New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Loop When Authenticating Against LDAP #259
Comments
If you turn up the debug level you should be able to discover what's causing the timeout. |
Also field_mail and field_fwdtarget are both set to mail. |
Also you need to change your password! |
Postfix log shows the email being transferred to LMTPD but the process sends a reset to the postfix process while receiving the data mid-session (according to PCAP output). Relevant log below for Postfix:
DBMail debug log:
The entries that grabs my attention are these where the LDAP lookup seems logical but then quesries mail=10001
It loops this query until checks [20] and LMTP appears to restart....
I have no use for the mail forwarding since one user will have one email and forwarding is moot. I changed it out of concern that not having a valid value may cause the condition I am seeing. If it can be left at default without concern then I will revert that change.
This is being tested in an air-gapped virtual environment to prove out a concept to build a live server with security in mind. The basic passwords for database and the random password for LDAP are not on any live systems. |
There are a few issues, there appears to be a loop, possibly due to the duplicate forward, perhaps comment that out. There is also an invalid free that I'll need to fix. I'll look at the code when I'm fresh tomorrow. I suspect commenting out field_fwdtarget might fix this issue. Feb 14 02:42:14 mail01 dbmail-lmtpd[20866]: [0x564f0cb1de00] Debug:[auth] __auth_get_every_match(+426): scan results for DN: [cn=user,ou=Users,dc=corp,dc=test,dc=domain] |
I attempted to send an email after commenting the field_fwdtarget entry as advised. A similar outcome ocurred. I will omit the postfix log since that cog appears to be working as intended. The only relevant entry is:
the DBMail log appears to be no longer looping so that is a benefit. The entries that give me pause are as follows:
The process checks for the uid from LDAP using the email as a refrence in the specified DN. This makes sense and is expected. The uid value is correctly ascertained, however the LMTP process then does another LDAP query using mail=10001 which will obviously come up with no entry. At this time the process appears to restart. I am making this observation and deduction based on the output inferring it is loading configuration by setting the debug level:
Full log output for the LMTP process below:
|
For further context, even using a telnet client to manually pipe an email causes this issue.
|
Subsequenst searches are red herrings, as userids is 10001 and that is where the email will be delivered Feb 14 19:07:54 mail01 dbmail-lmtpd[1720]: [0x563bcab62e00] Debug:[auth] auth_check_user_ext(+945): adding [10001] to userids Discovering what caused dbmail-lmtpd[1720] to stop and another to start dbmail-lmtpd[1741] may be key here. I'm using the following python test script. The need for the except block is smtplib.SMTPDataError is raised when it gets a 215 OK message. import uuid host = "::1" msg = """Return-Path: {from_name} <{from_addr}> Test line 1 """.format( #print(msg) try: |
I've been looking at the code starting at dsnuser_resolve(529), the delivery tries to identify the user. As delivery->address is an email address it checks if [user@test.domain] is a valid username, alias, or catchall dsnuser_resolve(+566). It then checks to see if there's an alias address_has_alias() and this calls auth_check_user_ext(). As it successfully found an alias it adds the user it to userids and returns 1 But this does not show up in trace address_has_alias(+255) "user [%s] found total of [%d] aliases" Is there a stack trace or perhaps you could debug? |
Perhaps you might be able to use the ubunto Dockerfile from https://github.com/dbmail/dbmail/tree/main/docker the image is here https://hub.docker.com/r/alanhicks/dbmail |
I am planning a Kubernetes deployment so I may move to DBMail at that time. |
I am trying to build a DBmail solution to replace my existing Citadel mail server.
OS is Debian 12. DB is Mariadb 10.11.4 DBmail is version 3.4.1 compiled from source for debian using the instructions and adding the --with-ldap flag.
The core issue seems to be that the LDAP query eventually loops from querying for the user ID using mail=user@email.domain and suceeds but then for some reason queries again for mail=. Other odd issues also are present where the LMTP process seems to be continuously crashing.
I am not certain if this is because my alias table is incorrect. When LDAP populates users in the MySQL database it correctly creates the user but no aliases. I attempted to populate the aliases manually in leiu of determining how to ensure they populate as expected. I can log in with a mail client and send an email from my test user to itself but the email never comes back to the inbox.
Logs attached for postfix and DBMail debug outputs when attempting to send an email from user@test.domain to user@test.domain.
postfix.log
dbmail.log
Below is the conf files and other outputs.
dbmail.conf
Systemd files
The text was updated successfully, but these errors were encountered: