August 2024 - dovecot

Dovecot refuses to install/run on machine without IPv6
by Kurt Fitzner 14 Aug '24

14 Aug '24

Hi, I just tried to install Dovecot (version 2.3.19.1 9b53102964) on a Debian 12 server I'm building. It failed because Dovecot's default listen address is explicitly "*, ::" and it appears to have no logic to determine if there actually is an IPv6-enabled interface or that IPv6 is enabled on the target machine before it tries to listen on it. If dovecot wants to listen on IPv6 by default, that's neither here nor there, but if this is default behaviour it should check first. I'm curious if it's the same behaviour for machines without IPv4. Kurt Fitzner

5 5

CVE-2024-23184: Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive
by Aki Tuomi 14 Aug '24

14 Aug '24

Affected product: Dovecot IMAP Server Internal reference: DOV-6464 Vulnerability type: CWE-770 (Allocation of Resources Without Limits or Throttling) Vulnerable version: 2.2, 2.3 Vulnerable component: lib-mail Report confidence: Confirmed Solution status: Fixed in 2.3.21.1 Researcher credits: Vendor internal discovery Vendor notification: 2024-01-30 CVE reference: CVE-2024-23184 CVSS: 5.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N) Vulnerability Details: Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors sending emails to a victim, this is a security issue. The main problem is that each header line's address is added to the end of a linked list. This is done by walking the whole linked list, which becomes more inefficient the more addresses there are. Workaround: One can implement restrictions on address headers on MTA component preceding Dovecot. Fix: Install non-vulnerable version of Dovecot. Patch can be found at https://github.com/dovecot/core/compare/8e4c42d%5E...1481c04.patch

2 1

Dovecot CVE-2024-23185: Very large headers can cause resource exhaustion when parsing message
by Aki Tuomi 14 Aug '24

14 Aug '24

Affected product: Dovecot IMAP Server Internal reference: DOV-6601 Vulnerability type: CWE-770 (Allocation of Resources Without Limits or Throttling) Vulnerable version: 2.2, 2.3 Vulnerable component: lib-mail Report confidence: Confirmed Solution status: Fixed in 2.3.21.1 Researcher credits: Vendor internal discovery Vendor notification: 2024-01-31 CVE reference: CVE-2024-23185 CVSS: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Vulnerability Details: Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "full_value" buffer out of the smaller chunks. The full_value buffer has no size limit, so large headers can cause large memory usage. It doesn't matter whether it's a single long header line, or a single header split into multiple lines. This bug exists in all Dovecot versions. Incoming mails typically have some size limits set by MTA, so even largest possible header size may still fit into Dovecot's vsz_limit. So attackers probably can't DoS a victim user this way. A user could APPEND larger mails though, allowing them to DoS themselves (although maybe cause some memory issues for the backend in general). Workaround: One can implement restrictions on headers on MTA component preceding Dovecot. Fix: Install non-vulnerable version of Dovecot. Patch can be found at https://github.com/dovecot/core/compare/f020e13%5E...ce88c33.patch

1 0

Pigeonhole v0.5.21.1 released
by Aki Tuomi 14 Aug '24

14 Aug '24

Hi all, we are releasing new version of Pigeonhole. https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.21.1… https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.21.1… Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot Kind regards, Aki Tuomi Open-Xchange oy --- - sieve: When saving to local storage failed after a successful action in sieve (e.g. redirect, vacation), the mail was reported as successfully delivered, although it was lost locally.

1 0

Extra listener for client cert ?
by Laura Smith 13 Aug '24

13 Aug '24

Is it possible to, and (if yes) has anyone had experience with setting up an extra listener that requires client certs. The problem I've got is I still need to support Outlook clients. Fortunately these are located in fixed locations on desktop computers. Meanwhile, I would like to harden the configuration for road warriors who are all using devices and OSs that play nicer with client certs than Outlook does (well, Outlook doesn't play at all !). So I was thinking of opening 993 on a seperate IP address with that listener requiring client certificates. The alternative is, of course a VPN, which is still under consideration as an option. But even then, with the security onion, I'd still rather have both .... :)

