From thomas-lists at nybeta.com Mon Aug 1 04:53:31 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Sun, 31 Jul 2011 21:53:31 -0400 Subject: [Dovecot] Dovecot Backup In-Reply-To: References: Message-ID: <4E36071B.4080600@nybeta.com> On 7/31/2011 8:02 AM, spamvoll at googlemail.com wrote: > Hi.. > > are there any proofen Methods to backup all mail ? > > shutting down dovecot and tar the hole dir? > using rsnapshot? > > any hints / thoughts > > im running dovecot2 on freebsd We use rdiff-backup to another machine on the same network (for Maildir accounts). (Also talked about last month in the "Performance with 200k messages in Maildir" thread.) From noel.butler at ausics.net Mon Aug 1 08:22:32 2011 From: noel.butler at ausics.net (Noel Butler) Date: Mon, 01 Aug 2011 15:22:32 +1000 Subject: [Dovecot] Dovecot Backup In-Reply-To: References: Message-ID: <1312176152.17809.28.camel@tardis> On Sun, 2011-07-31 at 14:02 +0200, spamvoll at googlemail.com wrote: > Hi.. > > are there any proofen Methods to backup all mail ? > > shutting down dovecot and tar the hole dir? > using rsnapshot? > > any hints / thoughts > > im running dovecot2 on freebsd > I assume it's only a single stand alone server, with system passwd a/c's? It also depends on the type of use. Generally tar or rsync would be fine for that. A word of advice if using tar, do not use tar cvf"z" ... do cvf first, then use gzip in a second process pass, it is easier to recover from a corrupted file this way. But as your setup and/or requirements expand, so does your options. Even if you use a dedicated backend, like NetApp, dont rely solely on snapshots, use backup features as well. Depending on how important the mail is, doing a rolling 7 day rsync or tar might be required as well more than once a week. Do not rely on a single nightly rsync, if someone deletes that important message on Friday, and comes crying to you on Monday, it's tuff luck, in a corporate world that's unacceptable, in some countries it even contravenes commercial law acts. Often over looked is the god file.. you know, the one that decides who gets mail, be it passwd file or database. If your userbase is pretty much static, back it up daily, again on a rolling 7 days. if userbase changes often (eg: hosting), back it up hourly, and do a rolling backup every hour over 7 days, that's what we do, we also once a week back up those files by tar, they are kept indefinitely (read as: until my once a year clean out), but we do not do that for mail for privacy reasons, only 7 days then its gone for good. Best to have too many backup files, than not have a good one at all. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From hostmaster at taunusstein.net Mon Aug 1 11:26:42 2011 From: hostmaster at taunusstein.net (Christian Felsing) Date: Mon, 01 Aug 2011 10:26:42 +0200 Subject: [Dovecot] Update 2.0.12 -> 2.0.13 is broken Message-ID: <4E366342.8080708@taunusstein.net> Hello, today I tried to update 2.0.12 to 2.0.13, but I got those messages, only: Aug 1 10:20:27 mail dovecot: master: Dovecot v2.0.13 starting up (core dumps disabled) Aug 1 10:20:33 mail dovecot: imap-login: Login: user=<***@***.**>, method=PLAIN, rip=192.168.1.99, lip=192.168.1.1 , mpid=5123, TLS Aug 1 10:20:33 mail dovecot: imap-postlogin: Error: script-login: Error: user ***@***.**: Error reading configurati on: net_connect_unix(/opt/dovecot-2.0.13/var/run/dovecot/config) failed: Permission denied Aug 1 10:20:33 mail dovecot: imap-postlogin: Error: script-login: Fatal: Internal error occurred. Refer to server log for more info rmation. Aug 1 10:20:33 mail dovecot: log: Error: service(imap-postlogin): child 5124 returned error 89 (Fatal failure) What has happened ? Christian From jeff.vanepps at gmail.com Mon Aug 1 15:59:48 2011 From: jeff.vanepps at gmail.com (Jeff Van Epps) Date: Mon, 1 Aug 2011 08:59:48 -0400 Subject: [Dovecot] Clients can't retrieve new emails Message-ID: In a formerly working environment suddenly clients aren't notified of new emails and can't retrieve new emails. Server is Ubuntu 11.04 dovecot 1.2.15. Clients which fail are a Pre2 webOS 2.1 and TouchPad webOS 3.0 (those are OS versions, I don't know which particular flavor/version the IMAP clients are); there is also a Thunderbird 3.1.11 client on the same system as the server which works properly. The clients never report an error. I got as far as configuring rawlog: in: ~A2 NAMESPACE ~A3 SELECT "INBOX" ~A4 LIST "" * ~A5 UID STORE 0 +FLAGS.SILENT (\Seen) ~A6 UID STORE 0 +FLAGS.SILENT (\Seen) out: * OK [RAWLOG TIMESTAMP] 2011-08-01 08:28:33 ~A1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in * NAMESPACE (("" "/")) NIL NIL ~A2 OK Namespace completed. * FLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk Junk) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk Junk \*)] Flags permitted. * 101 EXISTS * 0 RECENT * OK [UNSEEN 63] First unseen. * OK [UIDVALIDITY 1222650706] UIDs valid * OK [UIDNEXT 863] Predicted next UID * OK [HIGHESTMODSEQ 1903] Highest ~A3 OK [READ-WRITE] Select completed. * LIST (\NoInferiors \UnMarked) "/" "Trash" * LIST (\NoInferiors \UnMarked) "/" "Sent" * LIST (\NoInferiors \UnMarked) "/" "INBOX" ~A4 OK List completed. ~A5 BAD Error in IMAP command UID STORE: Invalid uidset ~A6 BAD Error in IMAP command UID STORE: Invalid uidset I've searched and read messages saying that there is no such thing as UID 0. Okay. Why are the clients suddenly trying to use it? Why doesn't the server just ignore it? (it seems like it may be terminating the connection) What can I do about it? (I'll nag HP about the client side but I don't expect quick action. The server on the other hand is in my house.) dovecot -n output: # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.38-11-generic i686 Ubuntu 11.04 log_timestamp: %Y-%m-%d %H:%M:%S ssl_cert_file: /etc/ssl/certs/lordbah.com.crt ssl_key_file: /etc/ssl/private/lordbah.com.key ssl_key_password: --redacted-- disable_plaintext_auth: no verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login login_process_per_connection: no login_processes_count: 5 login_max_processes_count: 20 verbose_proctitle: yes mail_privileged_group: mail mail_location: mbox:~*/mail:INBOX=/var/mail/*%u mail_debug: yes mbox_write_locks: fcntl dotlock mail_executable: /usr/lib/dovecot/rawlog /usr/lib/dovecot/imap imap_client_workarounds: tb-extra-mailbox-sep auth default: verbose: yes debug: yes passdb: driver: pam userdb: driver: passwd -- Jeff Van Epps From me at junc.org Mon Aug 1 16:58:31 2011 From: me at junc.org (Benny Pedersen) Date: Mon, 01 Aug 2011 15:58:31 +0200 Subject: [Dovecot] Dovecot Backup In-Reply-To: References: Message-ID: <45f276a7f07fc1453ef521a09ad56962@junc.org> On Sun, 31 Jul 2011 14:02:57 +0200, spamvoll at googlemail.com wrote: > shutting down dovecot and tar the hole dir? > using rsnapshot? imapsync > im running dovecot2 on freebsd dsync have just used imapsync it needs one user and a user-backup login to work From thomas-lists at nybeta.com Mon Aug 1 17:45:41 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Mon, 01 Aug 2011 10:45:41 -0400 Subject: [Dovecot] dovecot-config file location on CentOS5 / RHEL5? Message-ID: <4E36BC15.6040601@nybeta.com> Using the pre-built RPM from ATRPMs. Where does the dovecot-config file get generated? Is there a flag in a config file that controls whether it gets created? Installed Packages Name : dovecot Arch : x86_64 Epoch : 1 Version : 2.0.13 Release : 1_129.el5 Size : 5.1 M Repo : installed Summary : Dovecot Secure imap server URL : http://www.dovecot.org/ License : MIT Do I have to install Dovecot from source in order to also use the Pigeonhole plug-in? From wgillespie+dovecot at es2eng.com Mon Aug 1 17:47:36 2011 From: wgillespie+dovecot at es2eng.com (Willie Gillespie) Date: Mon, 01 Aug 2011 08:47:36 -0600 Subject: [Dovecot] Update 2.0.12 -> 2.0.13 is broken In-Reply-To: <4E366342.8080708@taunusstein.net> References: <4E366342.8080708@taunusstein.net> Message-ID: <4E36BC88.4070603@es2eng.com> On 08/01/2011 02:26 AM, Christian Felsing wrote: > Hello, > > today I tried to update 2.0.12 to 2.0.13, but I got those messages, only: > > Aug 1 10:20:27 mail dovecot: master: Dovecot v2.0.13 starting up (core dumps disabled) > Aug 1 10:20:33 mail dovecot: imap-login: Login: user=<***@***.**>, method=PLAIN, rip=192.168.1.99, lip=192.168.1.1 > , mpid=5123, TLS > Aug 1 10:20:33 mail dovecot: imap-postlogin: Error: script-login: Error: user ***@***.**: Error reading configurati > on: net_connect_unix(/opt/dovecot-2.0.13/var/run/dovecot/config) failed: Permission denied > Aug 1 10:20:33 mail dovecot: imap-postlogin: Error: script-login: Fatal: Internal error occurred. Refer to server log for more info > rmation. > Aug 1 10:20:33 mail dovecot: log: Error: service(imap-postlogin): child 5124 returned error 89 (Fatal failure) > > What has happened ? Error reading configuration: net_connect_unix(/opt/dovecot-2.0.13/var/run/dovecot/config) failed: Permission denied Looks like permission is denied to this file. From sebastian.schlingmann at web.de Mon Aug 1 10:09:05 2011 From: sebastian.schlingmann at web.de (Sebastian Schlingmann) Date: Mon, 1 Aug 2011 09:09:05 +0200 Subject: [Dovecot] Dovecot and pigeonhole: mail not filtered Message-ID: <20110801090905.6e12077b@web.de> Hi everyone, I am running dovecot for quite some time now (currently version 2.0.13). Recently I tried to get Sieve and Managesieve to run. For this purpose I installed pigeonhole 0.2.3 and added sieve to the mail_plugins for lmtp and to the protocols. I also copied the sample 90-sieve.conf and 20-managesieve.conf into my /etc/dovecot/conf.d/ directory. In 90-sieve.conf I uncommented the sieve and sieve_dir options and set them to my desired values. After a restart of dovecot I was able to use my webmailer to add sieve scripts via the managesieve protocol. However the sieve scripts do not trigger. Is there any way to test if sieve is even executed when a mail arrives? mail_debug did not give me any relevant information. BTW: I checked my sieve script with the sieve-test command and it would execute the right action (move a mail into a directory). Bye Sebastian From frank at moltke28.B.Shuttle.DE Mon Aug 1 18:08:35 2011 From: frank at moltke28.B.Shuttle.DE (Frank Elsner) Date: Mon, 1 Aug 2011 17:08:35 +0200 Subject: [Dovecot] Update 2.0.12 -> 2.0.13 is broken In-Reply-To: <4E36BC88.4070603@es2eng.com> References: <4E366342.8080708@taunusstein.net> <4E36BC88.4070603@es2eng.com> Message-ID: (auto-added) On Mon, 01 Aug 2011 08:47:36 -0600 Willie Gillespie wrote: > On 08/01/2011 02:26 AM, Christian Felsing wrote: > > Hello, > > > > today I tried to update 2.0.12 to 2.0.13, but I got those messages, only: > > > > Aug 1 10:20:27 mail dovecot: master: Dovecot v2.0.13 starting up (core dumps disabled) > > Aug 1 10:20:33 mail dovecot: imap-login: Login: user=<***@***.**>, method=PLAIN, rip=192.168.1.99, lip=192.168.1.1 > > , mpid=5123, TLS > > Aug 1 10:20:33 mail dovecot: imap-postlogin: Error: script-login: Error: user ***@***.**: Error reading configurati > > on: net_connect_unix(/opt/dovecot-2.0.13/var/run/dovecot/config) failed: Permission denied > > Aug 1 10:20:33 mail dovecot: imap-postlogin: Error: script-login: Fatal: Internal error occurred. Refer to server log for more info > > rmation. > > Aug 1 10:20:33 mail dovecot: log: Error: service(imap-postlogin): child 5124 returned error 89 (Fatal failure) > > > > What has happened ? > > Error reading configuration: > net_connect_unix(/opt/dovecot-2.0.13/var/run/dovecot/config) failed: > Permission denied > > Looks like permission is denied to this file. I had the same problem. You may want to read the thread "Re: [Dovecot] v2.0.13 released" starting Wed, 11 May 2011 21:03:07 +0200 with Message-Id: --Frank Elsner From warden at geneseo.edu Mon Aug 1 18:33:30 2011 From: warden at geneseo.edu (David Warden) Date: Mon, 1 Aug 2011 11:33:30 -0400 Subject: [Dovecot] dovecot-config file location on CentOS5 / RHEL5? In-Reply-To: <4E36BC15.6040601@nybeta.com> References: <4E36BC15.6040601@nybeta.com> Message-ID: <5D642AD8-C651-433A-A920-DAED8FAE7EA0@geneseo.edu> On Aug 1, 2011, at 10:45 AM, Thomas Harold wrote: > Using the pre-built RPM from ATRPMs. Where does the dovecot-config file get generated? Is there a flag in a config file that controls whether it gets created? > > Installed Packages > Name : dovecot > Arch : x86_64 > Epoch : 1 > Version : 2.0.13 > Release : 1_129.el5 > Size : 5.1 M > Repo : installed > Summary : Dovecot Secure imap server > URL : http://www.dovecot.org/ > License : MIT > > Do I have to install Dovecot from source in order to also use the Pigeonhole plug-in? I'm pretty sure I'm using that RPM and you only get dovecot-config as part of dovecot-devel, which you will need to compile Pigeonhole. For me it is /usr/lib64/dovecot/dovecot-config. -David Warden From stephan at rename-it.nl Mon Aug 1 18:50:47 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 01 Aug 2011 17:50:47 +0200 Subject: [Dovecot] Dovecot and pigeonhole: mail not filtered In-Reply-To: <20110801090905.6e12077b@web.de> References: <20110801090905.6e12077b@web.de> Message-ID: <4E36CB57.3080705@rename-it.nl> Op 1-8-2011 9:09, Sebastian Schlingmann schreef: > Hi everyone, > > I am running dovecot for quite some time now (currently version 2.0.13). > Recently I tried to get Sieve and Managesieve to run. For this purpose > I installed pigeonhole 0.2.3 and added sieve to the mail_plugins for > lmtp and to the protocols. I also copied the sample 90-sieve.conf and > 20-managesieve.conf into my /etc/dovecot/conf.d/ directory. In > 90-sieve.conf I uncommented the sieve and sieve_dir options and set > them to my desired values. > > After a restart of dovecot I was able to use my webmailer to add sieve > scripts via the managesieve protocol. However the sieve scripts do not > trigger. > Is there any way to test if sieve is even executed when a mail arrives? > mail_debug did not give me any relevant information. > > BTW: I checked my sieve script with the sieve-test command and it would > execute the right action (move a mail into a directory). Are you actually using the Dovecot LDA or the LMTP service? Enabling the plugin is not enough. Your MTA (Postfix, Exim, etc) needs to use LDA or LMTP for local delivery. This is usually not the default. For LDA you can check this wiki page: http://wiki2.dovecot.org/LDA and the sub-page relevant to your MTA. Alternatively, you can use LTMP. For enabling LTMP in your particular MTA, you need to check its documentation. For the Dovecot side of LTMP you can check http://wiki2.dovecot.org/LMTP. Regards, Stephan. From thomas-lists at nybeta.com Mon Aug 1 19:45:15 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Mon, 01 Aug 2011 12:45:15 -0400 Subject: [Dovecot] dovecot-config file location on CentOS5 / RHEL5? In-Reply-To: <5D642AD8-C651-433A-A920-DAED8FAE7EA0@geneseo.edu> References: <4E36BC15.6040601@nybeta.com> <5D642AD8-C651-433A-A920-DAED8FAE7EA0@geneseo.edu> Message-ID: <4E36D81B.4040808@nybeta.com> On 8/1/2011 11:33 AM, David Warden wrote: > On Aug 1, 2011, at 10:45 AM, Thomas Harold wrote: > >> Using the pre-built RPM from ATRPMs. Where does the dovecot-config >> file get generated? Is there a flag in a config file that controls >> whether it gets created? >> >> Do I have to install Dovecot from source in order to also use the >> Pigeonhole plug-in? > > I'm pretty sure I'm using that RPM and you only get dovecot-config as > part of dovecot-devel, which you will need to compile Pigeonhole. For > me it is /usr/lib64/dovecot/dovecot-config. > > -David Warden Thanks. That was it, I did not have dovecot-devel installed from ATRPMs-Extras. I still had to tell ./configure where to find it though. ./configure --with-dovecot=/usr/lib64/dovecot/ (Which is good, because I was having trouble telling the dovecot source code config where to find the postgreSQL development packages for 9.0. PGSQL support is already compiled into the ATRPM build so I'm glad that I can just use that.) From thomas-lists at nybeta.com Mon Aug 1 21:22:15 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Mon, 01 Aug 2011 14:22:15 -0400 Subject: [Dovecot] Redelivery of messages in Maildir through sieve to be re-sorted Message-ID: <4E36EED7.40707@nybeta.com> http://wiki2.dovecot.org/HowTo/RefilterMail That solution looks great for a single user, but is it possible to do a larger version that runs for everyone on the server? I'm speaking specifically of a virtual setup where all mailboxes are owned by a common UID/GID. It seems like (with brief testing) that I could search for mail inside of a "Refilter" folder, like /var/vmail/domain.ext/username/Maildir/.Refilter/{cur|new}, and shove that through dovecot-lda. I would just need to put the username/domain.ext back together in the format of username at domain.ext. /usr/libexec/dovecot/dovecot-lda -e -d username at domain.ext -p (path to message) If dovecot-lda doesn't throw an error, then I could delete the message from the "Refilter" folder and move onto the next message. Or does Dovecot get horribly confused when messages vanish out of the "cur" folder? From thomas-lists at nybeta.com Mon Aug 1 23:11:32 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Mon, 01 Aug 2011 16:11:32 -0400 Subject: [Dovecot] sievec - manual compile of global sieve scripts? Message-ID: <4E370874.1080408@nybeta.com> How do you compile global scripts using the sievec command without making the script directory owned (and group writable) by the vmail user? http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage # cd /etc/dovecot/sieve/before/ # (edit some script like spam.sieve that runs for everyone) # /usr/local/bin/sievec spam.sieve spam.svbin sievec(root): Error: sieve: binary save: failed to create temporary file: open(spam.svbin.hostname.26921.) in directory /etc/dovecot/sieve/before failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: /etc/dovecot/sieve/before, euid is not dir owner) # ls -la /etc/dovecot/sieve/before/ drwxrwxr-x 2 root root 4096 Aug 1 15:56 . drwxr-xr-x 5 root root 4096 Aug 1 13:23 .. -rw-rw-r-- 1 root root 477 Aug 1 15:33 spam.sieve Or do I just make the /etc/dovecot/sieve/ tree owned and writable by the vmail:vmail user? (Which worked, but seems like a bad idea.) Output of dovecot -n # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-274.el5 x86_64 Red Hat Enterprise Linux Server release 5.7 (Tikanga) auth_verbose_passwords = sha1 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = 127.0.0.1, 1.2.3.4 mail_gid = vmail mail_home = /var/vmail/%d/%n mail_location = maildir:~/Maildir mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mbox_write_locks = fcntl passdb { args = /etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } plugin { sieve = ~/.dovecot.sieve sieve_after = /etc/dovecot/sieve/after/ sieve_before = /etc/dovecot/sieve/before/ sieve_dir = ~/sieve sieve_global_dir = /etc/dovecot/sieve/globalinclude/ } protocols = imap pop3 lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } unix_listener auth-userdb { group = vmail user = vmail } } service imap-login { process_min_avail = 5 } service pop3-login { inet_listener pop3 { address = 1.2.3.4 } inet_listener pop3s { address = 1.2.3.4 } } ssl = required ssl_cert = Hello, I am not having much luck on this particular issue so I wanted to make sure that this is registered as a potential bug. The essence of the problem is that for a given message addressed to multiple users, lmtp writes the message correctly to the first addressed user only, then subsequent user writes fail as the lmtp process doesn't run with the proper permissions and tries to link files from different users as part of its message writing. Below you can see that lmtp (running with steve's id, who was the first listed recipient) is trying to link a file in jerry's inbox meeting with failure: Jul 27 11:24:42 testmailserver dovecot: lmtp(12412, steve): Error: link(/spool/mail/j/jerry/mail/INBOX/u.20423, /spool/mail/s/steve/mail/INBOX/.temp.1311791081.P12412Q2M989550.testmailserver.) failed: Permission denied Jul 27 11:24:42 testmailserver dovecot: lmtp(12412, steve): +1IXBeVXME58MAAARoVNxQ: msgid <201107271824.p6RIOPa5020900 at backup.>: save failed to INBOX: Internal error occurred. Refer to server log for more information. [2011-07-27 11:24:41] Best regards, -Boris I am using version 2.0.13. dovecot -n shows this: # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-71.29.1.el6.i686 i686 CentOS Linux release 6.0 (Final) ext4 auth_debug = yes auth_master_user_separator = * auth_verbose = yes auth_verbose_passwords = plain lda_mailbox_autocreate = yes mail_debug = yes mail_location = sdbox:/spool/mail/%1Ln/%Ln/mail:INBOX=/spool/mail/%1Ln/%Ln/mail/INBOX mbox_write_locks = fcntl passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes } passdb { args = failure_show_msg=yes driver = pam } plugin { autocreate = INBOX autosubscribe = INBOX } service lmtp { inet_listener ltmp { port = 24 } } ssl_cert = What are the best web interfaces for user/domain management, perhaps one that also allows individual users to edit vacation msgs? Right now I'm using a postfixadmin based mysql control panel. Curious what is the better stuff out there that people are using with dovecot/sieve these days? Are there any decent front-ends to setup/manage per-user sieve filters? From stephan at rename-it.nl Tue Aug 2 03:43:06 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 02 Aug 2011 02:43:06 +0200 Subject: [Dovecot] sievec - manual compile of global sieve scripts? In-Reply-To: <4E370874.1080408@nybeta.com> References: <4E370874.1080408@nybeta.com> Message-ID: <4E37481A.1020703@rename-it.nl> On 8/1/2011 10:11 PM, Thomas Harold wrote: > How do you compile global scripts using the sievec command without > making the script directory owned (and group writable) by the vmail user? > > http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage > > # cd /etc/dovecot/sieve/before/ > # (edit some script like spam.sieve that runs for everyone) > # /usr/local/bin/sievec spam.sieve spam.svbin > > sievec(root): Error: sieve: binary save: failed to create temporary > file: open(spam.svbin.hostname.26921.) in directory > /etc/dovecot/sieve/before failed: Permission denied (euid=5000(vmail) > egid=5000(vmail) missing +w perm: /etc/dovecot/sieve/before, euid is > not dir owner) Why are you executing sievec as vmail in the first place? You should be able to run it as root or any other user you use to manage global sieve scripts. > # ls -la /etc/dovecot/sieve/before/ > drwxrwxr-x 2 root root 4096 Aug 1 15:56 . > drwxr-xr-x 5 root root 4096 Aug 1 13:23 .. > -rw-rw-r-- 1 root root 477 Aug 1 15:33 spam.sieve > > Or do I just make the /etc/dovecot/sieve/ tree owned and writable by > the vmail:vmail user? (Which worked, but seems like a bad idea.) It is a bad idea. Vmail would only need read access. Regards, Stephan From stephan at rename-it.nl Tue Aug 2 04:01:35 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 02 Aug 2011 03:01:35 +0200 Subject: [Dovecot] web interface for user creation/vacation In-Reply-To: <20110801235518.GC13616@ref.nmedia.net> References: <20110801235518.GC13616@ref.nmedia.net> Message-ID: <4E374C6F.2010304@rename-it.nl> On 8/2/2011 1:55 AM, Chris Cappuccio wrote: > Are there any decent front-ends to setup/manage per-user sieve filters? There are several, but so far I am not too impressed by any of them. Most web-based versions are part of a webmail suite. The nicest one I've seen so far is the sieverules plugin for Roundcube. Then there is horde/ingo, which wasn't that fancy last time I looked. There is also squirrelmail/avelsieve, which is a bit ugly in a technical point of view, but it works quite well. There are older ones like smartsieve and websieve, but those are not maintained anymore and not compatible with Dovecot without patching them. I'm hoping that someone writes a proper (native) PHP module for Sieve parsing in the near future. This is something that is currently barely done by web interfaces, with the effect that only one Sieve client can be used at the same time, because competitive clients will overwrite/mangle scripts of others, instead of trying to parse and adjust them. In fact, the only client I know (including the desktop ones) that somewhat parses the script on the server is the sieverules plugin for Roundcube.Therefore such a PHP module solves only part of the problem: web interfaces. Normal mail clients like Thunderbird, Outlook and Evolution don't have (proper) support for Sieve either, let alone script parsing functionality with a user-friendly GUI :/ Perhaps we should make a list of the available clients on the wiki somewhere with some information on how well these work with Dovecot. There is a short list at http://sieve.info/clients. Regards, Stephan. From fumiyas at osstech.jp Tue Aug 2 05:25:49 2011 From: fumiyas at osstech.jp (SATOH Fumiyasu) Date: Tue, 02 Aug 2011 11:25:49 +0900 Subject: [Dovecot] [PATCH] net_connect_*(): Wait for fd to complete connect(2) when fd is non-blocking In-Reply-To: <87y5zf2ekl.wl%fumiyas@osstech.jp> References: <87zkjv3eml.wl%fumiyas@osstech.jp> <87y5zf2ekl.wl%fumiyas@osstech.jp> Message-ID: <87livcr1le.wl%fumiyas@osstech.jp> Hi! At Sun, 31 Jul 2011 14:40:10 +0900, SATOH Fumiyasu wrote: > I've regenerated the patch with 'hg export' instead of 'hg log -p'. > (Sorry, I'm a Mercurial newbie.) > > At Sun, 31 Jul 2011 01:41:22 +0900, > SATOH Fumiyasu wrote: > > Dovecot ignores EINPROGRESS on connect(2) for non-blocking fd. > > This is wrong. After that, read(2) to fd (or write(2) to fd) fails > > with ENOTCONN if the connection of fd is not completed. > > > > The attached patch fixes this problem. Any comment? On a high-load Solaris 10 box, dovecot-lda fails to query (I/O) to dovecot dict socket with ENOTCONN. My patch fixes this problem. Regards, -- -- Name: SATOH Fumiyasu (fumiyas @ osstech co jp) -- Business Home: http://www.OSSTech.co.jp/ -- Personal Home: http://www.SFO.jp/blog/ From dbrooks at mdah.state.ms.us Tue Aug 2 06:44:01 2011 From: dbrooks at mdah.state.ms.us (Donny Brooks) Date: Mon, 01 Aug 2011 22:44:01 -0500 Subject: [Dovecot] web interface for user creation/vacation In-Reply-To: <4E374C6F.2010304@rename-it.nl> References: <20110801235518.GC13616@ref.nmedia.net> <4E374C6F.2010304@rename-it.nl> Message-ID: <4E377281.1070307@mdah.state.ms.us> On 8/1/2011 8:01 PM, Stephan Bosch wrote: > On 8/2/2011 1:55 AM, Chris Cappuccio wrote: > >> Are there any decent front-ends to setup/manage per-user sieve filters? > > There are several, but so far I am not too impressed by any of them. > Most web-based versions are part of a webmail suite. The nicest one > I've seen so far is the sieverules plugin for Roundcube. Then there is > horde/ingo, which wasn't that fancy last time I looked. There is also > squirrelmail/avelsieve, which is a bit ugly in a technical point of > view, but it works quite well. There are older ones like smartsieve > and websieve, but those are not maintained anymore and not compatible > with Dovecot without patching them. > > I'm hoping that someone writes a proper (native) PHP module for Sieve > parsing in the near future. This is something that is currently barely > done by web interfaces, with the effect that only one Sieve client can > be used at the same time, because competitive clients will > overwrite/mangle scripts of others, instead of trying to parse and > adjust them. In fact, the only client I know (including the desktop > ones) that somewhat parses the script on the server is the sieverules > plugin for Roundcube.Therefore such a PHP module solves only part of > the problem: web interfaces. Normal mail clients like Thunderbird, > Outlook and Evolution don't have (proper) support for Sieve either, > let alone script parsing functionality with a user-friendly GUI :/ > > Perhaps we should make a list of the available clients on the wiki > somewhere with some information on how well these work with Dovecot. > > There is a short list at http://sieve.info/clients. > > Regards, > > Stephan. It is not a standalone frontend but the vacation management portion of SOGo (http://sogo.nu/english.html) works well in our tests. Donny B. From fafaforza at gmail.com Tue Aug 2 07:14:08 2011 From: fafaforza at gmail.com (Darek M) Date: Tue, 2 Aug 2011 00:14:08 -0400 Subject: [Dovecot] web interface for user creation/vacation In-Reply-To: <4E377281.1070307@mdah.state.ms.us> References: <20110801235518.GC13616@ref.nmedia.net> <4E374C6F.2010304@rename-it.nl> <4E377281.1070307@mdah.state.ms.us> Message-ID: I'm using postfixadmin without too many issues. What's your problem with it? Also using the RoundCube sieve plugin with not to many problems either. On 8/1/11, Donny Brooks wrote: > On 8/1/2011 8:01 PM, Stephan Bosch wrote: >> On 8/2/2011 1:55 AM, Chris Cappuccio wrote: >> >>> Are there any decent front-ends to setup/manage per-user sieve filters? >> >> There are several, but so far I am not too impressed by any of them. >> Most web-based versions are part of a webmail suite. The nicest one >> I've seen so far is the sieverules plugin for Roundcube. Then there is >> horde/ingo, which wasn't that fancy last time I looked. There is also >> squirrelmail/avelsieve, which is a bit ugly in a technical point of >> view, but it works quite well. There are older ones like smartsieve >> and websieve, but those are not maintained anymore and not compatible >> with Dovecot without patching them. >> >> I'm hoping that someone writes a proper (native) PHP module for Sieve >> parsing in the near future. This is something that is currently barely >> done by web interfaces, with the effect that only one Sieve client can >> be used at the same time, because competitive clients will >> overwrite/mangle scripts of others, instead of trying to parse and >> adjust them. In fact, the only client I know (including the desktop >> ones) that somewhat parses the script on the server is the sieverules >> plugin for Roundcube.Therefore such a PHP module solves only part of >> the problem: web interfaces. Normal mail clients like Thunderbird, >> Outlook and Evolution don't have (proper) support for Sieve either, >> let alone script parsing functionality with a user-friendly GUI :/ >> >> Perhaps we should make a list of the available clients on the wiki >> somewhere with some information on how well these work with Dovecot. >> >> There is a short list at http://sieve.info/clients. >> >> Regards, >> >> Stephan. > It is not a standalone frontend but the vacation management portion of > SOGo (http://sogo.nu/english.html) works well in our tests. > > Donny B. > From john.alexander at preachain.org Tue Aug 2 08:13:31 2011 From: john.alexander at preachain.org (John Alexander) Date: Mon, 01 Aug 2011 22:13:31 -0700 Subject: [Dovecot] mbox issue - dovecot 2.0.13 Message-ID: <4E37877B.9040309@preachain.org> I'm running into the following issue when trying to delete a folder: Aug 2 00:41:46 keg dovecot: imap(user): Error: stat(/home/user/mail/Trash/.imap/MoreTest) failed: Not a directory Dovecot is creating directories correctly /home/user/mail/.imap/Trash directory exists. /home/user/mail/.imap/MoreTest directory exists /home/user/mail/Trash file exists /home/user/mail/MoreTest file exists Config is: mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u Where is this getting munged, please. Thanks much John From swartel at zero-spam.fr Tue Aug 2 13:21:17 2011 From: swartel at zero-spam.fr (=?ISO-8859-1?Q?St=E9phane_Wartel?=) Date: Tue, 02 Aug 2011 12:21:17 +0200 Subject: [Dovecot] sieve vacation reply In-Reply-To: <4DD29C5D.4070405@cimr.cam.ac.uk> References: <4DD29C5D.4070405@cimr.cam.ac.uk> Message-ID: <4E37CF9D.2010209@zero-spam.fr> Hi, I get the same error ! Any idea to fix it ? Regards, Stephane Le 17/05/2011 18:03, Wojciech Giel a ?crit : > Hi, > I'm configuring postfix with dovecot and roundcube. I'm using flat > files as passwdb userdb. > > Everything works fine except sieve vacation reply. when i send mail > from ex. user dennis to tytus I get "discarding vacation response for > message implicitly delivered to". > > What Am i doing wrong? > thanks > > > > > sieve: using sieve path for user's script: /home/tytus/.dovecot.sieve > 2011-05-17 16:56:45 deliver(tytus): Info: sieve: opening script > /home/tytus/.dovecot.sieve > 2011-05-17 16:56:45 deliver(tytus): Info: sieve: executing compiled > script /home/tytus/.dovecot.sieve > 2011-05-17 16:56:45 deliver(tytus): Info: sieve: > msgid=<20110517155641.GA3452 at badger.example.com>: discarding vacation > response for message implicitly delivered to > > /etc/postfix/main.cf > ... > mailbox_command = /usr/lib/dovecot/deliver -n -m "${EXTENSION}" > ... > > > # 1.2.15: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.1 > log_path: /var/log/dovecot.log > log_timestamp: %Y-%m-%d %H:%M:%S > protocols: imap imaps managesieve > listen(default): * > listen(imap): * > listen(managesieve): 127.0.0.1:2000 > ssl_ca_file: /etc/postfix/ssl/cacert.pem > ssl_cert_file: /etc/postfix/ssl/servercrt.pem > ssl_key_file: /etc/postfix/ssl/serverkey.pem > ssl_cipher_list: ALL:!LOW:!SSLv2 > login_dir: /var/run/dovecot/login > login_executable(default): /usr/lib/dovecot/imap-login > login_executable(imap): /usr/lib/dovecot/imap-login > login_executable(managesieve): /usr/lib/dovecot/managesieve-login > mail_location: maildir:~/Maildir:INDEX=~/Maildir/indexes > mail_debug: yes > mbox_write_locks: fcntl dotlock > mail_executable(default): /usr/lib/dovecot/imap > mail_executable(imap): /usr/lib/dovecot/imap > mail_executable(managesieve): /usr/lib/dovecot/managesieve > mail_plugins(default): quota imap_quota autocreate > mail_plugins(imap): quota imap_quota autocreate > mail_plugins(managesieve): > mail_plugin_dir(default): /usr/lib/dovecot/modules/imap > mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap > mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve > imap_client_workarounds(default): tb-extra-mailbox-sep netscape-eoh > delay-newmail outlook-idle > imap_client_workarounds(imap): tb-extra-mailbox-sep netscape-eoh > delay-newmail outlook-idle > imap_client_workarounds(managesieve): > lda: > postmaster_address: postmaster > mail_plugins: sieve quota autocreate > quota_full_tempfail: yes > deliver_log_format: msgid=%m: %$ > rejection_reason: Your message to <%t> was automatically rejected:%n%r > log_path: /var/log/sieve.log > auth default: > mechanisms: plain login cram-md5 > verbose: yes > debug: yes > debug_passwords: yes > passdb: > driver: pam > passdb: > driver: passwd-file > args: scheme=cram-md5 /etc/dovecot/passwd > userdb: > driver: passwd-file > args: /etc/dovecot/passwd > userdb: > driver: passwd > socket: > type: listen > client: > path: /var/spool/postfix/private/dovecot-auth > mode: 432 > user: postfix > group: postfix > master: > path: /var/run/dovecot/auth-master > mode: 384 > plugin: > sieve: ~/.dovecot.sieve > sieve_dir: ~/sieve > autocreate: INBOX > autocreate2: Sent > autocreate3: Trash > autocreate4: Drafts > autocreate5: Junk > autosubscribe: INBOX > autosubscribe2: Sent > autosubscribe3: Trash > autosubscribe4: Drafts > autosubscribe5: Junk > quota: maildir:User quota > quota_rule: Trash:storage=10M > quota_warning: storage=85%% /usr/bin/dovecot-quota-warning.sh 85 > quota_warning2: storage=90%% /usr/bin/dovecot-quota-warning.sh 90 > quota_warning3: storage=95%% /usr/bin/dovecot-quota-warning.sh 95 > > From claudio.prono at atpss.net Tue Aug 2 13:32:54 2011 From: claudio.prono at atpss.net (Claudio Prono) Date: Tue, 02 Aug 2011 12:32:54 +0200 Subject: [Dovecot] web interface for user creation/vacation In-Reply-To: <20110801235518.GC13616@ref.nmedia.net> References: <20110801235518.GC13616@ref.nmedia.net> Message-ID: <4E37D256.5070408@atpss.net> Il 02/08/2011 1.55, Chris Cappuccio ha scritto: > What are the best web interfaces for user/domain management, perhaps one that also allows individual users to edit vacation msgs? > > Right now I'm using a postfixadmin based mysql control panel. Curious what is the better stuff out there that people are using with dovecot/sieve these days? > > Are there any decent front-ends to setup/manage per-user sieve filters? > > > !DSPAM:1,4e373cec96921343316261! > Horde with Ingo can manage Vacation and filter with sieve, with a little configuration (i am using it). > -- -------------------------------------------------------------------------------- Claudio Prono OPST System Developer Gsm: +39-349-54.33.258 @PSS Srl Tel: +39-011-32.72.100 Via San Bernardino, 17 Fax: +39-011-32.46.497 10141 Torino - ITALY http://atpss.net/disclaimer -------------------------------------------------------------------------------- PGP Key - http://keys.atpss.net/c_prono.asc From ngu.antoine at gmail.com Tue Aug 2 13:49:04 2011 From: ngu.antoine at gmail.com (Antoine Nguyen) Date: Tue, 2 Aug 2011 12:49:04 +0200 Subject: [Dovecot] web interface for user creation/vacation In-Reply-To: <20110801235518.GC13616@ref.nmedia.net> References: <20110801235518.GC13616@ref.nmedia.net> Message-ID: You can take a look at modoboa (http://modoboa.org). It supports per user sieve filters and vacation message. Le 2 ao?t 2011 01:55, "Chris Cappuccio" a ?crit : > What are the best web interfaces for user/domain management, perhaps one that also allows individual users to edit vacation msgs? > > Right now I'm using a postfixadmin based mysql control panel. Curious what is the better stuff out there that people are using with dovecot/sieve these days? > > Are there any decent front-ends to setup/manage per-user sieve filters? > From stephan at rename-it.nl Tue Aug 2 13:59:29 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 02 Aug 2011 12:59:29 +0200 Subject: [Dovecot] sieve vacation reply In-Reply-To: <4E37CF9D.2010209@zero-spam.fr> References: <4DD29C5D.4070405@cimr.cam.ac.uk> <4E37CF9D.2010209@zero-spam.fr> Message-ID: <4E37D891.1010103@rename-it.nl> On 8/2/2011 12:21 PM, St?phane Wartel wrote: > Hi, > > I get the same error ! > Any idea to fix it ? > This situation occurs when the message's To,CC,etc. headers do not contain the recipient address (from the envelope). This can be caused by a mailing list (to which it must not respond), but also by some translation in your mail setup. The former case is intended behavior, the latter is problematic. If your final recipient address does not match what is in the message's headers due to some translation step in the mail setup (e.g. aliasing), you have a problem. You can add the address listed in the headers to the :addresses argument of the vacation command. That is not always a good solution however. This problem is a bit old already, but some new solutions have emerged for Dovecot v2. So, what exactly is your situation? Regards, Stephan. > Le 17/05/2011 18:03, Wojciech Giel a ?crit : >> Hi, >> I'm configuring postfix with dovecot and roundcube. I'm using flat >> files as passwdb userdb. >> >> Everything works fine except sieve vacation reply. when i send mail >> from ex. user dennis to tytus I get "discarding vacation response for >> message implicitly delivered to". >> >> What Am i doing wrong? >> thanks >> >> sieve: using sieve path for user's script: /home/tytus/.dovecot.sieve >> 2011-05-17 16:56:45 deliver(tytus): Info: sieve: opening script >> /home/tytus/.dovecot.sieve >> 2011-05-17 16:56:45 deliver(tytus): Info: sieve: executing compiled >> script /home/tytus/.dovecot.sieve >> 2011-05-17 16:56:45 deliver(tytus): Info: sieve: >> msgid=<20110517155641.GA3452 at badger.example.com>: discarding vacation >> response for message implicitly delivered to >> From thomas-lists at nybeta.com Tue Aug 2 15:32:49 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Tue, 02 Aug 2011 08:32:49 -0400 Subject: [Dovecot] sievec - manual compile of global sieve scripts? In-Reply-To: <4E37481A.1020703@rename-it.nl> References: <4E370874.1080408@nybeta.com> <4E37481A.1020703@rename-it.nl> Message-ID: <4E37EE71.30905@nybeta.com> On 8/1/2011 8:43 PM, Stephan Bosch wrote: > On 8/1/2011 10:11 PM, Thomas Harold wrote: >> How do you compile global scripts using the sievec command without >> making the script directory owned (and group writable) by the vmail user? >> >> http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage >> >> # cd /etc/dovecot/sieve/before/ >> # (edit some script like spam.sieve that runs for everyone) >> # /usr/local/bin/sievec spam.sieve spam.svbin >> >> sievec(root): Error: sieve: binary save: failed to create temporary >> file: open(spam.svbin.hostname.26921.) in directory >> /etc/dovecot/sieve/before failed: Permission denied (euid=5000(vmail) >> egid=5000(vmail) missing +w perm: /etc/dovecot/sieve/before, euid is >> not dir owner) > > Why are you executing sievec as vmail in the first place? You should be > able to run it as root or any other user you use to manage global sieve > scripts. > Sorry, I may not have been clear before, I am trying to run sievec as root. So the error is confusing to me because it looks like sievec is trying to drop privs and do the compile as the vmail user. I haven't done anything special to the sievec file (like making it run as vmail or always run as root, SELinux is in permissive mode until I gather up enough entries in the audit log to make an audit2allow run useful). # ls -la /usr/local/bin -rwxr-xr-x 1 root root 123989 Aug 1 12:25 sievec -rwxr-xr-x 1 root root 119415 Aug 1 12:25 sieve-dump -rwxr-xr-x 1 root root 133592 Aug 1 12:25 sieve-test As a workaround, I may temporarily alter my Makefile to set the directory writable by the vmail group, compile the scripts, then set the directory read-only again. The files end up owned as vmail:vmail when I do that, even though I execute the "sievec" command as root. # /usr/local/bin/sievec sortspam.sieve sortspam.svbin -rw-rw-r-- 1 root root 477 Aug 1 15:33 sortspam.sieve -rw-rw-r-- 1 vmail vmail 321 Aug 2 08:26 sortspam.svbin ... My current Makefile. # cat Makefile # http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage#scriptcompile SIEVEC=/usr/local/bin/sievec SRCS=$(wildcard *.sieve) OBJS=$(SRCS:.sieve=.svbin) all: $(OBJS) %.svbin : %.sieve $(SIEVEC) $? $@ From swartel at zero-spam.fr Tue Aug 2 15:43:50 2011 From: swartel at zero-spam.fr (swartel at zero-spam.fr) Date: Tue, 02 Aug 2011 14:43:50 +0200 Subject: [Dovecot] sieve vacation reply In-Reply-To: <4E37D891.1010103@rename-it.nl> References: <4DD29C5D.4070405@cimr.cam.ac.uk> <4E37CF9D.2010209@zero-spam.fr> <4E37D891.1010103@rename-it.nl> Message-ID: <4E37F106.2050500@zero-spam.fr> Hi Stephan, Thanks for your reply. After some more tests, it appears that mail aliases is the reason of this error. The vacation mode has been enabled on a mailbox that contains many aliases and one of them has been used as the recipient. We used dovecot 2.0.12-0~auto+5 from debian old-stable repo. Is there anything we can do ? Thanks, Stephane Le 02/08/2011 12:59, Stephan Bosch a ?crit : > On 8/2/2011 12:21 PM, St?phane Wartel wrote: >> Hi, >> >> I get the same error ! >> Any idea to fix it ? >> > > This situation occurs when the message's To,CC,etc. headers do not > contain the recipient address (from the envelope). This can be caused > by a mailing list (to which it must not respond), but also by some > translation in your mail setup. The former case is intended behavior, > the latter is problematic. If your final recipient address does not > match what is in the message's headers due to some translation step in > the mail setup (e.g. aliasing), you have a problem. > > You can add the address listed in the headers to the :addresses > argument of the vacation command. That is not always a good solution > however. This problem is a bit old already, but some new solutions > have emerged for Dovecot v2. > > So, what exactly is your situation? > > Regards, > > Stephan. > >> Le 17/05/2011 18:03, Wojciech Giel a ?crit : >>> Hi, >>> I'm configuring postfix with dovecot and roundcube. I'm using flat >>> files as passwdb userdb. >>> >>> Everything works fine except sieve vacation reply. when i send mail >>> from ex. user dennis to tytus I get "discarding vacation response >>> for message implicitly delivered to". >>> >>> What Am i doing wrong? >>> thanks >>> >>> sieve: using sieve path for user's script: /home/tytus/.dovecot.sieve >>> 2011-05-17 16:56:45 deliver(tytus): Info: sieve: opening script >>> /home/tytus/.dovecot.sieve >>> 2011-05-17 16:56:45 deliver(tytus): Info: sieve: executing compiled >>> script /home/tytus/.dovecot.sieve >>> 2011-05-17 16:56:45 deliver(tytus): Info: sieve: >>> msgid=<20110517155641.GA3452 at badger.example.com>: discarding >>> vacation response for message implicitly delivered to >>> > From stephan at rename-it.nl Tue Aug 2 15:45:33 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 02 Aug 2011 14:45:33 +0200 Subject: [Dovecot] sievec - manual compile of global sieve scripts? In-Reply-To: <4E37EE71.30905@nybeta.com> References: <4E370874.1080408@nybeta.com> <4E37481A.1020703@rename-it.nl> <4E37EE71.30905@nybeta.com> Message-ID: <4E37F16D.2000401@rename-it.nl> On 8/2/2011 2:32 PM, Thomas Harold wrote: > On 8/1/2011 8:43 PM, Stephan Bosch wrote: >> On 8/1/2011 10:11 PM, Thomas Harold wrote: >>> How do you compile global scripts using the sievec command without >>> making the script directory owned (and group writable) by the vmail >>> user? >>> >>> http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage >>> >>> # cd /etc/dovecot/sieve/before/ >>> # (edit some script like spam.sieve that runs for everyone) >>> # /usr/local/bin/sievec spam.sieve spam.svbin >>> >>> sievec(root): Error: sieve: binary save: failed to create temporary >>> file: open(spam.svbin.hostname.26921.) in directory >>> /etc/dovecot/sieve/before failed: Permission denied (euid=5000(vmail) >>> egid=5000(vmail) missing +w perm: /etc/dovecot/sieve/before, euid is >>> not dir owner) >> >> Why are you executing sievec as vmail in the first place? You should be >> able to run it as root or any other user you use to manage global sieve >> scripts. >> > > Sorry, I may not have been clear before, I am trying to run sievec as > root. So the error is confusing to me because it looks like sievec is > trying to drop privs and do the compile as the vmail user. I haven't > done anything special to the sievec file (like making it run as vmail > or always run as root, SELinux is in permissive mode until I gather up > enough entries in the audit log to make an audit2allow run useful). > > # ls -la /usr/local/bin > -rwxr-xr-x 1 root root 123989 Aug 1 12:25 sievec > -rwxr-xr-x 1 root root 119415 Aug 1 12:25 sieve-dump > -rwxr-xr-x 1 root root 133592 Aug 1 12:25 sieve-test What versions of Dovecot (obviously v2.0+) and Pigeonhole are you using and what is your config (show dovecot -n output) ? I suspect there may be a bug. Regards, Stephan. From thomas-lists at nybeta.com Tue Aug 2 15:55:31 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Tue, 02 Aug 2011 08:55:31 -0400 Subject: [Dovecot] sievec - manual compile of global sieve scripts? In-Reply-To: <4E37F16D.2000401@rename-it.nl> References: <4E370874.1080408@nybeta.com> <4E37481A.1020703@rename-it.nl> <4E37EE71.30905@nybeta.com> <4E37F16D.2000401@rename-it.nl> Message-ID: <4E37F3C3.1090303@nybeta.com> On 8/2/2011 8:45 AM, Stephan Bosch wrote: > > What versions of Dovecot (obviously v2.0+) and Pigeonhole are you using > and what is your config (show dovecot -n output) ? > > I suspect there may be a bug. > dovecot-2.0-pigeonhole-0.2.3 - downloaded and compiled from source this week. The dovecot package itself comes from ATRPMs and is 2.0.13. Name : dovecot Arch : x86_64 Epoch : 1 Version : 2.0.13 Release : 1_129.el5 Size : 5.1 M Repo : installed Summary : Dovecot Secure imap server URL : http://www.dovecot.org/ License : MIT Name : dovecot-devel Arch : x86_64 Epoch : 1 Version : 2.0.13 Release : 1_129.el5 Size : 667 k Repo : installed Summary : Libraries and headers for Dovecot URL : http://www.dovecot.org/ License : MIT Output of dovecot -n # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-274.el5 x86_64 Red Hat Enterprise Linux Server release 5.7 (Tikanga) auth_verbose_passwords = sha1 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = 127.0.0.1, 1.2.3.4 mail_gid = vmail mail_home = /var/vmail/%d/%n mail_location = maildir:~/Maildir mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mbox_write_locks = fcntl passdb { args = /etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } plugin { sieve = ~/.dovecot.sieve sieve_after = /etc/dovecot/sieve/after/ sieve_before = /etc/dovecot/sieve/before/ sieve_dir = ~/sieve sieve_global_dir = /etc/dovecot/sieve/globalinclude/ } protocols = imap pop3 lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } unix_listener auth-userdb { group = vmail user = vmail } } service imap-login { process_min_avail = 5 } service pop3-login { inet_listener pop3 { address = 1.2.3.4 } inet_listener pop3s { address = 1.2.3.4 } } ssl = required ssl_cert = References: <4DD29C5D.4070405@cimr.cam.ac.uk> <4E37CF9D.2010209@zero-spam.fr> <4E37D891.1010103@rename-it.nl> <4E37F106.2050500@zero-spam.fr> Message-ID: <4E3804C7.1030503@rename-it.nl> On 8/2/2011 2:43 PM, swartel at zero-spam.fr wrote: > Hi Stephan, > > Thanks for your reply. > > After some more tests, it appears that mail aliases is the reason of > this error. The vacation mode has been enabled on a mailbox that > contains many aliases and one of them has been used as the recipient. > We used dovecot 2.0.12-0~auto+5 from debian old-stable repo. Is there > anything we can do ? > If you can access the original recipient from your MTA, you can use both -a and -r (if needed) arguments of dovecot-lda as outlined on this wiki page: http://wiki2.dovecot.org/LDA This will make the vacation command perform the checks against the original recipient. Please let me know whether this is an adequate solution for you. Regards, Stephan. From stephan at rename-it.nl Tue Aug 2 17:43:13 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 02 Aug 2011 16:43:13 +0200 Subject: [Dovecot] Pigeon Sieve, redirect action and SPF In-Reply-To: <20110729095322.64c6e966@jimbo> References: <4E2D9F9F.6070301@net.ipl.pt> <4E2DF8A0.3050805@rename-it.nl> <20110726093700.6343d0dc@jimbo> <4E31ADE1.5070109@rename-it.nl> <20110729095322.64c6e966@jimbo> Message-ID: <4E380D01.9030708@rename-it.nl> On 7/29/2011 8:53 AM, Nikita Koshikov wrote: > On Thu, 28 Jul 2011 20:43:45 +0200 > Stephan Bosch wrote: > >> Would the header name need to be configurable, or is >> X-Sieve-Redirected-From good for all purposes? Regards, Stephan. > I saw this > > X-ResentFrom: > X-SRS-Rewrite: > X-Forwarded-(To/For): > > So the name is not significant. If it's not so difficult to code - than configurable header of course is better. But it's only a matter of taste. Adding more settings is best to be avoided. I've added the header: http://hg.rename-it.nl/dovecot-2.0-pigeonhole/rev/81b37c0055c3 http://hg.rename-it.nl/dovecot-2.0-pigeonhole/rev/efad75f779de (d'oh) > One thing to note for implementing: > It will be much more simple for setting up srs, if sieve will export to environment some variables indicating need for rewrite. And than we will be able to write wrapper for sendmail_path that will selectively choose what should we do: > For example, I don't want srs to happen if user is forwarding for local domain mailbox, or if action that trigger mail sending is - "out of office reply". > So, wrapper will analyze need srs or no, and after all invoke srs binary for signing, or just call pure mta. I am not sure Sieve has access to enough information to make such an assessment. And I don't think adding SPF/SRS-specific code to Sieve is a good idea. It would also not be very straight-forward since the low-level mail sending code is part of Dovecot itself. Regards, Stephan. From stephan at rename-it.nl Tue Aug 2 19:02:20 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 02 Aug 2011 18:02:20 +0200 Subject: [Dovecot] sieve vacation reply In-Reply-To: <4E3804C7.1030503@rename-it.nl> References: <4DD29C5D.4070405@cimr.cam.ac.uk> <4E37CF9D.2010209@zero-spam.fr> <4E37D891.1010103@rename-it.nl> <4E37F106.2050500@zero-spam.fr> <4E3804C7.1030503@rename-it.nl> Message-ID: <4E381F8C.5010702@rename-it.nl> On 8/2/2011 4:08 PM, Stephan Bosch wrote: > On 8/2/2011 2:43 PM, swartel at zero-spam.fr wrote: >> Hi Stephan, >> >> Thanks for your reply. >> >> After some more tests, it appears that mail aliases is the reason of >> this error. The vacation mode has been enabled on a mailbox that >> contains many aliases and one of them has been used as the recipient. >> We used dovecot 2.0.12-0~auto+5 from debian old-stable repo. Is there >> anything we can do ? >> > > If you can access the original recipient from your MTA, you can use > both -a and -r (if needed) arguments of dovecot-lda as outlined on > this wiki page: > > http://wiki2.dovecot.org/LDA > > This will make the vacation command perform the checks against the > original recipient. > > Please let me know whether this is an adequate solution for you. Hmm, apparently this was not possible yet, so I've added it now: http://hg.rename-it.nl/dovecot-2.0-pigeonhole/rev/81f7acac82f2 This also adds support to disable this check completely (as explained in doc/vacation.txt). I recommend using that only when all other methods fail. I've still got some more TODO items about this issue, particularly about adding support to check some external aliases database. I am still not sure how I should approach that though. Regards, Stephan. From patrickdk at patrickdk.com Tue Aug 2 19:21:33 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Tue, 02 Aug 2011 12:21:33 -0400 Subject: [Dovecot] sievec - manual compile of global sieve scripts? In-Reply-To: <4E37F3C3.1090303@nybeta.com> References: <4E370874.1080408@nybeta.com> <4E37481A.1020703@rename-it.nl> <4E37EE71.30905@nybeta.com> <4E37F16D.2000401@rename-it.nl> <4E37F3C3.1090303@nybeta.com> Message-ID: <20110802122133.Horde.HGpUb5LnE6FOOCQNmc3hfuA@mail.patrickdk.com> Mine has always behaved like this. It looks up the root user in the auth database from the dovecot config, and attemps to change to that user, and in this type of case that would be vmail. Then it attempts to check the mail_home and kind of fails, unless you give vmail permission to that path that would be created using the root user. Quoting Thomas Harold : > On 8/2/2011 8:45 AM, Stephan Bosch wrote: >> >> What versions of Dovecot (obviously v2.0+) and Pigeonhole are you using >> and what is your config (show dovecot -n output) ? >> >> I suspect there may be a bug. >> > > dovecot-2.0-pigeonhole-0.2.3 - downloaded and compiled from source > this week. The dovecot package itself comes from ATRPMs and is > 2.0.13. > > Name : dovecot > Arch : x86_64 > Epoch : 1 > Version : 2.0.13 > Release : 1_129.el5 > Size : 5.1 M > Repo : installed > Summary : Dovecot Secure imap server > URL : http://www.dovecot.org/ > License : MIT > > Name : dovecot-devel > Arch : x86_64 > Epoch : 1 > Version : 2.0.13 > Release : 1_129.el5 > Size : 667 k > Repo : installed > Summary : Libraries and headers for Dovecot > URL : http://www.dovecot.org/ > License : MIT > > Output of dovecot -n > > # 2.0.13: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.18-274.el5 x86_64 Red Hat Enterprise Linux Server > release 5.7 (Tikanga) > auth_verbose_passwords = sha1 > lda_mailbox_autocreate = yes > lda_mailbox_autosubscribe = yes > listen = 127.0.0.1, 1.2.3.4 > mail_gid = vmail > mail_home = /var/vmail/%d/%n > mail_location = maildir:~/Maildir > mail_uid = vmail > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date > mbox_write_locks = fcntl > passdb { > args = /etc/dovecot/conf.d/dovecot-sql.conf.ext > driver = sql > } > plugin { > sieve = ~/.dovecot.sieve > sieve_after = /etc/dovecot/sieve/after/ > sieve_before = /etc/dovecot/sieve/before/ > sieve_dir = ~/sieve > sieve_global_dir = /etc/dovecot/sieve/globalinclude/ > } > protocols = imap pop3 lmtp sieve > service auth { > unix_listener /var/spool/postfix/private/auth { > mode = 0666 > } > unix_listener auth-userdb { > group = vmail > user = vmail > } > } > service imap-login { > process_min_avail = 5 > } > service pop3-login { > inet_listener pop3 { > address = 1.2.3.4 > } > inet_listener pop3s { > address = 1.2.3.4 > } > } > ssl = required > ssl_cert = ssl_key = protocol lda { > log_path = /var/log/dovecot/dovecot-lda > mail_plugins = " sieve" > } From swartel at zero-spam.fr Tue Aug 2 21:14:55 2011 From: swartel at zero-spam.fr (=?ISO-8859-1?Q?St=E9phane_Wartel?=) Date: Tue, 02 Aug 2011 20:14:55 +0200 Subject: [Dovecot] sieve vacation reply In-Reply-To: <4E381F8C.5010702@rename-it.nl> References: <4DD29C5D.4070405@cimr.cam.ac.uk> <4E37CF9D.2010209@zero-spam.fr> <4E37D891.1010103@rename-it.nl> <4E37F106.2050500@zero-spam.fr> <4E3804C7.1030503@rename-it.nl> <4E381F8C.5010702@rename-it.nl> Message-ID: <4E383E9F.5020503@zero-spam.fr> Hi Stephan, Yep, after some tests you 're right, it's not possible. So, I use :addresses in sieve script and will try -a or -r arguments in LDA command from postfix with the next release. Bye, Stephane Le 02/08/2011 18:02, Stephan Bosch a ?crit : > On 8/2/2011 4:08 PM, Stephan Bosch wrote: >> On 8/2/2011 2:43 PM, swartel at zero-spam.fr wrote: >>> Hi Stephan, >>> >>> Thanks for your reply. >>> >>> After some more tests, it appears that mail aliases is the reason of >>> this error. The vacation mode has been enabled on a mailbox that >>> contains many aliases and one of them has been used as the recipient. >>> We used dovecot 2.0.12-0~auto+5 from debian old-stable repo. Is >>> there anything we can do ? >>> >> >> If you can access the original recipient from your MTA, you can use >> both -a and -r (if needed) arguments of dovecot-lda as outlined on >> this wiki page: >> >> http://wiki2.dovecot.org/LDA >> >> This will make the vacation command perform the checks against the >> original recipient. >> >> Please let me know whether this is an adequate solution for you. > > Hmm, apparently this was not possible yet, so I've added it now: > > http://hg.rename-it.nl/dovecot-2.0-pigeonhole/rev/81f7acac82f2 > > This also adds support to disable this check completely (as explained > in doc/vacation.txt). I recommend using that only when all other > methods fail. > > I've still got some more TODO items about this issue, particularly > about adding support to check some external aliases database. I am > still not sure how I should approach that though. > > Regards, > > Stephan. From al at xjack.org Tue Aug 2 23:46:02 2011 From: al at xjack.org (A.L.) Date: Tue, 02 Aug 2011 13:46:02 -0700 Subject: [Dovecot] $IP not getting set? Message-ID: <4E38620A.20800@xjack.org> Using dovecot 2.0.13. I went to implement relay-ctrl per directions on the Wiki, and failed. After running it down, as best as I can determine, the problem is that the $IP variable is not getting set (and thus not re-set in the script wrapper). I plunked a "set >> debug" into the script, and the only env var's that are set are as listed below (slightly sanitized for public display). Anyone have any ideas? I have tried both the Wiki-way, and this way: http://dovecot.org/list/dovecot/2009-December/045139.html with identical results. CLIENT_LIMIT='1000' CONFIG_FILE='/my_path/config' DOVECOT_CHILD_PROCESS='1' DOVECOT_PRESERVE_ENVS='TZ' DOVECOT_VERSION='2.0.13' GENERATION='7690' IFS=' ' LOG_SERVICE='1' OPTIND='1' PATH='my_path' PPID='1' PS1='# ' PS2='> ' PS4='+ ' PWD='my_pwd' SOCKET_COUNT='1' SSL_SOCKET_COUNT='0' From bazilek at gmail.com Wed Aug 3 01:33:06 2011 From: bazilek at gmail.com (Vasil Mikhalenya) Date: Wed, 3 Aug 2011 01:33:06 +0300 Subject: [Dovecot] shared mailboxes Message-ID: Hi all, I've read all documentation that I could find, but I can not understand 2 simple things 1. How to create a public mailbox - with per user seen flag. In my configuration this flag is shared 2. How to share one user mailbox with other users and set up acl. In Cyrus it was very easy( cyradm sam mailbox user1 lrs or sam mailbox user2 all ). What way there is to do this in dovecot. It was no problem with shared mailboxes in cyrus, but I need maildir support. Thank you. # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain first_valid_uid = 8 last_valid_uid = 8 mail_debug = yes mail_location = mdbox:/var/mail/%1n/%n mail_plugins = acl mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mdbox_preallocate_space = yes namespace { hidden = no inbox = yes list = yes location = prefix = separator = / type = private } namespace { list = children location = mdbox:/var/mail/%%1n/%%n prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace { location = maildir:/var/mail/public prefix = public/ separator = / subscriptions = no type = public } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } passdb { driver = pam } plugin { acl = vfile acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap sieve pop3" service auth { unix_listener auth-client { group = mail mode = 0660 user = Debian-exim } unix_listener auth-userdb { group = mail mode = 0600 user = mail } user = $default_internal_user } service imap-login { process_min_avail = 6 service_count = 0 } ssl_ca = References: Message-ID: <4E388E9A.2090001@delphij.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/29/11 11:30, roberto giuliani wrote: > Hi all, > > I'm testing Dovecot version 1.2.17 on FreeBSD 8.2-RELEASE using ZFS > as filesystem. Searching on google I've ridden about some problem > concerning indexes and mmap. > > I wold like to know if this problem persists on the latest releases. I use Dovecot 2.0.12 on FreeBSD 8.2-RELEASE and didn't see any index corruption in log so far. Admittedly the setup is relatively new, and have been running for only 63 days now, but my understanding is that I shouldn't be that lucky. Also, FreeNAS uses both mmap and sendfile and we didn't see data corruption either nor see any reports about that. Note that my instance is running a heavily modified version (with some driver updates, ZFSv28, etc) though, the latest 8-STABLE have most of the ZFS changes I had in my own tree but I don't think these changes are related to data corruption. If, however, you could reproduce a data corruption on your installation on a recent unmodified FreeBSD 8.2-RELEASE system, please do let me know or post your complain on freebsd-stable at freebsd.org, as that would be a pretty serious problem and we will get it fixed as soon as possible. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) iQEcBAEBCAAGBQJOOI6ZAAoJEATO+BI/yjfBjoYH/1ZTWC3a9kGvUSOvfcSEzL+0 77jHolvQVmWQTCQy8+bKCae3qvD2PNPl3eSz5L1gydKJf8YfM6HdF++0V81yCptd qqIKXXlWyWT5g7u0jF47MQOizYIr4rQXXLToG+DuB6HdHUYP9XG1nnwJne0NkvrR oeHgEVMV4mWIHW1jQfgmkeGrI2SOJVRyDxtc0+miP+pzrPleDXjAg8zETaypNfPA +JKhzLrucctp35D3dM/cTenVH0D8eP8md5CllFOvCYR9RPQJ4xajfca5yxpIDtUG mX373vBjToqGxfpaYa+iDXzP+morTOrif3JUBmuV8JjBeBibnDsovEnvHFhO4fY= =OEZi -----END PGP SIGNATURE----- From koshikov at gmail.com Wed Aug 3 09:56:54 2011 From: koshikov at gmail.com (Nikita Koshikov) Date: Wed, 3 Aug 2011 09:56:54 +0300 Subject: [Dovecot] Pigeon Sieve, redirect action and SPF In-Reply-To: <4E380D01.9030708@rename-it.nl> References: <4E2D9F9F.6070301@net.ipl.pt> <4E2DF8A0.3050805@rename-it.nl> <20110726093700.6343d0dc@jimbo> <4E31ADE1.5070109@rename-it.nl> <20110729095322.64c6e966@jimbo> <4E380D01.9030708@rename-it.nl> Message-ID: <20110803095654.524ecc3f@jimbo> On Tue, 02 Aug 2011 16:43:13 +0200 Stephan Bosch wrote: > On 7/29/2011 8:53 AM, Nikita Koshikov wrote: > > On Thu, 28 Jul 2011 20:43:45 +0200 > > Stephan Bosch wrote: > > > >> Would the header name need to be configurable, or is > >> X-Sieve-Redirected-From good for all purposes? Regards, Stephan. > > I saw this > > > > X-ResentFrom: > > X-SRS-Rewrite: > > X-Forwarded-(To/For): > > > > So the name is not significant. If it's not so difficult to code - than configurable header of course is better. But it's only a matter of taste. > > Adding more settings is best to be avoided. I've added the header: > > http://hg.rename-it.nl/dovecot-2.0-pigeonhole/rev/81b37c0055c3 > http://hg.rename-it.nl/dovecot-2.0-pigeonhole/rev/efad75f779de (d'oh) > > > One thing to note for implementing: > > It will be much more simple for setting up srs, if sieve will export to environment some variables indicating need for rewrite. And than we will be able to write wrapper for sendmail_path that will selectively choose what should we do: > > For example, I don't want srs to happen if user is forwarding for local domain mailbox, or if action that trigger mail sending is - "out of office reply". > > So, wrapper will analyze need srs or no, and after all invoke srs binary for signing, or just call pure mta. > > I am not sure Sieve has access to enough information to make such an > assessment. And I don't think adding SPF/SRS-specific code to Sieve is a > good idea. It would also not be very straight-forward since the > low-level mail sending code is part of Dovecot itself. > > Regards, > > Stephan. I meant export to environment some variables, like dovecot does: USER= IP= MAIL= .... Adding more like: SIEVE_ACTION= SIEVE_RECIPIENT= etc And then execute sendmail_path. Thus program\wrapper can be aware of mail originated from sieve. This is not specific spf\srs code. Seemed, that this section of code need to be in dovecot-lda region, so maybe Timo will be able to catch it. Thanks for your work. From greg.woods at cirrusav.com Thu Aug 4 04:45:46 2011 From: greg.woods at cirrusav.com (Greg Woods) Date: Wed, 3 Aug 2011 18:45:46 -0700 Subject: [Dovecot] Local delivery via deliver fails for 1 user in alias Message-ID: Hi all, I'm a bit baffled. I have an OS X server 10.6.8 and everything was working fine. Now however I seem to be having some issues and I'm unable to find log entries to help point me to the error. I have an alias, sales at cirrusav.com, which forwards mail to myself and two others. This works fine most of the time, but on occasion messages are not delivered to one user. It is possible that one of the other users fails delivery occasionally as well, though this has not been rigorously tested. I always seem to get the messages. I have logging set to debug via the OS X server admin. Looking through /var/log/mailaccess.log I see all the same entries for each user even when messages fail to deliver. The only difference I notice is the order. I see some messages about corrupt index cache files. I can find the missing message in failing user's dovecot.index.cache. However I can not find the message in the cur sub directory or anywhere else (grep -i regency ...). I can find the file in my dovecot.index.cache and cur directory. Details below. I'm continuing to research the internet, but don't know what I'm looking for. I'm also concerned that we might be dropping more mail. Thoughts anyone? Thank you in advance for your help. I greatly appreciate it! -- Greg ______________ Greg Woods Cirrus Aviation Services 702-448-2366 702-343-7784 (mobile) ca1:cur root# /usr/sbin/dovecotd --version 1.1.20apple0.5 ca1:cur root# /usr/sbin/dovecotd -n # 1.1.20apple0.5: /private/etc/dovecot/dovecot.conf Warning: fd limit 256 is lower than what Dovecot can use under full load (more than 456). Either grow the limit or change login_max_processes_count and max_mail_processes settings # OS: Darwin 10.8.0 i386 hfs base_dir: /var/run/dovecot syslog_facility: local6 protocols: managesieve imaps listen(default): * listen(imap): * listen(managesieve): *:2000 ssl_ca_file: /etc/certificates/ca1.cirrusav.com.F0D27741B3FD526D70E5B77878084AF217E1E8B4.chain.pem ssl_cert_file: /etc/certificates/ca1.cirrusav.com.F0D27741B3FD526D70E5B77878084AF217E1E8B4.cert.pem ssl_key_file: /etc/certificates/ca1.cirrusav.com.F0D27741B3FD526D70E5B77878084AF217E1E8B4.key.pem ssl_cipher_list: ALL:!LOW:!SSLv2:!aNULL:!ADH:!eNULL login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(managesieve): /usr/libexec/dovecot/managesieve-login login_user: _dovecot login_process_per_connection: no max_mail_processes: 200 mail_max_userip_connections(default): 20 mail_max_userip_connections(imap): 20 mail_max_userip_connections(managesieve): 10 verbose_proctitle: yes first_valid_uid: 6 first_valid_gid: 6 mail_access_groups: mail mail_location: maildir:/var/spool/imap/dovecot/mail/%u mail_debug: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(managesieve): /usr/libexec/dovecot/managesieve mail_process_sharing(default): full mail_process_sharing(imap): full mail_process_sharing(managesieve): none mail_max_connections(default): 5 mail_max_connections(imap): 5 mail_max_connections(managesieve): 20 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(managesieve): /usr/lib/dovecot/managesieve sieve_storage(default): sieve_storage(imap): sieve_storage(managesieve): /var/spool/imap/dovecot/sieve-scripts/%u sieve(default): sieve(imap): sieve(managesieve): /var/spool/imap/dovecot/sieve-scripts/%u/dovecot.sieve lda: postmaster_address: postmaster at example.com hostname: ca1.cirrusav.com mail_plugins: cmusieve quota quota_full_tempfail: yes sendmail_path: /usr/sbin/sendmail auth_socket_path: /var/run/dovecot/auth-master log_path: /var/log/mailaccess.log info_log_path: /var/log/mailaccess.log auth default: mechanisms: gssapi cram-md5 verbose: yes debug: yes debug_passwords: yes passdb: driver: od userdb: driver: od args: partition=/etc/dovecot/partition_map.conf enforce_quotas=no socket: type: listen master: path: /var/run/dovecot/auth-master mode: 384 user: _dovecot group: mail plugin: quota_warning: storage=100%% /usr/libexec/dovecot/quota-exceeded.sh quota_warning2: storage=90%% /usr/libexec/dovecot/quota-warning.sh quota: maildir:User quota sieve: /var/spool/imap/dovecot/sieve-scripts/%u/dovecot.sieve ################################# # /var/log/mail.log for a FAILED delivery # ################################# Aug 3 15:20:18 ca1 postfix/smtpd[2964]: connect from midas.utopiasystems.net[64.74.150.12] Aug 3 15:20:18 ca1 postfix/smtpd[2964]: C1B521510216: client=midas.utopiasystems.net[64.74.150.12] Aug 3 15:20:18 ca1 postfix/cleanup[2973]: C1B521510216: message-id=<51F8CAD6B1666341B363C2D95F0F91D70195A783 at midas.utopiasystems.net> Aug 3 15:20:19 ca1 postfix/smtpd[2964]: disconnect from midas.utopiasystems.net[64.74.150.12] Aug 3 15:20:19 ca1 postfix/qmgr[126]: C1B521510216: from=, size=23091, nrcpt=1 (queue active) Aug 3 15:20:23 ca1 postfix/smtpd[2978]: connect from localhost[127.0.0.1] Aug 3 15:20:23 ca1 postfix/smtpd[2978]: 1F1041510239: client=localhost[127.0.0.1] Aug 3 15:20:23 ca1 postfix/cleanup[2973]: 1F1041510239: message-id=<51F8CAD6B1666341B363C2D95F0F91D70195A783 at midas.utopiasystems.net> Aug 3 15:20:23 ca1 postfix/smtpd[2978]: disconnect from localhost[127.0.0.1] Aug 3 15:20:23 ca1 postfix/qmgr[126]: 1F1041510239: from=, size=23526, nrcpt=1 (queue active) Aug 3 15:20:23 ca1 postfix/smtp[2974]: C1B521510216: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=4.6, delays=1.2/0/0/3.4, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=94749-20, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1F1041510239) Aug 3 15:20:23 ca1 postfix/local[2980]: od[getpwnam_ext]: no attribute dsAttrTypeStandard:MailAttribute in record for user teamsserver Aug 3 15:20:23 ca1 postfix/qmgr[126]: C1B521510216: removed Aug 3 15:20:32 ca1 postfix/local[2980]: 1F1041510239: to=, orig_to=, relay=local, delay=9.8, delays=0.01/0/0/9.8, dsn=2.0.0, status=sent (delivered to command: /usr/share/wikid/bin/bundleMail.py) Aug 3 15:20:33 ca1 postfix/pipe[2981]: 1F1041510239: to=, orig_to=, relay=dovecot, delay=10, delays=0.01/0/0/10, dsn=2.0.0, status=sent (delivered via dovecot service) Aug 3 15:20:33 ca1 postfix/pipe[2981]: 1F1041510239: to=, orig_to=, relay=dovecot, delay=10, delays=0.01/0/0/10, dsn=2.0.0, status=sent (delivered via dovecot service) Aug 3 15:20:35 ca1 postfix/pipe[2981]: 1F1041510239: to=, orig_to=, relay=dovecot, delay=13, delays=0.01/0/0/13, dsn=2.0.0, status=sent (delivered via dovecot service) Aug 3 15:20:35 ca1 postfix/qmgr[126]: 1F1041510239: removed Aug 3 15:23:39 ca1 postfix/anvil[2688]: statistics: max connection rate 2/60s for (smtp:66.231.183.81) at Aug 3 15:15:14 Aug 3 15:23:39 ca1 postfix/anvil[2688]: statistics: max connection count 1 for (smtp:66.231.183.82) at Aug 3 15:14:40 Aug 3 15:23:39 ca1 postfix/anvil[2688]: statistics: max cache size 2 at Aug 3 15:14:57 ################################## # /var/log/mailaccess.log for a FAILED delivery # # Both greg and mark receive the mail, but milt does not. # ################################## deliver(greg.woods): Aug 03 15:20:32 Info: Loading modules from directory: /usr/lib/dovecot/lda deliver(greg.woods): Aug 03 15:20:32 Info: Module loaded: /usr/lib/dovecot/lda/lib10_quota_plugin.so deliver(greg.woods): Aug 03 15:20:32 Info: Module loaded: /usr/lib/dovecot/lda/lib90_cmusieve_plugin.so Aug 3 15:20:32 ca1 dovecot[58]: auth(default): master in: USER 1 greg.woods service=deliver Aug 3 15:20:32 ca1 dovecot[58]: auth(default): od(greg.woods): lookup user=greg.woods Aug 3 15:20:32 ca1 dovecot[58]: auth(default): od(greg.woods): directory lookup for: user=greg.woods deliver(greg.woods): Aug 03 15:20:32 Info: auth input: greg.woods deliver(greg.woods): Aug 03 15:20:32 Info: auth input: uid=1026 deliver(greg.woods): Aug 03 15:20:32 Info: auth input: gid=20 deliver(greg.woods): Aug 03 15:20:32 Info: auth input: quota=maildir:User quota:noenforcing deliver(greg.woods): Aug 03 15:20:32 Info: auth input: quota_rule=*:storage=0 deliver(greg.woods): Aug 03 15:20:32 Info: auth input: mail=maildir:/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 15:20:32 Info: auth input: mail_location=maildir:/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 15:20:32 Info: auth input: sieve=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639/dovecot.sieve deliver(greg.woods): Aug 03 15:20:32 Info: auth input: sieve_dir=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 15:20:32 Info: auth input: sieve_storage=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 15:20:32 Info: Quota root: name=User quota backend=maildir args=noenforcing deliver(greg.woods): Aug 03 15:20:32 Info: Quota rule: root=User quota mailbox=* bytes=0 messages=0 deliver(greg.woods): Aug 03 15:20:32 Info: Quota warning: bytes=0 (100%) messages=0 command=/usr/libexec/dovecot/quota-exceeded.sh deliver(greg.woods): Aug 03 15:20:32 Info: Quota warning: bytes=0 (90%) messages=0 command=/usr/libexec/dovecot/quota-warning.sh deliver(greg.woods): Aug 03 15:20:32 Info: maildir: data=/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 15:20:32 Info: maildir++: root=/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639, index=, control=, inbox=/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 Aug 3 15:20:32 ca1 dovecot[58]: auth(default): od[getpwnam_ext](greg.woods): uid=1026 gid=20 state=0x6 quota=0 guid=C730546B-FBEF-4E90-92CB-6F95AD8F0639 name=gwoods loc=ca1.cirrusav.com alt=(null) fwd=(null) Aug 3 15:20:32 ca1 dovecot[58]: auth(default): od(greg.woods): user gwoods exists more than once Aug 3 15:20:32 ca1 dovecot[58]: auth(default): od(greg.woods): record name=gwoods, uid=1026, gid=20 Aug 3 15:20:32 ca1 dovecot[58]: auth(default): od(greg.woods): user=gwoods, quota=*:storage=0 Aug 3 15:20:32 ca1 dovecot[58]: auth(default): od(greg.woods): data store location=maildir:/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 Aug 3 15:20:32 ca1 dovecot[58]: auth(default): master out: USER 1 greg.woods uid=1026 gid=20 quota=maildir:User quota:noenforcing quota_rule=*:storage=0 mail=maildir:/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 mail_location=maildir:/var/spool/imap/\ dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 sieve=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639/dovecot.sieve sieve_dir=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639 sieve_storage=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E\ 90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 15:20:32 Info: cmusieve: Using sieve path: /var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639/dovecot.sieve deliver(greg.woods): Aug 03 15:20:32 Info: cmusieve: Executing script /var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639/dovecot.sievec deliver(greg.woods): Aug 03 15:20:33 Info: msgid=<51F8CAD6B1666341B363C2D95F0F91D70195A783 at midas.utopiasystems.net>: saved mail to INBOX deliver(milt.woods): Aug 03 15:20:33 Info: Loading modules from directory: /usr/lib/dovecot/lda deliver(milt.woods): Aug 03 15:20:33 Info: Module loaded: /usr/lib/dovecot/lda/lib10_quota_plugin.so deliver(milt.woods): Aug 03 15:20:33 Info: Module loaded: /usr/lib/dovecot/lda/lib90_cmusieve_plugin.so Aug 3 15:20:33 ca1 dovecot[58]: auth(default): master in: USER 1 milt.woods service=deliver Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(milt.woods): lookup user=milt.woods Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(milt.woods): directory lookup for: user=milt.woods deliver(milt.woods): Aug 03 15:20:33 Info: auth input: milt.woods deliver(milt.woods): Aug 03 15:20:33 Info: auth input: uid=1027 deliver(milt.woods): Aug 03 15:20:33 Info: auth input: gid=20 deliver(milt.woods): Aug 03 15:20:33 Info: auth input: quota=maildir:User quota:noenforcing deliver(milt.woods): Aug 03 15:20:33 Info: auth input: quota_rule=*:storage=0 deliver(milt.woods): Aug 03 15:20:33 Info: auth input: mail=maildir:/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF deliver(milt.woods): Aug 03 15:20:33 Info: auth input: mail_location=maildir:/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF deliver(milt.woods): Aug 03 15:20:33 Info: auth input: sieve=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF/dovecot.sieve deliver(milt.woods): Aug 03 15:20:33 Info: auth input: sieve_dir=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF deliver(milt.woods): Aug 03 15:20:33 Info: auth input: sieve_storage=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od[getpwnam_ext](milt.woods): uid=1027 gid=20 state=0x6 quota=0 guid=E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF name=milt loc=ca1.cirrusav.com alt=(null) fwd=(null) Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(milt.woods): user milt exists more than once deliver(milt.woods): Aug 03 15:20:33 Info: Quota root: name=User quota backend=maildir args=noenforcing deliver(milt.woods): Aug 03 15:20:33 Info: Quota rule: root=User quota mailbox=* bytes=0 messages=0 deliver(milt.woods): Aug 03 15:20:33 Info: Quota warning: bytes=0 (100%) messages=0 command=/usr/libexec/dovecot/quota-exceeded.sh deliver(milt.woods): Aug 03 15:20:33 Info: Quota warning: bytes=0 (90%) messages=0 command=/usr/libexec/dovecot/quota-warning.sh deliver(milt.woods): Aug 03 15:20:33 Info: maildir: data=/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF deliver(milt.woods): Aug 03 15:20:33 Info: maildir++: root=/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF, index=, control=, inbox=/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF deliver(milt.woods): Aug 03 15:20:33 Info: cmusieve: /var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF/dovecot.sieve doesn't exist deliver(milt.woods): Aug 03 15:20:33 Info: msgid=<51F8CAD6B1666341B363C2D95F0F91D70195A783 at midas.utopiasystems.net>: saved mail to INBOX Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(milt.woods): record name=milt, uid=1027, gid=20 Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(milt.woods): user=milt, quota=*:storage=0 Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(milt.woods): data store location=maildir:/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF Aug 3 15:20:33 ca1 dovecot[58]: auth(default): master out: USER 1 milt.woods uid=1027 gid=20 quota=maildir:User quota:noenforcing quota_rule=*:storage=0 mail=maildir:/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF mail_location=maildir:/var/spool/imap/\ dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF sieve=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF/dovecot.sieve sieve_dir=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF sieve_storage=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4C\ D4-8CC2-7587BE5D33CF deliver(mark.woods): Aug 03 15:20:33 Info: Loading modules from directory: /usr/lib/dovecot/lda deliver(mark.woods): Aug 03 15:20:33 Info: Module loaded: /usr/lib/dovecot/lda/lib10_quota_plugin.so deliver(mark.woods): Aug 03 15:20:33 Info: Module loaded: /usr/lib/dovecot/lda/lib90_cmusieve_plugin.so Aug 3 15:20:33 ca1 dovecot[58]: auth(default): master in: USER 1 mark.woods service=deliver Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(mark.woods): lookup user=mark.woods Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(mark.woods): directory lookup for: user=mark.woods deliver(mark.woods): Aug 03 15:20:33 Info: auth input: mark.woods deliver(mark.woods): Aug 03 15:20:33 Info: auth input: uid=1025 deliver(mark.woods): Aug 03 15:20:33 Info: auth input: gid=20 deliver(mark.woods): Aug 03 15:20:33 Info: auth input: quota=maildir:User quota:noenforcing deliver(mark.woods): Aug 03 15:20:33 Info: auth input: quota_rule=*:storage=0 deliver(mark.woods): Aug 03 15:20:33 Info: auth input: mail=maildir:/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 15:20:33 Info: auth input: mail_location=maildir:/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 15:20:33 Info: auth input: sieve=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B/dovecot.sieve deliver(mark.woods): Aug 03 15:20:33 Info: auth input: sieve_dir=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 15:20:33 Info: auth input: sieve_storage=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od[getpwnam_ext](mark.woods): uid=1025 gid=20 state=0x6 quota=0 guid=A3A30056-80F0-42BB-884B-DD1F38913A8B name=mark loc=ca1.cirrusav.com alt=(null) fwd=(null) Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(mark.woods): user mark exists more than once Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(mark.woods): record name=mark, uid=1025, gid=20 Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(mark.woods): user=mark, quota=*:storage=0 Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(mark.woods): data store location=maildir:/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B Aug 3 15:20:33 ca1 dovecot[58]: auth(default): master out: USER 1 mark.woods uid=1025 gid=20 quota=maildir:User quota:noenforcing quota_rule=*:storage=0 mail=maildir:/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B mail_location=maildir:/var/spool/imap/\ dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B sieve=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B/dovecot.sieve sieve_dir=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B sieve_storage=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42\ BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 15:20:33 Info: Quota root: name=User quota backend=maildir args=noenforcing deliver(mark.woods): Aug 03 15:20:33 Info: Quota rule: root=User quota mailbox=* bytes=0 messages=0 deliver(mark.woods): Aug 03 15:20:33 Info: Quota warning: bytes=0 (100%) messages=0 command=/usr/libexec/dovecot/quota-exceeded.sh deliver(mark.woods): Aug 03 15:20:33 Info: Quota warning: bytes=0 (90%) messages=0 command=/usr/libexec/dovecot/quota-warning.sh deliver(mark.woods): Aug 03 15:20:33 Info: maildir: data=/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 15:20:33 Info: maildir++: root=/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B, index=, control=, inbox=/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 15:20:33 Info: cmusieve: /var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B/dovecot.sieve doesn't exist deliver(mark.woods): Aug 03 15:20:34 Info: msgid=<51F8CAD6B1666341B363C2D95F0F91D70195A783 at midas.utopiasystems.net>: saved mail to INBOX ################################## # dovecot.index.cache for failed delivery showing message header.... # ################################# ("charset" "UTF-8") NIL NIL "8bit" 2959 121 NIL NIL NIL NIL)("text" "html" ("charset" "UTF-8") NIL NIL "8bit" 19027 186 NIL NIL NIL NIL) "alternative" ("boundary" "b1_b5d09c\ ae81d6afae79bdbcb8cea2896a") NIL NIL NIL^@^@^@^A^@^@^@^\\3119N^@^@^@^@^P^E^@^@^D^@^@^@^@^@^@^@^E^@^@^@-^@^@^@^U^@^@^@^@^@^@^@Date: Wed, 3 Aug 2011 18:20:15 -0400 ^@^@^@^F^@^@^@7^@^@^@^[^@^@^@^@^@^@^@From: "Natalie Astor" ^@^G^@^@^@^@^@^@^@^H^@^@^@W^@^@^@^V^@^@^@^@^@^@^@Message-ID: <51F8CAD6B1666341B363C2D95F0F91D70195A783 at midas.utopiasystems.net> ^@ ^@^@^@^@^@^@^@ ^@^@^@^@^@^@^@^K^@^@^@0^@^@^@^T^@^@^@^@^@^@^@Subject: Quote 8/10 & 8/15 SNA-MMSD-SNA ^L^@^@^@!^@^@^@^\^@^@^@^@^@^@^@To: ^@^@^@^M^@^@^@^@^@^@^@^N^@^@^@^@^@^@^@^O^@^@^@^@^@^@^@^P^@^@^@^@^@^@^@^Q^@^@^@^@^@^@^@^R^@^@^@^@^@^@^@^S^@^@^@^@^@^@^@^T^@^@^@^@^@^@^@^U^@^@^@^@^@^@^@^V^@^@^@Y^@^@^@^P^@^@^@\ ^@^@^@^@Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01CC522B.8646FEE6" ^@^@^@^@^@^@^@^H^@^@^@^C^@^@^@\344^@^@^@A^@^@^@^Q^E^@^@^@^@^@^@.^E^@^@^@^@^@^@nU^@^@^@^@^@^@^FW^@^@^@^@^@^@^B^@^@^@A^@^@^@g^E^@^@^@^@^@^@X^@^@^@^@^@^@^@[^@^@^@^@^@^@^@O^N^@^\ @^@^@^@^@\357^N^@^@^@^@^@^@^B^@^@^@H^@^@^@\350^E^@^@^@^@^@^@[^@^@^@^@^@^@^@_^@^@^@^@^@^@^@{^A^@^@^@^@^@^@\234^A^@^@^@^@^@^@!