Closed Unkn0wnCat closed 1 year ago
Is it fixed with 2022-08b?
@DerLinkman
I've got good news, and I've got bad news. Bad News: It's not fixed. Good news: I got a log this time!
mailcowdockerized-postfix-mailcow-1 | Sep 10 01:16:55 c7a4b538881b postfix/smtpd[449]: connect from mail-lf1-x130.google.com[2a00:1450:4864:20::130]
mailcowdockerized-postfix-mailcow-1 | Sep 10 01:16:55 c7a4b538881b postfix/smtpd[449]: Anonymous TLS connection established from mail-lf1-x130.google.com[2a00:1450:4864:20::130] to mailcow.1in9.net: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
mailcowdockerized-postfix-mailcow-1 | Sep 10 01:16:55 c7a4b538881b postfix/smtpd[449]: B15F920A944: client=mail-lf1-x130.google.com[2a00:1450:4864:20::130]
mailcowdockerized-postfix-mailcow-1 | Sep 10 01:16:55 c7a4b538881b postfix/cleanup[451]: B15F920A944: message-id=<CA+rbFwuRJWaR_Ke0RMErL-j8PY0LCT8p2SDvdAQsEPameN1Z5g@mail.gmail.com>
mailcowdockerized-clamd-mailcow-1 | Sat Sep 10 01:16:55 2022 -> instream(172.22.1.13@35506): OK
mailcowdockerized-php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::e - 10/Sep/2022:01:16:56 +0200 "HEAD /settings.php" 304
mailcowdockerized-nginx-mailcow-1 | 172.22.1.13 - - [10/Sep/2022:01:16:56 +0200] "HEAD /settings.php HTTP/1.1" 304 0 "-" "rspamd-3.2"
mailcowdockerized-postfix-mailcow-1 | Sep 10 01:16:57 c7a4b538881b postfix/smtps/smtpd[394]: connect from unknown[5.34.207.172]
mailcowdockerized-php-fpm-mailcow-1 | 172.22.1.11 - 10/Sep/2022:01:16:59 +0200 "GET /bcc.php" 200
mailcowdockerized-nginx-mailcow-1 | 172.22.1.13 - - [10/Sep/2022:01:16:59 +0200] "GET /bcc.php HTTP/1.1" 200 5 "-" "rspamd-3.2"
mailcowdockerized-php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::e - 10/Sep/2022:01:16:59 +0200 "GET /bcc.php" 200
mailcowdockerized-nginx-mailcow-1 | 172.22.1.13 - - [10/Sep/2022:01:16:59 +0200] "GET /bcc.php HTTP/1.1" 200 5 "-" "rspamd-3.2"
mailcowdockerized-php-fpm-mailcow-1 | 172.22.1.11 - 10/Sep/2022:01:16:59 +0200 "GET /bcc.php" 200
mailcowdockerized-nginx-mailcow-1 | 172.22.1.13 - - [10/Sep/2022:01:16:59 +0200] "GET /bcc.php HTTP/1.1" 200 5 "-" "rspamd-3.2"
mailcowdockerized-php-fpm-mailcow-1 | 172.22.1.11 - 10/Sep/2022:01:16:59 +0200 "GET /bcc.php" 200
mailcowdockerized-nginx-mailcow-1 | 172.22.1.13 - - [10/Sep/2022:01:16:59 +0200] "GET /bcc.php HTTP/1.1" 200 5 "-" "rspamd-3.2"
mailcowdockerized-php-fpm-mailcow-1 | [10-Sep-2022 01:16:59] WARNING: [pool system-worker] child 62 said into stderr: "NOTICE: PHP message: RCPT RESOVLER: http pipe: query kevin@kevink.dev as username from mailbox"
mailcowdockerized-php-fpm-mailcow-1 | [10-Sep-2022 01:16:59] WARNING: [pool system-worker] child 62 said into stderr: "NOTICE: PHP message: RCPT RESOVLER: http pipe: mailbox found: kevin@kevink.dev"
mailcowdockerized-php-fpm-mailcow-1 | [10-Sep-2022 01:16:59] WARNING: [pool system-worker] child 62 said into stderr: "NOTICE: PHP message: RCPT RESOVLER: http pipe: goto array count on loop #1 is 0"
mailcowdockerized-php-fpm-mailcow-1 | [10-Sep-2022 01:16:59] WARNING: [pool system-worker] child 62 said into stderr: "NOTICE: PHP message: NOTIFY: pushover pipe: processing pushover message for rcpt kevin@kevink.dev"
mailcowdockerized-nginx-mailcow-1 | 2022/09/10 01:16:59 [error] 24#24: *122 FastCGI sent in stderr: "PHP message: RCPT RESOVLER: http pipe: query kevin@kevink.dev as username from mailbox
