-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 19 Jul 2013, Peer Heinlein wrote:
looks like we detected a serious bug in dovecot's lmtp proxying where
e-mails are delivered to the wrong user.
The setup is:
*) Dovecot is configured with "lmtp_proxy=yes"
# Support proxying to other LMTP/SMTP servers by performing passdb lookups.
lmtp_proxy = yes
*) Postfix uses "dynamic recipient verification", so Postfix starts
sending a (verify) mail by LMTP to dovecot, but quits the lmtp-session
right after the RCPT TO:. No DATA-stage is reached in the protocol and
no real e-mail is sent. But Postfix had a LMTP-connection for "user1".
*) Just some seconds later a "real" e-mail to "user2" has to be
delivered to dovecot by LMTP. But Dovecot will deliver this mail to the
wrong "user1" instead of "user2". Looks like dovecot re-uses the (still
opened?) lmtp-proxy-connection from "user1" to deliver an e-mail to "user2".
Is the communication between postfix and Dovecot LMTP encrypted? If not,
can you trace the LMTP transmission using something like wireshark or
strace? So one get the impression of:
+ how many connections uses postfix to communicate with LMTP
+ which LMTP commands are transmitted in which order on which connection
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUezjJF3r2wJMiz2NAQJNAwf/RfmOLlAb1BTw/b2hSNGPiz/USdrQUQhw
6ryPDZdOY89ajemNUbKgXDHUPQb1fgjex3magY1Ri2xLW0fQVZdggF6d4T5+vpD3
E+TMfd2go0Dnp9GeVi+As7EcrXBfuN/9hwnkdAnyBDNEwZMmHORXpu5OseGMZqWD
CsK8hvdbcsqMycy1pP0r+gOWm63nRQ0phn4l18zd5r7181kYGn87V3nV8gF5rAXi
U0uyzHhyia/YV6Gto34MEsL4oRUeBxQFBkbYGKstbBofOLlk955bJRNyOI2Toid7
ehkcTfWPmJoI1MlBur0bMPJZ2fefLce0Dy17sv6l/H4SQyp4p/VDMA==
=T+dr
-----END PGP SIGNATURE-----