^@^@^@H^@^@^@\347^G^@^@^@^@^@^@Z^@^@^@^@^@^@^@^^@\ ^@^@^@^@^@^@\242^K^@^@^@^@^@^@^S^L^@^@^@^@^@^@q^@^@^@@^@^@^@7^T^@^@^@^@^@^@\332^@^@^@^@^@^@^@\341^@^@^@^@^@^@^@CE^@^@^@^@^@^@*F^@^@^@^@^@^@^B^@^@^@\373^A^@^@(("text" "plain"\ ("charset" "us-ascii") NIL NIL "quoted-printable" 412 33 NIL NIL NIL NIL)("text" "html" ("charset" "us-ascii") NIL NIL "quoted-printable" 3091 113 NIL NIL NIL NIL) "alterna\ tive" ("boundary" "----_=_NextPart_002_01CC522B.8646FEE6") NIL NIL NIL)("application" "octet-stream" ("name" "8-10 Cirrus - MMSD.pdf") NIL "8-10 Cirrus - MMSD.pdf" "base64" \ 17962 NIL ("attachment" ("filename" "8-10 Cirrus - MMSD.pdf")) NIL NIL) "mixed" ("boundary" "----_=_NextPart_001_01CC522B.8646FEE6") NIL NIL NIL^@^@^A^@^@^@\261\3119N^@^@^@^\ @4^D^@^@^D^@^@^@^@^@^@^@^E^@^@^@-^@^@^@^_^@^@^@^@^@^@^@Date: Thu, 4 Aug 2011 09:09:11 +0900 ################################# # /var/log/mail.log for a successful delivery # ################################## Aug 3 14:18:22 ca1 postfix/smtpd[97867]: connect from mail.westcoastcharters.com[65.119.7.90] Aug 3 14:18:22 ca1 postfix/smtpd[97867]: B1667150F981: client=mail.westcoastcharters.com[65.119.7.90] Aug 3 14:18:22 ca1 postfix/cleanup[97874]: B1667150F981: message-id=<7EAD11D11C070740B7BB95F7F81F7AE80250C252 at wcc-exch.westcoastcharters.com> Aug 3 14:18:22 ca1 postfix/qmgr[126]: B1667150F981: from=, size=8004, nrcpt=1 (queue active) Aug 3 14:18:22 ca1 postfix/smtpd[97867]: disconnect from mail.westcoastcharters.com[65.119.7.90] Aug 3 14:18:24 ca1 postfix/smtpd[97879]: connect from localhost[127.0.0.1] Aug 3 14:18:24 ca1 postfix/smtpd[97879]: 3FF65150F992: client=localhost[127.0.0.1] Aug 3 14:18:24 ca1 postfix/cleanup[97874]: 3FF65150F992: message-id=<7EAD11D11C070740B7BB95F7F81F7AE80250C252 at wcc-exch.westcoastcharters.com> Aug 3 14:18:24 ca1 postfix/smtpd[97879]: disconnect from localhost[127.0.0.1] Aug 3 14:18:24 ca1 postfix/qmgr[126]: 3FF65150F992: from=, size=8439, nrcpt=1 (queue active) Aug 3 14:18:24 ca1 postfix/smtp[97875]: B1667150F981: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=1.6, delays=0.17/0.01/0/1.4, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=94749-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 3FF65150F992) Aug 3 14:18:24 ca1 postfix/qmgr[126]: B1667150F981: removed Aug 3 14:18:24 ca1 postfix/local[97881]: od[getpwnam_ext]: no attribute dsAttrTypeStandard:MailAttribute in record for user teamsserver Aug 3 14:18:32 ca1 postfix/local[97881]: 3FF65150F992: to=, orig_to=, relay=local, delay=8.2, delays=0.01/0.1/0/8.1, dsn=2.0.0, status=sent (delivered to command: /usr/share/wikid/bin/bundleMail.py) Aug 3 14:18:32 ca1 postfix/pipe[97895]: 3FF65150F992: to=, orig_to=, relay=dovecot, delay=8.4, delays=0.01/0.1/0/8.3, dsn=2.0.0, status=sent (delivered via dovecot service) Aug 3 14:18:32 ca1 postfix/pipe[97895]: 3FF65150F992: to=, orig_to=, relay=dovecot, delay=8.4, delays=0.01/0.1/0/8.3, dsn=2.0.0, status=sent (delivered via dovecot service) Aug 3 14:18:32 ca1 postfix/pipe[97895]: 3FF65150F992: to=, orig_to=, relay=dovecot, delay=8.7, delays=0.01/0.1/0/8.6, dsn=2.0.0, status=sent (delivered via dovecot service) Aug 3 14:18:32 ca1 postfix/qmgr[126]: 3FF65150F992: removed ################################# # /var/log/mailaccess.log for a successful delivery # ################################# Aug 3 14:11:49 ca1 dovecot[97346]: This is Dovecot's info log Aug 3 14:11:49 ca1 dovecot[97346]: This is Dovecot's warning log Aug 3 14:11:49 ca1 dovecot[97346]: This is Dovecot's error log Aug 3 14:11:49 ca1 dovecot[97346]: Fatal: This is Dovecot's fatal log deliver(greg.woods): Aug 03 14:18:32 Info: Loading modules from directory: /usr/lib/dovecot/lda deliver(greg.woods): Aug 03 14:18:32 Info: Module loaded: /usr/lib/dovecot/lda/lib10_quota_plugin.so deliver(greg.woods): Aug 03 14:18:32 Info: Module loaded: /usr/lib/dovecot/lda/lib90_cmusieve_plugin.so Aug 3 14:18:32 ca1 dovecot[58]: auth(default): master in: USER 1 greg.woods service=deliver Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(greg.woods): lookup user=greg.woods Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(greg.woods): directory lookup for: user=greg.woods deliver(greg.woods): Aug 03 14:18:32 Info: auth input: greg.woods deliver(greg.woods): Aug 03 14:18:32 Info: auth input: uid=1026 deliver(greg.woods): Aug 03 14:18:32 Info: auth input: gid=20 deliver(greg.woods): Aug 03 14:18:32 Info: auth input: quota=maildir:User quota:noenforcing deliver(greg.woods): Aug 03 14:18:32 Info: auth input: quota_rule=*:storage=0 deliver(greg.woods): Aug 03 14:18:32 Info: auth input: mail=maildir:/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 14:18:32 Info: auth input: mail_location=maildir:/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 14:18:32 Info: auth input: sieve=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639/dovecot.sieve deliver(greg.woods): Aug 03 14:18:32 Info: auth input: sieve_dir=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 14:18:32 Info: auth input: sieve_storage=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639 Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od[getpwnam_ext](greg.woods): uid=1026 gid=20 state=0x6 quota=0 guid=C730546B-FBEF-4E90-92CB-6F95AD8F0639 name=gwoods loc=ca1.cirrusav.com alt=(null) fwd=(null) Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(greg.woods): user gwoods exists more than once Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(greg.woods): record name=gwoods, uid=1026, gid=20 Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(greg.woods): user=gwoods, quota=*:storage=0 Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(greg.woods): data store location=maildir:/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 14:18:32 Info: Quota root: name=User quota backend=maildir args=noenforcing deliver(greg.woods): Aug 03 14:18:32 Info: Quota rule: root=User quota mailbox=* bytes=0 messages=0 deliver(greg.woods): Aug 03 14:18:32 Info: Quota warning: bytes=0 (100%) messages=0 command=/usr/libexec/dovecot/quota-exceeded.sh deliver(greg.woods): Aug 03 14:18:32 Info: Quota warning: bytes=0 (90%) messages=0 command=/usr/libexec/dovecot/quota-warning.sh deliver(greg.woods): Aug 03 14:18:32 Info: maildir: data=/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 14:18:32 Info: maildir++: root=/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639, index=, control=, inbox=/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 14:18:32 Info: cmusieve: Using sieve path: /var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639/dovecot.sieve deliver(greg.woods): Aug 03 14:18:32 Info: cmusieve: Executing script /var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639/dovecot.sievec deliver(greg.woods): Aug 03 14:18:32 Info: msgid=<7EAD11D11C070740B7BB95F7F81F7AE80250C252 at wcc-exch.westcoastcharters.com>: saved mail to INBOX Aug 3 14:18:32 ca1 dovecot[58]: auth(default): master out: USER 1 greg.woods uid=1026 gid=20 quota=maildir:User quota:noenforcing quota_rule=*:storage=0 mail=maildir:/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 mail_location=maildir:/var/spool/imap/\ dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 sieve=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639/dovecot.sieve sieve_dir=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639 sieve_storage=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E\ 90-92CB-6F95AD8F0639 deliver(milt.woods): Aug 03 14:18:32 Info: Loading modules from directory: /usr/lib/dovecot/lda deliver(milt.woods): Aug 03 14:18:32 Info: Module loaded: /usr/lib/dovecot/lda/lib10_quota_plugin.so deliver(milt.woods): Aug 03 14:18:32 Info: Module loaded: /usr/lib/dovecot/lda/lib90_cmusieve_plugin.so deliver(milt.woods): Aug 03 14:18:32 Info: auth input: milt.woods deliver(milt.woods): Aug 03 14:18:32 Info: auth input: uid=1027 deliver(milt.woods): Aug 03 14:18:32 Info: auth input: gid=20 deliver(milt.woods): Aug 03 14:18:32 Info: auth input: quota=maildir:User quota:noenforcing deliver(milt.woods): Aug 03 14:18:32 Info: auth input: quota_rule=*:storage=0 deliver(milt.woods): Aug 03 14:18:32 Info: auth input: mail=maildir:/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF deliver(milt.woods): Aug 03 14:18:32 Info: auth input: mail_location=maildir:/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF deliver(milt.woods): Aug 03 14:18:32 Info: auth input: sieve=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF/dovecot.sieve deliver(milt.woods): Aug 03 14:18:32 Info: auth input: sieve_dir=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF deliver(milt.woods): Aug 03 14:18:32 Info: auth input: sieve_storage=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF Aug 3 14:18:32 ca1 dovecot[58]: auth(default): master in: USER 1 milt.woods service=deliver Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(milt.woods): lookup user=milt.woods Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(milt.woods): directory lookup for: user=milt.woods Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od[getpwnam_ext](milt.woods): uid=1027 gid=20 state=0x6 quota=0 guid=E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF name=milt loc=ca1.cirrusav.com alt=(null) fwd=(null) Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(milt.woods): user milt exists more than once Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(milt.woods): record name=milt, uid=1027, gid=20 Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(milt.woods): user=milt, quota=*:storage=0 Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(milt.woods): data store location=maildir:/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF Aug 3 14:18:32 ca1 dovecot[58]: auth(default): master out: USER 1 milt.woods uid=1027 gid=20 quota=maildir:User quota:noenforcing quota_rule=*:storage=0 mail=maildir:/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF mail_location=maildir:/var/spool/imap/\ dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF sieve=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF/dovecot.sieve sieve_dir=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF sieve_storage=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4C\ D4-8CC2-7587BE5D33CF deliver(milt.woods): Aug 03 14:18:32 Info: Quota root: name=User quota backend=maildir args=noenforcing deliver(milt.woods): Aug 03 14:18:32 Info: Quota rule: root=User quota mailbox=* bytes=0 messages=0 deliver(milt.woods): Aug 03 14:18:32 Info: Quota warning: bytes=0 (100%) messages=0 command=/usr/libexec/dovecot/quota-exceeded.sh deliver(milt.woods): Aug 03 14:18:32 Info: Quota warning: bytes=0 (90%) messages=0 command=/usr/libexec/dovecot/quota-warning.sh deliver(milt.woods): Aug 03 14:18:32 Info: maildir: data=/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF deliver(milt.woods): Aug 03 14:18:32 Info: maildir++: root=/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF, index=, control=, inbox=/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF deliver(milt.woods): Aug 03 14:18:32 Info: cmusieve: /var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF/dovecot.sieve doesn't exist deliver(milt.woods): Aug 03 14:18:32 Info: msgid=<7EAD11D11C070740B7BB95F7F81F7AE80250C252 at wcc-exch.westcoastcharters.com>: saved mail to INBOX deliver(mark.woods): Aug 03 14:18:32 Info: Loading modules from directory: /usr/lib/dovecot/lda deliver(mark.woods): Aug 03 14:18:32 Info: Loading modules from directory: /usr/lib/dovecot/lda deliver(mark.woods): Aug 03 14:18:32 Info: Module loaded: /usr/lib/dovecot/lda/lib10_quota_plugin.so deliver(mark.woods): Aug 03 14:18:32 Info: Module loaded: /usr/lib/dovecot/lda/lib90_cmusieve_plugin.so Aug 3 14:18:32 ca1 dovecot[58]: auth(default): master in: USER 1 mark.woods service=deliver Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(mark.woods): lookup user=mark.woods Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(mark.woods): directory lookup for: user=mark.woods deliver(mark.woods): Aug 03 14:18:32 Info: auth input: mark.woods deliver(mark.woods): Aug 03 14:18:32 Info: auth input: uid=1025 deliver(mark.woods): Aug 03 14:18:32 Info: auth input: gid=20 deliver(mark.woods): Aug 03 14:18:32 Info: auth input: quota=maildir:User quota:noenforcing deliver(mark.woods): Aug 03 14:18:32 Info: auth input: quota_rule=*:storage=0 deliver(mark.woods): Aug 03 14:18:32 Info: auth input: mail=maildir:/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 14:18:32 Info: auth input: mail_location=maildir:/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 14:18:32 Info: auth input: sieve=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B/dovecot.sieve deliver(mark.woods): Aug 03 14:18:32 Info: auth input: sieve_dir=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 14:18:32 Info: auth input: sieve_storage=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od[getpwnam_ext](mark.woods): uid=1025 gid=20 state=0x6 quota=0 guid=A3A30056-80F0-42BB-884B-DD1F38913A8B name=mark loc=ca1.cirrusav.com alt=(null) fwd=(null) Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(mark.woods): adding user to table: mark Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(mark.woods): record name=mark, uid=1025, gid=20 Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(mark.woods): user=mark, quota=*:storage=0 Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(mark.woods): data store location=maildir:/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B Aug 3 14:18:32 ca1 dovecot[58]: auth(default): master out: USER 1 mark.woods uid=1025 gid=20 quota=maildir:User quota:noenforcing quota_rule=*:storage=0 mail=maildir:/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B mail_location=maildir:/var/spool/imap/\ dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B sieve=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B/dovecot.sieve sieve_dir=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B sieve_storage=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42\ BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 14:18:32 Info: Quota root: name=User quota backend=maildir args=noenforcing deliver(mark.woods): Aug 03 14:18:32 Info: Quota rule: root=User quota mailbox=* bytes=0 messages=0 deliver(mark.woods): Aug 03 14:18:32 Info: Quota warning: bytes=0 (100%) messages=0 command=/usr/libexec/dovecot/quota-exceeded.sh deliver(mark.woods): Aug 03 14:18:32 Info: Quota warning: bytes=0 (90%) messages=0 command=/usr/libexec/dovecot/quota-warning.sh deliver(mark.woods): Aug 03 14:18:32 Info: maildir: data=/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 14:18:32 Info: maildir++: root=/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B, index=, control=, inbox=/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 14:18:32 Info: cmusieve: /var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B/dovecot.sieve doesn't exist deliver(mark.woods): Aug 03 14:18:32 Info: msgid=<7EAD11D11C070740B7BB95F7F81F7AE80250C252 at wcc-exch.westcoastcharters.com>: saved mail to INBOX From tomislav.mihalicek at gmail.com Thu Aug 4 12:57:44 2011 From: tomislav.mihalicek at gmail.com (Tomislav Mihalicek) Date: Thu, 4 Aug 2011 02:57:44 -0700 (PDT) Subject: [Dovecot] dovecot ACL's wrong maildir++ location of shared folder Message-ID: <32193043.post@talk.nabble.com> Hi I am having problem regarding ACLs. I use ldap as db backend and everything seems okay but ACL retrieving of shared folder paths... why is the date and root wrong? dovecot is 1.2.17 ####dovecot-ldap.conf user_attrs = homeDirectory=home,mailQuotaSize=quota_rule=*:bytes=%$,mailQuotaCount=quota_rule2=*:messages=%$ ####dovecot.conf mail_location = maildir:~/Maildir:INDEX=~/index namespace private { separator = / prefix = #location defaults to mail_location. inbox = yes } namespace shared { separator = / prefix = Shared/%%u/ location = maildir:%%h/Maildir:INDEX=%h/index/Shared/%%u # this namespace should handle its own subscriptions or not. subscriptions = yes list = children } i checked there is no "mail=.." in user_attrs!! ####dovecot.info 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: file /mailbox/maildirs02/example.org/t/m/i/tmihalicek/Maildir/.Sent/dovecot-acl not found 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: file /mailbox/maildirs02/example.org/t/m/i/tmihalicek/Maildir/.SpamCop/dovecot-acl not found 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: reading file /mailbox/maildirs02/example.org/t/m/i/tmihalicek/Maildir/.Gmail/dovecot-acl 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: file /mailbox/maildirs02/example.org/t/m/i/tmihalicek/Maildir/dovecot-acl not found 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: dict quota: user=testuser at example.org, uri=proxy::quotadict, noenforcing=0 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: maildir: data=/var/run/dovecot/user-not-found/testuser at example.org 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: maildir++: root=/var/run/dovecot/user-not-found/testuser at example.org, index=, control=, inbox=/var/run/dovecot/user-not-found/testuser at globalnet.hr 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: initializing backend with data: vfile 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: acl username = tmihalicek at example.org 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: owner = 0 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: Global ACL directory: (null) 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: dict quota: user=testuser at example.org, uri=proxy::quotadict, noenforcing=0 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: maildir: data=/var/run/dovecot/user-not-found/testuser at example.org 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: maildir++: root=/var/run/dovecot/user-not-found/testuser at example.org, index=, control=, inbox=/var/run/dovecot/user-not-found/testuser at example.org 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: initializing backend with data: vfile 2010-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: acl username = tmihalicek at example.org 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: owner = 0 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: Global ACL directory: (null) 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: expire: No expiring in mailbox: INBOX 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: Disconnected: Logged out bytes=89/7806 -- View this message in context: http://old.nabble.com/dovecot-ACL%27s-wrong-maildir%2B%2B-location-of-shared-folder-tp32193043p32193043.html Sent from the Dovecot mailing list archive at Nabble.com. From tomislav.mihalicek at gmail.com Thu Aug 4 14:53:00 2011 From: tomislav.mihalicek at gmail.com (Tomislav Mihalicek) Date: Thu, 4 Aug 2011 04:53:00 -0700 (PDT) Subject: [Dovecot] dovecot ACL's wrong maildir++ location of shared folder In-Reply-To: <32193043.post@talk.nabble.com> References: <32193043.post@talk.nabble.com> Message-ID: <32193708.post@talk.nabble.com> SOLVED dovecot-ldap.conf user_filter = (&(objectClass=qmailUser)(accountService=mail)(accountService=%Ls%Lc) accountService internal needs to be added :P Tomislav Mihalicek wrote: > > Hi > > I am having problem regarding ACLs. I use ldap as db backend and > everything seems okay but ACL retrieving of shared folder paths... why is > the date and root wrong? dovecot is 1.2.17 > > ####dovecot-ldap.conf > user_attrs = > homeDirectory=home,mailQuotaSize=quota_rule=*:bytes=%$,mailQuotaCount=quota_rule2=*:messages=%$ > > ####dovecot.conf > mail_location = maildir:~/Maildir:INDEX=~/index > > namespace private { > separator = / > prefix = > #location defaults to mail_location. > inbox = yes > } > > namespace shared { > separator = / > prefix = Shared/%%u/ > location = maildir:%%h/Maildir:INDEX=%h/index/Shared/%%u > # this namespace should handle its own subscriptions or not. > subscriptions = yes > list = children > } > > i checked there is no "mail=.." in user_attrs!! > > ####dovecot.info > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: file > /mailbox/maildirs02/example.org/t/m/i/tmihalicek/Maildir/.Sent/dovecot-acl > not found > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: file > /mailbox/maildirs02/example.org/t/m/i/tmihalicek/Maildir/.SpamCop/dovecot-acl > not found > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: reading > file > /mailbox/maildirs02/example.org/t/m/i/tmihalicek/Maildir/.Gmail/dovecot-acl > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: file > /mailbox/maildirs02/example.org/t/m/i/tmihalicek/Maildir/dovecot-acl not > found > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: dict quota: > user=testuser at example.org, uri=proxy::quotadict, noenforcing=0 > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: maildir: > data=/var/run/dovecot/user-not-found/testuser at example.org > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: maildir++: > root=/var/run/dovecot/user-not-found/testuser at example.org, index=, > control=, inbox=/var/run/dovecot/user-not-found/testuser at globalnet.hr > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: initializing > backend with data: vfile > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: acl username > = tmihalicek at example.org > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: owner = 0 > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: Global > ACL directory: (null) > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: dict quota: > user=testuser at example.org, uri=proxy::quotadict, noenforcing=0 > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: maildir: > data=/var/run/dovecot/user-not-found/testuser at example.org > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: maildir++: > root=/var/run/dovecot/user-not-found/testuser at example.org, index=, > control=, inbox=/var/run/dovecot/user-not-found/testuser at example.org > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: initializing > backend with data: vfile > 2010-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: acl username > = tmihalicek at example.org > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: owner = 0 > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: Global > ACL directory: (null) > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: expire: No > expiring in mailbox: INBOX > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: Disconnected: > Logged out bytes=89/7806 > > -- View this message in context: http://old.nabble.com/dovecot-ACL%27s-wrong-maildir%2B%2B-location-of-shared-folder-tp32193043p32193708.html Sent from the Dovecot mailing list archive at Nabble.com. From ross.sysadm at gmail.com Thu Aug 4 15:38:02 2011 From: ross.sysadm at gmail.com (Ross) Date: Thu, 04 Aug 2011 15:38:02 +0300 Subject: [Dovecot] dovecot + postfix + kerberos + AD - Multiple mailboxes ??? Message-ID: <4E3A92AA.5030802@gmail.com> Hi all. I have a problem in configuration Mail Server for my company. Gentoo/Linux, postfix-2.7.3, dovecot-2.0.11, AD-Windows2008R2 *main.cf:* virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf, ldap:/etc/postfix/ldap-users_oblr.cf I create a two ldap files for search Multiple mailboxes in attribute AD (mail, othermailbox). *ldap-users.cf:* server_host = srv-ad.cn.energy search_base = dc=cn,dc=energy version = 3 bind = yes bind_dn = admin bind_pw = passwd chase_referrals = no scope = sub query_filter = (&(objectclass=person)(|(mail=%s))(!(userAccountControl=514))) result_attribute = mail result_format = %s/ *ldap-users_oblr.cf:* server_host = srv-ad.cn.energy search_base = dc=cn,dc=energy version = 3 bind = yes bind_dn = admin bind_pw = passwd chase_referrals = no scope = sub query_filter = (&(objectclass=person)(|(otherMailbox=%s))(!(userAccountControl=514))) result_attribute = otherMailbox So, you want to know why it was done so stupid? I'll try to explain. I have an account in AD ( eg Ross). In the mail attribute is written, my main mailbox ross at energo.cg.ukrtel.net, and attribute otherMailbox my additional mailboxes simbios at oblr.cn.energy.gov.ua,..., Etc. Postfix does not know how to work with attributes that have multiple meanings. If I'm wrong correct me. ) ) ) Dovecot, respectively, too... ) ) ) *What to do in this situation? Maybe there is some solution?* *dovecot-ldap.conf:* user_attrs = mail=mail=maildir:/var/spool/mail/%$, quotaBytes=quota_rule=*:bytes=%$ user_filter = (&(objectClass=Person)(sAMAccountName=%n)) pass_attrs = userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%u)) ls /var/mail ross at energo.cg.ukrtel.net simbios at oblr.cn.energy.gov.ua This directory create postfix. With ross Dovecot working fine, but with simbios NOT. Many thanks for your help! -- Best Regards Ross Remote Server Administration. e-mail: ross.sysadm at gmail.com skype: ross.sysadm icq: 317410068 Best Offers for a full range of server management services and effective on time solutions. From gherzig at fmed.uba.ar Thu Aug 4 16:46:53 2011 From: gherzig at fmed.uba.ar (Gerardo Herzig) Date: Thu, 04 Aug 2011 10:46:53 -0300 Subject: [Dovecot] questions about ldap auth Message-ID: <1312465613.3652.4.camel@inca.fmed.uba.ar> Hi all. I have a couple of questions. ANY of those will solve mi situation. 1) 'Complex' LDAP validation: I need to validate a user in the 2 step authentication / authorizacion mech. The 'users' (with the password) are in ou=Person,o=Work the group which contains the mail users is in cn=MailUsers,ou=Groups,o=Work Can dovecot make such a thing? Cause im not shure if i can make this in a single ldap filter. 2) If not... 2.1) Does dovecot accept more than 1 ldap filter for authenticating? 2.2) Does dovecot accept an arbitrary program for authentication? Well, that's all for now. Thanks! Gerardo From nbw0313 at yahoo.com Thu Aug 4 19:40:19 2011 From: nbw0313 at yahoo.com (DT) Date: Thu, 4 Aug 2011 09:40:19 -0700 (PDT) Subject: [Dovecot] mbox problems on CentOS 6 Message-ID: <1312476019.65873.YahooMailClassic@web161908.mail.bf1.yahoo.com> Hello, I migrated yesterday to Dovecot 2, and I managed to "convert" all the settings I had in dovecot.conf, but I run into a strange problem. I am curently using Dovecot 2.0.13 and bellow is my dovecot.conf current content: ? # 2.0.13: //etc/dovecot/dovecot.conf # OS: Linux 2.6.32-71.29.1.el6.x86_64 x86_64 CentOS Linux release 6.0 (Final) ext4 auth_mechanisms = plain login auth_verbose = yes base_dir = /var/run/dovecot/ disable_plaintext_auth = no first_valid_uid = 901 last_valid_uid = 901 log_path = /var/log/dovecot.log log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = IMAP/POP3 server ready. mail_access_groups = mail mail_debug = yes mail_location = mbox:/vmail/%d/%n:INDEX=/var/indexes/%u mail_max_userip_connections = 16 mail_privileged_group = mail passdb { ? args = /etc/dovecot/dovecot-mysql.conf ? driver = sql } protocols = imap pop3 service auth { ? unix_listener auth-userdb { ??? mode = 0600 ? } ? user = $default_internal_user } service imap-login { ? inet_listener imap { ??? port = 143 ? } } service imap { ? process_limit = 16 } service pop3-login { ? inet_listener pop3 { ??? port = 110 ? } } service pop3 { ? process_limit = 16 } ssl = no userdb { ? args = /etc/dovecot/dovecot-mysql.conf ? driver = sql } protocol pop3 { ? pop3_client_workarounds = outlook-no-nuls oe-ns-eoh ? pop3_uidl_format = %08Xu%08Xv } protocol imap { ? imap_client_workarounds = delay-newmail tb-extra-mailbox-sep } ? I am running along with Dovecot, Postfix and MySQL - oh SASL is of course installed as I want to make use of user auth. On the simplest check - "surprise" ta-daaaa /telnet localhost 143 Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] IMAP/POP3 server ready. a login contact at mydomain.com mypassword * BYE Internal error occurred. Refer to server log for more information. Connection closed by foreign host. I activated debug and looked in the dovecot logs and here is the most intriguing part I found: auth: Info: mysql(localhost): Connected to database postfix imap-login: Info: Login: user=, method=PLAIN, rip=::1, lip=::1, mpid=5821, secured imap: Debug: Added userdb setting: mail=maildir:/vmail/mydomain.com/contact imap: Debug: Added userdb setting: plugin/quota=dirsize:storage=0 imap(contact at mydomain.com): Debug: Effective uid=901, gid=12, home=/vmail/mydomain.com/contact imap(contact at mydomain.com): Error: user contact at mydomain.com: Initialization failed: Initializing mail storage from mail_location setting failed: Unknown mail storage driver maildir imap(contact at mydomain.com): Error: Invalid user settings. Refer to server log for more information. ? I double checked paths - all is ok - postfix is actually receiving and saving in that /vmail... folder # uid=901 coresponds to user # gid=12 corresponds to group # rights on /vmail are vmail.mail ? I think there is actually a problem with mail_location - but I couldnt solve it at all. If anyone can help me with this - please do guys. I googled those terms and found nothing, so this is my last resort, I tried solving this in the last 36hrs but nothing so far. ? Thanks to anyone who can assist me. ? ? From nbw0313 at yahoo.com Thu Aug 4 19:52:46 2011 From: nbw0313 at yahoo.com (DT) Date: Thu, 4 Aug 2011 09:52:46 -0700 (PDT) Subject: [Dovecot] mbox problems on CentOS 6 In-Reply-To: <1312476019.65873.YahooMailClassic@web161908.mail.bf1.yahoo.com> Message-ID: <1312476766.2689.YahooMailClassic@web161905.mail.bf1.yahoo.com> No I noticed Postfix isnt running anymore :( Aug? 4 14:49:25?hostname postfix/smtpd[6414]: connect from mail-fx0-f51.google.com[209.85.161.51] Aug? 4 14:49:25 hostname postfix/smtpd[6414]: warning: SASL: Connect to private/auth failed: Connection refused Aug? 4 14:49:25 hostname postfix/smtpd[6414]: fatal: no SASL authentication mechanisms ? All I did was a simple system reboot ? --- On Thu, 8/4/11, DT wrote: From: DT Subject: [Dovecot] mbox problems on CentOS 6 To: dovecot at dovecot.org Date: Thursday, August 4, 2011, 7:40 PM Hello, I migrated yesterday to Dovecot 2, and I managed to "convert" all the settings I had in dovecot.conf, but I run into a strange problem. I am curently using Dovecot 2.0.13 and bellow is my dovecot.conf current content: ? # 2.0.13: //etc/dovecot/dovecot.conf # OS: Linux 2.6.32-71.29.1.el6.x86_64 x86_64 CentOS Linux release 6.0 (Final) ext4 auth_mechanisms = plain login auth_verbose = yes base_dir = /var/run/dovecot/ disable_plaintext_auth = no first_valid_uid = 901 last_valid_uid = 901 log_path = /var/log/dovecot.log log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = IMAP/POP3 server ready. mail_access_groups = mail mail_debug = yes mail_location = mbox:/vmail/%d/%n:INDEX=/var/indexes/%u mail_max_userip_connections = 16 mail_privileged_group = mail passdb { ? args = /etc/dovecot/dovecot-mysql.conf ? driver = sql } protocols = imap pop3 service auth { ? unix_listener auth-userdb { ??? mode = 0600 ? } ? user = $default_internal_user } service imap-login { ? inet_listener imap { ??? port = 143 ? } } service imap { ? process_limit = 16 } service pop3-login { ? inet_listener pop3 { ??? port = 110 ? } } service pop3 { ? process_limit = 16 } ssl = no userdb { ? args = /etc/dovecot/dovecot-mysql.conf ? driver = sql } protocol pop3 { ? pop3_client_workarounds = outlook-no-nuls oe-ns-eoh ? pop3_uidl_format = %08Xu%08Xv } protocol imap { ? imap_client_workarounds = delay-newmail tb-extra-mailbox-sep } ? I am running along with Dovecot, Postfix and MySQL - oh SASL is of course installed as I want to make use of user auth. On the simplest check - "surprise" ta-daaaa /telnet localhost 143 Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] IMAP/POP3 server ready. a login contact at mydomain.com mypassword * BYE Internal error occurred. Refer to server log for more information. Connection closed by foreign host. I activated debug and looked in the dovecot logs and here is the most intriguing part I found: auth: Info: mysql(localhost): Connected to database postfix imap-login: Info: Login: user=, method=PLAIN, rip=::1, lip=::1, mpid=5821, secured imap: Debug: Added userdb setting: mail=maildir:/vmail/mydomain.com/contact imap: Debug: Added userdb setting: plugin/quota=dirsize:storage=0 imap(contact at mydomain.com): Debug: Effective uid=901, gid=12, home=/vmail/mydomain.com/contact imap(contact at mydomain.com): Error: user contact at mydomain.com: Initialization failed: Initializing mail storage from mail_location setting failed: Unknown mail storage driver maildir imap(contact at mydomain.com): Error: Invalid user settings. Refer to server log for more information. ? I double checked paths - all is ok - postfix is actually receiving and saving in that /vmail... folder # uid=901 coresponds to user # gid=12 corresponds to group # rights on /vmail are vmail.mail ? I think there is actually a problem with mail_location - but I couldnt solve it at all. If anyone can help me with this - please do guys. I googled those terms and found nothing, so this is my last resort, I tried solving this in the last 36hrs but nothing so far. ? Thanks to anyone who can assist me. ? ? From maillistpld at gmail.com Thu Aug 4 22:23:17 2011 From: maillistpld at gmail.com (=?UTF-8?B?UGF3ZcWCIEzEmWN6bmFy?=) Date: Thu, 04 Aug 2011 21:23:17 +0200 Subject: [Dovecot] [BUG?] LDAP authentication with aliases issues In-Reply-To: <4E35BF90.4040507@gmail.com> References: <4E35BF90.4040507@gmail.com> Message-ID: <4E3AF1A5.7040107@gmail.com> W dniu 31.07.2011 22:48, Pawe? L?cznar pisze: > Hello, > > I am trying to configure Dovecot with LDAP authentication. My LDAP > tree structure is as following: > dc=root,dc=pl > \_ ou=Users > \_ uid=test > \_ ou=Mail > \_ ou=domain.pl > \_ uid=alias_to_test > > I cannot authenticate using > 'uid=alias_to_test,ou=domain.pl,ou=Mail,dc=root,dc=pl'. If I try to > authenticate using > 'uid=alias_to_test,ou=domain.pl,ou=Mail,dc=root,dc=pl', following > entry appears in the Dovecot's log file: > > #v+ > auth: Debug: client in: AUTH 1 PLAIN service=imap > secured lip=127.0.0.1 rip=127.0.0.1 lport=993 > rport=59818 > resp=YWxpYXMxQGFsaWFzeS5wbABhbGlhczFAYWxpYXN5LnBsAGFzZHF3ZWFzZA== > auth: Debug: ldap(alias_to_test at domain.pl,127.0.0.1): pass search: > base=uid=alias_to_test,ou=domain.pl,ou=Mail,dc=root,dc=pl scope=base > filter=(&(objectClass=posixAccount)) fields=uid,userPassword > auth: Debug: auth(alias_to_test at domain.pl,127.0.0.1): username changed > alias_to_test at domain.pl -> test > auth: Debug: ldap(test,127.0.0.1): result: uid(user)=test > userPassword(password)={CRYPT}ACnZvF4.K46UI > auth: Debug: client out: OK 1 user=test > auth: Debug: ldap(test,127.0.0.1): user search: > base=uid=test,ou=,ou=Mail,dc=root,dc=pl scope=base > filter=(&(objectClass=posixAccount)(uid=test)) > fields=homeDirectory,uidNumber,gidNumber > auth: Debug: master out: FAIL 2551840769 > #v- > > > In the LDAP server log file, following entries appear during > authentication attempt > > #v+ > ldap slapd[11729]: conn=1125 op=0 BIND dn="cn=Manager,dc=root,dc=pl" > method=128 > ldap slapd[11729]: conn=1125 op=0 BIND dn="cn=Manager,dc=root,dc=pl" > mech=SIMPLE ssf=0 > ldap slapd[11729]: conn=1125 op=0 RESULT tag=97 err=0 text= > ldap slapd[11729]: conn=1125 op=1 SRCH > base="uid=alias_to_test,ou=domain.pl,ou=Mail,dc=root,dc=pl" scope=0 > deref=3 filter="(&(objectClass=posixAccount))" > ldap slapd[11729]: conn=1125 op=1 SRCH attr=uid userPassword > ldap slapd[11729]: conn=1125 op=1 SEARCH RESULT tag=101 err=0 > nentries=1 text= > ldap slapd[11729]: conn=1125 op=2 do_search: invalid dn: > "uid=test,ou=,ou=Mail,dc=root,dc=pl" > ldap slapd[11729]: conn=1125 op=2 SEARCH RESULT tag=101 err=34 > nentries=0 text=invalid DN > #v- > > It seems that LDAP AuthDatabase doesn't change the context when > looking up for the target object, to which the alias points. > Futhermore, the filter for the target object > '(&(objectClass=posixAccount)(uid=test))' was not defined by me > anywhere in the configuration file 'dovecot-ldap.ext'. > I have tried both authentication ways: 'password lookups' and > 'authentication binding' with the same result. However, There is no > problem to authenticate as 'uid=test,ou=Users,dc=root,dc=pl' (of > cource after modifying the configuration file listed at the end). > > I suppose that it can be a bug in LDAP AuthDatabase, so I am writing > this post as a potential bug report. > > > Below are my configuration data: > *************** > # dovecot -n > # 2.0.13: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.38.8-1 x86_64 > auth_debug = yes > auth_debug_passwords = yes > auth_mechanisms = plain login > auth_socket_path = /var/run/dovecot/auth-userdb > auth_verbose = yes > auth_verbose_passwords = plain > listen = * > mail_debug = yes > mail_gid = 2000 > mail_uid = 2000 > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date > passdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > plugin { > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > } > postmaster_address = postmaster at domain.pl > protocols = imap pop3 sieve > service auth { > unix_listener /var/spool/postfix/private/auth { > mode = 0666 > } > unix_listener auth-userdb { > group = vmail > mode = 0600 > user = vmail > } > } > service imap-login { > inet_listener imap { > port = 143 > } > inet_listener imaps { > port = 993 > ssl = yes > } > } > service pop3-login { > inet_listener pop3 { > port = 110 > } > inet_listener pop3s { > port = 995 > ssl = yes > } > } > ssl = required > ssl_cert = ssl_key = userdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > verbose_ssl = yes > > *************** > # cat /etc/dovecot/dovecot-ldap.ext > uris = ldap://X.Y.Z.V/ > dn = cn=Manager,dc=root,dc=pl > dnpass = password > auth_bind = no > ldap_version = 3 > base = uid=%n,ou=%d,ou=Mail,dc=root,dc=pl > deref = always > scope = base > pass_attrs = uid=user,userPassword=password > pass_filter = (&(objectClass=posixAccount)) > default_pass_scheme = CRYPT nobody? nothing? is there any chance that author of authentication ldap module will fix this problem? From apm at one.com Thu Aug 4 23:11:26 2011 From: apm at one.com (Peter Mogensen) Date: Thu, 04 Aug 2011 22:11:26 +0200 Subject: [Dovecot] Question about memory management in plugins Message-ID: <4E3AFCEE.2090808@one.com> Hi, I've writing an passdb/userdb plugin (see my previous question about a plugin authenticating via a UNIX socket protocol). Now... the protocol spoken over this socket is JSON-based and I'm using a SAX-like event based parser which maintains a parse context between callbacks. Now... I'm a little bit in doubt about which dovecot memory management method would be best for data in this parser context. Alloc-only pools seems wrong cause the parser object is used as long as the connection is open and there might run many auth requests over the connection before it's freed making the pool grow for long time. Data stack allocation won't work either, since with all this async network and callbacks, there's really no where to place the stack frame. So I end up using i_* and i_free for all data during the lifetime of the connection. Is there a better way? If I could only free my pool-allocated data, but I can't since it's almost never the last allocated data I want to free. /Peter From apm at one.com Thu Aug 4 23:39:44 2011 From: apm at one.com (Peter Mogensen) Date: Thu, 04 Aug 2011 22:39:44 +0200 Subject: [Dovecot] Question about memory management in plugins In-Reply-To: <4E3AFCEE.2090808@one.com> References: <4E3AFCEE.2090808@one.com> Message-ID: <4E3B0390.7000003@one.com> On 2011-08-04 22:11, Peter Mogensen wrote: > Is there a better way? Maybe I can answer my own question... It dawns upon me that auth_request comes with it's own pool, which of probably should be used for allocations temporary to one passbd/userdb lookup. /Peter From janfrode at tanso.net Fri Aug 5 12:12:03 2011 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Fri, 5 Aug 2011 11:12:03 +0200 Subject: [Dovecot] director monitoring? In-Reply-To: <20110602192910.GB76245@corp.sonic.net> References: <20110602002933.GL30313@corp.sonic.net> <5F82D09D-38E9-4FC0-8660-AC7AFFEBD04B@xs4all.nl> <20110602192910.GB76245@corp.sonic.net> Message-ID: <20110805091203.GA24876@oc1046828364.ibm.com> On Thu, Jun 02, 2011 at 12:29:10PM -0700, Kelsey Cummings wrote: > I'm using a hacked up version of poolmon. The only important changes > are that it actually logs into the real server rather than just making a > connection to it and that has heuristics to prevent the real servers > from flapping and added a timeout to scan_host so if a real server > blocks after the connection is established it won't hang indefinitely. Could you share your hacks ? :-) We're often seeing poolmon not noticing when our backend servers are hanging on busy filesystem. They're probably to busy to complete a login, but not busy enough to fail a connect, so a poolmon that does a full login sounds interesting. -jf From janfrode at tanso.net Fri Aug 5 12:17:04 2011 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Fri, 5 Aug 2011 11:17:04 +0200 Subject: [Dovecot] director monitoring? In-Reply-To: <5F82D09D-38E9-4FC0-8660-AC7AFFEBD04B@xs4all.nl> References: <20110602002933.GL30313@corp.sonic.net> <5F82D09D-38E9-4FC0-8660-AC7AFFEBD04B@xs4all.nl> Message-ID: <20110805091704.GB24876@oc1046828364.ibm.com> On Thu, Jun 02, 2011 at 10:37:23AM +0200, Cor Bosman wrote: > We use a setup as seen on http://grab.by/agCb for about 30.000 simultaneous(!) imap connections. Are you doing NFS against the Netapp(s)? I've always assumed that maildir wouldn't work on NFS (to slow fstat's), but would be interested to learn otherwise. Could you say something about how many email accounts and how many files you have in your maildirs ? -jf From tlx at leuxner.net Fri Aug 5 12:50:12 2011 From: tlx at leuxner.net (Thomas Leuxner) Date: Fri, 5 Aug 2011 11:50:12 +0200 Subject: [Dovecot] mbox problems on CentOS 6 In-Reply-To: <1312476766.2689.YahooMailClassic@web161905.mail.bf1.yahoo.com> References: <1312476766.2689.YahooMailClassic@web161905.mail.bf1.yahoo.com> Message-ID: <543B68AE-1254-4592-B91D-E9069D9A48F1@leuxner.net> Am 04.08.2011 um 18:52 schrieb DT: > No I noticed Postfix isnt running anymore :( > Aug 4 14:49:25 hostname postfix/smtpd[6414]: connect from mail-fx0-f51.google.com[209.85.161.51] > Aug 4 14:49:25 hostname postfix/smtpd[6414]: warning: SASL: Connect to private/auth failed: Connection refused > Aug 4 14:49:25 hostname postfix/smtpd[6414]: fatal: no SASL authentication mechanisms > > All I did was a simple system reboot > In the config posted 'service auth' is not configured: http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL Thomas From doctor at doctor.nl2k.ab.ca Fri Aug 5 22:05:22 2011 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Fri, 5 Aug 2011 13:05:22 -0600 Subject: [Dovecot] Blackberries Message-ID: <20110805190521.GA25305@doctor.nl2k.ab.ca> Wonder if anyone knows how to tell a blackberry portable phone how not to get pick up a message it already got in IMAP. -- Member - Liberal International This is doctor at nl2k.ab.ca Ici doctor at nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.facebook.com/dyadallee IT is done! http://groups.google.com/group/rec.arts.drwho/about From kgc at corp.sonic.net Fri Aug 5 22:21:29 2011 From: kgc at corp.sonic.net (Kelsey Cummings) Date: Fri, 5 Aug 2011 12:21:29 -0700 Subject: [Dovecot] director monitoring? In-Reply-To: <20110805091203.GA24876@oc1046828364.ibm.com> References: <20110602002933.GL30313@corp.sonic.net> <5F82D09D-38E9-4FC0-8660-AC7AFFEBD04B@xs4all.nl> <20110602192910.GB76245@corp.sonic.net> <20110805091203.GA24876@oc1046828364.ibm.com> Message-ID: <20110805192129.GQ55407@corp.sonic.net> On Fri, Aug 05, 2011 at 11:12:03AM +0200, Jan-Frode Myklebust wrote: > On Thu, Jun 02, 2011 at 12:29:10PM -0700, Kelsey Cummings wrote: > > I'm using a hacked up version of poolmon. The only important changes > > are that it actually logs into the real server rather than just making a > > connection to it and that has heuristics to prevent the real servers > > from flapping and added a timeout to scan_host so if a real server > > blocks after the connection is established it won't hang indefinitely. > > Could you share your hacks ? :-) Sure. You'll probably want to change the regex at line 194 to match whatever your server says after the login is complete. My postlogin script puts out some extra info that I'm looking for instead of the deafult. Otherwise, YMMV, works for me so far. http://kgc.users.sonic.net/imapdmon -- Kelsey Cummings - kgc at corp.sonic.net sonic.net, inc. System Architect 2260 Apollo Way 707.522.1000 Santa Rosa, CA 95407 From yzhou at medplus.com Fri Aug 5 23:23:32 2011 From: yzhou at medplus.com (Zhou, Yan) Date: Fri, 5 Aug 2011 16:23:32 -0400 Subject: [Dovecot] DoveCot LDA prefetch fails with LDA, works with POP client Message-ID: Hi there, I am using DoveCot 1.0.7. I know it is real old, but we have to work with it. I have configured LDAP lookup with password prefetch in DoveCot. I can successfully receive emails through DoveCot, thus proving my password prefetch and user authentication are good. The problem is when I use Postfix to deliver message to DoveCot via LDA. My postfix master.cf looks like this: dovecot unix - n n - - pipe flags=Rhu user=hubdirect null_sender= argv=/usr/libexec/dovecot/deliver -e -f ${sender} -d ${user} Given a message, Postfix looks up LDAP and find the user associated with the recipient address and delivers the message using LDA. LDAP logs indicates that Postfix is returning the right user. The problem is that DoveCot complains "passdb did not return userdb entries", but I do not know which entries passdb failed to return. Here is what I have in dovecot-ldap.conf. I have tried different things in "user_attrs", DoveCot keeps complaining the same thing. user_attrs = username=user user_filter = (&(objectClass=DirectUser)(username=%u)(roles=*ROLE_EDGE_EMAIL*)) pass_attrs = username=user,password=password,username=userdb_user,usermaildirectory=u serdb_mail,userhomedirectory=userdb_home,825=userdb_uid,825=userdb_gid pass_filter = (&(objectClass=DirectUser)(username=%u)(roles=*ROLE_EDGE_EMAIL*)) The documentation says LDA does not use prefetch, but the log seems to indicate otherwise. I clearly see the "service=deliver" is authenticating the user first, thus using password prefetch. Can someone clarify this? Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): Loading modules from directory: /usr/lib64/dovecot/lda Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): Module loaded: /usr/lib64/dovecot/lda/lib10_quota_plugin.so Aug 5 15:12:25 dir-dev-pop01 dovecot: auth(default): master in: USER 1 emailspool service=deliver Aug 5 15:12:25 dir-dev-pop01 dovecot: auth(default): prefetch(emailspool): passdb didn't return userdb entries Aug 5 15:12:25 dir-dev-pop01 dovecot: auth(default): ldap(emailspool): user search: base=dc=hubdirect,dc=dev,dc=medplus,dc=com scope=subtree filter=(&(objectClass=DirectUser)(username=emailspool)(roles=*ROLE_EDGE_ EMAIL*)) fields=username Aug 5 15:12:25 dir-dev-pop01 dovecot: auth(default): master out: USER 1 emailspool user=emailspool uid=825 gid=825 Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): auth input: emailspool Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): auth input: user=emailspool Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): auth input: uid=825 Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): auth input: gid=825 Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): maildir: data=/home/hubdirect/emailspool/Maildir Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): maildir: root=/home/hubdirect/emailspool/Maildir, index=/home/hubdirect/emailspool/Maildir, control=, inbox= Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): msgid=<12097075.28.1312571545112.JavaMail.zhou_y at yzhou-lp2>: saved mail to INBOX Thanks, Yan Confidentiality Notice: The information contained in this electronic transmission is confidential and may be legally privileged. It is intended only for the addressee(s) named above. If you are not an intended recipient, be aware that any disclosure, copying, distribution or use of the information contained in this transmission is prohibited and may be unlawful. If you have received this transmission in error, please notify us by telephone (513) 229-5500 or by email (postmaster at MedPlus.com). After replying, please erase it from your computer system. From yzhou at medplus.com Fri Aug 5 23:57:36 2011 From: yzhou at medplus.com (Zhou, Yan) Date: Fri, 5 Aug 2011 16:57:36 -0400 Subject: [Dovecot] DoveCot LDA prefetch fails with LDA, works with POP client In-Reply-To: References: Message-ID: > -----Original Message----- > From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] > On Behalf Of Zhou, Yan > Sent: Friday, August 05, 2011 4:24 PM > To: dovecot at dovecot.org > Subject: [Dovecot] DoveCot LDA prefetch fails with LDA, works with POP > client > > Hi there, > > I am using DoveCot 1.0.7. I know it is real old, but we have to work > with it. I have configured LDAP lookup with password prefetch in > DoveCot. I can successfully receive emails through DoveCot, thus > proving > my password prefetch and user authentication are good. > > The problem is when I use Postfix to deliver message to DoveCot via LDA. > My postfix master.cf looks like this: > > dovecot unix - n n - - pipe > flags=Rhu user=hubdirect null_sender= > argv=/usr/libexec/dovecot/deliver -e -f ${sender} -d ${user} > > Given a message, Postfix looks up LDAP and find the user associated > with > the recipient address and delivers the message using LDA. LDAP logs > indicates that Postfix is returning the right user. > > The problem is that DoveCot complains "passdb did not return userdb > entries", but I do not know which entries passdb failed to return. Here > is what I have in dovecot-ldap.conf. I have tried different things in > "user_attrs", DoveCot keeps complaining the same thing. > > user_attrs = username=user > user_filter = > (&(objectClass=DirectUser)(username=%u)(roles=*ROLE_EDGE_EMAIL*)) > pass_attrs = > username=user,password=password,username=userdb_user,usermaildirectory= > u > serdb_mail,userhomedirectory=userdb_home,825=userdb_uid,825=userdb_gid > pass_filter = > (&(objectClass=DirectUser)(username=%u)(roles=*ROLE_EDGE_EMAIL*)) > > > > The documentation says LDA does not use prefetch, but the log seems to > indicate otherwise. I clearly see the "service=deliver" is > authenticating the user first, thus using password prefetch. Can > someone > clarify this? > > > Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): Loading modules from > directory: /usr/lib64/dovecot/lda > Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): Module loaded: > /usr/lib64/dovecot/lda/lib10_quota_plugin.so > Aug 5 15:12:25 dir-dev-pop01 dovecot: auth(default): master in: USER > 1 emailspool service=deliver > Aug 5 15:12:25 dir-dev-pop01 dovecot: auth(default): > prefetch(emailspool): passdb didn't return userdb entries > Aug 5 15:12:25 dir-dev-pop01 dovecot: auth(default): ldap(emailspool): > user search: base=dc=hubdirect,dc=dev,dc=medplus,dc=com scope=subtree > filter=(&(objectClass=DirectUser)(username=emailspool)(roles=*ROLE_EDGE > _ > EMAIL*)) fields=username > Aug 5 15:12:25 dir-dev-pop01 dovecot: auth(default): master out: USER > 1 emailspool user=emailspool uid=825 gid=825 > Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): auth input: > emailspool > Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): auth input: > user=emailspool > Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): auth input: uid=825 > Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): auth input: gid=825 > Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): maildir: > data=/home/hubdirect/emailspool/Maildir > Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): maildir: > root=/home/hubdirect/emailspool/Maildir, > index=/home/hubdirect/emailspool/Maildir, control=, inbox= > Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): > msgid=<12097075.28.1312571545112.JavaMail.zhou_y at yzhou-lp2>: saved mail > to INBOX > > Thanks, > Yan > > > I was able to get this working by the following attributes. user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid Thanks! Yan Confidentiality Notice: The information contained in this electronic transmission is confidential and may be legally privileged. It is intended only for the addressee(s) named above. If you are not an intended recipient, be aware that any disclosure, copying, distribution or use of the information contained in this transmission is prohibited and may be unlawful. If you have received this transmission in error, please notify us by telephone (513) 229-5500 or by email (postmaster at MedPlus.com). After replying, please erase it from your computer system. From dheianevans at gmail.com Sat Aug 6 01:32:56 2011 From: dheianevans at gmail.com (Ian Evans) Date: Fri, 5 Aug 2011 18:32:56 -0400 Subject: [Dovecot] Dovecot 1.2.16 and Thunderbird 5 - pop3 mails not getting deleted Message-ID: I run a Dovecot 1.2.16 pop3 server and have just started using the Thunderbird 5 email client. Thunderbird is set to leave the messages on the server unless they are over 91 days old. However, I'm not seeing it delete any of the older messages. I'll run a debug run of Thunderbird when I get back home, but I'm just wondering if there's any gotcha's I should be aware of with Thunderbird and Dovecot in a pop3 environment. The Thunderbird folks are wondering if it's the server not the client. Thanks. From me at junc.org Sat Aug 6 04:19:33 2011 From: me at junc.org (Benny Pedersen) Date: Sat, 06 Aug 2011 03:19:33 +0200 Subject: [Dovecot] Blackberries In-Reply-To: <20110805190521.GA25305@doctor.nl2k.ab.ca> References: <20110805190521.GA25305@doctor.nl2k.ab.ca> Message-ID: On Fri, 5 Aug 2011 13:05:22 -0600, The Doctor wrote: > Wonder if anyone knows how to tell a blackberry > portable phone how not to get pick up a message it already got in > IMAP. turn of offline imap ?, or is it sync setting that check if its in sync ? on my own nokia e51 i read single emails via imap From thomas-lists at nybeta.com Sat Aug 6 06:03:11 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Fri, 05 Aug 2011 23:03:11 -0400 Subject: [Dovecot] Blackberries In-Reply-To: <20110805190521.GA25305@doctor.nl2k.ab.ca> References: <20110805190521.GA25305@doctor.nl2k.ab.ca> Message-ID: <4E3CAEEF.3070804@nybeta.com> On 8/5/2011 3:05 PM, The Doctor wrote: > Wonder if anyone knows how to tell a blackberry > portable phone how not to get pick up a message it already got in IMAP. > Not exactly sure what you mean. My Blackberry plays fine with IMAP (configure it to point at IMAP and not POP3). The oddities are: - Deleting a message on the IMAP mailbox will not make it vanish from the BBerry - Read flags are mostly two-way, but not always - Not much support for IMAP folders From nbw0313 at yahoo.com Sat Aug 6 10:12:54 2011 From: nbw0313 at yahoo.com (DT) Date: Sat, 6 Aug 2011 00:12:54 -0700 (PDT) Subject: [Dovecot] mbox problems on CentOS 6 In-Reply-To: <543B68AE-1254-4592-B91D-E9069D9A48F1@leuxner.net> Message-ID: <1312614774.76715.YahooMailClassic@web161902.mail.bf1.yahoo.com> Thank you Thomas for opening my eyes on that matter, I fixed that area as bellow and it solved the Postfix problem 100% ? service auth { ??? unix_listener /var/spool/postfix/private/auth? { ??????? mode = 0600 ??????? user = postfix ??????? group = postfix ??? } } ? Now I only have same old issue with Dovecot only: 2011-08-05 07:52:21 imap(contact at mydomain.com): Debug: Effective uid=901, gid=12, home=/vmail/mydomain.com/contact 2011-08-05 07:52:21 imap(contact at mydomain.com): Error: user contact at mydomain.com: Initialization failed: Initializing mail storage from mail_location setting failed: Unknown mail storage driver maildir 2011-08-05 07:52:21 imap(contact at mydomain.com): Error: Invalid user settings. Refer to server log for more information. ? Somehow it doesnt like what I have in mail_location or so... but I tried so many other folders, tried maildir also, error keeps showing, I can login to IMAP but once I do I'm dropped :* BYE Internal error occurred. Refer to server log for more information. Connection closed by foreign host. ? Thank you again for any oppinion or advice. ? >In the config posted 'service auth' is not configured: > >http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL > >Thomas ? ? >> No I noticed Postfix isnt running anymore :( >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: connect from mail-fx0-f51.google.com[209.85.161.51] >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: warning: SASL: Connect to private/auth failed: Connection refused >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: fatal: no SASL authentication mechanisms >>? >> All I did was a simple system reboot >>? From forumer at smartmobili.com Sun Aug 7 13:44:17 2011 From: forumer at smartmobili.com (Vincent Richomme) Date: Sun, 07 Aug 2011 12:44:17 +0200 Subject: [Dovecot] Dovecot 2.x configuration Message-ID: <4135aa3a49f5ac820ce2fc95b78d66c9@smartmobili.com> Hi, sorry to post about that but I have some issues to migrate my dovecot 1.x to 2.x. I have installed dovecot 2.x package on ubuntu natty(package were generated from sources found in debian testing), and I have modified config files like that : dovecot.conf: ------------- !include_try /usr/share/dovecot/protocols.d/*.protocol listen = *, :: !include conf.d/*.conf !include_try local.conf conf.d/10-auth.conf: --------------------- !include auth-sql.conf.ext so I have uncommented the auth-sql.conf.ext because I want a sql auth but these file is not available so I copied the file ../dovecot-sql.conf.ext and rename it into auth-sql.conf.ext. conf.d/auth-sql.conf.ext: --------------------- driver = mysql connect = host=127.0.0.1 dbname=foobarserver user=foo password=bar default_pass_scheme = PLAIN-MD5 password_query = SELECT email as user, password FROM view_users WHERE email='%u'; When I try to load the config I get the following error : root at sd-30635:/etc/dovecot/conf.d# dovecot -n # 2.0.13 (ba03935cc599): /etc/dovecot/dovecot.conf doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/auth-sql.conf.ext line 29: Unknown setting: driver doveconf: Error: managesieve-login: dump-capability process returned 89 doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/auth-sql.conf.ext line 29: Unknown setting: driver I searched on the mailing list and I found an answer but I am still not sure how to solve it. UPDATE : after trying to use my brain I found the solution to my issue but I am still posting to help people that may have the same problem and to make you notice that the current configuration files are not logical. I mean in conf.d/10-auth.conf you can uncomment auth-sql.conf.ext but the file is not available (maybe it's a packaging problem). So I did the following steps : cp conf.d/auth-system.conf.ext conf.d/auth-sql.conf.ext Then I have edited conf.d/auth-sql.conf.ext: passdb { driver = mysql args = /etc/dovecot/dovecot-sql.conf.ext } OK so far so good, next problem is about the old configuration lines : # It's possible to export the authentication interface to other programs: socket listen { master { # Master socket provides access to userdb information. It's typically # used to give Dovecot's local delivery agent access to userdb so it # can find mailbox locations. path = /var/run/dovecot/auth-master mode = 0600 # Default user/group is the one who started dovecot-auth (root) user = vmail #group = } client { # The client socket is generally safe to export to everyone. Typical use # is to export it to your SMTP server so it can do SMTP AUTH lookups # using it. path = /var/run/dovecot/auth-client mode = 0660 } } Where should I put them in the new config file hierarchy ? And do I still need them ? Just for information I have based my mail setup on the following guide : http://workaround.org/ispmail/etch Thanks From forumer at smartmobili.com Sun Aug 7 13:50:48 2011 From: forumer at smartmobili.com (Vincent Richomme) Date: Sun, 07 Aug 2011 12:50:48 +0200 Subject: [Dovecot] Dovecot 2.x configuration In-Reply-To: <4135aa3a49f5ac820ce2fc95b78d66c9@smartmobili.com> References: <4135aa3a49f5ac820ce2fc95b78d66c9@smartmobili.com> Message-ID: <1e1f404f6e453bd6ecec66236e4e9894@smartmobili.com> > OK so far so good, next problem is about the old configuration lines : > > # It's possible to export the authentication interface to other > programs: > socket listen { > master { > # Master socket provides access to userdb information. It's > typically > # used to give Dovecot's local delivery agent access to userdb > so it > # can find mailbox locations. > path = /var/run/dovecot/auth-master > mode = 0600 > # Default user/group is the one who started dovecot-auth (root) > user = vmail > #group = > } > client { > # The client socket is generally safe to export to everyone. > Typical use > # is to export it to your SMTP server so it can do SMTP AUTH > lookups > # using it. > path = /var/run/dovecot/auth-client > mode = 0660 > } > } > > Where should I put them in the new config file hierarchy ? And do I > still need them ? > Just for information I have based my mail setup on the following > guide : > http://workaround.org/ispmail/etch I have tested and there is still an issue with mysql because I get the following error : Aug 07 12:51:20 auth: Fatal: Unknown passdb driver 'mysql' Aug 07 12:51:20 master: Error: service(auth): command startup failed, throttling I am sure that mysql is installed and I have also installed dovecot-mysql_2.0.13-0~auto+70_i386.deb From pw at wk-serv.de Sun Aug 7 14:13:05 2011 From: pw at wk-serv.de (Patrick Westenberg) Date: Sun, 07 Aug 2011 13:13:05 +0200 Subject: [Dovecot] Dovecot 2.x configuration In-Reply-To: <1e1f404f6e453bd6ecec66236e4e9894@smartmobili.com> References: <4135aa3a49f5ac820ce2fc95b78d66c9@smartmobili.com> <1e1f404f6e453bd6ecec66236e4e9894@smartmobili.com> Message-ID: <4E3E7341.7030808@wk-serv.de> Vincent Richomme schrieb: > I have tested and there is still an issue with mysql because I get the > following error : > > Aug 07 12:51:20 auth: Fatal: Unknown passdb driver 'mysql' > Aug 07 12:51:20 master: Error: service(auth): command startup failed, > throttling It looks like you haven't compiled dovecot with mysql support. From forumer at smartmobili.com Sun Aug 7 14:36:54 2011 From: forumer at smartmobili.com (Vincent Richomme) Date: Sun, 07 Aug 2011 13:36:54 +0200 Subject: [Dovecot] Dovecot 2.x configuration In-Reply-To: <4E3E7341.7030808@wk-serv.de> References: <4135aa3a49f5ac820ce2fc95b78d66c9@smartmobili.com> <1e1f404f6e453bd6ecec66236e4e9894@smartmobili.com> <4E3E7341.7030808@wk-serv.de> Message-ID: On Sun, 07 Aug 2011 13:13:05 +0200, Patrick Westenberg wrote: > Vincent Richomme schrieb: > >> I have tested and there is still an issue with mysql because I get >> the >> following error : >> >> Aug 07 12:51:20 auth: Fatal: Unknown passdb driver 'mysql' >> Aug 07 12:51:20 master: Error: service(auth): command startup >> failed, >> throttling > > It looks like you haven't compiled dovecot with mysql support. > dpkg-buildpackage -rfakeroot -b sh configure --with-ldap=plugin \ --with-ssl=openssl \ --with-sql=plugin \ --with-pgsql \ --with-mysql \ --with-sqlite \ --with-gssapi=plugin \ --with-ioloop=best \ --host=i686-linux-gnu \ --build=i686-linux-gnu \ --prefix=/usr \ --sysconfdir=/etc \ --libexecdir=\${prefix}/lib \ --localstatedir=/var \ --mandir=\${prefix}/share/man \ --infodir=\${prefix}/share/info \ --with-moduledir=\${prefix}/lib/dovecot/modules \ --disable-rpath \ --disable-static ... checking for mysql_config... mysql_config checking for mysql_init in -lmysqlclient... yes checking mysql.h usability... yes checking mysql.h presence... yes checking for mysql.h... yes checking for mysql_ssl_set in -lmysqlclient... yes ... Install prefix . : /usr File offsets ... : 64bit I/O polling .... : epoll I/O notifys .... : inotify SSL ............ : yes (OpenSSL) GSSAPI ......... : plugin passdbs ........ : static passwd passwd-file shadow pam checkpassword ldap (plugin) sql : -bsdauth -sia -vpopmail userdbs ........ : static prefetch passwd passwd-file checkpassword ldap (plugin) sql nss : -vpopmail SQL drivers .... : pgsql mysql sqlite (plugins) The only weird lines are : dpkg-shlibdeps: warning: dependency on librt.so.1 could be avoided if "debian/dovecot-mysql/usr/lib/dovecot/modules/libdriver_mysql.so" were not uselessly linked against it (they use none of its symbols). dpkg-shlibdeps: warning: debian/dovecot-sqlite/usr/lib/dovecot/modules/libdriver_sqlite.so contains an unresolvable reference to symbol sql_query_s: it's probably a plugin. dpkg-shlibdeps: warning: 15 other similar warnings have been skipped (use -v to see them all). but not even sure it means there was an error during compilation. From bmontgom at montynet.org Sun Aug 7 20:53:17 2011 From: bmontgom at montynet.org (Benjamin Montgomery) Date: Sun, 07 Aug 2011 12:53:17 -0500 Subject: [Dovecot] SQL passdb lookups not working Message-ID: <4E3ED10D.5000200@montynet.org> Hello everyone, I'm trying to make dovecot do user authentication against a SQL database. The passwords (managed by Django) are stored as salted SHA1 encoded in hex. I monkey patched Django's password method so that the password hash is made with (Django does , the patched method was verified to return same value as dovecotpw) and the passwords are stored in the database separately as the salted hash and the salt. When I query the values out of the database, I'm using MySQL's concat function to return the password as {SSHA.hex}. Dovecot is not able to verify any passwords right now. I've scoured the wiki and I think my setup is correct...config info is below. Any advice on where to look for debugging or setup of my passwords would be appreciated! Ben dovecot-sql.conf: default_pass_scheme = SSHA.hex password_query = \ SELECT emailmanager_emailaddresses.account AS username, \ emailmanager_domain.name AS domain, \ CONCAT('{SSHA.hex}', \ emailmanager_userprofile.shadigest, \ emailmanager_userprofile.salt \ ) AS password \ FROM emailmanager_emailaddresses \ JOIN emailmanager_domain ON emailmanager_emailaddresses.id = emailmanager_domain.id \ JOIN emailmanager_userprofile ON emailmanager_emailaddresses.id = emailmanager_userprofile.id \ WHERE emailmanager_emailaddresses.account = '%n' \ AND emailmanager_domain.name = '%d' From mlists0001 at gmail.com Mon Aug 8 00:13:28 2011 From: mlists0001 at gmail.com (ml lists) Date: Sun, 7 Aug 2011 22:13:28 +0100 Subject: [Dovecot] Dovecot + LDAP login issues Message-ID: Morning all, I've managed to work my self into a corner and hoping someone can help me out I have OpenLDAP and Dovecot installed based on the following documents: https://help.ubuntu.com/community/DovecotLDAP https://help.ubuntu.com/community/OpenLDAPServer When Dovecot is set up to log in without using LDAP, connections work fine. However as soon as I change the dovecot.conf to use ldap I get the following error when trying to log in: error in syslog: dovecot: auth(default): ldap(myuser,10.10.10.10): invalid credentials (given password: myuserpasswd) dovecot: auth(default): client out: FAIL#0112#011user=myuser I have checked via phpLDAPadmin that the password I am entering matches what is in the database, so from what I can see the issue lies in how Dovecot is passing the password to openLDAP, though I may be way off base here. No special characters in the passphrase other than spaces. Would anyone be able to shed some light on this? Server Setup and Dovecot Config Ubuntu Server 11.04 # uname -a Linux base 2.6.38-10-server #46-Ubuntu SMP Tue Jun 28 16:31:00 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux[ # slapd -V @(#) $OpenLDAP: slapd 2.4.23 (Apr 7 2011 18:00:55) $[/CODE][CODE] # dovecot --version 1.2.15 # cat dovecot.conf base_dir = /var/run/dovecot/ protocols = imaps imap listen = * disable_plaintext_auth = no shutdown_clients = yes log_timestamp = "%Y-%m-%d %H:%M:%S " ###ssl_disable = no ssl_cert_file = /etc/ssl/private/mail_mydomain_com.crt ssl_key_file = /etc/ssl/private/mail_mydomain_com.key ssl_ca_file = /etc/ssl/private/comodo-bundle.crt mail_location = maildir:/home/MAIL/%n mail_privileged_group = mail mail_debug = yes protocol imap { ### login_greeting_capability = yes imap_client_workarounds = tb-extra-mailbox-sep } protocol lda { postmaster_address = postmaster at mydomain.com hostname = base auth_socket_path = /var/run/dovecot/auth-master mail_plugins = cmusieve } auth_verbose = no auth_debug = yes auth_debug_passwords = yes auth default { mechanisms = plain passdb ldap { args = /etc/dovecot/dovecot-ldap.conf } # passdb passwd-file { # args = /etc/dovecot/passwd # } userdb static { args = uid=vmail gid=vmail home=/home/MAIL/%n allow_all_users=yes } user = vmail socket listen { master { path = /var/run/dovecot/auth-master mode = 0600 user = vmail # User running Dovecot LDA group = vmail # Or alternatively mode 0660 + LDA user in this group } } } dict { } plugin { #cat dovecot-ldap.conf (with a number of commented out lines removed) # Space separated list of LDAP hosts to use. host:port is allowed too. hosts= localhost # Distinguished Name - the username used to login to the LDAP server dn= cn=admin,dc=mydomain # Password for LDAP server dnpass = alongpasswd auth_bind = yes auth_bind_userdn = uid=%u,ou=Users,dc=mydomain # LDAP protocol version to use. Likely 2 or 3. ldap_version = 3 # LDAP base. %variables can be used here. base = ou=Users,dc=mydomain # Dereference: never, searching, finding, always deref = never # Search scope: base, onelevel, subtree scope = subtree user_attrs = mail=uid user_filter = (&(objectClass=posixAccount)(uid=%n)) # Password checking attributes: pass_attrs = uid=user,userPassword=password ###,homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid # Filter for password lookups pass_filter = (&(objectClass=posixAccount)(uid=%n)) # Default password scheme. "{scheme}" before password overrides this. # List of supported schemes is in: http://wiki.dovecot.org/Authentication default_pass_scheme = MD5 From s at s7p.de Mon Aug 8 08:47:36 2011 From: s at s7p.de (Stefan Piegsa) Date: Mon, 08 Aug 2011 07:47:36 +0200 Subject: [Dovecot] How to make dovecot-lda/deliver mark a message as seen Message-ID: <4E3F7878.8090507@s7p.de> Hello everybody, I am using dovecot 2.0.13 and have a special case here in which I want a mail that is delivered locally with dovecot-lda to be marked as "seen". In dovecot 1.1.7 I succeeded to achive this, by modifing deliver.c so that upon adding a -S switch to the command arguments, the flag MAIL_SEEN was added to the call of mailbox_copy(). This seemed to work pretty good. With the new version, i tried to do something similar by selectively adding mail_update_flags(ctx.src_mail, MODIFY_ADD, MAIL_SEEN); just before the call of mail_deliver(), whenever the -S argument is given. But this does not work. What is wrong? Is there a better way to set MAIL_SEEN for a locally delivered mail? I would prefer a method that does not require to mess around in the dovecot sources. :-) Thanks in advance & Best Regards, Stefan From AnFi at onet.eu Mon Aug 8 09:36:17 2011 From: AnFi at onet.eu (Andrzej Adam Filip) Date: Mon, 08 Aug 2011 08:36:17 +0200 Subject: [Dovecot] How to make dovecot-lda/deliver mark a message as seen In-Reply-To: <4E3F7878.8090507@s7p.de> (Stefan Piegsa's message of "Mon, 08 Aug 2011 07:47:36 +0200") References: <4E3F7878.8090507@s7p.de> Message-ID: "Stefan Piegsa" wrote: > Hello everybody, > > I am using dovecot 2.0.13 and have a special case here in which I want > a mail that is delivered locally with dovecot-lda to be marked as > "seen". > > In dovecot 1.1.7 I succeeded to achive this, by modifing deliver.c so > that upon adding a -S switch to the command arguments, the flag > MAIL_SEEN was added to the call of mailbox_copy(). This seemed to work > pretty good. > > With the new version, i tried to do something similar by selectively adding > mail_update_flags(ctx.src_mail, MODIFY_ADD, MAIL_SEEN); > just before the call of mail_deliver(), whenever the -S argument is given. > > But this does not work. What is wrong? > > Is there a better way to set MAIL_SEEN for a locally delivered mail? I > would prefer a method that does not require to mess around in the > dovecot sources. :-) > > Thanks in advance & Best Regards, > Stefan Have you considered using sieve for the task? [Using imap4flags extension] http://wiki.dovecot.org/LDA/Sieve #v+ if address ["Return-Path"] ["my_address at my_domain.com"] { setflag "\\seen"; } #v- -- [pl>en: Andrew] Andrzej Adam Filip : anfi at onet.eu What if nothing exists and we're all in somebody's dream? Or what's worse, what if only that fat guy in the third row exists? -- Woody Allen, "Without Feathers" From AnFi at onet.eu Mon Aug 8 12:50:33 2011 From: AnFi at onet.eu (Andrzej Adam Filip) Date: Mon, 08 Aug 2011 11:50:33 +0200 Subject: [Dovecot] How to make dovecot-lda/deliver mark a message as seen In-Reply-To: (Andrzej Adam Filip's message of "Mon, 08 Aug 2011 08:36:17 +0200") References: <4E3F7878.8090507@s7p.de> Message-ID: <2b4yuucqx5-B88@julia.huge.strangled.net> Andrzej Adam Filip wrote: > "Stefan Piegsa" wrote: >> Hello everybody, >> >> I am using dovecot 2.0.13 and have a special case here in which I want >> a mail that is delivered locally with dovecot-lda to be marked as >> "seen". >> >> In dovecot 1.1.7 I succeeded to achive this, by modifing deliver.c so >> that upon adding a -S switch to the command arguments, the flag >> MAIL_SEEN was added to the call of mailbox_copy(). This seemed to work >> pretty good. >> >> With the new version, i tried to do something similar by selectively adding >> mail_update_flags(ctx.src_mail, MODIFY_ADD, MAIL_SEEN); >> just before the call of mail_deliver(), whenever the -S argument is given. >> >> But this does not work. What is wrong? >> >> Is there a better way to set MAIL_SEEN for a locally delivered mail? I >> would prefer a method that does not require to mess around in the >> dovecot sources. :-) >> >> Thanks in advance & Best Regards, >> Stefan > > Have you considered using sieve for the task? > [Using imap4flags extension] > > http://wiki.dovecot.org/LDA/Sieve > #v+ > if address ["Return-Path"] ["my_address at my_domain.com"] > { > setflag "\\seen"; > } > #v- I think such behavior may be handled by script(s) specified via sieve_before or sieve_after. I would recommend using sieve_after to allow users' to override default handling. http://wiki.dovecot.org/LDA/Sieve/Dovecot -- [pl>en: Andrew] Andrzej Adam Filip : anfi at onet.eu All God's children are not beautiful. Most of God's children are, in fact, barely presentable. -- Fran Lebowitz, "Metropolitan Life" From bar at jungo.com Mon Aug 8 14:47:30 2011 From: bar at jungo.com (Bar Ziony) Date: Mon, 08 Aug 2011 14:47:30 +0300 Subject: [Dovecot] Error when trying to delete folders Message-ID: <4E3FCCD2.4000603@jungo.com> Hi, I'm using Dovecot 2.0.12 as an IMAP server. I'm using the lazy expunge plugin (2 namespaces - default and .EXPUNGED). When trying to delete a folder, I get this error: "Server Error: DELETE: Can't rename mailboxes across specified storages" Is that related to the lazy expunge plugin? What does this error means exactly and how can I fix it? `dovecot -n` output: # 2.0.12: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 auth_master_user_separator = * lda_mailbox_autocreate = yes listen = * log_path = /var/log/dovecot/dovecot.log log_timestamp = "%Y-%m-%d %H:%M:%S " mail_gid = 1001 mail_location = maildir:~/Maildir:INDEX=/var/indexes/%n mail_plugins = quota mail_privileged_group = vmail mail_uid = 1001 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date namespace { inbox = yes location = prefix = separator = / type = private } namespace { hidden = no list = yes location = maildir:~/Maildir/expunged prefix = EXPUNGED/ separator = / type = private } passdb { args = scheme=md5-crypt username_format=%n /etc/dovecot/master-users driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { deleted_to_trash_folder = Trash lazy_expunge = EXPUNGED/ quota = maildir:User quota:ns= quota_warning = storage=98%% quota-warning 98 %n quota_warning2 = storage=95%% quota-warning 95 %n quota_warning3 = storage=92%% quota-warning 92 %n quota_warning4 = storage=90%% quota-warning 90 %n quota_warning5 = storage=85%% quota-warning 85 %n quota_warning6 = storage=80%% quota-warning 80 %n sieve = ~/.dovecot.sieve sieve_before = /var/mail/%n/sieve/vacation_message.sieve sieve_dir = ~/sieve } protocols = " imap sieve pop3" service auth { unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } service imap-login { inet_listener imap { port = 0 } } service pop3-login { inet_listener pop3 { port = 0 } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = vmail } ssl = required ssl_cert = Hi, I'm writing an passdb/userdb plugin to authenticate against an external daemon listening on a UNIX socket. The connection to the daemon is 1 request at a time and thus blocking (unlike passdb-ldap), but the daemon is preforking, so it can handle more connections at a time. I read from the Wiki: http://wiki2.dovecot.org/Design/AuthProcess * "The authentication may begin new authentication requests even before the existing ones are finished. ", and * "If the passdb uses connections to external services, it's preferred that they use non-blocking connections. Dovecot does this whenever possible (PostgreSQL and LDAP for example). If it's not possible, set blocking = TRUE. " ... which tells me to set the module as blocking and let more auth worker processes do the work - creating 1 daemon process for each auth worker process, I guess. But I also have the option, to let the passdb/userdb plugin maintain a pools of used/idle connections to the daemon and just pick a idle connection and moving it to the used pool on each auth_request. Which would save me the auth worker processes. Is there a preferred dovecot way? /Peter From info at averlon.net Mon Aug 8 15:41:59 2011 From: info at averlon.net (Firma Averlon) Date: Mon, 08 Aug 2011 14:41:59 +0200 Subject: [Dovecot] mail delivery location wrong Message-ID: <4E3FD997.2030906@averlon.net> Hi, thanks for offering the oportunity to place a question here. I am now already working since a week to get postfix and dovecot working on a ubuntu 11.04 server. Hard task. First step was naturally to get familiar with the idea behind the archtitecture. I have come very far, but the "last dirty mile" is probably the hardest. My architecture: Postfix Dovecot OpenLDAP Thunderbird as client with pop3 I can meanwhile send e-mails and open my mailbox in thunderbird (not receiving mails so far). The reason why not receiving e-Mails is simply: When sending the mails they are stored in a different directory as where dovecot will look for them !!!! Error message from log: Aug 8 14:09:01 server dovecot: deliver(vmail): maildir: data=/home/vmail//vmail/Maildir Aug 8 14:09:01 server dovecot: deliver(vmail): maildir: data=/home/vmail//vmail/Maildir Aug 8 14:09:01 server dovecot: deliver(vmail): maildir++: root=/home/vmail//vmail/Maildir, index=, control=, inbox=/home/vmail//vmail/Maildir Aug 8 14:09:01 server dovecot: deliver(vmail): maildir++: root=/home/vmail//vmail/Maildir, index=, control=, inbox=/home/vmail//vmail/Maildir What you immediatly see: "vmail//vmail" Although, when authenticating, the result is: Aug 8 14:06:30 server dovecot: auth(default): master out: USER#0113#011userxxx at av.loc#011gid=5000#011home=/home/userxxx#011uid=5000#011mail=/home/vmail/av.loc/userxxx/Maildir/ The following settings are in place: main.cf of postfix: virtual_mailbox_domains = /etc/postfix/vhosts virtual_mailbox_base = /home/vmail virtual_mailbox_maps = ldap:/etc/postfix/ldap-virtual.cf virtual_minimum_uid = 1000 virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 virtual_transport = dovecot mailbox_command = /usr/lib/dovecot/deliver beside others. master.cf of postfix dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -a ${recipient} dovecot.conf sendmail_path = /usr/sbin/sendmail mail_location = maildir:/home/vmail/%d/%n/Maildir beside others. I guess, these are the ones influencing where to store the mail and pick it up. A list of the related filesystem: /home/vmail/ drwx-w--w- 4 vmail vmail 4096 2011-08-08 08:56 av.loc/ drwx------ 3 vmail vmail 4096 2011-08-08 09:42 vmail/ Wher you can see, the structure according "mail_location" parameter of dovecot.conf does show effect, but the mails are stored in /home/vmail//vmail.....". The whole bunch of documentation I have read meanwhile makes my head circle around. You could hopefully give me some help. -- Mit freundlichen Gr??en / Kind Regards Hr. Karl-Heinz Fischbach From dovecot.user at seibercom.net Mon Aug 8 18:15:31 2011 From: dovecot.user at seibercom.net (Jerry) Date: Mon, 8 Aug 2011 11:15:31 -0400 Subject: [Dovecot] mail delivery location wrong In-Reply-To: <4E3FD997.2030906@averlon.net> References: <4E3FD997.2030906@averlon.net> Message-ID: <20110808111531.72f4791c@scorpio> On Mon, 08 Aug 2011 14:41:59 +0200 Firma Averlon articulated: > The following settings are in place: > main.cf of postfix: > > virtual_mailbox_domains = /etc/postfix/vhosts > virtual_mailbox_base = /home/vmail > virtual_mailbox_maps = ldap:/etc/postfix/ldap-virtual.cf > virtual_minimum_uid = 1000 > virtual_uid_maps = static:5000 > virtual_gid_maps = static:5000 > virtual_transport = dovecot > mailbox_command = /usr/lib/dovecot/deliver Why use a mailbox command? I don't have one and I deliver via virtual using dovecot. You have dovecot listed in the master.cf file. Are you trying to deliver to both virtual and non-virtual users? -- Jerry ? Dovecot.user at seibercom.net Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ All theoretical chemistry is really physics; and all theoretical chemists know it. Richard P. Feynman From info at averlon.net Mon Aug 8 18:24:24 2011 From: info at averlon.net (Firma Averlon) Date: Mon, 08 Aug 2011 17:24:24 +0200 Subject: [Dovecot] mail delivery location wrong In-Reply-To: <20110808111531.72f4791c@scorpio> References: <4E3FD997.2030906@averlon.net> <20110808111531.72f4791c@scorpio> Message-ID: <4E3FFFA8.6080902@averlon.net> Hi Jerry, thanks for reply. In fact, I tried already without but with the same result. As far as I understand the documentation with dovecot all "normal" params are related to local mailboxes/users/domains and all "virtual....." params take effect for virtual mailboxes and they do not interfere with each other. Anyhow. Behaviour does not change without it. Mit freundlichen Gr??en / Kind Regards Hr. Karl-Heinz Fischbach On 08.08.2011 17:15, Jerry wrote: > On Mon, 08 Aug 2011 14:41:59 +0200 > Firma Averlon articulated: > >> The following settings are in place: >> main.cf of postfix: >> >> virtual_mailbox_domains = /etc/postfix/vhosts >> virtual_mailbox_base = /home/vmail >> virtual_mailbox_maps = ldap:/etc/postfix/ldap-virtual.cf >> virtual_minimum_uid = 1000 >> virtual_uid_maps = static:5000 >> virtual_gid_maps = static:5000 >> virtual_transport = dovecot >> mailbox_command = /usr/lib/dovecot/deliver > Why use a mailbox command? I don't have one and I deliver via virtual > using dovecot. You have dovecot listed in the master.cf file. Are you > trying to deliver to both virtual and non-virtual users? > From patrickdk at patrickdk.com Mon Aug 8 19:45:23 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Mon, 08 Aug 2011 12:45:23 -0400 Subject: [Dovecot] mail delivery location wrong In-Reply-To: <4E3FD997.2030906@averlon.net> References: <4E3FD997.2030906@averlon.net> Message-ID: <20110808124523.Horde.q6xnH5LnE6FOQBKjUR72NSA@mail.patrickdk.com> looks like your missing the -d option to lda. Quoting Firma Averlon : > Hi, > thanks for offering the oportunity to place a question here. > > I am now already working since a week to get postfix and dovecot > working on a ubuntu 11.04 server. > Hard task. First step was naturally to get familiar with the idea > behind the archtitecture. > > I have come very far, but the "last dirty mile" is probably the hardest. > > My architecture: > Postfix > Dovecot > OpenLDAP > Thunderbird as client with pop3 > > I can meanwhile send e-mails and open my mailbox in thunderbird (not > receiving mails so far). > > The reason why not receiving e-Mails is simply: When sending the > mails they are stored in a different directory as where dovecot will > look for them !!!! > > Error message from log: > Aug 8 14:09:01 server dovecot: deliver(vmail): maildir: > data=/home/vmail//vmail/Maildir > Aug 8 14:09:01 server dovecot: deliver(vmail): maildir: > data=/home/vmail//vmail/Maildir > Aug 8 14:09:01 server dovecot: deliver(vmail): maildir++: > root=/home/vmail//vmail/Maildir, index=, control=, > inbox=/home/vmail//vmail/Maildir > Aug 8 14:09:01 server dovecot: deliver(vmail): maildir++: > root=/home/vmail//vmail/Maildir, index=, control=, > inbox=/home/vmail//vmail/Maildir > > What you immediatly see: "vmail//vmail" > > Although, when authenticating, the result is: > Aug 8 14:06:30 server dovecot: auth(default): master out: > USER#0113#011userxxx at av.loc#011gid=5000#011home=/home/userxxx#011uid=5000#011mail=/home/vmail/av.loc/userxxx/Maildir/ > > The following settings are in place: > main.cf of postfix: > > virtual_mailbox_domains = /etc/postfix/vhosts > virtual_mailbox_base = /home/vmail > virtual_mailbox_maps = ldap:/etc/postfix/ldap-virtual.cf > virtual_minimum_uid = 1000 > virtual_uid_maps = static:5000 > virtual_gid_maps = static:5000 > virtual_transport = dovecot > mailbox_command = /usr/lib/dovecot/deliver > > beside others. > > master.cf of postfix > dovecot unix - n n - - pipe > flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f > ${sender} -a ${recipient} > > dovecot.conf > sendmail_path = /usr/sbin/sendmail > mail_location = maildir:/home/vmail/%d/%n/Maildir > > beside others. > > I guess, these are the ones influencing where to store the mail and > pick it up. > > A list of the related filesystem: > /home/vmail/ > drwx-w--w- 4 vmail vmail 4096 2011-08-08 08:56 av.loc/ > drwx------ 3 vmail vmail 4096 2011-08-08 09:42 vmail/ > > Wher you can see, the structure according "mail_location" parameter > of dovecot.conf does show effect, but the mails are stored in > /home/vmail//vmail.....". > > The whole bunch of documentation I have read meanwhile makes my head > circle around. > You could hopefully give me some help. > -- > > > Mit freundlichen Gr??en / Kind Regards > > Hr. Karl-Heinz Fischbach From gherzig at fmed.uba.ar Mon Aug 8 19:55:23 2011 From: gherzig at fmed.uba.ar (Gerardo Herzig) Date: Mon, 08 Aug 2011 13:55:23 -0300 Subject: [Dovecot] authentication via LDAP Message-ID: <1312822523.3652.8.camel@inca.fmed.uba.ar> Hi all. I have a couple of questions. ANY of those will solve mi situation. 1) 'Complex' LDAP validation: I need to validate a user in the 2 step authentication / authorizacion mech. The 'users' (with the password) are in ou=Person,o=Work the group which contains the mail users is in cn=MailUsers,ou=Groups,o=Work Can dovecot make such a thing? Cause im not shure if i can make this in a single ldap filter. 2) If not... 2.1) Does dovecot accept more than 1 rule for authenticating? 2.2) Does dovecot accept an arbitrary program for authentication? Well, that's all for now. Thanks! Gerardo From juan at inti.gob.ar Mon Aug 8 22:35:53 2011 From: juan at inti.gob.ar (Juan Bernhard) Date: Mon, 08 Aug 2011 16:35:53 -0300 Subject: [Dovecot] Dovecot quota dict Message-ID: <4E403A99.5060102@inti.gob.ar> Hi, Im using dovecot with maildir++ quota and I have this problem, maybe some of you already solve this and can helpme. I want to use some flat file to tell exim and dovecot the quota limit for each user, i tried to work with exim and maildirsize file, but exim just ignores the limits there. I need a way (a really simple one, i dont want to create a database or an ldap server just for this) to tell exim and dovecot to lookup some file to get the quota limits. I know how to doit with exim, now i need to know how to tell dovecot to read the quota limits from this file. I know that dovecot can read the quota limit from the userdb, but im using pam and i dont want to change the entire auth schema. Can I configure dovecot to get the quota limit from a file using pam as userdb? Thanks, Juan. pd: here is my doveconf -n # 2.0.13: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.18-238.9.1.el5 x86_64 CentOS release 5.6 (Final) ext3 auth_cache_size = 10 M auth_debug = yes auth_verbose = yes base_dir = /var/run/dovecot/ default_client_limit = 5000 default_process_limit = 1000 disable_plaintext_auth = no listen = * login_greeting = Server ready. mail_debug = yes mail_location = maildir:/var/mail/%u:INDEX=~/ mail_plugins = quota maildir_very_dirty_syncs = yes passdb { args = failure_show_msg=yes %s driver = pam } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size subject quota = maildir:Cuota de correo quota_rule = *:storage=1G quota_rule2 = Trash:storage=+100M } protocols = imap pop3 service auth { client_limit = 12000 } service imap { process_limit = 5000 } service pop3 { process_limit = 5000 } ssl = no ssl_cert = References: <1312822523.3652.8.camel@inca.fmed.uba.ar> Message-ID: <4E40596D.4040109@apollo.lv> in principle possible: pass auth: auth_bind = yes auth_bind_userdn = uid=%u,ou=Person,o=Work filter by group: user_filter = (&(&(&(objectclass=user)(objectclass=person))(memberOf=*MailUsers.