Mailboxes with group: ACLs crashing imapd on delivery

[Simon Matter]

> Hi guys,
>
> I am upgrading our Cyrus installation from 2.2.12 to 2.3.14 and just
> started looking at ACLs.
>
> When I attempt to deliver to a mailbox with "group:" ACLs, LMTP crashes
> and will not deliver the message.
>
> Here's the ACLs for the mailbox:
>
> timaphost.bath.ac.uk> lam user.exim
> exim lrswipkxtecda
> ma9djm lrs
> group:exim lrs
>
> This is a grab of me doing an LMTP session to the frontend:
>
> 220 timaphost.bath.ac.uk Cyrus LMTP Murder v2.3.14 server ready
> LHLO timaphost.bath.ac.uk
> 250-timaphost.bath.ac.uk
> 250-8BITMIME
> 250-ENHANCEDSTATUSCODES
> 250-PIPELINING
> 250-SIZE
> 250-STARTTLS
> 250-AUTH EXTERNAL
> 250 IGNOREQUOTA
> MAIL FROM:<>
> 250 2.1.0 ok
> RCPT TO:<exim at timaps.bath.ac.uk>
> Connection to localhost closed by foreign host.
>
> Relevant imapd.log lines:
>
> May 29 15:57:53 sauber-z1.bath.ac.uk master[16505]: [ID 970914
> mail.error] process 16674 exited, signaled to death by 11
> May 29 15:57:53 sauber-z1.bath.ac.uk master[16505]: [ID 621917
> mail.debug] service lmtp pid 16674 in BUSY state: terminated abnormally
>
> If I take the group:exim ACL off the mailbox, it delivers fine. The Unix
> group exists on the MUPDATE master and the backend.
>
> Relevant bits of imapd.conf:
>
> seenstate_db: skiplist
> duplicate_db: skiplist
> subscription_db: skiplist
> quota_db: skiplist
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: plain gssapi
> allowanonymouslogin: no
> allowplaintext: yes
> auth_mech: unix
>
> We are using Cyrus-SASL/GSSAPI for authentication. We built imapd-2.2.12
> with --with-auth=unix but configure-2.3.14 does not have this option so
> we've set the auth_mech option in imapd.conf as above. Do any other
> values need to be set in configure or imapd.conf for this to work?
>
> Can anyone suggest how to make this work and/or where to look for more
> information about why it's failing so horribly.

Could you try 2.3.13?
Would be very interesting to see whether it makes a difference.

Simon