Mailboxes with group: ACLs crashing imapd on delivery

[David Mayo]

Hi guys,

I am upgrading our Cyrus installation from 2.2.12 to 2.3.14 and just 
started looking at ACLs.

When I attempt to deliver to a mailbox with "group:" ACLs, LMTP crashes 
and will not deliver the message.

Here's the ACLs for the mailbox:

timaphost.bath.ac.uk> lam user.exim
exim lrswipkxtecda
ma9djm lrs
group:exim lrs

This is a grab of me doing an LMTP session to the frontend:

220 timaphost.bath.ac.uk Cyrus LMTP Murder v2.3.14 server ready
LHLO timaphost.bath.ac.uk
250-timaphost.bath.ac.uk
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-SIZE
250-STARTTLS
250-AUTH EXTERNAL
250 IGNOREQUOTA
MAIL FROM:<>
250 2.1.0 ok
RCPT TO:<exim at timaps.bath.ac.uk>
Connection to localhost closed by foreign host.

Relevant imapd.log lines:

May 29 15:57:53 sauber-z1.bath.ac.uk master[16505]: [ID 970914 
mail.error] process 16674 exited, signaled to death by 11
May 29 15:57:53 sauber-z1.bath.ac.uk master[16505]: [ID 621917 
mail.debug] service lmtp pid 16674 in BUSY state: terminated abnormally

If I take the group:exim ACL off the mailbox, it delivers fine. The Unix 
group exists on the MUPDATE master and the backend.

Relevant bits of imapd.conf:

seenstate_db: skiplist
duplicate_db: skiplist
subscription_db: skiplist
quota_db: skiplist
sasl_pwcheck_method: saslauthd
sasl_mech_list: plain gssapi
allowanonymouslogin: no
allowplaintext: yes
auth_mech: unix

We are using Cyrus-SASL/GSSAPI for authentication. We built imapd-2.2.12 
with --with-auth=unix but configure-2.3.14 does not have this option so 
we've set the auth_mech option in imapd.conf as above. Do any other 
values need to be set in configure or imapd.conf for this to work?

Can anyone suggest how to make this work and/or where to look for more 
information about why it's failing so horribly.

Regards,


Dave.

David Mayo
Networks/Systems Administrator
University of Bath Computing Services