1 0

Synchronize email folders
by Odhiambo Washington 13 Aug '24

13 Aug '24

I moved services to a new server (VPS) when I had issues with my hardware. Now I have copied data from the disk of the old server into the VPS. On the VPS, mail is delivered to /var/spool/virtual/DOMAIN/USER/Maildir/ I have the old emails in /root/DOMAIN/USER/Maildir. What is the easiest way to import the old emails into the current active folders without causing chaos with MuAs?? -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 In an Internet failure case, the #1 suspect is a constant: DNS. "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]

3 3

Contents of folder symlinked not showing up
by Curt.Blank＠curtronics.com 10 Aug '24

10 Aug '24

I have the directory structure below. I was using uw-imap with Thunderbird. Due to cert issues with Thunderbird which have yet to be resolved at the moment I am using dovecot (2.3-6.11) with Apple's MacOS Mail app. dovecot server is running openSuSE Tumbleweed. With uw-imap & Thunderbird the directory structure and all the mbox's shown below showed up and were accessible in Thunderbird. With dovecot & Apple's MacOS Mail app I see the Archive directory but nothing underneath it. I do not see the In and Out directory nor any of the Year directories. At this point I do not know if the problem lies with dovecot not providing them via IMAP or if Apple's MacOS Mail is just not displaying them. So I am looking for information as to where the problem lies and what the solution is. dovecot -n is included below. /home/<user>/mail/Archive -> /Archive (soft symlink to different mount point) /Archive <directory> | +-> In <directory> | | | +-> 2018 <directory> | | | | | +-> 0118 <mbox> | | +-> 0218 <mbox> | | +-> 0318 <mbox> | | +-> 0418 <mbox> | | +-> 0518 <mbox> | | +-> 0618 <mbox> | | +-> 0718 <mbox> | | +-> 0818 <mbox> | | +-> 0918 <mbox> | | +-> 1018 <mbox> | | +-> 1118 <mbox> | | +-> 1218 <mbox> | | | +-> 2019 <directory> | | | | | +-> 0119 <mbox> | | +-> 0219 <mbox> | | +-> 0319 <mbox> | | +-> 0419 <mbox> | | +-> 0519 <mbox> | | +-> 0619 <mbox> | | +-> 0719 <mbox> | | +-> 0819 <mbox> | | +-> 0919 <mbox> | | +-> 1019 <mbox> | | +-> 1119 <mbox> | | +-> 1219 <mbox> | | | +-> etc. | | | +-> Out <directory> | +-> 2018 <directory> | | | +-> 0118 <mbox> | +-> 0218 <mbox> | +-> 0318 <mbox> | +-> 0418 <mbox> | +-> 0518 <mbox> | +-> 0618 <mbox> | +-> 0718 <mbox> | +-> 0818 <mbox> | +-> 0918 <mbox> | +-> 1018 <mbox> | +-> 1118 <mbox> | +-> 1218 <mbox> | +-> 2019 <directory> | | | +-> 0119 <mbox> | +-> 0219 <mbox> | +-> 0319 <mbox> | +-> 0419 <mbox> | +-> 0519 <mbox> | +-> 0619 <mbox> | +-> 0719 <mbox> | +-> 0819 <mbox> | +-> 0919 <mbox> | +-> 1019 <mbox> | +-> 1119 <mbox> | +-> 1219 <mbox> | +-> etc. | # 2.3.21 (47349e2482): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.21 (f6cd4b8e) # OS: Linux 6.9.7-1-default x86_64 # Hostname: cjbnew.curtronics.com <http://cjbnew.curtronics.com/> mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve } protocols = imap ssl_cert = </etc/ssl/certs/imapd.crt ssl_cipher_list = ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_options = no_compression ssl_prefer_server_ciphers = yes userdb { driver = passwd }

1 0

Event Export (auth_request_finished)
by Serhii 10 Aug '24

10 Aug '24

I am trying to implement logging of all failed authentication attempts to catch bruteforce automatically. Currently, I have the following configuration: > event_exporter log { > format = json > format_args = time-rfc3339 > transport = log > } > > metric auth_fail { > filter = event=auth_request_finished and not success=yes > exporter = log > } However, in logs I only see events similar to this: > { > "event": "auth_request_finished", > "hostname": "cheems", > "start_time": "2024-08-04T00:00:04.079723Z", > "end_time": "2024-08-04T00:00:12.224906Z", > "categories": [ > "service:auth", > "auth" > ], > "fields": { > "duration": 8145091, > "policy_result": "ok", > "mechanism": "LOGIN", > "transport": "trusted", > "service": "smtp", > "local_ip": "195.201.247.11", > "real_local_ip": "195.201.247.11", > "remote_ip": "185.29.xx.xx", > "real_remote_ip": "185.29.xx.xx", > "original_user": "example(a)example.com", > "user": "example(a)example.com", > "translated_user": "example(a)example.com" > } > } But for me it doesn't look like what is specified in docs[1]: > Field | Description > --- > error | Set when error happens > success | yes, when authentication succeeded > policy_penalty | Time of penalty added by policy server > policy_result | Values: ok, delayed, refused Why I don't see neither "success" and "error" field in logs? Also, why policy_result is ok despite I am logging only failed authentication attempts? From postfix I can see that those attempts were actually failed: > Aug 04 00:00:14 cheems postfix/smtpd[2362656]: warning: unknown[185.29.xx.xx]:54330: SASL LOGIN authentication failed: (reason unavailable), sasl_username=example(a)example.com [1]: https://doc.dovecot.org/admin_manual/list_of_events/#auth-request-finished -- Send unsolicited bulk mail to carle34(a)at.encryp.ch