*))(uid=%n)) pass_filter = (&(&(&(objectclass=user)(objectclass=person))(memberOf=*MailUsers.*))(uid=%u)) but need to configure ldap for memberOf .... Gerardo Herzig wrote: > Hi all. I have a couple of questions. ANY of those will solve mi > situation. > > 1) 'Complex' LDAP validation: > I need to validate a user in the 2 step authentication / authorizacion > mech. > > The 'users' (with the password) are in > ou=Person,o=Work > > the group which contains the mail users is in > cn=MailUsers,ou=Groups,o=Work > > From sahil at FreeBSD.org Tue Aug 9 01:17:29 2011 From: sahil at FreeBSD.org (Sahil Tandon) Date: Mon, 8 Aug 2011 18:17:29 -0400 Subject: [Dovecot] mail delivery location wrong In-Reply-To: <4E3FD997.2030906@averlon.net> References: <4E3FD997.2030906@averlon.net> Message-ID: <20110808221729.GA317@magic.hamla.org> On Mon, 2011-08-08 at 14:41:59 +0200, Firma Averlon wrote: > The reason why not receiving e-Mails is simply: When sending the > mails they are stored in a different directory as where dovecot will > look for them !!!! > > Error message from log: > Aug 8 14:09:01 server dovecot: deliver(vmail): maildir: > data=/home/vmail//vmail/Maildir > > What you immediatly see: "vmail//vmail" > > main.cf of postfix: > > virtual_mailbox_maps = ldap:/etc/postfix/ldap-virtual.cf Does the LDAP query inside this file explicitly return the domain part of the recipient address? -- Sahil Tandon From dovecot.user at seibercom.net Tue Aug 9 02:08:58 2011 From: dovecot.user at seibercom.net (Jerry) Date: Mon, 8 Aug 2011 19:08:58 -0400 Subject: [Dovecot] mail delivery location wrong In-Reply-To: <20110808221729.GA317@magic.hamla.org> References: <4E3FD997.2030906@averlon.net> <20110808221729.GA317@magic.hamla.org> Message-ID: <20110808190858.3e686ffd@scorpio> On Mon, 8 Aug 2011 18:17:29 -0400 Sahil Tandon articulated: > On Mon, 2011-08-08 at 14:41:59 +0200, Firma Averlon wrote: > > > The reason why not receiving e-Mails is simply: When sending the > > mails they are stored in a different directory as where dovecot will > > look for them !!!! > > > > Error message from log: > > Aug 8 14:09:01 server dovecot: deliver(vmail): maildir: > > data=/home/vmail//vmail/Maildir > > > > What you immediatly see: "vmail//vmail" > > > > main.cf of postfix: > > > > virtual_mailbox_maps = ldap:/etc/postfix/ldap-virtual.cf > > Does the LDAP query inside this file explicitly return the domain part > of the recipient address? Did you try using "postmap" to see what a look-up returns? -- Jerry ? Dovecot.user at seibercom.net Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ From koshikov at gmail.com Tue Aug 9 09:29:38 2011 From: koshikov at gmail.com (Nikita Koshikov) Date: Tue, 9 Aug 2011 09:29:38 +0300 Subject: [Dovecot] Dovecot quota dict In-Reply-To: <4E403A99.5060102@inti.gob.ar> References: <4E403A99.5060102@inti.gob.ar> Message-ID: <20110809092938.7f2c470e@jimbo> On Mon, 08 Aug 2011 16:35:53 -0300 Juan Bernhard wrote: > Hi, Im using dovecot with maildir++ quota and I have this problem, maybe > some of you already solve this and can helpme. > I want to use some flat file to tell exim and dovecot the quota limit > for each user, i tried to work with exim and maildirsize file, but exim > just ignores the limits there. > I need a way (a really simple one, i dont want to create a database or > an ldap server just for this) to tell exim and dovecot to lookup some > file to get the quota limits. I know how to doit with exim, now i need > to know how to tell dovecot to read the quota limits from this file. I > know that dovecot can read the quota limit from the userdb, but im using > pam and i dont want to change the entire auth schema. > Can I configure dovecot to get the quota limit from a file using pam as > userdb? > > Thanks, Juan. > > pd: here is my doveconf -n > > # 2.0.13: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 2.6.18-238.9.1.el5 x86_64 CentOS release 5.6 (Final) ext3 > auth_cache_size = 10 M > auth_debug = yes > auth_verbose = yes > base_dir = /var/run/dovecot/ > default_client_limit = 5000 > default_process_limit = 1000 > disable_plaintext_auth = no > listen = * > login_greeting = Server ready. > mail_debug = yes > mail_location = maildir:/var/mail/%u:INDEX=~/ > mail_plugins = quota > maildir_very_dirty_syncs = yes > passdb { > args = failure_show_msg=yes %s > driver = pam > } > plugin { > mail_log_events = delete undelete expunge copy mailbox_delete > mailbox_rename > mail_log_fields = uid box msgid size subject > quota = maildir:Cuota de correo > quota_rule = *:storage=1G > quota_rule2 = Trash:storage=+100M > } > protocols = imap pop3 > service auth { > client_limit = 12000 > } > service imap { > process_limit = 5000 > } > service pop3 { > process_limit = 5000 > } > ssl = no > ssl_cert = ssl_key = userdb { > driver = passwd > } > protocol imap { > imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags > mail_plugins = quota imap_quota > } > protocol pop3 { > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > pop3_lock_session = yes > pop3_uidl_format = %08Xv%08Xu > } > Try to google "exim smtp-time quota bounce". This is what you need. Exim can't do rcpt acl quota checks from the box, thus you need: 1)Some external script which will periodically create overquota file\database of users and reject them at smtp-time using lookup 2)Or write perl-script and exec it in router stage. Script will open maildirsize file, count quota and gives you 'yes\no'. Also you need to deliver via dovecot deliver. This scheme will work. From aydin.demirel at endersys.com Tue Aug 9 14:34:57 2011 From: aydin.demirel at endersys.com (=?UTF-8?B?QXlkxLFuIERlbWlyZWw=?=) Date: Tue, 09 Aug 2011 14:34:57 +0300 Subject: [Dovecot] Trash Plugin Message-ID: <4E411B61.1040605@endersys.com> ReHi; I have a question about trash plugin. I added following lines into dovecot.conf: quota_rule = *:storage=2048000 quota_rule2 = Trash:storage=1MB quota_rule3 = SPAM:ignore When I set *:storage line as default quota_rule , There is no problem.. But when I removed this line and set Trash:storage as default quota_rule, plugin is not working.. That I said, Do I have to add *:storage line as first default line in config line? Regards.. -- *Ayd?n Demirel Endersys Ltd. Sistem Destek M?hendisi/ System Support Engineer* * *<> Phone : +90 216 470 9423 | GSM : +90 530 401 8203 Fax : +90 216 470 9508 | Web : http://www.endersys.com Blog : http://blog.endersys.com Twitter : http://www.twitter.com/endersys LPI : The #1 Linux Certification for IT Professionals LPI (Linux Professional Institute) Turkey http://www.lpi-turkey.com From gherzig at fmed.uba.ar Tue Aug 9 15:25:51 2011 From: gherzig at fmed.uba.ar (Gerardo Herzig) Date: Tue, 09 Aug 2011 09:25:51 -0300 Subject: [Dovecot] authentication via LDAP In-Reply-To: <4E40596D.4040109@apollo.lv> References: <1312822523.3652.8.camel@inca.fmed.uba.ar> <4E40596D.4040109@apollo.lv> Message-ID: <1312892751.460.0.camel@inca.fmed.uba.ar> El mar, 09-08-2011 a las 00:47 +0300, DaLiV at apollo.lv escribi?: > in principle possible: > > pass auth: > auth_bind = yes > auth_bind_userdn = uid=%u,ou=Person,o=Work > > filter by group: > user_filter = > (&(&(&(objectclass=user)(objectclass=person))(memberOf=*MailUsers.*))(uid=%n)) > pass_filter = > (&(&(&(objectclass=user)(objectclass=person))(memberOf=*MailUsers.*))(uid=%u)) > > but need to configure ldap for memberOf .... > Gerardo Herzig wrote: > > Hi all. I have a couple of questions. ANY of those will solve mi > > situation. > > > > 1) 'Complex' LDAP validation: > > I need to validate a user in the 2 step authentication / authorizacion > > mech. > > > > The 'users' (with the password) are in > > ou=Person,o=Work > > > > the group which contains the mail users is in > > cn=MailUsers,ou=Groups,o=Work > > > > > Thanks for the guidance, i will try it! Gerardo From juan at inti.gob.ar Tue Aug 9 17:18:55 2011 From: juan at inti.gob.ar (Juan Bernhard) Date: Tue, 09 Aug 2011 11:18:55 -0300 Subject: [Dovecot] Dovecot quota dict In-Reply-To: <20110809092938.7f2c470e@jimbo> References: <4E403A99.5060102@inti.gob.ar> <20110809092938.7f2c470e@jimbo> Message-ID: <4E4141CF.8090107@inti.gob.ar> Hi Nikita, thanks for the help, but I don't have any problem with bouncing the mail after the deliver (in fact, the mail pass two MTAs servers before reaching the final storage) I will try (with my limited english) to explain it better. Now I m working with a single quota rule for everyone. What I need is a mechanism to give a custom quota to each user. I thought that a flat file will be the simple and easy option to implement, and then use "quota=${lookup {$local_part} lsearch .....}" in the exim transport. I need a way to configure dovecot to follow the same file (or at least a modified copy). I've been told on this list that I can't rely on the maildirsize file, because it can be deleted under some conditions... so i neet to stablish quotas to dovecot somewhere else. My question is: can dovecot get a custon quota for a user from a file (not sql or ldap) and use at the same time pam as userdb? Thanks, Juan. El 09/08/2011 03:29 a.m., Nikita Koshikov escribi?: > On Mon, 08 Aug 2011 16:35:53 -0300 > Juan Bernhard wrote: > >> Hi, Im using dovecot with maildir++ quota and I have this problem, maybe >> some of you already solve this and can helpme. >> I want to use some flat file to tell exim and dovecot the quota limit >> for each user, i tried to work with exim and maildirsize file, but exim >> just ignores the limits there. >> I need a way (a really simple one, i dont want to create a database or >> an ldap server just for this) to tell exim and dovecot to lookup some >> file to get the quota limits. I know how to doit with exim, now i need >> to know how to tell dovecot to read the quota limits from this file. I >> know that dovecot can read the quota limit from the userdb, but im using >> pam and i dont want to change the entire auth schema. >> Can I configure dovecot to get the quota limit from a file using pam as >> userdb? >> >> Thanks, Juan. >> >> pd: here is my doveconf -n >> >> # 2.0.13: /usr/local/etc/dovecot/dovecot.conf >> # OS: Linux 2.6.18-238.9.1.el5 x86_64 CentOS release 5.6 (Final) ext3 >> auth_cache_size = 10 M >> auth_debug = yes >> auth_verbose = yes >> base_dir = /var/run/dovecot/ >> default_client_limit = 5000 >> default_process_limit = 1000 >> disable_plaintext_auth = no >> listen = * >> login_greeting = Server ready. >> mail_debug = yes >> mail_location = maildir:/var/mail/%u:INDEX=~/ >> mail_plugins = quota >> maildir_very_dirty_syncs = yes >> passdb { >> args = failure_show_msg=yes %s >> driver = pam >> } >> plugin { >> mail_log_events = delete undelete expunge copy mailbox_delete >> mailbox_rename >> mail_log_fields = uid box msgid size subject >> quota = maildir:Cuota de correo >> quota_rule = *:storage=1G >> quota_rule2 = Trash:storage=+100M >> } >> protocols = imap pop3 >> service auth { >> client_limit = 12000 >> } >> service imap { >> process_limit = 5000 >> } >> service pop3 { >> process_limit = 5000 >> } >> ssl = no >> ssl_cert => ssl_key => userdb { >> driver = passwd >> } >> protocol imap { >> imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags >> mail_plugins = quota imap_quota >> } >> protocol pop3 { >> pop3_client_workarounds = outlook-no-nuls oe-ns-eoh >> pop3_lock_session = yes >> pop3_uidl_format = %08Xv%08Xu >> } >> > Try to google "exim smtp-time quota bounce". This is what you need. > Exim can't do rcpt acl quota checks from the box, thus you need: > 1)Some external script which will periodically create overquota file\database of users and reject them at smtp-time using lookup > 2)Or write perl-script and exec it in router stage. Script will open maildirsize file, count quota and gives you 'yes\no'. > > Also you need to deliver via dovecot deliver. This scheme will work. > From jeff.vanepps at gmail.com Tue Aug 9 17:23:47 2011 From: jeff.vanepps at gmail.com (Jeff Van Epps) Date: Tue, 9 Aug 2011 10:23:47 -0400 Subject: [Dovecot] Clients can't retrieve new emails In-Reply-To: References: Message-ID: Apologies for the repeat post. I just want to take one more try to find someone who can help or point me in a direction on this. Anyone? ---------- Forwarded message ---------- From: Jeff Van Epps Date: Mon, Aug 1, 2011 at 8:59 AM Subject: Clients can't retrieve new emails To: dovecot at dovecot.org In a formerly working environment suddenly clients aren't notified of new emails and can't retrieve new emails. Server is Ubuntu 11.04 dovecot 1.2.15. Clients which fail are a Pre2 webOS 2.1 and TouchPad webOS 3.0 (those are OS versions, I don't know which particular flavor/version the IMAP clients are); there is also a Thunderbird 3.1.11 client on the same system as the server which works properly. The clients never report an error. I got as far as configuring rawlog: in: ~A2 NAMESPACE ~A3 SELECT "INBOX" ~A4 LIST "" * ~A5 UID STORE 0 +FLAGS.SILENT (\Seen) ~A6 UID STORE 0 +FLAGS.SILENT (\Seen) out: * OK [RAWLOG TIMESTAMP] 2011-08-01 08:28:33 ~A1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in * NAMESPACE (("" "/")) NIL NIL ~A2 OK Namespace completed. * FLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk Junk) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk Junk \*)] Flags permitted. * 101 EXISTS * 0 RECENT * OK [UNSEEN 63] First unseen. * OK [UIDVALIDITY 1222650706] UIDs valid * OK [UIDNEXT 863] Predicted next UID * OK [HIGHESTMODSEQ 1903] Highest ~A3 OK [READ-WRITE] Select completed. * LIST (\NoInferiors \UnMarked) "/" "Trash" * LIST (\NoInferiors \UnMarked) "/" "Sent" * LIST (\NoInferiors \UnMarked) "/" "INBOX" ~A4 OK List completed. ~A5 BAD Error in IMAP command UID STORE: Invalid uidset ~A6 BAD Error in IMAP command UID STORE: Invalid uidset I've searched and read messages saying that there is no such thing as UID 0. Okay. Why are the clients suddenly trying to use it? Why doesn't the server just ignore it? (it seems like it may be terminating the connection) What can I do about it? (I'll nag HP about the client side but I don't expect quick action. The server on the other hand is in my house.) dovecot -n output: # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.38-11-generic i686 Ubuntu 11.04 log_timestamp: %Y-%m-%d %H:%M:%S ssl_cert_file: /etc/ssl/certs/lordbah.com.crt ssl_key_file: /etc/ssl/private/lordbah.com.key ssl_key_password: --redacted-- disable_plaintext_auth: no verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login login_process_per_connection: no login_processes_count: 5 login_max_processes_count: 20 verbose_proctitle: yes mail_privileged_group: mail mail_location: mbox:~*/mail:INBOX=/var/mail/*%u mail_debug: yes mbox_write_locks: fcntl dotlock mail_executable: /usr/lib/dovecot/rawlog /usr/lib/dovecot/imap imap_client_workarounds: tb-extra-mailbox-sep auth default: verbose: yes debug: yes passdb: driver: pam userdb: driver: passwd -- Jeff Van Epps From AnFi at onet.eu Tue Aug 9 18:29:12 2011 From: AnFi at onet.eu (Andrzej Adam Filip) Date: Tue, 09 Aug 2011 17:29:12 +0200 Subject: [Dovecot] LMTP over STDIN/STDOUT (non root user) Message-ID: <3kha87i6dl-B89@clifford.huge.strangled.net> Is it possible to get LMTP session over STDIN/STDOUT (for non root user)? I have configured dovecot to allow "server less" access to my mailbox using IMAP over STDIN/STDOUT. I would like to complete the setup by making fetchmail deliver fetched messages via LMTP over STDIN/STDOUT. -- [pl>en: Andrew] Andrzej Adam Filip : anfi at onet.eu There is only one way to kill capitalism -- by taxes, taxes, and more taxes. -- Karl Marx From s at s7p.de Tue Aug 9 18:48:08 2011 From: s at s7p.de (Stefan Piegsa) Date: Tue, 09 Aug 2011 17:48:08 +0200 Subject: [Dovecot] How to make dovecot-lda/deliver mark a message as seen In-Reply-To: <4E3FB08D.4020803@onet.eu> References: <4E3F7878.8090507@s7p.de> <4E3F93A9.6040903@s7p.de> <4E3FB08D.4020803@onet.eu> Message-ID: <4E4156B8.3070008@s7p.de> On 08/08/2011 11:46 AM, Andrzej Adam Filip wrote: > On 08/08/2011 09:43 AM, Stefan Piegsa wrote: >> Thanks for your reply! >> >> On 08/08/2011 08:36 AM, Andrzej Adam Filip wrote: >>> Have you considered using sieve for the task? >>> [Using imap4flags extension] >> Yes, but I think it's not the optimal solution for what I want to do: >> >> Basically, I don't want emails to be sent first to the MTA and then >> again to dovecot to be stored in "Sent Messages". >> So I made a script that puts an email received from the MTA by an >> authenticated user into his local Maildir/Sent folder, using: >> dovecot-lda -d $user -m Sent. Such emails should be marked as seen. >> >> Sieve would be an option if it were possible to have a global sieve >> script that is always executed, not only when there's no user script. >> >> Best Regards, >> Stefan >> > Could not you use sieve_before? > http://wiki.dovecot.org/LDA/Sieve > > You may consider using sieve_after if you want to allow users to > overwrite your choice of "self copy" handling. > sieve_after sounds interesting! Is there a way to match the destination mailbox in a sieve script? The email comes in by dovecot-lda -d $user -m Sent Now the sieve script should somehow match the mailbox "Sent". From wgillespie+dovecot at es2eng.com Tue Aug 9 20:03:11 2011 From: wgillespie+dovecot at es2eng.com (Willie Gillespie) Date: Tue, 09 Aug 2011 11:03:11 -0600 Subject: [Dovecot] Clients can't retrieve new emails In-Reply-To: References: Message-ID: <4E41684F.6060102@es2eng.com> On 08/09/2011 08:23 AM, Jeff Van Epps wrote: > Apologies for the repeat post. I just want to take one more try to find > someone who can help or point me in a direction on this. Anyone? > > ---------- Forwarded message ---------- > From: Jeff Van Epps > Date: Mon, Aug 1, 2011 at 8:59 AM > Subject: Clients can't retrieve new emails > To: dovecot at dovecot.org > > > In a formerly working environment suddenly clients aren't notified of > new emails and can't retrieve new emails. Server is Ubuntu 11.04 dovecot > 1.2.15. Clients which fail are a Pre2 webOS 2.1 and TouchPad webOS 3.0 > (those are OS versions, I don't know which particular flavor/version the > IMAP clients are); there is also a Thunderbird 3.1.11 client on the same > system as the server which works properly. The clients never report an > error. I got as far as configuring rawlog: > > in: > ~A2 NAMESPACE > ~A3 SELECT "INBOX" > ~A4 LIST "" * > ~A5 UID STORE 0 +FLAGS.SILENT (\Seen) > ~A6 UID STORE 0 +FLAGS.SILENT (\Seen) So the client never requests any mail. Just the list of folders. > out: > * OK [RAWLOG TIMESTAMP] 2011-08-01 08:28:33 > ~A1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT > IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE > QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in > * NAMESPACE (("" "/")) NIL NIL > ~A2 OK Namespace completed. > * FLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk Junk) > * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk > Junk \*)] Flags permitted. > * 101 EXISTS > * 0 RECENT > * OK [UNSEEN 63] First unseen. > * OK [UIDVALIDITY 1222650706] UIDs valid > * OK [UIDNEXT 863] Predicted next UID > * OK [HIGHESTMODSEQ 1903] Highest > ~A3 OK [READ-WRITE] Select completed. > * LIST (\NoInferiors \UnMarked) "/" "Trash" > * LIST (\NoInferiors \UnMarked) "/" "Sent" > * LIST (\NoInferiors \UnMarked) "/" "INBOX" > ~A4 OK List completed. > ~A5 BAD Error in IMAP command UID STORE: Invalid uidset > ~A6 BAD Error in IMAP command UID STORE: Invalid uidset > > > I've searched and read messages saying that there is no such thing as > UID 0. Okay. Why are the clients suddenly trying to use it? Why doesn't > the server just ignore it? (it seems like it may be terminating the > connection) I tried the same commands against my Dovecot server and it did not terminate the connection. I may be running a different version than you though. > What can I do about it? (I'll nag HP about the client side but I don't > expect quick action. The server on the other hand is in my house.) That's the real question. I'd be curious to see what Thunderbird does since you say it has the same problem. Do you have rawlogs from that? > > > dovecot -n output: > # 1.2.15: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.38-11-generic i686 Ubuntu 11.04 > log_timestamp: %Y-%m-%d %H:%M:%S > ssl_cert_file: /etc/ssl/certs/lordbah.com.crt > ssl_key_file: /etc/ssl/private/lordbah.com.key > ssl_key_password: --redacted-- > disable_plaintext_auth: no > verbose_ssl: yes > login_dir: /var/run/dovecot/login > login_executable: /usr/lib/dovecot/imap-login > login_process_per_connection: no > login_processes_count: 5 > login_max_processes_count: 20 > verbose_proctitle: yes > mail_privileged_group: mail > mail_location: mbox:~*/mail:INBOX=/var/mail/*%u > mail_debug: yes > mbox_write_locks: fcntl dotlock > mail_executable: /usr/lib/dovecot/rawlog /usr/lib/dovecot/imap > imap_client_workarounds: tb-extra-mailbox-sep > auth default: > verbose: yes > debug: yes > passdb: > driver: pam > userdb: > driver: passwd > From jeff.vanepps at gmail.com Tue Aug 9 20:29:30 2011 From: jeff.vanepps at gmail.com (Jeff Van Epps) Date: Tue, 9 Aug 2011 13:29:30 -0400 Subject: [Dovecot] Clients can't retrieve new emails In-Reply-To: <4E41684F.6060102@es2eng.com> References: <4E41684F.6060102@es2eng.com> Message-ID: On Tue, Aug 9, 2011 at 1:03 PM, Willie Gillespie < wgillespie+dovecot at es2eng.com> wrote: > On 08/09/2011 08:23 AM, Jeff Van Epps wrote: > >> Apologies for the repeat post. I just want to take one more try to find >> someone who can help or point me in a direction on this. Anyone? >> >> ---------- Forwarded message ---------- >> From: Jeff Van Epps >> Date: Mon, Aug 1, 2011 at 8:59 AM >> Subject: Clients can't retrieve new emails >> To: dovecot at dovecot.org >> >> >> In a formerly working environment suddenly clients aren't notified of >> new emails and can't retrieve new emails. Server is Ubuntu 11.04 dovecot >> 1.2.15. Clients which fail are a Pre2 webOS 2.1 and TouchPad webOS 3.0 >> (those are OS versions, I don't know which particular flavor/version the >> IMAP clients are); there is also a Thunderbird 3.1.11 client on the same >> system as the server which works properly. The clients never report an >> error. I got as far as configuring rawlog: >> >> in: >> ~A2 NAMESPACE >> ~A3 SELECT "INBOX" >> ~A4 LIST "" * >> ~A5 UID STORE 0 +FLAGS.SILENT (\Seen) >> ~A6 UID STORE 0 +FLAGS.SILENT (\Seen) >> > > So the client never requests any mail. Just the list of folders. > > > out: >> * OK [RAWLOG TIMESTAMP] 2011-08-01 08:28:33 >> ~A1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >> SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT >> IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE >> QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged >> in >> * NAMESPACE (("" "/")) NIL NIL >> ~A2 OK Namespace completed. >> * FLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk Junk) >> * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk >> Junk \*)] Flags permitted. >> * 101 EXISTS >> * 0 RECENT >> * OK [UNSEEN 63] First unseen. >> * OK [UIDVALIDITY 1222650706] UIDs valid >> * OK [UIDNEXT 863] Predicted next UID >> * OK [HIGHESTMODSEQ 1903] Highest >> ~A3 OK [READ-WRITE] Select completed. >> * LIST (\NoInferiors \UnMarked) "/" "Trash" >> * LIST (\NoInferiors \UnMarked) "/" "Sent" >> * LIST (\NoInferiors \UnMarked) "/" "INBOX" >> ~A4 OK List completed. >> ~A5 BAD Error in IMAP command UID STORE: Invalid uidset >> ~A6 BAD Error in IMAP command UID STORE: Invalid uidset >> >> >> I've searched and read messages saying that there is no such thing as >> UID 0. Okay. Why are the clients suddenly trying to use it? Why doesn't >> the server just ignore it? (it seems like it may be terminating the >> connection) >> > > I tried the same commands against my Dovecot server and it did not > terminate the connection. I may be running a different version than you > though. > > > What can I do about it? (I'll nag HP about the client side but I don't >> expect quick action. The server on the other hand is in my house.) >> > > That's the real question. I'd be curious to see what Thunderbird does > since you say it has the same problem. Do you have rawlogs from that? > > Thunderbird works properly, i.e. it succeeds in retrieving new emails. I don't have the rawlog at the moment but I recall that it did not do any "UID STORE 0". I wonder what the clients think they are accomplishing with that command. I'll start searching for an Ubuntu PPA for version 2 Dovecot so I can see whether the same thing still happens. > >> >> dovecot -n output: >> # 1.2.15: /etc/dovecot/dovecot.conf >> # OS: Linux 2.6.38-11-generic i686 Ubuntu 11.04 >> log_timestamp: %Y-%m-%d %H:%M:%S >> ssl_cert_file: /etc/ssl/certs/lordbah.com.crt >> ssl_key_file: /etc/ssl/private/lordbah.com.**key >> ssl_key_password: --redacted-- >> disable_plaintext_auth: no >> verbose_ssl: yes >> login_dir: /var/run/dovecot/login >> login_executable: /usr/lib/dovecot/imap-login >> login_process_per_connection: no >> login_processes_count: 5 >> login_max_processes_count: 20 >> verbose_proctitle: yes >> mail_privileged_group: mail >> mail_location: mbox:~*/mail:INBOX=/var/mail/***%u >> mail_debug: yes >> mbox_write_locks: fcntl dotlock >> mail_executable: /usr/lib/dovecot/rawlog /usr/lib/dovecot/imap >> imap_client_workarounds: tb-extra-mailbox-sep >> auth default: >> verbose: yes >> debug: yes >> passdb: >> driver: pam >> userdb: >> driver: passwd >> >> From doctor at doctor.nl2k.ab.ca Tue Aug 9 23:38:28 2011 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Tue, 9 Aug 2011 14:38:28 -0600 Subject: [Dovecot] [ips@shaw.ca: Repeat mails. INC000023456674] Message-ID: <20110809203827.GB3458@doctor.nl2k.ab.ca> Anyone seen this before? ----- Forwarded message from ips at shaw.ca ----- X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on doctor.nl2k.ab.ca X-Spam-Level: * X-Spam-Status: No, score=1.0 required=5.0 tests=RCVD_IN_BACKSCATTER autolearn=no version=3.3.2 X-Original-To: root at doctor.nl2k.ab.ca Delivered-To: root at doctor.nl2k.ab.ca X-Virus-Scanned: amavisd-new at doctor.nl2k.ab.ca X-rim-org-msg-ref-id: 1378293038 Reply-To: ips at shaw.ca X-Priority: Normal Sensitivity: Normal Importance: Normal To: "Dr. Inder P Singh" , "Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem" Subject: Repeat mails. INC000023456674 From: ips at shaw.ca Date: Tue, 9 Aug 2011 19:17:34 +0000 X-Sanitizer: This message has been sanitized! X-Sanitizer-URL: http://mailtools.anomy.net/ X-Sanitizer-Rev: $Id: Sanitizer.pm,v 1.94 2006/01/02 16:43:10 bre Exp $ Dave, According to RIM your server is probably changing the assigned serial number or code to mails frequently and because of that Blackberry server takes the same mail as new one and draws again. Read attached link. Inder Sent wirelessly from my BlackBerry device on the Bell network. Envoy? sans fil par mon terminal mobile BlackBerry sur le r?seau de Bell. -----Original Message----- From: BlackBerry Customer Support Date: Tue, 09 Aug 2011 19:07:30 To: Reply-to: BlackBerry Customer Support Subject: INC000023456674 Hello Dr. Inder, Thank you for contacting BlackBerry Customer Support. Here is a link to a relevant article in our BlackBerry Technical Solution Center: Article Title: Duplicate e-mail messages are received on the BlackBerry smartphone Article Number: KB13528 Link: http://www.blackberry.com/btsc/KB13528 I have included below the pieces of information relating to the duplicate or changing IDs of the emails. Cause 8 The BlackBerry Internet Service downloads any email message with an email message UID that it did not find during the previous connection. If the email message UIDs are changed by the messaging server, duplicate email messages are received. This behavior also applies to any email message that has a blank UID. Resolution 8 To resolve this issue, complete one of the following procedures. Make sure that the message UIDs of email messages on the integrated account messaging server do not change or that email messages are not added back to the inbox of the associated account. Ask your administrator if the message UIDs are changing. In the case of an email message that has a blank UID, have your administrator remove the email message from the email server to prevent it from being delivered repeatedly. Delete email messages from the BlackBerry smartphone using the Mailbox & Handheld setting (email messages will be deleted from the associated email account messaging server and will not be retrieved again by the BlackBerry Internet Service). For instructions, see KB11830. Should you require further information on this subject, please don't hesitate to contact us. Thank you again for contacting us Dr.. Inder. Sincerely, Jennifer BlackBerry Customer Support Research In Motion Limited Tel: NA Toll Free: 1-877-255-2377 UK Toll Free: 0808 100 7466 Europe: +44 1753 558400 Worldwide: +1-519-888-6181 Email: help at blackberry.com Web: www.blackberry.com ***Now Available - BlackBerry Training for BlackBerry Enterprise Server software administrators. For information about current course offerings, please visit www.blackberry.com/go/training. BLACKBERRY? PLAYBOOK??? - WORK SMARTER. PLAY HARDER. Introducing the world???s first professional-grade tablet. www.blackberry.com/playbook ----- End forwarded message ----- -- Member - Liberal International This is doctor at nl2k.ab.ca Ici doctor at nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.facebook.com/dyadallee IT is done! http://groups.google.com/group/rec.arts.drwho/about From postmaster at psy.miami.edu Wed Aug 10 00:12:33 2011 From: postmaster at psy.miami.edu (Postmaster) Date: Tue, 09 Aug 2011 17:12:33 -0400 Subject: [Dovecot] list archive Message-ID: <4E41A2C1.9090207@psy.miami.edu> I'm not able to access the mailing list archives following the instructions here... http://www.dovecot.org/mailinglists.html using either IMAP or by downloading the mbox file. From patrickdk at patrickdk.com Wed Aug 10 00:41:57 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Tue, 09 Aug 2011 17:41:57 -0400 Subject: [Dovecot] [ips@shaw.ca: Repeat mails. INC000023456674] In-Reply-To: <20110809203827.GB3458@doctor.nl2k.ab.ca> References: <20110809203827.GB3458@doctor.nl2k.ab.ca> Message-ID: <20110809174157.Horde.uMpebJLnE6FOQamlK_zEAXA@mail.patrickdk.com> Was this using imap or pop3? I haven't looked at how imap works. But if your using pop3, set pop3_uidl_format correctly. If your deleting or purging the index files and have it set to anything other than %f or %Mf it probably won't work so well. Quoting The Doctor : > Anyone seen this before? > > ----- Forwarded message from ips at shaw.ca ----- > > X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on doctor.nl2k.ab.ca > X-Spam-Level: * > X-Spam-Status: No, score=1.0 required=5.0 tests=RCVD_IN_BACKSCATTER > autolearn=no version=3.3.2 > X-Original-To: root at doctor.nl2k.ab.ca > Delivered-To: root at doctor.nl2k.ab.ca > X-Virus-Scanned: amavisd-new at doctor.nl2k.ab.ca > X-rim-org-msg-ref-id: 1378293038 > Reply-To: ips at shaw.ca > X-Priority: Normal > Sensitivity: Normal > Importance: Normal > To: "Dr. Inder P Singh" , > "Dave Shariff Yadallee - System Administrator a.k.a. The Root of the > Problem" > Subject: Repeat mails. INC000023456674 > From: ips at shaw.ca > Date: Tue, 9 Aug 2011 19:17:34 +0000 > X-Sanitizer: This message has been sanitized! > X-Sanitizer-URL: http://mailtools.anomy.net/ > X-Sanitizer-Rev: $Id: Sanitizer.pm,v 1.94 2006/01/02 16:43:10 bre Exp $ > > Dave, > According to RIM your server is probably changing the assigned > serial number or code to mails frequently and because of that > Blackberry server takes the same mail as new one and draws again. > Read attached link. > Inder > Sent wirelessly from my BlackBerry device on the Bell network. > Envoy? sans fil par mon terminal mobile BlackBerry sur le r?seau de Bell. > > -----Original Message----- > From: BlackBerry Customer Support > Date: Tue, 09 Aug 2011 19:07:30 > To: > Reply-to: BlackBerry Customer Support > Subject: INC000023456674 > > Hello Dr. Inder, > > Thank you for contacting BlackBerry Customer Support. > > Here is a link to a relevant article in our BlackBerry Technical > Solution Center: > > Article Title: Duplicate e-mail messages are received on the > BlackBerry smartphone > Article Number: KB13528 > Link: http://www.blackberry.com/btsc/KB13528 > > I have included below the pieces of information relating to the > duplicate or changing IDs of the emails. > > Cause 8 > The BlackBerry Internet Service downloads any email message with an > email message UID that it did not find during the previous > connection. If the email message UIDs are changed by the messaging > server, duplicate email messages are received. This behavior also > applies to any email message that has a blank UID. > > Resolution 8 > To resolve this issue, complete one of the following procedures. > > Make sure that the message UIDs of email messages on the integrated > account messaging server do not change or that email messages are > not added back to the inbox of the associated account. Ask your > administrator if the message UIDs are changing. In the case of an > email message that has a blank UID, have your administrator remove > the email message from the email server to prevent it from being > delivered repeatedly. > Delete email messages from the BlackBerry smartphone using the > Mailbox & Handheld setting (email messages will be deleted from the > associated email account messaging server and will not be retrieved > again by the BlackBerry Internet Service). For instructions, see > KB11830. > > Should you require further information on this subject, please don't > hesitate to contact us. Thank you again for contacting us Dr.. Inder. > > Sincerely, > > Jennifer > BlackBerry Customer Support > Research In Motion Limited > Tel: > NA Toll Free: 1-877-255-2377 > UK Toll Free: 0808 100 7466 > Europe: +44 1753 558400 > Worldwide: +1-519-888-6181 > Email: help at blackberry.com > Web: www.blackberry.com > > ***Now Available - BlackBerry Training for BlackBerry Enterprise > Server software administrators. For information about current course > offerings, please visit www.blackberry.com/go/training. > > > BLACKBERRY? PLAYBOOK??? - WORK SMARTER. PLAY HARDER. > Introducing the world???s first professional-grade tablet. > www.blackberry.com/playbook > > ----- End forwarded message ----- > > -- > Member - Liberal International This is doctor at nl2k.ab.ca Ici > doctor at nl2k.ab.ca > God, Queen and country! Never Satan President Republic! Beware > AntiChrist rising! > http://twitter.com/rootnl2k http://www.facebook.com/dyadallee > IT is done! http://groups.google.com/group/rec.arts.drwho/about From noel.butler at ausics.net Wed Aug 10 02:50:44 2011 From: noel.butler at ausics.net (Noel Butler) Date: Wed, 10 Aug 2011 09:50:44 +1000 Subject: [Dovecot] list archive In-Reply-To: <4E41A2C1.9090207@psy.miami.edu> References: <4E41A2C1.9090207@psy.miami.edu> Message-ID: <1312933844.7178.2.camel@tardis> On Tue, 2011-08-09 at 17:12 -0400, Postmaster wrote: > I'm not able to access the mailing list archives following the > instructions here... > > http://www.dovecot.org/mailinglists.html > > using either IMAP or by downloading the mbox file. replace www.dovecot.org with dovecot.org the mirror at trollweb is broken -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From koshikov at gmail.com Wed Aug 10 09:35:13 2011 From: koshikov at gmail.com (Nikita Koshikov) Date: Wed, 10 Aug 2011 09:35:13 +0300 Subject: [Dovecot] Dovecot quota dict In-Reply-To: <4E4141CF.8090107@inti.gob.ar> References: <4E403A99.5060102@inti.gob.ar> <20110809092938.7f2c470e@jimbo> <4E4141CF.8090107@inti.gob.ar> Message-ID: <20110810093513.2a73ca7c@jimbo> On Tue, 09 Aug 2011 11:18:55 -0300 Juan Bernhard wrote: > Hi Nikita, thanks for the help, but I don't have any problem with > bouncing the mail after the deliver (in fact, the mail pass two MTAs > servers before reaching the final storage) > I will try (with my limited english) to explain it better. Now I m > working with a single quota rule for everyone. What I need is a > mechanism to give a custom quota to each user. I thought that a flat > file will be the simple and easy option to implement, and then use > "quota=${lookup {$local_part} lsearch .....}" in the exim transport. I > need a way to configure dovecot to follow the same file (or at least a > modified copy). I've been told on this list that I can't rely on the > maildirsize file, because it can be deleted under some conditions... so > i neet to stablish quotas to dovecot somewhere else. > My question is: can dovecot get a custon quota for a user from a file > (not sql or ldap) and use at the same time pam as userdb? > > > Thanks, Juan. So, you need customizable userdb lookup without ldap or sql. You can try too use checkpassword as userdb and then, in the script - parse quota-file, make pam lookup and return userdb_quota* values for specific user. More on http://wiki2.dovecot.org/AuthDatabase/CheckPassword . I don't have experience with this authdatabase method, but seems that it suitable for you. But in general - it's better to prevent editing maildirsize file from 2 instances. From kzorba at otenet.gr Wed Aug 10 13:07:48 2011 From: kzorba at otenet.gr (Kostas Zorbadelos) Date: Wed, 10 Aug 2011 13:07:48 +0300 Subject: [Dovecot] Bug report v2.0.13 - CentOS x86_64 - NFS - mbox In-Reply-To: <4E294AC0.2060706@otenet.gr> References: <4E294AC0.2060706@otenet.gr> Message-ID: <4E425874.6040507@otenet.gr> On 07/22/2011 01:02 PM, Kostas Zorbadelos wrote: Hello, since I saw no action on this, here is a newer update we discovered today. After setting pop3_lock_session = no the core dumps went away. We will leave it like that and watch it for the next few days. If we set pop3_lock_session = yes, the problem is reproduced. If I can do anything else to help debug the problem, please let me know. Regards, Kostas > Greetings to all. > > It's my first post to the list. We just completed a migration from qpopper to dovecot > for our IMAP and POP3 services. We have a rather large mail environment > (we are the biggest provider in Greece). > > So, here are the details: > > - Keep getting errors like these in our production environment > > Jul 22 00:18:21 pop01 dovecot: master: Error: service(pop3): child 4078 killed with signal 11 (core dumps disabled) > Jul 22 00:19:31 pop03 dovecot: master: Error: service(pop3): child 18849 killed with signal 11 (core dumps disabled) > > --------------------------------------------------------------------- > dovecot -n output > --------------------------------------------------------------------- > /opt/dovecot/sbin/dovecot -n > # 2.0.13: /opt/dovecot/etc/dovecot/dovecot.conf > # OS: Linux 2.6.18-92.1.22.el5 x86_64 CentOS release 5.5 (Final) > auth_cache_negative_ttl = 10 mins > auth_cache_size = 5 M > auth_cache_ttl = 10 mins > auth_verbose = yes > default_client_limit = 5000 > default_process_limit = 500 > disable_plaintext_auth = no > first_valid_uid = 200 > listen = * > log_timestamp = "%Y-%m-%d %H:%M:%S " > login_greeting = ready > mail_access_groups = mail otemail disk root > mail_fsync = always > mail_location = mbox:INDEX=/var/index/dovecot/%2.16Hn/%2.254Hn/%u > mail_nfs_storage = yes > mbox_lock_timeout = 2 mins > mbox_min_index_size = 200 k > mbox_read_locks = dotlock_try fcntl > mbox_write_locks = dotlock_try fcntl > passdb { > args = /opt/dovecot/etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > protocols = imap pop3 > service auth-worker { > user = dovenull > } > service imap-login { > inet_listener imap { > port = 143 > } > inet_listener imaps { > port = 993 > ssl = yes > } > } > service pop3-login { > inet_listener pop3 { > port = 110 > } > inet_listener pop3s { > port = 995 > ssl = yes > } > } > ssl = no > userdb { > args = /opt/dovecot/etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > verbose_proctitle = yes > protocol imap { > imap_client_workarounds = delay-newmail tb-extra-mailbox-sep > mail_max_userip_connections = 100 > } > protocol pop3 { > mail_max_userip_connections = 100 > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > pop3_fast_size_lookups = yes > pop3_lock_session = yes > pop3_reuse_xuidl = yes > pop3_uidl_format = %08Xu%08Xv > } > > I enabled core dumps in one of our backend servers and here is the relevant gdb trace: > > [root at pop08 ~]# gdb /opt/dovecot/libexec/dovecot/pop3/core.9273 > GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-32.el5_6.2) > Copyright (C) 2009 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > and "show warranty" for details. > This GDB was configured as "x86_64-redhat-linux-gnu". > For bug reporting instructions, please see: > ... > Reading symbols from /opt/dovecot/libexec/dovecot/pop3...(no debugging symbols found)...done. > Reading symbols from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0...(no debugging symbols found)...done. > Loaded symbols for /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > Reading symbols from /opt/dovecot/lib/dovecot/libdovecot.so.0...(no debugging symbols found)...done. > Loaded symbols for /opt/dovecot/lib/dovecot/libdovecot.so.0 > Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done. > Loaded symbols for /lib64/libdl.so.2 > Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done. > Loaded symbols for /lib64/librt.so.1 > Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done. > Loaded symbols for /lib64/libc.so.6 > Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. > Loaded symbols for /lib64/ld-linux-x86-64.so.2 > Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done. > Loaded symbols for /lib64/libpthread.so.0 > Core was generated by `dovecot/pop3'. > Program terminated with signal 11, Segmentation fault. > #0 0x00002b52e1027e54 in istream_raw_mbox_get_start_offset () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > (gdb) bt full > #0 0x00002b52e1027e54 in istream_raw_mbox_get_start_offset () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > No symbol table info available. > #1 0x00002b52e102b759 in ?? () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > No symbol table info available. > #2 0x00002b52e100a2c0 in index_mail_expunge () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > No symbol table info available. > #3 0x0000000000405e9c in client_update_mails () > No symbol table info available. > #4 0x00000000004061c1 in client_command_execute () > No symbol table info available. > #5 0x00000000004045b9 in client_handle_input () > No symbol table info available. > #6 0x00002b52e12df698 in io_loop_call_io () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > No symbol table info available. > #7 0x00002b52e12e09d5 in io_loop_handler_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > No symbol table info available. > #8 0x00002b52e12df62d in io_loop_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > No symbol table info available. > #9 0x00002b52e12cdf13 in master_service_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > No symbol table info available. > #10 0x0000000000403994 in main () > No symbol table info available. > (gdb) > > All traces of the crashes are identical, that is > #0 0x00002b52e1027e54 in istream_raw_mbox_get_start_offset () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > #1 0x00002b52e102b759 in ?? () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > #2 0x00002b52e100a2c0 in index_mail_expunge () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > #3 0x0000000000405e9c in client_update_mails () > #4 0x00000000004061c1 in client_command_execute () > #5 0x00000000004045b9 in client_handle_input () > #6 0x00002b52e12df698 in io_loop_call_io () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > #7 0x00002b52e12e09d5 in io_loop_handler_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > #8 0x00002b52e12df62d in io_loop_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > #9 0x00002b52e12cdf13 in master_service_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > #10 0x0000000000403994 in main () > > We have mboxes over NFS and we also have an ldap user backend. For now, I do not have a scenario > that reproduces the problem. Any idea, or input are highly appreciated. Of course I can provide > any information requested (without exposing restricted company or client data) to help trace > the problem and lead to the solution. > > Thanks and keep up the good work! > > Regards, > > Kostas Zorbadelos > > From juan at inti.gob.ar Wed Aug 10 15:40:55 2011 From: juan at inti.gob.ar (Juan Bernhard) Date: Wed, 10 Aug 2011 09:40:55 -0300 Subject: [Dovecot] Dovecot quota dict In-Reply-To: <20110810093513.2a73ca7c@jimbo> References: <4E403A99.5060102@inti.gob.ar> <20110809092938.7f2c470e@jimbo> <4E4141CF.8090107@inti.gob.ar> <20110810093513.2a73ca7c@jimbo> Message-ID: <4E427C57.1040704@inti.gob.ar> Thank you Nikita, that's what I need. El 10/08/2011 03:35 a.m., Nikita Koshikov escribi?: > On Tue, 09 Aug 2011 11:18:55 -0300 > Juan Bernhard wrote: > >> Hi Nikita, thanks for the help, but I don't have any problem with >> bouncing the mail after the deliver (in fact, the mail pass two MTAs >> servers before reaching the final storage) >> I will try (with my limited english) to explain it better. Now I m >> working with a single quota rule for everyone. What I need is a >> mechanism to give a custom quota to each user. I thought that a flat >> file will be the simple and easy option to implement, and then use >> "quota=${lookup {$local_part} lsearch .....}" in the exim transport. I >> need a way to configure dovecot to follow the same file (or at least a >> modified copy). I've been told on this list that I can't rely on the >> maildirsize file, because it can be deleted under some conditions... so >> i neet to stablish quotas to dovecot somewhere else. >> My question is: can dovecot get a custon quota for a user from a file >> (not sql or ldap) and use at the same time pam as userdb? >> >> >> Thanks, Juan. > So, you need customizable userdb lookup without ldap or sql. You can try too use checkpassword as userdb and then, in the script - parse quota-file, make pam lookup and return userdb_quota* values for specific user. More on http://wiki2.dovecot.org/AuthDatabase/CheckPassword . I don't have experience with this authdatabase method, but seems that it suitable for you. > But in general - it's better to prevent editing maildirsize file from 2 instances. From ian at liuzzifedunstudios.com Wed Aug 10 15:38:06 2011 From: ian at liuzzifedunstudios.com (huntson) Date: Wed, 10 Aug 2011 05:38:06 -0700 (PDT) Subject: [Dovecot] How do I change the date format displayed on webmail? Message-ID: <32233645.post@talk.nabble.com> I am running Dovecot on OS X Lion and the webmail displays the date in a European style format - day of the month and then month number. How can I reverse this? -- View this message in context: http://old.nabble.com/How-do-I-change-the-date-format-displayed-on-webmail--tp32233645p32233645.html Sent from the Dovecot mailing list archive at Nabble.com. From warden at geneseo.edu Wed Aug 10 16:42:36 2011 From: warden at geneseo.edu (David Warden) Date: Wed, 10 Aug 2011 09:42:36 -0400 Subject: [Dovecot] How do I change the date format displayed on webmail? In-Reply-To: <32233645.post@talk.nabble.com> References: <32233645.post@talk.nabble.com> Message-ID: On Aug 10, 2011, at 8:38 AM, huntson wrote: > > I am running Dovecot on OS X Lion and the webmail displays the date in a > European style format - day of the month and then month number. How can I > reverse this? > -- > View this message in context: http://old.nabble.com/How-do-I-change-the-date-format-displayed-on-webmail--tp32233645p32233645.html > Sent from the Dovecot mailing list archive at Nabble.com. > I believe Lion Server uses Roundcube for webmail and it defaults to that date format. I'm not sure what directory it's in but you're looking for config/main.inc.php and the entry you want to change is: // use this format for detailed date/time formatting (date or strftime format) $rcmail_config['date_long'] = 'd.m.Y H:i'; -David Warden From nbw0313 at yahoo.com Wed Aug 10 16:49:33 2011 From: nbw0313 at yahoo.com (DT) Date: Wed, 10 Aug 2011 06:49:33 -0700 (PDT) Subject: [Dovecot] mbox problems on CentOS 6 In-Reply-To: <1312614774.76715.YahooMailClassic@web161902.mail.bf1.yahoo.com> Message-ID: <1312984173.57194.YahooMailClassic@web161914.mail.bf1.yahoo.com> Still couldn't solve this mbox problem... Is there anyone who can assist me with this? ? ? --- On Sat, 8/6/11, DT wrote: From: DT Subject: Re: [Dovecot] mbox problems on CentOS 6 To: dovecot at dovecot.org Date: Saturday, August 6, 2011, 10:12 AM Thank you Thomas for opening my eyes on that matter, I fixed that area as bellow and it solved the Postfix problem 100% ? service auth { ??? unix_listener /var/spool/postfix/private/auth? { ??????? mode = 0600 ??????? user = postfix ??????? group = postfix ??? } } ? Now I only have same old issue with Dovecot only: 2011-08-05 07:52:21 imap(contact at mydomain.com): Debug: Effective uid=901, gid=12, home=/vmail/mydomain.com/contact 2011-08-05 07:52:21 imap(contact at mydomain.com): Error: user contact at mydomain.com: Initialization failed: Initializing mail storage from mail_location setting failed: Unknown mail storage driver maildir 2011-08-05 07:52:21 imap(contact at mydomain.com): Error: Invalid user settings. Refer to server log for more information. ? Somehow it doesnt like what I have in mail_location or so... but I tried so many other folders, tried maildir also, error keeps showing, I can login to IMAP but once I do I'm dropped :* BYE Internal error occurred. Refer to server log for more information. Connection closed by foreign host. ? Thank you again for any oppinion or advice. ? >In the config posted 'service auth' is not configured: > >http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL > >Thomas ? ? >> No I noticed Postfix isnt running anymore :( >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: connect from mail-fx0-f51.google.com[209.85.161.51] >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: warning: SASL: Connect to private/auth failed: Connection refused >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: fatal: no SASL authentication mechanisms >>? >> All I did was a simple system reboot >>? From frank at moltke28.B.Shuttle.DE Wed Aug 10 16:50:28 2011 From: frank at moltke28.B.Shuttle.DE (Frank Elsner) Date: Wed, 10 Aug 2011 15:50:28 +0200 Subject: [Dovecot] How do I change the date format displayed on webmail? In-Reply-To: <32233645.post@talk.nabble.com> References: <32233645.post@talk.nabble.com> Message-ID: (auto-added) On Wed, 10 Aug 2011 05:38:06 -0700 (PDT) huntson wrote: > > I am running Dovecot on OS X Lion and the webmail displays the date in a > European style format - day of the month and then month number. How can I > reverse this? This is not dovecot's job, consult your webmail preferences. --Frank Elsner From nbw0313 at yahoo.com Wed Aug 10 17:12:54 2011 From: nbw0313 at yahoo.com (DT) Date: Wed, 10 Aug 2011 07:12:54 -0700 (PDT) Subject: [Dovecot] mbox problems on CentOS 6 In-Reply-To: <1312984173.57194.YahooMailClassic@web161914.mail.bf1.yahoo.com> Message-ID: <1312985574.67275.YahooMailClassic@web161912.mail.bf1.yahoo.com> [SOLVED] ? For some reason I had to give up compiling/working with?beta version - it seems to have some issue with the storages. Instead I compiled?last stable version and all is working fine - funny thing is that I had to compile with both mbox and maildir storage drivers (probably for postfix compatibility) ? ? --- On Wed, 8/10/11, DT wrote: From: DT Subject: Re: [Dovecot] mbox problems on CentOS 6 To: dovecot at dovecot.org Date: Wednesday, August 10, 2011, 4:49 PM Still couldn't solve this mbox problem... Is there anyone who can assist me with this? ? ? --- On Sat, 8/6/11, DT wrote: From: DT Subject: Re: [Dovecot] mbox problems on CentOS 6 To: dovecot at dovecot.org Date: Saturday, August 6, 2011, 10:12 AM Thank you Thomas for opening my eyes on that matter, I fixed that area as bellow and it solved the Postfix problem 100% ? service auth { ??? unix_listener /var/spool/postfix/private/auth? { ??????? mode = 0600 ??????? user = postfix ??????? group = postfix ??? } } ? Now I only have same old issue with Dovecot only: 2011-08-05 07:52:21 imap(contact at mydomain.com): Debug: Effective uid=901, gid=12, home=/vmail/mydomain.com/contact 2011-08-05 07:52:21 imap(contact at mydomain.com): Error: user contact at mydomain.com: Initialization failed: Initializing mail storage from mail_location setting failed: Unknown mail storage driver maildir 2011-08-05 07:52:21 imap(contact at mydomain.com): Error: Invalid user settings. Refer to server log for more information. ? Somehow it doesnt like what I have in mail_location or so... but I tried so many other folders, tried maildir also, error keeps showing, I can login to IMAP but once I do I'm dropped :* BYE Internal error occurred. Refer to server log for more information. Connection closed by foreign host. ? Thank you again for any oppinion or advice. ? >In the config posted 'service auth' is not configured: > >http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL > >Thomas ? ? >> No I noticed Postfix isnt running anymore :( >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: connect from mail-fx0-f51.google.com[209.85.161.51] >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: warning: SASL: Connect to private/auth failed: Connection refused >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: fatal: no SASL authentication mechanisms >>? >> All I did was a simple system reboot >>? From stsiol at yahoo.co.uk Wed Aug 10 19:30:49 2011 From: stsiol at yahoo.co.uk (Spyros Tsiolis) Date: Wed, 10 Aug 2011 17:30:49 +0100 (BST) Subject: [Dovecot] mbox problems on CentOS 6 In-Reply-To: <1312985574.67275.YahooMailClassic@web161912.mail.bf1.yahoo.com> Message-ID: <1312993849.6518.YahooMailClassic@web27202.mail.ukl.yahoo.com> --- On Wed, 10/8/11, DT wrote: > From: DT > Subject: Re: [Dovecot] mbox problems on CentOS 6 > To: "Dovecot Mailing List" > Date: Wednesday, 10 August, 2011, 17:12 > [SOLVED] > ? > For some reason I had to give up compiling/working > with?beta version - it seems to have some issue with the > storages. Instead I compiled?last stable version and all is > working fine - funny thing is that I had to compile with > both mbox and maildir storage drivers (probably for postfix > compatibility) > ? > ? > > > --- On Wed, 8/10/11, DT > wrote: > > > From: DT > Subject: Re: [Dovecot] mbox problems on CentOS 6 > To: dovecot at dovecot.org > Date: Wednesday, August 10, 2011, 4:49 PM > > > Still couldn't solve this mbox problem... Is there anyone > who can assist me with this? > ? > ? > > > --- On Sat, 8/6/11, DT > wrote: > > > From: DT > Subject: Re: [Dovecot] mbox problems on CentOS 6 > To: dovecot at dovecot.org > Date: Saturday, August 6, 2011, 10:12 AM > > > > > > > > Thank you Thomas for opening my eyes on that matter, I > fixed that area as bellow and it solved the Postfix problem > 100% > ? > service auth { > ??? unix_listener /var/spool/postfix/private/auth? { > ??????? mode = 0600 > ??????? user = postfix > ??????? group = postfix > ??? } > } > ? > Now I only have same old issue with Dovecot only: > 2011-08-05 07:52:21 imap(contact at mydomain.com): > Debug: Effective uid=901, gid=12, > home=/vmail/mydomain.com/contact > 2011-08-05 07:52:21 imap(contact at mydomain.com): > Error: user contact at mydomain.com: > Initialization failed: Initializing mail storage from > mail_location setting failed: Unknown mail storage driver > maildir > 2011-08-05 07:52:21 imap(contact at mydomain.com): > Error: Invalid user settings. Refer to server log for more > information. > ? > Somehow it doesnt like what I have in mail_location or > so... but I tried so many other folders, tried maildir also, > error keeps showing, I can login to IMAP but once I do I'm > dropped :* BYE Internal error occurred. Refer to server log > for more information. > Connection closed by foreign host. > ? > Thank you again for any oppinion or advice. > > > ? > >In the config posted 'service auth' is not configured: > > > >http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL > > > >Thomas > ? > ? > >> No I noticed Postfix isnt running anymore :( > >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: > connect from mail-fx0-f51.google.com[209.85.161.51] > >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: > warning: SASL: Connect to private/auth failed: Connection > refused > >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: > fatal: no SASL authentication mechanisms > >>? > >> All I did was a simple system reboot > >>? > If you don't mind me ask; What version of dovecot were you trying to build ? Were you trying to buld/compile from sources ? Didn't you use the rpms for CentOS that exist ? Regards, s. ---- "I merely function as a channel that filters music through the chaos of noise" - Vangelis From nbw0313 at yahoo.com Wed Aug 10 20:05:53 2011 From: nbw0313 at yahoo.com (DT) Date: Wed, 10 Aug 2011 10:05:53 -0700 (PDT) Subject: [Dovecot] mbox problems on CentOS 6 In-Reply-To: <1312993849.6518.YahooMailClassic@web27202.mail.ukl.yahoo.com> Message-ID: <1312995953.45794.YahooMailClassic@web161907.mail.bf1.yahoo.com> I initially ran dovecot 2.0.13 from CentOS 6 base repository. Then I switched to beta 9 (source)?because I found most articles saying it's stable with the stuff I wanted compiled - compiling it was actually a pain. ? Now I successfully compiled and installed?2.0.13?from source. Works like a charm. Still I can't pinpoint exactly where the problem was: could be a bug OR could be a problematic package in centos6 repository... can't say - maybe I will test more in depth on a dev box. ? All the best ? --- On Wed, 8/10/11, Spyros Tsiolis wrote: From: Spyros Tsiolis Subject: Re: [Dovecot] mbox problems on CentOS 6 To: "Dovecot Mailing List" Cc: nbw0313 at yahoo.com Date: Wednesday, August 10, 2011, 7:30 PM --- On Wed, 10/8/11, DT wrote: > From: DT > Subject: Re: [Dovecot] mbox problems on CentOS 6 > To: "Dovecot Mailing List" > Date: Wednesday, 10 August, 2011, 17:12 > [SOLVED] > ? > For some reason I had to give up compiling/working > with?beta version - it seems to have some issue with the > storages. Instead I compiled?last stable version and all is > working fine - funny thing is that I had to compile with > both mbox and maildir storage drivers (probably for postfix > compatibility) > ? > ? > > > --- On Wed, 8/10/11, DT > wrote: > > > From: DT > Subject: Re: [Dovecot] mbox problems on CentOS 6 > To: dovecot at dovecot.org > Date: Wednesday, August 10, 2011, 4:49 PM > > > Still couldn't solve this mbox problem... Is there anyone > who can assist me with this? > ? > ? > > > --- On Sat, 8/6/11, DT > wrote: > > > From: DT > Subject: Re: [Dovecot] mbox problems on CentOS 6 > To: dovecot at dovecot.org > Date: Saturday, August 6, 2011, 10:12 AM > > > > > > > > Thank you Thomas for opening my eyes on that matter, I > fixed that area as bellow and it solved the Postfix problem > 100% > ? > service auth { > ??? unix_listener /var/spool/postfix/private/auth? { > ??????? mode = 0600 > ??????? user = postfix > ??????? group = postfix > ??? } > } > ? > Now I only have same old issue with Dovecot only: > 2011-08-05 07:52:21 imap(contact at mydomain.com): > Debug: Effective uid=901, gid=12, > home=/vmail/mydomain.com/contact > 2011-08-05 07:52:21 imap(contact at mydomain.com): > Error: user contact at mydomain.com: > Initialization failed: Initializing mail storage from > mail_location setting failed: Unknown mail storage driver > maildir > 2011-08-05 07:52:21 imap(contact at mydomain.com): > Error: Invalid user settings. Refer to server log for more > information. > ? > Somehow it doesnt like what I have in mail_location or > so... but I tried so many other folders, tried maildir also, > error keeps showing, I can login to IMAP but once I do I'm > dropped :* BYE Internal error occurred. Refer to server log > for more information. > Connection closed by foreign host. > ? > Thank you again for any oppinion or advice. > > > ? > >In the config posted 'service auth' is not configured: > > > >http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL > > > >Thomas > ? > ? > >> No I noticed Postfix isnt running anymore :( > >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: > connect from mail-fx0-f51.google.com[209.85.161.51] > >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: > warning: SASL: Connect to private/auth failed: Connection > refused > >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: > fatal: no SASL authentication mechanisms > >>? > >> All I did was a simple system reboot > >>? > If you don't mind me ask; What version of dovecot were you trying to build ? Were you trying to buld/compile from sources ? Didn't you use the rpms for CentOS that exist ? Regards, s. ---- "I merely function as a channel that filters music through the chaos of noise" - Vangelis From tss at iki.fi Wed Aug 10 20:37:46 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 10 Aug 2011 20:37:46 +0300 Subject: [Dovecot] [PATCH] net_connect_*(): Wait for fd to complete connect(2) when fd is non-blocking In-Reply-To: <87livcr1le.wl%fumiyas@osstech.jp> References: <87zkjv3eml.wl%fumiyas@osstech.jp> <87y5zf2ekl.wl%fumiyas@osstech.jp> <87livcr1le.wl%fumiyas@osstech.jp> Message-ID: <5C45A34F-1472-4DCD-B038-E07CEF6304BD@iki.fi> On 2.8.2011, at 5.25, SATOH Fumiyasu wrote: >>> Dovecot ignores EINPROGRESS on connect(2) for non-blocking fd. >>> This is wrong. After that, read(2) to fd (or write(2) to fd) fails >>> with ENOTCONN if the connection of fd is not completed. >>> >>> The attached patch fixes this problem. If you do that, then there's no point in making the socket non-blocking before connect(). > On a high-load Solaris 10 box, dovecot-lda fails to query (I/O) to > dovecot dict socket with ENOTCONN. My patch fixes this problem. I think Linux/etc returns EAGAIN in such situation. Maybe the right fix is to just add EINPROGRESS check for net_connect_unix_with_retries()? (With some extra changes so that it actually sees that errno from net_connect_unix()) From stsiol at yahoo.co.uk Wed Aug 10 22:49:19 2011 From: stsiol at yahoo.co.uk (Spyros Tsiolis) Date: Wed, 10 Aug 2011 20:49:19 +0100 (BST) Subject: [Dovecot] mbox problems on CentOS 6 In-Reply-To: <1312995953.45794.YahooMailClassic@web161907.mail.bf1.yahoo.com> Message-ID: <1313005759.19881.YahooMailClassic@web27202.mail.ukl.yahoo.com> --- On Wed, 10/8/11, DT wrote: > From: DT > Subject: Re: [Dovecot] mbox problems on CentOS 6 > To: "Dovecot Mailing List" , "Spyros Tsiolis" > Date: Wednesday, 10 August, 2011, 20:05 > I initially ran dovecot 2.0.13 from > CentOS 6 base repository. Then I switched to beta 9 > (source)?because I found most articles saying it's stable > with the stuff I wanted compiled - compiling it was actually > a pain. > ? > Now I successfully compiled and installed?2.0.13?from > source. Works like a charm. Still I can't pinpoint exactly > where the problem was: could be a bug OR could be a > problematic package in centos6 repository... can't say - > maybe I will test more in depth on a dev box. > ? > All the best > ? > > > --- On Wed, 8/10/11, Spyros Tsiolis > wrote: > > > From: Spyros Tsiolis > Subject: Re: [Dovecot] mbox problems on CentOS 6 > To: "Dovecot Mailing List" > Cc: nbw0313 at yahoo.com > Date: Wednesday, August 10, 2011, 7:30 PM > > > --- On Wed, 10/8/11, DT > wrote: > > > From: DT > > Subject: Re: [Dovecot] mbox problems on CentOS 6 > > To: "Dovecot Mailing List" > > Date: Wednesday, 10 August, 2011, 17:12 > > [SOLVED] > > ? > > For some reason I had to give up compiling/working > > with?beta version - it seems to have some issue with > the > > storages. Instead I compiled?last stable version and > all is > > working fine - funny thing is that I had to compile > with > > both mbox and maildir storage drivers (probably for > postfix > > compatibility) > > ? > > ? > > > > > > --- On Wed, 8/10/11, DT > > wrote: > > > > > > From: DT > > Subject: Re: [Dovecot] mbox problems on CentOS 6 > > To: dovecot at dovecot.org > > Date: Wednesday, August 10, 2011, 4:49 PM > > > > > > Still couldn't solve this mbox problem... Is there > anyone > > who can assist me with this? > > ? > > ? > > > > > > --- On Sat, 8/6/11, DT > > wrote: > > > > > > From: DT > > Subject: Re: [Dovecot] mbox problems on CentOS 6 > > To: dovecot at dovecot.org > > Date: Saturday, August 6, 2011, 10:12 AM > > > > > > > > > > > > > > > > Thank you Thomas for opening my eyes on that matter, > I > > fixed that area as bellow and it solved the Postfix > problem > > 100% > > ? > > service auth { > > ??? unix_listener /var/spool/postfix/private/auth? > { > > ??????? mode = 0600 > > ??????? user = postfix > > ??????? group = postfix > > ??? } > > } > > ? > > Now I only have same old issue with Dovecot only: > > 2011-08-05 07:52:21 imap(contact at mydomain.com): > > Debug: Effective uid=901, gid=12, > > home=/vmail/mydomain.com/contact > > 2011-08-05 07:52:21 imap(contact at mydomain.com): > > Error: user contact at mydomain.com: > > Initialization failed: Initializing mail storage from > > mail_location setting failed: Unknown mail storage > driver > > maildir > > 2011-08-05 07:52:21 imap(contact at mydomain.com): > > Error: Invalid user settings. Refer to server log for > more > > information. > > ? > > Somehow it doesnt like what I have in mail_location > or > > so... but I tried so many other folders, tried maildir > also, > > error keeps showing, I can login to IMAP but once I do > I'm > > dropped :* BYE Internal error occurred. Refer to > server log > > for more information. > > Connection closed by foreign host. > > ? > > Thank you again for any oppinion or advice. > > > > > > ? > > >In the config posted 'service auth' is not > configured: > > > > > >http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL > > > > > >Thomas > > ? > > ? > > >> No I noticed Postfix isnt running anymore :( > > >> Aug? 4 14:49:25 hostname > postfix/smtpd[6414]: > > connect from mail-fx0-f51.google.com[209.85.161.51] > > >> Aug? 4 14:49:25 hostname > postfix/smtpd[6414]: > > warning: SASL: Connect to private/auth failed: > Connection > > refused > > >> Aug? 4 14:49:25 hostname > postfix/smtpd[6414]: > > fatal: no SASL authentication mechanisms > > >>? > > >> All I did was a simple system reboot > > >>? > > > > > If you don't mind me ask; What version of dovecot were you > trying > to build ? > > Were you trying to buld/compile from sources ? > Didn't you use the rpms for CentOS that exist ? > > Regards, > > s. > > > ---- > "I merely function as a channel that filters > music through the chaos of noise" > - Vangelis Hi DT, Have you tinkered with debug switches on dovecot ? They are pretty straightforward and down to the point (see: not cryptic :-) I build dovecot from sources too. Not relaying on CentOS repos. I currently have two mailservers with dovecot and have no problems. Then, I am not using v2.x but v1.x (I can't remember the exact version at the moment). HTH s. ---- "I merely function as a channel that filters music through the chaos of noise" - Vangelis From s at s7p.de Wed Aug 10 23:19:30 2011 From: s at s7p.de (Stefan Piegsa) Date: Wed, 10 Aug 2011 22:19:30 +0200 Subject: [Dovecot] [Solved] How to make dovecot-lda/deliver mark a message as seen In-Reply-To: <4E4156B8.3070008@s7p.de> References: <4E3F7878.8090507@s7p.de> <4E3F93A9.6040903@s7p.de> <4E3FB08D.4020803@onet.eu> <4E4156B8.3070008@s7p.de> Message-ID: <4E42E7D2.9030006@s7p.de> On 08/09/2011 05:48 PM, Stefan Piegsa wrote: > On 08/08/2011 11:46 AM, Andrzej Adam Filip wrote: >> On 08/08/2011 09:43 AM, Stefan Piegsa wrote: >>> Thanks for your reply! >>> >>> On 08/08/2011 08:36 AM, Andrzej Adam Filip wrote: >>>> Have you considered using sieve for the task? >>>> [Using imap4flags extension] >>> Yes, but I think it's not the optimal solution for what I want to do: >>> >>> Basically, I don't want emails to be sent first to the MTA and then >>> again to dovecot to be stored in "Sent Messages". >>> So I made a script that puts an email received from the MTA by an >>> authenticated user into his local Maildir/Sent folder, using: >>> dovecot-lda -d $user -m Sent. Such emails should be marked as seen. >>> >>> Sieve would be an option if it were possible to have a global sieve >>> script that is always executed, not only when there's no user script. >>> >>> Best Regards, >>> Stefan >>> >> Could not you use sieve_before? >> http://wiki.dovecot.org/LDA/Sieve >> >> You may consider using sieve_after if you want to allow users to >> overwrite your choice of "self copy" handling. >> > > sieve_after sounds interesting! > > Is there a way to match the destination mailbox in a sieve script? > The email comes in by dovecot-lda -d $user -m Sent > Now the sieve script should somehow match the mailbox "Sent". > I solved the problem now as follows: With MODIFY_REPLACE instead of MODIFY_ADD my original approach seems to work. I added an -S switch to the dovecot-lda sources and when it is set, I do mail_update_flags(ctx.src_mail, MODIFY_REPLACE, MAIL_SEEN) just before mail_deliver(...) A solution without modifing dovecot's source would be more pleasant but I don't see an option to match the destination mailbox with sieve or any other way to set the seen flag upon mail delivery. Best Regards, Stefan From jayw at interoceansystems.com Wed Aug 10 23:36:49 2011 From: jayw at interoceansystems.com (Jay Welch) Date: Wed, 10 Aug 2011 13:36:49 -0700 Subject: [Dovecot] Thunderbird Will Not Download Email Until Computer Is Rebooted Message-ID: <4E42EBE1.9040502@interoceansystems.com> Hey Guys, Have any of you seen an issue with Thunderbird in which the computer has to be rebooted for email to be downloaded? I have been looking over the InterWebs and I cannot find anything. I can see new email on the server as well. Where would be a good place to start for troubleshooting this issue? Thanks From robert at schetterer.org Thu Aug 11 11:00:24 2011 From: robert at schetterer.org (Robert Schetterer) Date: Thu, 11 Aug 2011 10:00:24 +0200 Subject: [Dovecot] Thunderbird Will Not Download Email Until Computer Is Rebooted In-Reply-To: <4E42EBE1.9040502@interoceansystems.com> References: <4E42EBE1.9040502@interoceansystems.com> Message-ID: <4E438C18.5080405@schetterer.org> Am 10.08.2011 22:36, schrieb Jay Welch: > Hey Guys, > > Have any of you seen an issue with Thunderbird in which the computer has > to be rebooted for email to be downloaded? I have been looking over the > InterWebs and I cannot find anything. I can see new email on the server > as well. Where would be a good place to start for troubleshooting this > issue? > > Thanks > > no havent seen this ever perhaps start here http://wiki.dovecot.org/Debugging/Thunderbird -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From stan at hardwarefreak.com Thu Aug 11 15:21:27 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Thu, 11 Aug 2011 07:21:27 -0500 Subject: [Dovecot] Thunderbird Will Not Download Email Until Computer Is Rebooted In-Reply-To: <4E42EBE1.9040502@interoceansystems.com> References: <4E42EBE1.9040502@interoceansystems.com> Message-ID: <4E43C947.9080006@hardwarefreak.com> On 8/10/2011 3:36 PM, Jay Welch wrote: > Have any of you seen an issue with Thunderbird in which the computer has > to be rebooted for email to be downloaded? I have been looking over the > InterWebs and I cannot find anything. I can see new email on the server > as well. Where would be a good place to start for troubleshooting this > issue? Here: http://catb.org/~esr/faqs/smart-questions.html -- Stan From pw at wk-serv.de Thu Aug 11 17:06:58 2011 From: pw at wk-serv.de (Patrick Westenberg) Date: Thu, 11 Aug 2011 16:06:58 +0200 Subject: [Dovecot] Unknown setting: service Message-ID: <4E43E202.4000205@wk-serv.de> Hi guys, I setup a new box with Debian Squeeze 64bit and installed dovecot from the sources. However, I can't start dovecot or even use doveconf: root at imap01:~# doveconf -n # 2.0.13: /usr/local/etc/dovecot/dovecot.conf doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/conf.d/10-mail.conf line 111: Unknown setting: mail_uid Why is mail_uid and mail_gid an unknown setting? On my other box the configuration is identical (but Dovecot is upgraded from early 2.0.x versions to the current one) If I comment the mail_uid and mail_gid lines, I get another error: root at imap01:~# doveconf -n doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/conf.d/10-master.conf line 17: Unknown setting: service doveconf: Error: managesieve-login: dump-capability process returned 89 doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/conf.d/10-master.conf line 17: Unknown setting: service Everything I could find on Google are problems after upgrading from 1.x to 2.x What went wrong? Regards Patrick From remy at luckyhands.nl Thu Aug 11 17:41:40 2011 From: remy at luckyhands.nl (Remy Zandwijk) Date: Thu, 11 Aug 2011 16:41:40 +0200 Subject: [Dovecot] Unknown setting: service In-Reply-To: <4E43E202.4000205@wk-serv.de> References: <4E43E202.4000205@wk-serv.de> Message-ID: <4E43EA24.1000409@luckyhands.nl> On 11.08.2011 16:06 , Patrick Westenberg wrote: > Hi guys, > > I setup a new box with Debian Squeeze 64bit and installed dovecot from > the sources. However, I can't start dovecot or even use doveconf: > > root at imap01:~# doveconf -n > # 2.0.13: /usr/local/etc/dovecot/dovecot.conf > doveconf: Fatal: Error in configuration file > /usr/local/etc/dovecot/conf.d/10-mail.conf line 111: Unknown setting: mail_uid > > Why is mail_uid and mail_gid an unknown setting? > On my other box the configuration is identical (but Dovecot is > upgraded from early 2.0.x versions to the current one) You probably forgot to set an } somewhere. Can you show us the 10-mail.conf file? -Remy From patrickdk at patrickdk.com Fri Aug 12 00:23:38 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Thu, 11 Aug 2011 17:23:38 -0400 Subject: [Dovecot] Unknown setting: service In-Reply-To: <4E43EA24.1000409@luckyhands.nl> References: <4E43E202.4000205@wk-serv.de> <4E43EA24.1000409@luckyhands.nl> Message-ID: <20110811172338.Horde.UUcBQJLnE6FOREhamFLjLkA@mail.patrickdk.com> Ya, would have to be one of the namespace }'s is missing, as they are right before mail_uid/gid Quoting Remy Zandwijk : > On 11.08.2011 16:06 , Patrick Westenberg wrote: >> Hi guys, >> >> I setup a new box with Debian Squeeze 64bit and installed dovecot from >> the sources. However, I can't start dovecot or even use doveconf: >> >> root at imap01:~# doveconf -n >> # 2.0.13: /usr/local/etc/dovecot/dovecot.conf >> doveconf: Fatal: Error in configuration file >> /usr/local/etc/dovecot/conf.d/10-mail.conf line 111: Unknown >> setting: mail_uid >> >> Why is mail_uid and mail_gid an unknown setting? >> On my other box the configuration is identical (but Dovecot is >> upgraded from early 2.0.x versions to the current one) > You probably forgot to set an } somewhere. Can you show us the > 10-mail.conf file? > > -Remy From coding25 at yahoo.com Fri Aug 12 06:13:05 2011 From: coding25 at yahoo.com (New Coder) Date: Thu, 11 Aug 2011 20:13:05 -0700 (PDT) Subject: [Dovecot] commercial use Message-ID: <1313118785.81562.YahooMailClassic@web120706.mail.ne1.yahoo.com> I was wondering if it was possible to use Dovecot as part of a commercial solution. For example, I mean charging for an email service which uses Dovecot.Thanks.? From wgillespie+dovecot at es2eng.com Fri Aug 12 09:05:28 2011 From: wgillespie+dovecot at es2eng.com (Willie Gillespie) Date: Fri, 12 Aug 2011 00:05:28 -0600 Subject: [Dovecot] commercial use In-Reply-To: <1313118785.81562.YahooMailClassic@web120706.mail.ne1.yahoo.com> References: <1313118785.81562.YahooMailClassic@web120706.mail.ne1.yahoo.com> Message-ID: <4E44C2A8.3050403@es2eng.com> On 8/11/2011 9:13 PM, New Coder wrote: > I was wondering if it was possible to use Dovecot as part of a commercial solution. For example, I mean charging for an email service which uses Dovecot.Thanks. Yes. For example, Rackspace uses it for their email solution. From pw at wk-serv.de Fri Aug 12 09:18:38 2011 From: pw at wk-serv.de (Patrick Westenberg) Date: Fri, 12 Aug 2011 08:18:38 +0200 Subject: [Dovecot] Unknown setting: service Message-ID: <2ff98212c733a8576c36980ea222d6c4@wk-serv.de> On Thu, 11 Aug 2011 17:23:38 -0400, Patrick Domack wrote: > Ya, would have to be one of the namespace }'s is missing, as they are > right before mail_uid/gid I really missed to uncomment the namespace ending curly bracket even though I triple checked this file. Thank you guys. From tkrah at fachschaft.imn.htwk-leipzig.de Fri Aug 12 10:16:24 2011 From: tkrah at fachschaft.imn.htwk-leipzig.de (Torsten Krah) Date: Fri, 12 Aug 2011 09:16:24 +0200 Subject: [Dovecot] Clients can't retrieve new emails In-Reply-To: References: <4E41684F.6060102@es2eng.com> Message-ID: <1313133384.25409.2.camel@sf050.friends> Am Dienstag, den 09.08.2011, 13:29 -0400 schrieb Jeff Van Epps: > I'll start searching for an Ubuntu PPA for version 2 Dovecot so I can > see > whether the same thing still happens. In case you did not found any ppa yet: https://launchpad.net/~carsten-uppenbrink-net/+archive/dovecot2 regards -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5253 bytes Desc: not available URL: From jeff.vanepps at gmail.com Fri Aug 12 14:15:55 2011 From: jeff.vanepps at gmail.com (Jeff Van Epps) Date: Fri, 12 Aug 2011 07:15:55 -0400 Subject: [Dovecot] Clients can't retrieve new emails In-Reply-To: <1313133384.25409.2.camel@sf050.friends> References: <4E41684F.6060102@es2eng.com> <1313133384.25409.2.camel@sf050.friends> Message-ID: I spent 3 hours Wednesday night getting Dovecot 2.0.13 to build from source, figuring out which packages were missing and installing them, configuring, debugging, etc. Since then the problem has not occurred ... but the rawlog shows the clients have not sent "STORE 0" during that time either. I don't know what triggered them to do so before. I'll keep running this way for a while. Will you be building a package for natty? On Fri, Aug 12, 2011 at 3:16 AM, Torsten Krah < tkrah at fachschaft.imn.htwk-leipzig.de> wrote: > Am Dienstag, den 09.08.2011, 13:29 -0400 schrieb Jeff Van Epps: > > I'll start searching for an Ubuntu PPA for version 2 Dovecot so I can > > see > > whether the same thing still happens. > > In case you did not found any ppa yet: > > https://launchpad.net/~carsten-uppenbrink-net/+archive/dovecot2 > > > regards > > From bmontgom at montynet.org Sun Aug 14 18:19:25 2011 From: bmontgom at montynet.org (Benjamin Montgomery) Date: Sun, 14 Aug 2011 10:19:25 -0500 Subject: [Dovecot] SQL passdb lookups not working In-Reply-To: <4E3ED10D.5000200@montynet.org> References: <4E3ED10D.5000200@montynet.org> Message-ID: <4E47E77D.9070904@montynet.org> Just in case someone else runs into this... I solved the problem that I described below by switching the password encoding to base64. Also, with django, you have to monkey patch (based on info from [1]) the set_password function in django.contrib.auth.models.User. You also have to use a UserProfile like described at [2]. Code below goes in models.py for your project. import hashlib import base64 from django.contrib.auth.models import User # Save original User set_password method orig_set_password = User.set_password def set_password(user, raw_password): if user.id == None: user.save() # Use the original method to set the django User password: orig_set_password(user, raw_password) userprofile, created = UserProfile.objects.get_or_create(user=user) # Save the salt and sha digest in the correct format for dovecot m = hashlib.sha1() userprofile.salt = user.password.split('$')[1] m.update(raw_password) m.update(userprofile.salt) userprofile.shadigest = base64.b64encode(m.digest() + userprofile.salt) userprofile.save() # Replace the method with the custom set_password User.set_password = set_password [1] https://github.com/jedie/PyLucid/blob/master/pylucid_project/apps/pylucid/models/userprofile.py [2] https://docs.djangoproject.com/en/1.3/topics/auth/#storing-additional-information-about-users On 8/7/2011 12:53 PM, Benjamin Montgomery wrote: > Hello everyone, > > I'm trying to make dovecot do user authentication against a SQL > database. The passwords (managed by Django) are stored as salted SHA1 > encoded in hex. I monkey patched Django's password method so that the > password hash is made with (Django does > , the patched method was verified to return same value > as dovecotpw) and the passwords are stored in the database separately as > the salted hash and the salt. When I query the values out of the > database, I'm using MySQL's concat function to return the password as > {SSHA.hex}. Dovecot is not able to verify any passwords > right now. I've scoured the wiki and I think my setup is > correct...config info is below. Any advice on where to look for > debugging or setup of my passwords would be appreciated! > > Ben > > > dovecot-sql.conf: > > default_pass_scheme = SSHA.hex > > password_query = \ > SELECT emailmanager_emailaddresses.account AS username, \ > emailmanager_domain.name AS domain, \ > CONCAT('{SSHA.hex}', \ > emailmanager_userprofile.shadigest, \ > emailmanager_userprofile.salt \ > ) AS password \ > FROM emailmanager_emailaddresses \ > JOIN emailmanager_domain ON emailmanager_emailaddresses.id = > emailmanager_domain.id \ > JOIN emailmanager_userprofile ON emailmanager_emailaddresses.id = > emailmanager_userprofile.id \ > WHERE emailmanager_emailaddresses.account = '%n' \ > AND emailmanager_domain.name = '%d' From mr.majewski at gmail.com Sun Aug 14 22:33:43 2011 From: mr.majewski at gmail.com (Michael) Date: Sun, 14 Aug 2011 19:33:43 +0000 (UTC) Subject: [Dovecot] migration from courier to dovecot Message-ID: hi all I have a problem with the conversion of files containing UIDL Courier to dovecot uidl , dovecot version is 1.2.15 , format in dovecot is pop3_uidl_format = %08Xu%08Xv i try any other from available list without success courierpop3dsizelist format /2 920 1290084761 1296206202.H818256P31717.domain.tld,S=57135:2,S 57679 87:1290084761 1296239411.H289216P22896.domain.tld,S=1660:2,S 1694 88:1290084761 1296480156.H578502P4335.domain.tld,S=26610:2,S 26995 89:1290084761 1296552510.H517452P28309.domain.tld,S=2894:2,S 2980 90:1290084761 1296740128.H139710P22101.domain.tld,S=4983:2,S 5121 91:1290084761 1296807457.H887067P13955.domain.tld,S=7841:2,S 8038 92:1290084761 1296807652.H904999P14102.domain.tld,S=114839:2,S 116421 93:1290084761 courierimapuiddb 1 1290084574 847 53 1296206202.H818256P31717.domain.tld,S=57135 54 1296239411.H289216P22896.domain.tld,S=1660 55 1296480156.H578502P4335.domain.tld,S=26610 56 1296552510.H517452P28309.domain.tld,S=2894 57 1296740128.H139710P22101.domain.tld,S=4983 58 1296807457.H887067P13955.domain.tld,S=7841 59 1296807652.H904999P14102.domain.tld,S=114839 and after using a script to convert from http://www.dovecot.org/tools/courier-dovecot-migrate.pl got this file dovecot-uidlist 3 V1290084574 N862 53 PUID87-1290084761 W57679 :1296206202.H818256P31717.domain.tld,S=57135:2,S 54 PUID88-1290084761 W1694 :1296239411.H289216P22896.domain.tld,S=1660:2,S 55 PUID89-1290084761 W26995 :1296480156.H578502P4335.domain.tld,S=26610:2,S 56 PUID90-1290084761 W2980 :1296552510.H517452P28309.domain.tld,S=2894:2,S 57 PUID91-1290084761 W5121 :1296740128.H139710P22101.domain.tld,S=4983:2,S 58 PUID92-1290084761 W8038 :1296807457.H887067P13955.domain.tld,S=7841:2,S 59 PUID93-1290084761W116421:1296807652.H904999P14102.domain.tld,S=114839:2,S Unfortunately, messages are downloaded to the client again and with over 300 account its problematic if someone would be willing and able to help I will be grateful , i don't have any idea what next can do with it ;( if any other information would be helpful please let me know From tss at iki.fi Sun Aug 14 23:47:07 2011 From: tss at iki.fi (Timo Sirainen) Date: Sun, 14 Aug 2011 23:47:07 +0300 Subject: [Dovecot] migration from courier to dovecot In-Reply-To: References: Message-ID: <1313354827.10421.1283.camel@hurina> On Sun, 2011-08-14 at 19:33 +0000, Michael wrote: > I have a problem with the conversion of files containing UIDL Courier to dovecot > uidl , dovecot version is 1.2.15 , format in dovecot is pop3_uidl_format = > %08Xu%08Xv i try any other from available list without success 1) Check some user's UIDL reply from Courier. 