > process_min_avail = 0 > protocol > service_count = 0 > type > unix_listener auth-client { > group > mode = 0600 > user = $default_internal_user > } > unix_listener auth-login { > group > mode = 0600 > user = $default_internal_user > } > unix_listener auth-master { > group > mode = 0600 > user > } > unix_listener auth-userdb { > group > mode = 0666 > user = $default_internal_user > } > unix_listener login/login { > group > mode = 0666 > user > } > unix_listener token-login/tokenlogin { > group > mode = 0666 > user > } > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > service config { > chroot > client_limit = 0 > drop_priv_before_exec = no > executable = config > extra_groups > group > idle_kill = 4294967295 secs > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol > service_count = 0 > type = config > unix_listener config { > group > mode = 0600 > user > } > user > vsz_limit = 18446744073709551615 B > } > service dict-async { > chroot > client_limit = 0 > drop_priv_before_exec = no > executable = dict > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol > service_count = 0 > type > unix_listener dict-async { > group = $default_internal_group > mode = 0660 > user > } > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > service dict { > chroot > client_limit = 1 > drop_priv_before_exec = no > executable = dict > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol > service_count = 0 > type > unix_listener dict { > group = $default_internal_group > mode = 0660 > user > } > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > service director { > chroot = . > client_limit = 0 > drop_priv_before_exec = no > executable = director > extra_groups > fifo_listener login/proxy-notify { > group > mode = 00 > user > } > group > idle_kill = 4294967295 secs > inet_listener { > address > haproxy = no > port = 0 > reuse_port = no > ssl = no > } > privileged_group > process_limit = 1 > process_min_avail = 0 > protocol > service_count = 0 > type > unix_listener director-admin { > group > mode = 0600 > user > } > unix_listener director-userdb { > group > mode = 0600 > user > } > unix_listener login/director { > group > mode = 00 > user > } > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > service dns-client { > chroot > client_limit = 1 > drop_priv_before_exec = no > executable = dns-client > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol > service_count = 0 > type > unix_listener dns-client { > group > mode = 0666 > user > } > unix_listener login/dns-client { > group > mode = 0666 > user > } > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > service doveadm { > chroot > client_limit = 1 > drop_priv_before_exec = no > executable = doveadm-server > extra_groups = $default_internal_group > group > idle_kill = 0 > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol > service_count = 1 > type > unix_listener doveadm-server { > group > mode = 0600 > user > } > user > vsz_limit = 18446744073709551615 B > } > service health-check { > chroot > client_limit = 1 > drop_priv_before_exec = yes > executable = script -p health-check.sh > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol > service_count = 0 > type > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > service imap-hibernate { > chroot > client_limit = 0 > drop_priv_before_exec = no > executable = imap-hibernate > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol = imap > service_count = 0 > type > unix_listener imap-hibernate { > group = $default_internal_group > mode = 0660 > user > } > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > service imap-login { > chroot = login > client_limit = 0 > drop_priv_before_exec = no > executable = imap-login > extra_groups > group > idle_kill = 0 > inet_listener imap { > address > haproxy = no > port = 0 > reuse_port = no > ssl = no > } > inet_listener imaps { > address > haproxy = no > port = 993 > reuse_port = no > ssl = yes > } > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol = imap > service_count = 1 > type = login > user = $default_login_user > vsz_limit = 18446744073709551615 B > } > service imap-urlauth-login { > chroot = token-login > client_limit = 0 > drop_priv_before_exec = no > executable = imap-urlauth-login > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol = imap > service_count = 1 > type = login > unix_listener imap-urlauth { > group > mode = 0666 > user > } > user = $default_login_user > vsz_limit = 18446744073709551615 B > } > service imap-urlauth-worker { > chroot > client_limit = 1 > drop_priv_before_exec = no > executable = imap-urlauth-worker > extra_groups = $default_internal_group > group > idle_kill = 0 > privileged_group > process_limit = 1024 > process_min_avail = 0 > protocol = imap > service_count = 1 > type > unix_listener imap-urlauth-worker { > group > mode = 0600 > user = $default_internal_user > } > user > vsz_limit = 18446744073709551615 B > } > service imap-urlauth { > chroot > client_limit = 1 > drop_priv_before_exec = no > executable = imap-urlauth > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 1024 > process_min_avail = 0 > protocol = imap > service_count = 1 > type > unix_listener token-login/imap-urlauth { > group > mode = 0666 > user > } > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > service imap { > chroot > client_limit = 1 > drop_priv_before_exec = no > executable = imap > extra_groups = $default_internal_group > group > idle_kill = 0 > privileged_group > process_limit = 1024 > process_min_avail = 0 > protocol = imap > service_count = 1 > type > unix_listener imap-master { > group > mode = 0600 > user > } > unix_listener login/imap { > group > mode = 0666 > user > } > user > vsz_limit = 18446744073709551615 B > } > service indexer-worker { > chroot > client_limit = 1 > drop_priv_before_exec = no > executable = indexer-worker > extra_groups = $default_internal_group > group > idle_kill = 0 > privileged_group > process_limit = 10 > process_min_avail = 0 > protocol > service_count = 0 > type = worker > unix_listener indexer-worker { > group > mode = 0600 > user = $default_internal_user > } > user > vsz_limit = 18446744073709551615 B > } > service indexer { > chroot > client_limit = 0 > drop_priv_before_exec = no > executable = indexer > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 1 > process_min_avail = 0 > protocol > service_count = 0 > type > unix_listener indexer { > group > mode = 0666 > user > } > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > service ipc { > chroot = empty > client_limit = 0 > drop_priv_before_exec = no > executable = ipc > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 1 > process_min_avail = 0 > protocol > service_count = 0 > type > unix_listener ipc { > group > mode = 0600 > user = $default_internal_user > } > unix_listener login/ipc-proxy { > group > mode = 0600 > user = $default_login_user > } > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > service lmtp { > chroot > client_limit = 1 > drop_priv_before_exec = no > executable = lmtp > extra_groups = $default_internal_group > group > idle_kill = 0 > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol = lmtp > service_count = 0 > type > unix_listener lmtp { > group > mode = 0666 > user > } > user > vsz_limit = 18446744073709551615 B > } > service log { > chroot > client_limit = 0 > drop_priv_before_exec = no > executable = log > extra_groups > group > idle_kill = 4294967295 secs > privileged_group > process_limit = 1 > process_min_avail = 0 > protocol > service_count = 0 > type = log > unix_listener log-errors { > group > mode = 0600 > user > } > user > vsz_limit = 18446744073709551615 B > } > service managesieve-login { > chroot = login > client_limit = 0 > drop_priv_before_exec = no > executable = managesieve-login > extra_groups > group > idle_kill = 0 > inet_listener sieve { > address > haproxy = no > port = 4190 > reuse_port = no > ssl = no > } > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol = sieve > service_count = 1 > type = login > user = $default_login_user > vsz_limit = 18446744073709551615 B > } > service managesieve { > chroot > client_limit = 1 > drop_priv_before_exec = no > executable = managesieve > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol = sieve > service_count = 1 > type > unix_listener login/sieve { > group > mode = 0666 > user > } > user > vsz_limit = 18446744073709551615 B > } > service old-stats { > chroot = empty > client_limit = 0 > drop_priv_before_exec = no > executable = old-stats > extra_groups > fifo_listener old-stats-mail { > group > mode = 0600 > user > } > fifo_listener old-stats-user { > group > mode = 0600 > user > } > group > idle_kill = 4294967295 secs > privileged_group > process_limit = 1 > process_min_avail = 0 > protocol > service_count = 0 > type > unix_listener old-stats { > group > mode = 0600 > user > } > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > service pop3-login { > chroot = login > client_limit = 0 > drop_priv_before_exec = no > executable = pop3-login > extra_groups > group > idle_kill = 0 > inet_listener pop { > address > haproxy = no > port = 0 > reuse_port = no > ssl = no > } > inet_listener pop3 { > address > haproxy = no > port = 110 > reuse_port = no > ssl = no > } > inet_listener pop3s { > address > haproxy = no > port = 995 > reuse_port = no > ssl = yes > } > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol = pop3 > service_count = 1 > type = login > user = $default_login_user > vsz_limit = 18446744073709551615 B > } > service pop3 { > chroot > client_limit = 1 > drop_priv_before_exec = no > executable = pop3 > extra_groups = $default_internal_group > group > idle_kill = 0 > privileged_group > process_limit = 1024 > process_min_avail = 0 > protocol = pop3 > service_count = 1 > type > unix_listener login/pop3 { > group > mode = 0666 > user > } > user > vsz_limit = 18446744073709551615 B > } > service replicator { > chroot > client_limit = 0 > drop_priv_before_exec = no > executable = replicator > extra_groups > group > idle_kill = 4294967295 secs > privileged_group > process_limit = 1 > process_min_avail = 0 > protocol > service_count = 0 > type > unix_listener replicator-doveadm { > group > mode = 00 > user = $default_internal_user > } > unix_listener replicator { > group > mode = 0600 > user = $default_internal_user > } > user > vsz_limit = 18446744073709551615 B > } > service stats { > chroot > client_limit = 0 > drop_priv_before_exec = no > executable = stats > extra_groups > group > idle_kill = 4294967295 secs > privileged_group > process_limit = 1 > process_min_avail = 0 > protocol > service_count = 0 > type > unix_listener stats-reader { > group > mode = 0600 > user > } > unix_listener stats-writer { > group = $default_internal_group > mode = 0666 > user > } > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > service submission-login { > chroot = login > client_limit = 0 > drop_priv_before_exec = no > executable = submission-login > extra_groups > group > idle_kill = 0 > inet_listener submission { > address > haproxy = no > port = 587 > reuse_port = no > ssl = no > } > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol = submission > service_count = 1 > type = login > user = $default_login_user > vsz_limit = 18446744073709551615 B > } > service submission { > chroot > client_limit = 1 > drop_priv_before_exec = no > executable = submission > extra_groups = $default_internal_group > group > idle_kill = 0 > privileged_group > process_limit = 1024 > process_min_avail = 0 > protocol = submission > service_count = 1 > type > unix_listener login/submission { > group > mode = 0666 > user > } > user > vsz_limit = 18446744073709551615 B > } > shutdown_clients = yes > ssl = yes > ssl_alt_cert > ssl_alt_key > ssl_ca > ssl_cert = </etc/ssl/herrb.eu.fullchain.pem > ssl_cert_username_field = commonName > ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH > ssl_cipher_suites > ssl_client_ca_dir > ssl_client_ca_file > ssl_client_cert > ssl_client_key > ssl_client_require_valid_cert = yes > ssl_crypto_device > ssl_curve_list > ssl_dh = # hidden, use -P to show it > ssl_key = # hidden, use -P to show it > ssl_key_password > ssl_min_protocol = TLSv1.2 > ssl_options > ssl_prefer_server_ciphers = no > ssl_require_crl = yes > ssl_verify_client_cert = no > state_dir = /var/dovecot > stats_http_rawlog_dir > stats_writer_socket_path = stats-writer > submission_client_workarounds > submission_host > submission_logout_format = in=%i out=%o > submission_max_mail_size = 0 > submission_max_recipients = 0 > submission_relay_command_timeout = 5 mins > submission_relay_connect_timeout = 30 secs > submission_relay_host > submission_relay_master_user > submission_relay_max_idle_time = 29 mins > submission_relay_password > submission_relay_port = 25 > submission_relay_rawlog_dir > submission_relay_ssl = no > submission_relay_ssl_verify = yes > submission_relay_trusted = no > submission_relay_user > submission_ssl = no > submission_timeout = 30 secs > syslog_facility = mail > userdb { > args > auth_verbose = default > default_fields > driver = passwd > name > override_fields > result_failure = continue > result_internalfail = continue > result_success = return-ok > skip = never > } > valid_chroot_dirs > verbose_proctitle = no > verbose_ssl = yes > version_ignore = no > protocol lmtp { > mail_plugins = " sieve" > } > protocol lda { > mail_plugins = " sieve" > } >