2 2

lda not sending email on sieve correctly
by Eduardo Diaz Rodriguez 10 Aug '24

10 Aug '24

Hi to all I was using dovecot like 15 years on multiples debian places, and I have the same issue on debian 12 and debian 11. on my configuration I use exim with 2 process to send email, and at the same time use mailscanner to scan all the email that runs on the server. exim1 get the email, and put on the mailscanner directory and mailscanner scan the email and put on another directory to be send by exim2... Debian-+ 242594 1 0 Jul17 ? 00:00:15 /usr/sbin/exim4 -bd -oY -odq -oX 587:25 -oP /var/run/exim4/exim.pid Debian-+ 242597 1 0 Jul17 ? 00:00:01 /usr/sbin/exim4 -oP /run/exim4/eximqr.pid -q15m -oY -DOUTGOING I enable vacation the users, and works ok, but the issue is related the email sent by dovecot… The mail sent by dovecot lacks of the headers and the SPF and DKMI headers but if I sent the email form my command line using /usr/sbin/sendmail the email has the all the headers…. The mail issue here is with the norms for spam from google the nobody get the vacations emails reply. as far I see on the logs of sendmail I see only the email on the exim4 -DOutgoing (log) (I don't know why) because if I send the mail using send mail go to the whole process I don't know why dovecot send the mail to exim -DOUTGOING and not use sendmail on command line.. There any way to create a warper to capture the mail and sending "like this one" /usr/local/bin/dovecot-sendmail-wrapper I enable the debugn on send mail to see what is doing dovect but no luck Aug 8 02:13:27 servidorabm dovecot: lda(luis.alvarez)<870407><rujXC6cNtGYHSA0A40PlXQ>: Debug: program exec:/usr/sbin/exim: Created Aug 8 02:13:27 servidorabm dovecot: lda(luis.alvarez)<870407><rujXC6cNtGYHSA0A40PlXQ>: Debug: program exec:/usr/sbin/exim: Establishing connection Aug 8 02:13:27 servidorabm dovecot: lda(luis.alvarez)<870407><rujXC6cNtGYHSA0A40PlXQ>: Debug: program exec:/usr/sbin/exim: Forked child process Aug 8 02:13:27 servidorabm dovecot: lda(luis.alvarez)<870407><rujXC6cNtGYHSA0A40PlXQ>: Debug: program exec:/usr/sbin/exim (870409): Connected to program Aug 8 02:13:27 servidorabm dovecot: lda(luis.alvarez)<870407><rujXC6cNtGYHSA0A40PlXQ>: Debug: program exec:/usr/sbin/exim (870409): Finished streaming payload to program Aug 8 02:13:27 servidorabm dovecot: lda(luis.alvarez)<870407><rujXC6cNtGYHSA0A40PlXQ>: Debug: program exec:/usr/sbin/exim (870409): Finished input to program Aug 8 02:13:27 servidorabm dovecot: lda(luis.alvarez)<870407><rujXC6cNtGYHSA0A40PlXQ>: Debug: program exec:/usr/sbin/exim (870409): Disconnected Aug 8 02:13:27 servidorabm dovecot: lda(luis.alvarez)<870407><rujXC6cNtGYHSA0A40PlXQ>: Debug: program exec:/usr/sbin/exim (870409): Waiting for program to finish after 0 msecs (timeout = 30000 msecs) Aug 8 02:13:27 servidorabm dovecot: lda(luis.alvarez)<870407><rujXC6cNtGYHSA0A40PlXQ>: Debug: program exec:/usr/sbin/exim (870409): Child process ended Aug 8 02:13:27 servidorabm dovecot: lda(luis.alvarez)<870407><rujXC6cNtGYHSA0A40PlXQ>: Debug: program exec:/usr/sbin/exim (870409): Destroy Aug 8 02:13:27 servidorabm