2) Check the same user's UIDL reply from Dovecot after running the migration script. What do you see? From tss at iki.fi Sun Aug 14 23:50:50 2011 From: tss at iki.fi (Timo Sirainen) Date: Sun, 14 Aug 2011 23:50:50 +0300 Subject: [Dovecot] Bug report v2.0.13 - CentOS x86_64 - NFS - mbox In-Reply-To: <4E425874.6040507@otenet.gr> References: <4E294AC0.2060706@otenet.gr> <4E425874.6040507@otenet.gr> Message-ID: <1313355050.10421.1285.camel@hurina> With a quick test I can't reproduce pop3_lock_session=yes causing a crash. I guess it needs something else besides what I tested. It would be helpful if your Dovecot binaries weren't stripped of debug symbols. I could then ask for some more information from the core dumps with gdb. On Wed, 2011-08-10 at 13:07 +0300, Kostas Zorbadelos wrote: > On 07/22/2011 01:02 PM, Kostas Zorbadelos wrote: > > Hello, > > since I saw no action on this, here is a newer update we discovered today. > > After setting pop3_lock_session = no the core dumps went away. > We will leave it like that and watch it for the next few days. If we set > pop3_lock_session = yes, the problem is reproduced. > > If I can do anything else to help debug the problem, please let me know. > > Regards, > > Kostas > > > Greetings to all. > > > > It's my first post to the list. We just completed a migration from qpopper to dovecot > > for our IMAP and POP3 services. We have a rather large mail environment > > (we are the biggest provider in Greece). > > > > So, here are the details: > > > > - Keep getting errors like these in our production environment > > > > Jul 22 00:18:21 pop01 dovecot: master: Error: service(pop3): child 4078 killed with signal 11 (core dumps disabled) > > Jul 22 00:19:31 pop03 dovecot: master: Error: service(pop3): child 18849 killed with signal 11 (core dumps disabled) > > > > --------------------------------------------------------------------- > > dovecot -n output > > --------------------------------------------------------------------- > > /opt/dovecot/sbin/dovecot -n > > # 2.0.13: /opt/dovecot/etc/dovecot/dovecot.conf > > # OS: Linux 2.6.18-92.1.22.el5 x86_64 CentOS release 5.5 (Final) > > auth_cache_negative_ttl = 10 mins > > auth_cache_size = 5 M > > auth_cache_ttl = 10 mins > > auth_verbose = yes > > default_client_limit = 5000 > > default_process_limit = 500 > > disable_plaintext_auth = no > > first_valid_uid = 200 > > listen = * > > log_timestamp = "%Y-%m-%d %H:%M:%S " > > login_greeting = ready > > mail_access_groups = mail otemail disk root > > mail_fsync = always > > mail_location = mbox:INDEX=/var/index/dovecot/%2.16Hn/%2.254Hn/%u > > mail_nfs_storage = yes > > mbox_lock_timeout = 2 mins > > mbox_min_index_size = 200 k > > mbox_read_locks = dotlock_try fcntl > > mbox_write_locks = dotlock_try fcntl > > passdb { > > args = /opt/dovecot/etc/dovecot/dovecot-ldap.conf.ext > > driver = ldap > > } > > protocols = imap pop3 > > service auth-worker { > > user = dovenull > > } > > service imap-login { > > inet_listener imap { > > port = 143 > > } > > inet_listener imaps { > > port = 993 > > ssl = yes > > } > > } > > service pop3-login { > > inet_listener pop3 { > > port = 110 > > } > > inet_listener pop3s { > > port = 995 > > ssl = yes > > } > > } > > ssl = no > > userdb { > > args = /opt/dovecot/etc/dovecot/dovecot-ldap.conf.ext > > driver = ldap > > } > > verbose_proctitle = yes > > protocol imap { > > imap_client_workarounds = delay-newmail tb-extra-mailbox-sep > > mail_max_userip_connections = 100 > > } > > protocol pop3 { > > mail_max_userip_connections = 100 > > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > > pop3_fast_size_lookups = yes > > pop3_lock_session = yes > > pop3_reuse_xuidl = yes > > pop3_uidl_format = %08Xu%08Xv > > } > > > > I enabled core dumps in one of our backend servers and here is the relevant gdb trace: > > > > [root at pop08 ~]# gdb /opt/dovecot/libexec/dovecot/pop3/core.9273 > > GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-32.el5_6.2) > > Copyright (C) 2009 Free Software Foundation, Inc. > > License GPLv3+: GNU GPL version 3 or later > > This is free software: you are free to change and redistribute it. > > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > > and "show warranty" for details. > > This GDB was configured as "x86_64-redhat-linux-gnu". > > For bug reporting instructions, please see: > > ... > > Reading symbols from /opt/dovecot/libexec/dovecot/pop3...(no debugging symbols found)...done. > > Reading symbols from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0...(no debugging symbols found)...done. > > Loaded symbols for /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > > Reading symbols from /opt/dovecot/lib/dovecot/libdovecot.so.0...(no debugging symbols found)...done. > > Loaded symbols for /opt/dovecot/lib/dovecot/libdovecot.so.0 > > Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done. > > Loaded symbols for /lib64/libdl.so.2 > > Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done. > > Loaded symbols for /lib64/librt.so.1 > > Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done. > > Loaded symbols for /lib64/libc.so.6 > > Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. > > Loaded symbols for /lib64/ld-linux-x86-64.so.2 > > Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done. > > Loaded symbols for /lib64/libpthread.so.0 > > Core was generated by `dovecot/pop3'. > > Program terminated with signal 11, Segmentation fault. > > #0 0x00002b52e1027e54 in istream_raw_mbox_get_start_offset () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > > (gdb) bt full > > #0 0x00002b52e1027e54 in istream_raw_mbox_get_start_offset () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > > No symbol table info available. > > #1 0x00002b52e102b759 in ?? () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > > No symbol table info available. > > #2 0x00002b52e100a2c0 in index_mail_expunge () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > > No symbol table info available. > > #3 0x0000000000405e9c in client_update_mails () > > No symbol table info available. > > #4 0x00000000004061c1 in client_command_execute () > > No symbol table info available. > > #5 0x00000000004045b9 in client_handle_input () > > No symbol table info available. > > #6 0x00002b52e12df698 in io_loop_call_io () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > > No symbol table info available. > > #7 0x00002b52e12e09d5 in io_loop_handler_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > > No symbol table info available. > > #8 0x00002b52e12df62d in io_loop_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > > No symbol table info available. > > #9 0x00002b52e12cdf13 in master_service_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > > No symbol table info available. > > #10 0x0000000000403994 in main () > > No symbol table info available. > > (gdb) > > > > All traces of the crashes are identical, that is > > #0 0x00002b52e1027e54 in istream_raw_mbox_get_start_offset () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > > #1 0x00002b52e102b759 in ?? () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > > #2 0x00002b52e100a2c0 in index_mail_expunge () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > > #3 0x0000000000405e9c in client_update_mails () > > #4 0x00000000004061c1 in client_command_execute () > > #5 0x00000000004045b9 in client_handle_input () > > #6 0x00002b52e12df698 in io_loop_call_io () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > > #7 0x00002b52e12e09d5 in io_loop_handler_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > > #8 0x00002b52e12df62d in io_loop_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > > #9 0x00002b52e12cdf13 in master_service_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > > #10 0x0000000000403994 in main () > > > > We have mboxes over NFS and we also have an ldap user backend. For now, I do not have a scenario > > that reproduces the problem. Any idea, or input are highly appreciated. Of course I can provide > > any information requested (without exposing restricted company or client data) to help trace > > the problem and lead to the solution. > > > > Thanks and keep up the good work! > > > > Regards, > > > > Kostas Zorbadelos > > > > > From tss at iki.fi Sun Aug 14 23:51:18 2011 From: tss at iki.fi (Timo Sirainen) Date: Sun, 14 Aug 2011 23:51:18 +0300 Subject: [Dovecot] LMTP over STDIN/STDOUT (non root user) In-Reply-To: <3kha87i6dl-B89@clifford.huge.strangled.net> References: <3kha87i6dl-B89@clifford.huge.strangled.net> Message-ID: <1313355078.10421.1286.camel@hurina> On Tue, 2011-08-09 at 17:29 +0200, Andrzej Adam Filip wrote: > Is it possible to get LMTP session over STDIN/STDOUT (for non root user)? Yeah. Just run it. From tss at iki.fi Sun Aug 14 23:53:19 2011 From: tss at iki.fi (Timo Sirainen) Date: Sun, 14 Aug 2011 23:53:19 +0300 Subject: [Dovecot] Trash Plugin In-Reply-To: <4E411B61.1040605@endersys.com> References: <4E411B61.1040605@endersys.com> Message-ID: <1313355199.10421.1288.camel@hurina> On Tue, 2011-08-09 at 14:34 +0300, Ayd?n Demirel wrote: > ReHi; > > I have a question about trash plugin. I added following lines into > dovecot.conf: > > quota_rule = *:storage=2048000 > quota_rule2 = Trash:storage=1MB > quota_rule3 = SPAM:ignore That looks like simply a quota plugin setting. You haven't shown anything settings about trash plugin. Which one do you really mean? > When I set *:storage line as default quota_rule , There is no problem.. > > But when I removed this line and set Trash:storage as default > quota_rule, plugin is not working.. > > That I said, Do I have to add *:storage line as first default line in > config line? You need a *:storage rule in any case. I don't know what you'd want to happen if it didn't exist. From tss at iki.fi Sun Aug 14 23:56:36 2011 From: tss at iki.fi (Timo Sirainen) Date: Sun, 14 Aug 2011 23:56:36 +0300 Subject: [Dovecot] Blocking auth services In-Reply-To: <4E3FD0C1.4000805@one.com> References: <4E3FD0C1.4000805@one.com> Message-ID: <1313355396.10421.1290.camel@hurina> On Mon, 2011-08-08 at 14:04 +0200, Peter Mogensen wrote: > I'm writing an passdb/userdb plugin to authenticate against an external > daemon listening on a UNIX socket. > > The connection to the daemon is 1 request at a time and thus blocking > (unlike passdb-ldap), but the daemon is preforking, so it can handle > more connections at a time. You're talking to it via UNIX socket, so you can talk to it with non-blocking sockets. > But I also have the option, to let the passdb/userdb plugin maintain a > pools of used/idle connections to the daemon and just pick a idle > connection and moving it to the used pool on each auth_request. > Which would save me the auth worker processes. This would be more efficient. (I wonder if you could make your external daemon talk auth-worker protocol and Dovecot would do this pooling automatically by thinking it's talking to its own workers?) From tss at iki.fi Mon Aug 15 00:03:09 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 15 Aug 2011 00:03:09 +0300 Subject: [Dovecot] Error when trying to delete folders In-Reply-To: <4E3FCCD2.4000603@jungo.com> References: <4E3FCCD2.4000603@jungo.com> Message-ID: <1313355789.10421.1294.camel@hurina> On Mon, 2011-08-08 at 14:47 +0300, Bar Ziony wrote: > When trying to delete a folder, I get this error: > "Server Error: DELETE: Can't rename mailboxes across specified storages" The problem is that you've specified a separate INDEX= path for Maildir. Dovecot's generic mailbox renaming code can't currently handle renaming between namespaces when they have different index paths. Since lazy-expunge handles mailbox deletions by renaming them into the lazy-expunge namespace, this fails. So your options are: a) Remove INDEX path from mail_location b) Fix Dovecot code to support renaming from different index paths (for maildir you could basically just delete the old index dir - a more generic solution would be more difficult) c) Forget about using lazy_expunge From tss at iki.fi Mon Aug 15 00:10:11 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 15 Aug 2011 00:10:11 +0300 Subject: [Dovecot] shared mailboxes In-Reply-To: References: Message-ID: <1313356211.10421.1296.camel@hurina> On Wed, 2011-08-03 at 01:33 +0300, Vasil Mikhalenya wrote: > 1. How to create a public mailbox - with per user seen flag. In my > configuration this flag is shared Currently this is possible only with Maildir (by creating dovecot-shared file). > 2. How to share one user mailbox with other users and set up acl. In > Cyrus it was very easy( cyradm sam mailbox user1 lrs or sam mailbox > user2 all ). What way there is to do this in dovecot. doveadm acl set > It was no problem with shared mailboxes in cyrus, but I need maildir support. Hmm? Looks like you're using mdbox..: > mail_location = mdbox:/var/mail/%1n/%n From tss at iki.fi Mon Aug 15 00:13:28 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 15 Aug 2011 00:13:28 +0300 Subject: [Dovecot] $IP not getting set? In-Reply-To: <4E38620A.20800@xjack.org> References: <4E38620A.20800@xjack.org> Message-ID: <1313356408.10421.1298.camel@hurina> On Tue, 2011-08-02 at 13:46 -0700, A.L. wrote: > Using dovecot 2.0.13. I went to implement relay-ctrl per directions > on the Wiki, and failed. After running it down, as best as I can > determine, the problem is that the $IP variable is not getting set (and > thus not re-set in the script wrapper). I plunked a "set >> debug" > into the script, and the only env var's that are set are as listed below > (slightly sanitized for public display). Anyone have any ideas? I > have tried both the Wiki-way, and this way: > http://dovecot.org/list/dovecot/2009-December/045139.html with > identical results. I don't know if the mailing list post is up to date, read the wiki instead: http://wiki2.dovecot.org/PostLoginScripting My test script prints the IP address to the IMAP session just fine: #!/bin/sh echo "* OK $IP" exec "$@" From tss at iki.fi Mon Aug 15 00:17:03 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 15 Aug 2011 00:17:03 +0300 Subject: [Dovecot] mbox issue - dovecot 2.0.13 In-Reply-To: <4E37877B.9040309@preachain.org> References: <4E37877B.9040309@preachain.org> Message-ID: <1313356623.10421.1301.camel@hurina> On Mon, 2011-08-01 at 22:13 -0700, John Alexander wrote: > I'm running into the following issue when trying to delete a folder: > > Aug 2 00:41:46 keg dovecot: imap(user): Error: > stat(/home/user/mail/Trash/.imap/MoreTest) failed: Not a directory 1) This is Thunderbird trying to delete mailbox by moving it under Trash mailbox, which won't work with mbox. You can fix this in TB by setting .. probably the "server supports subfolders" or whatever setting. 2) It's a Dovecot bug that it logs this error message. It's already fixed in v2.1, and I'd rather not spend time backporting the fix to v2.0. From AnFi at onet.eu Mon Aug 15 00:34:58 2011 From: AnFi at onet.eu (Andrzej Adam Filip) Date: Sun, 14 Aug 2011 23:34:58 +0200 Subject: [Dovecot] LMTP over STDIN/STDOUT (non root user) In-Reply-To: <1313355078.10421.1286.camel@hurina> (Timo Sirainen's message of "Sun, 14 Aug 2011 23:51:18 +0300") References: <3kha87i6dl-B89@clifford.huge.strangled.net> <1313355078.10421.1286.camel@hurina> Message-ID: Timo Sirainen wrote: > On Tue, 2011-08-09 at 17:29 +0200, Andrzej Adam Filip wrote: >> Is it possible to get LMTP session over STDIN/STDOUT (for non root user)? > > Yeah. Just run it. Step 1: OK/CLOSED Step 2: lmtp program seems to accept custom configuration file (-c _file_). The file specifies both passdb and userdb using Passwd-file. How to make lmtp skip attempts to contact auth server? P.S. I want to achieve personal (single user) "server less" IMAP&LMTP over STDIN&STDOUT configuration. Now I see: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied ... Fixing/changing socket permissions is no solutuion for me because I want to avoid need for any permanently running server. -- [pl>en: Andrew] Andrzej Adam Filip : anfi at onet.eu The whole history of computers is rampant with cheerleading at best and bigotry at worst. -- Larry Wall in <199702111730.JAA28598 at wall.org> From mr.majewski at gmail.com Mon Aug 15 00:43:32 2011 From: mr.majewski at gmail.com (Michael) Date: Sun, 14 Aug 2011 21:43:32 +0000 (UTC) Subject: [Dovecot] migration from courier to dovecot References: <1313354827.10421.1283.camel@hurina> Message-ID: send same in email ( first saw the email ) uidl's are to above mailbox conversion thanks for fast reply 1 UID87-1290084761 1 UID87-1290084761 2 UID88-1290084761 2 UID88-1290084761 3 UID89-1290084761 3 UID89-1290084761 4 UID90-1290084761 4 UID90-1290084761 . . . . 775 UID909-1290084761 775 UID909-1290084761 776 UID910-1290084761 776 UID910-1290084761 777 UID911-1290084761 777 UID911-1290084761 778 UID912-1290084761 778 UID912-1290084761 779 UID913-1290084761 779 UID913-1290084761 780 UID914-1290084761 780 UID914-1290084761 781 UID915-1290084761 781 UID915-1290084761 782 UID916-1290084761 782 UID916-1290084761 783 UID917-1290084761 783 UID917-1290084761 784 UID918-1290084761 784 UID918-1290084761 785 UID919-1290084761 785 UID919-1290084761 786 UID920-1290084761 786 0000035e4ce520de courier dovecot From tss at iki.fi Mon Aug 15 01:12:57 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 15 Aug 2011 01:12:57 +0300 Subject: [Dovecot] BUG - lmtp multiple recipients fail - setuid issue? In-Reply-To: References: Message-ID: <1313359977.10421.1304.camel@hurina> On Mon, 2011-08-01 at 14:28 -0700, Boris Lordis wrote: > Jul 27 11:24:42 testmailserver dovecot: lmtp(12412, steve): Error: > link(/spool/mail/j/jerry/mail/INBOX/u.20423, > /spool/mail/s/steve/mail/INBOX/.temp.1311791081.P12412Q2M989550.testmailserver.) > failed: Permission denied It shouldn't even try this.. I guess both INBOX directories use the same group? That's why Dovecot's internal check fails to realize that it can't use link(). This is now fixed in v2.1 hg tree. Too big of a change to fix in v2.0. You could work around it by using unique GIDs for users, or patching Dovecot's source code (mail_storage_copy_can_use_hardlink() to always return FALSE) From tss at iki.fi Mon Aug 15 01:20:41 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 15 Aug 2011 01:20:41 +0300 Subject: [Dovecot] migration from courier to dovecot In-Reply-To: References: <1313354827.10421.1283.camel@hurina> Message-ID: <1313360441.10421.1305.camel@hurina> So the UIDLs are preserved perfectly. The problem is with something else then. Such as did you change the server address in the client's config? Some clients trigger a redownload because of that. On Sun, 2011-08-14 at 21:43 +0000, Michael wrote: > send same in email ( first saw the email ) > uidl's are to above mailbox conversion > > thanks for fast reply > > 1 UID87-1290084761 1 UID87-1290084761 > 2 UID88-1290084761 2 UID88-1290084761 > 3 UID89-1290084761 3 UID89-1290084761 > 4 UID90-1290084761 4 UID90-1290084761 > . > . > . > . > > 775 UID909-1290084761 775 UID909-1290084761 > 776 UID910-1290084761 776 UID910-1290084761 > 777 UID911-1290084761 777 UID911-1290084761 > 778 UID912-1290084761 778 UID912-1290084761 > 779 UID913-1290084761 779 UID913-1290084761 > 780 UID914-1290084761 780 UID914-1290084761 > 781 UID915-1290084761 781 UID915-1290084761 > 782 UID916-1290084761 782 UID916-1290084761 > 783 UID917-1290084761 783 UID917-1290084761 > 784 UID918-1290084761 784 UID918-1290084761 > 785 UID919-1290084761 785 UID919-1290084761 > 786 UID920-1290084761 786 0000035e4ce520de > courier dovecot > > > From tss at iki.fi Mon Aug 15 01:24:54 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 15 Aug 2011 01:24:54 +0300 Subject: [Dovecot] LMTP over STDIN/STDOUT (non root user) In-Reply-To: References: <3kha87i6dl-B89@clifford.huge.strangled.net> <1313355078.10421.1286.camel@hurina> Message-ID: <1313360694.10421.1307.camel@hurina> On Sun, 2011-08-14 at 23:34 +0200, Andrzej Adam Filip wrote: > lmtp program seems to accept custom configuration file (-c _file_). > The file specifies both passdb and userdb using Passwd-file. > How to make lmtp skip attempts to contact auth server? Well, since LMTP by design is intended to deliver mails to multiple users, which requires userdb lookup, this is kind of a kludgy way to use it. If you really want to, you can do it by patching the LMTP sources: --- a/src/lmtp/main.c Mon Aug 15 01:18:01 2011 +0300 +++ b/src/lmtp/main.c Mon Aug 15 01:24:39 2011 +0300 @@ -81,7 +81,6 @@ enum master_service_flags service_flags = 0; enum mail_storage_service_flags storage_service_flags = MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT | - MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP | MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP | MAIL_STORAGE_SERVICE_FLAG_NO_LOG_INIT | MAIL_STORAGE_SERVICE_FLAG_NO_IDLE_TIMEOUT; From mr.majewski at gmail.com Mon Aug 15 01:35:07 2011 From: mr.majewski at gmail.com (Michael) Date: Sun, 14 Aug 2011 22:35:07 +0000 (UTC) Subject: [Dovecot] migration from courier to dovecot References: <1313354827.10421.1283.camel@hurina> <1313360441.10421.1305.camel@hurina> Message-ID: domain is the same as was , only ip is changed ( new machine for mx ) the same config ( i dont want to users had to change smth ) i'm confused :(( From tss at iki.fi Mon Aug 15 01:38:18 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 15 Aug 2011 01:38:18 +0300 Subject: [Dovecot] dovecot crashes after reloading service In-Reply-To: References: Message-ID: This is fixed in v2.0. Too much trouble trying to debug and fix it in v1.2. On 22.7.2011, at 23.48, Alan Morais wrote: > Hello, > > I just made a fresh install of dovecot using Iredmail, and works just fine, > but, after changing a parameter on /etc/dovecot.conf, and reloading > service, the daemon crashes, with the message as follows: > > * restarting the service instead of reload works fine. > > ############# Error message > > dovecot: Panic: file dict-process.c: line 154 (dict_listener_input): > assertion failed: (listener->process > es == NULL) > Jul 22 10:50:52 dovecot: Error: Raw backtrace: /usr/sbin/dovecot > [0x805adb0] -> /usr/sbin/dovecot [0x805ae93] -> /usr/sbi > n/dovecot [0x80529c6] -> /usr/sbin/dovecot [0x805a65c] -> /usr/sbin/dovecot > [0x804cd60] -> /usr/sbin/dovecot [0x805ece0] > -> /usr/sbin/dovecot [0x805ddc8] -> /usr/sbin/dovecot [0x805337d] -> > /lib/i686/nosegneg/libc.so.6(__libc_start_main+0xdc) > [0x6cce9c] -> /usr/sbin/dovecot [0x804a571] > > ############## Commands executed > > included parameter "login_greeting =xxxxxxxxxxxxxx" on dovecot.conf > > /etc/init.d/dovecot reload > > ##################### config > [root at correio221 ~]# dovecot -n > # 1.2.16: /etc/dovecot.conf > # OS: Linux 2.6.18-128.el5xen i686 CentOS release 5.3 (Final) nfs > log_path: /var/log/dovecot.log > protocols: pop3 pop3s imap imaps managesieve > listen(default): * > listen(imap): * > listen(pop3): * > listen(managesieve): *:2000 > ssl_ca_file: /etc/pki/tls/certs/iRedMail_CA.pem > ssl_cert_file: /etc/pki/tls/certs/iRedMail_CA.pem > ssl_key_file: /etc/pki/tls/private/iRedMail.key > login_dir: /var/run/dovecot/login > login_executable(default): /usr/libexec/dovecot/imap-login > login_executable(imap): /usr/libexec/dovecot/imap-login > login_executable(pop3): /usr/libexec/dovecot/pop3-login > login_executable(managesieve): /usr/libexec/dovecot/managesieve-login > login_greeting: SIANET POP/IMAP > login_process_size: 512 > login_processes_count: 128 > login_max_processes_count: 256 > login_max_connections: 1024 > max_mail_processes: 256 > first_valid_uid: 5000 > last_valid_uid: 5000 > mail_uid: 5000 > mail_gid: 5000 > mail_location: maildir:/home/vmail/%d/%Ln/Maildir > mmap_disable: yes > mail_nfs_storage: yes > mail_nfs_index: yes > lock_method: dotlock > mail_executable(default): /usr/libexec/dovecot/imap > mail_executable(imap): /usr/libexec/dovecot/imap > mail_executable(pop3): /usr/libexec/dovecot/pop3 > mail_executable(managesieve): /usr/libexec/dovecot/managesieve > mail_process_size: 512 > mail_plugins(default): quota imap_quota autocreate > mail_plugins(imap): quota imap_quota autocreate > mail_plugins(pop3): quota > mail_plugins(managesieve): > mail_plugin_dir(default): /usr/lib/dovecot/imap > mail_plugin_dir(imap): /usr/lib/dovecot/imap > mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 > mail_plugin_dir(managesieve): /usr/lib/dovecot/managesieve > imap_client_workarounds(default): tb-extra-mailbox-sep > imap_client_workarounds(imap): tb-extra-mailbox-sep > imap_client_workarounds(pop3): > imap_client_workarounds(managesieve): > pop3_client_workarounds(default): > pop3_client_workarounds(imap): > pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh > pop3_client_workarounds(managesieve): > namespace: > type: private > prefix: INBOX. > inbox: yes > list: yes > subscriptions: yes > lda: > postmaster_address: root > auth_socket_path: /var/run/dovecot/auth-master > mail_plugins: quota sieve autocreate > sieve_global_path: /home/vmail/sieve/dovecot.sieve > log_path: /var/log/sieve.log > auth default: > mechanisms: plain login > default_realm: sianet.com.br > user: vmail > verbose: yes > passdb: > driver: sql > args: /etc/dovecot-mysql.conf > userdb: > driver: sql > args: /etc/dovecot-mysql.conf > socket: > type: listen > client: > path: /var/spool/postfix/dovecot-auth > mode: 438 > user: postfix > group: postfix > master: > path: /var/run/dovecot/auth-master > mode: 438 > user: vmail > group: vmail > plugin: > quota_warning: storage=85%% /usr/local/bin/dovecot-quota-warning.sh 85 > quota_warning2: storage=90%% /usr/local/bin/dovecot-quota-warning.sh 90 > quota_warning3: storage=95%% /usr/local/bin/dovecot-quota-warning.sh 95 > quota: maildir > quota: dict:user::proxy::quotadict > quota_rule: *:storage=0 > expire: Trash 7 Trash/* 7 Junk 30 > expire_dict: proxy::expire > auth_socket_path: /var/run/dovecot/auth-master > sieve_global_dir: /home/vmail/ > sieve_before: %Lh/dovecot.sieve.before > sieve: /%Lh/dovecot.sieve > sieve_global_path: /home/vmail/dovecot.sieve > global_script_path: /home/vmail/dovecot.sieve > autocreate: INBOX > autocreate2: INBOX.Sent > autocreate3: INBOX.Trash > autocreate4: INBOX.Drafts > autocreate5: INBOX.Junk > autosubscribe: INBOX > autosubscribe2: INBOX.Sent > autosubscribe3: INBOX.Trash > autosubscribe4: INBOX.Drafts > autosubscribe5: INBOX.Junk > dict: > expire: db:/var/lib/dovecot/expire/expire.db > quotadict: mysql:/etc/dovecot-used-quota.conf > > Thanks in advance. > > -- > > Alan Morais > Analista de Suporte > Fone: (11) 2125-9222 > E-mail: alan.morais at sianet.com.br > [1] > > > > Links: > ------ > [1] http://www.sianet.com.br > From tss at iki.fi Mon Aug 15 01:39:09 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 15 Aug 2011 01:39:09 +0300 Subject: [Dovecot] How to "scramble" emails In-Reply-To: <257f8de50ff196dfc1b1daff4fb05a0e@smartmobili.com> References: <257f8de50ff196dfc1b1daff4fb05a0e@smartmobili.com> Message-ID: <1976BEBD-12F9-4B30-A9DD-5F968423A1EA@iki.fi> On 23.7.2011, at 12.38, Vincent Richomme wrote: > I am working on a webmail project using dovecot as imap server and I would need to make a demo > however I don't want to show all my emails addresses. > So my question is knowing that I am using the maildir format, would it ne possible > to do a kind of search and replace of all emails/cc/to and replace them by fake ones or will > it break something like indexes ? I guess you already tried, but yeah, if you modify emails you'll need to delete dovecot.index.cache files also. From mr.majewski at gmail.com Mon Aug 15 01:59:45 2011 From: mr.majewski at gmail.com (Michael) Date: Sun, 14 Aug 2011 22:59:45 +0000 (UTC) Subject: [Dovecot] migration from courier to dovecot References: <1313354827.10421.1283.camel@hurina> <1313360441.10421.1305.camel@hurina> Message-ID: hmm, in the meantime i ran Courier on a new server and the situation is the same messages are downloaded again, I do not understand completely why the change machine ip is so important for email clients , or i miss smth :( From tss at iki.fi Mon Aug 15 02:32:05 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 15 Aug 2011 02:32:05 +0300 Subject: [Dovecot] Parallel auth In-Reply-To: References: Message-ID: On 22.7.2011, at 9.42, Bernhard Schmidt wrote: > passdb { > args = /etc/dovecot/dovecot-passwd > driver = passwd-file > } > passdb { > args = /etc/dovecot/dovecot-ldap-simauth.conf.ext > driver = ldap > } Dovecot should first try the passwd-file and if it succeeds, stop. If it fails, continues to ldap. > Due to a firmware bug, our six-figures NAS causes extremely high LDAP > delays (in the range of 20-60 seconds, instead of the usual 50ms) once > an hour. The weird thing is, I also see these delays in the graph for > the local user. Which got me thinking Yes, that is weird. > * are authentication requests handled serially by dovecot/auth? Yes. > * any way to solve this situation for the local user (not to be blocked > by the delayed LDAP query)? Shouldn't happen! Maybe the delay was caused by something not directly related to the LDAP lookups.. You could also verify with straceing the auth process and authenticating as the local user to verify that it doesn't do an LDAP lookup. > * any way to solve this situation for LDAP users? We could possibly do > some loadbalancing if the auth-daemon opened several LDAP connections Not currently, at least not until I rewrite LDAP's connection pooling to work in a similar way to SQL. Although even that doesn't solve the latency problems, someone else also recently complained about one of their SQL servers giving high latency replies and Dovecot not dropping that server in favor of the second fast one.. I should do something about that. From apm at one.com Mon Aug 15 09:44:29 2011 From: apm at one.com (Peter Mogensen) Date: Mon, 15 Aug 2011 08:44:29 +0200 Subject: [Dovecot] Blocking auth services In-Reply-To: <1313355396.10421.1290.camel@hurina> References: <4E3FD0C1.4000805@one.com> <1313355396.10421.1290.camel@hurina> Message-ID: <4E48C04D.6090707@one.com> On 2011-08-14 22:56, Timo Sirainen wrote: > On Mon, 2011-08-08 at 14:04 +0200, Peter Mogensen wrote: > >> I'm writing an passdb/userdb plugin to authenticate against an external >> daemon listening on a UNIX socket. >> >> The connection to the daemon is 1 request at a time and thus blocking >> (unlike passdb-ldap), but the daemon is preforking, so it can handle >> more connections at a time. > > You're talking to it via UNIX socket, so you can talk to it with > non-blocking sockets. Yes... but a single connection can still only handle one request at a time. It's not the socket, which is blocking - it's the server end of the connection. >> But I also have the option, to let the passdb/userdb plugin maintain a >> pools of used/idle connections to the daemon and just pick a idle >> connection and moving it to the used pool on each auth_request. >> Which would save me the auth worker processes. > > This would be more efficient. (I wonder if you could make your external > daemon talk auth-worker protocol and Dovecot would do this pooling > automatically by thinking it's talking to its own workers?) We actually considered replacing the entire dovecot-auth process with a re-write of the daemon, which we had done with courier. But the courier-auth process is simpler, so we decided to go for a plugin to dovecot-auth. /Peter From fumiyas at osstech.jp Mon Aug 15 10:41:04 2011 From: fumiyas at osstech.jp (SATOH Fumiyasu) Date: Mon, 15 Aug 2011 16:41:04 +0900 Subject: [Dovecot] [PATCH] net_connect_*(): Wait for fd to complete connect(2) when fd is non-blocking In-Reply-To: <5C45A34F-1472-4DCD-B038-E07CEF6304BD@iki.fi> References: <87zkjv3eml.wl%fumiyas@osstech.jp> <87y5zf2ekl.wl%fumiyas@osstech.jp> <87livcr1le.wl%fumiyas@osstech.jp> <5C45A34F-1472-4DCD-B038-E07CEF6304BD@iki.fi> Message-ID: <87ippzp1f3.wl%fumiyas@osstech.jp> At Wed, 10 Aug 2011 20:37:46 +0300, Timo Sirainen wrote: > On 2.8.2011, at 5.25, SATOH Fumiyasu wrote: > > >>> Dovecot ignores EINPROGRESS on connect(2) for non-blocking fd. > >>> This is wrong. After that, read(2) to fd (or write(2) to fd) fails > >>> with ENOTCONN if the connection of fd is not completed. > >>> > >>> The attached patch fixes this problem. > > If you do that, then there's no point in making the socket > non-blocking before connect(). Linux connect(2) manpage said: EINPROGRESS The socket is nonblocking and the connection cannot be completed immediately. It is pos- sible to select(2) or poll(2) for completion by selecting the socket for writing. After select(2) indicates writability, use get- sockopt(2) to read the SO_ERROR option at level SOL_SOCKET to determine whether con- nect() completed successfully (SO_ERROR is zero) or unsuccessfully (SO_ERROR is one of the usual error codes listed here, explain- ing the reason for the failure). Solaris 10 connect(3SOCKET) manpage said: EINPROGRESS The socket is non-blocking, and the connection cannot be completed immediately. You can use select(3C) to complete the connection by selecting the socket for writing. Windows connect function document said (http://msdn.microsoft.com/en-us/library/ms737625%28v=vs.85%29.aspx): With a nonblocking socket, the connection attempt cannot be completed immediately. In this case, connect will return SOCKET_ERROR, and WSAGetLastError will return WSAEWOULDBLOCK. In this case, there are three possible scenarios: * Use the select function to determine the completion of the connection request by checking to see if the socket is writeable. * If the application is using WSAAsyncSelect to indicate interest in connection events, then the application will receive an FD_CONNECT notification indicating that the connect operation is complete (successfully or not). * If the application is using WSAEventSelect to indicate interest in connection events, then the associated event object will be signaled indicating that the connect operation is complete (successfully or not). > > On a high-load Solaris 10 box, dovecot-lda fails to query (I/O) to > > dovecot dict socket with ENOTCONN. My patch fixes this problem. > > I think Linux/etc returns EAGAIN in such situation. Maybe the right > fix is to just add EINPROGRESS check for net_connect_unix_with_retries()? > (With some extra changes so that it actually sees that errno from > net_connect_unix()) I think you MUST wait for the fd to complete connect() before read() from / write() to the fd in such situation. -- -- Name: SATOH Fumiyasu (fumiyas @ osstech co jp) -- Business Home: http://www.OSSTech.co.jp/ -- Personal Home: http://www.SFO.jp/blog/ From kzorba at otenet.gr Mon Aug 15 11:17:01 2011 From: kzorba at otenet.gr (kzorba at otenet.gr) Date: Mon, 15 Aug 2011 11:17:01 +0300 Subject: [Dovecot] Bug report v2.0.13 - CentOS x86_64 - NFS - mbox In-Reply-To: <1313355050.10421.1285.camel@hurina> References: <4E294AC0.2060706@otenet.gr> <4E425874.6040507@otenet.gr> <1313355050.10421.1285.camel@hurina> Message-ID: <20110815111701.68513psu7vb3wflp@noc.otenet.gr> Quoting Timo Sirainen : > With a quick test I can't reproduce pop3_lock_session=yes causing a > crash. I guess it needs something else besides what I tested. It would > be helpful if your Dovecot binaries weren't stripped of debug symbols. I > could then ask for some more information from the core dumps with gdb. > Hi Timo, indeed it is a bug that I could not reproduce myself. Having debug symbols and producing the stack trace is the next logical step and I will work on this tomorrow. Since --enable-debug does not work in your configure script, can you direct me as to what is needed? Is there an option in configure or do I need to mess with the makefiles? On the other hand, I have found two different bugs. Having pop3_lock_session=yes we have the situation described here and also of course delays in local deliveries in case a client has an active pop session. And I can tell you we have a lot of abusing clients that keep hitting our pop servers continuously, or keep connections open for a VERY long time. To address that, we put pop3_lock_session=no. In this case, there is an fcntl lock leak somewhere. The good news is that we have reproduced that and I will send relevant information in a different mail. I also read the following thread, from a while back: http://www.dovecot.org/list/dovecot/2009-February/037098.html Regards, Kostas > On Wed, 2011-08-10 at 13:07 +0300, Kostas Zorbadelos wrote: >> On 07/22/2011 01:02 PM, Kostas Zorbadelos wrote: >> >> Hello, >> >> since I saw no action on this, here is a newer update we discovered today. >> >> After setting pop3_lock_session = no the core dumps went away. >> We will leave it like that and watch it for the next few days. If we set >> pop3_lock_session = yes, the problem is reproduced. >> >> If I can do anything else to help debug the problem, please let me know. >> >> Regards, >> >> Kostas >> >> > Greetings to all. >> > >> > It's my first post to the list. We just completed a migration >> from qpopper to dovecot >> > for our IMAP and POP3 services. We have a rather large mail environment >> > (we are the biggest provider in Greece). >> > >> > So, here are the details: >> > >> > - Keep getting errors like these in our production environment >> > >> > Jul 22 00:18:21 pop01 dovecot: master: Error: service(pop3): >> child 4078 killed with signal 11 (core dumps disabled) >> > Jul 22 00:19:31 pop03 dovecot: master: Error: service(pop3): >> child 18849 killed with signal 11 (core dumps disabled) >> > >> > --------------------------------------------------------------------- >> > dovecot -n output >> > --------------------------------------------------------------------- >> > /opt/dovecot/sbin/dovecot -n >> > # 2.0.13: /opt/dovecot/etc/dovecot/dovecot.conf >> > # OS: Linux 2.6.18-92.1.22.el5 x86_64 CentOS release 5.5 (Final) >> > auth_cache_negative_ttl = 10 mins >> > auth_cache_size = 5 M >> > auth_cache_ttl = 10 mins >> > auth_verbose = yes >> > default_client_limit = 5000 >> > default_process_limit = 500 >> > disable_plaintext_auth = no >> > first_valid_uid = 200 >> > listen = * >> > log_timestamp = "%Y-%m-%d %H:%M:%S " >> > login_greeting = ready >> > mail_access_groups = mail otemail disk root >> > mail_fsync = always >> > mail_location = mbox:INDEX=/var/index/dovecot/%2.16Hn/%2.254Hn/%u >> > mail_nfs_storage = yes >> > mbox_lock_timeout = 2 mins >> > mbox_min_index_size = 200 k >> > mbox_read_locks = dotlock_try fcntl >> > mbox_write_locks = dotlock_try fcntl >> > passdb { >> > args = /opt/dovecot/etc/dovecot/dovecot-ldap.conf.ext >> > driver = ldap >> > } >> > protocols = imap pop3 >> > service auth-worker { >> > user = dovenull >> > } >> > service imap-login { >> > inet_listener imap { >> > port = 143 >> > } >> > inet_listener imaps { >> > port = 993 >> > ssl = yes >> > } >> > } >> > service pop3-login { >> > inet_listener pop3 { >> > port = 110 >> > } >> > inet_listener pop3s { >> > port = 995 >> > ssl = yes >> > } >> > } >> > ssl = no >> > userdb { >> > args = /opt/dovecot/etc/dovecot/dovecot-ldap.conf.ext >> > driver = ldap >> > } >> > verbose_proctitle = yes >> > protocol imap { >> > imap_client_workarounds = delay-newmail tb-extra-mailbox-sep >> > mail_max_userip_connections = 100 >> > } >> > protocol pop3 { >> > mail_max_userip_connections = 100 >> > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh >> > pop3_fast_size_lookups = yes >> > pop3_lock_session = yes >> > pop3_reuse_xuidl = yes >> > pop3_uidl_format = %08Xu%08Xv >> > } >> > >> > I enabled core dumps in one of our backend servers and here is >> the relevant gdb trace: >> > >> > [root at pop08 ~]# gdb >> /opt/dovecot/libexec/dovecot/pop3/core.9273 >> > GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-32.el5_6.2) >> > Copyright (C) 2009 Free Software Foundation, Inc. >> > License GPLv3+: GNU GPL version 3 or >> later >> > This is free software: you are free to change and redistribute it. >> > There is NO WARRANTY, to the extent permitted by law. Type "show copying" >> > and "show warranty" for details. >> > This GDB was configured as "x86_64-redhat-linux-gnu". >> > For bug reporting instructions, please see: >> > ... >> > Reading symbols from /opt/dovecot/libexec/dovecot/pop3...(no >> debugging symbols found)...done. >> > Reading symbols from >> /opt/dovecot/lib/dovecot/libdovecot-storage.so.0...(no debugging >> symbols found)...done. >> > Loaded symbols for /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 >> > Reading symbols from >> /opt/dovecot/lib/dovecot/libdovecot.so.0...(no debugging symbols >> found)...done. >> > Loaded symbols for /opt/dovecot/lib/dovecot/libdovecot.so.0 >> > Reading symbols from /lib64/libdl.so.2...(no debugging symbols >> found)...done. >> > Loaded symbols for /lib64/libdl.so.2 >> > Reading symbols from /lib64/librt.so.1...(no debugging symbols >> found)...done. >> > Loaded symbols for /lib64/librt.so.1 >> > Reading symbols from /lib64/libc.so.6...(no debugging symbols >> found)...done. >> > Loaded symbols for /lib64/libc.so.6 >> > Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging >> symbols found)...done. >> > Loaded symbols for /lib64/ld-linux-x86-64.so.2 >> > Reading symbols from /lib64/libpthread.so.0...(no debugging >> symbols found)...done. >> > Loaded symbols for /lib64/libpthread.so.0 >> > Core was generated by `dovecot/pop3'. >> > Program terminated with signal 11, Segmentation fault. >> > #0 0x00002b52e1027e54 in istream_raw_mbox_get_start_offset () >> from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 >> > (gdb) bt full >> > #0 0x00002b52e1027e54 in istream_raw_mbox_get_start_offset () >> from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 >> > No symbol table info available. >> > #1 0x00002b52e102b759 in ?? () from >> /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 >> > No symbol table info available. >> > #2 0x00002b52e100a2c0 in index_mail_expunge () from >> /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 >> > No symbol table info available. >> > #3 0x0000000000405e9c in client_update_mails () >> > No symbol table info available. >> > #4 0x00000000004061c1 in client_command_execute () >> > No symbol table info available. >> > #5 0x00000000004045b9 in client_handle_input () >> > No symbol table info available. >> > #6 0x00002b52e12df698 in io_loop_call_io () from >> /opt/dovecot/lib/dovecot/libdovecot.so.0 >> > No symbol table info available. >> > #7 0x00002b52e12e09d5 in io_loop_handler_run () from >> /opt/dovecot/lib/dovecot/libdovecot.so.0 >> > No symbol table info available. >> > #8 0x00002b52e12df62d in io_loop_run () from >> /opt/dovecot/lib/dovecot/libdovecot.so.0 >> > No symbol table info available. >> > #9 0x00002b52e12cdf13 in master_service_run () from >> /opt/dovecot/lib/dovecot/libdovecot.so.0 >> > No symbol table info available. >> > #10 0x0000000000403994 in main () >> > No symbol table info available. >> > (gdb) >> > >> > All traces of the crashes are identical, that is >> > #0 0x00002b52e1027e54 in istream_raw_mbox_get_start_offset () >> from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 >> > #1 0x00002b52e102b759 in ?? () from >> /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 >> > #2 0x00002b52e100a2c0 in index_mail_expunge () from >> /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 >> > #3 0x0000000000405e9c in client_update_mails () >> > #4 0x00000000004061c1 in client_command_execute () >> > #5 0x00000000004045b9 in client_handle_input () >> > #6 0x00002b52e12df698 in io_loop_call_io () from >> /opt/dovecot/lib/dovecot/libdovecot.so.0 >> > #7 0x00002b52e12e09d5 in io_loop_handler_run () from >> /opt/dovecot/lib/dovecot/libdovecot.so.0 >> > #8 0x00002b52e12df62d in io_loop_run () from >> /opt/dovecot/lib/dovecot/libdovecot.so.0 >> > #9 0x00002b52e12cdf13 in master_service_run () from >> /opt/dovecot/lib/dovecot/libdovecot.so.0 >> > #10 0x0000000000403994 in main () >> > >> > We have mboxes over NFS and we also have an ldap user backend. >> For now, I do not have a scenario >> > that reproduces the problem. Any idea, or input are highly >> appreciated. Of course I can provide >> > any information requested (without exposing restricted company or >> client data) to help trace >> > the problem and lead to the solution. >> > >> > Thanks and keep up the good work! >> > >> > Regards, >> > >> > Kostas Zorbadelos >> > >> > >> > > > From AnFi at onet.eu Mon Aug 15 11:30:27 2011 From: AnFi at onet.eu (Andrzej Adam Filip) Date: Mon, 15 Aug 2011 10:30:27 +0200 Subject: [Dovecot] LMTP over STDIN/STDOUT (non root user) In-Reply-To: <1313360694.10421.1307.camel@hurina> (Timo Sirainen's message of "Mon, 15 Aug 2011 01:24:54 +0300") References: <3kha87i6dl-B89@clifford.huge.strangled.net> <1313355078.10421.1286.camel@hurina> <1313360694.10421.1307.camel@hurina> Message-ID: <0rgmp6fipx-B8F@john.huge.strangled.net> Timo Sirainen wrote: > On Sun, 2011-08-14 at 23:34 +0200, Andrzej Adam Filip wrote: >> lmtp program seems to accept custom configuration file (-c _file_). >> The file specifies both passdb and userdb using Passwd-file. >> How to make lmtp skip attempts to contact auth server? > > Well, since LMTP by design is intended to deliver mails to multiple > users, which requires userdb lookup, this is kind of a kludgy way to > use it. LMTP offers *also* a sensible way to reduce number of execution of deliver program, does not it? :-) Such use does make sense when retrieving messages from high volume mailing lists even after "half day break". > If you really want to, you can do it by patching the LMTP sources: > > --- a/src/lmtp/main.c Mon Aug 15 01:18:01 2011 +0300 > +++ b/src/lmtp/main.c Mon Aug 15 01:24:39 2011 +0300 > @@ -81,7 +81,6 @@ > enum master_service_flags service_flags = 0; > enum mail_storage_service_flags storage_service_flags = > MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT | > - MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP | > MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP | > MAIL_STORAGE_SERVICE_FLAG_NO_LOG_INIT | > MAIL_STORAGE_SERVICE_FLAG_NO_IDLE_TIMEOUT; Thank for the patch/consideration. Do you intend to include it into official code base sometime in the (near) future? -- [pl>en: Andrew] Andrzej Adam Filip : anfi at onet.eu We gave you an atomic bomb, what do you want, mermaids? -- I. I. Rabi to the Atomic Energy Commission From tss at iki.fi Mon Aug 15 12:39:31 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 15 Aug 2011 12:39:31 +0300 Subject: [Dovecot] LMTP over STDIN/STDOUT (non root user) In-Reply-To: <0rgmp6fipx-B8F@john.huge.strangled.net> References: <3kha87i6dl-B89@clifford.huge.strangled.net> <1313355078.10421.1286.camel@hurina> <1313360694.10421.1307.camel@hurina> <0rgmp6fipx-B8F@john.huge.strangled.net> Message-ID: On 15.8.2011, at 11.30, Andrzej Adam Filip wrote: > Timo Sirainen wrote: >> On Sun, 2011-08-14 at 23:34 +0200, Andrzej Adam Filip wrote: >>> lmtp program seems to accept custom configuration file (-c _file_). >>> The file specifies both passdb and userdb using Passwd-file. >>> How to make lmtp skip attempts to contact auth server? >> >> Well, since LMTP by design is intended to deliver mails to multiple >> users, which requires userdb lookup, this is kind of a kludgy way to >> use it. > > LMTP offers *also* a sensible way to reduce number of execution of > deliver program, does not it? :-) Depends on how you're intending to run it. If you can manage to keep the session open between mail deliveries, then it'll work, but I don't really know how you could do that. >> If you really want to, you can do it by patching the LMTP sources: >> >> --- a/src/lmtp/main.c Mon Aug 15 01:18:01 2011 +0300 >> +++ b/src/lmtp/main.c Mon Aug 15 01:24:39 2011 +0300 >> @@ -81,7 +81,6 @@ >> enum master_service_flags service_flags = 0; >> enum mail_storage_service_flags storage_service_flags = >> MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT | >> - MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP | >> MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP | >> MAIL_STORAGE_SERVICE_FLAG_NO_LOG_INIT | >> MAIL_STORAGE_SERVICE_FLAG_NO_IDLE_TIMEOUT; > > Thank for the patch/consideration. > > Do you intend to include it into official code base sometime in the > (near) future? No. From anfi at onet.eu Mon Aug 15 16:31:29 2011 From: anfi at onet.eu (Andrzej Adam Filip) Date: Mon, 15 Aug 2011 15:31:29 +0200 Subject: [Dovecot] LMTP over STDIN/STDOUT (non root user) In-Reply-To: (Timo Sirainen's message of "Mon, 15 Aug 2011 12:39:31 +0300") References: <3kha87i6dl-B89@clifford.huge.strangled.net> <1313355078.10421.1286.camel@hurina> <1313360694.10421.1307.camel@hurina> <0rgmp6fipx-B8F@john.huge.strangled.net> Message-ID: Timo Sirainen wrote: > On 15.8.2011, at 11.30, Andrzej Adam Filip wrote: > >> Timo Sirainen wrote: >>> On Sun, 2011-08-14 at 23:34 +0200, Andrzej Adam Filip wrote: >>>> lmtp program seems to accept custom configuration file (-c _file_). >>>> The file specifies both passdb and userdb using Passwd-file. >>>> How to make lmtp skip attempts to contact auth server? >>> >>> Well, since LMTP by design is intended to deliver mails to multiple >>> users, which requires userdb lookup, this is kind of a kludgy way to >>> use it. >> >> LMTP offers *also* a sensible way to reduce number of execution of >> deliver program, does not it? :-) > > Depends on how you're intending to run it. If you can manage to keep > the session open between mail deliveries, then it'll work, but I don't > really know how you could do that. > [...] MTA operating in normal mode of accepting messages over SMTP can hardly benefit without significant delivery delays. Fetchmail polling other POP/IMAP accounts can achieve multiple messages over single LMTP session (to one recipient) especially after "overnight break". MTA perspective is not the only one even if it is the most important. -- [pl>en: Andrew] Andrzej Adam Filip : anfi at onet.eu It's possible that I'm just an idiot, and don't recognize a sleepy slavemaster when I see one. -- Larry Wall in <199708040319.UAA16213 at wall.org> From sollog at digiraticonsulting.com Mon Aug 15 23:41:26 2011 From: sollog at digiraticonsulting.com (Munroe Sollog) Date: Mon, 15 Aug 2011 16:41:26 -0400 Subject: [Dovecot] Last login script Message-ID: <81110451-063E-4A5A-9C73-727B2976CE20@digiraticonsulting.com> I am trying to implement a last login script, however I seem to be having lots of issues. We started with sqlite but we were having locking issues, so we moved to postgresql which seems to have alleviated database specific issues, but now people are complaining about randomly not being able to log in. I don't see any real errors in the logs (dovecot or postgresql) to explain their complaints though, all I am really getting is "Connection closed" here is the log line of a failed attempt (with debug output): http://pastebin.com/5RFgVa8V and here is what we are running as the 'mail executable': http://pastebin.com/L0ibyqSQ Any help would be greatly appreciated, thanks. Munroe Sollog Digirati Consulting sollog at digiraticonsulting.com (610) 332-7234 x805 From postmaster at psy.miami.edu Tue Aug 16 00:13:56 2011 From: postmaster at psy.miami.edu (Postmaster) Date: Mon, 15 Aug 2011 17:13:56 -0400 Subject: [Dovecot] dovecot's documentation dearth Message-ID: <4E498C14.8070200@psy.miami.edu> Hello. The first thing for me to say is thanks! I've been using dovecot since test 61 and it has basically performed flawlessly for me from day number 1. Dovecot makes me look like a genius sysadmin, especially compared to my colleagues struggling with exchange. So thanks, gracias, obrigado!! I'm working on a configuration for 2.0 and I'm finding the documentation somewhat difficult. I think it would be very helpful to me to have encountered a single page that detailed all available configuration sections. I don't know how to find out what the sections are, when to use them or what specifically they control. So far I've encountered... passdb plugin service protocol userdb local_name (and I think there is another one of these for ips) The service section itself would benefit from a single page detailing all of the possible types of service sections available. The next problem I've had is discovering that several parts of dovecot have no documentation at all even though they are standalone executables run by root. config, log, and ssl_params all run as root but there is also anvil and they look to me like they could support listening on a port if inet_interfaces is defined. You can say, "Relax fella, trust me. These programs are all part of dovecot and are run only if they're needed." Then I'll say, "Yes but I'm the administrator. I need to know how the parts fit together to know if the system's broken." Then you say, "Well that makes sense, but the things you're talking about aren't really configured. They are mostly internal to dovecot, they just happen to be broken out into external programs. You may as well be asking for documentation on a specific function in a library. If that's what you want, you can read through the source code." Well I guess that would be one solution. The bottom line is that it gives me an uncomfortableness to not be able to control or explain the operation of the software I'm supposedly administering. Take the program named log (which should be named dovecot-log or something less generic), it is launched even though I've specified syslog in the configuration. Logging is not interrupted when the process is killed. So, why is it running? What is it doing? Why does it need root? How do I control it? I think these are all good questions for an administrator to ask. That's my feedback for what it's worth, but mostly, thanks again for dovecot! From copalfreak at gmail.com Tue Aug 16 02:07:37 2011 From: copalfreak at gmail.com (CopalFreak) Date: Mon, 15 Aug 2011 18:07:37 -0500 Subject: [Dovecot] Slackware Dovecot recompile with SSL/TLS question Message-ID: <4E49A6B9.9000706@gmail.com> I am having some problems and was told to ask in this list to try and get some help. When asking elsewhere, I was told that I was too verbose, so I'll try to be as brief as possible, while still including all the pertinent info. Slackware 13.1.0 Dovecot 2.0.8 Postfix 2.4.3 MySQL (virtual users) Spamassassin 3.3.1 ClamAV 0.97.1 (without Amavis) Have wild-card SSL certs and CA from GoDaddy ##"postconf -a" >> cyrus >> dovecot I compiled Dovecot without SASL support and need to re-compile it WITH SASL support, but I don't want to mess up my existing configuration. (I have it the way I want it as far as where it's installed, where the conf files are located, UID, GID settings, etc.) Dovecot 2.0.13 is out and I would prefer to use the newer version assuming it doesn't have any problems that would prevent me from using it. Is there a way to re-compile (or upgrade) so that it doesn't change any of my existing settings? I would like to be able to bring it down, do upgrade, maybe copy some config files over the defaults etc, and bring it all back up within a few minutes instead of a week of tweaking and fixing stuff. Is there a way to do something like this : stop dovecot backup all dovecot conf files ./configure CPPFLAGS=-I/path/to/openssl LDFLAGS=-L/path/to/openssl --config_dir /etc/dovecot/dovecot.conf (or something like that..not sure what it actually is) make sudo make install edit conf files to point to SSL certs start dovecot IN CASE anything goes wrong, copy old config files back and restart dovecot to make it go back the way it was (only it's using the new 2.0.13 version) any suggestions and/or tips on how-to do this would be greatly appreciated. Thanks! From rob0 at gmx.co.uk Tue Aug 16 05:21:22 2011 From: rob0 at gmx.co.uk (/dev/rob0) Date: Mon, 15 Aug 2011 21:21:22 -0500 Subject: [Dovecot] Slackware Dovecot recompile with SSL/TLS question In-Reply-To: <4E49A6B9.9000706@gmail.com> References: <4E49A6B9.9000706@gmail.com> Message-ID: <20110816022121.GJ14195@harrier.slackbuilds.org> On Mon, Aug 15, 2011 at 06:07:37PM -0500, CopalFreak wrote: > Slackware 13.1.0 > Dovecot 2.0.8 > Postfix 2.4.3 That's rather old, BTW. > MySQL (virtual users) > Spamassassin 3.3.1 > ClamAV 0.97.1 (without Amavis) > Have wild-card SSL certs and CA from GoDaddy > > ##"postconf -a" > >> cyrus > >> dovecot > > I compiled Dovecot without SASL support and need to re-compile it > WITH SASL support, The Subject line says "SSL/TLS", and then here you say "SASL". I suppose the Subject is correct, right? I don't recall there being options to enable/disable SASL in Dovecot. > but I don't want to mess up my existing configuration. (I have > it the way I want it as far as where it's installed, where the > conf files are located, UID, GID settings, etc.) > > Dovecot 2.0.13 is out and I would prefer to use the newer > version assuming it doesn't have any problems that would > prevent me from using it. > > Is there a way to re-compile (or upgrade) so that it doesn't > change any of my existing settings? Did you look at the wiki yet? Upgrading from one minor version to another should be rather simple. Check the NEWS. http://wiki2.dovecot.org/Upgrading http://dovecot.org/doc/NEWS > I would like to be able to bring it down, do upgrade, maybe copy > some config files over the defaults etc, and bring it all back > up within a few minutes instead of a week of tweaking and fixing > stuff. Spend some time in advance, and this should be simple. > Is there a way to do something like this : > > stop dovecot No, this is too early in the process. Compile first. > backup all dovecot conf files > > ./configure CPPFLAGS=-I/path/to/openssl LDFLAGS=-L/path/to/openssl > --config_dir /etc/dovecot/dovecot.conf > (or something like that..not sure what it actually is) > > make Here's where you'd "dovecot stop". > sudo make install > edit conf files to point to SSL certs Actually you can edit the modular /etc/dovecot/conf.d/10-ssl.conf file ahead of time, then just uncomment the include line at this point. > start dovecot > > > IN CASE anything goes wrong, copy old config files back and > restart dovecot to make it go back the way it was (only it's > using the new 2.0.13 version) > > > any suggestions and/or tips on how-to do this would be greatly > appreciated. You might gain some confidence by doing this in a virtual machine and/or chroot in advance. -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header From dlie76 at yahoo.com.au Tue Aug 16 08:19:34 2011 From: dlie76 at yahoo.com.au (Daminto Lie) Date: Mon, 15 Aug 2011 22:19:34 -0700 (PDT) Subject: [Dovecot] imap-login aborted login Message-ID: <1313471974.41094.YahooMailNeo@web113416.mail.gq1.yahoo.com> Hi, I have been trying to set up Apache2, Postfix, Dovecot, openLDAP and squirrelmail on my Ubuntu Server 10.04 machine. The idea is to make use of the LDAP to authenticate users to login to squirrelmail to send/receive emails. I have been using the link - https://help.ubuntu.com/community/Postfix/DovecotLDAP, as a guide to get it all set up. I have checked the status for postfix and dovecot, and they both are up and running by using telnet. I have even installed openldapadmin to check and see if I've got the ldap working. I could login to openldapadmin and saw myself there with uid=msmith. I have also installed squirrelmail as my webmail. After all that installed, I went to localhost/squirrelmail on the firefox browser. It would not log me in. Later I found in the /var/log/dovecot-deliver.log file, I saw the following messages dovecot: Info: Dovecot v1.2.9 starting up (core dumps disabled) imap-login: Info: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured imap-login: Info: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured? imap-login: Info: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured I tried to login with three different usernames but none worked as shown above in the log file. I wonder if it is to do with method=PLAIN and secured. Any help would be greatly appreciated. Thank you From dlie76 at yahoo.com.au Tue Aug 16 10:05:35 2011 From: dlie76 at yahoo.com.au (Daminto Lie) Date: Tue, 16 Aug 2011 00:05:35 -0700 (PDT) Subject: [Dovecot] imap-login aborted login In-Reply-To: <4E4A029E.6090608@gmail.com> References: <1313471974.41094.YahooMailNeo@web113416.mail.gq1.yahoo.com> <4E4A029E.6090608@gmail.com> Message-ID: <1313478335.29213.YahooMailNeo@web113406.mail.gq1.yahoo.com> Thanks for your reply. Now I can see more info after turning on all those debugs Here it is 2011-08-16 16:16:53 dovecot: Warning: Killed with signal 15 (by pid=7250 uid=0 code=kill) 2011-08-16 16:16:53 dovecot: Info: Dovecot v1.2.9 starting up (core dumps disabled) 2011-08-16 16:16:54 auth(default): Info: new auth connection: pid=7259 2011-08-16 16:16:54 auth(default): Info: new auth connection: pid=7264 2011-08-16 16:16:54 auth(default): Info: new auth connection: pid=7263 2011-08-16 16:16:54 auth(default): Info: new auth connection: pid=7261 2011-08-16 16:16:54 auth(default): Info: new auth connection: pid=7262 2011-08-16 16:16:54 auth(default): Info: new auth connection: pid=7260 2011-08-16 16:18:14 auth(default): Info: client in: AUTH??? 1??? PLAIN??? service=imap??? secured??? lip=127.0.0.1??? rip=127.0.0.1??? lport=143??? rport=32973??? resp=AGRsaWUAZGxpZTMyMDU= 2011-08-16 16:18:14 auth-worker(default): Info: pam(msmith,127.0.0.1): lookup service=dovecot 2011-08-16 16:18:14 auth-worker(default): Info: pam(msmith,127.0.0.1): #1/1 style=1 msg=Password: 2011-08-16 16:18:15 auth(default): Info: new auth connection: pid=7271 2011-08-16 16:18:16 auth-worker(default): Info: pam(msmith,127.0.0.1): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: xxx) 2011-08-16 16:18:18 auth(default): Info: client out: FAIL??? 1??? user=msmith 2011-08-16 16:18:23 imap-login: Info: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Here is my dovecot.conf (Note: I have removed all the comments) ## Dovecot configuration file protocols = imap imaps pop3 pop3s listen = * disable_plaintext_auth = no log_path = /var/log/dovecot-deliver.log info_log_path = /var/log/dovecot-deliver.log log_timestamp = "%Y-%m-%d %H:%M:%S " login_user = postfix login_greeting = Dovecot IMAP server! mail_location = maildir:~/Maildir mail_privileged_group = mail mail_debug = yes verbose_proctitle = yes protocol imap { ? login_executable = /usr/lib/dovecot/imap-login ? mail_executable = /usr/lib/dovecot/imap ? imap_client_workarounds = outlook-idle delay-newmail netscape-eoh tb-extra-mailbox-sep } protocol pop3 { ? pop3_uidl_format = %08Xu%08Xv } protocol managesieve { } protocol lda { ? postmaster_address = ? hostname = ubuntuserver ? sendmail_path = /usr/lib/sendmail ? rejection_subject = Rejected: %s ? rejection_reason = Your message to <%t> was automatically rejected:%n%r ? auth_socket_path = /var/run/dovecot/auth-master } auth_username_format = %Lu auth_verbose = yes auth_debug = yes auth_debug_passwords = yes auth default { ? mechanisms = plain ? passdb pam { ? } ? userdb passwd { ? } ? user = root ? socket listen { ??? master { ????? path = /var/run/dovecot/auth-master ????? mode = 0660 ????? user = mail ????? group = mail ??? } ??? client { ????? path = /var/spool/postfix/private/auth-client ????? mode = 0660 ????? user = postfix ????? group = postfix ??? } ? } ? !include_try /etc/dovecot/auth.d/*.auth } dict { } plugin { } # Config files can also be included. deliver doesn't support them currently. #!include /etc/dovecot/conf.d/*.conf # Optional configurations, don't give an error if it's not found: !include_try /etc/dovecot/conf.d/*.conf #!include_try /etc/dovecot/extra.conf I think the issue is with PAM authentication. How do I configure the PAM authentication? Any help would be much appreciated. Thank you ________________________________ From: CopalFreak To: Daminto Lie Sent: Tuesday, 16 August 2011 3:39 PM Subject: Re: [Dovecot] imap-login aborted login You might try turning on the various DEBUG modes in Dovecot. In your dovecot.conf file : Something like this : ------------------------------------- auth_debug = yes auth_debug_passwords = yes auth_verbose - yes verbose_proctitle = yes mail_debug = yes log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot-deliver.log ------------------------------------- After edit, restart dovecot. Then tail your log (tail -f /var/log/dovecot-deliver.log) while attempting to check mail. You should see a bit more info that might help. (be sure to turn it all back off. it will sometimes log the passwords and when using plaintext, thats bad.) Hope this helps, -=*CopalFreak*=- On 8/16/2011 12:19 AM, Daminto Lie wrote: > Hi, > > I have been trying to set up Apache2, Postfix, Dovecot, openLDAP and squirrelmail on my Ubuntu Server 10.04 machine. The idea is to make use of the LDAP to authenticate users to login to squirrelmail to send/receive emails. > > I have been using the link - https://help.ubuntu.com/community/Postfix/DovecotLDAP, as a guide to get it all set up. I have checked the status for postfix and dovecot, and they both are up and running by using telnet. I have even installed openldapadmin to check and see if I've got the ldap working. I could login to openldapadmin and saw myself there with uid=msmith. > > I have also installed squirrelmail as my webmail. After all that installed, I went to localhost/squirrelmail on the firefox browser. It would not log me in. > > Later I found in the /var/log/dovecot-deliver.log file, I saw the following messages > dovecot: Info: Dovecot v1.2.9 starting up (core dumps disabled) > imap-login: Info: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured > imap-login: Info: Aborted login (auth failed, 1 attempts): > user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured? > > imap-login: Info: Aborted login (auth failed, 1 attempts): > user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured > > I tried to login with three different usernames but none worked as shown above in the log file. I wonder if it is to do with method=PLAIN and secured. > > Any help would be greatly appreciated. > > Thank you > From jmreymond at free.fr Tue Aug 16 12:29:28 2011 From: jmreymond at free.fr (Jean-Max Reymond) Date: Tue, 16 Aug 2011 11:29:28 +0200 Subject: [Dovecot] maildirsize not always present Message-ID: <4E4A3878.4000301@free.fr> hi, I have a dovecot 1.2.9 and all is runnig fine except for quotas. Some accounts have a maildirsize file in the mail directory. If I delete the file, it is automatically rebuild: OK But other accounts does not have the maildirsize file even after access from dovecot server. All is OK for theses accounts except quota service. what's wrong ? -- Jean-Max Reymond ?ruption de l'Etna: http://jmreymond.free.fr/Etna2002 From mike at skew.org Tue Aug 16 13:00:13 2011 From: mike at skew.org (Mike Brown) Date: Tue, 16 Aug 2011 04:00:13 -0600 (MDT) Subject: [Dovecot] mbox originally needed 0 bytes, now needs maxint bytes Message-ID: <201108161000.p7GA0Dkx031067@chilled.skew.org> I'm running dovecot 1.2.16 from the ports collection on FreeBSD 8.1-STABLE, amd64. I've long been getting the following kind of messages in my logs, on random occasions when I access or move mail into mboxes: Aug 16 00:43:58 myhost dovecot: IMAP(mike): mbox /home/mike/mail/feedback: seq=88 uid=91 uid_broken=0 originally needed 0 bytes, now needs 18446744073709551615 bytes Whatever I'm trying to do always succeeds, but apparently dovecot is confused about something. That number (2^64-1) suggests it has to do with the amd64 architecture. Did a compile option get overlooked? Thanks for whatever you can suggest. Let me know if you need more info. From jmreymond at free.fr Tue Aug 16 13:01:43 2011 From: jmreymond at free.fr (Jean-Max Reymond) Date: Tue, 16 Aug 2011 12:01:43 +0200 Subject: [Dovecot] maildirsize not always present In-Reply-To: <4E4A3878.4000301@free.fr> References: <4E4A3878.4000301@free.fr> Message-ID: <4E4A4007.8050804@free.fr> Le 16/08/2011 11:29, Jean-Max Reymond a ?crit : > hi, > I have a dovecot 1.2.9 and all is runnig fine except for quotas. > Some accounts have a maildirsize file in the mail directory. If I delete > the file, it is automatically rebuild: OK > But other accounts does not have the maildirsize file even after access > from dovecot server. All is OK for theses accounts except quota service. > what's wrong ? > as complement, there is 75 users OK and 330 users KO for these 330 users, thunderbird does not recognize mail quota. I have created by a touch command a maildirsize file but it does not help -- Jean-Max Reymond ?ruption de l'Etna: http://jmreymond.free.fr/Etna2002 From mike at skew.org Tue Aug 16 13:55:42 2011 From: mike at skew.org (Mike Brown) Date: Tue, 16 Aug 2011 04:55:42 -0600 (MDT) Subject: [Dovecot] mbox originally needed 0 bytes, now needs maxint bytes Message-ID: <201108161055.p7GAtgej073739@chilled.skew.org> I'm running dovecot 1.2.16 from the ports collection on FreeBSD 8.1-STABLE, amd64. I've long been getting the following in my logs, seemingly at random (so, only sometimes), when I access or move mail into mboxes: Aug 16 00:43:58 myhost dovecot: IMAP(mike): mbox /home/mike/mail/feedback: seq=88 uid=91 uid_broken=0 originally needed 0 bytes, now needs 18446744073709551615 bytes Whatever I'm trying to do always succeeds, but apparently dovecot is confused about something. That number (2^64-1) suggests it has to do with the amd64 architecture. Did a compile option get overlooked? Let me know if there's anything I need to do to get rid of these warnings. Thanks, Mike From mike at skew.org Tue Aug 16 14:00:24 2011 From: mike at skew.org (Mike Brown) Date: Tue, 16 Aug 2011 05:00:24 -0600 (MDT) Subject: [Dovecot] signal 11 crash, sometimes, during mbox bz2 decompression Message-ID: <201108161100.p7GB0P3R073897@chilled.skew.org> Hello again, I'm running dovecot 1.2.16 from the ports collection on FreeBSD 8.1-STABLE, amd64. To enable IMAP read-only access to gzip or bzip2 compressed mbox files, I added the following to my dovecot.conf, in the protocol imap { ... } section: mail_plugins = zlib My compressed mbox files are all .bz2 files in an 'old' subdirectory of my main mail directory. I am trying to access them with Thunderbird. I 'subscribed' to them just fine, and at first I thought it was working, but I just got lucky on the first couple I accessed. Dovecot actually fails to decompress them about 90% of the time, seemingly at random; the same box will not work a bunch of times, then work once, then not work again and again. When it works, sometimes only some of the messages get transmitted. Most of the failures are accompanied by this pair of messages in my log: Aug 16 00:25:33 myhost dovecot: dovecot: child 943 (imap) killed with signal 11 (core not dumped - set mail_drop_priv_before_exec=yes) Aug 16 00:25:33 myhost kernel: pid 943 (imap), uid 1001: exited on signal 11 Some of the failures have only the "exited on signal 11" message. The very first failure had this: Aug 16 00:22:47 myhost dovecot: IMAP(mike): Next message unexpectedly lost from mbox file (read-only mbox stream) at 2761 (cached) Aug 16 00:22:47 myhost dovecot: IMAP(mike): read(mail, uid=2) failed: Invalid argument Is this a problem with dovecot? Let me know if/how I can help, or what other info you need. Thanks, Mike From mike at skew.org Tue Aug 16 14:01:43 2011 From: mike at skew.org (Mike Brown) Date: Tue, 16 Aug 2011 05:01:43 -0600 (MDT) Subject: [Dovecot] mbox originally needed 0 bytes, now needs maxint bytes In-Reply-To: <201108161055.p7GAtgej073739@chilled.skew.org> Message-ID: <201108161101.p7GB1h6Z073954@chilled.skew.org> Sorry for the duplicate post. I lost my network connection right as I was sending the first one. From a.cappelli at asidev.com Tue Aug 16 14:44:17 2011 From: a.cappelli at asidev.com (Andrea Cappelli) Date: Tue, 16 Aug 2011 13:44:17 +0200 Subject: [Dovecot] Sieve include Message-ID: <4E4A5811.3080407@asidev.com> Hi, I'm using dovecot 1.2.15 with ISPConfig and Roundcube with sieve plugin. To avoid conflicts between ISPConfig and Roundcube during script writing I would use include in the ISPconfig template to use the roundcube script To simplify this task I'm wondering if there is a way to have a "star include", like include :personal "*.sieve"; Thank you Andrea From stephan at rename-it.nl Wed Aug 17 00:12:38 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 16 Aug 2011 14:12:38 -0700 Subject: [Dovecot] Sieve include In-Reply-To: <4E4A5811.3080407@asidev.com> References: <4E4A5811.3080407@asidev.com> Message-ID: <4E4ADD46.6040509@rename-it.nl> On 8/16/2011 4:44 AM, Andrea Cappelli wrote: > Hi, > I'm using dovecot 1.2.15 with ISPConfig and Roundcube with sieve plugin. > > To avoid conflicts between ISPConfig and Roundcube during script > writing I would use include in the ISPconfig template to use the > roundcube script > > To simplify this task I'm wondering if there is a way to have a "star > include", like > > include :personal "*.sieve"; Eh, no. BTW, the .sieve extension is implicit and should not be specified in the script at all (unless the script file is called script.sieve.sieve). Regards, Stephan. From a.cappelli at asidev.com Tue Aug 16 15:39:22 2011 From: a.cappelli at asidev.com (Andrea Cappelli) Date: Tue, 16 Aug 2011 14:39:22 +0200 Subject: [Dovecot] Sieve include In-Reply-To: <4E4ADD46.6040509@rename-it.nl> References: <4E4A5811.3080407@asidev.com> <4E4ADD46.6040509@rename-it.nl> Message-ID: <4E4A64FA.1000409@asidev.com> Il 16/08/11 23:12, Stephan Bosch ha scritto: > On 8/16/2011 4:44 AM, Andrea Cappelli wrote: >> Hi, >> I'm using dovecot 1.2.15 with ISPConfig and Roundcube with sieve plugin. >> >> To avoid conflicts between ISPConfig and Roundcube during script >> writing I would use include in the ISPconfig template to use the >> roundcube script >> >> To simplify this task I'm wondering if there is a way to have a >> "star include", like >> >> include :personal "*.sieve"; > > Eh, no. Thank you for your quick and precise reply > > BTW, the .sieve extension is implicit and should not be specified in > the script at all (unless the script file is called script.sieve.sieve). > Ah, ok, I'll change my script Andrea From kzorba at otenet.gr Tue Aug 16 16:42:06 2011 From: kzorba at otenet.gr (Kostas Zorbadelos) Date: Tue, 16 Aug 2011 16:42:06 +0300 Subject: [Dovecot] Bug report v2.0.13 - CentOS x86_64 - NFS - mbox In-Reply-To: <20110815111701.68513psu7vb3wflp@noc.otenet.gr> References: <4E294AC0.2060706@otenet.gr> <4E425874.6040507@otenet.gr> <1313355050.10421.1285.camel@hurina> <20110815111701.68513psu7vb3wflp@noc.otenet.gr> Message-ID: <4E4A73AE.7090402@otenet.gr> On 08/15/2011 11:17 AM, kzorba at otenet.gr wrote: > Quoting Timo Sirainen : > >> With a quick test I can't reproduce pop3_lock_session=yes causing a >> crash. I guess it needs something else besides what I tested. It would >> be helpful if your Dovecot binaries weren't stripped of debug symbols. I >> could then ask for some more information from the core dumps with gdb. >> > Timo, all here is a backtrace with debuging symbols in the executables: [root at pop08 ]# gdb /opt/dovecot-debug/libexec/dovecot/pop3 core.2929 GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-32.el5_6.2) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: ... Reading symbols from /opt/dovecot-debug/libexec/dovecot/pop3...done. BFD: Warning: /var/mail7/folders/P/K/U/amihal/core.2929 is truncated: expected core file size >= 569344, found: 565248. Reading symbols from /opt/dovecot-debug/lib/dovecot/libdovecot-storage.so.0...done. Loaded symbols for /opt/dovecot-debug/lib/dovecot/libdovecot-storage.so.0 Reading symbols from /opt/dovecot-debug/lib/dovecot/libdovecot.so.0...done. Loaded symbols for /opt/dovecot-debug/lib/dovecot/libdovecot.so.0 Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libdl.so.2 Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/librt.so.1 Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libc.so.6 Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done. Loaded symbols for /lib64/libpthread.so.0 Core was generated by `dovecot/pop3'. Program terminated with signal 11, Segmentation fault. #0 istream_raw_mbox_get_start_offset (stream=0x0) at istream-raw-mbox.c:498 498 istream-raw-mbox.c: No such file or directory. in istream-raw-mbox.c (gdb) bt #0 istream_raw_mbox_get_start_offset (stream=0x0) at istream-raw-mbox.c:498 #1 0x00002b4114afc769 in mbox_mail_get_special (_mail=0x1bad8fa0, field=, value_r=0x7fff9600fa88) at mbox-mail.c:198 #2 0x00002b4114adb2d0 in index_mail_expunge (mail=0x0) at index-mail.c:1503 #3 0x0000000000405eac in client_update_mails (client=0x1bac4a00) at pop3-commands.c:255 #4 0x00000000004061d1 in cmd_quit (client=0x1bac4a00, name=0x1baccbd4 "", args=0x406a0c "") at pop3-commands.c:274 #5 client_command_execute (client=0x1bac4a00, name=0x1baccbd4 "", args=0x406a0c "") at pop3-commands.c:773 #6 0x00000000004045c9 in client_handle_input (client=0x1bac4a00) at pop3-client.c:628 #7 0x00002b4114db0698 in io_loop_call_io (io=0x1bac01d0) at ioloop.c:384 #8 0x00002b4114db19d5 in io_loop_handler_run (ioloop=) at ioloop-epoll.c:213 #9 0x00002b4114db062d in io_loop_run (ioloop=0x1baa8610) at ioloop.c:405 #10 0x00002b4114d9ef13 in master_service_run (service=0x1baa84e0, callback=0x1baccbe4) at master-service.c:478 #11 0x00000000004039a4 in main (argc=1, argv=0x1baa8370) at main.c:252 (gdb) bt full #0 istream_raw_mbox_get_start_offset (stream=0x0) at istream-raw-mbox.c:498 rstream = __FUNCTION__ = "istream_raw_mbox_get_start_offset" #1 0x00002b4114afc769 in mbox_mail_get_special (_mail=0x1bad8fa0, field=, value_r=0x7fff9600fa88) at mbox-mail.c:198 mail = mbox = 0x1bac97d0 offset = 0 #2 0x00002b4114adb2d0 in index_mail_expunge (mail=0x0) at index-mail.c:1503 value = guid_128 = "\240\267\252\033\000\000\000\000\001\000\000\000\000\000\000" #3 0x0000000000405eac in client_update_mails (client=0x1bac4a00) at pop3-commands.c:255 search_args = 0x0 ctx = 0x1bace150 mail = 0x1bad8fa0 msgnum = 0 bit = 464309220 ret = #4 0x00000000004061d1 in cmd_quit (client=0x1bac4a00, name=0x1baccbd4 "", args=0x406a0c "") at pop3-commands.c:274 No locals. #5 client_command_execute (client=0x1bac4a00, name=0x1baccbd4 "", args=0x406a0c "") at pop3-commands.c:773 No locals. #6 0x00000000004045c9 in client_handle_input (client=0x1bac4a00) at pop3-client.c:628 _data_stack_cur_id = 3 line = 0x1baab872 "QUIT" args = 0x406a0c "" ret = #7 0x00002b4114db0698 in io_loop_call_io (io=0x1bac01d0) at ioloop.c:384 ioloop = 0x1baa8610 t_id = 2 #8 0x00002b4114db19d5 in io_loop_handler_run (ioloop=) at ioloop-epoll.c:213 ctx = event = 0x1baa88b0 list = 0x1bac0220 io = 0x0 tv = {tv_sec = 9, tv_usec = 871818} events_count = msecs = ---Type to continue, or q to quit--- ret = 1 i = 0 call = false #9 0x00002b4114db062d in io_loop_run (ioloop=0x1baa8610) at ioloop.c:405 No locals. #10 0x00002b4114d9ef13 in master_service_run (service=0x1baa84e0, callback=0x1baccbe4) at master-service.c:478 No locals. #11 0x00000000004039a4 in main (argc=1, argv=0x1baa8370) at main.c:252 service_flags = storage_service_flags = MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT postlogin_socket_path = 0x0 username = 0x0 c = set_roots = {0x4072a0, 0x0} (gdb) quit I have also kept the user's mailbox. I couldn't reproduce the problem by talking POP3 directly to the server by hand. Any ideas? Thanks, Kostas > Hi Timo, > > indeed it is a bug that I could not reproduce myself. > Having debug symbols and producing the stack trace is the next > logical step and I will work on this tomorrow. > Since --enable-debug does not work in your configure script, can you > direct me as to what is needed? Is there an option in configure or > do I need to mess with the makefiles? > > On the other hand, I have found two different bugs. > Having pop3_lock_session=yes we have the situation described here and also > of course delays in local deliveries in case a client has an active pop > session. And I can tell you we have a lot of abusing clients that keep > hitting our pop servers continuously, or keep connections open for a VERY > long time. > > To address that, we put pop3_lock_session=no. In this case, there is an > fcntl > lock leak somewhere. The good news is that we have reproduced that and I > will > send relevant information in a different mail. > I also read the following thread, from a while back: > > http://www.dovecot.org/list/dovecot/2009-February/037098.html > > Regards, > > Kostas > From juan at inti.gob.ar Tue Aug 16 17:05:01 2011 From: juan at inti.gob.ar (Juan Bernhard) Date: Tue, 16 Aug 2011 11:05:01 -0300 Subject: [Dovecot] maildirsize not always present In-Reply-To: <4E4A4007.8050804@free.fr> References: <4E4A3878.4000301@free.fr> <4E4A4007.8050804@free.fr> Message-ID: <4E4A790D.9070807@inti.gob.ar> Hi, are you using exim as mta? I been told in exim list that maildirsize might be removed under certain conditions (exim-*/src/transports/tf_maildir.c) El 16/08/2011 07:01 a.m., Jean-Max Reymond escribi?: > Le 16/08/2011 11:29, Jean-Max Reymond a ?crit : >> hi, >> I have a dovecot 1.2.9 and all is runnig fine except for quotas. >> Some accounts have a maildirsize file in the mail directory. If I delete >> the file, it is automatically rebuild: OK >> But other accounts does not have the maildirsize file even after access >> from dovecot server. All is OK for theses accounts except quota service. >> what's wrong ? >> > > as complement, there is 75 users OK and 330 users KO > for these 330 users, thunderbird does not recognize mail quota. I have > created by a touch command a maildirsize file but it does not help > From jmreymond at free.fr Tue Aug 16 18:05:37 2011 From: jmreymond at free.fr (Jean-Max Reymond) Date: Tue, 16 Aug 2011 17:05:37 +0200 Subject: [Dovecot] maildirsize not always present In-Reply-To: <4E4A790D.9070807@inti.gob.ar> References: <4E4A3878.4000301@free.fr> <4E4A4007.8050804@free.fr> <4E4A790D.9070807@inti.gob.ar> Message-ID: <4E4A8741.1000103@free.fr> thanks for your answer but my mta is postfix. If I delete the maidirsize file, it is automatically created for my 75 users OK but for the 330 users, no way to create this file. I am using a postfix database and I have checked the SQL request, the contents of the tables but nothing :-( Le 16/08/2011 16:05, Juan Bernhard a ?crit : > Hi, are you using exim as mta? I been told in exim list that maildirsize > might be removed under certain conditions > (exim-*/src/transports/tf_maildir.c) > > > El 16/08/2011 07:01 a.m., Jean-Max Reymond escribi?: >> Le 16/08/2011 11:29, Jean-Max Reymond a ?crit : >>> hi, >>> I have a dovecot 1.2.9 and all is runnig fine except for quotas. >>> Some accounts have a maildirsize file in the mail directory. If I delete >>> the file, it is automatically rebuild: OK >>> But other accounts does not have the maildirsize file even after access >>> from dovecot server. All is OK for theses accounts except quota service. >>> what's wrong ? >>> >> >> as complement, there is 75 users OK and 330 users KO >> for these 330 users, thunderbird does not recognize mail quota. I have >> created by a touch command a maildirsize file but it does not help >> -- Jean-Max Reymond ?ruption de l'Etna: http://jmreymond.free.fr/Etna2002 From rob0 at gmx.co.uk Tue Aug 16 20:51:29 2011 From: rob0 at gmx.co.uk (/dev/rob0) Date: Tue, 16 Aug 2011 12:51:29 -0500 Subject: [Dovecot] OT: offlist replies (was: Re: Slackware Dovecot recompile with SSL/TLS question) In-Reply-To: <20110816022121.GJ14195@harrier.slackbuilds.org> References: <4E49A6B9.9000706@gmail.com> <20110816022121.GJ14195@harrier.slackbuilds.org> Message-ID: <20110816175129.GK14195@harrier.slackbuilds.org> On Mon, Aug 15, 2011 at 09:21:22PM -0500, I wrote stuff under this header: Reply-To: dovecot at dovecot.org List mail belongs on the list. The only reason to reply offlist as described below is if specifically requested, or if not relevant to the issue at hand. I have no particular interest in this nor any other problem posted on list unless I have been hired to fix it. I see offlist mail as detailed below in the .sig, but I won't participate in offlist discussions which belong on the list. -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header From spodletela at gmail.com Tue Aug 16 22:08:19 2011 From: spodletela at gmail.com (Spod Letela) Date: Tue, 16 Aug 2011 21:08:19 +0200 Subject: [Dovecot] dovecot 2.0.13 fd_send(imap, 15) failed, dovecot 1.2.16 fd_send(10) failed Message-ID: Hi, I am reinstalling my server and i have encoutered a strange problem, both dovecot 2.0.13 and 1.2.16 are reporting me a problem with fd_send Invalid argument on imap login. I am running dragonfly bsd 2.10.1., compiled dovecot from pkgsrc. Can someone help me out or at least point me in some direction, i am a bit lost... :( Aug 15 10:01:00 master: Info: Dovecot v2.0.13 starting up Aug 15 10:01:10 auth: Debug: Loading modules from directory: /usr/pkg/lib/dovecot/auth Aug 15 10:01:10 auth: Debug: auth client connected (pid=1206) Aug 15 10:01:10 auth: Debug: client in: AUTH 1 PLAIN service=imap secured lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=1032 resp=x Aug 15 10:01:10 auth: Debug: Loading modules from directory: /usr/pkg/lib/dovecot/auth Aug 15 10:01:10 auth: Debug: passwd(y,127.0.0.1): lookup Aug 15 10:01:10 auth: Debug: client out: OK 1 user=y Aug 15 10:01:10 imap-login: Error: fd_send(imap, 15) failed: Invalid argument Aug 15 10:01:10 auth: Debug: client in: CANCEL 1 Aug 15 10:01:10 imap-login: Info: Internal login failure (pid=1206 id=1) (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Aug 15 11:01:27 master: Warning: Killed with signal 15 (by pid=0 uid=0 code=kill) Aug 16 01:55:45 dovecot: Info: Dovecot v1.2.16 starting up Aug 16 01:56:35 imap-login: Fatal: fd_send(10) failed: Invalid argument Aug 16 08:22:29 dovecot: Warning: Killed with signal 15 (by pid=0 uid=0 code=kill) Aug 16 08:22:31 dovecot: Info: Dovecot v1.2.16 starting up Aug 16 08:22:48 imap-login: Fatal: fd_send(10) failed: Invalid argument From nick+dovecot at bunbun.be Tue Aug 16 23:38:34 2011 From: nick+dovecot at bunbun.be (Nick Rosier) Date: Tue, 16 Aug 2011 22:38:34 +0200 Subject: [Dovecot] Dovecot-Antispam 2.0 with SpamAssassin (sa-learn) Message-ID: <4E4AD54A.1000507@bunbun.be> Hi, has anyone figured out how to use the dovecot-antispam plugin with sa-learn? I need to pass the username (user at domain.tld) to sa-learn and --ham or --spam depending on the move. I was thinking of using the CRM14 option and replace the command and arguments but cannot find anything about the ability to pass the username. Any pointers would be welcome. N. From tss at iki.fi Wed Aug 17 00:40:07 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 17 Aug 2011 00:40:07 +0300 Subject: [Dovecot] maildirsize not always present In-Reply-To: <4E4A8741.1000103@free.fr> References: <4E4A3878.4000301@free.fr> <4E4A4007.8050804@free.fr> <4E4A790D.9070807@inti.gob.ar> <4E4A8741.1000103@free.fr> Message-ID: <75B811B6-35F0-4F52-9EAF-65411EACE28B@iki.fi> I guess these users have unlimited quota? If not, show dovecot -n output and the dovecot-sql.conf file and what gets logged to these users with auth_debug=yes. On 16.8.2011, at 18.05, Jean-Max Reymond wrote: > thanks for your answer but my mta is postfix. > If I delete the maidirsize file, it is automatically created for my 75 users OK but for the 330 users, no way to create this file. > I am using a postfix database and I have checked the SQL request, the contents of the tables but nothing :-( > > Le 16/08/2011 16:05, Juan Bernhard a ?crit : >> Hi, are you using exim as mta? I been told in exim list that maildirsize >> might be removed under certain conditions >> (exim-*/src/transports/tf_maildir.c) >> >> >> El 16/08/2011 07:01 a.m., Jean-Max Reymond escribi?: >>> Le 16/08/2011 11:29, Jean-Max Reymond a ?crit : >>>> hi, >>>> I have a dovecot 1.2.9 and all is runnig fine except for quotas. >>>> Some accounts have a maildirsize file in the mail directory. If I delete >>>> the file, it is automatically rebuild: OK >>>> But other accounts does not have the maildirsize file even after access >>>> from dovecot server. All is OK for theses accounts except quota service. >>>> what's wrong ? >>>> >>> >>> as complement, there is 75 users OK and 330 users KO >>> for these 330 users, thunderbird does not recognize mail quota. I have >>> created by a touch command a maildirsize file but it does not help >>> > > > -- > Jean-Max Reymond > ?ruption de l'Etna: http://jmreymond.free.fr/Etna2002 > From tss at iki.fi Wed Aug 17 00:42:52 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 17 Aug 2011 00:42:52 +0300 Subject: [Dovecot] dovecot 2.0.13 fd_send(imap, 15) failed, dovecot 1.2.16 fd_send(10) failed In-Reply-To: References: Message-ID: <0F98FDEB-3E08-472B-B89C-1B8F52811611@iki.fi> On 16.8.2011, at 22.08, Spod Letela wrote: > Hi, I am reinstalling my server and i have encoutered a strange problem, > both dovecot 2.0.13 and 1.2.16 are > reporting me a problem with fd_send Invalid argument on imap login. I am > running dragonfly bsd 2.10.1., compiled > dovecot from pkgsrc. This happens always? Try modifying src/lib/fdpass.c file. For example add to line 70: #define BUGGY_CMSG_MACROS If that doesn't help, add: #undef CMSG_SPACE If that doesn't help, I'm not really sure what else to try. In any case I'd say this is a dragonflybsd bug. From jmreymond at free.fr Wed Aug 17 00:48:15 2011 From: jmreymond at free.fr (Jean-Max Reymond) Date: Tue, 16 Aug 2011 23:48:15 +0200 Subject: [Dovecot] maildirsize not always present In-Reply-To: <75B811B6-35F0-4F52-9EAF-65411EACE28B@iki.fi> References: <4E4A3878.4000301@free.fr> <4E4A4007.8050804@free.fr> <4E4A790D.9070807@inti.gob.ar> <4E4A8741.1000103@free.fr> <75B811B6-35F0-4F52-9EAF-65411EACE28B@iki.fi> Message-ID: <4E4AE59F.8010506@free.fr> all seems OK for me and all the users have quota set. $ cat /etc/dovecot/dovecot-sql.conf password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND active='1' # Query to retrieve user information. user_query = SELECT concat('/home/mail/',maildir) as home, 8 AS uid, 8 AS gid, concat('maildir:storage=', quota/1024) AS quota FROM mailbox WHERE username = '%u' AND active='1' Whhen I request the database, quota is working for the first user and not for the second user but it is very similar mysql> SELECT concat('/home/mail/',maildir) as home, 8 AS uid, 8 AS gid, concat('maildir:storage=', quota/1024) AS quota FROM mailbox WHERE username like 'francois.char%' OR username like 'cyril%'; +-----------------------------------------------+-----+-----+-------------------------------+ | home | uid | gid | quota | +-----------------------------------------------+-----+-----+-------------------------------+ | /home/mail/dracenie.com/cyril.lafont/Maildir/ | 8 | 8 | maildir:storage=10000000.0000 | | /home/mail/dracenie.com/francois.charnier/ | 8 | 8 | maildir:storage=1464000.0000 | +-----------------------------------------------+-----+-----+-------------------------------+ 2 rows in set (0.00 sec) So, tomorrow, I will set auth_debug=yes to trace users activity # dovecot -n # 1.2.9: /etc/dovecot/dovecot.conf Warning: fd limit 1024 is lower than what Dovecot can use under full load (more than 2560). Either grow the limit or change login_max_processes_count and max_mail_processes settings # OS: Linux 2.6.32-33-server x86_64 Ubuntu 10.04.3 LTS log_path: /var/log/dovecot.log log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps managesieve ssl_key_file: /etc/ssl/private/dovecot.key login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login login_max_processes_count: 1024 mail_max_userip_connections(default): 500 mail_max_userip_connections(imap): 500 mail_max_userip_connections(managesieve): 10 first_valid_uid: 8 mail_privileged_group: mail mail_location: maildir:%h mmap_disable: yes mail_nfs_storage: yes mail_nfs_index: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve lda: postmaster_address: postmaster at dracenie.com mail_plugins: sieve quota_full_tempfail: yes deliver_log_format: msgid=%m: %$ rejection_reason: Your message to <%t> was automatically rejected:%n%r auth default: mechanisms: plain login passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf plugin: quota: maildir Le 16/08/2011 23:40, Timo Sirainen a ?crit : > I guess these users have unlimited quota? If not, show dovecot -n output and the dovecot-sql.conf file and what gets logged to these users with auth_debug=yes. > > On 16.8.2011, at 18.05, Jean-Max Reymond wrote: > >> thanks for your answer but my mta is postfix. >> If I delete the maidirsize file, it is automatically created for my 75 users OK but for the 330 users, no way to create this file. >> I am using a postfix database and I have checked the SQL request, the contents of the tables but nothing :-( >> >> Le 16/08/2011 16:05, Juan Bernhard a ?crit : >>> Hi, are you using exim as mta? I been told in exim list that maildirsize >>> might be removed under certain conditions >>> (exim-*/src/transports/tf_maildir.c) >>> >>> >>> El 16/08/2011 07:01 a.m., Jean-Max Reymond escribi?: >>>> Le 16/08/2011 11:29, Jean-Max Reymond a ?crit : >>>>> hi, >>>>> I have a dovecot 1.2.9 and all is runnig fine except for quotas. >>>>> Some accounts have a maildirsize file in the mail directory. If I delete >>>>> the file, it is automatically rebuild: OK >>>>> But other accounts does not have the maildirsize file even after access >>>>> from dovecot server. All is OK for theses accounts except quota service. >>>>> what's wrong ? >>>>> >>>> >>>> as complement, there is 75 users OK and 330 users KO >>>> for these 330 users, thunderbird does not recognize mail quota. I have >>>> created by a touch command a maildirsize file but it does not help >>>> >> >> >> -- >> Jean-Max Reymond >> ?ruption de l'Etna: http://jmreymond.free.fr/Etna2002 >> > -- Jean-Max Reymond ?ruption de l'Etna: http://jmreymond.free.fr/Etna2002 From tss at iki.fi Wed Aug 17 00:51:49 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 17 Aug 2011 00:51:49 +0300 Subject: [Dovecot] maildirsize not always present In-Reply-To: <4E4AE59F.8010506@free.fr> References: <4E4A3878.4000301@free.fr> <4E4A4007.8050804@free.fr> <4E4A790D.9070807@inti.gob.ar> <4E4A8741.1000103@free.fr> <75B811B6-35F0-4F52-9EAF-65411EACE28B@iki.fi> <4E4AE59F.8010506@free.fr> Message-ID: <36EC729C-44AB-4504-AE7B-0EC2C194F4E9@iki.fi> On 17.8.2011, at 0.48, Jean-Max Reymond wrote: > user_query = SELECT concat('/home/mail/',maildir) as home, 8 AS uid, 8 AS gid, concat('maildir:storage=', quota/1024) AS quota FROM mailbox WHERE username = '%u' AND active='1' .. > # 1.2.9: /etc/dovecot/dovecot.conf You're using v1.0's quota configuration with v1.2. All of your users have unlimited quota currently. You'll need quota_rules, see wiki. From jmreymond at free.fr Wed Aug 17 00:53:36 2011 From: jmreymond at free.fr (Jean-Max Reymond) Date: Tue, 16 Aug 2011 23:53:36 +0200 Subject: [Dovecot] maildirsize not always present In-Reply-To: <36EC729C-44AB-4504-AE7B-0EC2C194F4E9@iki.fi> References: <4E4A3878.4000301@free.fr> <4E4A4007.8050804@free.fr> <4E4A790D.9070807@inti.gob.ar> <4E4A8741.1000103@free.fr> <75B811B6-35F0-4F52-9EAF-65411EACE28B@iki.fi> <4E4AE59F.8010506@free.fr> <36EC729C-44AB-4504-AE7B-0EC2C194F4E9@iki.fi> Message-ID: <4E4AE6E0.7060101@free.fr> Le 16/08/2011 23:51, Timo Sirainen a ?crit : > On 17.8.2011, at 0.48, Jean-Max Reymond wrote: > >> user_query = SELECT concat('/home/mail/',maildir) as home, 8 AS uid, 8 AS gid, concat('maildir:storage=', quota/1024) AS quota FROM mailbox WHERE username = '%u' AND active='1' > .. >> # 1.2.9: /etc/dovecot/dovecot.conf > > You're using v1.0's quota configuration with v1.2. All of your users have unlimited quota currently. You'll need quota_rules, see wiki. > thanks a lot. I check my 1.2 configuration -- Jean-Max Reymond ?ruption de l'Etna: http://jmreymond.free.fr/Etna2002 From david at davidfavor.com Wed Aug 17 00:55:41 2011 From: david at davidfavor.com (David Favor) Date: Tue, 16 Aug 2011 16:55:41 -0500 Subject: [Dovecot] Dovecot-2.0.14? Message-ID: <4E4AE75D.6040508@davidfavor.com> ETA on 2.0.14? -- Love feeling your best ever, all day, every day? Click http://RadicalHealth.com for the easy way! From tss at iki.fi Wed Aug 17 01:54:09 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 17 Aug 2011 01:54:09 +0300 Subject: [Dovecot] Dovecot-2.0.14? In-Reply-To: <4E4AE75D.6040508@davidfavor.com> References: <4E4AE75D.6040508@davidfavor.com> Message-ID: <1BD0229C-9769-4805-887E-21FF3397B020@iki.fi> On 17.8.2011, at 0.55, David Favor wrote: > ETA on 2.0.14? Dunno. From dlie76 at yahoo.com.au Wed Aug 17 05:44:21 2011 From: dlie76 at yahoo.com.au (Daminto Lie) Date: Tue, 16 Aug 2011 19:44:21 -0700 (PDT) Subject: [Dovecot] invalid credential using openldap Message-ID: <1313549061.94327.YahooMailNeo@web113403.mail.gq1.yahoo.com> Hi, What I have been trying to achieve is to be able to authenticate users through openLDAP while using Postfix, Dovecot as IMAP server and squirrelmail. I keep getting the following error messages when trying to login to squirrelmail 2011-08-17 12:27:59 auth(default): Info: client in: AUTH??? 1??? PLAIN??? service=imap??? secured??? lip=127.0.0.1??? rip=127.0.0.1??? lport=143??? rport=57794??? resp=AGFkbWluAGFwbXg2c3Bu 2011-08-17 12:27:59 auth(default): Info: ldap(myuser,127.0.0.1): invalid credentials (given password: xxx) 2011-08-17 12:28:00 auth(default): Info: new auth connection: pid=1921 2011-08-17 12:28:01 auth(default): Info: client out: FAIL??? 1??? user=myuser 2011-08-17 12:28:06 imap-login: Info: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured This seems to be trivial but I just could not figure out what else went wrong. I wonder if anyone might be able to give me a bit of help as I'm still learning my way around under linux system environment. The following is what I have in /etc/dovecot/dovecot-slapd.conf hosts = localhost dn = cn=myadmin,dc=mycompany,dc=com dnpass = secrets auth_bind = yes auth_bind_userdn = cn=%u,ou=people,dc=mycompany,dc=com ldap_version = 3 base = ou=people, dc=pbj, dc=com, dc=au scope = subtree user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=posixAccount)(uid=%u)) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%u)) Thank you in advance From koshikov at gmail.com Wed Aug 17 09:26:25 2011 From: koshikov at gmail.com (Nikita Koshikov) Date: Wed, 17 Aug 2011 09:26:25 +0300 Subject: [Dovecot] Dovecot-Antispam 2.0 with SpamAssassin (sa-learn) In-Reply-To: <4E4AD54A.1000507@bunbun.be> References: <4E4AD54A.1000507@bunbun.be> Message-ID: <20110817092625.7bf84b43@jimbo> On Tue, 16 Aug 2011 22:38:34 +0200 Nick Rosier wrote: > Hi, > > has anyone figured out how to use the dovecot-antispam plugin with > sa-learn? I need to pass the username (user at domain.tld) to sa-learn and > --ham or --spam depending on the move. I was thinking of using the CRM14 > option and replace the command and arguments but cannot find anything > about the ability to pass the username. > Any pointers would be welcome. > > N. Write a wrapper on sa-learn. The script should parse env first and that exec learning with appropriative args, like: antispam_mail_sendmail = /etc/dovecot/plugins/spam.sh Scrip, something like: #!