mailcowdockerized-php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::e - 10/Sep/2022:01:16:59 +0200 "POST /pushover.php" 200
mailcowdockerized-nginx-mailcow-1 | PHP message: RCPT RESOVLER: http pipe: mailbox found: kevin@kevink.dev
mailcowdockerized-nginx-mailcow-1 | PHP message: RCPT RESOVLER: http pipe: goto array count on loop #1 is 0
mailcowdockerized-nginx-mailcow-1 | PHP message: NOTIFY: pushover pipe: processing pushover message for rcpt kevin@kevink.dev" while reading response header from upstream, client: 172.22.1.13, server: _, request: "POST /pushover.php HTTP/1.1", upstream: "fastcgi://[fd4d:6169:6c63:6f77::b]:9001", host: "nginx"
mailcowdockerized-nginx-mailcow-1 | 172.22.1.13 - - [10/Sep/2022:01:16:59 +0200] "POST /pushover.php HTTP/1.1" 200 5 "-" "rspamd-3.2"
mailcowdockerized-rspamd-mailcow-1 | 2022-09-10 01:16:59 #44(normal) <54c62e>; task; rspamd_task_write_log: id: <CA+rbFwuRJWaR_Ke0RMErL-j8PY0LCT8p2SDvdAQsEPameN1Z5g@mail.gmail.com>, qid: <B15F920A944>, ip: 2a00:1450:4864:20::130, from: <kevinkandlbinder@gmail.com>, (default: F (no action): [2.61/475.00] [IP_REPUTATION_SPAM(3.62){asn: 15169(-0.08), country: US(-0.01), ip: 2a00:1450:4864:20::(1.00);},DMARC_POLICY_ALLOW(-0.50){gmail.com;none;},R_DKIM_ALLOW(-0.20){gmail.com:s=20210112;},R_SPF_ALLOW(-0.20){+ip6:2a00:1450:4000::/36;},MIME_GOOD(-0.10){multipart/alternative;text/plain;},MX_GOOD(-0.01){},ARC_NA(0.00){},ARC_SIGNED(0.00){kevink.dev:s=dkim:i=1;},ASN(0.00){asn:15169, ipnet:2a00:1450::/32, country:US;},BCC(0.00){},DKIM_TRACE(0.00){gmail.com:+;},DWL_DNSWL_NONE(0.00){gmail.com:dkim;},FREEMAIL_ENVFROM(0.00){gmail.com;},FREEMAIL_FROM(0.00){gmail.com;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},MID_RHS_MATCH_FROMTLD(0.00){},MIME_TRACE(0.00){0:+;1:+;2:~;},PREVIOUSLY_DELIVERED(0.00){kevin@kevink.dev;},RCPT_COUNT_ONE(0.00){1;},RCPT_MAILCOW_DOMAIN(0.00){kevink.dev;},RCVD_COUNT_TWO(0.00){2;},RCVD_IN_DNSWL_NONE(0.00){2a00:1450:4864:20::130:from;},RCVD_TLS_LAST(0.00){},TO_DN_EQ_ADDR_ALL(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 2918, time: 3954.771ms, dns req: 34, digest: <aa79db6514ecbed850c161311d664014>, rcpts: <kevin@kevink.dev>, mime_rcpts: <kevin@kevink.dev>
mailcowdockerized-rspamd-mailcow-1 | 2022-09-10 01:16:59 #44(normal) <54c62e>; task; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 3 regexps matched, 3254 regexps total, 2992 regexps cached, 0B scanned using pcre, 1.76KiB scanned total
mailcowdockerized-postfix-mailcow-1 | Sep 10 01:16:59 c7a4b538881b postfix/qmgr[379]: B15F920A944: from=<kevinkandlbinder@gmail.com>, size=3383, nrcpt=1 (queue active)
mailcowdockerized-dovecot-mailcow-1 | Sep 10 01:16:59 3a9b0a0efb57 dovecot: lmtp(508): Connect from fd4d:6169:6c63:6f77::f
mailcowdockerized-dovecot-mailcow-1 | Sep 10 01:16:59 3a9b0a0efb57 dovecot: lmtp(kevin@kevink.dev)<508><uOGBKmvJG2P8AQAAY0Dptw>: Panic: file hash.c: line 252 (hash_table_insert_node): assertion failed: (opcode == HASH_TABLE_OP_UPDATE)
