Devuan bug report logs - #661
dovecot fails to authenticate system users

Package: dovecot-core; Reported by: David Matthews <[email protected]>; Done: Mark Hindley <[email protected]>; Maintainer for dovecot-core is (unknown).

Message received at [email protected]:

Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> 
Date: Sun, 19 Feb 2023 13:47:39 +0000
From: Mark Hindley <[email protected]>
To: [email protected]
Cc: David Matthews <[email protected]>
Subject: Re: bug#661: dovecot fails to authenticate system users
Message-ID: <Y/[email protected]>
References: <[email protected]>
 <[email protected]>
 <Y/IQOF/[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Y/IQOF/[email protected]>

Review of installed binaries revealed fscrypt which is implemented in golang and
hooks PAM authentication with libpam-fscrypt.

Closing.

Mark

Notification sent to David Matthews <[email protected]>:
bug acknowledged by developer. Full text available.

Reply sent to Mark Hindley <[email protected]>:
You have taken responsibility. Full text available.

Removed tag(s) moreinfo. Request was from Mark Hindley <[email protected]> to [email protected]. Full text available.

bug reassigned from package 'dovecot-imapd 1:2.3.13+dfsg1-2' to 'dovecot-core'. Request was from Mark Hindley <[email protected]> to [email protected]. Full text available.

Message received at [email protected]:

Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> 
Date: Sun, 19 Feb 2023 12:04:08 +0000
From: Mark Hindley <[email protected]>
To: [email protected]
Cc: David Matthews <[email protected]>
Subject: Re: bug#661: dovecot fails to authenticate system users
Message-ID: <Y/IQOF/[email protected]>
References: <[email protected]>
 <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[email protected]>

Control: reassign -1 dovecot-core

Resolved. Documenting details here for reference.

Set

 auth_debug=yes
 auth_verbose=yes

to produce

On Fri, Feb 17, 2023 at 03:21:00PM +0000, David Matthews wrote:
> hi Mark
> 
> root@bulawayo:/home/david# doveadm auth test david@localhost
> Password: 
> passdb: david@localhost auth failed
> extra fields:
>   user=david@localhost
>   code=temp_fail
> 
> (same if I do david@bulawayo BTW)
> 
> and a grep at mail.warn:-
> 
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: fatal error: failed to reserve page summary memory
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: 
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime stack:
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime.throw(0x7f18f8934292, 0x25)
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: #011runtime/panic.go:1116 +0x74 fp=0x7f18f8641b30 sp=0x7f18f8641b00 pc=0x7f18f8762474
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime.(*pageAlloc).sysInit(0x7f18f8b20428)
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: #011runtime/mpagealloc_64bit.go:80 +0x185 fp=0x7f18f8641bc0 sp=0x7f18f8641b30 pc=0x7f18f8758b25
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime.(*pageAlloc).init(0x7f18f8b20428, 0x7f18f8b20420, 0x7f18f8b3ab18)
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: #011runtime/mpagealloc.go:317 +0x77 fp=0x7f18f8641be8 sp=0x7f18f8641bc0 pc=0x7f18f8756517
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime.(*mheap).init(0x7f18f8b20420)
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: #011runtime/mheap.go:743 +0x24b fp=0x7f18f8641c10 sp=0x7f18f8641be8 pc=0x7f18f87534cb
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime.mallocinit()
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: #011runtime/malloc.go:480 +0x109 fp=0x7f18f8641c38 sp=0x7f18f8641c10 pc=0x7f18f8738c09
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime.schedinit()
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: #011runtime/proc.go:563 +0x65 fp=0x7f18f8641c90 sp=0x7f18f8641c38 pc=0x7f18f8765e25
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: runtime.rt0_go(0x7ffef46854f8, 0x2, 0x7ffef46854f8, 0x7f18f8642700, 0x7f18f91c4ea7, 0x0, 0x7f18f8642700, 0x7f18f8642700, 0xefb14e7355c6fbae, 0x7ffef4683b8e, ...)
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth-worker: Error: #011runtime/asm_amd64.s:214 +0x129 fp=0x7f18f8641c98 sp=0x7f18f8641c90 pc=0x7f18f8794c09
> /var/log/mail.warn:Feb 17 15:13:30 bulawayo dovecot: auth: Error: auth worker: Aborted PASSV request for david@localhost: Worker process died unexpectedl


This problem with changes to the golang allocator is known upstream[1]. They
tolerate a memory requirement of 4096MB[2].

Configuring dovecot with

 default_vsz_limit = 4096M

restored normal function.

Mark

[1]  https://github.com/golang/go/issues/38010

[2]  https://github.com/golang/go/issues/38010#issuecomment-691772381

Acknowledgement sent to Mark Hindley <[email protected]>:
Extra info received and forwarded to list. Copy sent to [email protected]. Full text available.

Information forwarded to [email protected], [email protected]:
bug#661; Package dovecot-imapd 1:2.3.13+dfsg1-2. Full text available.