/bin/bash ( env > /tmp/antispam.$$ /usr/bin/sa-learn $@ exit 0 ) search for PWD environment in /tmp/antispam.$$ . From tom at whyscream.net Wed Aug 17 10:59:57 2011 From: tom at whyscream.net (Tom Hendrikx) Date: Wed, 17 Aug 2011 09:59:57 +0200 Subject: [Dovecot] Dovecot-Antispam 2.0 with SpamAssassin (sa-learn) In-Reply-To: <20110817092625.7bf84b43@jimbo> References: <4E4AD54A.1000507@bunbun.be> <20110817092625.7bf84b43@jimbo> Message-ID: <4E4B74FD.70801@whyscream.net> On 17/08/11 08:26, Nikita Koshikov wrote: > On Tue, 16 Aug 2011 22:38:34 +0200 > Nick Rosier wrote: > >> Hi, >> >> has anyone figured out how to use the dovecot-antispam plugin with >> sa-learn? I need to pass the username (user at domain.tld) to sa-learn and >> --ham or --spam depending on the move. I was thinking of using the CRM14 >> option and replace the command and arguments but cannot find anything >> about the ability to pass the username. >> Any pointers would be welcome. >> >> N. > Write a wrapper on sa-learn. The script should parse env first and that exec learning with appropriative args, like: > antispam_mail_sendmail = /etc/dovecot/plugins/spam.sh > > Scrip, something like: > #!/bin/bash > > ( > env > /tmp/antispam.$$ > /usr/bin/sa-learn $@ > exit 0 > ) > search for PWD environment in /tmp/antispam.$$ . > > I use the dspam backend and pass the user into the commandline with %u, which seems to work, but is not documented in the man page. To be clear, this is with the plugin from: http://wiki2.dovecot.org/Plugins/Antispam -- Regards, Tom From a.chapellon at horoa.net Wed Aug 17 13:03:42 2011 From: a.chapellon at horoa.net (Alexandre Chapellon) Date: Wed, 17 Aug 2011 12:03:42 +0200 Subject: [Dovecot] May Dovecot help in users education Message-ID: <4E4B91FE.6030002@horoa.net> Hello, I was wondering if dovecot could help me in my project to smoothly make all my users switch to TLS encrypted POP / IMAP sessions and forget about cleartext. My first idea was to setup dovecot as a POP/IMAP proxy for my mailhosts and ask dovecot to display a warning message or slowdown non TLS sessions. Is there any way to achieve this with dovecot? Does anybody have another idea smoothly force used to switch to TLS? Regards. -- -------------- next part -------------- A non-text attachment was scrubbed... Name: horoa_sig.png Type: image/png Size: 6693 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: a_chapellon.vcf Type: text/x-vcard Size: 373 bytes Desc: not available URL: From r.vicinus at metaways.de Wed Aug 17 14:42:27 2011 From: r.vicinus at metaways.de (Reinhard Vicinus) Date: Wed, 17 Aug 2011 11:42:27 +0000 Subject: [Dovecot] Segmentation fault in dovecot director lmtp service Message-ID: <20110817114228.2705AA0D2@mx04.metaways.net> Hi, the lmtp service of our dovecot director installation quits with a segmentation fault if a lot of mails are simultaneously delivered. For example if the postfix mailqueue is filled (for whatever reason) and postqueue -f is run the lmtp service quits with a segmentation fault: Program terminated with signal 11, Segmentation fault. #0? o_stream_cork (stream=0x0) at ostream.c:75 75????????????? if (unlikely(stream->closed)) (gdb) backtrace #0? o_stream_cork (stream=0x0) at ostream.c:75 #1? 0x00007fa6e6af45d9 in lmtp_client_send_more (client=0x2435870) at lmtp-client.c:596 #2? 0x0000000002434170 in ?? () #3? 0x00000000004070d9 in proxy_send_more (proxy=0x2435870) at lmtp-proxy.c:390 #4? lmtp_proxy_data_input (proxy=0x2435870) at lmtp-proxy.c:444 #5? 0x00007fa6e6af456f in lmtp_client_send_data (client=0x24347a0) at lmtp-client.c:306 #6? 0x0000000002434f98 in ?? () #7? 0xffffffffe6af73c5 in ?? () #8? 0x0000000002434840 in ?? () #9? 0x0000000000000000 in ?? () I don't have any ideas why the stream is 0. The configuration of the dovecot director installation is attached. Please let me know if i shall provide any more information or test something. Kind regards Reinhard -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: dovecot-director-conf.txt URL: From thierry at mailhub.co.za Wed Aug 17 15:12:54 2011 From: thierry at mailhub.co.za (Thierry de Montaudry) Date: Wed, 17 Aug 2011 14:12:54 +0200 Subject: [Dovecot] Segmentation fault in dovecot director lmtp service In-Reply-To: <20110817114228.2705AA0D2@mx04.metaways.net> References: <20110817114228.2705AA0D2@mx04.metaways.net> Message-ID: On 17 Aug 2011, at 13:42, Reinhard Vicinus wrote: > Hi, > > > the lmtp service of our dovecot director installation quits with a > segmentation fault if a lot of mails are simultaneously delivered. > For example if the postfix mailqueue is filled (for whatever reason) > and postqueue -f is run the lmtp service quits with a segmentation > fault: > > > Program terminated with signal 11, Segmentation fault. > > #0 o_stream_cork (stream=0x0) at ostream.c:75 > > 75 if (unlikely(stream->closed)) > > (gdb) backtrace > > #0 o_stream_cork (stream=0x0) at ostream.c:75 > > #1 0x00007fa6e6af45d9 in lmtp_client_send_more (client=0x2435870) > at lmtp-client.c:596 > > #2 0x0000000002434170 in ?? () > > #3 0x00000000004070d9 in proxy_send_more (proxy=0x2435870) at > lmtp-proxy.c:390 > > #4 lmtp_proxy_data_input (proxy=0x2435870) at lmtp-proxy.c:444 > > #5 0x00007fa6e6af456f in lmtp_client_send_data (client=0x24347a0) > at lmtp-client.c:306 > > #6 0x0000000002434f98 in ?? () > > #7 0xffffffffe6af73c5 in ?? () > > #8 0x0000000002434840 in ?? () > > #9 0x0000000000000000 in ?? () > > > I don't have any ideas why the stream is 0. The configuration of the > dovecot director installation is attached. Please let me know if i > shall provide any more information or test something. > > > Kind regards > > Reinhard > Hi, You might need to limit the concurrent deliveries from postfix. Check the maxproc parameter in your master.conf, which is 100 by default. You should reduce it to some lower value, I would say between 10 and 40 depending on your system. That would allow your queues to grow without putting too much stress on the deliveries, even when forcing it with postqueue -f. Regards, Thierry From per at computer.org Wed Aug 17 15:43:49 2011 From: per at computer.org (Per Jessen) Date: Wed, 17 Aug 2011 14:43:49 +0200 Subject: [Dovecot] Segmentation fault in dovecot director lmtp service References: <20110817114228.2705AA0D2@mx04.metaways.net> Message-ID: Thierry de Montaudry wrote: > On 17 Aug 2011, at 13:42, Reinhard Vicinus wrote: > >> Hi, >> >> >> the lmtp service of our dovecot director installation quits with a >> segmentation fault if a lot of mails are simultaneously delivered. >> For example if the postfix mailqueue is filled (for whatever >> reason) and postqueue -f is run the lmtp service quits with a >> segmentation fault: >> >> >> Program terminated with signal 11, Segmentation fault. >> >> #0 o_stream_cork (stream=0x0) at ostream.c:75 >> >> 75 if (unlikely(stream->closed)) >> >> (gdb) backtrace >> >> #0 o_stream_cork (stream=0x0) at ostream.c:75 >> >> #1 0x00007fa6e6af45d9 in lmtp_client_send_more (client=0x2435870) >> at lmtp-client.c:596 >> >> #2 0x0000000002434170 in ?? () >> >> #3 0x00000000004070d9 in proxy_send_more (proxy=0x2435870) at >> lmtp-proxy.c:390 >> >> #4 lmtp_proxy_data_input (proxy=0x2435870) at lmtp-proxy.c:444 >> >> #5 0x00007fa6e6af456f in lmtp_client_send_data (client=0x24347a0) >> at lmtp-client.c:306 >> >> #6 0x0000000002434f98 in ?? () >> >> #7 0xffffffffe6af73c5 in ?? () >> >> #8 0x0000000002434840 in ?? () >> >> #9 0x0000000000000000 in ?? () >> >> >> I don't have any ideas why the stream is 0. The configuration of >> the dovecot director installation is attached. Please let me know >> if i shall provide any more information or test something. >> >> >> Kind regards >> >> Reinhard >> > > > Hi, > > You might need to limit the concurrent deliveries from postfix. > Check the maxproc parameter in your master.conf, which is 100 by > default. You should reduce it to some lower value, I would say between > 10 and 40 depending on your system. That would allow your queues to > grow without putting too much stress on the deliveries, even when > forcing it with postqueue -f. Regardless, Reinhard still seem to have stumbled on a bug. /Per Jessen, Z?rich From r.vicinus at metaways.de Wed Aug 17 16:03:03 2011 From: r.vicinus at metaways.de (Reinhard Vicinus) Date: Wed, 17 Aug 2011 15:03:03 +0200 Subject: [Dovecot] Segmentation fault in dovecot director lmtp service In-Reply-To: References: <20110817114228.2705AA0D2@mx04.metaways.net> Message-ID: <4E4BBC07.9050106@metaways.de> On 17/08/11 14:12, Thierry de Montaudry wrote: > On 17 Aug 2011, at 13:42, Reinhard Vicinus wrote: > >> Hi, >> >> >> the lmtp service of our dovecot director installation quits with a >> segmentation fault if a lot of mails are simultaneously delivered. >> For example if the postfix mailqueue is filled (for whatever reason) >> and postqueue -f is run the lmtp service quits with a segmentation >> fault: >> >> >> Program terminated with signal 11, Segmentation fault. >> >> #0 o_stream_cork (stream=0x0) at ostream.c:75 >> >> 75 if (unlikely(stream->closed)) >> >> (gdb) backtrace >> >> #0 o_stream_cork (stream=0x0) at ostream.c:75 >> >> #1 0x00007fa6e6af45d9 in lmtp_client_send_more (client=0x2435870) >> at lmtp-client.c:596 >> >> #2 0x0000000002434170 in ?? () >> >> #3 0x00000000004070d9 in proxy_send_more (proxy=0x2435870) at >> lmtp-proxy.c:390 >> >> #4 lmtp_proxy_data_input (proxy=0x2435870) at lmtp-proxy.c:444 >> >> #5 0x00007fa6e6af456f in lmtp_client_send_data (client=0x24347a0) >> at lmtp-client.c:306 >> >> #6 0x0000000002434f98 in ?? () >> >> #7 0xffffffffe6af73c5 in ?? () >> >> #8 0x0000000002434840 in ?? () >> >> #9 0x0000000000000000 in ?? () >> >> >> I don't have any ideas why the stream is 0. The configuration of the >> dovecot director installation is attached. Please let me know if i >> shall provide any more information or test something. >> >> >> Kind regards >> >> Reinhard >> > > Hi, > > You might need to limit the concurrent deliveries from postfix. > Check the maxproc parameter in your master.conf, which is 100 by default. You should reduce it to some lower value, I would say between 10 and 40 depending on your system. That would allow your queues to grow without putting too much stress on the deliveries, even when forcing it with postqueue -f. > > Regards, > > Thierry Hi, i don't think this problem is load related, because the load on the mail servers is generally around 0.1-0.2, the queue contained only 22 messages and the only reason the queues was growing were that i stopped the dovecot director instance on this mailserver. Kind regards Reinhard From julio at psi.com.br Wed Aug 17 16:23:24 2011 From: julio at psi.com.br (Julio Cesar Covolato) Date: Wed, 17 Aug 2011 10:23:24 -0300 Subject: [Dovecot] mail spool filesystem Message-ID: <4E4BC0CC.5010908@psi.com.br> Hi! I?m about to migrate a system whith 5000 accounts whith (~ 500GB) from "postfix/courier-imap/maildrop/mysql" to a new hardware whith "postfix/dovecot/dovecot/mysql". I?ll make a separate partition (raid 1) for the mail spool (/var/spool/vmail) and want to now what type of filesystem to use on it to increase performance. I read that XFS is a good choice, but is not too reliable... Any sugestions? Thanks in advance, -- ----------------------------- _ Julio Cesar Covolato 0v0 /(_)\ F: 55-11-3129-3366 ^ ^ PSI INTERNET ----------------------------- From marcin at mejor.pl Wed Aug 17 16:52:41 2011 From: marcin at mejor.pl (=?UTF-8?B?TWFyY2luIE1pcm9zxYJhdw==?=) Date: Wed, 17 Aug 2011 15:52:41 +0200 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4BC0CC.5010908@psi.com.br> References: <4E4BC0CC.5010908@psi.com.br> Message-ID: <4E4BC7A9.5090505@mejor.pl> W dniu 17.08.2011 15:23, Julio Cesar Covolato pisze: > Hi! Hello! > I read that XFS is a good choice, but is not > too reliable... Why? Who wrote this? And when? In 2005 year? :) From joh.hendriks at gmail.com Wed Aug 17 16:56:25 2011 From: joh.hendriks at gmail.com (Johan Hendriks) Date: Wed, 17 Aug 2011 15:56:25 +0200 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4BC0CC.5010908@psi.com.br> References: <4E4BC0CC.5010908@psi.com.br> Message-ID: <4E4BC889.6060807@gmail.com> Julio Cesar Covolato schreef: > . I read that XFS is a good choice, but is not too reliable... > I did not know FreeBSD had XFS. Well serieus now, be a little more specific. Which OS and so on. regards, Johan Hendriks From a.chapellon at horoa.net Wed Aug 17 17:00:04 2011 From: a.chapellon at horoa.net (Alexandre Chapellon) Date: Wed, 17 Aug 2011 16:00:04 +0200 Subject: [Dovecot] May Dovecot help in users education In-Reply-To: <4E4B91FE.6030002@horoa.net> References: <4E4B91FE.6030002@horoa.net> Message-ID: <4E4BC964.1060905@horoa.net> Hello, I was wondering if dovecot could help me in my project to smoothly make all my users switch to TLS encrypted POP / IMAP sessions and forget about cleartext. My first idea was to setup dovecot as a POP/IMAP proxy for my mailhosts and ask dovecot to display a warning message or slowdown non TLS sessions. Is there any way to achieve this with dovecot? Does anybody have another idea smoothly force used to switch to TLS? Regards. P.S: double posted because previous was HTML and I've seen some MUA fails to display it properly... sorry will only send raw text now. -------------- next part -------------- A non-text attachment was scrubbed... Name: a_chapellon.vcf Type: text/x-vcard Size: 387 bytes Desc: not available URL: From lcaron at lncsa.com Wed Aug 17 17:05:01 2011 From: lcaron at lncsa.com (Laurent CARON) Date: Wed, 17 Aug 2011 16:05:01 +0200 Subject: [Dovecot] May Dovecot help in users education In-Reply-To: <4E4BC964.1060905@horoa.net> References: <4E4B91FE.6030002@horoa.net> <4E4BC964.1060905@horoa.net> Message-ID: <4E4BCA8D.2070902@lncsa.com> On 17/08/2011 16:00, Alexandre Chapellon wrote: > Is there any way to achieve this with dovecot? Does anybody have another > idea smoothly force used to switch to TLS? Hi, Maybe by sending them an email with a deadline for the end of clear text auth support ? If they don't amend their setup they'll be unable to retrieve their emails. Should you want to go the "nicer" way, you could throttle bandwidth to port 110/143 provided you use those for insecure connections. From mstevens at imt-systems.com Wed Aug 17 17:07:25 2011 From: mstevens at imt-systems.com (Morten Stevens) Date: Wed, 17 Aug 2011 16:07:25 +0200 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4BC0CC.5010908@psi.com.br> References: <4E4BC0CC.5010908@psi.com.br> Message-ID: On Wed, 17 Aug 2011 10:23:24 -0300, Julio Cesar Covolato wrote: > I?ll make a separate partition (raid 1) for the mail spool > (/var/spool/vmail) and want to now what type of filesystem to use on > it to increase performance. I read that XFS is a good choice, but is > not too reliable... XFS is reliable. I recommend ext4 or xfs. Both are very good reliable filesystems. You should rather worry about the mailboxformat. The performance difference is much greater than xfs or ext4. Best regards, Morten From a.chapellon at horoa.net Wed Aug 17 17:24:29 2011 From: a.chapellon at horoa.net (Alexandre Chapellon) Date: Wed, 17 Aug 2011 16:24:29 +0200 Subject: [Dovecot] May Dovecot help in users education In-Reply-To: <4E4BCA8D.2070902@lncsa.com> References: <4E4B91FE.6030002@horoa.net> <4E4BC964.1060905@horoa.net> <4E4BCA8D.2070902@lncsa.com> Message-ID: <4E4BCF1D.9080107@horoa.net> Le 17/08/2011 16:05, Laurent CARON a ?crit : > On 17/08/2011 16:00, Alexandre Chapellon wrote: >> Is there any way to achieve this with dovecot? Does anybody have another >> idea smoothly force used to switch to TLS? > > Hi, > > Maybe by sending them an email with a deadline for the end of clear > text auth support ? > > If they don't amend their setup they'll be unable to retrieve their > emails. :)... already tried this in the past and it just don't work... 80% of users never apply changes and prefer getting very angry and call the support. Which is exactly what I want to avoid. > Should you want to go the "nicer" way, you could throttle bandwidth to > port 110/143 provided you use those for insecure connections. This sounds better and I though tc could help going that way, but there is nothing informative in going this way. I know what I ask for seems crappy and probably is out of the scope of what dovecot is supposed to do, but this would be temporary and I wanna make sure it is not possible before digging somewhere else. Thanks -- -------------- next part -------------- A non-text attachment was scrubbed... Name: a_chapellon.vcf Type: text/x-vcard Size: 387 bytes Desc: not available URL: From ejs at shubes.net Wed Aug 17 17:35:06 2011 From: ejs at shubes.net (Eric Shubert) Date: Wed, 17 Aug 2011 07:35:06 -0700 Subject: [Dovecot] May Dovecot help in users education In-Reply-To: <4E4BCF1D.9080107@horoa.net> References: <4E4B91FE.6030002@horoa.net> <4E4BC964.1060905@horoa.net> <4E4BCA8D.2070902@lncsa.com> <4E4BCF1D.9080107@horoa.net> Message-ID: On 08/17/2011 07:24 AM, Alexandre Chapellon wrote: > > > Le 17/08/2011 16:05, Laurent CARON a ?crit : >> On 17/08/2011 16:00, Alexandre Chapellon wrote: >>> Is there any way to achieve this with dovecot? Does anybody have another >>> idea smoothly force used to switch to TLS? >> >> Hi, >> >> Maybe by sending them an email with a deadline for the end of clear >> text auth support ? >> >> If they don't amend their setup they'll be unable to retrieve their >> emails. > :)... already tried this in the past and it just don't work... 80% of > users never apply changes and prefer getting very angry and call the > support. Which is exactly what I want to avoid. > >> Should you want to go the "nicer" way, you could throttle bandwidth to >> port 110/143 provided you use those for insecure connections. > This sounds better and I though tc could help going that way, but there > is nothing informative in going this way. I know what I ask for seems > crappy and probably is out of the scope of what dovecot is supposed to > do, but this would be temporary and I wanna make sure it is not possible > before digging somewhere else. > > Thanks > I think I would write a script that would glean such accounts from the dovecot log, then send them a message every day instructing them how to turn on TLS in order to quit getting this message. A support line to call for help would be nice for those who have difficulty changing their configuration. -- -Eric 'shubes' From adrian at blinkenlights.ch Wed Aug 17 17:42:07 2011 From: adrian at blinkenlights.ch (Adrian Ulrich) Date: Wed, 17 Aug 2011 16:42:07 +0200 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4BC0CC.5010908@psi.com.br> References: <4E4BC0CC.5010908@psi.com.br> Message-ID: <20110817164207.2e9c1d49@echelon.ethz.ch> > I read that XFS is a good choice, but is not > too reliable... Are you using Maildir or MBOX? In any case: XFS would be my last choice: XFS is nice if you are working with large files (> 2GB), but for E-Mail i'd stick with ext3 (or maybe even reiser3) as it works very well with small files. If performance is a problem (iostat output?): Mount it with 'noatime' or/and use a special device for the journal. Regards, Adrian From a.chapellon at horoa.net Wed Aug 17 17:49:49 2011 From: a.chapellon at horoa.net (Alexandre Chapellon) Date: Wed, 17 Aug 2011 16:49:49 +0200 Subject: [Dovecot] May Dovecot help in users education In-Reply-To: References: <4E4B91FE.6030002@horoa.net> <4E4BC964.1060905@horoa.net> <4E4BCA8D.2070902@lncsa.com> <4E4BCF1D.9080107@horoa.net> Message-ID: <4E4BD50D.6010102@horoa.net> Le 17/08/2011 16:35, Eric Shubert a ?crit : > On 08/17/2011 07:24 AM, Alexandre Chapellon wrote: >> >> >> Le 17/08/2011 16:05, Laurent CARON a ?crit : >>> On 17/08/2011 16:00, Alexandre Chapellon wrote: >>>> Is there any way to achieve this with dovecot? Does anybody have >>>> another >>>> idea smoothly force used to switch to TLS? >>> >>> Hi, >>> >>> Maybe by sending them an email with a deadline for the end of clear >>> text auth support ? >>> >>> If they don't amend their setup they'll be unable to retrieve their >>> emails. >> :)... already tried this in the past and it just don't work... 80% of >> users never apply changes and prefer getting very angry and call the >> support. Which is exactly what I want to avoid. >> >>> Should you want to go the "nicer" way, you could throttle bandwidth to >>> port 110/143 provided you use those for insecure connections. >> This sounds better and I though tc could help going that way, but there >> is nothing informative in going this way. I know what I ask for seems >> crappy and probably is out of the scope of what dovecot is supposed to >> do, but this would be temporary and I wanna make sure it is not possible >> before digging somewhere else. >> >> Thanks >> > > I think I would write a script that would glean such accounts from the > dovecot log, then send them a message every day instructing them how > to turn on TLS in order to quit getting this message. A support line > to call for help would be nice for those who have difficulty changing > their configuration. > I didn't think about that.... It's quite basic but i like that. Thanks -- -------------- next part -------------- A non-text attachment was scrubbed... Name: a_chapellon.vcf Type: text/x-vcard Size: 387 bytes Desc: not available URL: From holdenhao at gmail.com Wed Aug 17 18:08:52 2011 From: holdenhao at gmail.com (Holden Hao) Date: Wed, 17 Aug 2011 23:08:52 +0800 Subject: [Dovecot] Duplicate Email with Dovecot Sieve Message-ID: I am trying to use Dovecot Sieve after upgrading Dovecot from 1.0.15 to 1.2.17. I used the same config file from the old version but I added some entries to make sieve work. In my initial tests, sieve works and is able to do the actions that I set it to do. However, I get 2 copies of incoming emails. The inbox would always preserve a copy even if the sieve filter is set to transfer emails to another folder or redirect it to another address. The logs do not seem to report any issues. I don't know what causes the problem and I would appreciate some pointers. Here are some more details of my setup: OS: Linux 2.6.24.2 Dovecot: 1.2.17 Dovecot Sieve:0.1.19 Manage Sieve:0.11.13 MTA: Qmail 1.03 dovecot -n ---------------------------------------------------------------------------- # 1.2.17: /usr/local/etc/dovecot.conf # OS: Linux 2.6.24.2 i686 Debian lenny/sid log_path: /var/log/dovecot.log log_timestamp: protocols: imap pop3 imaps pop3s managesieve ssl_cert_file: /var/dir/etc/certificates/server.crt ssl_key_file: /var/dir/etc/certificates/server.key disable_plaintext_auth: no login_dir: /usr/local/var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login login_executable(managesieve): /usr/local/libexec/dovecot/managesieve-login login_greeting: Welcome login_process_size: 32 verbose_proctitle: yes first_valid_uid: 1000 mail_location: maildir:~/Maildir mail_debug: yes mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_executable(managesieve): /usr/local/libexec/dovecot/managesieve mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugins(managesieve): mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 mail_plugin_dir(managesieve): /usr/local/lib/dovecot/managesieve imap_client_workarounds(default): outlook-idle imap_client_workarounds(imap): outlook-idle imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_uidl_format(default): %08Xu%08Xv pop3_uidl_format(imap): %08Xu%08Xv pop3_uidl_format(pop3): UID%u-%v pop3_uidl_format(managesieve): %08Xu%08Xv managesieve_logout_format(default): bytes=%i/%o managesieve_logout_format(imap): bytes=%i/%o managesieve_logout_format(pop3): bytes=%i/%o managesieve_logout_format(managesieve): bytes ( in=%i : out=%o ) namespace: type: private separator: . prefix: INBOX. location: maildir:~/Maildir inbox: yes list: yes subscriptions: yes lda: postmaster_address: postmaster at xxxxxxxxxx.org mail_plugin_dir: /usr/local/lib/dovecot/lda mail_plugins: quota sieve sendmail_path: /var/qmail/bin/sendmail log_path: /var/log/dovecot-deliver-errors.log info_log_path: /var/log/dovecot-deliver.log auth default: verbose: yes passdb: driver: checkpassword args: /var/qmail/bin/auth_pop userdb: driver: prefetch plugin: quota: maildir sieve: ~/.dovecot.sieve sieve_dir: ~/sieve -------------------------------------------------------------------- from: dovecot-deliver.log -------------------------------------------------------------------- deliver(user): Info: Loading modules from directory: /usr/local/lib/dovecot/lda deliver(user): Info: Module loaded: /usr/local/lib/dovecot/lda/lib10_quota_plugin.so deliver(user): Info: Module loaded: /usr/local/lib/dovecot/lda/lib90_sieve_plugin.so deliver(user): Info: Quota root: name= backend=maildir args= deliver(user): Info: Namespace: type=private, prefix=INBOX., sep=., inbox=yes, hidden=no, list=1, subscriptions=yes deliver(user): Info: maildir: data=/home/user/Maildir deliver(user): Info: maildir++: root=/home/user/Maildir, index=, control=, inbox=/home/user/Maildir deliver(user): Info: sieve: using sieve path for user's script: /home/user/.dovecot.sieve deliver(user): Info: sieve: opening script /home/user/.dovecot.sieve deliver(user): Info: sieve: executing compiled script /home/user/.dovecot.sieve deliver(user): Info: sieve: msgid=< CAJNnNYmQpmEopFfT3+_qHvXYxf3v-4bzv9ojJqGfRtcddnTg8g at mail.gmail.com>: stored mail into mailbox 'Inbox.Test' Thanks in advance for your replies. Holden From floeff at gmail.com Wed Aug 17 20:04:58 2011 From: floeff at gmail.com (Florian Effenberger) Date: Wed, 17 Aug 2011 19:04:58 +0200 Subject: [Dovecot] sender for Sieve vacation message Message-ID: Hello, is it possible to define the sender for the Dovecot Sieve implementation's vacation extension? It seems to be impossible to add, e.g., a name, or choose a different sender address. Thanks, Florian From floeff at gmail.com Wed Aug 17 20:06:37 2011 From: floeff at gmail.com (Florian Effenberger) Date: Wed, 17 Aug 2011 19:06:37 +0200 Subject: [Dovecot] sender for Sieve vacation message In-Reply-To: References: Message-ID: Hello, 2011/8/17 Florian Effenberger : > is it possible to define the sender for the Dovecot Sieve > implementation's vacation extension? It seems to be impossible to add, > e.g., a name, or choose a different sender address. to be precisely: I am talking about the "From" header. Florian From noel.butler at ausics.net Thu Aug 18 01:32:36 2011 From: noel.butler at ausics.net (Noel Butler) Date: Thu, 18 Aug 2011 08:32:36 +1000 Subject: [Dovecot] May Dovecot help in users education In-Reply-To: <4E4BCA8D.2070902@lncsa.com> References: <4E4B91FE.6030002@horoa.net> <4E4BC964.1060905@horoa.net> <4E4BCA8D.2070902@lncsa.com> Message-ID: <1313620356.7169.12.camel@tardis> On Wed, 2011-08-17 at 16:05 +0200, Laurent CARON wrote: > On 17/08/2011 16:00, Alexandre Chapellon wrote: > > Is there any way to achieve this with dovecot? Does anybody have another > > idea smoothly force used to switch to TLS? > > Hi, > > Maybe by sending them an email with a deadline for the end of clear text > auth support ? > This is the best method, give them at least 30 days notice (preferably 90 days), the notices should include a link to a kb/support site showing them how, not doing this will clog up your support lines for sure. Send subsequent warning notices, with slightly stronger language each time, at 21 days, 14 days and 7 days, 3 days and 1 day. We did this when we cut out relaying for IP's and moved entirely to smtp auth, so its much the same thing - getting them to change settings. A safe guard though, if you tell them, say 1st October cut off, don't actually cut off until a week or two after. Yes, you'll still find some have not done it, but that's the nature of some people. > If they don't amend their setup they'll be unable to retrieve their emails. > > Should you want to go the "nicer" way, you could throttle bandwidth to > port 110/143 provided you use those for insecure connections. > That's not the right thing to do, TLS uses those ports too, it's SSL that does not, and it's pointless using other ports, you'll end up creating more problems than what it's worth. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From stephan at rename-it.nl Thu Aug 18 10:30:00 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 18 Aug 2011 00:30:00 -0700 Subject: [Dovecot] sender for Sieve vacation message In-Reply-To: References: Message-ID: <4E4CBF78.8060308@rename-it.nl> On 8/17/2011 10:06 AM, Florian Effenberger wrote: > Hello, > > 2011/8/17 Florian Effenberger: > >> is it possible to define the sender for the Dovecot Sieve >> implementation's vacation extension? It seems to be impossible to add, >> e.g., a name, or choose a different sender address. > to be precisely: I am talking about the "From" header. You can use the :from parameter, e.g.: require "vacation"; vacation :from "floeff at gmail.com" "Not here at the moment!"; Read RFC5230 (http://tools.ietf.org/html/rfc5230) for more info. Regards, Stephan. From stephan at rename-it.nl Thu Aug 18 10:37:00 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 18 Aug 2011 00:37:00 -0700 Subject: [Dovecot] Duplicate Email with Dovecot Sieve In-Reply-To: References: Message-ID: <4E4CC11C.5050307@rename-it.nl> On 8/17/2011 8:08 AM, Holden Hao wrote: > from: dovecot-deliver.log > -------------------------------------------------------------------- > deliver(user): Info: Loading modules from directory: > /usr/local/lib/dovecot/lda > deliver(user): Info: Module loaded: > /usr/local/lib/dovecot/lda/lib10_quota_plugin.so > deliver(user): Info: Module loaded: > /usr/local/lib/dovecot/lda/lib90_sieve_plugin.so > deliver(user): Info: Quota root: name= backend=maildir args= > deliver(user): Info: Namespace: type=private, prefix=INBOX., sep=., > inbox=yes, hidden=no, list=1, subscriptions=yes > deliver(user): Info: maildir: data=/home/user/Maildir > deliver(user): Info: maildir++: root=/home/user/Maildir, index=, control=, > inbox=/home/user/Maildir > deliver(user): Info: sieve: using sieve path for user's script: > /home/user/.dovecot.sieve > deliver(user): Info: sieve: opening script /home/user/.dovecot.sieve > deliver(user): Info: sieve: executing compiled script > /home/user/.dovecot.sieve > deliver(user): Info: sieve: msgid=< > CAJNnNYmQpmEopFfT3+_qHvXYxf3v-4bzv9ojJqGfRtcddnTg8g at mail.gmail.com>: stored > mail into mailbox 'Inbox.Test' Hmm, odd. The above log only shows one delivery. I would expect a duplicate entry there when Dovecot is causing this. You can enable mail_debug to see whether that shows more. Also, the user log (~/.dovecot.sieve.log) could contain other info. But, I don't expect much more from that. Are you perhaps doing something interesting at MTA level? Regards, Stephan. From sven at svenhartge.de Thu Aug 18 02:25:09 2011 From: sven at svenhartge.de (Sven Hartge) Date: Thu, 18 Aug 2011 01:25:09 +0200 Subject: [Dovecot] mail spool filesystem References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> Message-ID: <1h83k77s2i5v8@mids.svenhartge.de> Adrian Ulrich wrote: >> I read that XFS is a good choice, but is not too reliable... > Are you using Maildir or MBOX? > In any case: XFS would be my last choice: > XFS is nice if you are working with large files (> 2GB), but for > E-Mail i'd stick with ext3 (or maybe even reiser3) as it works very > well with small files. I don't know, but my Courier server (Maildir++ format, 10k users, 12 million mails on server, some users with over 20k mails in one directory/folder) runs _way_ smoother with XFS. I also tested ext4, but this was no large gain over ext3 (with dir_index of course). Gr??e, Sven. -- Sigmentation fault. Core dumped. From nick+dovecot at bunbun.be Thu Aug 18 11:53:05 2011 From: nick+dovecot at bunbun.be (Nick Rosier) Date: Thu, 18 Aug 2011 10:53:05 +0200 Subject: [Dovecot] Dovecot-Antispam 2.0 with SpamAssassin (sa-learn) In-Reply-To: <4E4B74FD.70801@whyscream.net> References: <4E4AD54A.1000507@bunbun.be> <20110817092625.7bf84b43@jimbo> <4E4B74FD.70801@whyscream.net> Message-ID: <4E4CD2F1.6030108@bunbun.be> Tom Hendrikx wrote: > On 17/08/11 08:26, Nikita Koshikov wrote: >> On Tue, 16 Aug 2011 22:38:34 +0200 >> Nick Rosier wrote: >> >>> Hi, >>> >>> has anyone figured out how to use the dovecot-antispam plugin with >>> sa-learn? I need to pass the username (user at domain.tld) to sa-learn and >>> --ham or --spam depending on the move. I was thinking of using the CRM14 >>> option and replace the command and arguments but cannot find anything >>> about the ability to pass the username. >>> Any pointers would be welcome. >>> >>> N. >> Write a wrapper on sa-learn. The script should parse env first and that exec learning with appropriative args, like: >> antispam_mail_sendmail = /etc/dovecot/plugins/spam.sh >> >> Scrip, something like: >> #!/bin/bash >> >> ( >> env> /tmp/antispam.$$ >> /usr/bin/sa-learn $@ >> exit 0 >> ) >> search for PWD environment in /tmp/antispam.$$ . >> >> > > I use the dspam backend and pass the user into the commandline with %u, > which seems to work, but is not documented in the man page. > > To be clear, this is with the plugin from: > http://wiki2.dovecot.org/Plugins/Antispam I've currently got it working with the MailTrain backend. Might consider reconfiguring it to dspam backend as I need to do some ENV parsing to get the user. Using %u as argument to pass to the wrapper would be easier but I couldn't find anything in de documentation as you said. N. From tom at whyscream.net Thu Aug 18 12:10:06 2011 From: tom at whyscream.net (Tom Hendrikx) Date: Thu, 18 Aug 2011 11:10:06 +0200 Subject: [Dovecot] Dovecot-Antispam 2.0 with SpamAssassin (sa-learn) In-Reply-To: <4E4CD2F1.6030108@bunbun.be> References: <4E4AD54A.1000507@bunbun.be> <20110817092625.7bf84b43@jimbo> <4E4B74FD.70801@whyscream.net> <4E4CD2F1.6030108@bunbun.be> Message-ID: <4E4CD6EE.8020905@whyscream.net> On 18/08/11 10:53, Nick Rosier wrote: > Tom Hendrikx wrote: >> On 17/08/11 08:26, Nikita Koshikov wrote: >>> On Tue, 16 Aug 2011 22:38:34 +0200 >>> Nick Rosier wrote: >>> >>>> Hi, >>>> >>>> has anyone figured out how to use the dovecot-antispam plugin with >>>> sa-learn? I need to pass the username (user at domain.tld) to sa-learn and >>>> --ham or --spam depending on the move. I was thinking of using the >>>> CRM14 >>>> option and replace the command and arguments but cannot find anything >>>> about the ability to pass the username. >>>> Any pointers would be welcome. >>>> >>>> N. >>> Write a wrapper on sa-learn. The script should parse env first and >>> that exec learning with appropriative args, like: >>> antispam_mail_sendmail = /etc/dovecot/plugins/spam.sh >>> >>> Scrip, something like: >>> #!/bin/bash >>> >>> ( >>> env> /tmp/antispam.$$ >>> /usr/bin/sa-learn $@ >>> exit 0 >>> ) >>> search for PWD environment in /tmp/antispam.$$ . >>> >>> >> >> I use the dspam backend and pass the user into the commandline with %u, >> which seems to work, but is not documented in the man page. >> >> To be clear, this is with the plugin from: >> http://wiki2.dovecot.org/Plugins/Antispam > I've currently got it working with the MailTrain backend. Might consider > reconfiguring it to dspam backend as I need to do some ENV parsing to > get the user. Using %u as argument to pass to the wrapper would be > easier but I couldn't find anything in de documentation as you said. > > N. > I don't think that the backend has anything to do with the supported variables (http://wiki2.dovecot.org/Variables), but you should check the source to be sure. Maybe Eugene is triggered to create a release when you contribute some documentation on this :) -- Regards, Tom From floeff at gmail.com Thu Aug 18 14:00:55 2011 From: floeff at gmail.com (Florian Effenberger) Date: Thu, 18 Aug 2011 13:00:55 +0200 Subject: [Dovecot] sender for Sieve vacation message In-Reply-To: <4E4CBF78.8060308@rename-it.nl> References: <4E4CBF78.8060308@rename-it.nl> Message-ID: Hi, 2011/8/18 Stephan Bosch : > You can use the :from parameter, e.g.: > > require "vacation"; > vacation :from "floeff at gmail.com" "Not here at the moment!"; > > Read RFC5230 (http://tools.ietf.org/html/rfc5230) for more info. d'oh! Sometimes things are that simply... sorry for the dull question - seems I've read an old RFC where :from wasn't specified yet. Works like a charm now. :) Thanks! Florian From daniel.aschauer at gmail.com Thu Aug 18 14:49:24 2011 From: daniel.aschauer at gmail.com (Daniel Aschauer) Date: Thu, 18 Aug 2011 13:49:24 +0200 Subject: [Dovecot] dovecot with pam - ldap Message-ID: I am running dovecot v1.2.10 on a FreeBSD server and I am facing problems authenticating using pam. I always get the error message, although I do provide the right password: pam_authenticate() failed: authentication error (password mismatch?) I use /etc/pam.d/imap: # # PAM configuration for the "imap" service # # auth auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass # account account required pam_unix.so and my config: srvfbsd01# dovecot -n # 1.2.10: /usr/local/etc/dovecot.conf # OS: FreeBSD 8.0-RELEASE-p2 amd64 protocols: imap ssl: no disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login verbose_proctitle: yes first_valid_uid: 1000 first_valid_gid: 0 mail_location: maildir:~/Maildir namespace: type: private separator: . inbox: yes list: yes subscriptions: yes namespace: type: public separator: . prefix: Public. location: maildir:/home/vmail/public list: yes auth default: debug: yes passdb: driver: pam args: failure_show_msg=yes cache_key=%u imap passdb: driver: passwd-file args: /usr/local/etc/dovecot/vmail userdb: driver: passwd userdb: driver: passwd-file args: /usr/local/etc/dovecot/vmail Logging: Aug 18 12:48:10 srvfbsd01 dovecot: auth(default): passwd-file /usr/local/etc/dovecot/vmail: Read 6 users Aug 18 12:48:10 srvfbsd01 dovecot: auth-worker(default): passwd-file /usr/local/etc/dovecot/vmail: Read 6 users Aug 18 12:48:11 srvfbsd01 dovecot: auth(default): new auth connection: pid=3690 Aug 18 12:48:11 srvfbsd01 dovecot: auth(default): new auth connection: pid=3688 Aug 18 12:48:11 srvfbsd01 dovecot: auth(default): new auth connection: pid=3689 Aug 18 12:48:14 srvfbsd01 dovecot: auth(default): client in: AUTH 1 PLAIN service=imap lip=10.0.10.150 rip=10.0.10.71 lport=143 rport=3583 Aug 18 12:48:14 srvfbsd01 dovecot: auth(default): client out: CONT 1 Aug 18 12:48:14 srvfbsd01 dovecot: auth(default): client in: CONT Aug 18 12:48:14 srvfbsd01 dovecot: auth-worker(default): pam(daniel,10.0.10.71): lookup service=imap Aug 18 12:48:14 srvfbsd01 dovecot: auth-worker(default): pam(daniel,10.0.10.71): #1/1 style=1 msg=Password: Aug 18 12:48:14 srvfbsd01 dovecot: auth-worker(default): pam(daniel,10.0.10.71): pam_authenticate() failed: authentication error (password mismatch?) Aug 18 12:48:14 srvfbsd01 dovecot: auth(default): passwd-file(daniel,10.0.10.71): lookup: user=daniel file=/usr/local/etc/dovecot/vmail Aug 18 12:48:14 srvfbsd01 dovecot: auth(default): passwd-file(daniel,10.0.10.71): unknown user Aug 18 12:48:14 srvfbsd01 dovecot: auth(default): new auth connection: pid=3691 Aug 18 12:48:16 srvfbsd01 dovecot: auth(default): client out: FAIL 1 user=daniel Aug 18 12:48:21 srvfbsd01 dovecot: auth(default): client in: AUTH 2 PLAIN service=imap lip=10.0.10.150 rip=10.0.10.71 lport=143 rport=3583 resp= Aug 18 12:48:21 srvfbsd01 dovecot: auth-worker(default): pam(daniel,10.0.10.71): lookup service=imap Aug 18 12:48:21 srvfbsd01 dovecot: auth-worker(default): pam(daniel,10.0.10.71): #1/1 style=1 msg=Password: Aug 18 12:48:21 srvfbsd01 dovecot: auth-worker(default): pam(daniel,10.0.10.71): pam_authenticate() failed: authentication error (password mismatch?) Aug 18 12:48:21 srvfbsd01 dovecot: auth(default): passwd-file(daniel,10.0.10.71): lookup: user=daniel file=/usr/local/etc/dovecot/vmail Aug 18 12:48:21 srvfbsd01 dovecot: auth(default): passwd-file(daniel,10.0.10.71): unknown user Aug 18 12:48:23 srvfbsd01 dovecot: auth(default): client out: FAIL 2 user=daniel From kzorba at otenet.gr Thu Aug 18 16:03:24 2011 From: kzorba at otenet.gr (Kostas Zorbadelos) Date: Thu, 18 Aug 2011 16:03:24 +0300 Subject: [Dovecot] Bug report v2.0.13 - CentOS x86_64 - NFS - mbox - Problem reproduced In-Reply-To: <4E4A73AE.7090402@otenet.gr> References: <4E294AC0.2060706@otenet.gr> <4E425874.6040507@otenet.gr> <1313355050.10421.1285.camel@hurina> <20110815111701.68513psu7vb3wflp@noc.otenet.gr> <4E4A73AE.7090402@otenet.gr> Message-ID: <4E4D0D9C.6000600@otenet.gr> On 08/16/2011 04:42 PM, Kostas Zorbadelos wrote: > On 08/15/2011 11:17 AM, kzorba at otenet.gr wrote: >> Quoting Timo Sirainen: >> OK, we managed to reproduce the problem with the following scenario. Using Thunderbird (3.1.11 if that matters) we set up a mail account using POP served by dovecot. In the account settings we have checked the boxes "Leave messages on server" and "Until I delete them" which is the default setting for new accounts. We make the first POP session and get the mails. We then delete a message (moving it to trash) and try to Get Mails. Dovecot crashes with the aforementioned stack trace (included below). If you again try Get Mail in the client, you get the deleted mail again. It seems to be related to the indexing code since if we change the setting mbox_min_index_size to something bigger than the mailbox (so no cache index files are created) the problem does not appear and the mails get deleted from the server normally. We didn't manage to reproduce the problem with Microsoft Outlook. We 'll keep investigating until we have a fix. Regards, Kostas >>> With a quick test I can't reproduce pop3_lock_session=yes causing a >>> crash. I guess it needs something else besides what I tested. It would >>> be helpful if your Dovecot binaries weren't stripped of debug symbols. I >>> could then ask for some more information from the core dumps with gdb. >>> >> > > Timo, all > > here is a backtrace with debuging symbols in the executables: > > [root at pop08 ]# gdb /opt/dovecot-debug/libexec/dovecot/pop3 core.2929 > GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-32.el5_6.2) > Copyright (C) 2009 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > and "show warranty" for details. > This GDB was configured as "x86_64-redhat-linux-gnu". > For bug reporting instructions, please see: > ... > Reading symbols from /opt/dovecot-debug/libexec/dovecot/pop3...done. > BFD: Warning: /var/mail7/folders/P/K/U/amihal/core.2929 is truncated: expected core file size>= 569344, found: 565248. > Reading symbols from /opt/dovecot-debug/lib/dovecot/libdovecot-storage.so.0...done. > Loaded symbols for /opt/dovecot-debug/lib/dovecot/libdovecot-storage.so.0 > Reading symbols from /opt/dovecot-debug/lib/dovecot/libdovecot.so.0...done. > Loaded symbols for /opt/dovecot-debug/lib/dovecot/libdovecot.so.0 > Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done. > Loaded symbols for /lib64/libdl.so.2 > Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done. > Loaded symbols for /lib64/librt.so.1 > Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done. > Loaded symbols for /lib64/libc.so.6 > Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. > Loaded symbols for /lib64/ld-linux-x86-64.so.2 > Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done. > Loaded symbols for /lib64/libpthread.so.0 > Core was generated by `dovecot/pop3'. > Program terminated with signal 11, Segmentation fault. > #0 istream_raw_mbox_get_start_offset (stream=0x0) at istream-raw-mbox.c:498 > 498 istream-raw-mbox.c: No such file or directory. > in istream-raw-mbox.c > (gdb) bt > #0 istream_raw_mbox_get_start_offset (stream=0x0) at istream-raw-mbox.c:498 > #1 0x00002b4114afc769 in mbox_mail_get_special (_mail=0x1bad8fa0, field=, value_r=0x7fff9600fa88) at mbox-mail.c:198 > #2 0x00002b4114adb2d0 in index_mail_expunge (mail=0x0) at index-mail.c:1503 > #3 0x0000000000405eac in client_update_mails (client=0x1bac4a00) at pop3-commands.c:255 > #4 0x00000000004061d1 in cmd_quit (client=0x1bac4a00, name=0x1baccbd4 "", args=0x406a0c "") at pop3-commands.c:274 > #5 client_command_execute (client=0x1bac4a00, name=0x1baccbd4 "", args=0x406a0c "") at pop3-commands.c:773 > #6 0x00000000004045c9 in client_handle_input (client=0x1bac4a00) at pop3-client.c:628 > #7 0x00002b4114db0698 in io_loop_call_io (io=0x1bac01d0) at ioloop.c:384 > #8 0x00002b4114db19d5 in io_loop_handler_run (ioloop=) at ioloop-epoll.c:213 > #9 0x00002b4114db062d in io_loop_run (ioloop=0x1baa8610) at ioloop.c:405 > #10 0x00002b4114d9ef13 in master_service_run (service=0x1baa84e0, callback=0x1baccbe4) at master-service.c:478 > #11 0x00000000004039a4 in main (argc=1, argv=0x1baa8370) at main.c:252 > (gdb) bt full > #0 istream_raw_mbox_get_start_offset (stream=0x0) at istream-raw-mbox.c:498 > rstream = > __FUNCTION__ = "istream_raw_mbox_get_start_offset" > #1 0x00002b4114afc769 in mbox_mail_get_special (_mail=0x1bad8fa0, field=, value_r=0x7fff9600fa88) at mbox-mail.c:198 > mail = > mbox = 0x1bac97d0 > offset = 0 > #2 0x00002b4114adb2d0 in index_mail_expunge (mail=0x0) at index-mail.c:1503 > value = > guid_128 = "\240\267\252\033\000\000\000\000\001\000\000\000\000\000\000" > #3 0x0000000000405eac in client_update_mails (client=0x1bac4a00) at pop3-commands.c:255 > search_args = 0x0 > ctx = 0x1bace150 > mail = 0x1bad8fa0 > msgnum = 0 > bit = 464309220 > ret = > #4 0x00000000004061d1 in cmd_quit (client=0x1bac4a00, name=0x1baccbd4 "", args=0x406a0c "") at pop3-commands.c:274 > No locals. > #5 client_command_execute (client=0x1bac4a00, name=0x1baccbd4 "", args=0x406a0c "") at pop3-commands.c:773 > No locals. > #6 0x00000000004045c9 in client_handle_input (client=0x1bac4a00) at pop3-client.c:628 > _data_stack_cur_id = 3 > line = 0x1baab872 "QUIT" > args = 0x406a0c "" > ret = > #7 0x00002b4114db0698 in io_loop_call_io (io=0x1bac01d0) at ioloop.c:384 > ioloop = 0x1baa8610 > t_id = 2 > #8 0x00002b4114db19d5 in io_loop_handler_run (ioloop=) at ioloop-epoll.c:213 > ctx = > event = 0x1baa88b0 > list = 0x1bac0220 > io = 0x0 > tv = {tv_sec = 9, tv_usec = 871818} > events_count = > msecs = > ---Type to continue, or q to quit--- > ret = 1 > i = 0 > call = false > #9 0x00002b4114db062d in io_loop_run (ioloop=0x1baa8610) at ioloop.c:405 > No locals. > #10 0x00002b4114d9ef13 in master_service_run (service=0x1baa84e0, callback=0x1baccbe4) at master-service.c:478 > No locals. > #11 0x00000000004039a4 in main (argc=1, argv=0x1baa8370) at main.c:252 > service_flags = > storage_service_flags = MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT > postlogin_socket_path = 0x0 > username = 0x0 > c = > set_roots = {0x4072a0, 0x0} > (gdb) quit > > I have also kept the user's mailbox. I couldn't reproduce the problem by talking > POP3 directly to the server by hand. > > Any ideas? > > Thanks, > > Kostas > >> Hi Timo, >> >> indeed it is a bug that I could not reproduce myself. >> Having debug symbols and producing the stack trace is the next >> logical step and I will work on this tomorrow. >> Since --enable-debug does not work in your configure script, can you >> direct me as to what is needed? Is there an option in configure or >> do I need to mess with the makefiles? >> >> On the other hand, I have found two different bugs. >> Having pop3_lock_session=yes we have the situation described here and also >> of course delays in local deliveries in case a client has an active pop >> session. And I can tell you we have a lot of abusing clients that keep >> hitting our pop servers continuously, or keep connections open for a VERY >> long time. >> >> To address that, we put pop3_lock_session=no. In this case, there is an >> fcntl >> lock leak somewhere. The good news is that we have reproduced that and I >> will >> send relevant information in a different mail. >> I also read the following thread, from a while back: >> >> http://www.dovecot.org/list/dovecot/2009-February/037098.html >> >> Regards, >> >> Kostas >> From holdenhao at gmail.com Thu Aug 18 17:24:11 2011 From: holdenhao at gmail.com (Holden Hao) Date: Thu, 18 Aug 2011 22:24:11 +0800 Subject: [Dovecot] Duplicate Email with Dovecot Sieve In-Reply-To: <4E4CC11C.5050307@rename-it.nl> References: <4E4CC11C.5050307@rename-it.nl> Message-ID: > > Hmm, odd. The above log only shows one delivery. I would expect a > duplicate entry there when Dovecot is causing this. You can enable > mail_debug to see whether that shows more. Also, the user log > (~/.dovecot.sieve.log) could contain other info. But, I don't expect much > more from that. > Thank you for your reply. However, there are no relevant information in dovecot.log (general log file for dovecot) and from ~/dovecot.sieve.log (nothing specific to the transaction) > Are you perhaps doing something interesting at MTA level? > I am not sure as I just took over management of the server and it is not documented. But if it helps here are some log entries from qmail: General Qmail log: @400000004e4d1d7b2965966c info msg 1337024: bytes 2257 from < testuser at gmail.com> qp 15984 uid 113 @400000004e4d1d7b2965a60c starting delivery 62510: msg 1337024 to local user at xxxxxx.org @400000004e4d1d7b2965b5ac status: local 1/10 remote 0/100 @400000004e4d1d7b390469a4 delivery 62510: success: did_1+0+1/ @400000004e4d1d7b3905119c status: local 0/10 remote 0/100 @400000004e4d1d7b39058ab4 end msg 1337024 ---------------------------------------------- Qmail SMTP log: @400000004e4d1d7b0db7cd7c tcpsvd: info: start 15966 mail.xxxxxx.org:xxx.xx.xx.xxx :mail-gx0-f182.google.com:xxx.xx.xxx.xxx:36540 @400000004e4d1d7b0dc8adcc qmail-smtpd 15966: connection from xxx.xx.xxx.xxx (mail-gx0-f182.google.com) to mail.xxxxxx.org @400000004e4d1d7b0dc8c924 qmail-smtpd 15966: enabled options: starttls sanitycheck sendercheck rcptcheck smtp-auth qmailqueue /var/qmail/bin/ qmail-scanner-queue.pl @400000004e4d1d7b0ef4b664 qmail-smtpd 15966: remote ehlo: mail-gx0-f182.google.com @400000004e4d1d7b13dc6384 qmail-smtpd 15966: remote ehlo: mail-gx0-f182.google.com @400000004e4d1d7b15089714 qmail-smtpd 15966: mail from: testuser at gmail.com @400000004e4d1d7b1508f8bc qmail-smtpd 15966: sender verify, sender not in goodmailaddr @400000004e4d1d7b16316b5c qmail-smtpd 15966: rcpt to: user at xxxxxxx.org @400000004e4d1d7b16318e84 qmail-smtpd 15966: recipient verify, recipient not in goodmailaddr @400000004e4d1d7b16319a3c qmail-smtpd 15966: recipient verify, recipient is local @400000004e4d1d7b1646b87c qmail-verfiy: verifying user at xxxxxxx.org @400000004e4d1d7b165e3434 qmail-smtpd 15966: recipient verify OK @400000004e4d1d7b19e73bb4 qmail-smtpd 15966: go ahead @400000004e4d1d7b28fd762c qmail-smtpd 15966: message queued: 1313676657 qp 15968 size 1227 bytes @400000004e4d1d992a04b4cc qmail-smtpd 15966: quit, closing connection @400000004e4d1d992a051674 tcpsvd: info: end 15966 exit 0 @400000004e4d1d992a05222c tcpsvd: info: status 0/20 Any more ideas? Holden From tss at iki.fi Thu Aug 18 18:22:06 2011 From: tss at iki.fi (Timo Sirainen) Date: Thu, 18 Aug 2011 18:22:06 +0300 Subject: [Dovecot] mdbox and doveadm purge In-Reply-To: <44c1fa7d5832d14fe75a7b5b8052f132@imt-systems.com> References: <44c1fa7d5832d14fe75a7b5b8052f132@imt-systems.com> Message-ID: <1313680926.10421.1311.camel@hurina> On Sat, 2011-07-09 at 19:23 +0200, Morten P.D. Stevens wrote: > We are currently testing Dovecot 2.0.13 with mdbox. If I delete large > objects with refcount=0 the index is not updated apparently. Looks like it happens every time. Fixed: http://hg.dovecot.org/dovecot-2.0/rev/1449a2e2c1f5 From mstevens at imt-systems.com Thu Aug 18 19:05:29 2011 From: mstevens at imt-systems.com (Morten Stevens) Date: Thu, 18 Aug 2011 18:05:29 +0200 Subject: [Dovecot] mdbox and doveadm purge In-Reply-To: <1313680926.10421.1311.camel@hurina> References: <44c1fa7d5832d14fe75a7b5b8052f132@imt-systems.com> <1313680926.10421.1311.camel@hurina> Message-ID: <847e794e3cde7b98df16d47f2ad3e82b@imt-systems.com> On Thu, 18 Aug 2011 18:22:06 +0300, Timo Sirainen wrote: > On Sat, 2011-07-09 at 19:23 +0200, Morten P.D. Stevens wrote: > >> We are currently testing Dovecot 2.0.13 with mdbox. If I delete >> large >> objects with refcount=0 the index is not updated apparently. > > Looks like it happens every time. Fixed: > http://hg.dovecot.org/dovecot-2.0/rev/1449a2e2c1f5 Hi Timo, Thanks. This patch will be a part of version 2.0.14? Best regards, Morten From mstevens at imt-systems.com Thu Aug 18 23:55:09 2011 From: mstevens at imt-systems.com (Morten Stevens) Date: Thu, 18 Aug 2011 22:55:09 +0200 Subject: [Dovecot] segfault in dovecot 2.0.9 In-Reply-To: <1307970177.10421.819.camel@hurina> References: <1307970177.10421.819.camel@hurina> Message-ID: <62fb4ed18663e793aa03b0e653751d80@imt-systems.com> On Mon, 13 Jun 2011 16:02:57 +0300, Timo Sirainen wrote: > On Fri, 2011-06-10 at 19:52 +0200, Morten P.D. Stevens wrote: >> Jun 9 00:12:34 mail dovecot: master: Error: service(imap): child >> 8987 >> killed with signal 11 (core dumps disabled) > > There's really no way to know why this happens without a gdb > backtrace. > See http://dovecot.org/bugreport.html > >> # dovecot -n >> # 2.0.9: /etc/dovecot/dovecot.conf > > It's also possible that it has already been fixed in newer versions. Hi Timo, Small update on this: In 6 months the error occurred only once. The bug was not reproducible. There was a BIOS update for IBM servers which fixes the following microcode error: - Fixed : Intel microcode fix for a potential memory addressing error in 64-bit operating mode; it could cause page fault, data loss, data corruption or other unpredictable system behavior. So I am assuming that it was not a Dovecot bug. Best regards, Morten From stan at hardwarefreak.com Fri Aug 19 02:08:47 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Thu, 18 Aug 2011 18:08:47 -0500 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4BC0CC.5010908@psi.com.br> References: <4E4BC0CC.5010908@psi.com.br> Message-ID: <4E4D9B7F.6010707@hardwarefreak.com> On 8/17/2011 8:23 AM, Julio Cesar Covolato wrote: > Hi! > > I?m about to migrate a system whith 5000 accounts whith (~ 500GB) from > "postfix/courier-imap/maildrop/mysql" to a new hardware whith > "postfix/dovecot/dovecot/mysql". > > I?ll make a separate partition (raid 1) for the mail spool > (/var/spool/vmail) and want to now what type of filesystem to use on it > to increase performance. I read that XFS is a good choice, but is not > too reliable... With only a single spindle of seek performance, which is what mirroring (RAID 1) gives you, about 150-300 seeks/second depending on which disks you use, the filesystem will not be a limiting factor, no matter which one you choose. The low IOPS of the disk will limit your performance. Thus, choose the filesystem you are most comfortable, and experienced, in managing. All other factors being equal (proper fit, use, administration, etc) XFS is as reliable, if not more reliable, than any other Linux filesystem. I'm guessing that what you read related to a bug that was fixed in 2007, which previously could cause corruption in certain circumstances, mainly with many transactions in flight during a power failure, i.e. no UPS or a failed UPS. -- Stan From stan at hardwarefreak.com Fri Aug 19 11:48:00 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Fri, 19 Aug 2011 03:48:00 -0500 Subject: [Dovecot] mail spool filesystem In-Reply-To: <20110817164207.2e9c1d49@echelon.ethz.ch> References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> Message-ID: <4E4E2340.4010001@hardwarefreak.com> On 8/17/2011 9:42 AM, Adrian Ulrich wrote: >> I read that XFS is a good choice, but is not >> too reliable... > > Are you using Maildir or MBOX? > > In any case: XFS would be my last choice: > > XFS is nice if you are working with large files (> 2GB), but > for E-Mail i'd stick with ext3 (or maybe even reiser3) > as it works very well with small files. XFS was designed for parallelism, whether with large files or small, though it has been optimized a bit more for large file throughput. In yet another attempt to dispel the XFS "small file problem" myth, XFS has never had a performance problem with "small" files. In the past XFS did have a performance problem with large metadata operations due to the way the delayed allocation had been designed. The perennial example of this was the horrible unlink performance when whacking a kernel tree with 'rm -rf'. It used to take forever, multiple tens of times slower than Reiser or EXT. This metadata bottleneck in the delayed allocation path was largely resolved by Dave Chinner's delayed logging patch which was experimental in 2.6.35 and is enabled by default in 2.6.39 and later. XFS metadata performance is now on par with that of EXT3/4. Because of this, and XFS' use of allocation groups, today, for a busy IMAP server with lots of maildir mailboxen, one of the highest performance storage stack setups is the following: 1. A dozen or more hardware or software RAID1 mirrors 2. A linear concat over the mirrors 3. XFS with 2*num_mirrors allocation groups, mounted with 'inode64' 4. maildir mailboxes This setup will give you significantly higher real IOPS than any striped array setup with any filesystem atop, for a couple of reasons: 1. No partial stripe width writes, and no unnecessary full stripe reads. All reads and writes match the page size and filesystem block size of 4KB. 2. In the example above, you have two AGs per mirror pair, 24 total AGs on 12 mirrors. The first two maildir directories will be created in AGs 1 and 2 on the first mirror. The second two in AGs 3 & 4 on the 2nd mirror pair, and so on. The 25th/26th directories will 'wrap' back to AGs 1 & 2 and the directory creation pattern will continue. Because of its allocation group design XFS is the only filesystem that can accomplish this level of parallelism with a concatenated array and small email files. All others must rely on striped arrays, either RAID10 or 5/6. These come with the inefficiencies of writing/reading files as small as 2KB on a stripe ranging from 256KB-1MB or larger, depending on the number of disks in the array and the chosen stripe size. If you have a high write load, the Linux allocator will pack multiple files into a single stripe, but one rarely sees 100% efficiency here. Even at 100% on writes, at low read rates, you end up reading a lot of full 256KB-1MB stripes just to get a 2KB file, wasting bandwidth and filling up the buffer cache with unneeded data, not to mention any read cache on your hardware RAID controller or SAN head. The only potential downside to this setup is the rare situation where your current logged in users all have their mailbox in the same AG or two AGs on the same spindle. I've yet to see this happen, though it is a theoretical possibility, though the probability is extremely low. -- Stan From amateo at um.es Fri Aug 19 12:13:21 2011 From: amateo at um.es (Angel L. Mateo) Date: Fri, 19 Aug 2011 11:13:21 +0200 Subject: [Dovecot] Update indexes with dovecot 1.1 Message-ID: <4E4E2931.9020303@um.es> Hello, I have a farm of dovecot 1.1 servers (debian lenny). Mailboxes are in Maildir format. Is there any way to manually update indexes? Does it worth? I mean... Our problem is that mail is delivered via dovecot lda, but, because we have a farm of servers, we don't guarantee that mail is delivered through the same server that the user is using for his imap connection, so the imap server could have this index unupdated. So I want to force an update (or at least nearly updated) in order to have the index updated in all servers at the time the user get to work. -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From voytek at sbt.net.au Fri Aug 19 13:11:29 2011 From: voytek at sbt.net.au (voytek at sbt.net.au) Date: Fri, 19 Aug 2011 21:11:29 +1100 Subject: [Dovecot] ot: iPhone crashed, re-downloading all messages Message-ID: <1d823fe9127254a3b79cfc6002db816f.squirrel@sbt.net.au> I have a 'problem', after iPhone lockup/reset, iPhone now wanting to re-download hundreds of messages of Dovecot 1.x server, is there any fix to reset iPhone counter or ?? From pw at wk-serv.de Fri Aug 19 13:15:37 2011 From: pw at wk-serv.de (Patrick Westenberg) Date: Fri, 19 Aug 2011 12:15:37 +0200 Subject: [Dovecot] Update indexes with dovecot 1.1 In-Reply-To: <4E4E2931.9020303@um.es> References: <4E4E2931.9020303@um.es> Message-ID: On Fri, 19 Aug 2011 11:13:21 +0200, "Angel L. Mateo" wrote: > Is there any way to manually update indexes? As far as I understood, you just have to delete the index files and Dovecot will regenerate them when a user logs in the next time. Regards Patrick From amateo at um.es Fri Aug 19 13:35:59 2011 From: amateo at um.es (Angel L. Mateo) Date: Fri, 19 Aug 2011 12:35:59 +0200 Subject: [Dovecot] Update indexes with dovecot 1.1 In-Reply-To: References: <4E4E2931.9020303@um.es> Message-ID: <4E4E3C8F.6070107@um.es> El 19/08/11 12:15, Patrick Westenberg escribi?: > On Fri, 19 Aug 2011 11:13:21 +0200, "Angel L. Mateo" wrote: > >> Is there any way to manually update indexes? > > As far as I understood, you just have to delete the index files and > Dovecot will regenerate them when a user logs in the next time. > But I want the index to be generated (or updated) before the user login. -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From kunal.gurukul at gmail.com Fri Aug 19 13:37:46 2011 From: kunal.gurukul at gmail.com (kunal verma) Date: Fri, 19 Aug 2011 16:07:46 +0530 Subject: [Dovecot] dovecot deadlock with procmail Message-ID: I m using dovecot 1.0.7. I m having problems in mail delivery to my mail server locally. When a user sends a mail few mails are in mail Q for longer period of time. The local delivery agent(*procmail*) is trying to deliver the mail at regular interval but it is unable to deliver. But as soon as I *restart* *dovecot* the mails in the Q are delivered immediately. I suspect it is because of locking of *mbox* file of users by dovecot. How to overcome this problem as mails are some mails are taking hours to be delivered?? please let me know the solution. Kunal Verma From kzorba at otenet.gr Fri Aug 19 17:52:36 2011 From: kzorba at otenet.gr (Kostas Zorbadelos) Date: Fri, 19 Aug 2011 17:52:36 +0300 Subject: [Dovecot] Bug report v2.0.13 - CentOS x86_64 - NFS - mbox - Problem reproduced In-Reply-To: <4E4D0D9C.6000600@otenet.gr> References: <4E294AC0.2060706@otenet.gr> <4E425874.6040507@otenet.gr> <1313355050.10421.1285.camel@hurina> <20110815111701.68513psu7vb3wflp@noc.otenet.gr> <4E4A73AE.7090402@otenet.gr> <4E4D0D9C.6000600@otenet.gr> Message-ID: <4E4E78B4.9070102@otenet.gr> The problem is more easily introduced than I imagined. Included attached is an example mailbox containing just 3 mails. Use it to make a couple of POP sessions. Make sure indexes are generated for it by setting appropriately mbox_min_index_size e.g. mbox_min_index_size = 2k Now, in the first session just generate the indexes and quit kzorba at enigma(1)[05:23 PM]~->telnet dovecot-dev 110 Trying ... Connected to dovecot-dev. Escape character is '^]'. +OK OTENET ready user kzorba1 +OK pass XXXXXXX +OK Logged in. LIST +OK 3 messages: 1 812 2 821 3 816 . quit +OK Logging out. Connection closed by foreign host. In the second session we LIST and try to DELE a message kzorba at enigma(1)[05:25 PM]~->telnet dovecot-dev 110 Trying ... Connected to dovecot-dev. Escape character is '^]'. +OK OTENET ready user kzorba1 +OK pass XXXXXXX +OK Logged in. LIST +OK 3 messages: 1 812 2 821 3 816 . dele 2 +OK Marked to be deleted. quit Connection closed by foreign host. In the server logs we get Aug 19 17:25:24 dovecot dovecot: master: Error: service(pop3): child 3489 killed with signal 11 (core dumped) With the backtrace: #0 0x00002b9ca3e93dce in istream_raw_mbox_get_start_offset (stream=0x0) at istream-raw-mbox.c:498 #1 0x00002b9ca3e97956 in mbox_mail_get_special (_mail=0x101cf7d0, field=MAIL_FETCH_GUID, value_r=0x7fff1fd69798) at mbox-mail.c:198 #2 0x00002b9ca3e47729 in mail_get_special (mail=0x101cf7d0, field=MAIL_FETCH_GUID, value_r=0x7fff1fd69798) at mail.c:188 #3 0x00002b9ca3e6d133 in index_mail_expunge (mail=0x101cf7d0) at index-mail.c:1503 #4 0x00002b9ca3e4784d in mail_expunge (mail=0x101cf7d0) at mail.c:233 #5 0x0000000000406272 in client_update_mails (client=0x101baa00) at pop3-commands.c:255 #6 0x000000000040635a in cmd_quit (client=0x101baa00, args=0x407f62 "") at pop3-commands.c:274 #7 0x000000000040774a in client_command_execute (client=0x101baa00, name=0x101960c0 "QUIT", args=0x407f62 "") at pop3-commands.c:773 #8 0x000000000040567c in client_handle_input (client=0x101baa00) at pop3-client.c:628 #9 0x0000000000405870 in client_input (client=0x101baa00) at pop3-client.c:681 #10 0x00002b9ca418af83 in io_loop_call_io (io=0x101b61d0) at ioloop.c:384 #11 0x00002b9ca418c685 in io_loop_handler_run (ioloop=0x1019e610) at ioloop-epoll.c:213 #12 0x00002b9ca418b024 in io_loop_run (ioloop=0x1019e610) at ioloop.c:405 #13 0x00002b9ca4171ca2 in master_service_run (service=0x1019e4e0, callback=0x403bab ) at master-service.c:478 #14 0x0000000000403e14 in main (argc=1, argv=0x1019e370) at main.c:252 I guess something is wrong in the indexing code because if I disable the index creation using an appropriate value for mbox_min_index_size everything works as expected and mails are deleted. In our case, all clients that leave messages on server cannot actually delete messages from their inboxes. Clients with Thunderbird, keep getting the mails after they delete them, customers with Outlook don't see them again, but the deleted messages remain in the server. Needless to say that I will try to provide a patch but it will take me far more time than any developer familiar with the code already. Regards, Kostas -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: kzorba1.problem.mbox URL: From fbscarel at gmail.com Fri Aug 19 19:14:35 2011 From: fbscarel at gmail.com (Felipe Scarel) Date: Fri, 19 Aug 2011 13:14:35 -0300 Subject: [Dovecot] Sharing all mailboxes and userdb LDAP attrs Message-ID: Hello all, I'm setting up a Dovecot environment here, version 1.2.15 on Debian 6.0.2 "squeeze". This is actually a complete revamp of the previous setup we have in-place here, built from the ground up with updated versions of all involved software. The operators have told me that they use some scripts hacked up by a previous sysadmin to give a single "admin" account full access to all user mail. That is, if any user runs into problems, they: 1. Call in; 2. The operator logs in as the admin user; 3. Operator performs maintenance duties on user email. I've been researching the possibility of using Dovecot shared namespaces to perform that very same task in a better fashion in this new server. So far, I've been able to globally share users' INBOXes and view them from a single admin account (through user= entries on global acl's). My ultimate goal, however, is to have access to all user mailboxes with any user that's a member of a particular group, adding all operators to that group as needed. - - - - - First question, then, is this one: how can I give global access to all user mailboxes? I've read that it's possible to give access to all subfolders of a particular folder throught the use of a .DEFAUL acl. That didn't seem to work with the uppermost directory, however. Here's what I tried: root at mail:/etc/dovecot# dovecot -a | grep acl: acl: vfile:/etc/dovecot/acl:cache_secs=300 root at mail:/etc/dovecot# cat acl/.DEFAULT owner lrwstipekxa user=admin lrwstipekxa Renaming .DEFAULT to INBOX does achieve the intended goal, but only for the INBOX folder evidently. - - - - - Second question is somewhat simpler. So far I've been using a single admin user, but I'd like to switch to using an admin group in the future. I've read that the best way to do that would be to use the user_attrs entry in my dovecot-ldap.conf file, while using a userdb ldap. The groups should be strings separated by commas in the appropriate attribute, from what I understand. Is there any readily-available or recommended schema I can use to fill up that attribute? I'm using the default ones (plus samba.schema) but I've seen mostly space to fit GID's, not group names. Thanks in advance, fbscarel PS: Here's my dovecot -a output, should it be needed. - - - - - root at mailaluno:~# dovecot -a # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 base_dir: /var/run/dovecot log_path: /var/log/dovecot/error.log info_log_path: /var/log/dovecot/info.log log_timestamp: %Y-%m-%d %H:%M:%S syslog_facility: mail protocols: imap pop3 pop3s managesieve listen(default): * listen(imap): * listen(pop3): * listen(managesieve): localhost:2000 ssl_listen: 127.0.0.1 ssl: yes ssl_ca_file: ssl_cert_file: /etc/ssl/certs/dovecot.pem ssl_key_file: /etc/ssl/private/dovecot.pem ssl_key_password: ssl_parameters_regenerate: 168 ssl_cipher_list: ssl_cert_username_field: commonName ssl_verify_client_cert: no disable_plaintext_auth: no verbose_ssl: yes shutdown_clients: yes nfs_check: yes version_ignore: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login login_user: dovecot login_greeting: Server ready. login_log_format_elements: user=<%u> method=%m rip=%r lip=%l %c login_log_format: %$: %s login_process_per_connection: no login_chroot: yes login_trusted_networks: login_process_size: 64 login_processes_count: 5 login_max_processes_count: 128 login_max_connections: 256 valid_chroot_dirs: mail_chroot: max_mail_processes: 512 mail_max_userip_connections: 10 verbose_proctitle: no first_valid_uid: 108 last_valid_uid: 0 first_valid_gid: 112 last_valid_gid: 0 mail_access_groups: mail_privileged_group: mail mail_uid: mail_gid: mail_location: mail_cache_fields: mail_never_cache_fields: imap.envelope mail_cache_min_mail_count: 0 mailbox_idle_check_interval: 30 mail_debug: yes mail_full_filesystem_access: no mail_max_keyword_length: 50 mail_save_crlf: no mmap_disable: no dotlock_use_excl: yes fsync_disable: no mail_nfs_storage: no mail_nfs_index: no mailbox_list_index_disable: yes lock_method: fcntl maildir_stat_dirs: no maildir_copy_with_hardlinks: yes maildir_copy_preserve_filename: no maildir_very_dirty_syncs: no mbox_read_locks: fcntl mbox_write_locks: fcntl dotlock mbox_lock_timeout: 300 mbox_dotlock_change_timeout: 120 mbox_min_index_size: 0 mbox_dirty_syncs: yes mbox_very_dirty_syncs: no mbox_lazy_writes: yes dbox_rotate_size: 2048 dbox_rotate_min_size: 16 dbox_rotate_days: 1 mail_drop_priv_before_exec: no mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_process_size: 256 mail_plugins(default): quota imap_quota trash mail_log acl imap_acl mail_plugins(imap): quota imap_quota trash mail_log acl imap_acl mail_plugins(pop3): quota mail_log mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve mail_log_prefix: %Us(%u): mail_log_max_lines_per_sec: 0 imap_max_line_length: 65536 imap_capability: imap_client_workarounds: imap_logout_format: bytes=%i/%o imap_id_send: imap_id_log: imap_idle_notify_interval: 120 pop3_no_flag_updates: no pop3_enable_last: no pop3_reuse_xuidl: no pop3_save_uidl: no pop3_lock_session: no pop3_uidl_format: %08Xu%08Xv pop3_client_workarounds: pop3_logout_format: top=%t/%p, retr=%r/%b, del=%d/%m, size=%s dict_db_config: dict_process_count: 1 managesieve_max_line_length: 65536 managesieve_logout_format: bytes=%i/%o managesieve_implementation_string: dovecot namespace: type: private separator: / prefix: location: maildir:/vmail/%Ln/Maildir alias_for: inbox: yes hidden: no list: yes subscriptions: yes namespace: type: shared separator: / prefix: shared/%%n/ location: maildir:/vmail/%%n/Maildir:INDEX=/vmail/%n/Maildir/shared/%%n alias_for: inbox: no hidden: no list: yes subscriptions: no lda: postmaster_address: xxx at xxx mail_plugins: quota sieve trash acl auth default: mechanisms: plain login realms: default_realm: cache_size: 0 cache_ttl: 3600 cache_negative_ttl: 3600 executable: /usr/lib/dovecot/dovecot-auth user: vmail chroot: username_chars: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ username_translation: username_format: %Lu master_user_separator: * anonymous_username: anonymous krb5_keytab: gssapi_hostname: winbind_helper_path: /usr/bin/ntlm_auth failure_delay: 2 verbose: no debug: no debug_passwords: no ssl_require_client_cert: no ssl_username_from_cert: no use_winbind: no count: 1 worker_max_count: 30 process_size: 256 passdb: driver: passwd-file args: /etc/dovecot/passwd.masterusers deny: no pass: no master: yes passdb: driver: shadow args: deny: no pass: no master: no passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf deny: no pass: no master: no userdb: driver: passwd args: userdb: driver: static args: uid=vmail gid=vmail home=/vmail/%Ln allow_all_users=yes socket: type: listen master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail plugin: quota: maildir:User quota quota_rule: *:storage=1G quota_rule2: Trash:storage=100M acl: vfile:/etc/dovecot/acl:cache_secs=300 acl_shared_dict: file:/vmail/shared_mboxes trash: /etc/dovecot/dovecot-trash.conf mail_log_events: delete mailbox_delete mail_log_fields: uid box msgid size sieve: ~/.dovecot.sieve sieve_dir: ~/sieve sieve_before: /vmail/default.sieve From wgillespie+dovecot at es2eng.com Fri Aug 19 19:39:31 2011 From: wgillespie+dovecot at es2eng.com (Willie Gillespie) Date: Fri, 19 Aug 2011 10:39:31 -0600 Subject: [Dovecot] ot: iPhone crashed, re-downloading all messages In-Reply-To: <1d823fe9127254a3b79cfc6002db816f.squirrel@sbt.net.au> References: <1d823fe9127254a3b79cfc6002db816f.squirrel@sbt.net.au> Message-ID: <4E4E91C3.8010106@es2eng.com> On 8/19/2011 4:11 AM, voytek at sbt.net.au wrote: > I have a 'problem', after iPhone lockup/reset, iPhone now wanting to > re-download hundreds of messages of Dovecot 1.x server, is there any fix > to reset iPhone counter or ?? I thought the iPhone only grabbed the last 25-200 messages (depending on which setting you chose) and would only get more if you scroll to the bottom and tap "Load More Messages..." Willie (sorry for the double post when the moderated one makes it through) From CMarcus at Media-Brokers.com Fri Aug 19 19:44:30 2011 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 19 Aug 2011 12:44:30 -0400 Subject: [Dovecot] Sharing all mailboxes and userdb LDAP attrs In-Reply-To: References: Message-ID: <4E4E92EE.4090604@Media-Brokers.com> On 2011-08-19 12:14 PM, Felipe Scarel wrote: > I'm setting up a Dovecot environment here, version 1.2.15 on Debian 6.0.2 > "squeeze". This is actually a complete revamp of the previous setup we have > in-place here, built from the ground up with updated versions of all > involved software. > > The operators have told me that they use some scripts hacked up by a > previous sysadmin to give a single "admin" account full access to all user > mail. That is, if any user runs into problems, they: 1. Call in; 2. The > operator logs in as the admin user; 3. Operator performs maintenance duties > on user email. Isn't this what master users are for? http://wiki2.dovecot.org/Authentication/MasterUsers -- Best regards, Charles From sethm at rollernet.us Fri Aug 19 20:49:01 2011 From: sethm at rollernet.us (Seth Mattinen) Date: Fri, 19 Aug 2011 10:49:01 -0700 Subject: [Dovecot] mail spool filesystem In-Reply-To: <20110817164207.2e9c1d49@echelon.ethz.ch> References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> Message-ID: <4E4EA20D.6090404@rollernet.us> On 8/17/11 7:42 AM, Adrian Ulrich wrote: >> I read that XFS is a good choice, but is not >> too reliable... > > Are you using Maildir or MBOX? > > In any case: XFS would be my last choice: > > XFS is nice if you are working with large files (> 2GB), but > for E-Mail i'd stick with ext3 (or maybe even reiser3) > as it works very well with small files. > I'd have to disagree. This is completely anecdotal, but I originally deployed ext3 on all of my mail servers (Dovecot maildir) and spools (Postfix) until they started exhibiting loading issues when busy. Reformatting into XFS resolved the problem with no other changes. I didn't have time to do any comparisons or gather statistics since it was an emergency situation and this was before ext4, but XFS has performed flawlessly for me. ~Seth From fbscarel at gmail.com Fri Aug 19 21:40:45 2011 From: fbscarel at gmail.com (Felipe Scarel) Date: Fri, 19 Aug 2011 15:40:45 -0300 Subject: [Dovecot] Sharing all mailboxes and userdb LDAP attrs In-Reply-To: <4E4E92EE.4090604@Media-Brokers.com> References: <4E4E92EE.4090604@Media-Brokers.com> Message-ID: You know when you ask that stupid question and then realize you had it all along? Duh... And to top it off, I HAVE configured a master user on my