dovecot: lda(luis.alvarez)<870407><rujXC6cNtGYHSA0A40PlXQ>: sieve: msgid=<2118db23-b529-4b96-8d36-4a9ed7596a03(a)pk25.com>: vacation action: sent vacation response to <ediaz(a)pk25.com> I include a example: This is the mail headers sent using dovecot sendmail ================================================================================================================= X-Spam-Status: No X-Pk25-MailScanner-From: X-Pk25-MailScanner: Found to be clean X-Pk25-MailScanner-ID: 1sbqWj-005lt1-2y X-Pk25-MailScanner-Information: Please contact the ISP for more information Received: from mail-108-mta106.mxroute.com ([136.175.108.106]) by pk25.com with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) id 1sbqWj-005lt1-2y forediaz(a)pk25.com; Thu, 08 Aug 2024 01:57:12 +0200 Received: from filter006.mxroute.com ([136.175.111.3] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta106.mxroute.com (ZoneMTA) with ESMTPSA id 1912f46520a0000a78.001 for<ediaz(a)pk25.com> (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384); Wed, 07 Aug 2024 23:57:03 +0000 X-Zone-Loop: a8a214dd47cb92b5b7d264d79136c8507fa7c5926b2e X-Originating-IP: [136.175.111.3] X-Sieve: Pigeonhole Sieve 0.5.13 (cdd19fe3) Message-ID:<dovecot-sieve-1723075020-644445-0(a)servidorabm.interno.abmarquitectos.com> Date: Thu, 08 Aug 2024 01:57:00 +0200 From:<luis.alvarez(a)abmarquitectos.com> To: "Eduardo Diaz Rodriguez"<ediaz(a)pk25.com> In-Reply-To:<071afcb4-79f6-40d6-b12a-e5b23528d951(a)pk25.com> References:<071afcb4-79f6-40d6-b12a-e5b23528d951(a)pk25.com> Auto-Submitted: auto-replied (vacation) Precedence: bulk X-Auto-Response-Suppress: All MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-ABM-MailScanner-Information: Please contact the ISP for more information X-ABM-MailScanner-ID: 1sbqWa-003eIu-Kz X-ABM-MailScanner: Found to be clean X-ABM-MailScanner-From: X-Authenticated-Id:smtp@abmarquitectos.com X-SA-Exim-Connect-IP: 136.175.108.106 X-SA-Exim-Mail-From: X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on servidor1.interno.pk25.com X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=BAYES_00,DMARC_NONE, SPF_HELO_NONE autolearn=no autolearn_force=no version=4.0.0 Subject: Respuesta =?utf-8?q?autom=C3=A1tica:?= Vacaciones / Out of office X-SA-Exim-Version: 4.2.1 (built Wed, 06 Jul 2022 17:57:39 +0000) X-SA-Exim-Scanned: Yes (on pk25.com) EstarÃ© de vacaciones del dÃa 5 al dÃa 23 de agosto ambos incluidos con un acceso muy limitado a mi email. Para cualquier asunto urgente, por favor contactar con el (+34) 91 4114375. Gracias I will be on holiday from the 5th to the 23rd of August (both inclusive) with very limited access to my email. For any urgent matters, please contact me on (+34) 91 4114375. Thank you ------------- ===================================================================================================== This is the email send using command line /usr/sbin/sendmail ediaz(a)pk25.com ===================================================================================================== X-Spam-Status: No X-Pk25-MailScanner-From:luis.alvarez@abmarquitectos.com X-Pk25-MailScanner: Found