mailcowdockerized-dovecot-mailcow-1 | Sep 10 01:16:59 3a9b0a0efb57 dovecot: lmtp(kevin@kevink.dev)<508><uOGBKmvJG2P8AQAAY0Dptw>: Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x42) [0x7f212e0d9582] -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x1e) [0x7f212e0d969e] -> /usr/lib/dovecot/libdovecot.so.0(+0x1022fb) [0x7f212e0e62fb] -> /usr/lib/dovecot/libdovecot.so.0(+0x102391) [0x7f212e0e6391] -> /usr/lib/dovecot/libdovecot.so.0(+0x55589) [0x7f212e039589] -> /usr/lib/dovecot/libdovecot.so.0(+0x563bf) [0x7f212e03a3bf] -> /usr/lib/dovecot/libdovecot-sieve.so.0(ext_include_binary_script_include+0x83) [0x7f212d322453] -> /usr/lib/dovecot/libdovecot-sieve.so.0(+0x6d693) [0x7f212d322693] -> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_binary_open+0x35d) [0x7f212d2f1f7d] -> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_open_script+0x72) [0x7f212d3122d2] -> /usr/lib/dovecot/modules/lib90_sieve_plugin.so(+0x2ddd) [0x7f212d381ddd] -> /usr/lib/dovecot/modules/lib90_sieve_plugin.so(+0x3931) [0x7f212d382931] -> /usr/lib/dovecot/libdovecot-lda.so.0(mail_deliver+0x179) [0x7f212e3288d9] -> dovecot/lmtp(lmtp_local_default_deliver+0x1d4) [0x5648bdf95724] -> dovecot/lmtp(lmtp_local_data+0x5ac) [0x5648bdf95e7c] -> dovecot/lmtp(client_default_cmd_data+0x18d) [0x5648bdf9483d] -> dovecot/lmtp(cmd_data_continue+0x180) [0x5648bdf945d0] -> /usr/lib/dovecot/libdovecot.so.0(+0x74ebb) [0x7f212e058ebb] -> /usr/lib/dovecot/libdovecot.so.0(+0x756fd) [0x7f212e0596fd] -> /usr/lib/dovecot/libdovecot.so.0(smtp_server_command_call_hooks+0xbe) [0x7f212e05d5be] -> /usr/lib/dovecot/libdovecot.so.0(smtp_server_command_next_to_reply+0x55) [0x7f212e05d685] -> /usr/lib/dovecot/libdovecot.so.0(+0x7e3ba) [0x7f212e0623ba] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7f212e0fc529] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x96) [0x7f212e0fc616] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x40) [0x7f212e0fc790] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f212e06f353] -> dovecot/lmtp(main+0x22a) [0x5648bdf9327a] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xea) [0x7f212de41d0a] -> dovecot/lmtp(_start+0x2a) [0x5648bdf9338a]
mailcowdockerized-postfix-mailcow-1 | Sep 10 01:16:59 c7a4b538881b postfix/smtps/smtpd[394]: Anonymous TLS connection established from unknown[5.34.207.172]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
mailcowdockerized-postfix-mailcow-1 | Sep 10 01:17:00 c7a4b538881b postfix/lmtp[452]: B15F920A944: lost connection with dovecot[fd4d:6169:6c63:6f77::10] while sending end of data -- message may be sent more than once
mailcowdockerized-dovecot-mailcow-1 | Sep 10 01:17:00 3a9b0a0efb57 dovecot: lmtp(kevin@kevink.dev)<508><uOGBKmvJG2P8AQAAY0Dptw>: Fatal: master: service(lmtp): child 508 killed with signal 6 (core dumped)
mailcowdockerized-dovecot-mailcow-1 | Sep 10 01:17:00 3a9b0a0efb57 dovecot: lmtp(546): Connect from 172.22.1.253
mailcowdockerized-dovecot-mailcow-1 | Sep 10 01:17:00 3a9b0a0efb57 dovecot: lmtp(kevin@kevink.dev)<546><tAUvCWzJG2MiAgAAY0Dptw>: Panic: file hash.c: line 252 (hash_table_insert_node): assertion failed: (opcode == HASH_TABLE_OP_UPDATE)
mailcowdockerized-dovecot-mailcow-1 | Sep 10 01:17:00 3a9b0a0efb57 dovecot: lmtp(kevin@kevink.dev)<546><tAUvCWzJG2MiAgAAY0Dptw>: Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x42) [0x7f34b1f6d582] -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x1e) [0x7f34b1f6d69e] -> /usr/lib/dovecot/libdovecot.so.0(+0x1022fb) [0x7f34b1f7a2fb] -> /usr/lib/dovecot/libdovecot.so.0(+0x102391) [0x7f34b1f7a391] -> /usr/lib/dovecot/libdovecot.so.0(+0x55589) [0x7f34b1ecd589] -> /usr/lib/dovecot/libdovecot.so.0(+0x563bf) [0x7f34b1ece3bf] -> /usr/lib/dovecot/libdovecot-sieve.so.0(ext_include_binary_script_include+0x83) [0x7f34b11