Dovecot install and wasn't using it... man, do I feel stupid now! :) Thanks a bunch Charles! On Fri, Aug 19, 2011 at 13:44, Charles Marcus wrote: > On 2011-08-19 12:14 PM, Felipe Scarel wrote: > > I'm setting up a Dovecot environment here, version 1.2.15 on Debian 6.0.2 > > "squeeze". This is actually a complete revamp of the previous setup we > have > > in-place here, built from the ground up with updated versions of all > > involved software. > > > > The operators have told me that they use some scripts hacked up by a > > previous sysadmin to give a single "admin" account full access to all > user > > mail. That is, if any user runs into problems, they: 1. Call in; 2. The > > operator logs in as the admin user; 3. Operator performs maintenance > duties > > on user email. > > Isn't this what master users are for? > > http://wiki2.dovecot.org/Authentication/MasterUsers > > -- > > Best regards, > > Charles > From fbscarel at gmail.com Fri Aug 19 21:45:33 2011 From: fbscarel at gmail.com (Felipe Scarel) Date: Fri, 19 Aug 2011 15:45:33 -0300 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4EA20D.6090404@rollernet.us> References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4EA20D.6090404@rollernet.us> Message-ID: I'm testing out ZFS-fuse on my new install (talked about it on the other thread), no issues so far. The builtin deduplication and compression sure do help a lot, roughly 30% less storage space required so far. They don't advertise it as exactly "production" quality, but I'm willing to try it out, we're doing regular backups. The mail system hasn't gone live yet though, so I'm a bit uneasy on the performance side of things under heavy load. On Fri, Aug 19, 2011 at 14:49, Seth Mattinen wrote: > On 8/17/11 7:42 AM, Adrian Ulrich wrote: > >> I read that XFS is a good choice, but is not > >> too reliable... > > > > Are you using Maildir or MBOX? > > > > In any case: XFS would be my last choice: > > > > XFS is nice if you are working with large files (> 2GB), but > > for E-Mail i'd stick with ext3 (or maybe even reiser3) > > as it works very well with small files. > > > > I'd have to disagree. This is completely anecdotal, but I originally > deployed ext3 on all of my mail servers (Dovecot maildir) and spools > (Postfix) until they started exhibiting loading issues when busy. > Reformatting into XFS resolved the problem with no other changes. I > didn't have time to do any comparisons or gather statistics since it was > an emergency situation and this was before ext4, but XFS has performed > flawlessly for me. > > ~Seth > > From mcguire at neurotica.com Fri Aug 19 21:48:54 2011 From: mcguire at neurotica.com (Dave McGuire) Date: Fri, 19 Aug 2011 14:48:54 -0400 Subject: [Dovecot] mail spool filesystem In-Reply-To: References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4EA20D.6090404@rollernet.us> Message-ID: <4E4EB016.6020509@neurotica.com> On 08/19/2011 02:45 PM, Felipe Scarel wrote: > I'm testing out ZFS-fuse on my new install (talked about it on the other > thread), no issues so far. The builtin deduplication and compression sure do > help a lot, roughly 30% less storage space required so far. > > They don't advertise it as exactly "production" quality, but I'm willing to > try it out, we're doing regular backups. The mail system hasn't gone live > yet though, so I'm a bit uneasy on the performance side of things under > heavy load. You are aware that there's a real in-kernel ZFS implementation under Linux now, right? See http://zfsonlinux.org/. I've done some very basic testing with it, and so far, it works. Going through FUSE is slower than pissing tar; this implementation won't have that problem. FUSE is useful for many things. Performance-sensitive filesystems on production servers is oh-so-NOT one of them. ;) -Dave -- Dave McGuire Port Charlotte, FL From fbscarel at gmail.com Fri Aug 19 21:57:52 2011 From: fbscarel at gmail.com (Felipe Scarel) Date: Fri, 19 Aug 2011 15:57:52 -0300 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4EB016.6020509@neurotica.com> References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4EA20D.6090404@rollernet.us> <4E4EB016.6020509@neurotica.com> Message-ID: I was not aware of that... I went with FUSE to test the deduplication feature of ZFS. I'll check out this link you've provided, many thanks Dave. :) On Fri, Aug 19, 2011 at 15:48, Dave McGuire wrote: > On 08/19/2011 02:45 PM, Felipe Scarel wrote: > >> I'm testing out ZFS-fuse on my new install (talked about it on the other >> thread), no issues so far. The builtin deduplication and compression sure >> do >> help a lot, roughly 30% less storage space required so far. >> >> They don't advertise it as exactly "production" quality, but I'm willing >> to >> try it out, we're doing regular backups. The mail system hasn't gone live >> yet though, so I'm a bit uneasy on the performance side of things under >> heavy load. >> > > You are aware that there's a real in-kernel ZFS implementation under Linux > now, right? See http://zfsonlinux.org/. I've done some very basic > testing with it, and so far, it works. Going through FUSE is slower than > pissing tar; this implementation won't have that problem. > > FUSE is useful for many things. Performance-sensitive filesystems on > production servers is oh-so-NOT one of them. ;) > > -Dave > > -- > Dave McGuire > Port Charlotte, FL > From mcguire at neurotica.com Fri Aug 19 22:01:09 2011 From: mcguire at neurotica.com (Dave McGuire) Date: Fri, 19 Aug 2011 15:01:09 -0400 Subject: [Dovecot] mail spool filesystem In-Reply-To: References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4EA20D.6090404@rollernet.us> <4E4EB016.6020509@neurotica.com> Message-ID: <4E4EB2F5.5030405@neurotica.com> Good luck! FYI, my mail spools are on ZFS filesystems under Solaris on UltraSPARC. It is lightning fast with 100+ dovecot imap processes pounding away. I've not yet enabled compression and done the copy/recopy dance, though. -Dave On 08/19/2011 02:57 PM, Felipe Scarel wrote: > I was not aware of that... I went with FUSE to test the deduplication > feature of ZFS. I'll check out this link you've provided, many thanks Dave. > :) > > On Fri, Aug 19, 2011 at 15:48, Dave McGuire wrote: > >> On 08/19/2011 02:45 PM, Felipe Scarel wrote: >> >>> I'm testing out ZFS-fuse on my new install (talked about it on the other >>> thread), no issues so far. The builtin deduplication and compression sure >>> do >>> help a lot, roughly 30% less storage space required so far. >>> >>> They don't advertise it as exactly "production" quality, but I'm willing >>> to >>> try it out, we're doing regular backups. The mail system hasn't gone live >>> yet though, so I'm a bit uneasy on the performance side of things under >>> heavy load. >>> >> >> You are aware that there's a real in-kernel ZFS implementation under Linux >> now, right? See http://zfsonlinux.org/. I've done some very basic >> testing with it, and so far, it works. Going through FUSE is slower than >> pissing tar; this implementation won't have that problem. >> >> FUSE is useful for many things. Performance-sensitive filesystems on >> production servers is oh-so-NOT one of them. ;) >> >> -Dave >> >> -- >> Dave McGuire >> Port Charlotte, FL >> > -- Dave McGuire Port Charlotte, FL From fbscarel at gmail.com Fri Aug 19 22:07:56 2011 From: fbscarel at gmail.com (Felipe Scarel) Date: Fri, 19 Aug 2011 16:07:56 -0300 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4EB2F5.5030405@neurotica.com> References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4EA20D.6090404@rollernet.us> <4E4EB016.6020509@neurotica.com> <4E4EB2F5.5030405@neurotica.com> Message-ID: Thanks, I've read some of the FAQ and install instructions and it seems pretty straightforward... I wish I could use Solaris but we're virtualizing everything on our Dell blade through VMWare ESXi and it's somewhat of a "company policy" to use the template Debian that's maintained by the senior sysadmin. About the compression, I've read some benchmarks/tests and the default lzjb algorithm seems to be a good cost/benefit for the usual applications. Without many reads to the filesystem, gzip compresses a whole lot better tho. On Fri, Aug 19, 2011 at 16:01, Dave McGuire wrote: > > Good luck! > > FYI, my mail spools are on ZFS filesystems under Solaris on UltraSPARC. > It is lightning fast with 100+ dovecot imap processes pounding away. I've > not yet enabled compression and done the copy/recopy dance, though. > > -Dave > > > On 08/19/2011 02:57 PM, Felipe Scarel wrote: > >> I was not aware of that... I went with FUSE to test the deduplication >> feature of ZFS. I'll check out this link you've provided, many thanks >> Dave. >> :) >> >> On Fri, Aug 19, 2011 at 15:48, Dave McGuire >> wrote: >> >> On 08/19/2011 02:45 PM, Felipe Scarel wrote: >>> >>> I'm testing out ZFS-fuse on my new install (talked about it on the other >>>> thread), no issues so far. The builtin deduplication and compression >>>> sure >>>> do >>>> help a lot, roughly 30% less storage space required so far. >>>> >>>> They don't advertise it as exactly "production" quality, but I'm willing >>>> to >>>> try it out, we're doing regular backups. The mail system hasn't gone >>>> live >>>> yet though, so I'm a bit uneasy on the performance side of things under >>>> heavy load. >>>> >>>> >>> You are aware that there's a real in-kernel ZFS implementation under >>> Linux >>> now, right? See http://zfsonlinux.org/. I've done some very basic >>> testing with it, and so far, it works. Going through FUSE is slower than >>> pissing tar; this implementation won't have that problem. >>> >>> FUSE is useful for many things. Performance-sensitive filesystems on >>> production servers is oh-so-NOT one of them. ;) >>> >>> -Dave >>> >>> -- >>> Dave McGuire >>> Port Charlotte, FL >>> >>> >> > > -- > Dave McGuire > Port Charlotte, FL > From mcguire at neurotica.com Fri Aug 19 22:15:18 2011 From: mcguire at neurotica.com (Dave McGuire) Date: Fri, 19 Aug 2011 15:15:18 -0400 Subject: [Dovecot] mail spool filesystem In-Reply-To: References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4EA20D.6090404@rollernet.us> <4E4EB016.6020509@neurotica.com> <4E4EB2F5.5030405@neurotica.com> Message-ID: <4E4EB646.6030701@neurotica.com> On 08/19/2011 03:07 PM, Felipe Scarel wrote: > Thanks, I've read some of the FAQ and install instructions and it seems > pretty straightforward... I wish I could use Solaris but we're virtualizing > everything on our Dell blade through VMWare ESXi and it's somewhat of a > "company policy" to use the template Debian that's maintained by the senior > sysadmin. Ahh, "company policies"...restricting innovation and hampering productivity and efficiencty for decades! > About the compression, I've read some benchmarks/tests and the default lzjb > algorithm seems to be a good cost/benefit for the usual applications. > Without many reads to the filesystem, gzip compresses a whole lot better > tho. I agree. I'm running a biggish Usenet news server in a similar configuration, but with compression enabled. I'm getting compression ratios of 1.26x with a ~12GB news spool, using gzip compression. I was expecting a bit more compression, but I'm certainly not complaining. -Dave -- Dave McGuire Port Charlotte, FL From thomas-lists at nybeta.com Fri Aug 19 22:40:28 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Fri, 19 Aug 2011 15:40:28 -0400 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4BC0CC.5010908@psi.com.br> References: <4E4BC0CC.5010908@psi.com.br> Message-ID: <4E4EBC2C.6040300@nybeta.com> On 8/17/2011 9:23 AM, Julio Cesar Covolato wrote: > Hi! > > I?m about to migrate a system whith 5000 accounts whith (~ 500GB) from > "postfix/courier-imap/maildrop/mysql" to a new hardware whith > "postfix/dovecot/dovecot/mysql". > > I?ll make a separate partition (raid 1) for the mail spool > (/var/spool/vmail) and want to now what type of filesystem to use on it > to increase performance. I read that XFS is a good choice, but is not > too reliable... We run ext3 and ext4. Individual mailboxes with a few hundred thousand messages in Maildir on top of ext3 ran fine (800k messages, 4GB mailbox was not unusual). Slowly migrating file systems over to ext4 as we have time (or rollout new hardware). Frankly, for that big of a mail store, I'd go with RAID 1+0 over a minimum of 4 spindles for the storage of the mbox / Maildir files. If you have heavy usage, seek time might be your biggest enemy. Keeping the postfix spools (/var/spool/postfix) on a separate set of disks (like the RAID 1 array that you use to run the operating system off of) helps. From jtam.home at gmail.com Fri Aug 19 23:41:48 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Fri, 19 Aug 2011 13:41:48 -0700 (PDT) Subject: [Dovecot] Update indexes with dovecot 1.1 In-Reply-To: References: Message-ID: Angel L. Mateo writes: > I have a farm of dovecot 1.1 servers (debian lenny). Mailboxes are in > Maildir format. > > Is there any way to manually update indexes? > > Does it worth? I mean... Our problem is that mail is delivered via > dovecot lda, but, because we have a farm of servers, we don't guarantee > that mail is delivered through the same server that the user is using > for his imap connection, so the imap server could have this index > unupdated. So I want to force an update (or at least nearly updated) > in order to have the index updated in all servers at the time the user > get to work. Upgrading to Dovecot2 would allow you to solve this in various ways: - use "doveadm force-resync" - user director to bind to a particular server You could put the indices on a shared filesystem. If neither an update nor shared indices are feasible, maybe you can enable the master user feature, and run a script that logs in as each user and do an IMAP operation that will force a resync of the INBOX indices. For example, # On IMAP server with a localhost interface for u in $users; do echo "1 login $u*master masterpw\n2 SELECT INBOX\n3 logout" | \ nc 127.0.0.1 143 done Joseph Tam From compconsultant at yahoo.com Sun Aug 21 00:38:25 2011 From: compconsultant at yahoo.com (Steve Fatula) Date: Sat, 20 Aug 2011 14:38:25 -0700 (PDT) Subject: [Dovecot] Disconnected: Too many invalid IMAP commands Message-ID: <1313876305.95659.YahooMailNeo@web39405.mail.mud.yahoo.com> Using current Apple mail 4.5 as client to Dovecot 2.0.13 I see lots of these messages in the log file for one machine and account. Near as I can tell, the client still works (it's mine), but, the messages concern me. Is there some known issue with Apple mail, or, if not, how to capture the information needed to debug? Sample log entires for my user matching on the message: Aug 20 16:28:36 host2 dovecot: imap(soho.steve): Disconnected: Too many invalid IMAP commands. bytes=3242/14672 Aug 20 16:28:43 host2 dovecot: imap(soho.steve): Disconnected: Too many invalid IMAP commands. bytes=14219/231327 Aug 20 16:29:50 host2 dovecot: imap(soho.steve): Disconnected: Too many invalid IMAP commands. bytes=640/1968 Aug 20 16:29:57 host2 dovecot: imap(soho.steve): Disconnected: Too many invalid IMAP commands. bytes=3521/2024 Aug 20 16:30:04 host2 dovecot: imap(soho.steve): Disconnected: Too many invalid IMAP commands. bytes=6690/3415 Aug 20 16:30:05 host2 dovecot: imap(soho.steve): Disconnected: Too many invalid IMAP commands. bytes=5098/15294 Aug 20 16:30:06 host2 dovecot: imap(soho.steve): Disconnected: Too many invalid IMAP commands. bytes=706/15684 ? Steve From sahil at FreeBSD.org Sun Aug 21 02:25:21 2011 From: sahil at FreeBSD.org (Sahil Tandon) Date: Sat, 20 Aug 2011 19:25:21 -0400 Subject: [Dovecot] Disconnected: Too many invalid IMAP commands In-Reply-To: <1313876305.95659.YahooMailNeo@web39405.mail.mud.yahoo.com> References: <1313876305.95659.YahooMailNeo@web39405.mail.mud.yahoo.com> Message-ID: <20110820232521.GB1896@magic.hamla.org> On Sat, 2011-08-20 at 14:38:25 -0700, Steve Fatula wrote: > I see lots of these messages in the log file for one machine and > account. Near as I can tell, the client still works (it's mine), but, > the messages concern me. > > Is there some known issue with Apple mail, or, if not, how to capture > the information needed to debug? Use tcpdump to packet capture the problematic session. -- Sahil Tandon From research at the10thfloor.com Sun Aug 21 23:24:04 2011 From: research at the10thfloor.com (research at the10thfloor.com) Date: Sun, 21 Aug 2011 20:24:04 -0000 (UTC) Subject: [Dovecot] Help With 'No SASL Authentication Mechanisms' Error Message-ID: <36124.99.249.115.73.1313958244.squirrel@www.the10thfloor.com> Hi, I'm trying to configure a new server with dovecot 2.0 and postfix 2.6.6. My previous servers have all been dovecot 1.x. Trying to port over my previous configurations has been a real headache. Currently, I'm getting the following errors when trying to connect with: openssl s_client -starttls smtp -connect localhost:25 Aug 21 19:08:46 localhost postfix/smtpd[26252]: connect from localhost[::1] Aug 21 19:08:46 localhost postfix/smtpd[26252]: warning: SASL: Connect to private/auth failed: Permission denied Aug 21 19:08:46 localhost postfix/smtpd[26252]: fatal: no SASL authentication mechanisms Aug 21 19:08:47 localhost postfix/master[26226]: warning: process /usr/libexec/postfix/smtpd pid 26252 exit status 1 Aug 21 19:08:47 localhost postfix/master[26226]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling If someone could help me out I'd really appreciate it. My Dovecot and Postfix configuration changes are below... Thanks, slevytam --------------------------------------------------------------------------- DOVECOT: # 2.0.beta6 (3156315704ef): /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-71.29.1.el6.x86_64 x86_64 CentOS Linux release 6.0 (Final) auth_debug = yes auth_verbose = yes mail_location = maildir:~/Maildir mbox_write_locks = fcntl passdb { args = username_format=%u /etc/dovecot/passwd driver = passwd-file } protocols = imap lmtp service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0600 user = postfix } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } ssl_cert = References: <36124.99.249.115.73.1313958244.squirrel@www.the10thfloor.com> Message-ID: <1313961469.11702.2.camel@coldwell> I believe you need permission 660 on private/auth. On Sun, 2011-08-21 at 20:24 +0000, research at the10thfloor.com wrote: > Hi, > > I'm trying to configure a new server with dovecot 2.0 and postfix 2.6.6. > My previous servers have all been dovecot 1.x. Trying to port over my > previous configurations has been a real headache. > > Currently, I'm getting the following errors when trying to connect with: > openssl s_client -starttls smtp -connect localhost:25 > > Aug 21 19:08:46 localhost postfix/smtpd[26252]: connect from localhost[::1] > Aug 21 19:08:46 localhost postfix/smtpd[26252]: warning: SASL: Connect to > private/auth failed: Permission denied > Aug 21 19:08:46 localhost postfix/smtpd[26252]: fatal: no SASL > authentication mechanisms > Aug 21 19:08:47 localhost postfix/master[26226]: warning: process > /usr/libexec/postfix/smtpd pid 26252 exit status 1 > Aug 21 19:08:47 localhost postfix/master[26226]: warning: > /usr/libexec/postfix/smtpd: bad command startup -- throttling > > If someone could help me out I'd really appreciate it. My Dovecot and > Postfix configuration changes are below... > > Thanks, > > slevytam > > --------------------------------------------------------------------------- > > DOVECOT: > # 2.0.beta6 (3156315704ef): /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-71.29.1.el6.x86_64 x86_64 CentOS Linux release 6.0 (Final) > auth_debug = yes > auth_verbose = yes > mail_location = maildir:~/Maildir > mbox_write_locks = fcntl > passdb { > args = username_format=%u /etc/dovecot/passwd > driver = passwd-file > } > protocols = imap lmtp > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0600 > user = postfix > } > } > service imap-login { > inet_listener imap { > port = 143 > } > inet_listener imaps { > port = 993 > ssl = yes > } > } > ssl_cert = ssl_cipher_list = ALL:!LOW:!SSLv2 > ssl_key = userdb { > args = username_format=%u /etc/dovecot/passwd > driver = passwd-file > } > verbose_proctitle = yes > verbose_ssl = yes > > > POSTFIX: > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases > broken_sasl_auth_clients = yes > command_directory = /usr/sbin > config_directory = /etc/postfix > daemon_directory = /usr/libexec/postfix > data_directory = /var/lib/postfix > debug_peer_level = 2 > html_directory = no > inet_interfaces = localhost > inet_protocols = all > mail_owner = postfix > mailq_path = /usr/bin/mailq.postfix > manpage_directory = /usr/share/man > mydestination = localhost > mydomain = the10thfloor.com > myhostname = mail.the10thfloor.com > myorigin = $mydomain > newaliases_path = /usr/bin/newaliases.postfix > queue_directory = /var/spool/postfix > readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES > sample_directory = /usr/share/doc/postfix-2.6.6/samples > sendmail_path = /usr/sbin/sendmail.postfix > setgid_group = postdrop > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination > smtpd_sasl_auth_enable = yes > smtpd_sasl_path = private/auth > smtpd_sasl_security_options = noanonymous > smtpd_sasl_type = dovecot > smtpd_tls_auth_only = yes > smtpd_tls_cert_file = /etc/pki/tls/certs/mail_the10thfloor_com.crt > smtpd_tls_key_file = /etc/pki/tls/private/mail_the10thfloor_com-nopass.key > smtpd_tls_security_level = may > soft_bounce = no > tls_random_source = dev:/dev/urandom > unknown_local_recipient_reject_code = 550 > virtual_gid_maps = static:502 > virtual_mailbox_base = /home/vmail/ > virtual_mailbox_domains = the10thfloor.com > virtual_mailbox_maps = hash:/etc/postfix/vmailbox > virtual_uid_maps = static:502 > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From wgillespie at es2eng.com Fri Aug 19 19:36:02 2011 From: wgillespie at es2eng.com (Willie Gillespie) Date: Fri, 19 Aug 2011 10:36:02 -0600 Subject: [Dovecot] ot: iPhone crashed, re-downloading all messages In-Reply-To: <1d823fe9127254a3b79cfc6002db816f.squirrel@sbt.net.au> References: <1d823fe9127254a3b79cfc6002db816f.squirrel@sbt.net.au> Message-ID: <4E4E90F2.7030104@es2eng.com> On 8/19/2011 4:11 AM, voytek at sbt.net.au wrote: > I have a 'problem', after iPhone lockup/reset, iPhone now wanting to > re-download hundreds of messages of Dovecot 1.x server, is there any fix > to reset iPhone counter or ?? I thought the iPhone only grabbed the last 25-200 messages (depending on which setting you chose) and would only get more if you scroll to the bottom and tap "Load More Messages..." From voytek at sbt.net.au Mon Aug 22 02:21:23 2011 From: voytek at sbt.net.au (Voytek) Date: Mon, 22 Aug 2011 10:21:23 +1100 Subject: [Dovecot] ot: iPhone crashed, re-downloading all messages In-Reply-To: <4E4E90F2.7030104@es2eng.com> References: <1d823fe9127254a3b79cfc6002db816f.squirrel@sbt.net.au> <4E4E90F2.7030104@es2eng.com> Message-ID: <968ef2e7378c66d0a5639dff52a4f407.squirrel@sbt.net.au> On Sat, August 20, 2011 3:36 am, Willie Gillespie wrote: > On 8/19/2011 4:11 AM, voytek at sbt.net.au wrote: > >> I have a 'problem', after iPhone lockup/reset, iPhone now wanting to >> re-download hundreds of messages of Dovecot 1.x server, is there any fix >> to reset iPhone counter or ?? > > I thought the iPhone only grabbed the last 25-200 messages (depending on > which setting you chose) and would only get more if you scroll to the > bottom and tap "Load More Messages..." Willie, yes, I think you're right, I think the user kept deleting and pressing 'Load' as it was, I moved all mails to a temp path and told him to call me Monday morning, (and, I need to set 'archivemail' to maintain mailboxes) From mezzo at el-berins.de Mon Aug 22 02:18:52 2011 From: mezzo at el-berins.de (mezzo) Date: Sun, 21 Aug 2011 16:18:52 -0700 (PDT) Subject: [Dovecot] Dovecot Postfix and ssl_require_client_cert Message-ID: <32307666.post@talk.nabble.com> Hi, I have a working mail system with postfix 2.7 and dovecot 1.2.15. I use secure connections for imap and smtp. When I try to use client certificate authorisation I have some problems. As soon as I enable the dovecot feature ssl_require_client_cert I have to present a valid certificate to receive or send email. Receiving emails works fine, but I can not send emails any more. The only way I could get this to work was to disable smtpd_sasl_auth_enable so postfix did not tries to get authorisation from dovecot. This way I can not have sasl authorisation for localnet and client certificate authorisation from extern. The reson seams to be that postfix does not sent the valid-client-cert along with the other parameter that are needed to satisfy the auth-process of dovecot. I found a few threads from 2008 where this problem is discussed but without a final solution. Is there a way to enable ssl_require_client_cert in dovecot and have smtpd_sasl_auth_enable=yes in postfix? Better would be a way to tell dovecot only to use ssl_require_client_cert during the imap autorisation. I did not get it to work. I miss something? Cheers mezzo -- View this message in context: http://old.nabble.com/Dovecot-Postfix-and-ssl_require_client_cert-tp32307666p32307666.html Sent from the Dovecot mailing list archive at Nabble.com. From kzorba at otenet.gr Mon Aug 22 09:10:09 2011 From: kzorba at otenet.gr (Kostas Zorbadelos) Date: Mon, 22 Aug 2011 09:10:09 +0300 Subject: [Dovecot] Dovecot 1.2.16 and Thunderbird 5 - pop3 mails not getting deleted In-Reply-To: References: Message-ID: <4E51F2C1.2080901@otenet.gr> On 08/06/2011 01:32 AM, Ian Evans wrote: > I run a Dovecot 1.2.16 pop3 server and have just started using the > Thunderbird 5 email client. > > Thunderbird is set to leave the messages on the server unless they are > over 91 days old. However, I'm not seeing it delete any of the older > messages. > > I'll run a debug run of Thunderbird when I get back home, but I'm just > wondering if there's any gotcha's I should be aware of with > Thunderbird and Dovecot in a pop3 environment. The Thunderbird folks > are wondering if it's the server not the client. > > Thanks. Perhaps this is related to this bug I posted: http://www.dovecot.org/list/dovecot/2011-August/060461.html We still have no fix or confirmation from the developers. A workaround is to disable creation of indexes. From noel.butler at ausics.net Mon Aug 22 10:01:18 2011 From: noel.butler at ausics.net (Noel Butler) Date: Mon, 22 Aug 2011 17:01:18 +1000 Subject: [Dovecot] Dovecot 1.2.16 and Thunderbird 5 - pop3 mails not getting deleted In-Reply-To: <4E51F2C1.2080901@otenet.gr> References: <4E51F2C1.2080901@otenet.gr> Message-ID: <1313996478.19974.10.camel@tardis> On Mon, 2011-08-22 at 09:10 +0300, Kostas Zorbadelos wrote: > On 08/06/2011 01:32 AM, Ian Evans wrote: > > I run a Dovecot 1.2.16 pop3 server and have just started using the > > Thunderbird 5 email client. > > > > Thunderbird is set to leave the messages on the server unless they are > > over 91 days old. However, I'm not seeing it delete any of the older > > messages. > > > > I'll run a debug run of Thunderbird when I get back home, but I'm just > > wondering if there's any gotcha's I should be aware of with > > Thunderbird and Dovecot in a pop3 environment. The Thunderbird folks > > are wondering if it's the server not the client. > > if thunderbird follows the same principles of every other pop3 client out there maybe it would delete them, pop3d only does what it is asked to do, it can not be the server if just one single other client that follows relevant RFC's works Many people have always had gripes with thunderbird not doing this or that, there's always something, tell your clients to use a compliant client, or webmail. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From a.smith at ukgrid.net Mon Aug 22 14:22:55 2011 From: a.smith at ukgrid.net (a.smith at ukgrid.net) Date: Mon, 22 Aug 2011 12:22:55 +0100 Subject: [Dovecot] LDA and auth-userdb socket permissions Message-ID: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> Hi, just wanted to check this as the wiki seems to have contradictory information. With respect to running the LDA as multiple UIDs the wiki says: [QUOTE]If you're using more than one UID for users, you're going to have problems running dovecot-lda, as most MTAs won't let you run dovecot-lda as root[/QUOTE] But in the example for the config file the text reads: [QUOTE] service auth { unix_listener auth-userdb { mode = 0600 user = vmail # User running dovecot-lda #group = vmail # Or alternatively mode 0660 + dovecot-lda user in this group } } [/QUOTE] So it says you can stick the LDA user just in the (vmail or whatever) group and that is enough. So you aren't restricted to a single UID for access anymore... I tested this and the later did not work, that is if I put my LDA user in the group for the auth-userdb socket with permissions 0660 I got an error back from dovecot saying that the owner was incorrect. So, as it stands I guess the bit about setting group should be removed from the wiki? Secondly, why doesn't this currently work? Why is the owner all important? thanks Andy. From CMarcus at Media-Brokers.com Mon Aug 22 14:32:27 2011 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 22 Aug 2011 07:32:27 -0400 Subject: [Dovecot] Help With 'No SASL Authentication Mechanisms' Error In-Reply-To: <36124.99.249.115.73.1313958244.squirrel@www.the10thfloor.com> References: <36124.99.249.115.73.1313958244.squirrel@www.the10thfloor.com> Message-ID: <4E523E4B.8010404@Media-Brokers.com> On 2011-08-21 4:24 PM, research at the10thfloor.com wrote: > DOVECOT: > # 2.0.beta6 (3156315704ef): /etc/dovecot/dovecot.conf UPGRADE. -- Best regards, Charles From holdenhao at gmail.com Mon Aug 22 18:39:30 2011 From: holdenhao at gmail.com (Holden Hao) Date: Mon, 22 Aug 2011 23:39:30 +0800 Subject: [Dovecot] Duplicate Email with Dovecot Sieve In-Reply-To: References: <4E4CC11C.5050307@rename-it.nl> Message-ID: > > General Qmail log: > > @400000004e4d1d7b2965966c info msg 1337024: bytes 2257 from < > testuser at gmail.com> qp 15984 uid 113 > @400000004e4d1d7b2965a60c starting delivery 62510: msg 1337024 to local > user at xxxxxx.org > @400000004e4d1d7b2965b5ac status: local 1/10 remote 0/100 > @400000004e4d1d7b390469a4 delivery 62510: success: did_1+0+1/ > @400000004e4d1d7b3905119c status: local 0/10 remote 0/100 > @400000004e4d1d7b39058ab4 end msg 1337024 > Upon reading up on understanding qmail logs, I found out that the did_1+0+1 in my logs means that Qmail was successful in delivering to Maildir (first 1) and also it was able to pass the email to an external program (last 1; in this case Dovecot's deliver). So I guess that is why I am getting 2 emails. However, I do not know why qmail still delivered to Maildir when it should have passed on the delivery to Dovecots deliver program. As I understand it the correct delivery should log did_0+0+1 which means that qmail handed the email to an external program successfully and did not deliver the email to Maildir itself. Is this what is to be expected? Thank you for some pointers. Holden From stephan at rename-it.nl Mon Aug 22 19:15:46 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 22 Aug 2011 09:15:46 -0700 Subject: [Dovecot] Duplicate Email with Dovecot Sieve In-Reply-To: References: <4E4CC11C.5050307@rename-it.nl> Message-ID: <4E5280B2.8040408@rename-it.nl> On 8/22/2011 8:39 AM, Holden Hao wrote: > Upon reading up on understanding qmail logs, I found out that the > did_1+0+1 in my logs means that Qmail was successful in delivering to > Maildir (first 1) and also it was able to pass the email to an > external program (last 1; in this case Dovecot's deliver). So I guess > that is why I am getting 2 emails. However, I do not know why qmail > still delivered to Maildir when it should have passed on the delivery > to Dovecots deliver program. As I understand it the correct delivery > should log did_0+0+1 which means that qmail handed the email to an > external program successfully and did not deliver the email to Maildir > itself. Is this what is to be expected? Thank you for some pointers. > Holden As I suspected, this is an MTA issue. Apparently, you have two parallel local delivery transports configured. I have no idea how this is configured in Qmail and what exactly you may have done wrong. Although other people on this list probably do have knowledge of Qmail configuration, MTA-related questions are mostly off-topic, so you may not get an answer here. I suggest you contact the guys at qmail. Regards, Stephan. From holdenhao at gmail.com Mon Aug 22 19:23:13 2011 From: holdenhao at gmail.com (Holden Hao) Date: Tue, 23 Aug 2011 00:23:13 +0800 Subject: [Dovecot] Duplicate Email with Dovecot Sieve In-Reply-To: <4E5280B2.8040408@rename-it.nl> References: <4E4CC11C.5050307@rename-it.nl> <4E5280B2.8040408@rename-it.nl> Message-ID: > > >> As I suspected, this is an MTA issue. Apparently, you have two parallel > local delivery transports configured. I have no idea how this is configured > in Qmail and what exactly you may have done wrong. > > Although other people on this list probably do have knowledge of Qmail > configuration, MTA-related questions are mostly off-topic, so you may not > get an answer here. I suggest you contact the guys at qmail. > Thank you very much for your reply. I have also sent an email to the Qmail list. I will report back if I resolve this issue. Regards, Holden From dmiller at amfes.com Mon Aug 22 21:06:48 2011 From: dmiller at amfes.com (Daniel L. Miller) Date: Mon, 22 Aug 2011 11:06:48 -0700 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4EA20D.6090404@rollernet.us> References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4EA20D.6090404@rollernet.us> Message-ID: On 8/19/2011 10:49 AM, Seth Mattinen wrote: > On 8/17/11 7:42 AM, Adrian Ulrich wrote: >>> I read that XFS is a good choice, but is not >>> too reliable... >> Are you using Maildir or MBOX? >> >> In any case: XFS would be my last choice: >> >> XFS is nice if you are working with large files (> 2GB), but >> for E-Mail i'd stick with ext3 (or maybe even reiser3) >> as it works very well with small files. >> > I'd have to disagree. This is completely anecdotal, but I originally > deployed ext3 on all of my mail servers (Dovecot maildir) and spools > (Postfix) until they started exhibiting loading issues when busy. > Reformatting into XFS resolved the problem with no other changes. I > didn't have time to do any comparisons or gather statistics since it was > an emergency situation and this was before ext4, but XFS has performed > flawlessly for me. > > ~Seth > +1. :) -- Daniel From lm7812 at gmail.com Tue Aug 23 01:42:01 2011 From: lm7812 at gmail.com (Matt) Date: Mon, 22 Aug 2011 17:42:01 -0500 Subject: [Dovecot] Large Mailbox Slow Message-ID: Doubt if there is any answer to this but will ask anyway. Have a few pop3 accounts with thousands of messages. Its slow when checking email naturally. Are there any tweaks to speed it up? I imagine there is an exchange of the message and header list which is the slow down. Too bad the list could not be compressed with gzip or something first. I think http has an option similar to that. Just asking. From pw at wk-serv.de Tue Aug 23 02:03:22 2011 From: pw at wk-serv.de (Patrick Westenberg) Date: Tue, 23 Aug 2011 01:03:22 +0200 Subject: [Dovecot] Default and per-User sieve script Message-ID: <4E52E03A.9070706@wk-serv.de> Hi guys, is there any way to configure Dovecot to process the default sieve script and, after that, a user specific script? I have a default script to sort spam into a spam folder but if a user specific script is present, the default script is ignored. sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_global_path = /usr/local/etc/dovecot/sieve/default.sieve Regards Patrick From lm7812 at gmail.com Tue Aug 23 02:10:06 2011 From: lm7812 at gmail.com (Matt) Date: Mon, 22 Aug 2011 18:10:06 -0500 Subject: [Dovecot] Large Mailbox Slow In-Reply-To: References: Message-ID: > Doubt if there is any answer to this but will ask anyway. ?Have a few > pop3 accounts with thousands of messages. ?Its slow when checking > email naturally. ?Are there any tweaks to speed it up? ?I imagine > there is an exchange of the message and header list which is the slow > down. ?Too bad the list could not be compressed with gzip or something > first. ?I think http has an option similar to that. > > Just asking. > I am running Maildir format on CentOS 5.x 64bit with Ext3 on raid1. Often wander if Ext4 would have been better. From gfinch at ldmltd.ca Tue Aug 23 02:25:26 2011 From: gfinch at ldmltd.ca (Gregory Finch) Date: Mon, 22 Aug 2011 16:25:26 -0700 Subject: [Dovecot] Default and per-User sieve script In-Reply-To: <4E52E03A.9070706@wk-serv.de> References: <4E52E03A.9070706@wk-serv.de> Message-ID: <4E52E566.3080702@ldmltd.ca> On 2011-08-22 4:03 PM, Patrick Westenberg wrote: > Hi guys, > > is there any way to configure Dovecot to process the default sieve > script and, after that, a user specific script? > > I have a default script to sort spam into a spam folder but if a > user specific script is present, the default script is ignored. > > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > sieve_global_path = /usr/local/etc/dovecot/sieve/default.sieve > > Regards > Patrick http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration see sieve_before= in the Executing Multiple Scripts Sequentially section. -Greg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 260 bytes Desc: OpenPGP digital signature URL: From wgillespie+dovecot at es2eng.com Tue Aug 23 02:29:31 2011 From: wgillespie+dovecot at es2eng.com (Willie Gillespie) Date: Mon, 22 Aug 2011 17:29:31 -0600 Subject: [Dovecot] Disconnected: Too many invalid IMAP commands In-Reply-To: <20110820232521.GB1896@magic.hamla.org> References: <1313876305.95659.YahooMailNeo@web39405.mail.mud.yahoo.com> <20110820232521.GB1896@magic.hamla.org> Message-ID: <4E52E65B.2020100@es2eng.com> On 08/20/2011 05:25 PM, Sahil Tandon wrote: > On Sat, 2011-08-20 at 14:38:25 -0700, Steve Fatula wrote: > >> I see lots of these messages in the log file for one machine and >> account. Near as I can tell, the client still works (it's mine), but, >> the messages concern me. >> >> Is there some known issue with Apple mail, or, if not, how to capture >> the information needed to debug? > > Use tcpdump to packet capture the problematic session. Or Dovecot's rawlog. From patrickdk at patrickdk.com Tue Aug 23 02:47:42 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Mon, 22 Aug 2011 19:47:42 -0400 Subject: [Dovecot] Large Mailbox Slow In-Reply-To: References: Message-ID: <20110822194742.Horde.Ghs5C5LnE6FOUuqeZvVwVNA@mail.patrickdk.com> Only thing that comes to my mind is to use shorter uidl's to id each email, not sure what method your using now. I would seriously consider just changing it to use imap instead, then you can be notified if there is a new email, instead of downloading the list each time. Quoting Matt : >> Doubt if there is any answer to this but will ask anyway. ?Have a few >> pop3 accounts with thousands of messages. ?Its slow when checking >> email naturally. ?Are there any tweaks to speed it up? ?I imagine >> there is an exchange of the message and header list which is the slow >> down. ?Too bad the list could not be compressed with gzip or something >> first. ?I think http has an option similar to that. >> >> Just asking. >> > > I am running Maildir format on CentOS 5.x 64bit with Ext3 on raid1. > Often wander if Ext4 would have been better. From tss at iki.fi Tue Aug 23 05:40:59 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 05:40:59 +0300 Subject: [Dovecot] Update indexes with dovecot 1.1 In-Reply-To: <4E4E2931.9020303@um.es> References: <4E4E2931.9020303@um.es> Message-ID: On 19.8.2011, at 12.13, Angel L. Mateo wrote: > I have a farm of dovecot 1.1 servers (debian lenny). Mailboxes are in Maildir format. > > Is there any way to manually update indexes? v2.0 has "doveadm index" command to do this. There's no other good way to do this. > Does it worth? I mean... Our problem is that mail is delivered via dovecot lda, but, because we have a farm of servers, we don't guarantee that mail is delivered through the same server that the user is using for his imap connection, so the imap server could have this index unupdated. So I want to force an update (or at least nearly updated) in order to have the index updated in all servers at the time the user get to work. Doing it via IMAP won't guarantee that everything the user's client needs is indexed/cached. Different clients need different things, Dovecot only indexes stuff that client requests. You'd have to look up from index files what the client wants indexed and then perform IMAP commands requesting those fields. Even the act of doing this may mess up caching decisions, because user may have changed client and now it's indexing unnecessary fields. (Actually now that I think of it, doveadm index has this same problem. Have to get that fixed.) With v2.0 you could if you use Dovecot proxy (or director) you can also proxy doveadm connections through it, so a "doveadm index" would always go to the correct server. http://wiki2.dovecot.org/Director at the bottom has some info how to set this up (works also with plain proxy, without director). From amateo at um.es Tue Aug 23 09:52:17 2011 From: amateo at um.es (Angel L. Mateo) Date: Tue, 23 Aug 2011 08:52:17 +0200 Subject: [Dovecot] Update indexes with dovecot 1.1 In-Reply-To: References: <4E4E2931.9020303@um.es> Message-ID: <4E534E21.20802@um.es> El 23/08/11 04:40, Timo Sirainen escribi?: > On 19.8.2011, at 12.13, Angel L. Mateo wrote: > >> I have a farm of dovecot 1.1 servers (debian lenny). Mailboxes are in Maildir format. >> >> Is there any way to manually update indexes? > > v2.0 has "doveadm index" command to do this. There's no other good way to do this. > >> Does it worth? I mean... Our problem is that mail is delivered via dovecot lda, but, because we have a farm of servers, we don't guarantee that mail is delivered through the same server that the user is using for his imap connection, so the imap server could have this index unupdated. So I want to force an update (or at least nearly updated) in order to have the index updated in all servers at the time the user get to work. > > Doing it via IMAP won't guarantee that everything the user's client needs is indexed/cached. Different clients need different things, Dovecot only indexes stuff that client requests. You'd have to look up from index files what the client wants indexed and then perform IMAP commands requesting those fields. Even the act of doing this may mess up caching decisions, because user may have changed client and now it's indexing unnecessary fields. (Actually now that I think of it, doveadm index has this same problem. Have to get that fixed.) > > With v2.0 you could if you use Dovecot proxy (or director) you can also proxy doveadm connections through it, so a "doveadm index" would always go to the correct server. http://wiki2.dovecot.org/Director at the bottom has some info how to set this up (works also with plain proxy, without director). > I'm trying this configuration in a test environment, but we are having lot of problems with director. The main problem is with director and LMTP, because it produces a lot timeout of errors (I have previouslly posted about these problems) OK. So my question is, does it worth? Our scenario is 8 POP/IMAP servers with almost 70000 users (not all of them are really active), about 8.5 TB in use, with mailboxes in Maildir format over NFS. Our main problem with this is at return of vacations periods (like the one we'll have next 9/1). Our hypothesis is that the first connection of the user is expensive, because he has a lot of unindexed messages in his mailbox. Supposing that doveadm index indexes the mailbox correctly, does it helps to solve our problem? -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From yaegashi at debian.org Tue Aug 23 10:52:15 2011 From: yaegashi at debian.org (YAEGASHI Takeshi) Date: Tue, 23 Aug 2011 16:52:15 +0900 Subject: [Dovecot] acl with hierarchy separators mismatched config Message-ID: <4E535C2F.7080605@debian.org> Hi there, I'm testing dovecot 2.0.13 on Debian squeeze (deb from http://xi.rename-it.nl/debian) with the following doveconf -n. -------- # 2.0.13 (1449a2e2c1f5): /etc/dovecot/dovecot.conf # OS: Linux 2.6.26-2-openvz-amd64 i686 Debian 6.0.2 first_valid_uid = 8 mail_debug = yes mail_location = maildir:~/Maildir mail_plugins = listescape mail_log notify acl namespace { inbox = yes location = prefix = separator = / type = private } namespace { list = children location = maildir:/var/mail/public:INDEX=~/Maildir/public prefix = Public/ separator = / subscriptions = no type = public } passdb { driver = pam } plugin { acl = vfile } protocols = " imap" ssl = no userdb { args = uid=mail gid=mail home=/var/mail/private/%u driver = static } protocol imap { mail_plugins = listescape mail_log notify acl imap_acl } -------- My primary interest is acl and listescape enabled folders in the public namespace. I've chosen "/" as the hierarchy separator to support folder names with dots ("."). /var/mail/public is a maildir with the maildir++ layout where the separator is a dot ("."). So I set up intial acls and folders as follows: -------- # mkdir /var/mail/public # echo 'anyone lra' >/var/mail/public/dovecot-acl # maildirmake.dovecot /var/mail/public/.aaa # echo 'anyone lrwstipekxa' >/var/mail/public/.aaa/dovecot-acl # chown -R mail.mail /var/mail/public -------- But my attempt to create a mailbox under Public/aaa fails with "Permission denied". -------- # imtest -a yaegashi localhost S: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. C: C01 CAPABILITY S: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN S: C01 OK Pre-login capabilities listed, post-login capabilities have more. Please enter your password: C: A01 AUTHENTICATE PLAIN ?????????????????/ S: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL RIGHTS=texk S: A01 OK Logged in Authenticated. Security strength factor: 0 . getacl Public * ACL "Public" "anyone" alr . OK Getacl completed. . getacl Public/aaa * ACL "Public/aaa" "anyone" akxeilprwtscd . OK Getacl completed. . create Public/aaa/bbb . NO [NOPERM] Permission denied -------- If the layout of /var/mail/public switched to "fs" where the separator is "/", mailbox creation succeeds as expected. -------- namespace { list = children location = maildir:/var/mail/public:INDEX=~/Maildir/public:LAYOUT=fs prefix = Public/ separator = / subscriptions = no type = public } -------- -------- # maildirmake.dovecot /var/mail/public/aaa # echo 'anyone lrwstipekxa' >/var/mail/public/aaa/dovecot-acl # chown -R mail.mail /var/mail/public # imtest -a yaegashi localhost .... . getacl Public * ACL "Public" "anyone" alr . OK Getacl completed. . getacl Public/aaa * ACL "Public/aaa" "anyone" akxeilprwtscd . OK Getacl completed. . create Public/aaa/bbb . OK Create completed. . getacl Public/aaa/bbb * ACL "Public/aaa/bbb" "anyone" akxeilprwtscd . OK Getacl completed. . create Public/aaa/1.2.3 . OK Create completed. . create Public/aaa/cur . NO Invalid mailbox name: Public/aaa/cur -------- Is this behavior expected? Misconfiguration or dovecot bug? I prefer the maildir++ layout with listescape as it's reserved-folder-name free (eg. cur new tmp). Regards, -- YAEGASHI Takeshi From tss at iki.fi Tue Aug 23 18:32:42 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 18:32:42 +0300 Subject: [Dovecot] Update indexes with dovecot 1.1 In-Reply-To: <4E534E21.20802@um.es> References: <4E4E2931.9020303@um.es> <4E534E21.20802@um.es> Message-ID: <469BC6D8-A7A3-4216-985B-A32049A6DCCD@iki.fi> On 23.8.2011, at 9.52, Angel L. Mateo wrote: >> With v2.0 you could if you use Dovecot proxy (or director) you can also proxy doveadm connections through it, so a "doveadm index" would always go to the correct server. http://wiki2.dovecot.org/Director at the bottom has some info how to set this up (works also with plain proxy, without director). > I'm trying this configuration in a test environment, but we are having lot of problems with director. The main problem is with director and LMTP, because it produces a lot timeout of errors (I have previouslly posted about these problems) Yes, I should look into the LMTP proxy problems.. Those are kind of difficult to debug though since I've never been able to reproduce them. In any case, you could initially move to v2.0 + director without LMTP (i.e. deliver to Maildir directly, then run the doveadm index). > OK. So my question is, does it worth? Our scenario is 8 POP/IMAP servers with almost 70000 users (not all of them are really active), about 8.5 TB in use, with mailboxes in Maildir format over NFS. Our main problem with this is at return of vacations periods (like the one we'll have next 9/1). Our hypothesis is that the first connection of the user is expensive, because he has a lot of unindexed messages in his mailbox. Supposing that doveadm index indexes the mailbox correctly, does it helps to solve our problem? Yes, if there's a ton of people returning at the same time it'll create a load spike. It's at least partially because mails aren't indexed, so Dovecot has to first read the message headers (and maybe bodies) to produce the initial message list, and afterwards when user actually reads/downloads the message bodies they're re-read from disk, unless the OS still has them cached. So this kind of preindexing would definitely reduce the CPU load during the spike, but I'm not entirely sure about disk load because of the OS caching (10-50% decrease?). I'd be really interested in seeing actual numbers some day. :) From tss at iki.fi Tue Aug 23 18:39:55 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 18:39:55 +0300 Subject: [Dovecot] acl with hierarchy separators mismatched config In-Reply-To: <4E535C2F.7080605@debian.org> References: <4E535C2F.7080605@debian.org> Message-ID: <0DB68F7E-4FAC-4D83-9BC5-1E991FF65B03@iki.fi> On 23.8.2011, at 10.52, YAEGASHI Takeshi wrote: > I prefer the maildir++ layout with listescape as it's reserved-folder-name free (eg. cur new tmp). I remember listescape had problems with ACLs, and that it wasn't really possible to solve those bugs without major changes. The good news though is that those major changes are done in v2.1 where it should work. Also you could make FS layout almost reserved-folder-name free by adding e.g. :DIRNAME=Mails to your mail_location. Now the only reserved name is "Mails", and you can of course use any other name that users are highly unlikely to use (and remember that folder names are case sensitive). Some day I'm hoping to add yet another option that mailbox names wouldn't be used in filenames at all, but rather their GUIDs. From tss at iki.fi Tue Aug 23 18:44:30 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 18:44:30 +0300 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> Message-ID: <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> On 22.8.2011, at 14.22, a.smith at ukgrid.net wrote: > just wanted to check this as the wiki seems to have contradictory information. With respect to running the LDA as multiple UIDs the wiki says: > > [QUOTE]If you're using more than one UID for users, you're going to have problems running dovecot-lda, as most MTAs won't let you run dovecot-lda as root[/QUOTE] Yep, that's a problem. > But in the example for the config file the text reads: > > [QUOTE] > service auth { > unix_listener auth-userdb { > mode = 0600 > user = vmail # User running dovecot-lda > #group = vmail # Or alternatively mode 0660 + dovecot-lda user in this group > } > } > [/QUOTE] Now you've gone outside the "Multiple UIDs" section in the wiki. There are the 3 different sections of how to run dovecot-lda a different way: * with a lookup * without a lookup * multiple UIDs None of their documentation is compatible with each others. From tss at iki.fi Tue Aug 23 18:46:59 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 18:46:59 +0300 Subject: [Dovecot] Dovecot Postfix and ssl_require_client_cert In-Reply-To: <32307666.post@talk.nabble.com> References: <32307666.post@talk.nabble.com> Message-ID: On 22.8.2011, at 2.18, mezzo wrote: > I have a working mail system with postfix 2.7 and dovecot 1.2.15. .. > Is there a way to enable ssl_require_client_cert in dovecot and have > smtpd_sasl_auth_enable=yes in postfix? Better would be a way to tell dovecot > only to use ssl_require_client_cert during the imap autorisation. With v1.2 you'd have to run two separate Dovecot installations with different configs. With v2.0 you should be able to do: protocol !smtp { ssl_require_client_cert = yes } From thomas-lists at nybeta.com Tue Aug 23 18:50:03 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Tue, 23 Aug 2011 11:50:03 -0400 Subject: [Dovecot] Large Mailbox Slow In-Reply-To: References: Message-ID: <4E53CC2B.5070503@nybeta.com> On 8/22/2011 6:42 PM, Matt wrote: > Doubt if there is any answer to this but will ask anyway. Have a few > pop3 accounts with thousands of messages. Its slow when checking > email naturally. Are there any tweaks to speed it up? I imagine > there is an exchange of the message and header list which is the slow > down. Too bad the list could not be compressed with gzip or something > first. I think http has an option similar to that. > > Just asking. IMAP is a far better choice if you want to leave messages up on the server. (XFS or ext4 plus using Maildir storage format on the server can also be a big help. But unless you have evidence that the disks are buried or the server's CPU is busy, those changes may not help at all. A good and quick tool on Linux servers to monitor that is "atop".) From tss at iki.fi Tue Aug 23 18:51:42 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 18:51:42 +0300 Subject: [Dovecot] dovecot deadlock with procmail In-Reply-To: References: Message-ID: <24B1841D-393F-4B2F-9F15-7BF177C47268@iki.fi> On 19.8.2011, at 13.37, kunal verma wrote: > I m using dovecot 1.0.7. I m having problems in mail delivery to my mail > server locally. > When a user sends a mail few mails are in mail Q for longer period of time. > The local delivery agent(*procmail*) is trying to deliver the mail at > regular interval but it is unable to deliver. > But as soon as I *restart* *dovecot* the mails in the Q are delivered > immediately. > I suspect it is because of locking of *mbox* file of users by dovecot. Dovecot locks the mbox files only as long as it needs to. For IMAP commands it's locked only during those IMAP commands. For POP3 it's locked when the first message is read and kept until POP3 client disconnects (this is what POP3 clients are supposed to do). With v1.2 POP3 sessions also unlock the mbox after idling for 10 seconds. There might have also been some bugs related to this.. You could try if upgrading Dovecot to v1.2 or newer helps. > How to overcome this problem as mails are some mails are taking hours to be > delivered?? > please let me know the solution. The only guaranteed solution would be to not use mbox. From thomas-lists at nybeta.com Tue Aug 23 18:57:36 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Tue, 23 Aug 2011 11:57:36 -0400 Subject: [Dovecot] Default and per-User sieve script In-Reply-To: <4E52E03A.9070706@wk-serv.de> References: <4E52E03A.9070706@wk-serv.de> Message-ID: <4E53CDF0.9050808@nybeta.com> On 8/22/2011 7:03 PM, Patrick Westenberg wrote: > Hi guys, > > is there any way to configure Dovecot to process the default sieve > script and, after that, a user specific script? > > I have a default script to sort spam into a spam folder but if a > user specific script is present, the default script is ignored. > > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > sieve_global_path = /usr/local/etc/dovecot/sieve/default.sieve > sieve_before and sieve_after I keep our global default script in /etc/dovecot/sieve/global, any scripts that run first go in /etc/dovecot/sieve/before and the post-user scripts go in /etc/dovecot/sieve/after. I tend to put most scripts in the "after" folder with only a tiny handful of ultra-specific scripts that must run for every user in the "before" folder. Scripts in the "after" folder can then be easily overridden by the user in their per-user scripts if they don't like how things are working. From a.smith at ukgrid.net Tue Aug 23 19:10:43 2011 From: a.smith at ukgrid.net (a.smith at ukgrid.net) Date: Tue, 23 Aug 2011 17:10:43 +0100 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> Message-ID: <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> Quoting Timo Sirainen : >> But in the example for the config file the text reads: >> >> [QUOTE] >> service auth { >> unix_listener auth-userdb { >> mode = 0600 >> user = vmail # User running dovecot-lda >> #group = vmail # Or alternatively mode 0660 + dovecot-lda user >> in this group >> } >> } >> [/QUOTE] > > Now you've gone outside the "Multiple UIDs" section in the wiki. > There are the 3 different sections of how to run dovecot-lda a > different way: > > * with a lookup > * without a lookup > * multiple UIDs > > None of their documentation is compatible with each others. Ok, I must be misunderstanding. I understand that the multiple UIDs limitation relates to the fact that access to the auth-userdb socket is restricted, is that incorrect? Following that forward, where the example shows that you can set group access to the socket and change permissions to 0660 I took to mean you can now have multiple users so long as they are in the correct group (ie vmail). Which contradicts the statement that you cannot work with multiple UIDs. Can you put that straight if I got it wrong? thanks in advance, Andy. From tss at iki.fi Tue Aug 23 19:19:22 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 19:19:22 +0300 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> Message-ID: <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> On 23.8.2011, at 19.10, a.smith at ukgrid.net wrote: >> Now you've gone outside the "Multiple UIDs" section in the wiki. There are the 3 different sections of how to run dovecot-lda a different way: >> >> * with a lookup >> * without a lookup >> * multiple UIDs >> >> None of their documentation is compatible with each others. > > Ok, I must be misunderstanding. I understand that the multiple UIDs limitation relates to the fact that access to the auth-userdb socket is restricted, is that incorrect? No, that's the least of its troubles. If you can't run dovecot-lda as root, it won't be able to change its UID to the user's UID (and so won't have enough permissions to be able to write mails to user's mailbox). So you need to run dovecot-lda as root in some way, and after that it becomes pretty much irrelevant what auth-userdb's permissions are. From a.smith at ukgrid.net Tue Aug 23 19:37:08 2011 From: a.smith at ukgrid.net (a.smith at ukgrid.net) Date: Tue, 23 Aug 2011 17:37:08 +0100 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> Message-ID: <20110823173708.25235temcjts5e88@webmail2.ukgrid.net> Quoting Timo Sirainen : > > No, that's the least of its troubles. If you can't run dovecot-lda > as root, it won't be able to change its UID to the user's UID (and > so won't have enough permissions to be able to write mails to user's > mailbox). So you need to run dovecot-lda as root in some way, and > after that it becomes pretty much irrelevant what auth-userdb's > permissions are. > Hmmm, well in my setup dovecot-lda is called from Exim with "user=" set to a MySQL query. I'd guess that that means Exim runs dovecot-lda as the user directly so I don't have the issue you mention above. But where the permission on the auth-userdb socket are root:vmail 0660, the dovecot-lda is called as vmail and the vmail user is a member of the vmail group I get the error: Aug 11 03:38:06 lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied (euid=25110(vmail) egid=25110(vmail) missing +r perm: /var/run/dovecot/auth-userdb, euid is not dir owner) In the dovecot log when dovecot-lda is called. Hence I thought the socket permissions where related to the multiple UID restriction... thanks Andy. From tss at iki.fi Tue Aug 23 19:43:56 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 19:43:56 +0300 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <20110823173708.25235temcjts5e88@webmail2.ukgrid.net> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> <20110823173708.25235temcjts5e88@webmail2.ukgrid.net> Message-ID: <0720326B-36C7-4CF6-8314-FB9AEAC1B216@iki.fi> On 23.8.2011, at 19.37, a.smith at ukgrid.net wrote: >> No, that's the least of its troubles. If you can't run dovecot-lda as root, it won't be able to change its UID to the user's UID (and so won't have enough permissions to be able to write mails to user's mailbox). So you need to run dovecot-lda as root in some way, and after that it becomes pretty much irrelevant what auth-userdb's permissions are. >> > > Hmmm, well in my setup dovecot-lda is called from Exim with "user=" set to a MySQL query. Are you sure you even need Dovecot to do a userdb lookup then? If Exim can set up also the other needed things (home dir?) it shouldn't be necessary. > I'd guess that that means Exim runs dovecot-lda as the user directly so I don't have the issue you mention above. But where the permission on the auth-userdb socket are root:vmail 0660, the dovecot-lda is called as vmail and the vmail user is a member of the vmail group I get the error: > > Aug 11 03:38:06 lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied (euid=25110(vmail) egid=25110(vmail) missing +r perm: /var/run/dovecot/auth-userdb, euid is not dir owner) Hmm. So if dovecot-lda is running as vmail group and /var/run/dovecot/auth-userdb has group=vmail and 0660 permissions, this error shouldn' t happen. Check two things: 1) ls -ln /var/run/dovecot/auth-userdb actually shows group as 25110 and mode being 0660 2) If you've any SELinux or app-armor stuff enabled, try disabling them From tss at iki.fi Tue Aug 23 20:44:47 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 20:44:47 +0300 Subject: [Dovecot] Segmentation fault in dovecot director lmtp service In-Reply-To: <20110817114228.2705AA0D2@mx04.metaways.net> References: <20110817114228.2705AA0D2@mx04.metaways.net> Message-ID: <1314121487.10421.1312.camel@hurina> On Wed, 2011-08-17 at 11:42 +0000, Reinhard Vicinus wrote: > Hi, > > > the lmtp service of our dovecot director installation quits with a > segmentation fault if a lot of mails are simultaneously delivered. > For example if the postfix mailqueue is filled (for whatever reason) > and postqueue -f is run the lmtp service quits with a segmentation > fault: It probably means that the remote LMTP server disconnected the client for whatever reason. http://hg.dovecot.org/dovecot-2.0/rev/2f988e370a41 should help. From tss at iki.fi Tue Aug 23 20:47:44 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 20:47:44 +0300 Subject: [Dovecot] signal 11 crash, sometimes, during mbox bz2 decompression In-Reply-To: <201108161100.p7GB0P3R073897@chilled.skew.org> References: <201108161100.p7GB0P3R073897@chilled.skew.org> Message-ID: <1314121664.10421.1314.camel@hurina> On Tue, 2011-08-16 at 05:00 -0600, Mike Brown wrote: > I'm running dovecot 1.2.16 from the ports collection on FreeBSD 8.1-STABLE, > amd64. .. > My compressed mbox files are all .bz2 files in an 'old' subdirectory of my > main mail directory. I am trying to access them with Thunderbird. I > 'subscribed' to them just fine, and at first I thought it was working, but I > just got lucky on the first couple I accessed. Dovecot actually fails to > decompress them about 90% of the time, seemingly at random; the same box will > not work a bunch of times, then work once, then not work again and again. When > it works, sometimes only some of the messages get transmitted. I'm not entirely sure but I kind of remember bzip2 support being at least somewhat broken in v1.x. It's been entirely rewritten in v2.0. > Aug 16 00:25:33 myhost dovecot: dovecot: child 943 (imap) killed with signal 11 (core not dumped - set mail_drop_priv_before_exec=yes) gdb backtrace would show more information about where it crashed: http://dovecot.org/bugreport.html But I don't think there's much point in wasting more time on this before trying if v2.0 has already fixed it. From tss at iki.fi Tue Aug 23 21:01:36 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 21:01:36 +0300 Subject: [Dovecot] dovecot's documentation dearth In-Reply-To: <4E498C14.8070200@psy.miami.edu> References: <4E498C14.8070200@psy.miami.edu> Message-ID: <1314122496.10421.1326.camel@hurina> On Mon, 2011-08-15 at 17:13 -0400, Postmaster wrote: > I'm working on a configuration for 2.0 and I'm finding the documentation > somewhat difficult. I think it would be very helpful to me to have > encountered a single page that detailed all available configuration > sections. I don't know how to find out what the sections are, when to > use them or what specifically they control. So far I've encountered... > > passdb This is same as always: http://wiki2.dovecot.org/PasswordDatabase > plugin Also. Simply settings used by plugins: http://wiki2.dovecot.org/Plugins > service This is a bit tricky one and unfortunately not documented clearly yet. The included example-config/conf.d/10-master.conf has some comments about them though. > protocol A filter for settings inside it to affect only the specified protocol, e.g. protocol imap {} or pop3 or smtp or .. Would have probably been nice to name these filters in a more consistent form (like: filter protocol imap {}) > userdb As before: http://wiki2.dovecot.org/UserDatabase > local_name (and I think there is another one of these for ips) Another filter to apply settings inside it only for the specified hostname/IP address. local_name is mainly about using it for multiple SSL certificates when using TLS SNI. local {} is about any other specific per-IP/network settings. remote {} is similar to local {} except for remote IP/network. I'm not sure where would be a good place to document these.. I suppose I should create a new wiki page about some generic config file syntax things. > The service section itself would benefit from a single page detailing > all of the possible types of service sections available. You can get a list of all default services with "doveconf service", but you can also create your own services. Also e.g. once you install Pigeonhole Sieve you'll get more services. > The next problem I've had is discovering that several parts of dovecot > have no documentation at all even though they are standalone executables > run by root. config, log, and ssl_params all run as root but there is > also anvil These are the services that are run internally by Dovecot. It's part of the same "yeah, would be good to document all services and what they do and what service parameters may and may not be changed for them" but I'm kind of busy.. > and they look to me like they could support listening on a > port if inet_interfaces is defined. Everything supports listening anywhere, but whether it's a good idea is another thing. > Well I guess that would be one solution. The bottom line is that it > gives me an uncomfortableness to not be able to control or explain the > operation of the software I'm supposedly administering. Take the > program named log (which should be named dovecot-log or something less > generic), It shows up as "dovecot/log" in the ps list and exists in libexec/dovecot/log, so I don't think the name is a problem. I considered naming everything dovecot-* but then thought dovecot/* is prettier and doesn't require renaming so many existing binaries from v1.x. > it is launched even though I've specified syslog in the > configuration. Logging is not interrupted when the process is killed. > So, why is it running? What is it doing? Why does it need root? Everything still gets logged through it even if you use syslog. It does a few other small log simplifying things besides just writing to a log file. If you kill it, it's restarted and that's why you don't see logging interruption (some messages might get lost). If you send a SIGSTOP to it the logging should stop and eventually all processes should start blocking on log writes I think. It doesn't need to be root as long as it can do the logging without. From a.smith at ukgrid.net Tue Aug 23 21:27:23 2011 From: a.smith at ukgrid.net (a.smith at ukgrid.net) Date: Tue, 23 Aug 2011 19:27:23 +0100 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <0720326B-36C7-4CF6-8314-FB9AEAC1B216@iki.fi> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> <20110823173708.25235temcjts5e88@webmail2.ukgrid.net> <0720326B-36C7-4CF6-8314-FB9AEAC1B216@iki.fi> Message-ID: <20110823192723.20857dls3diubqko@webmail2.ukgrid.net> Quoting Timo Sirainen : >> Hmmm, well in my setup dovecot-lda is called from Exim with "user=" >> set to a MySQL query. > > Are you sure you even need Dovecot to do a userdb lookup then? If > Exim can set up also the other needed things (home dir?) it > shouldn't be necessary. Yeah, I think I could do that. I followed the setup guide for Exim from the Dovecot wiki and this is the first config I arrived at, which works well apart from this little detail. > > Hmm. So if dovecot-lda is running as vmail group and > /var/run/dovecot/auth-userdb has group=vmail and 0660 permissions, > this error shouldn' t happen. Check two things: > > 1) ls -ln /var/run/dovecot/auth-userdb actually shows group as 25110 > and mode being 0660 srw-rw---- 1 root mailnull 0 Aug 23 19:13 /var/run/dovecot/auth-userdb > > 2) If you've any SELinux or app-armor stuff enabled, try disabling them Im running FreeBSD so no SELinux here. In my test, actually what I have is a vmail user with primary group vmail and secondary group mailnull. Which as mentioned results in this error: Aug 23 19:19:13 lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied (euid=25110(vmail) egid=25110(vmail) missing +r perm: /var/run/dovecot/auth-userdb, euid is not dir owner) It did cross my mind it was a bug, but then I thought the documentation just was wrong on the wiki... From tss at iki.fi Tue Aug 23 21:42:00 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 21:42:00 +0300 Subject: [Dovecot] zlib plugin doesn't read concatenated .gz mailbox In-Reply-To: <20110729170047.GA11833@castle.dion.org.ua> References: <20110729170047.GA11833@castle.dion.org.ua> Message-ID: <1314124920.10421.1327.camel@hurina> On Fri, 2011-07-29 at 20:00 +0300, Dmitry Nezhevenko wrote: > I've observed that dovecot doesn't displays all mails from compressed via > gzip mailbox (mbox). At the same time "mutt -f mailbox.gz" displays it > correctly with all messages. Fixed: http://hg.dovecot.org/dovecot-2.0/rev/35e4a547231c From tss at iki.fi Tue Aug 23 21:52:05 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 21:52:05 +0300 Subject: [Dovecot] dovecot and tcpwrappers In-Reply-To: <201107271539.43111.lemmens_kees@yahoo.co.uk> References: <201107271416.36017.C.W.J.Lemmens@ewi.tudelft.nl> <1311769424.10421.1218.camel@hurina> <201107271512.54139.C.W.J.Lemmens@ewi.tudelft.nl> <201107271539.43111.lemmens_kees@yahoo.co.uk> Message-ID: <1314125525.10421.1329.camel@hurina> On Wed, 2011-07-27 at 15:39 +0200, Kees Lemmens wrote: > I think I sorted it out : I also had to add a service section to > dovecot.conf and I had to change the old "imap-login" settings in > /etc./hosts.allow to be simply "imap" now. .. > Timo : maybe this could be documented a little better ? It took me quite a > while now to figure it all out. Yeah, I've just been too busy.. I added it now to http://wiki2.dovecot.org/LoginProcess > About the "not running from inetd" problem : would it be enough to copy the > modules to the chrooted directory to avoid this connect(imap-login) problem > ? I've removed all the code necessary for running from inetd. It was horribly ugly code and I never liked it. There's not going to be any easy way to add it back. From tss at iki.fi Tue Aug 23 21:53:15 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 21:53:15 +0300 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <20110823192723.20857dls3diubqko@webmail2.ukgrid.net> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> <20110823173708.25235temcjts5e88@webmail2.ukgrid.net> <0720326B-36C7-4CF6-8314-FB9AEAC1B216@iki.fi> <20110823192723.20857dls3diubqko@webmail2.ukgrid.net> Message-ID: <1314125595.10421.1330.camel@hurina> On Tue, 2011-08-23 at 19:27 +0100, a.smith at ukgrid.net wrote: > srw-rw---- 1 root mailnull 0 Aug 23 19:13 /var/run/dovecot/auth-userdb That's not vmail group as you said.. From a.smith at ukgrid.net Tue Aug 23 21:59:04 2011 From: a.smith at ukgrid.net (a.smith at ukgrid.net) Date: Tue, 23 Aug 2011 19:59:04 +0100 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <1314125595.10421.1330.camel@hurina> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> <20110823173708.25235temcjts5e88@webmail2.ukgrid.net> <0720326B-36C7-4CF6-8314-FB9AEAC1B216@iki.fi> <20110823192723.20857dls3diubqko@webmail2.ukgrid.net> <1314125595.10421.1330.camel@hurina> Message-ID: <20110823195904.86516vg9w4fwy1og@webmail2.ukgrid.net> no, I did explain this later in my last email.... Quoting Timo Sirainen : > On Tue, 2011-08-23 at 19:27 +0100, a.smith at ukgrid.net wrote: > >> srw-rw---- 1 root mailnull 0 Aug 23 19:13 /var/run/dovecot/auth-userdb > > That's not vmail group as you said.. > > > From tss at iki.fi Tue Aug 23 22:15:30 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 22:15:30 +0300 Subject: [Dovecot] Bug report v2.0.13 - CentOS x86_64 - NFS - mbox - Problem reproduced In-Reply-To: <4E4E78B4.9070102@otenet.gr> References: <4E294AC0.2060706@otenet.gr> <4E425874.6040507@otenet.gr> <1313355050.10421.1285.camel@hurina> <20110815111701.68513psu7vb3wflp@noc.otenet.gr> <4E4A73AE.7090402@otenet.gr> <4E4D0D9C.6000600@otenet.gr> <4E4E78B4.9070102@otenet.gr> Message-ID: <1314126930.10421.1333.camel@hurina> On Fri, 2011-08-19 at 17:52 +0300, Kostas Zorbadelos wrote: > The problem is more easily introduced than I imagined. Well, I still couldn't reproduce it. But I can kind of see the problem. http://hg.dovecot.org/dovecot-2.0/rev/030394c74f54 should help. From tss at iki.fi Tue Aug 23 22:19:43 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 22:19:43 +0300 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <20110823192723.20857dls3diubqko@webmail2.ukgrid.net> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> <20110823173708.25235temcjts5e88@webmail2.ukgrid.net> <0720326B-36C7-4CF6-8314-FB9AEAC1B216@iki.fi> <20110823192723.20857dls3diubqko@webmail2.ukgrid.net> Message-ID: <1314127183.10421.1337.camel@hurina> On Tue, 2011-08-23 at 19:27 +0100, a.smith at ukgrid.net wrote: > In my test, actually what I have is a vmail user with primary group > vmail and secondary group mailnull. Which as mentioned results in this > error: It doesn't actually matter what groups you have assigned to vmail user. Dovecot only enables the primary group (and not even that if you've overridden it in config), and apparently Exim does the same too. The supplementary groups don't automatically get enabled when process's UID switched, it requires explicit extra code to do it. In most installations this is just useless extra work and a potential accidental security hole. From a.smith at ukgrid.net Tue Aug 23 22:38:19 2011 From: a.smith at ukgrid.net (a.smith at ukgrid.net) Date: Tue, 23 Aug 2011 20:38:19 +0100 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <1314127183.10421.1337.camel@hurina> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> <20110823173708.25235temcjts5e88@webmail2.ukgrid.net> <0720326B-36C7-4CF6-8314-FB9AEAC1B216@iki.fi> <20110823192723.20857dls3diubqko@webmail2.ukgrid.net> <1314127183.10421.1337.camel@hurina> Message-ID: <20110823203819.21196j1545iakszw@webmail2.ukgrid.net> Quoting Timo Sirainen : > On Tue, 2011-08-23 at 19:27 +0100, a.smith at ukgrid.net wrote: > > >> In my test, actually what I have is a vmail user with primary group >> vmail and secondary group mailnull. Which as mentioned results in this >> error: > > It doesn't actually matter what groups you have assigned to vmail user. > Dovecot only enables the primary group (and not even that if you've > overridden it in config), and apparently Exim does the same too. > > The supplementary groups don't automatically get enabled when process's > UID switched, it requires explicit extra code to do it. In most > installations this is just useless extra work and a potential accidental > security hole. > Ok, I assumed that secondary groups are honoured in almost all instances on a UNIX or Linux platform. I can add a note to the wiki making it explicit that the group must be the primary group if you think it's appropriate... From tss at iki.fi Tue Aug 23 22:44:01 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 22:44:01 +0300 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <20110823203819.21196j1545iakszw@webmail2.ukgrid.net> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> <20110823173708.25235temcjts5e88@webmail2.ukgrid.net> <0720326B-36C7-4CF6-8314-FB9AEAC1B216@iki.fi> <20110823192723.20857dls3diubqko@webmail2.ukgrid.net> <1314127183.10421.1337.camel@hurina> <20110823203819.21196j1545iakszw@webmail2.ukgrid.net> Message-ID: <1314128641.10421.1340.camel@hurina> On Tue, 2011-08-23 at 20:38 +0100, a.smith at ukgrid.net wrote: > > It doesn't actually matter what groups you have assigned to vmail user. > > Dovecot only enables the primary group (and not even that if you've > > overridden it in config), and apparently Exim does the same too. > > > > The supplementary groups don't automatically get enabled when process's > > UID switched, it requires explicit extra code to do it. In most > > installations this is just useless extra work and a potential accidental > > security hole. > > > > Ok, I assumed that secondary groups are honoured in almost all > instances on a UNIX or Linux platform. I can add a note to the wiki > making it explicit that the group must be the primary group if you > think it's appropriate... It doesn't have to be the primary group. This is more of an Exim side problem that it doesn't assign the supplementary groups (if it did, it would have worked with dovecot-lda). I don't think the way you configured Exim to call dovecot-lda is explained anywhere in Dovecot wiki? From a.smith at ukgrid.net Tue Aug 23 23:18:02 2011 From: a.smith at ukgrid.net (a.smith at ukgrid.net) Date: Tue, 23 Aug 2011 21:18:02 +0100 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <1314128641.10421.1340.camel@hurina> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> <20110823173708.25235temcjts5e88@webmail2.ukgrid.net> <0720326B-36C7-4CF6-8314-FB9AEAC1B216@iki.fi> <20110823192723.20857dls3diubqko@webmail2.ukgrid.net> <1314127183.10421.1337.camel@hurina> <20110823203819.21196j1545iakszw@webmail2.ukgrid.net> <1314128641.10421.1340.camel@hurina> Message-ID: <20110823211802.18166sfrmmbwx00s@webmail2.ukgrid.net> Quoting Timo Sirainen : > > It doesn't have to be the primary group. This is more of an Exim side > problem that it doesn't assign the supplementary groups (if it did, it > would have worked with dovecot-lda). I don't think the way you > configured Exim to call dovecot-lda is explained anywhere in Dovecot > wiki? > I'm using the exact transport from the wiki (http://wiki2.dovecot.org/LDA/Exim) but with the addition of setting user and also I have a shadow transport configured. So, yes I do have a couple of differences to what is shown in the wiki... WRT my problem, I will work around it using primary groups or possibly abolishing the option for users/domains to use any user other than vmail. I don't think its necessary but its how I inherited this particular mail setup... thanks for your input, cheers Andy. From Lutz.Pressler at SerNet.DE Wed Aug 24 01:00:30 2011 From: Lutz.Pressler at SerNet.DE (Lutz =?iso-8859-1?Q?Pre=DFler?=) Date: Wed, 24 Aug 2011 00:00:30 +0200 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <20110823211802.18166sfrmmbwx00s@webmail2.ukgrid.net> References: <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> <20110823173708.25235temcjts5e88@webmail2.ukgrid.net> <0720326B-36C7-4CF6-8314-FB9AEAC1B216@iki.fi> <20110823192723.20857dls3diubqko@webmail2.ukgrid.net> <1314127183.10421.1337.camel@hurina> <20110823203819.21196j1545iakszw@webmail2.ukgrid.net> <1314128641.10421.1340.camel@hurina> <20110823211802.18166sfrmmbwx00s@webmail2.ukgrid.net> Message-ID: On Di, 23 Aug 2011, a.smith at ukgrid.net wrote: > Quoting Timo Sirainen : > > > > > It doesn't have to be the primary group. This is more of an Exim side > > problem that it doesn't assign the supplementary groups (if it did, it > > would have worked with dovecot-lda). I don't think the way you You probably can use the Exim transport (or router) option "initgroups". Lutz From karsten.becker at ecologic.eu Wed Aug 24 01:08:14 2011 From: karsten.becker at ecologic.eu (Karsten Becker) Date: Wed, 24 Aug 2011 00:08:14 +0200 Subject: [Dovecot] Cannot delete subfolder in public folder Message-ID: <4E5424CE.7050309@ecologic.eu> Hi there, I have the problem that I'm unable to delete a subfolder (again) I created within a public folder. I've already read about configuring Thunderbird to delete immediately - which I did. But it still doesn't work. I delete -> the folder is gone -> I get a TB error message saying "The folder doesn't exist" -> after restarting TB the folders appear again. Maybe someone has a hint. My tip is that I may have a wrong understanding of the ACL mechanism... :-( Regards from Berlin/Germany Karsten ------------------------ Log: > Aug 24 00:01:37 mail01 dovecot: imap(karsten.becker at company.eu): Debug: acl vfile: file /etc/dovecot/global-acls//.DEFAULT not found > Aug 24 00:01:37 mail01 dovecot: imap(karsten.becker at company.eu): Debug: acl vfile: file /srv/vmail/user-mailboxes/company.eu/karsten.becker/mailboxes/dovecot-acl not found > Aug 24 00:01:37 mail01 dovecot: imap(karsten.becker at company.eu): Debug: acl vfile: file /etc/dovecot/global-acls/Folders/test01/aaa not found > Aug 24 00:01:37 mail01 dovecot: imap(karsten.becker at company.eu): Debug: acl vfile: reading file /srv/vmail/public_folders/test01/aaa/dovecot-acl Here's the filesystem structure in /srv/vmail: > root at mail01.compdmz.local:/srv/vmail# ls -l public_folders/test01/ > total 20 > drwxr-xr-x 5 vmail vmail 4096 2011-08-23 23:50 aaa > drwxr-xr-x 2 vmail vmail 4096 2011-08-23 21:45 cur > -rw-r--r-- 1 vmail vmail 25 2011-08-23 22:19 dovecot-acl > drwxr-xr-x 2 vmail vmail 4096 2011-08-23 21:45 new > drwxr-xr-x 2 vmail vmail 4096 2011-08-23 21:45 tmp > root at mail01.compdmz.local:/srv/vmail# Here's the content of dovecot-acl (there are another ones in subfolder aaa with the same content, inherited during creation): > authenticated lrwstipekx Here's my configuration of Dovecot: > # 2.0.13: /usr/local/dovecot-2.0.13/etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-33-server x86_64 Ubuntu 10.04.3 LTS ext4 > doveconf: Warning: Dovecot was last started using /etc/dovecot/dovecot.conf, but this config is /usr/local/dovecot-2.0.13/etc/dovecot/dovecot.conf > auth_cache_negative_ttl = 0 > auth_cache_size = 10 M > auth_mechanisms = plain login > base_dir = /usr/local/dovecot/var/run/dovecot > dict { > acl = mysql:/etc/dovecot/dovecot-dict-shared-mailboxes-mysql.conf > expire = mysql:/etc/dovecot/dovecot-dict-expire-mysql.conf > quota = mysql:/etc/dovecot/dovecot-dict-quota-mysql.conf > } > log_timestamp = "%Y-%m-%d %H:%M:%S " > login_greeting = Company Institute > mail_attachment_dir = /srv/vmail/attachments > mail_attachment_hash = %{sha256} > mail_cache_min_mail_count = 2 > mail_debug = yes > mail_location = mdbox:/srv/vmail/user-mailboxes/%d/%n > mail_plugins = acl expire quota > mailbox_idle_check_interval = 1 mins > namespace { > inbox = yes > location = > prefix = > separator = / > subscriptions = yes > type = private > } > namespace { > list = children > location = mdbox:/srv/vmail/user-mailboxes/%%d/%%n > prefix = Users/%%d/%%n/ > separator = / > subscriptions = no > type = shared > } > namespace { > list = children > location = maildir:/srv/vmail/public_folders:INDEX=/srv/vmail/user-mailboxes/%d/%n/public_folders-seen:LAYOUT=fs > prefix = Folders/ > separator = / > subscriptions = no > type = public > } > passdb { > args = /etc/dovecot/dovecot-mysql.conf > driver = sql > } > plugin { > acl = vfile:/etc/dovecot/global-acls:cache_secs=300 > acl_shared_dict = proxy::acl > expire = Trash > expire2 = Trash/* > expire3 = Junk > expire4 = Junk/* > expire_dict = proxy::expire > quota = dict:User quota::proxy::quota > quota_rule = *:storage=10485760 > quota_rule2 = Trash:storage=+1048576 > quota_warning = storage=95%% quota-warning 95 %u > quota_warning2 = storage=80%% quota-warning 80 %u > } > postmaster_address = postmaster at company.eu > protocols = imap pop3 > service auth { > unix_listener /var/spool/postfix/private/auth_dovecot { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-master { > mode = 0600 > user = vmail > } > user = root > } > service dict { > unix_listener dict { > mode = 0600 > user = vmail > } > } > service imap-login { > inet_listener imaps { > port = 993 > ssl = yes > } > process_min_avail = 2 > } > service imap { > vsz_limit = 512 M > } > service pop3-login { > inet_listener pop3s { > port = 995 > ssl = yes > } > } > service quota-warning { > executable = script /usr/local/bin/quota-warning.sh > user = vmail > } > ssl = required > ssl_cert = ssl_key = userdb { > args = /etc/dovecot/dovecot-mysql.conf > driver = sql > } > verbose_proctitle = yes > protocol lda { > auth_socket_path = auth-master > postmaster_address = postmaster at company.eu > } > protocol imap { > imap_client_workarounds = delay-newmail > imap_max_line_length = 128 k > mail_plugins = acl expire quota imap_acl imap_quota > } > protocol pop3 { > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > } From tss at iki.fi Wed Aug 24 01:48:13 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 24 Aug 2011 01:48:13 +0300 Subject: [Dovecot] Cannot delete subfolder in public folder In-Reply-To: <4E5424CE.7050309@ecologic.eu> References: <4E5424CE.7050309@ecologic.eu> Message-ID: On 24.8.2011, at 1.08, Karsten Becker wrote: > I have the problem that I'm unable to delete a subfolder (again) I > created within a public folder. > > I've already read about configuring Thunderbird to delete immediately - > which I did. But it still doesn't work. Step 1: Verify that it really is a DELETE command that fails and that the returned error is "Permission denied". For example: telnet localhost 143 a login username password b delete Folders/test01 From superkkt at sds.co.kr Wed Aug 24 06:00:41 2011 From: superkkt at sds.co.kr (=?ks_c_5601-1987?B?seix4sXC?