to be clean X-Pk25-MailScanner-ID: 1sbps4-005iuR-14 X-Pk25-MailScanner-Information: Please contact the ISP for more information Received-SPF: pass (pk25.com: domain of abmarquitectos.com designates 136.175.108.60 as permitted sender) client-ip=136.175.108.60;envelope-from=luis.alvarez(a)abmarquitectos.com; helo=mail-108-mta60.mxroute.com; Received: from mail-108-mta60.mxroute.com ([136.175.108.60]) by pk25.com with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from<luis.alvarez(a)abmarquitectos.com>) id 1sbps4-005iuR-14 forediaz(a)pk25.com; Thu, 08 Aug 2024 01:15:10 +0200 Received: from filter006.mxroute.com ([136.175.111.3] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta60.mxroute.com (ZoneMTA) with ESMTPSA id 1912f1fde1f0000a78.001 for<ediaz(a)pk25.com> (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384); Wed, 07 Aug 2024 23:15:03 +0000 X-Zone-Loop: 9cbc8cfacf0e7622cc097cbc7366c12df531448419ec X-Originating-IP: [136.175.111.3] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=abmarquitectos.com; s=x; h=Date:From:Message-Id:Sender:Reply-To:Subject:To: Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=6Vz2aHGFyNLtBTf9yGi/HE3IFNHwpvLh04DkcjY69c0=; b=YhXHjPytW0sUJxsgSer+Mmh8NK IBDuHoqQAsb2Ox3Q2fEtp3lQYx7SEiEzvOfUgzO8dsx9pa7n0nOnGck9R8zVZbjqQEXVourhjGZTA 5TbdPMBlti1o+qO4480DiQGJYF+nszamgMeNhwgePapYRUw0L8wE1cmIHgI5Fn+TnKITHuOZDiTjC Rq/eIQqQONoDNbJrfs3jQozuZ/Kd7yParMiAeJe8WYZUpZxW751kma1z+2xmlrTgWqrT60U9HkGfD 1n7kKug+qf13A3CDbbxmgt/AleosIO4jEyHw+RX+c/hry8jrxBfmE48Z9lLvtT9vgFwh8YFVo9Q1G AgEbd2hw==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=abmarquitectos.com; s=abmarquitectos; h=Date:From:Message-Id:Sender: Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=6Vz2aHGFyNLtBTf9yGi/HE3IFNHwpvLh04DkcjY69c0=; b=H8em8qDC0sVv5r7Oaw9KrCXrGY BhZUhR7naN8XxA58pfOEeE7k5rLZlDMtpsBmrQrCvYaFRqxUJjGNl0gR2ctWvNmmEDUsPMOQzSAsW ELU0jxQDfFaRBTor/Vq6aoN8vy8tlWb6aSLBUtN5p1vYsf/PlV+MtNV/uoll526FurjxWheTYeGBg r0QbSboEDVxMfBQ98aETqXgW4ZqkPBT73UD0azlppxDATAUbQYyZwosFGcptm7OzMyVmaARgiv52t 8hC58avWCiRJpjjyPf3y2PqmQ+LmoaZjgUS64rb1wp3U3xH18Z3WVZGTn3WVY2TG5cPx7gkEz8nft sS7qUGng==; Message-Id:<E1sbprp-003e0r-0P(a)abmarquitectos.com> From: Luis Alvarez<luis.alvarez(a)abmarquitectos.com> Date: Thu, 08 Aug 2024 01:14:54 +0200 X-ABM-MailScanner-Information: Please contact the ISP for more information X-ABM-MailScanner-ID: 1sbprp-003e0r-0P X-ABM-MailScanner: Found to be clean X-ABM-MailScanner-From:luis.alvarez@abmarquitectos.com X-DKIM: signer='abmarquitectos.com' status='pass' reason='' DKIMCheck: Server passes DKIM test, 0 Spam score X-Authenticated-Id:smtp@abmarquitectos.com X-SA-Exim-Connect-IP: 136.175.108.60 X-SA-Exim-Mail-From:luis.alvarez@abmarquitectos.com X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on servidor1.interno.pk25.com X-Spam-Level: X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,MISSING_HEADERS, MISSING_SUBJECT,RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=4.0.0 X-SA-Exim-Version: 4.2.1 (built Wed, 06 Jul 2022 17:57:39 +0000) X-SA-Exim-Scanned: Yes (on pk25.com) prueba prueba prueba ------------- ------------- By Pk25.com