b6453] -> /usr/lib/dovecot/libdovecot-sieve.so.0(+0x6d693) [0x7f34b11b6693] -> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_binary_open+0x35d) [0x7f34b1185f7d] -> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_open_script+0x72) [0x7f34b11a62d2] -> /usr/lib/dovecot/modules/lib90_sieve_plugin.so(+0x2ddd) [0x7f34b1215ddd] -> /usr/lib/dovecot/modules/lib90_sieve_plugin.so(+0x3931) [0x7f34b1216931] -> /usr/lib/dovecot/libdovecot-lda.so.0(mail_deliver+0x179) [0x7f34b21bc8d9] -> dovecot/lmtp(lmtp_local_default_deliver+0x1d4) [0x556ac3b74724] -> dovecot/lmtp(lmtp_local_data+0x5ac) [0x556ac3b74e7c] -> dovecot/lmtp(client_default_cmd_data+0x18d) [0x556ac3b7383d] -> dovecot/lmtp(cmd_data_continue+0x180) [0x556ac3b735d0] -> /usr/lib/dovecot/libdovecot.so.0(+0x74ebb) [0x7f34b1eecebb] -> /usr/lib/dovecot/libdovecot.so.0(+0x756fd) [0x7f34b1eed6fd] -> /usr/lib/dovecot/libdovecot.so.0(smtp_server_command_call_hooks+0xbe) [0x7f34b1ef15be] -> /usr/lib/dovecot/libdovecot.so.0(smtp_server_command_next_to_reply+0x55) [0x7f34b1ef1685] -> /usr/lib/dovecot/libdovecot.so.0(+0x7e3ba) [0x7f34b1ef63ba] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7f34b1f90529] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x96) [0x7f34b1f90616] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x40) [0x7f34b1f90790] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f34b1f03353] -> dovecot/lmtp(main+0x22a) [0x556ac3b7227a] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xea) [0x7f34b1cd5d0a] -> dovecot/lmtp(_start+0x2a) [0x556ac3b7238a]
mailcowdockerized-dovecot-mailcow-1 | Sep 10 01:17:00 3a9b0a0efb57 dovecot: lmtp(kevin@kevink.dev)<546><tAUvCWzJG2MiAgAAY0Dptw>: Fatal: master: service(lmtp): child 546 killed with signal 6 (core dumped)
mailcowdockerized-postfix-mailcow-1 | Sep 10 01:17:00 c7a4b538881b postfix/lmtp[452]: B15F920A944: to=<kevin@kevink.dev>, relay=dovecot[172.22.1.250]:24, delay=4.9, delays=4.1/0.02/0.45/0.37, dsn=4.4.2, status=deferred (lost connection with dovecot[172.22.1.250] while sending end of data -- message may be sent more than once)
mailcowdockerized-watchdog-mailcow-1 | Sat Sep 10 01:17:02 CEST 2022 Dovecot replication health level: 100% (20/20), health trend: 0
mailcowdockerized-watchdog-mailcow-1 | Sat Sep 10 01:17:03 CEST 2022 Fail2ban health level: 100% (1/1), health trend: 0
mailcowdockerized-postfix-mailcow-1 | Sep 10 01:17:06 c7a4b538881b postfix/smtps/smtpd[394]: warning: unknown[5.34.207.172]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
mailcowdockerized-netfilter-mailcow-1 | 5.34.207.172 matched rule id 1 (warning: unknown[5.34.207.172]: SASL LOGIN authentication failed: UGFzc3dvcmQ6)
mailcowdockerized-netfilter-mailcow-1 | 1 more attempts in the next 600 seconds until 5.34.207.0/24 is banned
mailcowdockerized-watchdog-mailcow-1 | Sat Sep 10 01:17:06 CEST 2022 Unbound health level: 100% (5/5), health trend: 0
mailcowdockerized-rspamd-mailcow-1 | 2022-09-10 01:17:07 #43(controller) <6bf684>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3254 regexps total, 2444 regexps cached, 0B scanned using pcre, 102B scanned total
mailcowdockerized-watchdog-mailcow-1 | Sat Sep 10 01:17:07 CEST 2022 Rspamd health level: 100% (5/5), health trend: 0
mailcowdockerized-postfix-mailcow-1 | Sep 10 01:17:08 c7a4b538881b postfix/smtps/smtpd[394]: lost connection after AUTH from unknown[5.34.207.172]