=) Date: Wed, 24 Aug 2011 03:00:41 +0000 Subject: [Dovecot] unlink_directory failed with 'Device or resource busy' on NFS Message-ID: <5811AFA0-1036-4851-BDE7-D4B1E850F3D4@sds.co.kr> Hi, I'm getting some errors while I'm trying to move mailboxes from IMAP server to Outlook client. The error message is "IMAP command is failed" and I think it is useless. Here are the error messages written to server's syslog. imap(name at domain.com): Error: unlink_directory(/data/domain.com/name/INBOX/direct/.nfs00000000000033fd000000cd) failed: Device or resource busy imap(name at domain.com): Error: unlink_directory(/data/domain.com/name/INBOX/IDC/.nfs000000000000709d000000e9) failed: Device or resource busy imap(name at domain.com): Error: unlink_directory(/data/domain.com/name/INBOX/OSSEC/.nfs000000000000709f000000f0) failed: Device or resource busy How can I solve this problem? I'm using Dovecot 2.0.13 and my configurations are: # 2.0.13: /usr/local/dovecot/etc/dovecot/dovecot.conf # OS: Linux 2.6.38-11-server x86_64 Ubuntu 11.04 listen = * mail_fsync = always mail_location = maildir:~:LAYOUT=fs mail_nfs_index = yes mail_nfs_storage = yes mmap_disable = yes passdb { args = /usr/local/dovecot/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } ssl_cert = References: <4E535C2F.7080605@debian.org> <0DB68F7E-4FAC-4D83-9BC5-1E991FF65B03@iki.fi> Message-ID: Timo, 2011/8/24 Timo Sirainen : > I remember listescape had problems with ACLs, and that it wasn't really possible to solve those bugs without major changes. The good news though is that those major changes are done in v2.1 where it should work. Ok, I would avoid using maildir++ layout with listescape for now. I confirmed that it could support folder names including dots without listescape by using LAYOUT=fs. > Also you could make FS layout almost reserved-folder-name free by adding e.g. :DIRNAME=Mails to your mail_location. Now the only reserved name is "Mails", and you can of course use any other name that users are highly unlikely to use (and remember that folder names are case sensitive). Yes, I've learnt about DIRNAME from the dovecot wiki. Currently that config could be the best for LAYOUT=fs. Thank you for the valuable information and suggestion! > Seome day I'm hoping to add yet another option that mailbox names wouldn't be used in filenames at all, but rather their GUIDs. Good. Looking forward to seeing it. I also expect some of mailbox migration tools to be available :-) (dsync can do it?). Regards, -- YAEGASHI Takeshi From karsten.becker at ecologic.eu Wed Aug 24 11:34:58 2011 From: karsten.becker at ecologic.eu (Karsten Becker) Date: Wed, 24 Aug 2011 10:34:58 +0200 Subject: [Dovecot] Cannot delete subfolder in public folder In-Reply-To: References: <4E5424CE.7050309@ecologic.eu> Message-ID: <4E54B7B2.1030000@ecologic.eu> Step 1 accomplished: It worked. So, it's a TB bug? Some known workarounds? Regards Karsten On 08/24/2011 12:48 AM, Timo Sirainen wrote: > On 24.8.2011, at 1.08, Karsten Becker wrote: > >> I have the problem that I'm unable to delete a subfolder (again) I >> created within a public folder. >> >> I've already read about configuring Thunderbird to delete immediately - >> which I did. But it still doesn't work. > > Step 1: Verify that it really is a DELETE command that fails and that the returned error is "Permission denied". For example: > > telnet localhost 143 > a login username password > b delete Folders/test01 > From karsten.becker at ecologic.eu Wed Aug 24 12:26:22 2011 From: karsten.becker at ecologic.eu (Karsten Becker) Date: Wed, 24 Aug 2011 11:26:22 +0200 Subject: [Dovecot] Cannot delete subfolder in public folder In-Reply-To: <4E54B7B2.1030000@ecologic.eu> References: <4E5424CE.7050309@ecologic.eu> <4E54B7B2.1030000@ecologic.eu> Message-ID: <4E54C3BE.4020501@ecologic.eu> Yeeeahh! I got it. For those who have the same problem: > http://wiki.dovecot.org/Clients#Thunderbird Then, I took a look in conf.d/20-imap.conf and found the following: > # Workarounds for various client bugs: > # delay-newmail: > # Send EXISTS/RECENT new mail notifications only when replying to NOOP > # and CHECK commands. Some clients ignore them otherwise, for example OSX > # Mail ( # may show user "Message no longer in server" errors. Note that OE6 still > # breaks even with this workaround if synchronization is set to > # "Headers Only". > # tb-extra-mailbox-sep: > # With mbox storage a mailbox can contain either mails or submailboxes, > # but not both. Thunderbird separates these two by forcing server to > # accept '/' suffix in mailbox names in subscriptions list. > # tb-lsub-flags: > # Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox). > # This makes Thunderbird realize they aren't selectable and show them > # greyed out, instead of only later giving "not selectable" popup error. > # > # The list is space-separated. > imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags As we have a very heterogenous infrastructure, with Mac OS X Thunderbird, I added the missing 2 TB options (I also have LAYOUT=fs on the public folders) and restarted Dovecot. Now it works without showing obscure messages - it just deletes a subfolder as a user would expect! :-D Of course TB must be still set up to delete immediately. Regards Karsten On 08/24/2011 10:34 AM, Karsten Becker wrote: > Step 1 accomplished: It worked. > > So, it's a TB bug? Some known workarounds? > > Regards > Karsten > > On 08/24/2011 12:48 AM, Timo Sirainen wrote: >> On 24.8.2011, at 1.08, Karsten Becker wrote: >> >>> I have the problem that I'm unable to delete a subfolder (again) I >>> created within a public folder. >>> >>> I've already read about configuring Thunderbird to delete immediately - >>> which I did. But it still doesn't work. >> >> Step 1: Verify that it really is a DELETE command that fails and that the returned error is "Permission denied". For example: >> >> telnet localhost 143 >> a login username password >> b delete Folders/test01 >> > From karsten.becker at ecologic.eu Wed Aug 24 13:32:41 2011 From: karsten.becker at ecologic.eu (Karsten Becker) Date: Wed, 24 Aug 2011 12:32:41 +0200 Subject: [Dovecot] Attachments not removed from single store Message-ID: <4E54D349.7030005@ecologic.eu> Hi. Well, I've the next problem. I turned on the new attachment de-duplication stuff in the configuration. If I send an attchment between two accounts on my test system, the attment gets saved ion the configured mail_attachment_dir. But... if I delete it from the senders Send folder and the receivers Inbox (and of course empty Trash afterwards in both cases), the hashes and the attachment are not deleted in mail_attachment_dir (as I would expect). Is this a bug, or have I misunderstood the concept of storing attachments? Regards Karsten ------------------------------------------------ > # 2.0.13: /usr/local/dovecot-2.0.13/etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-33-server x86_64 Ubuntu 10.04.3 LTS ext4 > doveconf: Warning: Dovecot was last started using /etc/dovecot/dovecot.conf, but this config is /usr/local/dovecot-2.0.13/etc/dovecot/dovecot.conf > auth_cache_negative_ttl = 0 > auth_cache_size = 10 M > auth_mechanisms = plain login > base_dir = /usr/local/dovecot/var/run/dovecot > dict { > acl = mysql:/etc/dovecot/dovecot-dict-shared-mailboxes-mysql.conf > expire = mysql:/etc/dovecot/dovecot-dict-expire-mysql.conf > quota = mysql:/etc/dovecot/dovecot-dict-quota-mysql.conf > } > log_timestamp = "%Y-%m-%d %H:%M:%S " > login_greeting = Company Institute > mail_attachment_dir = /srv/vmail/attachments > mail_attachment_hash = %{sha256} > mail_cache_min_mail_count = 2 > mail_debug = yes > mail_location = mdbox:/srv/vmail/user-mailboxes/%d/%n > mail_plugins = acl expire quota > mailbox_idle_check_interval = 1 mins > namespace { > inbox = yes > location = > prefix = > separator = / > subscriptions = yes > type = private > } > namespace { > list = children > location = mdbox:/srv/vmail/user-mailboxes/%%d/%%n > prefix = Users/%%d/%%n/ > separator = / > subscriptions = no > type = shared > } > namespace { > list = children > location = maildir:/srv/vmail/public_folders:INDEX=/srv/vmail/user-mailboxes/%d/%n/public_folders-seen:LAYOUT=fs > prefix = Folders/ > separator = / > subscriptions = no > type = public > } > passdb { > args = /etc/dovecot/dovecot-mysql.conf > driver = sql > } > plugin { > acl = vfile:/etc/dovecot/global-acls:cache_secs=300 > acl_shared_dict = proxy::acl > expire = Trash > expire2 = Trash/* > expire3 = Spam > expire4 = Spam/* > expire5 = Junk > expire6 = Junk/* > expire_dict = proxy::expire > quota = dict:User quota::proxy::quota > quota_rule = *:storage=10485760 > quota_rule2 = Trash:storage=+1048576 > quota_warning = storage=95%% quota-warning 95 %u > quota_warning2 = storage=80%% quota-warning 80 %u > } > postmaster_address = postmaster at company.eu > protocols = imap pop3 > service auth { > unix_listener /var/spool/postfix/private/auth_dovecot { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-master { > mode = 0600 > user = vmail > } > user = root > } > service dict { > unix_listener dict { > mode = 0600 > user = vmail > } > } > service imap-login { > inet_listener imaps { > port = 993 > ssl = yes > } > process_min_avail = 2 > } > service imap { > vsz_limit = 512 M > } > service pop3-login { > inet_listener pop3s { > port = 995 > ssl = yes > } > } > service quota-warning { > executable = script /usr/local/bin/quota-warning.sh > user = vmail > } > ssl = required > ssl_cert = ssl_key = userdb { > args = /etc/dovecot/dovecot-mysql.conf > driver = sql > } > verbose_proctitle = yes > protocol lda { > auth_socket_path = auth-master > postmaster_address = postmaster at company.eu > } > protocol imap { > imap_client_workarounds = delay-newmail tb-lsub-flags tb-extra-mailbox-sep > imap_max_line_length = 128 k > mail_plugins = acl expire quota imap_acl imap_quota > } > protocol pop3 { > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > } From kzorba at otenet.gr Wed Aug 24 15:03:34 2011 From: kzorba at otenet.gr (Kostas Zorbadelos) Date: Wed, 24 Aug 2011 15:03:34 +0300 Subject: [Dovecot] POP3 Bug report v2.0.13 - CentOS x86_64 - NFS - mbox - [fixed] In-Reply-To: <1314126930.10421.1333.camel@hurina> References: <4E294AC0.2060706@otenet.gr> <4E425874.6040507@otenet.gr> <1313355050.10421.1285.camel@hurina> <20110815111701.68513psu7vb3wflp@noc.otenet.gr> <4E4A73AE.7090402@otenet.gr> <4E4D0D9C.6000600@otenet.gr> <4E4E78B4.9070102@otenet.gr> <1314126930.10421.1333.camel@hurina> Message-ID: <4E54E896.5050704@otenet.gr> On 08/23/2011 10:15 PM, Timo Sirainen wrote: > On Fri, 2011-08-19 at 17:52 +0300, Kostas Zorbadelos wrote: >> The problem is more easily introduced than I imagined. > > Well, I still couldn't reproduce it. But I can kind of see the problem. > http://hg.dovecot.org/dovecot-2.0/rev/030394c74f54 should help. > > Strange, I thought it would be reproduced easily. Anyway, your patch seems to work. I could also see with gdb that it had to do with an mbox having no open stream and I thought it was some kind of wrong initialization somewhere. I guess you can have an mbox opened, but with no stream created for it :) Thank you so much about this. I guess the fix will be included in 2.0.14. I think we have found another bug concerning fcntl lock leaks when pop3_lock_session = no, but this (if this stands) is a subject for a different thread. Regards, Kostas From andrew at sybaweb.com Wed Aug 24 15:16:39 2011 From: andrew at sybaweb.com (Andrew Lewis) Date: Wed, 24 Aug 2011 14:16:39 +0200 Subject: [Dovecot] Attachments not removed from single store In-Reply-To: <4E54D349.7030005@ecologic.eu> References: <4E54D349.7030005@ecologic.eu> Message-ID: <4E54EBA7.4050404@sybaweb.com> On 24/08/2011 12:32, Karsten Becker wrote: > Is this a bug, or have I misunderstood the concept of storing attachments? Did you run 'doveadm purge -A'? http://wiki2.dovecot.org/MailboxFormat/dbox#Multi-dbox http://wiki2.dovecot.org/Tools/Doveadm/Purge Best, -AL. From karsten.becker at ecologic.eu Wed Aug 24 15:34:21 2011 From: karsten.becker at ecologic.eu (Karsten Becker) Date: Wed, 24 Aug 2011 14:34:21 +0200 Subject: [Dovecot] Attachments not removed from single store In-Reply-To: <4E54EBA7.4050404@sybaweb.com> References: <4E54D349.7030005@ecologic.eu> <4E54EBA7.4050404@sybaweb.com> Message-ID: <4E54EFCD.7020701@ecologic.eu> Of course... I didn't. Thanks. Regards Karsten On 08/24/2011 02:16 PM, Andrew Lewis wrote: > On 24/08/2011 12:32, Karsten Becker wrote: >> Is this a bug, or have I misunderstood the concept of storing >> attachments? > > Did you run 'doveadm purge -A'? > > http://wiki2.dovecot.org/MailboxFormat/dbox#Multi-dbox > http://wiki2.dovecot.org/Tools/Doveadm/Purge > > Best, > -AL. From Guy.Deleeuw at eurofer.be Wed Aug 24 16:31:59 2011 From: Guy.Deleeuw at eurofer.be (Guy Deleeuw) Date: Wed, 24 Aug 2011 15:31:59 +0200 Subject: [Dovecot] SiS Message-ID: <1314192719.2013.7.camel@pc-0100> Hello, SiS is implemented and stable in the last version ? Best Regards Guy From flylordis at gmail.com Wed Aug 24 20:14:11 2011 From: flylordis at gmail.com (Boris Lordis) Date: Wed, 24 Aug 2011 10:14:11 -0700 Subject: [Dovecot] BUG - lmtp multiple recipients fail - setuid issue? In-Reply-To: <1313359977.10421.1304.camel@hurina> References: <1313359977.10421.1304.camel@hurina> Message-ID: Thank you! That worked. Best regards, -Boris On Sun, Aug 14, 2011 at 3:12 PM, Timo Sirainen wrote: > On Mon, 2011-08-01 at 14:28 -0700, Boris Lordis wrote: >> Jul 27 11:24:42 testmailserver dovecot: lmtp(12412, steve): Error: >> link(/spool/mail/j/jerry/mail/INBOX/u.20423, >> /spool/mail/s/steve/mail/INBOX/.temp.1311791081.P12412Q2M989550.testmailserver.) >> failed: Permission denied > > It shouldn't even try this.. I guess both INBOX directories use the same > group? That's why Dovecot's internal check fails to realize that it > can't use link(). > > This is now fixed in v2.1 hg tree. Too big of a change to fix in v2.0. > You could work around it by using unique GIDs for users, or patching > Dovecot's source code (mail_storage_copy_can_use_hardlink() to always > return FALSE) > > > From willcox at datahelper.com Wed Aug 24 21:57:16 2011 From: willcox at datahelper.com (Mark Willcox) Date: Wed, 24 Aug 2011 13:57:16 -0500 Subject: [Dovecot] Post-login scripting with virtual users Message-ID: <4E55498C.6070806@datahelper.com> I am running Dovecot 2.0.13 on Fedora 15. I have migrated from a bincimap installation using checklocalpwd. All email is in folders owned by a unprivileged user, popuser. The email users are entirely virtual and have no relationship to actual linux users. My userdb calls return the UID and GID of popuser and all goes well retrieving the mail via POP3 and IMAP. I am trying to implement a Post-login script to register the IP address that the authentication came from. Dovecot seems to be trying to execute the script as the email non-user, which does not work. I have specified that the script should be run as popuser, but it still runs as devnull at dhzone.com for instance. Everything up top that point seems to be happening happily under popuser. I added a "user = popuser" directive and it had no effect that I could see. I know that dovecot read the directive because I changed it to "user = 555" and dovecot would not run because "555" is not a user. I tried adding a "User = popuser" within the unix_listener but that also had no effect. Any ideas? Thank you! ------------------------------ Here is my dovecot -n: # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.40.3-0.fc15.x86_64 x86_64 Fedora release 15 (Lovelock) auth_debug = yes disable_plaintext_auth = no mail_debug = yes mbox_write_locks = fcntl passdb { args = /etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } protocols = imap pop3 service imap-postpop { executable = script-login /usr/local/bin/set_postpop unix_listener imap-postpop { } user = popuser } service imap { executable = imap imap-postpop } ssl_cert = From the maillog: Aug 24 13:01:57 callisto dovecot: auth: Debug: client out: OK#0111#011user=devnull at dhzone.com Aug 24 13:01:57 callisto dovecot: auth: Debug: master in: REQUEST... Aug 24 13:01:57 callisto dovecot: auth: Debug: sql(devnull at dhzone.com,75.221.209.232): SELECT home, uid, gid FROM users WHERE id = 'devnull at dhzone.com' Aug 24 13:01:57 callisto dovecot: auth: Debug: master out: USER#0114007264257#011devnull at dhzone.com#011home=/var/qmail/popbox/dhzone-com/devnull#011uid=555#011gid=555 Aug 24 13:01:57 callisto dovecot: imap-login: Login: user=, method=PLAIN, rip=75.221.209.232, lip=76.76.59.241, mpid=667 Aug 24 13:01:57 callisto dovecot: imap-postpop: Error: script-login: Error: user devnull at dhzone.com: Error reading configuration: net_connect_unix(/var/run/dovecot/config) failed: Permission denied Aug 24 13:01:57 callisto dovecot: imap-postpop: Error: script-login: Fatal: Internal error occurred. Refer to server log for more information. Aug 24 13:01:57 callisto dovecot: imap(devnull at dhzone.com): Post-login script denied access to user devnull at dhzone.com Aug 24 13:01:57 callisto dovecot: log: Error: service(imap-postpop): child 668 returned error 89 (Fatal failure) Aug 24 13:02:03 callisto dovecot: master: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill) -- _________________ Mark Willcox Data Helper, Inc. From rick at havokmon.com Wed Aug 24 22:06:19 2011 From: rick at havokmon.com (Rick Romero) Date: Wed, 24 Aug 2011 14:06:19 -0500 Subject: [Dovecot] Post-login scripting with virtual users In-Reply-To: <4E55498C.6070806@datahelper.com> References: <4E55498C.6070806@datahelper.com> Message-ID: <20110824140619.Horde.EcbbWG2tkQ9OVUurx-nr4XA@beta.vfemail.net> Quoting Mark Willcox : > I am running Dovecot 2.0.13 on Fedora 15. I have migrated from a > bincimap installation using checklocalpwd. All email is in folders > owned by a unprivileged user, popuser. The email users are entirely > virtual and have no relationship to actual linux users. > > I am trying to implement a Post-login script to register the IP address > that the authentication came from. Dovecot seems to be trying to > execute the script as the email non-user, which does not work. I have > specified that the script should be run as popuser, but it still runs as > devnull at dhzone.com for instance. Everything up top that point seems to > be happening happily under popuser. > I'd remove the unix_listener directive: service imap-postpop { executable = script-login /usr/local/bin/set_postpop user = popuser } The equivalent is working for me. Rick From hobie at rumormillnews.com Wed Aug 24 22:22:56 2011 From: hobie at rumormillnews.com (hobie at rumormillnews.com) Date: Wed, 24 Aug 2011 15:22:56 -0400 (EDT) Subject: [Dovecot] Dovecot rejecting Vpopmail User 89 Message-ID: <1126277c7d9ded7203ccb3b3a54e07ec.squirrel@dragon.rumormillnews.com> I'm working to get Dovecot 2.0.13 working along with qmail, Vpopmail and Squirrelmail on a Debian 6.0.2 system, Dovecot compiled, not from a package. Vpopmail has a widely known assigned user/group ID of 89 and is the owner of all the mail folders. Regardless of value of first_valid_uid (1, 89, other), Dovecot denies Squirrelmail connection, saying it can't allow access to UID 89. "Couldn't drop privileges", it says. I'd be grateful for fixes, suggestions, or a pointer to an existing answer to this problem. Thanks ahead. :) Presently dovecot -n shows: # 2.0.13: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 auth_debug = yes disable_plaintext_auth = no mail_debug = yes mail_location = maildir:/home/vpopmail/domains/%d/%n/Maildir maildir_very_dirty_syncs = yes passdb { driver = vpopmail } protocols = imap pop3 ssl_cert = References: <1126277c7d9ded7203ccb3b3a54e07ec.squirrel@dragon.rumormillnews.com> Message-ID: <20110824143249.Horde.L2bDE6PBW7JOVVHharixOdQ@beta.vfemail.net> Quoting hobie at rumormillnews.com: > I'm working to get Dovecot 2.0.13 working along with qmail, Vpopmail and > Squirrelmail on a Debian 6.0.2 system, Dovecot compiled, not from a > package. > > Vpopmail has a widely known assigned user/group ID of 89 and is the owner > of all the mail folders. > > Regardless of value of first_valid_uid (1, 89, other), Dovecot denies > Squirrelmail connection, saying it can't allow access to UID 89. "Couldn't > drop privileges", it says. I'd be grateful for fixes, suggestions, or a > pointer to an existing answer to this problem. Thanks ahead. :) > Here's mine - I set first and last uid AND gid. Can you telnet to port 110 and test? USER username PASS password LIST # 2.0.13: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 8.2-RELEASE amd64 auth_mechanisms = plain login digest-md5 cram-md5 auth_username_translation = %@ auth_verbose = yes base_dir = /var/run/dovecot/ default_login_user = vpopmail disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = 89 last_valid_gid = 89 last_valid_uid = 89 # run under tcpserver log_path = /dev/stderr login_greeting = Ready. mail_fsync = never mail_plugins = " quota zlib" mail_privileged_group = mail namespace { inbox = yes location = prefix = separator = . } namespace { hidden = yes inbox = no list = no location = prefix = INBOX. separator = . } passdb { driver = vpopmail } plugin { quota = maildir } protocols = imap pop3 service anvil { client_limit = 2000 } service auth { unix_listener auth-master { mode = 0600 } } service imap-login { client_limit = 384 process_limit = 512 process_min_avail = 25 service_count = 0 } service imap-postlogin { executable = script-login rawlog /usr/local/etc/dovecot/lastauth-imap.sh user = vpopmail } service imap { executable = /usr/local/libexec/dovecot/imap } service pop-postlogin { executable = script-login /usr/local/etc/dovecot/lastauth-pop.sh user = vpopmail } service pop3-login { client_limit = 384 process_limit = 512 process_min_avail = 25 service_count = 0 } service pop3 { executable = /usr/local/libexec/dovecot/pop3 } shutdown_clients = no ssl_cert = References: <1126277c7d9ded7203ccb3b3a54e07ec.squirrel@dragon.rumormillnews.com> <20110824143249.Horde.L2bDE6PBW7JOVVHharixOdQ@beta.vfemail.net> Message-ID: <20110824145815.Horde.5xmCTG2tkQ9OVVfXa7tvRKA@beta.vfemail.net> Enable auth_verbose and check the logs. But I'm pretty sure that means Dovecot can't change to the Maildir folder. I assume the user's folder is owned by vpopmail:vchkpw? Is the Maildir NFS mounted or local? Rick Quoting hobie at rumormillnews.com: > Thanks, Rick. :) Changed first/last uid/gid so all show 89 and restarted > Dovecot, no change. Telnetting from remote or from localhost, Dovecot > closes the connection immediately after password is sent. (?) > > --hobie > >> Quoting hobie at rumormillnews.com: >> >>> I'm working to get Dovecot 2.0.13 working along with qmail, Vpopmail and >>> Squirrelmail on a Debian 6.0.2 system, Dovecot compiled, not from a >>> package. >>> >>> Vpopmail has a widely known assigned user/group ID of 89 and is the >>> owner >>> of all the mail folders. >>> >>> Regardless of value of first_valid_uid (1, 89, other), Dovecot denies >>> Squirrelmail connection, saying it can't allow access to UID 89. >>> "Couldn't >>> drop privileges", it says. I'd be grateful for fixes, suggestions, or a >>> pointer to an existing answer to this problem. Thanks ahead. :) >>> >> >> Here's mine - I set first and last uid AND gid. >> Can you telnet to port 110 and test? >> >> USER username >> PASS password >> LIST >> >> >> # 2.0.13: /usr/local/etc/dovecot/dovecot.conf >> # OS: FreeBSD 8.2-RELEASE amd64 >> auth_mechanisms = plain login digest-md5 cram-md5 >> auth_username_translation = %@ >> auth_verbose = yes >> base_dir = /var/run/dovecot/ >> default_login_user = vpopmail >> disable_plaintext_auth = no >> first_valid_gid = 89 >> first_valid_uid = 89 >> last_valid_gid = 89 >> last_valid_uid = 89 >> # run under tcpserver >> log_path = /dev/stderr >> login_greeting = Ready. >> mail_fsync = never >> mail_plugins = " quota zlib" >> mail_privileged_group = mail >> namespace { >> inbox = yes >> location = >> prefix = >> separator = . >> } >> namespace { >> hidden = yes >> inbox = no >> list = no >> location = >> prefix = INBOX. >> separator = . >> } >> passdb { >> driver = vpopmail >> } >> plugin { >> quota = maildir >> } >> protocols = imap pop3 >> service anvil { >> client_limit = 2000 >> } >> service auth { >> unix_listener auth-master { >> mode = 0600 >> } >> } >> service imap-login { >> client_limit = 384 >> process_limit = 512 >> process_min_avail = 25 >> service_count = 0 >> } >> service imap-postlogin { >> executable = script-login rawlog >> /usr/local/etc/dovecot/lastauth-imap.sh >> user = vpopmail >> } >> service imap { >> executable = /usr/local/libexec/dovecot/imap >> } >> service pop-postlogin { >> executable = script-login /usr/local/etc/dovecot/lastauth-pop.sh >> user = vpopmail >> } >> service pop3-login { >> client_limit = 384 >> process_limit = 512 >> process_min_avail = 25 >> service_count = 0 >> } >> service pop3 { >> executable = /usr/local/libexec/dovecot/pop3 >> } >> shutdown_clients = no >> ssl_cert = > ssl_key = > ssl_key_password = password >> userdb { >> driver = vpopmail >> } >> verbose_proctitle = yes >> protocol imap { >> auth_socket_path = /var/run/dovecot/auth-master >> imap_client_workarounds = delay-newmail tb-extra-mailbox-sep >> mail_max_userip_connections = 10 >> mail_plugins = " quota zlib imap_zlib quota imap_quota" >> } >> protocol pop3 { >> auth_socket_path = /var/run/dovecot/auth-master >> mail_max_userip_connections = 10 >> mail_plugins = quota >> pop3_client_workarounds = outlook-no-nuls oe-ns-eoh >> pop3_uidl_format = %08Xu%08Xv >> >> >> From tss at iki.fi Wed Aug 24 23:21:54 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 24 Aug 2011 23:21:54 +0300 Subject: [Dovecot] Dovecot rejecting Vpopmail User 89 In-Reply-To: <1126277c7d9ded7203ccb3b3a54e07ec.squirrel@dragon.rumormillnews.com> References: <1126277c7d9ded7203ccb3b3a54e07ec.squirrel@dragon.rumormillnews.com> Message-ID: <1314217314.10421.1349.camel@hurina> On Wed, 2011-08-24 at 15:22 -0400, hobie at rumormillnews.com wrote: > Regardless of value of first_valid_uid (1, 89, other), Dovecot denies > Squirrelmail connection, saying it can't allow access to UID 89. "Couldn't > drop privileges", it says. I'd be grateful for fixes, suggestions, or a > pointer to an existing answer to this problem. Thanks ahead. :) Show the EXACT full error message. From willcox at datahelper.com Wed Aug 24 23:22:14 2011 From: willcox at datahelper.com (Mark Willcox) Date: Wed, 24 Aug 2011 15:22:14 -0500 Subject: [Dovecot] Post-login scripting with virtual users In-Reply-To: <20110824140619.Horde.EcbbWG2tkQ9OVUurx-nr4XA@beta.vfemail.net> References: <4E55498C.6070806@datahelper.com> <20110824140619.Horde.EcbbWG2tkQ9OVUurx-nr4XA@beta.vfemail.net> Message-ID: <4E555D76.7070109@datahelper.com> Much closer! It seems to run the script, but now I get: Error: net_connect_unix(/var/run/dovecot/imap-postpop) failed: Connection refused I thought it might be because popuser has no logon capability (/sbin/nologin), but I changed that and connection is still refused. Can it be my script? It is just: #!/bin/bash echo "$USER $IP `host $IP`" > /var/lib/postpop/db/$IP exec "$@" The IP-named file is not being created. popuser owns the folder. Also, when I get this working, can I set up a pop3 equivalent? _________________ Mark Willcox Data Helper, Inc. On 8/24/2011 2:06 PM, Rick Romero wrote: > > Quoting Mark Willcox : > >> I am running Dovecot 2.0.13 on Fedora 15. I have migrated from a >> bincimap installation using checklocalpwd. All email is in folders >> owned by a unprivileged user, popuser. The email users are entirely >> virtual and have no relationship to actual linux users. >> >> I am trying to implement a Post-login script to register the IP address >> that the authentication came from. Dovecot seems to be trying to >> execute the script as the email non-user, which does not work. I have >> specified that the script should be run as popuser, but it still runs as >> devnull at dhzone.com for instance. Everything up top that point seems to >> be happening happily under popuser. >> > > I'd remove the unix_listener directive: > service imap-postpop { > executable = script-login /usr/local/bin/set_postpop > user = popuser > } > > The equivalent is working for me. > > Rick From rick at havokmon.com Wed Aug 24 23:29:37 2011 From: rick at havokmon.com (Rick Romero) Date: Wed, 24 Aug 2011 15:29:37 -0500 Subject: [Dovecot] Post-login scripting with virtual users In-Reply-To: <4E555D76.7070109@datahelper.com> References: <4E55498C.6070806@datahelper.com> <20110824140619.Horde.EcbbWG2tkQ9OVUurx-nr4XA@beta.vfemail.net> <4E555D76.7070109@datahelper.com> Message-ID: <20110824152937.Horde.rGxrdm2tkQ9OVV8x3SPhKwE@beta.vfemail.net> Is the script executable? I'm out of ideas. Yes, you can set it up exactly the same for IMAP. Rick Quoting Mark Willcox : > Much closer! It seems to run the script, but now I get: > Error: net_connect_unix(/var/run/dovecot/imap-postpop) failed: > Connection refused > > I thought it might be because popuser has no logon capability > (/sbin/nologin), but I changed that and connection is still refused. > > Can it be my script? It is just: > #!/bin/bash > echo "$USER $IP `host $IP`" > /var/lib/postpop/db/$IP > exec "$@" > > The IP-named file is not being created. popuser owns the folder. > > Also, when I get this working, can I set up a pop3 equivalent? > > _________________ > Mark Willcox > Data Helper, Inc. > > > On 8/24/2011 2:06 PM, Rick Romero wrote: >> >> Quoting Mark Willcox : >> >>> I am running Dovecot 2.0.13 on Fedora 15. I have migrated from a >>> bincimap installation using checklocalpwd. All email is in folders >>> owned by a unprivileged user, popuser. The email users are entirely >>> virtual and have no relationship to actual linux users. >>> >>> I am trying to implement a Post-login script to register the IP address >>> that the authentication came from. Dovecot seems to be trying to >>> execute the script as the email non-user, which does not work. I have >>> specified that the script should be run as popuser, but it still runs as >>> devnull at dhzone.com for instance. Everything up top that point seems to >>> be happening happily under popuser. >>> >> >> I'd remove the unix_listener directive: >> service imap-postpop { >> executable = script-login /usr/local/bin/set_postpop >> user = popuser >> } >> >> The equivalent is working for me. >> >> Rick From hobie at rumormillnews.com Wed Aug 24 23:34:53 2011 From: hobie at rumormillnews.com (hobie at rumormillnews.com) Date: Wed, 24 Aug 2011 16:34:53 -0400 (EDT) Subject: [Dovecot] Dovecot rejecting Vpopmail User 89 In-Reply-To: <1314217314.10421.1349.camel@hurina> References: <1126277c7d9ded7203ccb3b3a54e07ec.squirrel@dragon.rumormillnews.com> <1314217314.10421.1349.camel@hurina> Message-ID: <4e7163945b13323d9a2a5c3c1c96ed0d.squirrel@dragon.rumormillnews.com> Hi, Timo - from mail.warn log file, domain name redacted: Aug 24 16:32:07 debian dovecot: imap(postmaster at v....org): Error: user postmaster at v....org: Couldn't drop privileges: Mail access for users with UID 89 not permitted (see first_valid_uid in config file, uid from userdb lookup). --hobie > On Wed, 2011-08-24 at 15:22 -0400, hobie at rumormillnews.com wrote: > >> Regardless of value of first_valid_uid (1, 89, other), Dovecot denies >> Squirrelmail connection, saying it can't allow access to UID 89. >> "Couldn't >> drop privileges", it says. I'd be grateful for fixes, suggestions, or a >> pointer to an existing answer to this problem. Thanks ahead. :) > > Show the EXACT full error message. > > > From tss at iki.fi Wed Aug 24 23:37:11 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 24 Aug 2011 23:37:11 +0300 Subject: [Dovecot] Post-login scripting with virtual users In-Reply-To: <4E55498C.6070806@datahelper.com> References: <4E55498C.6070806@datahelper.com> Message-ID: <1314218231.10421.1351.camel@hurina> On Wed, 2011-08-24 at 13:57 -0500, Mark Willcox wrote: > Aug 24 13:01:57 callisto dovecot: imap-postpop: Error: script-login: > Error: user devnull at dhzone.com: Error reading configuration: > net_connect_unix(/var/run/dovecot/config) failed: Permission denied This is your problem.. It's a bug in v2.0.13. You could patch with http://hg.dovecot.org/dovecot-2.0/rev/a2d57b43ccb2 or change config socket's permissions. I'll hopefully release v2.0.14 in not too distant future. From tss at iki.fi Wed Aug 24 23:48:00 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 24 Aug 2011 23:48:00 +0300 Subject: [Dovecot] Dovecot rejecting Vpopmail User 89 In-Reply-To: <4e7163945b13323d9a2a5c3c1c96ed0d.squirrel@dragon.rumormillnews.com> References: <1126277c7d9ded7203ccb3b3a54e07ec.squirrel@dragon.rumormillnews.com> <1314217314.10421.1349.camel@hurina> <4e7163945b13323d9a2a5c3c1c96ed0d.squirrel@dragon.rumormillnews.com> Message-ID: <1314218880.10421.1353.camel@hurina> On Wed, 2011-08-24 at 16:34 -0400, hobie at rumormillnews.com wrote: > Hi, Timo - from mail.warn log file, domain name redacted: > > Aug 24 16:32:07 debian dovecot: imap(postmaster at v....org): Error: user > postmaster at v....org: Couldn't drop privileges: Mail access for users with > UID 89 not permitted (see first_valid_uid in config file, uid from userdb > lookup). OK, so it is the first_valid_uid that's the problem.. In your previous doveconf -n output you didn't have first_valid_uid set at all, which defaults to 500. So: set first_valid_uid=89, verify that doveconf -n shows it in its output, and check if the error message changes. From hobie at rumormillnews.com Wed Aug 24 23:56:07 2011 From: hobie at rumormillnews.com (hobie at rumormillnews.com) Date: Wed, 24 Aug 2011 16:56:07 -0400 (EDT) Subject: [Dovecot] Dovecot rejecting Vpopmail User 89 In-Reply-To: <1314218880.10421.1353.camel@hurina> References: <1126277c7d9ded7203ccb3b3a54e07ec.squirrel@dragon.rumormillnews.com> <1314217314.10421.1349.camel@hurina> <4e7163945b13323d9a2a5c3c1c96ed0d.squirrel@dragon.rumormillnews.com> <1314218880.10421.1353.camel@hurina> Message-ID: (Ah!) Thanks, Timo, that allows Squirrelmail to get access. :) I had been making changes to the files in /conf.d, not directly to dovecot.conf - confusing. :) I'm trying now to connect using Thunderbird and that's not working, but I'll dig into that for awhile before asking for further help. Thanks kindly, --hobie > On Wed, 2011-08-24 at 16:34 -0400, hobie at rumormillnews.com wrote: >> Hi, Timo - from mail.warn log file, domain name redacted: >> >> Aug 24 16:32:07 debian dovecot: imap(postmaster at v....org): Error: user >> postmaster at v....org: Couldn't drop privileges: Mail access for users >> with >> UID 89 not permitted (see first_valid_uid in config file, uid from >> userdb >> lookup). > > OK, so it is the first_valid_uid that's the problem.. In your previous > doveconf -n output you didn't have first_valid_uid set at all, which > defaults to 500. So: set first_valid_uid=89, verify that doveconf -n > shows it in its output, and check if the error message changes. > > > From jtam.home at gmail.com Thu Aug 25 00:52:38 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Wed, 24 Aug 2011 14:52:38 -0700 (PDT) Subject: [Dovecot] Catch22: user needs space to fix out of space condition Message-ID: A mail user reported that he filled up his INBOX (despite reminders he was approaching his filesystem quota), and furthermore, he could not fix the situation because he couldn't expunge message he marked for deletion. The dovecot logs revealed the cause dovecot: imap(user): Error: open(/var/mail/user.lock) failed: Disc quota exceeded This created an impasse where a user cannot free space because he needs to create a lock file that cannot be created because he needs free space. Is there any way out of this without administrator intervention? Joseph Tam From willcox at datahelper.com Thu Aug 25 01:16:19 2011 From: willcox at datahelper.com (Mark Willcox) Date: Wed, 24 Aug 2011 17:16:19 -0500 Subject: [Dovecot] Post-login scripting with virtual users In-Reply-To: <1314218231.10421.1351.camel@hurina> References: <4E55498C.6070806@datahelper.com> <1314218231.10421.1351.camel@hurina> Message-ID: <4E557833.4060105@datahelper.com> I don't think that this is the problem now. I removed the unix_listener as per Rick's advice. That got me past the Error reading configuration. Just to be sure, I made the config socket world-readable which made no difference. Now instead I get: Error: net_connect_unix(/var/run/dovecot/imap-postpop) failed: Connection refused The script is executable. On a hunch, I made the directly that the scripts writes to world-writable, which didn't help. The Connection refused" means that there was some kind of problem with my script, I assume. It seems that the script does not run at all. Is there anything I can do to narrow down what is going wrong? Some higher level of logging? Thanks! _________________ Mark Willcox Data Helper, Inc. On 8/24/2011 3:37 PM, Timo Sirainen wrote: > On Wed, 2011-08-24 at 13:57 -0500, Mark Willcox wrote: > >> Aug 24 13:01:57 callisto dovecot: imap-postpop: Error: script-login: >> Error: user devnull at dhzone.com: Error reading configuration: >> net_connect_unix(/var/run/dovecot/config) failed: Permission denied > This is your problem.. It's a bug in v2.0.13. You could patch with > http://hg.dovecot.org/dovecot-2.0/rev/a2d57b43ccb2 or change config > socket's permissions. I'll hopefully release v2.0.14 in not too distant > future. From willcox at datahelper.com Thu Aug 25 01:30:35 2011 From: willcox at datahelper.com (Mark Willcox) Date: Wed, 24 Aug 2011 17:30:35 -0500 Subject: [Dovecot] Post-login scripting with virtual users In-Reply-To: <4E557833.4060105@datahelper.com> References: <4E55498C.6070806@datahelper.com> <1314218231.10421.1351.camel@hurina> <4E557833.4060105@datahelper.com> Message-ID: <4E557B8B.1010701@datahelper.com> I am about 97.2% certain that it never tries to run the script. I changed it to simply touch a file in /tmp with the same result. I simplified it to: #!/bin/sh exec "$@" Still refused. _________________ Mark Willcox Data Helper, Inc. On 8/24/2011 5:16 PM, Mark Willcox wrote: > I don't think that this is the problem now. I removed the unix_listener > as per Rick's advice. That got me past the Error reading > configuration. Just to be sure, I made the config socket world-readable > which made no difference. > > Now instead I get: > Error: net_connect_unix(/var/run/dovecot/imap-postpop) failed: > Connection refused > > The script is executable. On a hunch, I made the directly that the > scripts writes to world-writable, which didn't help. The Connection > refused" means that there was some kind of problem with my script, I > assume. It seems that the script does not run at all. Is there anything > I can do to narrow down what is going wrong? Some higher level of logging? > > Thanks! > > _________________ > Mark Willcox > Data Helper, Inc. > > > On 8/24/2011 3:37 PM, Timo Sirainen wrote: >> On Wed, 2011-08-24 at 13:57 -0500, Mark Willcox wrote: >> >>> Aug 24 13:01:57 callisto dovecot: imap-postpop: Error: script-login: >>> Error: user devnull at dhzone.com: Error reading configuration: >>> net_connect_unix(/var/run/dovecot/config) failed: Permission denied >> This is your problem.. It's a bug in v2.0.13. You could patch with >> http://hg.dovecot.org/dovecot-2.0/rev/a2d57b43ccb2 or change config >> socket's permissions. I'll hopefully release v2.0.14 in not too distant >> future. From patrickdk at patrickdk.com Thu Aug 25 02:13:17 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Wed, 24 Aug 2011 19:13:17 -0400 Subject: [Dovecot] Catch22: user needs space to fix out of space condition In-Reply-To: References: Message-ID: <20110824191317.Horde.2es_VJLnE6FOVYWNtH6A0MA@mail.patrickdk.com> Don't use dotlock files. Method that generally works nice also is to start rejecting email for the user when they are at 99% capacity, so you leave just alittle room for that kind of thing left. Quoting Joseph Tam : > A mail user reported that he filled up his INBOX (despite reminders he > was approaching his filesystem quota), and furthermore, he could not > fix the situation because he couldn't expunge message he marked for > deletion. > > The dovecot logs revealed the cause > > dovecot: imap(user): Error: open(/var/mail/user.lock) failed: > Disc quota exceeded > > This created an impasse where a user cannot free space because he needs > to create a lock file that cannot be created because he needs free > space. Is there any way out of this without administrator intervention? > > Joseph Tam From tss at iki.fi Thu Aug 25 03:04:43 2011 From: tss at iki.fi (Timo Sirainen) Date: Thu, 25 Aug 2011 03:04:43 +0300 Subject: [Dovecot] Post-login scripting with virtual users In-Reply-To: <4E557833.4060105@datahelper.com> References: <4E55498C.6070806@datahelper.com> <1314218231.10421.1351.camel@hurina> <4E557833.4060105@datahelper.com> Message-ID: <1314230683.10421.1354.camel@hurina> You didn't get past the config reading error, it now fails before it even gets that far. On Wed, 2011-08-24 at 17:16 -0500, Mark Willcox wrote: > I don't think that this is the problem now. I removed the unix_listener > as per Rick's advice. That got me past the Error reading > configuration. Just to be sure, I made the config socket world-readable > which made no difference. > > Now instead I get: > Error: net_connect_unix(/var/run/dovecot/imap-postpop) failed: > Connection refused > > The script is executable. On a hunch, I made the directly that the > scripts writes to world-writable, which didn't help. The Connection > refused" means that there was some kind of problem with my script, I > assume. It seems that the script does not run at all. Is there anything > I can do to narrow down what is going wrong? Some higher level of logging? > > Thanks! > > _________________ > Mark Willcox > Data Helper, Inc. > > > On 8/24/2011 3:37 PM, Timo Sirainen wrote: > > On Wed, 2011-08-24 at 13:57 -0500, Mark Willcox wrote: > > > >> Aug 24 13:01:57 callisto dovecot: imap-postpop: Error: script-login: > >> Error: user devnull at dhzone.com: Error reading configuration: > >> net_connect_unix(/var/run/dovecot/config) failed: Permission denied > > This is your problem.. It's a bug in v2.0.13. You could patch with > > http://hg.dovecot.org/dovecot-2.0/rev/a2d57b43ccb2 or change config > > socket's permissions. I'll hopefully release v2.0.14 in not too distant > > future. > From hobie at rumormillnews.com Thu Aug 25 04:00:39 2011 From: hobie at rumormillnews.com (hobie at rumormillnews.com) Date: Wed, 24 Aug 2011 21:00:39 -0400 (EDT) Subject: [Dovecot] On IMAP vhost login, only Username being used Message-ID: <424d429b9b67e0a477a29a7d33fbd7d8.squirrel@dragon.rumormillnews.com> Attempting IMAP SSL login on new installation, using Icedove (Debain Thunderbird variant), login fails. Logs show Dovecot attempting to match username only, not username with domain name, on Vpopmail user, so of course no match. Tried with '@' in full username, also with '%'. What's missing? Log shows: Aug 24 19:30:48 debian dovecot: auth: Debug: client in: CONT Aug 24 19:30:48 debian dovecot: auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth Aug 24 19:30:48 debian dovecot: auth: Debug: vpopmail(postmaster,[IP redacted]): lookup user=postmaster domain= Current config: # 2.0.13: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 auth_debug = yes auth_verbose = yes disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = 89 mail_debug = yes mail_location = maildir:/home/vpopmail/domains/%d/%n/Maildir maildir_very_dirty_syncs = yes passdb { driver = vpopmail } protocols = imap pop3 ssl_cert = References: <4E55498C.6070806@datahelper.com> <1314218231.10421.1351.camel@hurina> <4E557833.4060105@datahelper.com> <1314230683.10421.1354.camel@hurina> Message-ID: <4E55A2BC.9000107@datahelper.com> I downloaded the source and patched script-login.c. It is working fine now! Thank you! My script is running as root now and it resisted all efforts to make it run as popuser, but I can work with that. Why did I wait so long to move from bincimap? _________________ Mark Willcox Data Helper, Inc. On 8/24/2011 7:04 PM, Timo Sirainen wrote: > You didn't get past the config reading error, it now fails before it > even gets that far. > > On Wed, 2011-08-24 at 17:16 -0500, Mark Willcox wrote: >> I don't think that this is the problem now. I removed the unix_listener >> as per Rick's advice. That got me past the Error reading >> configuration. Just to be sure, I made the config socket world-readable >> which made no difference. >> >> Now instead I get: >> Error: net_connect_unix(/var/run/dovecot/imap-postpop) failed: >> Connection refused >> >> The script is executable. On a hunch, I made the directly that the >> scripts writes to world-writable, which didn't help. The Connection >> refused" means that there was some kind of problem with my script, I >> assume. It seems that the script does not run at all. Is there anything >> I can do to narrow down what is going wrong? Some higher level of logging? >> >> Thanks! >> >> _________________ >> Mark Willcox >> Data Helper, Inc. >> >> >> On 8/24/2011 3:37 PM, Timo Sirainen wrote: >>> On Wed, 2011-08-24 at 13:57 -0500, Mark Willcox wrote: >>> >>>> Aug 24 13:01:57 callisto dovecot: imap-postpop: Error: script-login: >>>> Error: user devnull at dhzone.com: Error reading configuration: >>>> net_connect_unix(/var/run/dovecot/config) failed: Permission denied >>> This is your problem.. It's a bug in v2.0.13. You could patch with >>> http://hg.dovecot.org/dovecot-2.0/rev/a2d57b43ccb2 or change config >>> socket's permissions. I'll hopefully release v2.0.14 in not too distant >>> future. From tss at iki.fi Thu Aug 25 05:09:16 2011 From: tss at iki.fi (Timo Sirainen) Date: Thu, 25 Aug 2011 05:09:16 +0300 Subject: [Dovecot] Post-login scripting with virtual users In-Reply-To: <4E55A2BC.9000107@datahelper.com> References: <4E55498C.6070806@datahelper.com> <1314218231.10421.1351.camel@hurina> <4E557833.4060105@datahelper.com> <1314230683.10421.1354.camel@hurina> <4E55A2BC.9000107@datahelper.com> Message-ID: <29DEE195-62D5-447E-88B4-F2FF3FCC49BB@iki.fi> On 25.8.2011, at 4.17, Mark Willcox wrote: > My script is running as root now and it resisted all efforts to make it > run as popuser, but I can work with that. Hmm. If it's running as root, you shouldn't have had the config problem in the first place because that means it's not running as root.. From warden at geneseo.edu Thu Aug 25 05:12:27 2011 From: warden at geneseo.edu (David Warden) Date: Wed, 24 Aug 2011 22:12:27 -0400 Subject: [Dovecot] Catch22: user needs space to fix out of space condition In-Reply-To: References: Message-ID: <96BC604E-BDB4-4482-9013-DB85B9616D7E@geneseo.edu> On Aug 24, 2011, at 5:52 PM, Joseph Tam wrote: > > A mail user reported that he filled up his INBOX (despite reminders he > was approaching his filesystem quota), and furthermore, he could not > fix the situation because he couldn't expunge message he marked for > deletion. > > The dovecot logs revealed the cause > > dovecot: imap(user): Error: open(/var/mail/user.lock) failed: > Disc quota exceeded > > This created an impasse where a user cannot free space because he needs > to create a lock file that cannot be created because he needs free > space. Is there any way out of this without administrator intervention? > In your mail_location you can specify a different control and index directory as a place where the user has no quotas. I'm not quite sure which it is (control or index) that says where the dotlock file goes but it should be one of them. Check out the mail_location page in the wiki for more info. This introduces more filesystem complexity (you need one tree for message files and another for mail control/index files) but it does mean that people can log in when they hit their quota and the storage space consumed by their dovecot indexes won't count against them, which I personally think is more fair than letting those things consume quota. Also, as someone who was using dotlocks for a long time until I could make fcntl locks work over NFS to our Netapp filers, I would strongly recommend trying to move away from dotlocks if you can. We were seeing poor performance and some cache corruption (mail, indexes, control all on NFS with multiple hosts possibly accessing the same user's files) with dotlocks that went away when we switched to native locks. > Joseph Tam David Warden From a.kostyrev at serverc.ru Thu Aug 25 08:17:43 2011 From: a.kostyrev at serverc.ru (=?koi8-r?B?68/T1NnSxdcg4czFy9PBzsTSIOHMxcvTxcXXyd4=?=) Date: Thu, 25 Aug 2011 16:17:43 +1100 Subject: [Dovecot] dovecot and maillists problem Message-ID: <213B51F00051AE48A9F0E112880177178F77D4@Delta.sc.local> Hello there! I have a little trouble with using dovecot as lmtp and maillists. I use dovecot 2.0.13 with exim 4.72 on Debian 6.0. (All stuff at one host). info of maillists is store in mysql table, for example: +---------+-------------------------------------------------------------------------------------------------+ | name | recipients | +---------+-------------------------------------------------------------------------------------------------+ | Hab_Tax | 2504000067-253601001.253809737993 at 25.example.org,2721097514-272101001.271300057673 at .example.org | +---------+-------------------------------------------------------------------------------------------------+ The problem is: When I send a letter to short maillist (as above) it get the same ID and stored only once in the maildir of one user who is the member of that maillist - that's ok, but When I send a letter to maillist with a large number of recipients it occurred that it's saved more than one, because of the headers added by dovecot lmtp (I've changed host name): diff letter_in_one_user/1314238006.M841940P6916.pink\,S\=12778136\,W\=12953189 letler_in_second_user/new/1314237993.M460165P6916.pink\,S\=12778136\,W\=12953189 3,4c3,4 < by pink.atlas-2.ru (Dovecot) with LMTP id 6UiGJBWuVU4EGwAA1nFjLA < ; Thu, 25 Aug 2011 13:06:46 +1100 --- > by pink.atlas-2.ru (Dovecot) with LMTP id VUeGJBWuVU4EGwAA1nFjLA > ; Thu, 25 Aug 2011 13:06:29 +1100 It's the same letter accept the date and id. What I get in logs is: I see that exim send letters in maillist with one and the same id: ...skipped... 13:06:46 1QwPKe-0001nU-U5 <2502 at example.org> ... 13:06:47 1QwPKe-0001nU-U5 <2502 at example.org> ... But in logs of dovecot I see: 13:06:14 msgid=: wUWGJBWuVU4EGwAA1nFjLA: 13:06:18 msgid=: wEWGJBWuVU4EGwAA1nFjLA: 13:06:22 msgid=: JkaGJBWuVU4EGwAA1nFjLA: 13:06:26 msgid=: i0aGJBWuVU4EGwAA1nFjLA: 13:06:30 msgid=: 8EaGJBWuVU4EGwAA1nFjLA: 13:06:34 msgid=: VUeGJBWuVU4EGwAA1nFjLA: 13:06:37 msgid=: ukeGJBWuVU4EGwAA1nFjLA: 13:06:42 msgid=: H0iGJBWuVU4EGwAA1nFjLA: 13:06:46 msgid=: hEiGJBWuVU4EGwAA1nFjLA: 13:06:47 msgid=: 6UiGJBWuVU4EGwAA1nFjLA: Also in dovecot log I've noticed that: at first auth is searching info in sql for 200 users then log continues with lmtp's info then auth is searching info in sql for another portion of users and this loop in log continues. Dovecot.conf: http://pastebin.com/ueCBU3bP dovecot.sql: http://pastebin.com/kqCq52mC dovecot.log http://pastebin.com/YiyMWpx1 exim.conf: http://pastebin.com/F4MNQkAx exim.log: http://pastebin.com/wn83TZpX From tss at iki.fi Thu Aug 25 08:36:13 2011 From: tss at iki.fi (Timo Sirainen) Date: Thu, 25 Aug 2011 08:36:13 +0300 Subject: [Dovecot] dovecot and maillists problem In-Reply-To: <213B51F00051AE48A9F0E112880177178F77D4@Delta.sc.local> References: <213B51F00051AE48A9F0E112880177178F77D4@Delta.sc.local> Message-ID: <92C9B986-DAE0-447F-A41F-1F6ACCBDB5AC@iki.fi> On 25.8.2011, at 8.17, ???????? ????????? ?????????? wrote: > The problem is: > When I send a letter to short maillist (as above) it get the same ID and stored only once in the maildir of one user who is the member of that maillist - that's ok, but > When I send a letter to maillist with a large number of recipients it occurred that it's saved more than one, because of the headers added by dovecot lmtp (I've changed host name): > > diff letter_in_one_user/1314238006.M841940P6916.pink\,S\=12778136\,W\=12953189 letler_in_second_user/new/1314237993.M460165P6916.pink\,S\=12778136\,W\=12953189 > 3,4c3,4 > < by pink.atlas-2.ru (Dovecot) with LMTP id 6UiGJBWuVU4EGwAA1nFjLA > < ; Thu, 25 Aug 2011 13:06:46 +1100 > --- >> by pink.atlas-2.ru (Dovecot) with LMTP id VUeGJBWuVU4EGwAA1nFjLA >> ; Thu, 25 Aug 2011 13:06:29 +1100 > > It's the same letter accept the date and id. Try capturing the LMTP traffic between Dovecot and Exim? I'm not sure if there's a good way to capture traffic from UNIX sockets, but at least if Exim and Dovecot talk via TCP there are many ways. The different LMTP ids and dates are added only when there are different DATA commands, which would mean that Exim has sent separate RCPT TO + DATA commands for each of these mails. But that kind of conflicts on your logs that show tons of SQL lookups one after another.. From tss at iki.fi Thu Aug 25 08:38:48 2011 From: tss at iki.fi (Timo Sirainen) Date: Thu, 25 Aug 2011 08:38:48 +0300 Subject: [Dovecot] Catch22: user needs space to fix out of space condition In-Reply-To: <96BC604E-BDB4-4482-9013-DB85B9616D7E@geneseo.edu> References: <96BC604E-BDB4-4482-9013-DB85B9616D7E@geneseo.edu> Message-ID: <664F152B-0AE0-4D52-BD62-991707A0C372@iki.fi> On 25.8.2011, at 5.12, David Warden wrote: > In your mail_location you can specify a different control and index directory as a place where the user has no quotas. I'm not quite sure which it is (control or index) that says where the dotlock file goes but it should be one of them. Nope, dotlocks go to exactly where the mbox file is, never elsewhere (otherwise using Dovecot with non-Dovecot software could cause corruption). fcntl locks is the only solution. From a.kostyrev at serverc.ru Thu Aug 25 08:49:16 2011 From: a.kostyrev at serverc.ru (=?koi8-r?B?68/T1NnSxdcg4czFy9PBzsTSIOHMxcvTxcXXyd4=?=) Date: Thu, 25 Aug 2011 16:49:16 +1100 Subject: [Dovecot] dovecot and maillists problem References: <213B51F00051AE48A9F0E112880177178F77D4@Delta.sc.local> <92C9B986-DAE0-447F-A41F-1F6ACCBDB5AC@iki.fi> Message-ID: <213B51F00051AE48A9F0E112880177178F77D5@Delta.sc.local> >But that kind of conflicts on your logs that show tons of SQL lookups one after another.. I'm not sure that these are conflicts. As I see it, it's legitimate lookups for the users who are the members of maillist I thought that's correct behavior, am I wrong? -----Original Message----- From: Timo Sirainen [mailto:tss at iki.fi] Sent: Thursday, August 25, 2011 4:36 PM To: ???????? ????????? ?????????? Cc: dovecot at dovecot.org Subject: Re: [Dovecot] dovecot and maillists problem On 25.8.2011, at 8.17, ???????? ????????? ?????????? wrote: > The problem is: > When I send a letter to short maillist (as above) it get the same ID and stored only once in the maildir of one user who is the member of that maillist - that's ok, but > When I send a letter to maillist with a large number of recipients it occurred that it's saved more than one, because of the headers added by dovecot lmtp (I've changed host name): > > diff letter_in_one_user/1314238006.M841940P6916.pink\,S\=12778136\,W\=12953189 letler_in_second_user/new/1314237993.M460165P6916.pink\,S\=12778136\,W\=12953189 > 3,4c3,4 > < by pink.atlas-2.ru (Dovecot) with LMTP id 6UiGJBWuVU4EGwAA1nFjLA > < ; Thu, 25 Aug 2011 13:06:46 +1100 > --- >> by pink.atlas-2.ru (Dovecot) with LMTP id VUeGJBWuVU4EGwAA1nFjLA >> ; Thu, 25 Aug 2011 13:06:29 +1100 > > It's the same letter accept the date and id. Try capturing the LMTP traffic between Dovecot and Exim? I'm not sure if there's a good way to capture traffic from UNIX sockets, but at least if Exim and Dovecot talk via TCP there are many ways. The different LMTP ids and dates are added only when there are different DATA commands, which would mean that Exim has sent separate RCPT TO + DATA commands for each of these mails. But that kind of conflicts on your logs that show tons of SQL lookups one after another.. From hobie at rumormillnews.com Thu Aug 25 08:57:35 2011 From: hobie at rumormillnews.com (hobie) Date: Thu, 25 Aug 2011 01:57:35 -0400 Subject: [Dovecot] On IMAP vhost login, only Username being used In-Reply-To: <424d429b9b67e0a477a29a7d33fbd7d8.squirrel@dragon.rumormillnews.com> References: <424d429b9b67e0a477a29a7d33fbd7d8.squirrel@dragon.rumormillnews.com> Message-ID: <4E55E44F.20006@rumormillnews.com> I tried the runtbird.sh script, hoping for more info - all it did was show that auth is failing. I don't understand why Dovecot is separating the username from the domain name, and trying to match only on the username. Seems like there must be a config setting that affects this and that I'm overlooking. Thanks ahead for any help with this. --hobie hobie wrote earlier: ===== Attempting IMAP SSL login on new installation, using Icedove (Debain Thunderbird variant), login fails. Logs show Dovecot attempting to match username only, not username with domain name, on Vpopmail user, so of course no match. Tried with '@' in full username, also with '%'. What's missing? Log shows: Aug 24 19:30:48 debian dovecot: auth: Debug: client in: CONT Aug 24 19:30:48 debian dovecot: auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth Aug 24 19:30:48 debian dovecot: auth: Debug: vpopmail(postmaster,[IP redacted]): lookup user=postmaster domain= Current config: # 2.0.13: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 auth_debug = yes auth_verbose = yes disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = 89 mail_debug = yes mail_location = maildir:/home/vpopmail/domains/%d/%n/Maildir maildir_very_dirty_syncs = yes passdb { driver = vpopmail } protocols = imap pop3 ssl_cert = References: <213B51F00051AE48A9F0E112880177178F77D4@Delta.sc.local> <92C9B986-DAE0-447F-A41F-1F6ACCBDB5AC@iki.fi> <213B51F00051AE48A9F0E112880177178F77D5@Delta.sc.local> Message-ID: <01AEBCD9-BDAC-4821-877C-0FDCC35AFCA1@iki.fi> I mean, my point of view of what is happening is is disagreement with the logs you showed. So something's weird here and only the LMTP traffic logs can lead to more clarity. On 25.8.2011, at 8.49, ???????? ????????? ?????????? wrote: >> But that kind of conflicts on your logs that show tons of SQL lookups one after another.. > > I'm not sure that these are conflicts. > As I see it, it's legitimate lookups for the users who are the members of maillist > I thought that's correct behavior, am I wrong? > > > > > -----Original Message----- > From: Timo Sirainen [mailto:tss at iki.fi] > Sent: Thursday, August 25, 2011 4:36 PM > To: ???????? ????????? ?????????? > Cc: dovecot at dovecot.org > Subject: Re: [Dovecot] dovecot and maillists problem > > On 25.8.2011, at 8.17, ???????? ????????? ?????????? wrote: > >> The problem is: >> When I send a letter to short maillist (as above) it get the same ID and stored only once in the maildir of one user who is the member of that maillist - that's ok, but >> When I send a letter to maillist with a large number of recipients it occurred that it's saved more than one, because of the headers added by dovecot lmtp (I've changed host name): >> >> diff letter_in_one_user/1314238006.M841940P6916.pink\,S\=12778136\,W\=12953189 letler_in_second_user/new/1314237993.M460165P6916.pink\,S\=12778136\,W\=12953189 >> 3,4c3,4 >> < by pink.atlas-2.ru (Dovecot) with LMTP id 6UiGJBWuVU4EGwAA1nFjLA >> < ; Thu, 25 Aug 2011 13:06:46 +1100 >> --- >>> by pink.atlas-2.ru (Dovecot) with LMTP id VUeGJBWuVU4EGwAA1nFjLA >>> ; Thu, 25 Aug 2011 13:06:29 +1100 >> >> It's the same letter accept the date and id. > > Try capturing the LMTP traffic between Dovecot and Exim? I'm not sure if there's a good way to capture traffic from UNIX sockets, but at least if Exim and Dovecot talk via TCP there are many ways. > > The different LMTP ids and dates are added only when there are different DATA commands, which would mean that Exim has sent separate RCPT TO + DATA commands for each of these mails. But that kind of conflicts on your logs that show tons of SQL lookups one after another.. > > From a.kostyrev at serverc.ru Thu Aug 25 10:14:30 2011 From: a.kostyrev at serverc.ru (=?koi8-r?B?68/T1NnSxdcg4czFy9PBzsTSIOHMxcvTxcXXyd4=?=) Date: Thu, 25 Aug 2011 18:14:30 +1100 Subject: [Dovecot] dovecot and maillists problem References: <213B51F00051AE48A9F0E112880177178F77D4@Delta.sc.local> <92C9B986-DAE0-447F-A41F-1F6ACCBDB5AC@iki.fi> <213B51F00051AE48A9F0E112880177178F77D5@Delta.sc.local> <01AEBCD9-BDAC-4821-877C-0FDCC35AFCA1@iki.fi> Message-ID: <213B51F00051AE48A9F0E112880177178F77D6@Delta.sc.local> I've sniffed traffic between exim and lmtp In log of dovecot I have: 17:17:46 msgid=: G48FNNjoVU63IwAA1nFjLA: 17:17:51 msgid=: HI8FNNjoVU63IwAA1nFjLA: 17:17:56 msgid=: gY8FNNjoVU63IwAA1nFjLA: 17:18:01 msgid=: 5o8FNNjoVU63IwAA1nFjLA: 17:18:08 msgid=: S5AFNNjoVU63IwAA1nFjLA: 17:18:13 msgid=: sJAFNNjoVU63IwAA1nFjLA: 17:18:18 msgid=: FZEFNNjoVU63IwAA1nFjLA: 17:18:23 msgid=: epEFNNjoVU63IwAA1nFjLA: 17:18:29 msgid=: 35EFNNjoVU63IwAA1nFjLA: 17:18:31 msgid=: RJIFNNjoVU63IwAA1nFjLA: Totally 10 different lmtp ids. According to wireshark while sending I've got 2 tcp streams with 5 different ids in each Log of one the streams (I've truncated DATA part - it's the same for both streams): http://pastebin.com/w4qJqZMG *note I've send message in maillist with mailx -s 'g' 2502 at atlas-2.ru < /boot/initrd.img-686 -----Original Message----- From: Timo Sirainen [mailto:tss at iki.fi] Sent: Thursday, August 25, 2011 5:01 PM To: ???????? ????????? ?????????? Cc: dovecot at dovecot.org Subject: Re: [Dovecot] dovecot and maillists problem I mean, my point of view of what is happening is is disagreement with the logs you showed. So something's weird here and only the LMTP traffic logs can lead to more clarity. On 25.8.2011, at 8.49, ???????? ????????? ?????????? wrote: >> But that kind of conflicts on your logs that show tons of SQL lookups one after another.. > > I'm not sure that these are conflicts. > As I see it, it's legitimate lookups for the users who are the members of maillist > I thought that's correct behavior, am I wrong? > > > > > -----Original Message----- > From: Timo Sirainen [mailto:tss at iki.fi] > Sent: Thursday, August 25, 2011 4:36 PM > To: ???????? ????????? ?????????? > Cc: dovecot at dovecot.org > Subject: Re: [Dovecot] dovecot and maillists problem > > On 25.8.2011, at 8.17, ???????? ????????? ?????????? wrote: > >> The problem is: >> When I send a letter to short maillist (as above) it get the same ID and stored only once in the maildir of one user who is the member of that maillist - that's ok, but >> When I send a letter to maillist with a large number of recipients it occurred that it's saved more than one, because of the headers added by dovecot lmtp (I've changed host name): >> >> diff letter_in_one_user/1314238006.M841940P6916.pink\,S\=12778136\,W\=12953189 letler_in_second_user/new/1314237993.M460165P6916.pink\,S\=12778136\,W\=12953189 >> 3,4c3,4 >> < by pink.example.com (Dovecot) with LMTP id 6UiGJBWuVU4EGwAA1nFjLA >> < ; Thu, 25 Aug 2011 13:06:46 +1100 >> --- >>> by pink.example.com (Dovecot) with LMTP id VUeGJBWuVU4EGwAA1nFjLA >>> ; Thu, 25 Aug 2011 13:06:29 +1100 >> >> It's the same letter accept the date and id. > > Try capturing the LMTP traffic between Dovecot and Exim? I'm not sure if there's a good way to capture traffic from UNIX sockets, but at least if Exim and Dovecot talk via TCP there are many ways. > > The different LMTP ids and dates are added only when there are different DATA commands, which would mean that Exim has sent separate RCPT TO + DATA commands for each of these mails. But that kind of conflicts on your logs that show tons of SQL lookups one after another.. > > From tss at iki.fi Thu Aug 25 10:18:49 2011 From: tss at iki.fi (Timo Sirainen) Date: Thu, 25 Aug 2011 10:18:49 +0300 Subject: [Dovecot] dovecot and maillists problem In-Reply-To: <213B51F00051AE48A9F0E112880177178F77D6@Delta.sc.local> References: <213B51F00051AE48A9F0E112880177178F77D4@Delta.sc.local> <92C9B986-DAE0-447F-A41F-1F6ACCBDB5AC@iki.fi> <213B51F00051AE48A9F0E112880177178F77D5@Delta.sc.local> <01AEBCD9-BDAC-4821-877C-0FDCC35AFCA1@iki.fi> <213B51F00051AE48A9F0E112880177178F77D6@Delta.sc.local> Message-ID: <60965AF7-ADC9-4264-88A5-41590C94A471@iki.fi> Right, so it looks like Exim is configured to send DATA after each 100 RCPT TOs, which means Dovecot links each message 100 times. If you want it linked those ~500 times, I guess you'll need to increase some limit in Exim. On 25.8.2011, at 10.14, ???????? ????????? ?????????? wrote: > I've sniffed traffic between exim and lmtp > > In log of dovecot I have: > 17:17:46 msgid=: G48FNNjoVU63IwAA1nFjLA: > 17:17:51 msgid=: HI8FNNjoVU63IwAA1nFjLA: > 17:17:56 msgid=: gY8FNNjoVU63IwAA1nFjLA: > 17:18:01 msgid=: 5o8FNNjoVU63IwAA1nFjLA: > 17:18:08 msgid=: S5AFNNjoVU63IwAA1nFjLA: > 17:18:13 msgid=: sJAFNNjoVU63IwAA1nFjLA: > 17:18:18 msgid=: FZEFNNjoVU63IwAA1nFjLA: > 17:18:23 msgid=: epEFNNjoVU63IwAA1nFjLA: > 17:18:29 msgid=: 35EFNNjoVU63IwAA1nFjLA: > 17:18:31 msgid=: RJIFNNjoVU63IwAA1nFjLA: > Totally 10 different lmtp ids. > > According to wireshark while sending I've got 2 tcp streams with 5 different ids in each > > Log of one the streams (I've truncated DATA part - it's the same for both streams): > http://pastebin.com/w4qJqZMG > > *note > I've send message in maillist with > mailx -s 'g' 2502 at atlas-2.ru < /boot/initrd.img-686 > > > -----Original Message----- > From: Timo Sirainen [mailto:tss at iki.fi] > Sent: Thursday, August 25, 2011 5:01 PM > To: ???????? ????????? ?????????? > Cc: dovecot at dovecot.org > Subject: Re: [Dovecot] dovecot and maillists problem > > I mean, my point of view of what is happening is is disagreement with the logs you showed. So something's weird here and only the LMTP traffic logs can lead to more clarity. > > On 25.8.2011, at 8.49, ???????? ????????? ?????????? wrote: > >>> But that kind of conflicts on your logs that show tons of SQL lookups one after another.. >> >> I'm not sure that these are conflicts. >> As I see it, it's legitimate lookups for the users who are the members of maillist >> I thought that's correct behavior, am I wrong? >> >> >> >> >> -----Original Message----- >> From: Timo Sirainen [mailto:tss at iki.fi] >> Sent: Thursday, August 25, 2011 4:36 PM >> To: ???????? ????????? ?????????? >> Cc: dovecot at dovecot.org >> Subject: Re: [Dovecot] dovecot and maillists problem >> >> On 25.8.2011, at 8.17, ???????? ????????? ?????????? wrote: >> >>> The problem is: >>> When I send a letter to short maillist (as above) it get the same ID and stored only once in the maildir of one user who is the member of that maillist - that's ok, but >>> When I send a letter to maillist with a large number of recipients it occurred that it's saved more than one, because of the headers added by dovecot lmtp (I've changed host name): >>> >>> diff letter_in_one_user/1314238006.M841940P6916.pink\,S\=12778136\,W\=12953189 letler_in_second_user/new/1314237993.M460165P6916.pink\,S\=12778136\,W\=12953189 >>> 3,4c3,4 >>> < by pink.example.com (Dovecot) with LMTP id 6UiGJBWuVU4EGwAA1nFjLA >>> < ; Thu, 25 Aug 2011 13:06:46 +1100 >>> --- >>>> by pink.example.com (Dovecot) with LMTP id VUeGJBWuVU4EGwAA1nFjLA >>>> ; Thu, 25 Aug 2011 13:06:29 +1100 >>> >>> It's the same letter accept the date and id. >> >> Try capturing the LMTP traffic between Dovecot and Exim? I'm not sure if there's a good way to capture traffic from UNIX sockets, but at least if Exim and Dovecot talk via TCP there are many ways. >> >> The different LMTP ids and dates are added only when there are different DATA commands, which would mean that Exim has sent separate RCPT TO + DATA commands for each of these mails. But that kind of conflicts on your logs that show tons of SQL lookups one after another.. >> >> > From ben at benweblife.fr Thu Aug 25 11:01:04 2011 From: ben at benweblife.fr (ben at benweblife.fr) Date: Thu, 25 Aug 2011 10:01:04 +0200 Subject: [Dovecot] Sieve and UserDB/SQL support Message-ID: <270879f071d71e54745e1373c34ad61a@benweblife.fr> Hi, I would like to know if plugins of sieve support UserDB/SQL backend. For example, for the vacation plugin, is it possible to retrieve a field like "sieve_vacation_days", "sieve_vacation_reason", and so on.. on user_query? Or, there is a plan for implement this? Thanks ------ dovecot version: 2.0.13 From a.kostyrev at serverc.ru Thu Aug 25 11:08:42 2011 From: a.kostyrev at serverc.ru (=?koi8-r?B?68/T1NnSxdcg4czFy9PBzsTSIOHMxcvTxcXXyd4=?=) Date: Thu, 25 Aug 2011 19:08:42 +1100 Subject: [Dovecot] dovecot and maillists problem References: <213B51F00051AE48A9F0E112880177178F77D4@Delta.sc.local> <92C9B986-DAE0-447F-A41F-1F6ACCBDB5AC@iki.fi> <213B51F00051AE48A9F0E112880177178F77D5@Delta.sc.local> <01AEBCD9-BDAC-4821-877C-0FDCC35AFCA1@iki.fi> <213B51F00051AE48A9F0E112880177178F77D6@Delta.sc.local> <60965AF7-ADC9-4264-88A5-41590C94A471@iki.fi> Message-ID: <213B51F00051AE48A9F0E112880177178F77D7@Delta.sc.local> Yes, Timo, you were absolutely right! if someone stucks at this: read http://exim.org/exim-html-current/doc/html/spec_html/ch30.html I had to tune max_rcpt parameter in transport section. Thank you very much! -----Original Message----- From: Timo Sirainen [mailto:tss at iki.fi] Sent: Thursday, August 25, 2011 6:19 PM To: ???????? ????????? ?????????? Cc: dovecot at dovecot.org Subject: Re: [Dovecot] dovecot and maillists problem Right, so it looks like Exim is configured to send DATA after each 100 RCPT TOs, which means Dovecot links each message 100 times. If you want it linked those ~500 times, I guess you'll need to increase some limit in Exim. On 25.8.2011, at 10.14, ???????? ????????? ?????????? wrote: > I've sniffed traffic between exim and lmtp > > In log of dovecot I have: > 17:17:46 msgid=: G48FNNjoVU63IwAA1nFjLA: > 17:17:51 msgid=: HI8FNNjoVU63IwAA1nFjLA: > 17:17:56 msgid=: gY8FNNjoVU63IwAA1nFjLA: > 17:18:01 msgid=: 5o8FNNjoVU63IwAA1nFjLA: > 17:18:08 msgid=: S5AFNNjoVU63IwAA1nFjLA: > 17:18:13 msgid=: sJAFNNjoVU63IwAA1nFjLA: > 17:18:18 msgid=: FZEFNNjoVU63IwAA1nFjLA: > 17:18:23 msgid=: epEFNNjoVU63IwAA1nFjLA: > 17:18:29 msgid=: 35EFNNjoVU63IwAA1nFjLA: > 17:18:31 msgid=: RJIFNNjoVU63IwAA1nFjLA: > Totally 10 different lmtp ids. > > According to wireshark while sending I've got 2 tcp streams with 5 different ids in each > > Log of one the streams (I've truncated DATA part - it's the same for both streams): > http://pastebin.com/w4qJqZMG > > *note > I've send message in maillist with > mailx -s 'g' 2502 at atlas-2.ru < /boot/initrd.img-686 > > > -----Original Message----- > From: Timo Sirainen [mailto:tss at iki.fi] > Sent: Thursday, August 25, 2011 5:01 PM > To: ???????? ????????? ?????????? > Cc: dovecot at dovecot.org > Subject: Re: [Dovecot] dovecot and maillists problem > > I mean, my point of view of what is happening is is disagreement with the logs you showed. So something's weird here and only the LMTP traffic logs can lead to more clarity. > > On 25.8.2011, at 8.49, ???????? ????????? ?????????? wrote: > >>> But that kind of conflicts on your logs that show tons of SQL lookups one after another.. >> >> I'm not sure that these are conflicts. >> As I see it, it's legitimate lookups for the users who are the members of maillist >> I thought that's correct behavior, am I wrong? >> >> >> >> >> -----Original Message----- >> From: Timo Sirainen [mailto:tss at iki.fi] >> Sent: Thursday, August 25, 2011 4:36 PM >> To: ???????? ????????? ?????????? >> Cc: dovecot at dovecot.org >> Subject: Re: [Dovecot] dovecot and maillists problem >> >> On 25.8.2011, at 8.17, ???????? ????????? ?????????? wrote: >> >>> The problem is: >>> When I send a letter to short maillist (as above) it get the same ID and stored only once in the maildir of one user who is the member of that maillist - that's ok, but >>> When I send a letter to maillist with a large number of recipients it occurred that it's saved more than one, because of the headers added by dovecot lmtp (I've changed host name): >>> >>> diff letter_in_one_user/1314238006.M841940P6916.pink\,S\=12778136\,W\=12953189 letler_in_second_user/new/1314237993.M460165P6916.pink\,S\=12778136\,W\=12953189 >>> 3,4c3,4 >>> < by pink.example.com (Dovecot) with LMTP id 6UiGJBWuVU4EGwAA1nFjLA >>> < ; Thu, 25 Aug 2011 13:06:46 +1100 >>> --- >>>> by pink.example.com (Dovecot) with LMTP id VUeGJBWuVU4EGwAA1nFjLA >>>> ; Thu, 25 Aug 2011 13:06:29 +1100 >>> >>> It's the same letter accept the date and id. >> >> Try capturing the LMTP traffic between Dovecot and Exim? I'm not sure if there's a good way to capture traffic from UNIX sockets, but at least if Exim and Dovecot talk via TCP there are many ways. >> >> The different LMTP ids and dates are added only when there are different DATA commands, which would mean that Exim has sent separate RCPT TO + DATA commands for each of these mails. But that kind of conflicts on your logs that show tons of SQL lookups one after another.. >> >> > From amateo at um.es Thu Aug 25 13:04:32 2011 From: amateo at um.es (Angel L. Mateo) Date: Thu, 25 Aug 2011 12:04:32 +0200 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting Message-ID: <4E561E30.8020509@um.es> Hello, I continue debugging my problems with my update to dovecot 2.x :-( I have dovecot 2.0.13 running in ubuntu 10.04 (lucid) x64. My users are in a ldap directory. The problem is that I have a lot of errors like: Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection lost to LDAP server, reconnecting I have seen in the mail list a patch for 1.2 (http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these logs when the disconnection is because of idle timeouts. As far as I could see in this patch and 2.0.13 source code, this patch is already applied in 2.0. So I guess that the disconnection is for other problem, isn't it? -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From tss at iki.fi Thu Aug 25 13:10:18 2011 From: tss at iki.fi (Timo Sirainen) Date: Thu, 25 Aug 2011 13:10:18 +0300 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <4E561E30.8020509@um.es> References: <4E561E30.8020509@um.es> Message-ID: <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> On 25.8.2011, at 13.04, Angel L. Mateo wrote: > Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection lost to LDAP server, reconnecting > > I have seen in the mail list a patch for 1.2 (http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these logs when the disconnection is because of idle timeouts. As far as I could see in this patch and 2.0.13 source code, this patch is already applied in 2.0. So I guess that the disconnection is for other problem, isn't it? I had completely forgotten I had added such a feature :) See what it logs with attached patch. -------------- next part -------------- A non-text attachment was scrubbed... Name: diff Type: application/octet-stream Size: 630 bytes Desc: not available URL: -------------- next part -------------- From karsten.becker at ecologic.eu Thu Aug 25 14:43:41 2011 From: karsten.becker at ecologic.eu (Karsten Becker) Date: Thu, 25 Aug 2011 13:43:41 +0200 Subject: [Dovecot] Catch22: user needs space to fix out of space condition In-Reply-To: <664F152B-0AE0-4D52-BD62-991707A0C372@iki.fi> References: <96BC604E-BDB4-4482-9013-DB85B9616D7E@geneseo.edu> <664F152B-0AE0-4D52-BD62-991707A0C372@iki.fi> Message-ID: <4E56356D.9070409@ecologic.eu> On 08/25/2011 07:38 AM, Timo Sirainen wrote: > On 25.8.2011, at 5.12, David Warden wrote: > >> In your mail_location you can specify a different control and index directory as a place where the user has no quotas. I'm not quite sure which it is (control or index) that says where the dotlock file goes but it should be one of them. > > Nope, dotlocks go to exactly where the mbox file is, never elsewhere (otherwise using Dovecot with non-Dovecot software could cause corruption). fcntl locks is the only solution. > Quota rule (conf.d/90-quota.conf)? > plugin { > # 10 GByte in kbytes > quota_rule = *:storage=10485760 > > # 1 GByte in kbytes > quota_rule2 = Trash:storage=+1048576 > } So you have a quota of 10GB on the mailbox, but the Trash has an additional space of 1GB for the abilioty to delete mails. Regards Karsten From pelle2004 at hotmail.com Thu Aug 25 18:47:42 2011 From: pelle2004 at hotmail.com (Pelle Svensson) Date: Thu, 25 Aug 2011 17:47:42 +0200 Subject: [Dovecot] Virtual user and post-login 2.0.13 Message-ID: Hi I tried several variants of suggestions but I can't get it working dovecot-info.log: =========== Aug 25 17:37:48 imap-login: Info: Login: user=, method=PLAIN, rip=192.168.1.xx, lip=192.168.1.xx, mpid=11264 Aug 25 17:37:48 imap(vuser): Info: Post-login script denied access to user vuser dovecot.log ======== Aug 25 17:31:28 imap-postlogin: Error: script-login: Error: user pmp at bredband.net: Error reading configuration: net_connect_unix(/var/run/dovecot/config) failed: Permission denied Aug 25 17:31:28 imap-postlogin: Error: script-login: Fatal: Internal error occurred. Refer to server log for more information. Aug 25 17:31:28 log: Error: service(imap-postlogin): child 11082 returned error 89 (Fatal failure) dovecot.conf ======== protocols = imap pop3 base_dir = /var/run/dovecot/ log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot-info.log ssl = no # v1.2+, for older versions use: ssl_disable = yes disable_plaintext_auth = no mail_location = maildir:/home/fetchmail/mailroot/dummy pop3_uidl_format = %08Xu%08Xv !include conf.d/*.conf !include_try local.conf mail_uid=500 mail_gid=500 auth_verbose = yes auth_debug=yes auth_debug_passwords=yes mail_debug=yes # Optional tried with this!!! service config { unix_listener config { group = dovecot mode = 0660 } } service imap { # tell imap to do post-login lookup using a socket called "imap-postlogin" executable = imap imap-postlogin # Optional tried with this!!! user=dovecot } # The service name below doesn't actually matter. service imap-postlogin { # all post-login scripts are executed via script-login binary executable = script-login /home/fetchmail/dovecot-postlogin.sh # the script process runs as the user specified here (v2.0.14+): # Optional tried with this!!! # user=dovecot # user = $default_internal_user # this UNIX socket listener must use the same name as given to imap executable # Optional tried with this!!! #unix_listener imap-postlogin { #} } users ==== vuser:{PLAIN}pass:500:500::/home/fetchmail::userdb_mail=maildir:/home/fetchmail/mailroot/vuser-root allow_nets=192.168.1.0/24 ls -l /home/fetchmail/dovecot-postlogin.sh -rwxrwxrwx. 1 dovecot root 108 Aug 25 17:08 dovecot-postlogin.sh Any suggestions are very welcome!! /Thanks From lists at celebic.net Thu Aug 25 22:11:37 2011 From: lists at celebic.net (Nick Celebic) Date: Thu, 25 Aug 2011 15:11:37 -0400 Subject: [Dovecot] Dovecot 2.0.13 How to use POP3 order Message-ID: <4E569E69.7080801@celebic.net> I saw a few commits for 2.0.13 that added MAIL_FETCH_POP3_ORDER, but I haven't been able to find any information on how to use it. I'm migrating from a Merak mail server into dovecot and all the email can be copied directly into a Maildir/cur directory. The filenames are just the timestamps. When I check with dovecot pop3, they seem to be randomly ordered. I'm hoping this provides a solution where it will look at the file list or stat order. If this isn't possible, can someone tell me how I can change the order in which dovecot lists mails in a UIDL in POP3? Thanks, Nick Celebic From tss at iki.fi Fri Aug 26 03:21:25 2011 From: tss at iki.fi (Timo Sirainen) Date: Fri, 26 Aug 2011 03:21:25 +0300 Subject: [Dovecot] Dovecot 2.0.13 How to use POP3 order In-Reply-To: <4E569E69.7080801@celebic.net> References: <4E569E69.7080801@celebic.net> Message-ID: <1314318085.10421.1359.camel@hurina> On Thu, 2011-08-25 at 15:11 -0400, Nick Celebic wrote: > I saw a few commits for 2.0.13 that added MAIL_FETCH_POP3_ORDER, but I > haven't been able to find any information on how to use it. You'll need to add "O" fields to dovecot-uidlist where the numbers are sorted in the order you want the mails to show up. For example: 1 O2 Pfoo :mailfile1 2 O1 Pbar :mailfile2 Now message with IMAP UID 2 is shown first in POP3 UIDL (with POP3 UIDL "bar") and the message with IMAP UID 1 is shown second in POP3 UIDL (with POP3 UIDL "foo"). But if you're only migrating from another POP3 server, this doesn't matter. It was added only to fix the situation when IMAP UID order doesn't match POP3 UIDL order and the user has been using both IMAP and POP3. So if you simply want POP3 UIDLs to be in wanted order, just put them in the right order to dovecot-uidlist: 1 Pbar :mailfile2 2 Pfoo :mailfile1 http://no1.wiki2.dovecot.org/MailboxFormat/Maildir explains dovecot-uidlist more, and you can also look at http://www.dovecot.org/tools/courier-dovecot-migrate.pl as an example. From hobie at rumormillnews.com Fri Aug 26 07:28:05 2011 From: hobie at rumormillnews.com (hobie at rumormillnews.com) Date: Fri, 26 Aug 2011 00:28:05 -0400 (EDT) Subject: [Dovecot] On IMAP vhost login, only Username being used Message-ID: <41edad3f7c299016fa1102f376f37ba6.squirrel@dragon.rumormillnews.com> Recapping: I'm working to set up Dovecot 2.0.13 along with some additional software (qmail, vpopmail, squirrelmail). It's working fine with squirrelmail now, but trying to connect over SSL with a Thunderbird variant and using IMAP, authentication fails because Dovecot is trying to match only the front part of the name (the user part), ignoring the domain name part of what it's being sent. So, instead of seeking to match virtual user: joe_blow at some_domain.com ...it's trying to match: joe_blow ...and failing, since joe_blow is not a system user but is a virtual host user. With Squirrelmail, connecting from localhost via non-SSL IMAP, the match is handled correctly, no problem. I've run the runtbird.sh script but no light was shed on this by the resulting output, all it said was that authentication was failing. Has anyone else encountered this problem? Any suggestions on how to fix it or where to look for additional info? Thanks kindly. --hobie > I tried the runtbird.sh script, hoping for more info - all it did was show that auth is failing. I don't understand why Dovecot is separating the username from the domain name, and trying to match only on the username. Seems like there must be a config setting that affects this and that I'm overlooking. Thanks ahead for any help with this. > > --hobie > > hobie wrote earlier: > > ===== > > Attempting IMAP SSL login on new installation, using Icedove (Debain Thunderbird variant), login fails. Logs show Dovecot attempting to match username only, not username with domain name, on Vpopmail user, so of course no match. Tried with '@' in full username, also with '%'. What's missing? > > Log shows: > > Aug 24 19:30:48 debian dovecot: auth: Debug: client in: CONT Aug 24 19:30:48 debian dovecot: auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth > Aug 24 19:30:48 debian dovecot: auth: Debug: vpopmail(postmaster,[IP redacted]): lookup user=postmaster domain= > > Current config: > > # 2.0.13: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 > auth_debug = yes > auth_verbose = yes > disable_plaintext_auth = no > first_valid_gid = 89 > first_valid_uid = 89 > mail_debug = yes > mail_location = maildir:/home/vpopmail/domains/%d/%n/Maildir > maildir_very_dirty_syncs = yes > passdb { > driver = vpopmail > } > protocols = imap pop3 > ssl_cert = ssl_key = userdb { > args = quota_template=quota_rule=*:backend=%q > driver = vpopmail > } > > --hobie > > ===== > From amateo at um.es Fri Aug 26 09:43:29 2011 From: amateo at um.es (Angel L. Mateo) Date: Fri, 26 Aug 2011 08:43:29 +0200 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> Message-ID: <4E574091.3040604@um.es> El 25/08/11 12:10, Timo Sirainen escribi?: > On 25.8.2011, at 13.04, Angel L. Mateo wrote: > >> Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection lost to LDAP server, reconnecting >> >> I have seen in the mail list a patch for 1.2 (http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these logs when the disconnection is because of idle timeouts. As far as I could see in this patch and 2.0.13 source code, this patch is already applied in 2.0. So I guess that the disconnection is for other problem, isn't it? > > I had completely forgotten I had added such a feature :) See what it logs with attached patch. > Hello, I have found the problem. Is not a dovecot issue. The problem (if this is a problem) is that our ldap is behind a load balancer. This load balancer has a timeout of 3600s for ldap connections. If there is a connection with more than 3600s without activity, the load balancer close it, and this is the reason of the message. Now I'm trying to find why dovecot has a ldap connection with inactivity. One question, does auth process use more than one ldap connection? If it uses a pool is more reasonable, because we have auth cache enabled and now he have low activity, so it could be that a connection last more than 1 hour with activity, isn't it? -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From alex at ahhyes.net Fri Aug 26 10:25:57 2011 From: alex at ahhyes.net (Alex) Date: Fri, 26 Aug 2011 17:25:57 +1000 Subject: [Dovecot] limiting number of incorrect logins per connection Message-ID: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> Hi Guys, Running Dovecot 2 on my server. It is regularly getting dictionary auth attacked. What I have noticed is that once connected to a pop3/imap login session, you can send endless incorrect usernames+passwords attempts. This is a problem for me... I use fail2ban to try and stop these script kiddies. The problem is that fail2ban detects the bad auths, firewalls the IP, however, since it's an "established" session, the attacker can keep authing away... It's only on a subsequent (new) connection that the firewalling will take effect. Why is there no configuration option such as "max auth attempts per connection"? This would be useful, so once the limit is reached, the connection is dropped. is there a patch/workaround? From robert at schetterer.org Fri Aug 26 10:59:26 2011 From: robert at schetterer.org (Robert Schetterer) Date: Fri, 26 Aug 2011 09:59:26 +0200 Subject: [Dovecot] limiting number of incorrect logins per connection In-Reply-To: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> References: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> Message-ID: <4E57525E.2070107@schetterer.org> Am 26.08.2011 09:25, schrieb Alex: > Hi Guys, > > Running Dovecot 2 on my server. It is regularly getting dictionary auth > attacked. What I have noticed is that once connected to a pop3/imap > login session, you can send endless incorrect usernames+passwords > attempts. This is a problem for me... I use fail2ban to try and stop > these script kiddies. The problem is that fail2ban detects the bad > auths, firewalls the IP, however, since it's an "established" session, > the attacker can keep authing away... It's only on a subsequent (new) > connection that the firewalling will take effect. > > Why is there no configuration option such as "max auth attempts per > connection"? This would be useful, so once the limit is reached, the > connection is dropped. > > is there a patch/workaround? > there where equal questions in the past i.e read http://comments.gmane.org/gmane.mail.imap.dovecot/46204 -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From alex at ahhyes.net Fri Aug 26 11:39:35 2011 From: alex at ahhyes.net (=?utf-8?B?YWxleEBhaGh5ZXMubmV0?