Hi!
Can you install dovecot-dbg to get debug symbols, open the core in gdb and run
bt full
Aki
> On 30/03/2020 17:21 t...@linux-daus.de wrote:
>
>
> Hi,
>
> currently we deploying Dovecot as imap/pop3 proxy. Every few minutes some
> panic/assert occurred (we connect roughly 7k - 8k user at one imap proxy with
> a connection rate of 200/s).
>
> We activate core dumps. Concerning the sensitive information in the dump we
> would prefer to not share the dump (e.g. i found our ssl private key in the
> dump).
>
>
> Log/Stack trace:
>
> Mar 30 15:54:06 imap16 dovecot: auth: Panic: file dns-lookup.c: line 371
> (dns_client_lookup_common): assertion failed: (param != NULL && *param !=
> '\0')
> Mar 30 15:54:06 imap16 dovecot: auth: Error: Raw backtrace: #0
> t_askpass[0x7f27a219b5f0] -> #1 backtrace_append[0x7f27a219b860] -> #2
> backtrace_get[0x7f27a219b9c0] -> #3 i_syslog_error_handler[0x7f27a21a6840] ->
> #4 i_syslog_fatal_handler[0x7f27a21a6970] -> #5 i_fatal[0x7f27a20fc3b7] -> #6
> dns_client_connect[0x7f27a216ffb0] -> #7 dns_client_lookup[0x7f27a21702a0] ->
> #8 auth_request_proxy_finish[0x55c930e9b200] -> #9
> auth_request_handler_reply[0x55c930e9cee0] -> #10
> auth_policy_check[0x55c930e93a10] -> #11 auth_request_success[0x55c930e9bcf0]
> -> #12 auth_request_verify_plain_callback_finish[0x55c930e9a650] -> #13
> auth_request_verify_plain_callback[0x55c930e9a7a0] -> #14
> authdb_ldap_deinit[0x7f279faa9f10] -> #15
> db_ldap_result_iterate_deinit[0x7f279faa7f70] -> #16
> io_loop_call_io[0x7f27a21c0490] -> #17
> io_loop_handler_run_internal[0x7f27a21c1e20] -> #18
> io_loop_handler_run[0x7f27a21c05c0] -> #19 io_loop_run[0x7f27a21c0810] -> #20
> master_service_run[0x7f27a212d5b0] -> #21 main[0x55c930
e8
> dd10] -> #22 __libc_start_main[0x7f27a14901f0] -> #23 _start[0x55c930e8e2c0]
> -> #24 [no start/end information]
> Mar 30 15:54:06 imap16 dovecot: auth: Fatal: master: service(auth): child
> 6133 killed with signal 6 (core dumped)
>
>
> Config:
>
> # 2.3.9.2 (844fc8246): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.9 (db4e9a2f)
> # OS: Linux 4.9.0-12-amd64 x86_64 Debian 9.12
> # Hostname: imap16.domain.de
> auth_default_realm = domain.de
> auth_failure_delay = 0
> auth_mechanisms = plain login cram-md5
> auth_username_format = %{if;%d;eq;domain.de;%n...@olddomain.de;%u}
> auth_verbose = yes
> base_dir = /var/run/dovecot/
> default_client_limit = 4096
> default_internal_user = pop
> default_process_limit = 400
> default_vsz_limit = 1 G
> doveadm_password = # hidden, use -P to show it
> first_valid_uid = 48
> import_environment = TZ
> last_valid_uid = 48
> login_trusted_networks = 192.168.11.0/24
> mail_gid = pop
> mail_plugins = " mail_log notify zlib quota"
> mail_uid = pop
> passdb {
> args = /etc/dovecot/conf.d/dovecot-ldap-domain-proxy.conf.ext
> driver = ldap
> result_failure = return-fail
> result_success = continue-ok
> }
> passdb {
> args = allow_real_nets=192.168.11.0/24
> driver = static
> result_failure = continue-ok
> }
> passdb {
> args = /etc/dovecot/conf.d/dovecot-ldap-domain-protocol-deny.conf.ext
> driver = ldap
> result_failure = return-ok
> result_success = return-fail
> }
> passdb {
> args = /etc/dovecot/passdb-domain-ldap-cram.conf.ext
> driver = ldap
> mechanisms = CRAM-MD5
> result_failure = continue-fail
> result_success = continue-ok
> }
> passdb {
> args = /etc/dovecot/passdb-domain-ldap.conf.ext
> driver = ldap
> mechanisms = LOGIN,PLAIN
> result_failure = return-fail
> result_success = continue-ok
> }
> plugin {
> mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
> mail_log_fields = uid box msgid size
> zlib_save = gz
> zlib_save_level = 6
> }
> protocols = " imap pop3"
> service auth {
> unix_listener auth-client {
> group = dovecot_auth
> mode = 0660
> user = $default_internal_user
> }
> }
> service doveadm {
> group = pop
> inet_listener {
> port = 12345
> }
> user = pop
> }
> service imap-login {
> process_min_avail = 24
> service_count = 0
> }
> service pop3-login {
> process_min_avail = 24
> service_count = 0
> }
> ssl = required
> ssl_cert = </etc/ssl/certs/star_domain_de.crt
> ssl_cipher_list =
> ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> verbose_proctitle = yes