mailcowdockerized-postfix-mailcow-1 | Sep 10 01:17:08 c7a4b538881b postfix/smtps/smtpd[394]: disconnect from unknown[5.34.207.172] ehlo=1 auth=0/1 rset=1 commands=2/3
mailcowdockerized-watchdog-mailcow-1 | Sat Sep 10 01:17:09 CEST 2022 Olefy health level: 100% (5/5), health trend: 0
Have you tried to insert this script via the mailcow UI?
You can click on validate and see if this one works with mailcow.
@DerLinkman
I've added it via the web-UI now, and that forced me to remove the require "include";
statement at the top and all return;
statements. It works now, but still kinda weird it's possible for any user to essentially perform a Denial of Service against the mailcow stack by uploading a Sievescript which includes include
and then receiving mail.
Although my personal issue is somewhat fixed / worked around, I still think the root issue needs to be addressed urgently!
That's definitely critical and has to been tracked down!
But for clarification does it worked before?
It did not let me save without rewriting it
Understood and reproduceable.
But I was asking: Was it working before the August update?
Jup it broke right post-update, unfortunately I can't 100% say from which version I updated.
All I can say is it was working, I ran ./update.sh
and it stopped working instantly with me realizing the next day when no mail came in for 20 hours 😛
By the way, for me it could also only be fixed by mounting the mail directory and manually removing the sieve script files, so if anyone else is stuck at any point past return:
docker run --rm -i -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim bash
cd
to /vmail
and find the offending sieve scriptsmv
them to /backup
(or delete them if you have copies elsewhere)At least that's how I did it
I have the same issue. This fix worked for me, although I needed to allocate a pseudo-tty using the command:
docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim bash
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Contribution guidelines
I've found a bug and checked that ...
Description
After the newest update my mail server did not come back up fully. Dovecot was caught in a crash loop due to not being able to compile my sieve scripts. The sieve scripts were all uploaded using the ManageSieve protocol as a normal user.
I needed to mount the vmail directory and manually remove the sieve scripts to get Dovecot to start again. Unfortunately when Dovecot was crash-looping, all incoming mail was voided for almost 24 hours.
I tried re-adding the scripts afterwards one-by-one over ManageSieve, but even though no errors were displayed anywhere, Dovecot once again started voiding my mail.
Logs
Steps to reproduce
System information
docker version
)docker-compose version
)git describe --tags `git rev-list --tags --max-count=1`
)Output of
git diff origin/master
, any other changes to the code? If so, please post them:All third-party firewalls and custom iptables rules are unsupported. Please check the Docker docs about how to use Docker with your own ruleset. Nevertheless, iptabels output can help us to help you: iptables -L -vn:
ip6tables -L -vn:
iptables -L -vn -t nat:
ip6tables -L -vn -t nat:
DNS problems? Please run
docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254
(set the IP accordingly, if you changed the internal mailcow network) and post the output: