Ubuntu
dovecot package

Bug #671065
Comment #2

Comment 2 for bug 671065

Revision history for this message

Grondr (grondr) wrote on 2011-07-09:

This is problematic because it lays a trap. Just because the special package
sets up mailbox_command to do this doesn't mean the bug won't screw someone
who thinks that deliver will obey inclusions. It's -especially- bad if someone tries
to use virtual domains and hence removes that mailbox_command and thinks
that their virtual-domain solution will work if they don't use -c in the line in Postfix's
master.cf. It also screws anyone who happens to install Postfix, and then much
later installs just the Dovecot package instead of the postfix-dovecot superpackage.
Basically, it's totally fragile---if they don't install Dovecot in exactly the way you
anticipate, or if they make what looks like a change that -should- work, it doesn't.

I very nearly fell into this trap just now by rearranging some files; I only noticed
the bug because I was trying to find a definitive syntax definition for how include_try
was supposed to work and noticed this bug in Google. That one obscure comment
in dovecot.conf is easy to overlook (I did, even though I've been making changes in
that file for a week or two now), -and-, if you start from Postfix's main.cf entry, there
is -no- comment warning you that you can't simply eliminate what looks like a totally
wasteful "-c /etc..." and rely on the normal conf-file-parsing logic to include what you
thought was the configuration for deliver. It looks like someone put it in there in a
misguided attempt at efficiency ("hey, why have deliver have to parse the whole file
when it can parse just this piece?") and not because it's papering over a bug.

So even though I didn't get zapped by this, it was only by chance, and I'd have spent
a long time trying to figure out what happened if I had.

There are fundamentally two bugs here:
o The upstream deliver bug (doesn't notice include{_try}) needs to be fixed.
o In -every single place- that Postfix's configuration file is explicitly rewritten to point
   to the included file directly, a very clear comment should be left explaining why it
   does that, probably pointing to this bug URL, so people know why and when it might
   have been fixed.

Even that latter part doesn't help people who install Dovecot as its own package,
unless there's some post-inst that tells them about it; I haven't checked. I don't
have a good solution for that, except to make the "deliver doesn't read includes"
comment in dovecot.conf -much- more noticeable, such as by putting it in uppercase
and at both the beginning and the end of that file. (I was going to also say, "and in
deliver's manpage", but it doesn't appear to have one.)

This is problematic because it lays a trap.  Just because the special package
sets up mailbox_command to do this doesn't mean the bug won't screw someone
who thinks that deliver will obey inclusions.  It's -especially- bad if someone tries
to use virtual domains and hence removes that mailbox_command and thinks
that their virtual-domain solution will work if they don't use -c in the line in Postfix's
master.cf.  It also screws anyone who happens to install Postfix, and then much
later installs just the Dovecot package instead of the postfix-dovecot superpackage.
Basically, it's totally fragile---if they don't install Dovecot in exactly the way you
anticipate, or if they make what looks like a change that -should- work, it doesn't.

I very nearly fell into this trap just now by rearranging some files; I only noticed
the bug because I was trying to find a definitive syntax definition for how include_try
was supposed to work and noticed this bug in Google.  That one obscure comment
in dovecot.conf is easy to overlook (I did, even though I've been making changes in
that file for a week or two now), -and-, if you start from Postfix's main.cf entry, there
is -no- comment warning you that you can't simply eliminate what looks like a totally
wasteful "-c /etc..." and rely on the normal conf-file-parsing logic to include what you
thought was the configuration for deliver.  It looks like someone put it in there in a
misguided attempt at efficiency ("hey, why have deliver have to parse the whole file
when it can parse just this piece?") and not because it's papering over a bug.

So even though I didn't get zapped by this, it was only by chance, and I'd have spent
a long time trying to figure out what happened if I had.

Even that latter part doesn't help people who install Dovecot as its own package,
unless there's some post-inst that tells them about it; I haven't checked.  I don't
have a good solution for that, except to make the "deliver doesn't read includes"
comment in dovecot.conf -much- more noticeable, such as by putting it in uppercase
and at both the beginning and the end of that file.  (I was going to also say, "and in
deliver's manpage", but it doesn't appear to have one.)

Ubuntudovecot package

Comment 2 for bug 671065

Ubuntu
dovecot package