3 6

Userdb empty
by Cam Ellison 08 Aug '24

08 Aug '24

I have shifted from a system-based email system to virtual for a website I manage. The MTA is exim4, and user data are in a MySQL database. It will receive email, but with one exception the userdb is empty and emails go out with no username in the email address. Sample error message from exim: 2024-08-05 05:21:43 1sawid-00065N-0R Error while reading message with no usable sender address (R=1sawiX-00065C-1a): at least one malformed recipient address: @scasl.ca - no local part Here is the output of doveconf -n: # 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.19 (4eae2f79) # OS: Linux 6.1.0-20-rt-686-pae i686 Debian 12.6 ext4 # Hostname: football.scasl.ca auth_debug = yes auth_default_realm = scasl.ca auth_mechanisms = plain login auth_username_format = %Ln auth_verbose = yes base_dir = /var/run/dovecot/ hostname = scasl.ca login_trusted_networks = 209.121.143.10/32 mail_debug = yes mail_gid = vmail mail_home = /var/vmail/%n mail_location = maildir:/var/vmail/%n/Maildir:INBOX=/var/vmail/%n/Maildir/INBOX mail_privileged_group = vmail mail_uid = vmail namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } postmaster_address = postmaster(a)scasl.ca protocols = " imap" service auth { unix_listener auth-client { mode = 0666 } unix_listener auth-userdb { mode = 0666 } } service imap-login { service_count = 1 } service stats { unix_listener stats-reader { group = vmail mode = 0666 } unix_listener stats-writer { group = vmail mode = 0666 } } ssl_cert = </etc/dovecot/private/dovecot.pem ssl_client_ca_dir = /etc/ssl/certs ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } userdb { driver = passwd } There are two userdb entries, since one of the users is a system user. It is also the only one that appears in userdb. The relevant commands from dovecot-sql.conf.ext are here: password_query = SELECT email_username AS username, domain, email_password AS password FROM league WHERE email_username = '%n' user_query = SELECT CONCAT('/var/vmail/',email_username) AS home, 5000 AS uid, 5000 AS gid FROM league WHERE email_username = '%n' AND domain = '%d' iterate_query = SELECT email_username AS username, domain FROM league The vmail uid:gid is 5000:5000 As a side issue, it cannot open (/proc/self/io) - I'm not sure whether that means anything. Here is debugging output: 2024-08-05T06:33:18.777211-07:00 football dovecot: auth-worker(24847): Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth 2024-08-05T06:33:18.777456-07:00 football dovecot: auth-worker(24847): Debug: Module loaded: /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so 2024-08-05T06:33:18.782112-07:00 football dovecot: auth-worker(24847): Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so 2024-08-05T06:33:18.782392-07:00 football dovecot: auth-worker(24847): Debug: sqlpool(mysql): Creating new connection 2024-08-05T06:33:18.784671-07:00 football dovecot: auth-worker(24847): Debug: mysql(localhost): Connecting 2024-08-05T06:33:18.785532-07:00 football dovecot: auth-worker(24847): Debug: conn unix:auth-worker (pid=24845,uid=121): Server accepted connection (fd=14) 2024-08-05T06:33:18.785703-07:00 football dovecot: auth-worker(24847): Debug: conn unix:auth-worker (pid=24845,uid=121): Sending version handshake 2024-08-05T06:33:18.785850-07:00 football dovecot: auth-worker(24847): Debug: conn unix:auth-worker (pid=24845,uid=121): auth-worker<1>: Handling PASSV request 2024-08-05T06:33:18.785986-07:00 football dovecot: auth-worker(24847): Debug: conn unix:auth-worker (pid=24845,uid=121): auth-worker<1>: sql(scasl,209.121.143.14,<Z41TuO8eENjReY8O>): Performing passdb lookup 2024-08-05T06:33:18.786124-07:00 football dovecot: auth-worker(24847): Debug: conn unix:auth-worker (pid=24845,uid=121): auth-worker<1>: sql(scasl,209.121.143.14,<Z41TuO8eENjReY8O>): query: SELECT email_username AS username, domain, emai l_password AS password FROM league WHERE email_username = 'scasl' 2024-08-05T06:33:18.786347-07:00 football dovecot: auth-worker(24847): Debug: mysql(localhost): Finished query 'SELECT email_username AS username, domain, email_password AS password FROM league WHERE email_username = 'scasl'' in 0 msecs 2024-08-05T06:33:18.786524-07:00 football dovecot: auth-worker(24847): Debug: conn unix:auth-worker (pid=24845,uid=121): auth-worker<1>: sql(scasl,209.121.143.14,<Z41TuO8eENjReY8O>): username changed scasl -> scasl(a)scasl.ca 2024-08-05T06:33:18.786672-07:00 football dovecot: auth-worker(24847): Debug: conn unix:auth-worker (pid=24845,uid=121): auth-worker<1>: sql(scasl(a)scasl.ca,209.121.143.14,<Z41TuO8eENjReY8O>): Finished passdb lookup 2024-08-05T06:33:18.786791-07:00 football dovecot: auth-worker(24847): Debug: conn unix:auth-worker (pid=24845,uid=121): auth-worker<1>: Finished 2024-08-05T06:33:18.786940-07:00 football dovecot: auth: Debug: sql(scasl,209.121.143.14,<Z41TuO8eENjReY8O>): username changed scasl -> scasl(a)scasl.ca 2024-08-05T06:33:18.787098-07:00 football dovecot: auth: Debug: sql(scasl(a)scasl.ca,209.121.143.14,<Z41TuO8eENjReY8O>): Finished passdb lookup 2024-08-05T06:33:18.787239-07:00 football dovecot: auth: Debug: auth(scasl(a)scasl.ca,209.121.143.14,<Z41TuO8eENjReY8O>): Auth request finished 2024-08-05T06:33:18.787379-07:00 football dovecot: auth: Debug: client passdb out: OK#0111#011user=scasl(a)scasl.ca#011#011original_user=scasl 2024-08-05T06:33:18.794297-07:00 football dovecot: auth: Debug: master in: REQUEST#011600309761#01124843#0111#0115343bacecb1c0282e3e40282e4ebd64d#011session_pid=24849#011request_auth_token 2024-08-05T06:33:18.794568-07:00 football dovecot: auth: Debug: sql(scasl(a)scasl.ca,209.121.143.14,<Z41TuO8eENjReY8O>): Performing userdb lookup 2024-08-05T06:33:18.794712-07:00 football dovecot: auth-worker(24847): Debug: conn unix:auth-worker (pid=24845,uid=121): auth-worker<2>: Handling USER request 2024-08-05T06:33:18.794859-07:00 football dovecot: auth-worker(24847): Debug: conn unix:auth-worker (pid=24845,uid=121): auth-worker<2>: sql(scasl(a)scasl.ca,209.121.143.14,<Z41TuO8eENjReY8O>): Performing userdb lookup 2024-08-05T06:33:18.795004-07:00 football dovecot: auth-worker(24847): Debug: conn unix:auth-worker (pid=24845,uid=121): auth-worker<2>: sql(scasl(a)scasl.ca,209.121.143.14,<Z41TuO8eENjReY8O>): SELECT CONCAT('/var/vmail/',email_username) A S home, 5000 AS uid, 5000 AS gid FROM league WHERE email_username = 'scasl' AND domain = 'scasl.ca' 2024-08-05T06:33:18.795222-07:00 football dovecot: auth-worker(24847): Debug: mysql(localhost): Finished query 'SELECT CONCAT('/var/vmail/',email_username) AS home, 5000 AS uid, 5000 AS gid FROM league WHERE email_username = 'scasl' AND domain = 'scasl.ca'' in 0 msecs 2024-08-05T06:33:18.795387-07:00 football dovecot: auth-worker(24847): Debug: conn unix:auth-worker (pid=24845,uid=121): auth-worker<2>: sql(scasl(a)scasl.ca,209.121.143.14,<Z41TuO8eENjReY8O>): Finished userdb lookup 2024-08-05T06:33:18.795526-07:00 football dovecot: auth-worker(24847): Debug: conn unix:auth-worker (pid=24845,uid=121): auth-worker<2>: Finished 2024-08-05T06:33:18.795660-07:00 football dovecot: auth: Debug: sql(scasl(a)scasl.ca,209.121.143.14,<Z41TuO8eENjReY8O>): Finished userdb lookup 2024-08-05T06:33:18.795899-07:00 football dovecot: auth: Debug: master userdb out: USER#011600309761#011scasl@scasl.ca#011home=/var/vmail/scasl#011uid=5000#011gid=5000#011auth_mech=PLAIN#011auth_token=e9d7425913886e014c83af029551e70f8db2 98f9#011auth_user=scasl 2024-08-05T06:33:18.796199-07:00 football dovecot: imap-login: Login: user=<scasl(a)scasl.ca>, method=PLAIN, rip=209.121.143.14, lip=209.121.143.10, mpid=24849, TLS, session=<Z41TuO8eENjReY8O> 2024-08-05T06:33:18.797562-07:00 football dovecot: imap(scasl(a)scasl.ca)<24849><Z41TuO8eENjReY8O>: Debug: Effective uid=5000, gid=5000, home=/var/vmail/scasl 2024-08-05T06:33:18.797718-07:00 football dovecot: imap(scasl(a)scasl.ca)<24849><Z41TuO8eENjReY8O>: Debug: open(/proc/self/io) failed: Permission denied 2024-08-05T06:33:18.798021-07:00 football dovecot: imap(scasl(a)scasl.ca)<24849><Z41TuO8eENjReY8O>: Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/var/vmail/scasl/M aildir:INBOX=/var/vmail/scasl/Maildir/INBOX 2024-08-05T06:33:18.798286-07:00 football dovecot: imap(scasl(a)scasl.ca)<24849><Z41TuO8eENjReY8O>: Debug: maildir++: root=/var/vmail/scasl/Maildir, index=, indexpvt=, control=, inbox=/var/vmail/scasl/Maildir/INBOX, alt= 2024-08-05T06:33:18.799780-07:00 football dovecot: imap(scasl(a)scasl.ca)<24849><Z41TuO8eENjReY8O>: Debug: Mailbox INBOX: Mailbox opened 2024-08-05T06:34:18.830024-07:00 football dovecot: auth-worker(24847): Debug: conn unix:auth-worker (pid=24845,uid=121): Disconnected: Connection closed (fd=-1) 2024-08-05T06:34:18.882117-07:00 football dovecot: auth-worker(24847): Debug: mysql(localhost): Connection finished (queries=2, slow queries=0) 2024-08-05T06:34:19.349925-07:00 football dovecot: auth: Debug: mysql(localhost): Connection finished (queries=0, slow queries=0) Sorry this is so long. What am I doing wrong here? Thank you in advance Cam

2 2