Fwd: dovecot submission max line length

[Kees van Vloten]

Op 14-11-2023 om 14:35 schreef Aki Tuomi:
On 14/11/2023 14:59 EET Kees van Vloten <keesvanvlo...@gmail.com> wrote:
Hi all,


After upgrading Debian Bullseye (Dovecot 2.3.13) to Bookworm (Dovcecot
2.3.19), submission-login returns an error on Kerberos authentication:
"Client sent invalid command: Command line is too long".

When I initially set this up on Bullseye I have seen the same issue, but
adding "imap_max_line_length = 2M" solved it.

Now with 2.3.19 kerberos authentication still works (with this setting)
for imap connections but it stopped working for submission.

Is there a new config setting for submission-login that I missed?  Or is
this a bug in 2.3.19?


- Kees.


You are probably running into a client-side issue. SMTP RFC says that 
all commands, including sasl ir, must be at most 998 bytes. Can you 
check if the client is sending AUTH KERBEROS which is longer than 998 
lines?

After AUTH KERBEROS you can send longer lines.

The client has not changed. I have just upgraded the server from 
Bullseye to Bookworm, without configuration changes to Dovecot. The only 
change is version 2.3.13 to 2.3.19, that is why my first suspicion is 
that something changed in dovecot submission-login.

The client is Thunderbird 102 and that has not changed for a long time 
(a year or so).

Is there a way to create debug logs that show the client communication 
to submission-login?  I had enabled "auth_debug" and "auth_verbose" in 
Dovecot but that seems to log the server side communication only (see 
below).

And even with that information, would it be possible to convince 
Thunderbird to send 'AUTH KERBEROS' if it does not do that already?

I logging I have is this:

Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: Sent: 220 mailserver.example.com Dovecot ready.
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: Sending replies
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: No more commands pending
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: Received new command: EHLO [192.168.1.106]
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command EHLO: New command
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command EHLO: Execute command
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command EHLO: Pipeline blocked
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command EHLO: 250 reply: Submitted
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command EHLO: Replied
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command EHLO: Ready to reply
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: Trigger output
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command EHLO: Next to reply
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: Sending replies
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command EHLO: Next to reply
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command EHLO: Completed
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command EHLO: Pipeline unblocked
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: Connection state reset
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command EHLO: 250 reply: Sent: 250-mailserver.example.com 
8BITMIME AUTH GSSAPI GSS-SPNEGO PLAIN BURL imap CHUNKING 
ENHANCEDSTATUSCODES SIZE PIPELINING
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command EHLO: Finished
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command EHLO: Destroy
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command EHLO: 250 reply: Destroy
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: Trigger output
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: No more commands pending
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: Sending replies
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: No more commands pending
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: Client sent invalid command: Command line is too long
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command [unknown]: Invalid command
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command [unknown]: 500 reply: Submitted
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command [unknown]: Replied
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command [unknown]: Ready to reply
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: Trigger output
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: Sending replies
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command [unknown]: Next to reply
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command [unknown]: Completed
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command [unknown]: 500 reply: Sent: 500 5.5.2 Line too long
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command [unknown]: Finished
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command [unknown]: Destroy
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: command [unknown]: 500 reply: Destroy
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: Trigger output
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: No more commands pending
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: Sending replies
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: No more commands pending
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: 
smtp-server: Remote closed connection: Connection closed

Do note that I redacted a column with the server ipaddress to make the 
lines a bit shorter and more readable.


- Kees


Aki
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org