Message received at [email protected]:

Received: (at 661) by bugs.devuan.org; 14 Feb 2023 09:42:04 +0000
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from email.devuan.org [2001:41d0:2:d06e::5c4:2612]
	by doc.devuan.org with IMAP (fetchmail-6.4.16)
	for <debbugs@localhost> (single-drop); Tue, 14 Feb 2023 09:42:04 +0000 (UTC)
Received: from email.devuan.org
	by email.devuan.org with LMTP
	id q/IeMmFX62PPUgAAmSBk0A
	(envelope-from <[email protected]>)
	for <[email protected]>; Tue, 14 Feb 2023 09:41:53 +0000
Received: by email.devuan.org (Postfix, from userid 109)
	id C1E08A1; Tue, 14 Feb 2023 09:41:53 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org
X-Spam-Level: 
X-Spam-Status: No, score=0.4 required=5.0 tests=RDNS_DYNAMIC,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.6
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> 
Received: from mx.hindley.org.uk (193-36-131-86.cfwn.uk [193.36.131.86])
	by email.devuan.org (Postfix) with ESMTPS id 78FE884
	for <[email protected]>; Tue, 14 Feb 2023 09:41:53 +0000 (UTC)
Received: from apollo.hindleynet ([192.168.1.3] helo=hindley.org.uk)
	by mx.hindley.org.uk with smtp (Exim 4.84_2)
	(envelope-from <[email protected]>)
	id 1pRrou-0003ai-Ae; Tue, 14 Feb 2023 09:41:52 +0000
Received: (nullmailer pid 17954 invoked by uid 1000);
	Tue, 14 Feb 2023 09:41:52 -0000
Date: Tue, 14 Feb 2023 09:41:52 +0000
From: Mark Hindley <[email protected]>
To: David Matthews <[email protected]>
Cc: [email protected]
Subject: Re: bug#661: dovecot fails to authenticate system users
Message-ID: <[email protected]>
References: <[email protected]>
 <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[email protected]>

David,

On Tue, Feb 14, 2023 at 08:50:39AM +0000, David Matthews wrote:
> I run Devuan on my laptop which I use for development, but Debian on the VM
> that hosts my mail exchanger. I've not done any development for quite a few
> months, so I can't be definitive, but as above, presumably the problem is
> still in Devuan (but not Debian).

None of the packages are different. Devuan uses Debian's dovecot packages
directly without recompilation, so it is difficult to see why there is an issue
on Devuan but not Debian.

> I could make sure everything is up to date and run up my development
> environment and check if that would be helpful.

Yes, very. Thanks.

Mark

Acknowledgement sent to Mark Hindley <[email protected]>:
Extra info received and forwarded to list. Copy sent to [email protected]. Full text available.

Information forwarded to [email protected], [email protected]:
bug#661; Package dovecot-imapd 1:2.3.13+dfsg1-2. Full text available.

Added tag(s) moreinfo. Request was from Mark Hindley <[email protected]> to [email protected]. Full text available.

Message received at [email protected]:

Received: (at 661) by bugs.devuan.org; 14 Feb 2023 08:30:19 +0000
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from email.devuan.org [2001:41d0:2:d06e::5c4:2612]
	by doc.devuan.org with IMAP (fetchmail-6.4.16)
	for <debbugs@localhost> (single-drop); Tue, 14 Feb 2023 08:30:19 +0000 (UTC)
Received: from email.devuan.org
	by email.devuan.org with LMTP
	id YN+eIZdG62MjUAAAmSBk0A
	(envelope-from <[email protected]>)
	for <[email protected]>; Tue, 14 Feb 2023 08:30:15 +0000
Received: by email.devuan.org (Postfix, from userid 109)
	id 70DDFA1; Tue, 14 Feb 2023 08:30:15 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org
X-Spam-Level: 
X-Spam-Status: No, score=0.4 required=5.0 tests=RDNS_DYNAMIC,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.6
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> 
Received: from mx.hindley.org.uk (193-36-131-86.cfwn.uk [193.36.131.86])
	by email.devuan.org (Postfix) with ESMTPS id 1D47484
	for <[email protected]>; Tue, 14 Feb 2023 08:30:15 +0000 (UTC)
Received: from apollo.hindleynet ([192.168.1.3] helo=hindley.org.uk)
	by mx.hindley.org.uk with smtp (Exim 4.84_2)
	(envelope-from <[email protected]>)
	id 1pRqhZ-00035I-9C; Tue, 14 Feb 2023 08:30:13 +0000
Received: (nullmailer pid 31029 invoked by uid 1000);
	Tue, 14 Feb 2023 08:30:13 -0000
Date: Tue, 14 Feb 2023 08:30:13 +0000
From: Mark Hindley <[email protected]>
To: David Matthews <[email protected]>, [email protected]
Subject: Re: bug#661: dovecot fails to authenticate system users
Message-ID: <Y+tGlXD/Uxg/[email protected]>
References: <[email protected]>
 <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[email protected]>
X-Debbugs-No-Ack: No Thanks

Control: tags -1 moreinfo

David,

Is this still an issue or did you find a solution?

Thanks

Mark

Information forwarded to [email protected], [email protected]:
bug#661; Package dovecot-imapd 1:2.3.13+dfsg1-2. Full text available.

Message received at [email protected]:

Received: (at submit) by bugs.devuan.org; 30 Jan 2022 13:51:14 +0000
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from tupac3.dyne.org [195.169.149.119]
	by doc.devuan.org with IMAP (fetchmail-6.4.16)
	for <debbugs@localhost> (single-drop); Sun, 30 Jan 2022 13:51:14 +0000 (UTC)
Received: from eurydice.default.davcmat.uk0.bigv.io (dmatthews.org [213.138.100.30])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.dyne.org (Postfix) with ESMTPS id 6B5C76613E4
	for <[email protected]>; Sun, 30 Jan 2022 14:50:30 +0100 (CET)
Authentication-Results: mail.dyne.org;
	dkim=pass (1024-bit key; unprotected) header.d=dmatthews.org [email protected] header.b="PCaNYTje";
	dkim-atps=neutral
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=dmatthews.org; s=202002; h=Content-Transfer-Encoding:Content-Type:
	MIME-Version:Subject:In-Reply-To:Message-ID:To:Reply-To:From:Date:Sender:Cc:
	Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
	Resent-To:Resent-Cc:Resent-Message-ID:References:List-Id:List-Help:
	List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
	bh=/yuZDn4PBy9nVLNwNs1pY/BbnsVG9oi2h3azfTVAtU0=; b=PCaNYTje4i5GhBo3JwEOXmiemm
	UPzT8k+fVTE9IW/npCwWy60/jZnOaHfgGnPpnQGABaPWzP0O3DXPj+tbng7b289U4xgCoQW09Ezzz
	Rk+gQXNEoNEyNPaLjJUaNXpWiTEbEuepVE2Kn4vqs2gt8A3vjO/Zeyy17htcXOAiN6jw=;
Received: from localhost ([127.0.0.1] helo=eurydice.default.davcmat.uk0.bigv.io)
	by eurydice.default.davcmat.uk0.bigv.io with esmtp (Exim 4.94.2)
	(envelope-from <[email protected]>)
	id 1nEAay-0000yg-Rg
	for [email protected]; Sun, 30 Jan 2022 13:50:29 +0000
Date: Sun, 30 Jan 2022 13:50:20 +0000 (GMT)
From: David Matthews <[email protected]>
Reply-To: David Matthews <[email protected]>
To: [email protected]
Message-ID: <[email protected]>
In-Reply-To: <[email protected]>
Subject: dovecot fails to authenticate system users
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,SPF_PASS,
	URIBL_BLOCKED autolearn=disabled version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail.dyne.org

Package: dovecot-imapd  1:2.3.13+dfsg1-2 

This *seems to be* a devuan problem on version 4 as there is no similar problem on debian 11 with identical config (see dovecot -n below). It commenced after a dist-upgrade from devuan 3 on *two* separate machines.

I've tried to get help with this on the dovecot list, but no one was able to find the problem; lack of devuan experience was sited. I also tried creating a new system user on the version 4 system, but the problem is the same. It appears that dovecot is unable to read /etc/shadow as it is possible to create virtual users as per
https://wiki.dovecot.org/HowTo/SimpleVirtualInstall

cat /etc/devuan_version
chimaera

telnet localhost 143
Trying 127.0.0.1...
Connected to bulawayo.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN] Dovecot (Debian) ready.
a login david xxxxxxxxx
a NO [UNAVAILABLE] Temporary authentication failure. [bulawayo:2022-01-29 21:46:29]

sudo dovecot -n
[sudo] password for david:
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.10.0-11-amd64 x86_64 Debian 11.1
# Hostname: bulawayo
auth_debug = yes
auth_verbose = yes
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/passwd
driver = passwd-file
}
passdb {
driver = pam
}
protocols = " imap"
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
args = uid=vmail gid=vmail home=/home/vmail/%u
driver = static
}
userdb {
driver = passwd
}

nb the problem existed before the first userdb block was added for virtual users.

--
David Matthews
[email protected]

Acknowledgement sent to David Matthews <[email protected]>:
New bug report received and forwarded. Copy sent to [email protected]. Full text available.

Report forwarded to [email protected], [email protected]:
bug#661; Package dovecot-imapd 1:2.3.13+dfsg1-2. Full text available.

Devuan bug report logs - #661 dovecot fails to authenticate system users

Message received at [email protected]:

Message received at [email protected]:

Message received at [email protected]:

Message received at [email protected]:

Message received at [email protected]:

Devuan bug report logs - #661
dovecot fails to authenticate system users