=) Date: Fri, 26 Aug 2011 18:39:35 +1000 Subject: [Dovecot] =?utf-8?q?limiting_number_of_incorrect_logins_per_conne?= =?utf-8?q?ction?= Message-ID: Hi, I saw that thread already, however it does not offer any solution that can be applied to dovecot directly. That thread has also been asleep for well over a year. It couldnt be that hard for the author to implement this function. It would only require a few lines of code. ----- Reply message ----- From: "Robert Schetterer" Date: Fri, Aug 26, 2011 17:59 Subject: [Dovecot] limiting number of incorrect logins per connection To: Am 26.08.2011 09:25, schrieb Alex: > Hi Guys, > > Running Dovecot 2 on my server. It is regularly getting dictionary auth > attacked. What I have noticed is that once connected to a pop3/imap > login session, you can send endless incorrect usernames+passwords > attempts. This is a problem for me... I use fail2ban to try and stop > these script kiddies. The problem is that fail2ban detects the bad > auths, firewalls the IP, however, since it's an "established" session, > the attacker can keep authing away... It's only on a subsequent (new) > connection that the firewalling will take effect. > > Why is there no configuration option such as "max auth attempts per > connection"? This would be useful, so once the limit is reached, the > connection is dropped. > > is there a patch/workaround? > there where equal questions in the past i.e read http://comments.gmane.org/gmane.mail.imap.dovecot/46204 -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From tss at iki.fi Fri Aug 26 11:44:45 2011 From: tss at iki.fi (Timo Sirainen) Date: Fri, 26 Aug 2011 11:44:45 +0300 Subject: [Dovecot] limiting number of incorrect logins per connection In-Reply-To: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> References: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> Message-ID: On 26.8.2011, at 10.25, Alex wrote: > Running Dovecot 2 on my server. It is regularly getting dictionary auth attacked. What I have noticed is that once connected to a pop3/imap login session, you can send endless incorrect usernames+passwords attempts. This is a problem for me... I use fail2ban to try and stop these script kiddies. The problem is that fail2ban detects the bad auths, firewalls the IP, however, since it's an "established" session, the attacker can keep authing away... It's only on a subsequent (new) connection that the firewalling will take effect. Umm. If client hasn't managed to log in in 3 minutes, it's disconnected (no matter what it does with the connection). From alex at ahhyes.net Fri Aug 26 12:07:08 2011 From: alex at ahhyes.net (Alex) Date: Fri, 26 Aug 2011 19:07:08 +1000 Subject: [Dovecot] limiting number of incorrect logins per connection In-Reply-To: References: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> Message-ID: <6ed2c04bc55eca5dcdabf46a9836bdd2@ahhyes.net> 3 minutes! I think that's too long, how can I drop that down to about 45 seconds? On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote: > On 26.8.2011, at 10.25, Alex wrote: > >> Running Dovecot 2 on my server. It is regularly getting dictionary >> auth attacked. What I have noticed is that once connected to a >> pop3/imap login session, you can send endless incorrect >> usernames+passwords attempts. This is a problem for me... I use >> fail2ban to try and stop these script kiddies. The problem is that >> fail2ban detects the bad auths, firewalls the IP, however, since it's >> an "established" session, the attacker can keep authing away... It's >> only on a subsequent (new) connection that the firewalling will take >> effect. > > Umm. If client hasn't managed to log in in 3 minutes, it's > disconnected (no matter what it does with the connection). From alex at ahhyes.net Fri Aug 26 12:14:34 2011 From: alex at ahhyes.net (Alex) Date: Fri, 26 Aug 2011 19:14:34 +1000 Subject: [Dovecot] limiting number of incorrect logins per connection In-Reply-To: <6ed2c04bc55eca5dcdabf46a9836bdd2@ahhyes.net> References: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> <6ed2c04bc55eca5dcdabf46a9836bdd2@ahhyes.net> Message-ID: I am happy to recompile if there is no config option. I gather it's in the src/auth dir somewhere in one of the C source files. Just need to be pointed in the right dir. On Fri, 26 Aug 2011 19:07:08 +1000, Alex wrote: > 3 minutes! I think that's too long, how can I drop that down to about > 45 seconds? > > > On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote: >> On 26.8.2011, at 10.25, Alex wrote: >> >>> Running Dovecot 2 on my server. It is regularly getting dictionary >>> auth attacked. What I have noticed is that once connected to a >>> pop3/imap login session, you can send endless incorrect >>> usernames+passwords attempts. This is a problem for me... I use >>> fail2ban to try and stop these script kiddies. The problem is that >>> fail2ban detects the bad auths, firewalls the IP, however, since it's >>> an "established" session, the attacker can keep authing away... It's >>> only on a subsequent (new) connection that the firewalling will take >>> effect. >> >> Umm. If client hasn't managed to log in in 3 minutes, it's >> disconnected (no matter what it does with the connection). From amateo at um.es Fri Aug 26 14:01:06 2011 From: amateo at um.es (Angel L. Mateo) Date: Fri, 26 Aug 2011 13:01:06 +0200 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> Message-ID: <4E577CF2.2070800@um.es> El 25/08/11 12:10, Timo Sirainen escribi?: > On 25.8.2011, at 13.04, Angel L. Mateo wrote: > >> Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection lost to LDAP server, reconnecting >> >> I have seen in the mail list a patch for 1.2 (http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these logs when the disconnection is because of idle timeouts. As far as I could see in this patch and 2.0.13 source code, this patch is already applied in 2.0. So I guess that the disconnection is for other problem, isn't it? > > I had completely forgotten I had added such a feature :) See what it logs with attached patch. > I have tried the patch. It confirms my hypothesis, the connection is closed by my load balancer: Aug 26 12:55:27 myotis31 dovecot: auth: Error: LDAP: Connection lost to LDAP server, reconnecting (1 requests, 3603 idle secs) Is there any way to configure ldap connection with a keepalive, so I don't need a reconnection? -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From fbscarel at gmail.com Fri Aug 26 15:15:18 2011 From: fbscarel at gmail.com (Felipe Scarel) Date: Fri, 26 Aug 2011 09:15:18 -0300 Subject: [Dovecot] limiting number of incorrect logins per connection In-Reply-To: References: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> <6ed2c04bc55eca5dcdabf46a9836bdd2@ahhyes.net> Message-ID: Alex, I've not personally done it (so just speculating here, bear with me) but you can customize Fail2Ban's actions if needed. So, if you can match the attemps through some regex (and since you're seeing them in the logs, that should be quite possible), then you can edit one of the 'actions' to drop the connection for . I'm just not entirely sure that iptables (or pf, or whatever firewall you've got) can do it to active connections, 'cause that problem hasn't arised for me so far. On Fri, Aug 26, 2011 at 06:14, Alex wrote: > I am happy to recompile if there is no config option. I gather it's in the > src/auth dir somewhere in one of the C source files. Just need to be pointed > in the right dir. > > > On Fri, 26 Aug 2011 19:07:08 +1000, Alex wrote: > >> 3 minutes! I think that's too long, how can I drop that down to about >> 45 seconds? >> >> >> On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote: >> >>> On 26.8.2011, at 10.25, Alex wrote: >>> >>> Running Dovecot 2 on my server. It is regularly getting dictionary auth >>>> attacked. What I have noticed is that once connected to a pop3/imap login >>>> session, you can send endless incorrect usernames+passwords attempts. This >>>> is a problem for me... I use fail2ban to try and stop these script kiddies. >>>> The problem is that fail2ban detects the bad auths, firewalls the IP, >>>> however, since it's an "established" session, the attacker can keep authing >>>> away... It's only on a subsequent (new) connection that the firewalling will >>>> take effect. >>>> >>> >>> Umm. If client hasn't managed to log in in 3 minutes, it's >>> disconnected (no matter what it does with the connection). >>> >> > From fbscarel at gmail.com Fri Aug 26 15:22:16 2011 From: fbscarel at gmail.com (Felipe Scarel) Date: Fri, 26 Aug 2011 09:22:16 -0300 Subject: [Dovecot] limiting number of incorrect logins per connection In-Reply-To: References: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> <6ed2c04bc55eca5dcdabf46a9836bdd2@ahhyes.net> Message-ID: Yeah, I had read about half of that thread, and after I sent my mail kept reading and stumbled upon this: "(...) using the recent module needs dovecotto close the connection upon authentication failure, as iptables only (normally) comes in to play for new connections (...)". So, yeah, my suggestion probably won't work. On Fri, Aug 26, 2011 at 09:15, Felipe Scarel wrote: > Alex, I've not personally done it (so just speculating here, bear with me) > but you can customize Fail2Ban's actions if needed. So, if you can match the > attemps through some regex (and since you're seeing them in the logs, that > should be quite possible), then you can edit one of the 'actions' to drop > the connection for . > > I'm just not entirely sure that iptables (or pf, or whatever firewall > you've got) can do it to active connections, 'cause that problem hasn't > arised for me so far. > > > On Fri, Aug 26, 2011 at 06:14, Alex wrote: > >> I am happy to recompile if there is no config option. I gather it's in the >> src/auth dir somewhere in one of the C source files. Just need to be pointed >> in the right dir. >> >> >> On Fri, 26 Aug 2011 19:07:08 +1000, Alex wrote: >> >>> 3 minutes! I think that's too long, how can I drop that down to about >>> 45 seconds? >>> >>> >>> On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote: >>> >>>> On 26.8.2011, at 10.25, Alex wrote: >>>> >>>> Running Dovecot 2 on my server. It is regularly getting dictionary auth >>>>> attacked. What I have noticed is that once connected to a pop3/imap login >>>>> session, you can send endless incorrect usernames+passwords attempts. This >>>>> is a problem for me... I use fail2ban to try and stop these script kiddies. >>>>> The problem is that fail2ban detects the bad auths, firewalls the IP, >>>>> however, since it's an "established" session, the attacker can keep authing >>>>> away... It's only on a subsequent (new) connection that the firewalling will >>>>> take effect. >>>>> >>>> >>>> Umm. If client hasn't managed to log in in 3 minutes, it's >>>> disconnected (no matter what it does with the connection). >>>> >>> >> > From a.chapellon at horoa.net Fri Aug 26 16:14:27 2011 From: a.chapellon at horoa.net (Alexandre Chapellon) Date: Fri, 26 Aug 2011 15:14:27 +0200 Subject: [Dovecot] limiting number of incorrect logins per connection In-Reply-To: References: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> <6ed2c04bc55eca5dcdabf46a9836bdd2@ahhyes.net> Message-ID: <4E579C33.7010305@horoa.net> fail2ban will work as soon as dovecot have closed a none-authenticated connection: 3mins->180sec If tarpit delay for auth failures in a connection is set to 15s (which seems to be the default unless i missunderstood).... this let an attackers only 12 tries (at most) before IP gets blacklisted by fail2ban... Far enough to circumvent bruteforce and even dictionnary based attacks... unless the attacker has a botnet and uses non agressives retry policy. But in the last case, even if you blacklist IP at first failed tried, you're still vuln to such attacks. regards. Le 26/08/2011 14:22, Felipe Scarel a ?crit : > Yeah, I had read about half of that thread, and after I sent my mail kept > reading and stumbled upon this: "(...) using the recent module needs > dovecotto close the connection upon authentication failure, as iptables only > (normally) comes in to play for new connections (...)". > > So, yeah, my suggestion probably won't work. > > On Fri, Aug 26, 2011 at 09:15, Felipe Scarel wrote: > >> Alex, I've not personally done it (so just speculating here, bear with me) >> but you can customize Fail2Ban's actions if needed. So, if you can match the >> attemps through some regex (and since you're seeing them in the logs, that >> should be quite possible), then you can edit one of the 'actions' to drop >> the connection for. >> >> I'm just not entirely sure that iptables (or pf, or whatever firewall >> you've got) can do it to active connections, 'cause that problem hasn't >> arised for me so far. >> >> >> On Fri, Aug 26, 2011 at 06:14, Alex wrote: >> >>> I am happy to recompile if there is no config option. I gather it's in the >>> src/auth dir somewhere in one of the C source files. Just need to be pointed >>> in the right dir. >>> >>> >>> On Fri, 26 Aug 2011 19:07:08 +1000, Alex wrote: >>> >>>> 3 minutes! I think that's too long, how can I drop that down to about >>>> 45 seconds? >>>> >>>> >>>> On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote: >>>> >>>>> On 26.8.2011, at 10.25, Alex wrote: >>>>> >>>>> Running Dovecot 2 on my server. It is regularly getting dictionary auth >>>>>> attacked. What I have noticed is that once connected to a pop3/imap login >>>>>> session, you can send endless incorrect usernames+passwords attempts. This >>>>>> is a problem for me... I use fail2ban to try and stop these script kiddies. >>>>>> The problem is that fail2ban detects the bad auths, firewalls the IP, >>>>>> however, since it's an "established" session, the attacker can keep authing >>>>>> away... It's only on a subsequent (new) connection that the firewalling will >>>>>> take effect. >>>>>> >>>>> Umm. If client hasn't managed to log in in 3 minutes, it's >>>>> disconnected (no matter what it does with the connection). >>>>> -- -------------- next part -------------- A non-text attachment was scrubbed... Name: a_chapellon.vcf Type: text/x-vcard Size: 373 bytes Desc: not available URL: From allan.cassaro at gmail.com Fri Aug 26 18:27:25 2011 From: allan.cassaro at gmail.com (Allan Cassaro) Date: Fri, 26 Aug 2011 12:27:25 -0300 Subject: [Dovecot] limiting number of incorrect logins per connection In-Reply-To: <4E579C33.7010305@horoa.net> References: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> <6ed2c04bc55eca5dcdabf46a9836bdd2@ahhyes.net> <4E579C33.7010305@horoa.net> Message-ID: On Fri, Aug 26, 2011 at 10:14 AM, Alexandre Chapellon wrote: > fail2ban will work as soon as dovecot have closed a none-authenticated > connection: 3mins->180sec > If tarpit delay for auth failures in a connection is set to 15s (which > seems to be the default unless i missunderstood).... this let an attackers > only 12 tries (at most) before IP gets blacklisted by fail2ban... Far enough > to circumvent bruteforce and even dictionnary based attacks... unless the > attacker has a botnet and uses non agressives retry policy. But in the last > case, even if you blacklist IP at first failed tried, you're still vuln to > such attacks. > > regards. > > Le 26/08/2011 14:22, Felipe Scarel a ?crit : > > Yeah, I had read about half of that thread, and after I sent my mail kept >> reading and stumbled upon this: "(...) using the recent module needs >> dovecotto close the connection upon authentication failure, as iptables >> only >> (normally) comes in to play for new connections (...)". >> >> So, yeah, my suggestion probably won't work. >> >> On Fri, Aug 26, 2011 at 09:15, Felipe Scarel wrote: >> >> Alex, I've not personally done it (so just speculating here, bear with >>> me) >>> but you can customize Fail2Ban's actions if needed. So, if you can match >>> the >>> attemps through some regex (and since you're seeing them in the logs, >>> that >>> should be quite possible), then you can edit one of the 'actions' to drop >>> the connection for. >>> >>> I'm just not entirely sure that iptables (or pf, or whatever firewall >>> you've got) can do it to active connections, 'cause that problem hasn't >>> arised for me so far. >>> >>> >>> On Fri, Aug 26, 2011 at 06:14, Alex wrote: >>> >>> I am happy to recompile if there is no config option. I gather it's in >>>> the >>>> src/auth dir somewhere in one of the C source files. Just need to be >>>> pointed >>>> in the right dir. >>>> >>>> >>>> On Fri, 26 Aug 2011 19:07:08 +1000, Alex wrote: >>>> >>>> 3 minutes! I think that's too long, how can I drop that down to about >>>>> 45 seconds? >>>>> >>>>> >>>>> On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote: >>>>> >>>>> On 26.8.2011, at 10.25, Alex wrote: >>>>>> >>>>>> Running Dovecot 2 on my server. It is regularly getting dictionary >>>>>> auth >>>>>> >>>>>>> attacked. What I have noticed is that once connected to a pop3/imap >>>>>>> login >>>>>>> session, you can send endless incorrect usernames+passwords attempts. >>>>>>> This >>>>>>> is a problem for me... I use fail2ban to try and stop these script >>>>>>> kiddies. >>>>>>> The problem is that fail2ban detects the bad auths, firewalls the IP, >>>>>>> however, since it's an "established" session, the attacker can keep >>>>>>> authing >>>>>>> away... It's only on a subsequent (new) connection that the >>>>>>> firewalling will >>>>>>> take effect. >>>>>>> >>>>>>> Umm. If client hasn't managed to log in in 3 minutes, it's >>>>>> disconnected (no matter what it does with the connection). >>>>>> >>>>> If you substitute (create a wrap to) the "imap-login" binary with an script? The script can create a "fail attempt/ip" file into home dir and return ok or not to dovecot main process based on this information. This will solve you problem with established connections and will ban the "badguy" in realtime. I know this is possible in 1.x version. Timo, this is possible on 2.x version? Regards. -- Use c?pia oculta (BCC ou CCO) e apague dados pessoais no campo da mensagem ao encaminhar qualquer e-mail. http://allan.cassaro.googlepages.com From tss at iki.fi Fri Aug 26 19:28:40 2011 From: tss at iki.fi (Timo Sirainen) Date: Fri, 26 Aug 2011 19:28:40 +0300 Subject: [Dovecot] limiting number of incorrect logins per connection In-Reply-To: References: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> <6ed2c04bc55eca5dcdabf46a9836bdd2@ahhyes.net> <4E579C33.7010305@horoa.net> Message-ID: <8F8A7075-B221-4DD5-A9FC-AD922204C2AE@iki.fi> On 26.8.2011, at 18.27, Allan Cassaro wrote: > If you substitute (create a wrap to) the "imap-login" binary with an script? > The script can create a "fail attempt/ip" file into home dir and return ok > or not to dovecot main process based on this information. imap-login is typically chrooted and running with nonprivileged account that can't access user's home dir. I guess you could change those, but wrapping imap-login won't help because you don't know the username at that point.. Either auth or anvil process could do something like this. From tss at iki.fi Fri Aug 26 19:30:01 2011 From: tss at iki.fi (Timo Sirainen) Date: Fri, 26 Aug 2011 19:30:01 +0300 Subject: [Dovecot] limiting number of incorrect logins per connection In-Reply-To: <6ed2c04bc55eca5dcdabf46a9836bdd2@ahhyes.net> References: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> <6ed2c04bc55eca5dcdabf46a9836bdd2@ahhyes.net> Message-ID: <742D9DFB-819D-4F1C-8E88-E08B8894B135@iki.fi> login-common/client-common.h : #define CLIENT_LOGIN_TIMEOUT_MSECS (MASTER_LOGIN_TIMEOUT_SECS*1000) So set it to (45*60*1000) But I don't think there's much of a practical difference between these. On 26.8.2011, at 12.07, Alex wrote: > 3 minutes! I think that's too long, how can I drop that down to about 45 seconds? > > > On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote: >> On 26.8.2011, at 10.25, Alex wrote: >> >>> Running Dovecot 2 on my server. It is regularly getting dictionary auth attacked. What I have noticed is that once connected to a pop3/imap login session, you can send endless incorrect usernames+passwords attempts. This is a problem for me... I use fail2ban to try and stop these script kiddies. The problem is that fail2ban detects the bad auths, firewalls the IP, however, since it's an "established" session, the attacker can keep authing away... It's only on a subsequent (new) connection that the firewalling will take effect. >> >> Umm. If client hasn't managed to log in in 3 minutes, it's >> disconnected (no matter what it does with the connection). > From simon.brereton at buongiorno.com Fri Aug 26 20:10:59 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Fri, 26 Aug 2011 13:10:59 -0400 Subject: [Dovecot] File Permissions and delivery Message-ID: <001701cc6413$20e693c0$62b3bb40$@brereton@buongiorno.com> Hi I'm very new to Dovecot (been using Courier for 5 years), but I've been persuaded of the merits of Dovecot and since the server needs upgrading that seems like the perfect time/excuse. On a test server, I set up postfix and installed Dovecot (running 32-bit Debian Squeeze, installed from apt-get). I mirrored the mail store (Maildirs, for historical reasons located under /var/spool/mail/virtual/domain.com/user). Then I ran the courier migration perl script and everything was fine and dandy. However, when I can to do the production migration, things weren't as smooth. The new server is 64-bit (not that I think it makes a difference, but if you're going to help me you should have all the information :) Again, I installed Postfix and Dovecot Took down the old server Mirrored the Maildirs Ran the migration script Restarted everything At this point everything looked like it was ok. Mail was being received and delivered to the Maildirs and the IMAP login was fine. However, I noticed errors in the logs when retreiving mail with the MUA along the lines of: Aug 26 16:59:48 mail dovecot: IMAP(simon at lydiard.net): open(/var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +r perm: /var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) After messing around with the chown and chmod (even though these were exactly the same as the test server) I finally discovered the issue. mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/ -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:33 1314326000.V801I1666018M803015.mail.net,S=2461:2, -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:36 1314326209.V801I1666019M447273.mail.net,S=2460:2, -rw-rw---- 1 postfix mailsystem 2.5K Aug 26 04:00 1314327630.V801I166601aM308173.mail.net,S=2477:2, -rw------- 1 postfix mailsystem 2.5K Aug 26 04:22 1314328966.V801I166601bM756462.mail.net,S=2461:2, -rw------- 1 postfix mailsystem 1.1K Aug 26 16:28 1314372534.V801I166601cM615258.mail.net,S=1097:2, -rw------- 1 postfix mailsystem 1.1K Aug 26 16:31 1314372685.V801I166601dM264242.mail.net,S=1097:2, Mails are being delivered with 0600 permissions and not 0660 (the mails from courier seem to have all been 0770 as you can see). If I manually change the permission (to 0660) then I can see the mail in the MUA. After thinking for a while it occurred to me that this is covered in the LDA section. But making changes to the config file (either permissions or UID/GID) doesn't seem to make a difference. (Yes, I did restart postfix and dovecot after the changes). Anyway, here is my dovecot -n: mail:~# dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 pop3s ssl_ca_file: /etc/ssl/keys/ca.crt ssl_cert_file: /etc/ssl/keys/mail.net.crt ssl_key_file: /etc/ssl/private/mail.net.key disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_privileged_group: mailsystem mail_location: maildir:/var/spool/mail/virtual/%d/%n maildir_very_dirty_syncs: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh lda: postmaster_address: postmaster at net mail_plugins: quota log_path: info_log_path: deliver_log_format: msgid=%m: %f: %$ auth default: mechanisms: plain login user: mailsystem verbose: yes passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: prefetch userdb: driver: static args: uid=999 gid=115 home=/var/spool/mail/virtual/%d/%n allow_all_users=yes socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: mailsystem master: path: /var/run/dovecot/auth-master mode: 432 user: mailsystem group: mailsystem plugin: quota: maildir As you can see, I tried to go 0660 in both client and master. The portion of my master.cf 81 # SPB - Attempt to deliver with Dovecot LDA 82 dovecot unix - n n - - pipe 83 flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} Is there anything else I should include? I'm pretty sure it's an error on my part. I'm just not clued up enough to know where. My second problem is that I thought I had things back to where they were before I messed with chown and chmod, but now I get this in the logs dovecot: dovecot: Fatal: chdir(/var/spool/mail/virtual/domain.net/simon//) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +x perm: /var/spool/mail/virtual) But the ls on that is exactly the same as on the test server: ls /var/spool/mail/virtual/ total 44K drwxrwS--- 11 postfix mailsystem 4.0K Aug 25 23:07 ./ drwxrwsr-x 5 amavis mailsystem 4.0K Oct 19 2009 ../ drwxrws--- 5 mailsystem mailsystem 4.0K Aug 26 02:33 domain.net/ So, now I'm stumped. I hope someone can spot the simple thing I've missed! Thanks. Simon From willcox at datahelper.com Fri Aug 26 21:41:18 2011 From: willcox at datahelper.com (Mark Willcox) Date: Fri, 26 Aug 2011 13:41:18 -0500 Subject: [Dovecot] Virtual user and post-login 2.0.13 In-Reply-To: References: Message-ID: <4E57E8CE.1020808@datahelper.com> Did you try installing from source after applying the patch? As in: This is your problem.. It's a bug in v2.0.13. You could patch with http://hg.dovecot.org/dovecot-2.0/rev/a2d57b43ccb2 or change config socket's permissions. I'll hopefully release v2.0.14 in not too distant future. -- Timo That got it working for me. Plus this: service imap { executable = imap imap-postlogin } service imap-postlogin { executable = script-login /usr/local/bin/set_postpop unix_listener imap-postlogin { } } The script seems to run as root so I set ownership to the proper user in the script. _________________ Mark Willcox Data Helper, Inc. On 8/25/2011 10:47 AM, Pelle Svensson wrote: > Hi > > I tried several variants of suggestions but I can't get it working > > dovecot-info.log: > =========== > Aug 25 17:37:48 imap-login: Info: Login: user=, method=PLAIN, rip=192.168.1.xx, lip=192.168.1.xx, mpid=11264 > Aug 25 17:37:48 imap(vuser): Info: Post-login script denied access to user vuser > > dovecot.log > ======== > Aug 25 17:31:28 imap-postlogin: Error: script-login: Error: user pmp at bredband.net: Error reading configuration: net_connect_unix(/var/run/dovecot/config) failed: Permission denied > Aug 25 17:31:28 imap-postlogin: Error: script-login: Fatal: Internal error occurred. Refer to server log for more information. > Aug 25 17:31:28 log: Error: service(imap-postlogin): child 11082 returned error 89 (Fatal failure) > > dovecot.conf > ======== > protocols = imap pop3 > base_dir = /var/run/dovecot/ > > log_path = /var/log/dovecot.log > info_log_path = /var/log/dovecot-info.log > > ssl = no # v1.2+, for older versions use: ssl_disable = yes > disable_plaintext_auth = no > > mail_location = maildir:/home/fetchmail/mailroot/dummy > > pop3_uidl_format = %08Xu%08Xv > > > !include conf.d/*.conf > !include_try local.conf > > mail_uid=500 > mail_gid=500 > > auth_verbose = yes > auth_debug=yes > auth_debug_passwords=yes > mail_debug=yes > > # Optional tried with this!!! > service config { > unix_listener config { > group = dovecot > mode = 0660 > } > } > > service imap { > # tell imap to do post-login lookup using a socket called "imap-postlogin" > executable = imap imap-postlogin > # Optional tried with this!!! > > user=dovecot > } > > # The service name below doesn't actually matter. > service imap-postlogin { > # all post-login scripts are executed via script-login binary > executable = script-login /home/fetchmail/dovecot-postlogin.sh > > # the script process runs as the user specified here (v2.0.14+): > # Optional tried with this!!! > > # user=dovecot > # user = $default_internal_user > # this UNIX socket listener must use the same name as given to imap executable > # Optional tried with this!!! > > #unix_listener imap-postlogin { > #} > } > > > users > ==== > vuser:{PLAIN}pass:500:500::/home/fetchmail::userdb_mail=maildir:/home/fetchmail/mailroot/vuser-root allow_nets=192.168.1.0/24 > > ls -l /home/fetchmail/dovecot-postlogin.sh > -rwxrwxrwx. 1 dovecot root 108 Aug 25 17:08 dovecot-postlogin.sh > > Any suggestions are very welcome!! > > /Thanks > > > From florin at andrei.myip.org Fri Aug 26 22:07:15 2011 From: florin at andrei.myip.org (Florin Andrei) Date: Fri, 26 Aug 2011 12:07:15 -0700 Subject: [Dovecot] performance with 100k messages per folder Message-ID: <4E57EEE3.9000504@andrei.myip.org> dovecot-2.0-0.10.beta6.20100630.el6.x86_64 on CentOS 6. Virtual machine with 1 GB of RAM on VMWare. The configuration is more or less stock. Postfix receives then delivers to Dovecot. IMAP with mbox. Only one user account, but shared by several people via webmail (Roundcube webmail in Apache on the same machine). No other MUAs. 100k new messages per month, inbox is rotated monthly into a YYYYMM folder by a cron job. Only one monthly folder so far. Messages are never deleted (but I may start deleting old folders a year or two from now). This is mostly for reading, with occasional messages being forwarded. The email was pretty sluggish when logging in to the webmail interface. I asked the admin to increase the RAM from 0.5 to 1 GB. I changed mbox_very_dirty_syncs to yes. These measures seemed to accelerate it a lot. There's still a 1 sec pause when logging in, during which time the dovecot/imap process is using a lot of CPU. It looks like, as long as I give it enough RAM to keep the folders in memory, the whole thing should be fast enough, which is great. Any other tips-n-tricks to keep the email server speedy and the users happy? Should I worry about mbox_very_dirty_syncs as long as there are no other MUAs? -- Florin Andrei http://florin.myip.org/ From CMarcus at Media-Brokers.com Fri Aug 26 22:53:44 2011 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 26 Aug 2011 15:53:44 -0400 Subject: [Dovecot] performance with 100k messages per folder In-Reply-To: <4E57EEE3.9000504@andrei.myip.org> References: <4E57EEE3.9000504@andrei.myip.org> Message-ID: <4E57F9C8.4060601@Media-Brokers.com> On 2011-08-26 3:07 PM, Florin Andrei wrote: > dovecot-2.0-0.10.beta6.20100630.el6.x86_64 Don't need to read further. Upgrade to a recent stable release - if that doesn't fix your problem, *then* come back and ask again... -- Best regards, Charles From hobie at rumormillnews.com Fri Aug 26 23:05:47 2011 From: hobie at rumormillnews.com (hobie at rumormillnews.com) Date: Fri, 26 Aug 2011 16:05:47 -0400 (EDT) Subject: [Dovecot] On IMAP vhost login, only Username being used Message-ID: Found it. :) Not a dovecot problem but a field in Icedove (Thunderbird variant) that had been automatically filled in by the software "to serve you better". It's on the Server Settings page as "User Name". "Never mind..." :) --hobie > Recapping: I'm working to set up Dovecot 2.0.13 along with some additional software (qmail, vpopmail, squirrelmail). It's working fine with squirrelmail now, but trying to connect over SSL with a Thunderbird variant and using IMAP, authentication fails because Dovecot is trying to match only the front part of the name (the user part), ignoring the domain name part of what it's being sent. So, instead of seeking to match virtual user: > > joe_blow at some_domain.com > > ...it's trying to match: > > joe_blow > > ...and failing, since joe_blow is not a system user but is a virtual host user. With Squirrelmail, connecting from localhost via non-SSL IMAP, the match is handled correctly, no problem. I've run the runtbird.sh script but no light was shed on this by the resulting output, all it said was that authentication was failing. > > Has anyone else encountered this problem? Any suggestions on how to fix it or where to look for additional info? Thanks kindly. > > --hobie > >> I tried the runtbird.sh script, hoping for more info - all it did was > show that auth is failing. I don't understand why Dovecot is separating the username from the domain name, and trying to match only on the username. Seems like there must be a config setting that affects this and that I'm overlooking. Thanks ahead for any help with this. >> >> --hobie >> >> hobie wrote earlier: >> >> ===== >> >> Attempting IMAP SSL login on new installation, using Icedove (Debain > Thunderbird variant), login fails. Logs show Dovecot attempting to match username only, not username with domain name, on Vpopmail user, so of course no match. Tried with '@' in full username, also with '%'. What's missing? >> >> Log shows: >> >> Aug 24 19:30:48 debian dovecot: auth: Debug: client in: CONT Aug > 24 19:30:48 debian dovecot: auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth >> Aug 24 19:30:48 debian dovecot: auth: Debug: vpopmail(postmaster,[IP > redacted]): lookup user=postmaster domain= >> >> Current config: >> >> # 2.0.13: /usr/local/etc/dovecot/dovecot.conf >> # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 >> auth_debug = yes >> auth_verbose = yes >> disable_plaintext_auth = no >> first_valid_gid = 89 >> first_valid_uid = 89 >> mail_debug = yes >> mail_location = maildir:/home/vpopmail/domains/%d/%n/Maildir >> maildir_very_dirty_syncs = yes >> passdb { >> driver = vpopmail >> } >> protocols = imap pop3 >> ssl_cert = > ssl_key = > userdb { >> args = quota_template=quota_rule=*:backend=%q >> driver = vpopmail >> } >> >> --hobie >> >> ===== >> > > > > > > > From patrickdk at patrickdk.com Sat Aug 27 02:35:09 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Fri, 26 Aug 2011 19:35:09 -0400 Subject: [Dovecot] File Permissions and delivery In-Reply-To: <001701cc6413$20e693c0$62b3bb40$@brereton@buongiorno.com> References: <001701cc6413$20e693c0$62b3bb40$@brereton@buongiorno.com> Message-ID: <20110826193509.Horde.CZE5dJLnE6FOWC2tsEPBzxA@mail.patrickdk.com> My guess is your delivering email with postfix to the inbox, instead of using dovecot-lda. And something odd is going on with that postfix to get odd permissions like that. You probably needed to edit the postfix virtual deliever transport, or maybe you just forget to active the dovecot-lda (deliever) transport. Quoting Simon Brereton : > Hi > > I'm very new to Dovecot (been using Courier for 5 years), but I've > been persuaded of the merits of Dovecot and since the server needs > upgrading that seems like the perfect time/excuse. > > On a test server, I set up postfix and installed Dovecot (running > 32-bit Debian Squeeze, installed from apt-get). I mirrored the mail > store (Maildirs, for historical reasons located under > /var/spool/mail/virtual/domain.com/user). Then I ran the courier > migration perl script and everything was fine and dandy. > > However, when I can to do the production migration, things weren't > as smooth. The new server is 64-bit (not that I think it makes a > difference, but if you're going to help me you should have all the > information :) > > Again, I installed Postfix and Dovecot > Took down the old server > Mirrored the Maildirs > Ran the migration script > Restarted everything > > At this point everything looked like it was ok. Mail was being > received and delivered to the Maildirs and the IMAP login was fine. > However, I noticed errors in the logs when retreiving mail with the > MUA along the lines of: > > Aug 26 16:59:48 mail dovecot: IMAP(simon at lydiard.net): > open(/var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +r perm: > /var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) > > After messing around with the chown and chmod (even though these > were exactly the same as the test server) I finally discovered the > issue. > > mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/ > -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:33 > 1314326000.V801I1666018M803015.mail.net,S=2461:2, > -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:36 > 1314326209.V801I1666019M447273.mail.net,S=2460:2, > -rw-rw---- 1 postfix mailsystem 2.5K Aug 26 04:00 > 1314327630.V801I166601aM308173.mail.net,S=2477:2, > -rw------- 1 postfix mailsystem 2.5K Aug 26 04:22 > 1314328966.V801I166601bM756462.mail.net,S=2461:2, > -rw------- 1 postfix mailsystem 1.1K Aug 26 16:28 > 1314372534.V801I166601cM615258.mail.net,S=1097:2, > -rw------- 1 postfix mailsystem 1.1K Aug 26 16:31 > 1314372685.V801I166601dM264242.mail.net,S=1097:2, > > Mails are being delivered with 0600 permissions and not 0660 (the > mails from courier seem to have all been 0770 as you can see). If I > manually change the permission (to 0660) then I can see the mail in > the MUA. > > After thinking for a while it occurred to me that this is covered in > the LDA section. But making changes to the config file (either > permissions or UID/GID) doesn't seem to make a difference. (Yes, I > did restart postfix and dovecot after the changes). > > Anyway, here is my dovecot -n: > > mail:~# dovecot -n > # 1.2.15: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 > log_timestamp: %Y-%m-%d %H:%M:%S > protocols: imap imaps pop3 pop3s > ssl_ca_file: /etc/ssl/keys/ca.crt > ssl_cert_file: /etc/ssl/keys/mail.net.crt > ssl_key_file: /etc/ssl/private/mail.net.key > disable_plaintext_auth: no > login_dir: /var/run/dovecot/login > login_executable(default): /usr/lib/dovecot/imap-login > login_executable(imap): /usr/lib/dovecot/imap-login > login_executable(pop3): /usr/lib/dovecot/pop3-login > mail_privileged_group: mailsystem > mail_location: maildir:/var/spool/mail/virtual/%d/%n > maildir_very_dirty_syncs: yes > mbox_write_locks: fcntl dotlock > mail_executable(default): /usr/lib/dovecot/imap > mail_executable(imap): /usr/lib/dovecot/imap > mail_executable(pop3): /usr/lib/dovecot/pop3 > mail_plugins(default): quota imap_quota > mail_plugins(imap): quota imap_quota > mail_plugins(pop3): quota > mail_plugin_dir(default): /usr/lib/dovecot/modules/imap > mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap > mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 > imap_client_workarounds(default): outlook-idle delay-newmail > imap_client_workarounds(imap): outlook-idle delay-newmail > imap_client_workarounds(pop3): > pop3_client_workarounds(default): > pop3_client_workarounds(imap): > pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh > lda: > postmaster_address: postmaster at net > mail_plugins: quota > log_path: > info_log_path: > deliver_log_format: msgid=%m: %f: %$ > auth default: > mechanisms: plain login > user: mailsystem > verbose: yes > passdb: > driver: sql > args: /etc/dovecot/dovecot-sql.conf > userdb: > driver: prefetch > userdb: > driver: static > args: uid=999 gid=115 home=/var/spool/mail/virtual/%d/%n > allow_all_users=yes > socket: > type: listen > client: > path: /var/spool/postfix/private/auth > mode: 432 > user: postfix > group: mailsystem > master: > path: /var/run/dovecot/auth-master > mode: 432 > user: mailsystem > group: mailsystem > plugin: > quota: maildir > > As you can see, I tried to go 0660 in both client and master. > > The portion of my master.cf > 81 # SPB - Attempt to deliver with Dovecot LDA > 82 dovecot unix - n n - - pipe > 83 flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f > ${sender} -d ${user}@${nexthop} > > Is there anything else I should include? > > I'm pretty sure it's an error on my part. I'm just not clued up > enough to know where. > > My second problem is that I thought I had things back to where they > were before I messed with chown and chmod, but now I get this in the > logs > > dovecot: dovecot: Fatal: > chdir(/var/spool/mail/virtual/domain.net/simon//) failed: Permission > denied (euid=999(mailsystem) egid=115(mailsystem) missing +x perm: > /var/spool/mail/virtual) > > But the ls on that is exactly the same as on the test server: > ls /var/spool/mail/virtual/ > total 44K > drwxrwS--- 11 postfix mailsystem 4.0K Aug 25 23:07 ./ > drwxrwsr-x 5 amavis mailsystem 4.0K Oct 19 2009 ../ > drwxrws--- 5 mailsystem mailsystem 4.0K Aug 26 02:33 domain.net/ > > So, now I'm stumped. I hope someone can spot the simple thing I've missed! > > Thanks. > > > Simon From jtam.home at gmail.com Sat Aug 27 02:57:18 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Fri, 26 Aug 2011 16:57:18 -0700 (PDT) Subject: [Dovecot] Catch22: user needs space to fix out of space condition In-Reply-To: References: Message-ID: Thanks to all who've made suggestions. It seems removing dotlocks as a locking method is the way to go. There is another dotlock locking variant mentioned in 10-mail.conf that seems to address this situation for those that can't get away from dotlocks: # dotlock_try: Same as dotlock, but if it fails because of permissions or # because there isn't enough disk space, just skip it. mbox_write_locks = dotlock_try fcntl Joseph Tam From simon.brereton at buongiorno.com Sat Aug 27 04:00:06 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Fri, 26 Aug 2011 21:00:06 -0400 Subject: [Dovecot] File Permissions and delivery In-Reply-To: <20110826193509.Horde.CZE5dJLnE6FOWC2tsEPBzxA@mail.patrickdk.com> References: <20110826193509.Horde.CZE5dJLnE6FOWC2tsEPBzxA@mail.patrickdk.com> Message-ID: On 26 August 2011 19:35, Patrick Domack wrote: > > My guess is your delivering email with postfix to the inbox, instead of using dovecot-lda. And something odd is going on with that postfix to get odd permissions like that. > > You probably needed to edit the postfix virtual deliever transport, or maybe you just forget to active the dovecot-lda (deliever) transport. That's why I included the portion from my master.cf The portion of my master.cf 81 # SPB - Attempt to deliver with Dovecot LDA 82 dovecot unix - n n - - pipe 83 flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} The numbers are just line numbers from vim. The entry reads like: # SPB - Attempt to deliver with Dovecot LDA dovecot unix - n n - - pipe flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} malsystem is the user and /usr/lib/dovecot/deliver exists. Simon > > Quoting Simon Brereton : > >> Hi >> >> I'm very new to Dovecot (been using Courier for 5 years), but I've been persuaded of the merits of Dovecot and since the server needs upgrading that seems like the perfect time/excuse. >> >> On a test server, I set up postfix and installed Dovecot (running 32-bit Debian Squeeze, installed from apt-get). ?I mirrored the mail store (Maildirs, for historical reasons located under /var/spool/mail/virtual/domain.com/user). ?Then I ran the courier migration perl script and everything was fine and dandy. >> >> However, when I can to do the production migration, things weren't as smooth. ?The new server is 64-bit (not that I think it makes a difference, but if you're going to help me you should have all the information :) >> >> Again, I installed Postfix and Dovecot >> Took down the old server >> Mirrored the Maildirs >> Ran the migration script >> Restarted everything >> >> At this point everything looked like it was ok. ?Mail was being received and delivered to the Maildirs and the IMAP login was fine. ?However, I noticed errors in the logs when retreiving mail with the MUA along the lines of: >> >> Aug 26 16:59:48 mail dovecot: IMAP(simon at lydiard.net): open(/var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +r perm: /var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) >> >> After messing around with the chown and chmod (even though these were exactly the same as the test server) I finally discovered the issue. >> >> mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/ >> -rwxrwx--- ?1 postfix mailsystem 2.5K Aug 26 03:33 1314326000.V801I1666018M803015.mail.net,S=2461:2, >> -rwxrwx--- ?1 postfix mailsystem 2.5K Aug 26 03:36 1314326209.V801I1666019M447273.mail.net,S=2460:2, >> -rw-rw---- ?1 postfix mailsystem 2.5K Aug 26 04:00 1314327630.V801I166601aM308173.mail.net,S=2477:2, >> -rw------- ?1 postfix mailsystem 2.5K Aug 26 04:22 1314328966.V801I166601bM756462.mail.net,S=2461:2, >> -rw------- ?1 postfix mailsystem 1.1K Aug 26 16:28 1314372534.V801I166601cM615258.mail.net,S=1097:2, >> -rw------- ?1 postfix mailsystem 1.1K Aug 26 16:31 1314372685.V801I166601dM264242.mail.net,S=1097:2, >> >> Mails are being delivered with 0600 permissions and not 0660 (the mails from courier seem to have all been 0770 as you can see). ?If I manually change the permission (to 0660) then I can see the mail in the MUA. >> >> After thinking for a while it occurred to me that this is covered in the LDA section. ?But making changes to the config file (either permissions or UID/GID) doesn't seem to make a difference. ?(Yes, I did restart postfix and dovecot after the changes). >> >> Anyway, here is my dovecot -n: >> >> mail:~# dovecot -n >> # 1.2.15: /etc/dovecot/dovecot.conf >> # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 >> log_timestamp: %Y-%m-%d %H:%M:%S >> protocols: imap imaps pop3 pop3s >> ssl_ca_file: /etc/ssl/keys/ca.crt >> ssl_cert_file: /etc/ssl/keys/mail.net.crt >> ssl_key_file: /etc/ssl/private/mail.net.key >> disable_plaintext_auth: no >> login_dir: /var/run/dovecot/login >> login_executable(default): /usr/lib/dovecot/imap-login >> login_executable(imap): /usr/lib/dovecot/imap-login >> login_executable(pop3): /usr/lib/dovecot/pop3-login >> mail_privileged_group: mailsystem >> mail_location: maildir:/var/spool/mail/virtual/%d/%n >> maildir_very_dirty_syncs: yes >> mbox_write_locks: fcntl dotlock >> mail_executable(default): /usr/lib/dovecot/imap >> mail_executable(imap): /usr/lib/dovecot/imap >> mail_executable(pop3): /usr/lib/dovecot/pop3 >> mail_plugins(default): quota imap_quota >> mail_plugins(imap): quota imap_quota >> mail_plugins(pop3): quota >> mail_plugin_dir(default): /usr/lib/dovecot/modules/imap >> mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap >> mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 >> imap_client_workarounds(default): outlook-idle delay-newmail >> imap_client_workarounds(imap): outlook-idle delay-newmail >> imap_client_workarounds(pop3): >> pop3_client_workarounds(default): >> pop3_client_workarounds(imap): >> pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh >> lda: >> ?postmaster_address: postmaster at net >> ?mail_plugins: quota >> ?log_path: >> ?info_log_path: >> ?deliver_log_format: msgid=%m: %f: %$ >> auth default: >> ?mechanisms: plain login >> ?user: mailsystem >> ?verbose: yes >> ?passdb: >> ? ?driver: sql >> ? ?args: /etc/dovecot/dovecot-sql.conf >> ?userdb: >> ? ?driver: prefetch >> ?userdb: >> ? ?driver: static >> ? ?args: uid=999 gid=115 home=/var/spool/mail/virtual/%d/%n allow_all_users=yes >> ?socket: >> ? ?type: listen >> ? ?client: >> ? ? ?path: /var/spool/postfix/private/auth >> ? ? ?mode: 432 >> ? ? ?user: postfix >> ? ? ?group: mailsystem >> ? ?master: >> ? ? ?path: /var/run/dovecot/auth-master >> ? ? ?mode: 432 >> ? ? ?user: mailsystem >> ? ? ?group: mailsystem >> plugin: >> ?quota: maildir >> >> As you can see, I tried to go 0660 in both client and master. >> >> The portion of my master.cf >> 81 # SPB - Attempt to deliver with Dovecot LDA >> ?82 dovecot ? unix ?- ? ? ? n ? ? ? n ? ? ? - ? ? ? - ? ? ? pipe >> ?83 ? flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} >> >> Is there anything else I should include? >> >> I'm pretty sure it's an error on my part. ?I'm just not clued up enough to know where. >> >> My second problem is that I thought I had things back to where they were before I messed with chown and chmod, but now I get this in the logs >> >> dovecot: dovecot: Fatal: chdir(/var/spool/mail/virtual/domain.net/simon//) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +x perm: /var/spool/mail/virtual) >> >> But the ls on that is exactly the same as on the test server: >> ls /var/spool/mail/virtual/ >> total 44K >> drwxrwS--- 11 postfix ? ?mailsystem 4.0K Aug 25 23:07 ./ >> drwxrwsr-x ?5 amavis ? ? mailsystem 4.0K Oct 19 ?2009 ../ >> drwxrws--- ?5 mailsystem mailsystem 4.0K Aug 26 02:33 domain.net/ >> >> So, now I'm stumped. ?I hope someone can spot the simple thing I've missed! >> >> Thanks. >> >> >> Simon > > > From jtam.home at gmail.com Sat Aug 27 04:30:01 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Fri, 26 Aug 2011 18:30:01 -0700 (PDT) Subject: [Dovecot] Catch22: user needs space to fix out of space condition In-Reply-To: References: Message-ID: On Fri, 26 Aug 2011, Joseph Tam wrote: > Thanks to all who've made suggestions. It seems removing dotlocks as > a locking method is the way to go. Actually, this gives me pause that maybe I should not enirely remove the dotlocking method http://mailman2.u.washington.edu/pipermail/alpine-info/2008-July/000996.html Any comments on the (sole) use of POSIX fcntl() type locking? Joseph Tam From patrickdk at patrickdk.com Sat Aug 27 04:51:36 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Fri, 26 Aug 2011 21:51:36 -0400 Subject: [Dovecot] File Permissions and delivery In-Reply-To: References: <20110826193509.Horde.CZE5dJLnE6FOWC2tsEPBzxA@mail.patrickdk.com> Message-ID: <20110826215136.Horde.HKEQbJLnE6FOWE2oep1l82A@mail.patrickdk.com> Just adding that won't make dovecot use it though, you would have to include the postconf -n output. Normally something like virtual_transport=dovecot Quoting Simon Brereton : > On 26 August 2011 19:35, Patrick Domack wrote: >> >> My guess is your delivering email with postfix to the inbox, >> instead of using dovecot-lda. And something odd is going on with >> that postfix to get odd permissions like that. >> >> You probably needed to edit the postfix virtual deliever transport, >> or maybe you just forget to active the dovecot-lda (deliever) >> transport. > > > That's why I included the portion from my master.cf > > > The portion of my master.cf > 81 # SPB - Attempt to deliver with Dovecot LDA > 82 dovecot unix - n n - - pipe > 83 flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f > ${sender} -d ${user}@${nexthop} > > The numbers are just line numbers from vim. The entry reads like: > > # SPB - Attempt to deliver with Dovecot LDA > dovecot unix - n n - - pipe > flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f > ${sender} -d ${user}@${nexthop} > > malsystem is the user and /usr/lib/dovecot/deliver exists. > > > Simon > > > >> >> Quoting Simon Brereton : >> >>> Hi >>> >>> I'm very new to Dovecot (been using Courier for 5 years), but I've >>> been persuaded of the merits of Dovecot and since the server needs >>> upgrading that seems like the perfect time/excuse. >>> >>> On a test server, I set up postfix and installed Dovecot (running >>> 32-bit Debian Squeeze, installed from apt-get). ?I mirrored the >>> mail store (Maildirs, for historical reasons located under >>> /var/spool/mail/virtual/domain.com/user). ?Then I ran the courier >>> migration perl script and everything was fine and dandy. >>> >>> However, when I can to do the production migration, things weren't >>> as smooth. ?The new server is 64-bit (not that I think it makes a >>> difference, but if you're going to help me you should have all the >>> information :) >>> >>> Again, I installed Postfix and Dovecot >>> Took down the old server >>> Mirrored the Maildirs >>> Ran the migration script >>> Restarted everything >>> >>> At this point everything looked like it was ok. ?Mail was being >>> received and delivered to the Maildirs and the IMAP login was >>> fine. ?However, I noticed errors in the logs when retreiving mail >>> with the MUA along the lines of: >>> >>> Aug 26 16:59:48 mail dovecot: IMAP(simon at lydiard.net): >>> open(/var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +r perm: >>> /var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) >>> >>> After messing around with the chown and chmod (even though these >>> were exactly the same as the test server) I finally discovered the >>> issue. >>> >>> mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/ >>> -rwxrwx--- ?1 postfix mailsystem 2.5K Aug 26 03:33 >>> 1314326000.V801I1666018M803015.mail.net,S=2461:2, >>> -rwxrwx--- ?1 postfix mailsystem 2.5K Aug 26 03:36 >>> 1314326209.V801I1666019M447273.mail.net,S=2460:2, >>> -rw-rw---- ?1 postfix mailsystem 2.5K Aug 26 04:00 >>> 1314327630.V801I166601aM308173.mail.net,S=2477:2, >>> -rw------- ?1 postfix mailsystem 2.5K Aug 26 04:22 >>> 1314328966.V801I166601bM756462.mail.net,S=2461:2, >>> -rw------- ?1 postfix mailsystem 1.1K Aug 26 16:28 >>> 1314372534.V801I166601cM615258.mail.net,S=1097:2, >>> -rw------- ?1 postfix mailsystem 1.1K Aug 26 16:31 >>> 1314372685.V801I166601dM264242.mail.net,S=1097:2, >>> >>> Mails are being delivered with 0600 permissions and not 0660 (the >>> mails from courier seem to have all been 0770 as you can see). ?If >>> I manually change the permission (to 0660) then I can see the mail >>> in the MUA. >>> >>> After thinking for a while it occurred to me that this is covered >>> in the LDA section. ?But making changes to the config file (either >>> permissions or UID/GID) doesn't seem to make a difference. ?(Yes, >>> I did restart postfix and dovecot after the changes). >>> >>> Anyway, here is my dovecot -n: >>> >>> mail:~# dovecot -n >>> # 1.2.15: /etc/dovecot/dovecot.conf >>> # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 >>> log_timestamp: %Y-%m-%d %H:%M:%S >>> protocols: imap imaps pop3 pop3s >>> ssl_ca_file: /etc/ssl/keys/ca.crt >>> ssl_cert_file: /etc/ssl/keys/mail.net.crt >>> ssl_key_file: /etc/ssl/private/mail.net.key >>> disable_plaintext_auth: no >>> login_dir: /var/run/dovecot/login >>> login_executable(default): /usr/lib/dovecot/imap-login >>> login_executable(imap): /usr/lib/dovecot/imap-login >>> login_executable(pop3): /usr/lib/dovecot/pop3-login >>> mail_privileged_group: mailsystem >>> mail_location: maildir:/var/spool/mail/virtual/%d/%n >>> maildir_very_dirty_syncs: yes >>> mbox_write_locks: fcntl dotlock >>> mail_executable(default): /usr/lib/dovecot/imap >>> mail_executable(imap): /usr/lib/dovecot/imap >>> mail_executable(pop3): /usr/lib/dovecot/pop3 >>> mail_plugins(default): quota imap_quota >>> mail_plugins(imap): quota imap_quota >>> mail_plugins(pop3): quota >>> mail_plugin_dir(default): /usr/lib/dovecot/modules/imap >>> mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap >>> mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 >>> imap_client_workarounds(default): outlook-idle delay-newmail >>> imap_client_workarounds(imap): outlook-idle delay-newmail >>> imap_client_workarounds(pop3): >>> pop3_client_workarounds(default): >>> pop3_client_workarounds(imap): >>> pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh >>> lda: >>> ?postmaster_address: postmaster at net >>> ?mail_plugins: quota >>> ?log_path: >>> ?info_log_path: >>> ?deliver_log_format: msgid=%m: %f: %$ >>> auth default: >>> ?mechanisms: plain login >>> ?user: mailsystem >>> ?verbose: yes >>> ?passdb: >>> ? ?driver: sql >>> ? ?args: /etc/dovecot/dovecot-sql.conf >>> ?userdb: >>> ? ?driver: prefetch >>> ?userdb: >>> ? ?driver: static >>> ? ?args: uid=999 gid=115 home=/var/spool/mail/virtual/%d/%n >>> allow_all_users=yes >>> ?socket: >>> ? ?type: listen >>> ? ?client: >>> ? ? ?path: /var/spool/postfix/private/auth >>> ? ? ?mode: 432 >>> ? ? ?user: postfix >>> ? ? ?group: mailsystem >>> ? ?master: >>> ? ? ?path: /var/run/dovecot/auth-master >>> ? ? ?mode: 432 >>> ? ? ?user: mailsystem >>> ? ? ?group: mailsystem >>> plugin: >>> ?quota: maildir >>> >>> As you can see, I tried to go 0660 in both client and master. >>> >>> The portion of my master.cf >>> 81 # SPB - Attempt to deliver with Dovecot LDA >>> ?82 dovecot ? unix ?- ? ? ? n ? ? ? n ? ? ? - ? ? ? - ? ? ? pipe >>> ?83 ? flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f >>> ${sender} -d ${user}@${nexthop} >>> >>> Is there anything else I should include? >>> >>> I'm pretty sure it's an error on my part. ?I'm just not clued up >>> enough to know where. >>> >>> My second problem is that I thought I had things back to where >>> they were before I messed with chown and chmod, but now I get this >>> in the logs >>> >>> dovecot: dovecot: Fatal: >>> chdir(/var/spool/mail/virtual/domain.net/simon//) failed: >>> Permission denied (euid=999(mailsystem) egid=115(mailsystem) >>> missing +x perm: /var/spool/mail/virtual) >>> >>> But the ls on that is exactly the same as on the test server: >>> ls /var/spool/mail/virtual/ >>> total 44K >>> drwxrwS--- 11 postfix ? ?mailsystem 4.0K Aug 25 23:07 ./ >>> drwxrwsr-x ?5 amavis ? ? mailsystem 4.0K Oct 19 ?2009 ../ >>> drwxrws--- ?5 mailsystem mailsystem 4.0K Aug 26 02:33 domain.net/ >>> >>> So, now I'm stumped. ?I hope someone can spot the simple thing I've missed! >>> >>> Thanks. >>> >>> >>> Simon >> >> >> From alex at ahhyes.net Sat Aug 27 05:18:50 2011 From: alex at ahhyes.net (=?utf-8?B?YWxleEBhaGh5ZXMubmV0?=) Date: Sat, 27 Aug 2011 12:18:50 +1000 Subject: [Dovecot] =?utf-8?q?limiting_number_of_incorrect_logins_per_conne?= =?utf-8?q?ction?= Message-ID: Thanks for that. I will change it and recompile. Sorry for the grumpyness yesterday in my posts. Was having a bad day. Is there any chance of there being an option on future versions that allow a number of failed auth attempts to be specified before dropping the connection? The other thread you mentioned, I see someone devised a small patch in c to add this functionality. It didnt look like a lot of code to do it. What are your thoughts? ----- Reply message ----- From: "Timo Sirainen" Date: Sat, Aug 27, 2011 02:30 Subject: [Dovecot] limiting number of incorrect logins per connection To: "Alex" Cc: login-common/client-common.h : #define CLIENT_LOGIN_TIMEOUT_MSECS (MASTER_LOGIN_TIMEOUT_SECS*1000) So set it to (45*60*1000) But I don't think there's much of a practical difference between these. On 26.8.2011, at 12.07, Alex wrote: > 3 minutes! I think that's too long, how can I drop that down to about 45 seconds? > > > On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote: >> On 26.8.2011, at 10.25, Alex wrote: >> >>> Running Dovecot 2 on my server. It is regularly getting dictionary auth attacked. What I have noticed is that once connected to a pop3/imap login session, you can send endless incorrect usernames+passwords attempts. This is a problem for me... I use fail2ban to try and stop these script kiddies. The problem is that fail2ban detects the bad auths, firewalls the IP, however, since it's an "established" session, the attacker can keep authing away... It's only on a subsequent (new) connection that the firewalling will take effect. >> >> Umm. If client hasn't managed to log in in 3 minutes, it's >> disconnected (no matter what it does with the connection). > From clements at brinckerhoff.org Fri Aug 26 21:38:08 2011 From: clements at brinckerhoff.org (John Clements) Date: Fri, 26 Aug 2011 11:38:08 -0700 Subject: [Dovecot] occasional dovecot crash, core captured but no symbol table info? Message-ID: <2C44F103-A69A-4322-B746-59F6615D3DD0@brinckerhoff.org> Dovecot is crashing occasionally for me. Today it crashed six times in quick succession, as I fired up a computer (Mac) I hadn't used in a while, and my mail application (Apple Mail) tried to synchronize many large mailboxes. The log entries look like this: Aug 26 10:26:15 computer dovecot: dovecot: child 23223 (imap) killed with signal 6 (core dumped) Aug 26 10:26:30 computer dovecot: IMAP(granitemon): Panic: file istream-raw-mbox.c: line 583 (istream_raw_mbox_get_body_size): assertion failed: (rstream->body_offset != (uoff_t)-1) Aug 26 10:26:30 computer dovecot: IMAP(granitemon): Raw backtrace: imap() [0x80f0e1e] -> imap() [0x80f0e82] -> imap() [0x80f0809] -> imap(istream_raw_mbox_get_body_size+0x407) [0x8092f47] -> imap(istream_raw_mbox_next+0x25) [0x8093025] -> imap(istream_raw_mbox_seek+0x1f3) [0x8093323] -> imap(mbox_file_seek+0x55) [0x8093745] -> imap() [0x8095852] -> imap() [0x8095c8d] -> imap(index_mail_set_seq+0x153) [0x80a35c3] -> imap() [0x8095fb9] -> imap(index_storage_search_next_nonblock+0x13b) [0x80a763b] -> imap(mailbox_search_next_nonblock+0x2a) [0x80b5c1a] -> imap(mailbox_search_next+0x28) [0x80b5c68] -> imap(imap_fetch_more+0x274) [0x806a4c4] -> imap() [0x8062665] -> imap() [0x806753f] -> imap(client_output+0xeb) [0x806862b] -> imap() [0x810007e] -> imap(io_loop_handler_run+0xd6) [0x80f9aa6] -> imap(io_loop_run+0x20) [0x80f8f20] -> imap(main+0x5b4) [0x8070f24] -> /lib/i686/cmov/libc.so.6(__libc_start_main+0xe6) [0xb75f3c76] -> imap() [0x80603a1] Aug 26 10:26:30 computer dovecot: dovecot: child 23228 (imap) killed with signal 6 (core dumped) Here's the output of dovecot -n: clements at computer:/home/granitemon$ sudo dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-686 i686 Debian 6.0.2 log_timestamp: %Y-%m-%d %H:%M:%S login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mbox_write_locks: fcntl dotlock lda: postmaster_address: postmaster at brinckerhoff.org mail_plugins: sieve auth default: passdb: driver: pam userdb: driver: passwd ... this is the version associated with debian stable. Finally, since I had coredumps enabled, I'm in a position to provide 'bt full', but it looks like my binaries are stripped, so I'm not getting source code line numbers. granitemon at computer:~$ gdb /usr/lib/dovecot/imap ./core GNU gdb (GDB) 7.0.1-debian Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu". For bug reporting instructions, please see: ... Reading symbols from /usr/lib/dovecot/imap...(no debugging symbols found)...done. warning: Can't read pathname for load map: Input/output error. Reading symbols from /lib/i686/cmov/libdl.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/i686/cmov/libdl.so.2 Reading symbols from /usr/lib/libldap_r-2.4.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libldap_r-2.4.so.2 Reading symbols from /lib/i686/cmov/librt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/i686/cmov/librt.so.1 Reading symbols from /lib/i686/cmov/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/i686/cmov/libc.so.6 Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /usr/lib/liblber-2.4.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/liblber-2.4.so.2 Reading symbols from /lib/i686/cmov/libresolv.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/i686/cmov/libresolv.so.2 Reading symbols from /usr/lib/libsasl2.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libsasl2.so.2 Reading symbols from /usr/lib/libgnutls.so.26...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgnutls.so.26 Reading symbols from /lib/i686/cmov/libpthread.so.0...(no debugging symbols found)...done. Loaded symbols for /lib/i686/cmov/libpthread.so.0 Reading symbols from /usr/lib/libtasn1.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libtasn1.so.3 Reading symbols from /usr/lib/libz.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libz.so.1 Reading symbols from /usr/lib/libgcrypt.so.11...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgcrypt.so.11 Reading symbols from /usr/lib/libgpg-error.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgpg-error.so.0 Reading symbols from /lib/i686/cmov/libnss_compat.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/i686/cmov/libnss_compat.so.2 Reading symbols from /lib/i686/cmov/libnsl.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/i686/cmov/libnsl.so.1 Reading symbols from /lib/i686/cmov/libnss_nis.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/i686/cmov/libnss_nis.so.2 Reading symbols from /lib/i686/cmov/libnss_files.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/i686/cmov/libnss_files.so.2 Reading symbols from /lib/libgcc_s.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libgcc_s.so.1 Core was generated by `imap'. Program terminated with signal 6, Aborted. #0 0xb7788424 in __kernel_vsyscall () (gdb) bt full #0 0xb7788424 in __kernel_vsyscall () No symbol table info available. #1 0xb7607751 in raise () from /lib/i686/cmov/libc.so.6 No symbol table info available. #2 0xb760ab82 in abort () from /lib/i686/cmov/libc.so.6 No symbol table info available. #3 0x080f0e2e in ?? () No symbol table info available. #4 0x080f0e82 in ?? () No symbol table info available. #5 0x080f0809 in i_panic () No symbol table info available. #6 0x08092f47 in istream_raw_mbox_get_body_size () No symbol table info available. #7 0x08093025 in istream_raw_mbox_next () No symbol table info available. #8 0x08093323 in istream_raw_mbox_seek () No symbol table info available. #9 0x08093745 in mbox_file_seek () No symbol table info available. #10 0x08095852 in ?? () No symbol table info available. #11 0x08095c8d in ?? () No symbol table info available. #12 0x080a35c3 in index_mail_set_seq () No symbol table info available. #13 0x08095fb9 in ?? () No symbol table info available. #14 0x080a763b in index_storage_search_next_nonblock () No symbol table info available. #15 0x080b5c1a in mailbox_search_next_nonblock () No symbol table info available. #16 0x080b5c68 in mailbox_search_next () No symbol table info available. #17 0x0806a4c4 in imap_fetch_more () No symbol table info available. #18 0x08062665 in ?? () No symbol table info available. #19 0x0806753f in ?? () No symbol table info available. #20 0x0806862b in client_output () No symbol table info available. #21 0x0810007e in ?? () No symbol table info available. #22 0x080f9aa6 in io_loop_handler_run () ---Type to continue, or q to quit--- No symbol table info available. #23 0x080f8f20 in io_loop_run () No symbol table info available. #24 0x08070f24 in main () No symbol table info available. (gdb) q Does anyone have any suggestions, here? Many thanks in advance; let me know if I can provide more information! All the best, John Clements -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4624 bytes Desc: not available URL: From mailing at securitylabs.it Sat Aug 27 08:30:51 2011 From: mailing at securitylabs.it (mailing at securitylabs.it) Date: Sat, 27 Aug 2011 07:30:51 +0200 Subject: [Dovecot] occasional dovecot crash, core captured but no symbol table info? In-Reply-To: <2C44F103-A69A-4322-B746-59F6615D3DD0@brinckerhoff.org> References: <2C44F103-A69A-4322-B746-59F6615D3DD0@brinckerhoff.org> Message-ID: <4E58810B.2040507@securitylabs.it> Il 26/08/2011 20:38, John Clements ha scritto: > Dovecot is crashing occasionally for me. Today it crashed six times in quick succession, as I fired up a computer (Mac) I hadn't used in a while, and my mail application (Apple Mail) tried to synchronize many large mailboxes. > > The log entries look like this: > > Aug 26 10:26:15 computer dovecot: dovecot: child 23223 (imap) killed with signal 6 (core dumped) > Aug 26 10:26:30 computer dovecot: IMAP(granitemon): Panic: file istream-raw-mbox.c: line 583 (istream_raw_mbox_get_body_size): assertion failed: (rstream->body_offset != (uoff_t)-1) Hello, http://www.dovecot.org/list/dovecot/2010-March/047426.html dunno if it has been fixed in 1.2.16 or 1.2.17, you may try to upgrade to 1.2.17 or apply the above patch. From aoeudovecot at brinckerhoff.org Sat Aug 27 19:57:48 2011 From: aoeudovecot at brinckerhoff.org (John Clements) Date: Sat, 27 Aug 2011 09:57:48 -0700 Subject: [Dovecot] occasional dovecot crash, core captured but no symbol table info? In-Reply-To: <4E58810B.2040507@securitylabs.it> References: <2C44F103-A69A-4322-B746-59F6615D3DD0@brinckerhoff.org> <4E58810B.2040507@securitylabs.it> Message-ID: <558754BD-AB19-402C-887C-66E1BC209F2F@brinckerhoff.org> On Aug 26, 2011, at 10:30 PM, mailing at securitylabs.it wrote: > Il 26/08/2011 20:38, John Clements ha scritto: >> Dovecot is crashing occasionally for me. Today it crashed six times in quick succession, as I fired up a computer (Mac) I hadn't used in a while, and my mail application (Apple Mail) tried to synchronize many large mailboxes. >> >> The log entries look like this: >> >> Aug 26 10:26:15 computer dovecot: dovecot: child 23223 (imap) killed with signal 6 (core dumped) >> Aug 26 10:26:30 computer dovecot: IMAP(granitemon): Panic: file istream-raw-mbox.c: line 583 (istream_raw_mbox_get_body_size): assertion failed: (rstream->body_offset != (uoff_t)-1) > > Hello, > > http://www.dovecot.org/list/dovecot/2010-March/047426.html > > dunno if it has been fixed in 1.2.16 or 1.2.17, you may try to upgrade to 1.2.17 or apply the above patch. Thanks for googling that for me... :) The tone of that message suggests that this core dump is probably not associated with data loss; any idea if that's true? Thanks and apologies for not doing enough homework, John Clements From pelle2004 at hotmail.com Sat Aug 27 17:54:00 2011 From: pelle2004 at hotmail.com (Pelle Svensson) Date: Sat, 27 Aug 2011 16:54:00 +0200 Subject: [Dovecot] Virtual user and post-login 2.0.13 In-Reply-To: <4E57E8CE.1020808@datahelper.com> References: , <4E57E8CE.1020808@datahelper.com> Message-ID: Yes and No! After applied the patch and changed settings it started to work. But there seems to be things that is not right. Evolution makes sever attempts to login -> all with socket closed If I remove the script (see below) THEN IT'S OKAY. dovecot is executed as root. dovecot.conf ======== protocols = imap pop3 base_dir = /var/run/dovecot/ #base_dir = /home/fetchmail/ log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot-info.log ssl = no # v1.2+, for older versions use: ssl_disable = yes disable_plaintext_auth = no mail_location = maildir:/home/fetchmail/mailroot/dummy pop3_uidl_format = %08Xu%08Xv !include conf.d/*.conf !include_try local.conf mail_uid=500 mail_gid=500 auth_verbose = yes auth_debug=yes auth_debug_passwords=yes mail_debug=yes service imap { executable = imap imap-postlogin } service imap-postlogin { executable = script-login /home/fetchmail/dovecot-postlogin.sh unix_listener imap-postlogin { } } dovecot-postlogin.sh (executed as root) ============= #!/bin/sh date >>/home/fetchmail/script.log kill -s 10 `cat /home/fetchmail/.fetchmail.pid | head -n 1` >>/home/fetchmail/script.log exit 0 script.log ====== Sat Aug 27 16:04:41 CEST 2011 Sat Aug 27 16:04:41 CEST 2011 Sat Aug 27 16:04:41 CEST 2011 Wireshark ======= 5 0.001422 192.168.1. 192.168.1. TCP 46940 > imap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSV=16435269 TSER=0 WS=7 6 0.001641 192.168.1. 192.168.1. TCP imap > 46940 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 SACK_PERM=1 TSV=189223554 TSER=16435269 WS=7 7 0.001666 192.168.1. 192.168.1. TCP 46940 > imap [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=16435269 TSER=189223554 8 0.055 192.168.1. 192.168.1. IMAP Response: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. 9 0.052267 192.168.1. 192.168.1. TCP 46940 > imap [ACK] Seq=1 Ack=104 Win=5888 Len=0 TSV=16435320 TSER=189223605 10 0.055497 192.168.1. 192.168.1. IMAP Request: A00000 CAPABILITY 11 0.055724 192.168.1. 192.168.1. TCP imap > 46940 [ACK] Seq=104 Ack=20 Win=5888 Len=0 TSV=189223609 TSER=16435324 12 0.055930 192.168.1. 192.168.1. IMAP Response: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN 13 0.095377 192.168.1. 192.168.1. TCP 46940 > imap [ACK] Seq=20 Ack=264 Win=6912 Len=0 TSV=16435364 TSER=189223609 14 0.344714 192.168.1. 192.168.1. IMAP Request: A00001 LOGIN 15 0.378516 192.168.1. 192.168.1. TCP imap > 46940 [FIN, ACK] Seq=264 Ack=60 Win=5888 Len=0 TSV=189223931 TSER=16435613 16 0.378630 192.168.1. 192.168.1. TCP 46940 > imap [FIN, ACK] Seq=60 Ack=265 Win=6912 Len=0 TSV=16435647 TSER=189223931 17 0.378922 192.168.1. 192.168.1. TCP imap > 46940 [ACK] Seq=265 Ack=61 Win=5888 Len=0 TSV=189223932 TSER=16435647 22 0.380520 192.168.1. 192.168.1. TCP 46941 > imap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSV=16435649 TSER=0 WS=7 23 0.380776 192.168.1. 192.168.1. TCP imap > 46941 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 SACK_PERM=1 TSV=189223934 TSER=16435649 WS=7 24 0.380796 192.168.1. 192.168.1. TCP 46941 > imap [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=16435649 TSER=189223934 25 0.392120 192.168.1. 192.168.1. IMAP Response: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. 26 0.392148 192.168.1. 192.168.1. TCP 46941 > imap [ACK] Seq=1 Ack=104 Win=5888 Len=0 TSV=16435660 TSER=189223945 27 0.392197 192.168.1. 192.168.1. IMAP Request: A00000 CAPABILITY 28 0.392528 192.168.1. 192.168.1. TCP imap > 46941 [ACK] Seq=104 Ack=20 Win=5888 Len=0 TSV=189223945 TSER=16435660 29 0.392529 192.168.1. 192.168.1. IMAP Response: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN 30 0.394038 192.168.1. 192.168.1. IMAP Request: A00001 LOGIN 31 0.431080 192.168.1. 192.168.1. TCP imap > 46941 [FIN, ACK] Seq=264 Ack=60 Win=5888 Len=0 TSV=189223984 TSER=16435662 32 0.431175 192.168.1. 192.168.1. TCP 46941 > imap [FIN, ACK] Seq=60 Ack=265 Win=6912 Len=0 TSV=16435699 TSER=189223984 33 0.431487 192.168.1. 192.168.1. TCP imap > 46941 [ACK] Seq=265 Ack=61 Win=5888 Len=0 TSV=189223984 TSER=16435699 38 0.433085 192.168.1. 192.168.1. TCP 46942 > imap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSV=16435701 TSER=0 WS=7 39 0.433373 192.168.1. 192.168.1. TCP imap > 46942 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 SACK_PERM=1 TSV=189223986 TSER=16435701 WS=7 40 0.433400 192.168.1. 192.168.1. TCP 46942 > imap [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=16435702 TSER=189223986 41 0.444437 192.168.1. 192.168.1. IMAP Response: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. 42 0.444460 192.168.1. 192.168.1. TCP 46942 > imap [ACK] Seq=1 Ack=104 Win=5888 Len=0 TSV=16435713 TSER=189223997 43 0.444513 192.168.1. 192.168.1. IMAP Request: A00000 CAPABILITY 44 0.444845 192.168.1. 192.168.1. TCP imap > 46942 [ACK] Seq=104 Ack=20 Win=5888 Len=0 TSV=189223997 TSER=16435713 45 0.445050 192.168.1. 192.168.1. IMAP Response: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN 46 0.445088 192.168.1. 192.168.1. IMAP Request: A00001 LOGIN 47 0.478720 192.168.1. 192.168.1. TCP imap > 46942 [FIN, ACK] Seq=264 Ack=60 Win=5888 Len=0 TSV=189224031 TSER=16435713 48 0.478773 192.168.1. 192.168.1. TCP 46942 > imap [FIN, ACK] Seq=60 Ack=265 Win=6912 Len=0 TSV=16435747 TSER=189224031 49 0.479127 192.168.1. 192.168.1. TCP imap > 46942 [ACK] Seq=265 Ack=61 Win=5888 Len=0 TSV=189224032 TSER=16435747 dovecot-info.log ========== Aug 27 16:04:21 master: Info: Dovecot v2.0.13 starting up (core dumps disabled) Aug 27 16:04:41 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Aug 27 16:04:41 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Aug 27 16:04:41 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Aug 27 16:04:41 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Aug 27 16:04:41 auth: Debug: passwd-file /etc/dovecot/users: Read 3 users Aug 27 16:04:41 auth: Debug: auth client connected (pid=9059) Aug 27 16:04:41 auth: Debug: client in: AUTH 1 PLAIN service=imap lip=192.168.1. rip=192.168.1. lport=143 rport=46940 resp=AHBtcEBicmVkYmFuZC5uZXQAQWc4MkltYXA= Aug 27 16:04:41 auth: Debug: passwd-file(,192.168.1.): lookup: user= file=/etc/dovecot/users Aug 27 16:04:41 auth: Debug: auth(,192.168.1.): allow_nets: Matching for network 192.168.1.0/24 Aug 27 16:04:41 auth: Debug: client out: OK 1 user= Aug 27 16:04:41 auth: Debug: master in: REQUEST 927727617 9059 1 c568e08d3d68829bca50fda1a4f8ed97 Aug 27 16:04:41 auth: Debug: passwd-file(,192.168.1.): lookup: user= file=/etc/dovecot/users Aug 27 16:04:41 auth: Debug: master out: USER 927727617 uid=500 gid=500 home=/home/fetchmail mail=maildir:/home/fetchmail/mailroot/ Aug 27 16:04:41 imap-login: Info: Login: user=<>, method=PLAIN, rip=192.168.1., lip=192.168.1., mpid=9061 Aug 27 16:04:41 script-login: Debug: Added userdb setting: mail=maildir:/home/fetchmail/mailroot/ Aug 27 16:04:41 imap(): Info: Post-login script denied access to user Aug 27 16:04:41 auth: Debug: auth client connected (pid=9067) Aug 27 16:04:41 auth: Debug: client in: AUTH 1 PLAIN service=imap lip=192.168.1. rip=192.168.1. lport=143 rport=46941 resp=AHBtcEBicmVkYmFuZC5uZXQAQWc4MkltYXA= Aug 27 16:04:41 auth: Debug: passwd-file(,192.168.1.): lookup: user= file=/etc/dovecot/users Aug 27 16:04:41 auth: Debug: auth(,192.168.1.): allow_nets: Matching for network 192.168.1.0/24 Aug 27 16:04:41 auth: Debug: client out: OK 1 user= Aug 27 16:04:41 auth: Debug: master in: REQUEST 1678376961 9067 1 cb882af650f4f063315e94b62647e68f Aug 27 16:04:41 auth: Debug: passwd-file(,192.168.1.): lookup: user= file=/etc/dovecot/users Aug 27 16:04:41 auth: Debug: master out: USER 1678376961 uid=500 gid=500 home=/home/fetchmail mail=maildir:/home/fetchmail/mailroot/ Aug 27 16:04:41 imap-login: Info: Login: user=<>, method=PLAIN, rip=192.168.1., lip=192.168.1., mpid=9068 Aug 27 16:04:41 script-login: Debug: Added userdb setting: mail=maildir:/home/fetchmail/mailroot/ Aug 27 16:04:41 imap(): Info: Post-login script denied access to user Aug 27 16:04:41 auth: Debug: auth client connected (pid=9074) Aug 27 16:04:41 auth: Debug: client in: AUTH 1 PLAIN service=imap lip=192.168.1. rip=192.168.1. lport=143 rport=46942 resp=AHBtcEBicmVkYmFuZC5uZXQAQWc4MkltYXA= Aug 27 16:04:41 auth: Debug: passwd-file(,192.168.1.): lookup: user= file=/etc/dovecot/users Aug 27 16:04:41 auth: Debug: auth(,192.168.1.): allow_nets: Matching for network 192.168.1.0/24 Aug 27 16:04:41 auth: Debug: client out: OK 1 user= Aug 27 16:04:41 auth: Debug: master in: REQUEST 1091174401 9074 1 9c488b8afd276e661170f65f0e8d0a2c Aug 27 16:04:41 auth: Debug: passwd-file(,192.168.1.): lookup: user= file=/etc/dovecot/users Aug 27 16:04:41 auth: Debug: master out: USER 1091174401 uid=500 gid=500 home=/home/fetchmail mail=maildir:/home/fetchmail/mailroot/ Aug 27 16:04:41 imap-login: Info: Login: user=<>, method=PLAIN, rip=192.168.1., lip=192.168.1., mpid=9075 Aug 27 16:04:41 script-login: Debug: Added userdb setting: mail=maildir:/home/fetchmail/mailroot/ Aug 27 16:04:41 imap(): Info: Post-login script denied access to user dovecot.log ======== ######################################## ############## No without script ############### ######################################## dovecot.conf ======== protocols = imap pop3 base_dir = /var/run/dovecot/ #base_dir = /home/fetchmail/ log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot-info.log ssl = no # v1.2+, for older versions use: ssl_disable = yes disable_plaintext_auth = no mail_location = maildir:/home/fetchmail/mailroot/dummy pop3_uidl_format = %08Xu%08Xv !include conf.d/*.conf !include_try local.conf mail_uid=500 mail_gid=500 auth_verbose = yes auth_debug=yes auth_debug_passwords=yes mail_debug=yes #service imap { # executable = imap imap-postlogin #} #service imap-postlogin { # executable = script-login /home/fetchmail/dovecot-postlogin.sh # unix_listener imap-postlogin { # } #} Wireshark ======= 25 7.624239 192.168.1. 192.168.1. TCP 54240 > imap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSV=18242752 TSER=0 WS=7 26 7.624457 192.168.1. 192.168.1. TCP imap > 54240 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 SACK_PERM=1 TSV=191031128 TSER=18242752 WS=7 27 7.624482 192.168.1. 192.168.1. TCP 54240 > imap [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=18242752 TSER=191031128 28 7.675570 192.168.1. 192.168.1. IMAP Response: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. 29 7.675608 192.168.1. 192.168.1. TCP 54240 > imap [ACK] Seq=1 Ack=104 Win=5888 Len=0 TSV=18242804 TSER=191031179 30 7.675716 192.168.1. 192.168.1. IMAP Request: A00000 CAPABILITY 31 7.675977 192.168.1. 192.168.1. TCP imap > 54240 [ACK] Seq=104 Ack=20 Win=5888 Len=0 TSV=191031179 TSER=18242804 32 7.676181 192.168.1. 192.168.1. IMAP Response: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN 33 7.715281 192.168.1. 192.168.1. TCP 54240 > imap [ACK] Seq=20 Ack=264 Win=6912 Len=0 TSV=18242844 TSER=191031180 34 7.924499 192.168.1. 192.168.1. IMAP Request: A00001 LOGIN 35 7.936249 192.168.1. 192.168.1. IMAP Response: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS 36 7.936292 192.168.1. 192.168.1. TCP 54240 > imap [ACK] Seq=60 Ack=555 Win=8064 Len=0 TSV=18243065 TSER=191031439 37 7.936406 192.168.1. 192.168.1. IMAP Request: A00002 LIST "" "" 38 7.936864 192.168.1. 192.168.1. IMAP Response: * LIST (\Noselect) "." "" 39 7.936951 192.168.1. 192.168.1. IMAP Request: A00003 LIST "" {1+} 40 7.937715 192.168.1. 192.168.1. IMAP Response: * LIST (\HasNoChildren) "." "Trash" 41 7.937987 192.168.1. 192.168.1. IMAP Request: A00004 LSUB "" {1+} 42 7.938655 192.168.1. 192.168.1. IMAP Response: * LSUB () "." "INBOX" 43 7.938903 192.168.1. 192.168.1. IMAP Request: A00005 LIST "" {1+} 44 7.939538 192.168.1. 192.168.1. IMAP Response: * LIST (\HasNoChildren) "." "Trash" 45 7.939781 192.168.1. 192.168.1. IMAP Request: A00006 LSUB "" {1+} 46 7.940370 192.168.1. 192.168.1. IMAP Response: * LSUB () "." "INBOX" 47 7.980409 192.168.1. 192.168.1. TCP 54240 > imap [ACK] Seq=175 Ack=2853 Win=13312 Len=0 TSV=18243109 TSER=191031444 48 8.024229 192.168.1. 192.168.1. IMAP Request: A00007 SELECT {20+} 49 8.025564 192.168.1. 192.168.1. IMAP Response: * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) 50 8.025591 192.168.1. 192.168.1. TCP 54240 > imap [ACK] Seq=218 Ack=3168 Win=14592 Len=0 TSV=18243154 TSER=191031529 51 8.025718 192.168.1. 192.168.1. IMAP Request: A00008 UID FETCH 1:4 (FLAGS) 52 8.026519 192.168.1. 192.168.1. IMAP Response: * 1 FETCH (UID 1 FLAGS (\Seen)) 53 8.026654 192.168.1. 192.168.1. IMAP Request: A00009 STATUS {20+} dovecot-info.log =========== Aug 27 16:34:45 master: Info: Dovecot v2.0.13 starting up (core dumps disabled) Aug 27 16:34:48 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Aug 27 16:34:48 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Aug 27 16:34:48 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Aug 27 16:34:48 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Aug 27 16:34:48 auth: Debug: passwd-file /etc/dovecot/users: Read 3 users Aug 27 16:34:48 auth: Debug: auth client connected (pid=9352) Aug 27 16:34:49 auth: Debug: client in: AUTH 1 PLAIN service=imap lip=192.168.1. rip=192.168.1. lport=143 rport=54240 resp=AHBtcEBicmVkYmFuZC5uZXQAQWc4MkltYXA= Aug 27 16:34:49 auth: Debug: passwd-file(,192.168.1.): lookup: user= file=/etc/dovecot/users Aug 27 16:34:49 auth: Debug: auth(,192.168.1.): allow_nets: Matching for network 192.168.1.0/24 Aug 27 16:34:49 auth: Debug: client out: OK 1 user= Aug 27 16:34:49 auth: Debug: master in: REQUEST 2999713793 9352 1 595e05b06e4f241795732866abb9cf89 Aug 27 16:34:49 auth: Debug: passwd-file(,192.168.1.): lookup: user= file=/etc/dovecot/users Aug 27 16:34:49 auth: Debug: master out: USER 2999713793 uid=500 gid=500 home=/home/fetchmail mail=maildir:/home/fetchmail/mailroot/ Aug 27 16:34:49 imap-login: Info: Login: user=<>, method=PLAIN, rip=192.168.1., lip=192.168.1., mpid=9354 Aug 27 16:34:49 imap: Debug: Added userdb setting: mail=maildir:/home/fetchmail/mailroot/ Aug 27 16:34:49 imap(): Debug: Effective uid=500, gid=500, home=/home/fetchmail Aug 27 16:34:49 imap(): Debug: maildir++: root=/home/fetchmail/mailroot/, index=, control=, inbox=/home/fetchmail/mailroot/ > Date: Fri, 26 Aug 2011 13:41:18 -0500 > From: willcox at datahelper.com > CC: dovecot at dovecot.org > Subject: Re: [Dovecot] Virtual user and post-login 2.0.13 > > Did you try installing from source after applying the patch? As in: > > This is your problem.. It's a bug in v2.0.13. You could patch with > http://hg.dovecot.org/dovecot-2.0/rev/a2d57b43ccb2 or change config > socket's permissions. I'll hopefully release v2.0.14 in not too distant > future. > -- Timo > > That got it working for me. Plus this: > service imap { > executable = imap imap-postlogin > } > > service imap-postlogin { > executable = script-login /usr/local/bin/set_postpop > unix_listener imap-postlogin { > } > } > > The script seems to run as root so I set ownership to the proper user in > the script. > > _________________ > Mark Willcox > Data Helper, Inc. > > > On 8/25/2011 10:47 AM, Pelle Svensson wrote: > > Hi > > > > I tried several variants of suggestions but I can't get it working > > > > dovecot-info.log: > > =========== > > Aug 25 17:37:48 imap-login: Info: Login: user=, method=PLAIN, rip=192.168.1.xx, lip=192.168.1.xx, mpid=11264 > > Aug 25 17:37:48 imap(vuser): Info: Post-login script denied access to user vuser > > > > dovecot.log > > ======== > > Aug 25 17:31:28 imap-postlogin: Error: script-login: Error: user pmp at bredband.net: Error reading configuration: net_connect_unix(/var/run/dovecot/config) failed: Permission denied > > Aug 25 17:31:28 imap-postlogin: Error: script-login: Fatal: Internal error occurred. Refer to server log for more information. > > Aug 25 17:31:28 log: Error: service(imap-postlogin): child 11082 returned error 89 (Fatal failure) > > > > dovecot.conf > > ======== > > protocols = imap pop3 > > base_dir = /var/run/dovecot/ > > > > log_path = /var/log/dovecot.log > > info_log_path = /var/log/dovecot-info.log > > > > ssl = no # v1.2+, for older versions use: ssl_disable = yes > > disable_plaintext_auth = no > > > > mail_location = maildir:/home/fetchmail/mailroot/dummy > > > > pop3_uidl_format = %08Xu%08Xv > > > > > > !include conf.d/*.conf > > !include_try local.conf > > > > mail_uid=500 > > mail_gid=500 > > > > auth_verbose = yes > > auth_debug=yes > > auth_debug_passwords=yes > > mail_debug=yes > > > > # Optional tried with this!!! > > service config { > > unix_listener config { > > group = dovecot > > mode = 0660 > > } > > } > > > > service imap { > > # tell imap to do post-login lookup using a socket called "imap-postlogin" > > executable = imap imap-postlogin > > # Optional tried with this!!! > > > > user=dovecot > > } > > > > # The service name below doesn't actually matter. > > service imap-postlogin { > > # all post-login scripts are executed via script-login binary > > executable = script-login /home/fetchmail/dovecot-postlogin.sh > > > > # the script process runs as the user specified here (v2.0.14+): > > # Optional tried with this!!! > > > > # user=dovecot > > # user = $default_internal_user > > # this UNIX socket listener must use the same name as given to imap executable > > # Optional tried with this!!! > > > > #unix_listener imap-postlogin { > > #} > > } > > > > > > users > > ==== > > vuser:{PLAIN}pass:500:500::/home/fetchmail::userdb_mail=maildir:/home/fetchmail/mailroot/vuser-root allow_nets=192.168.1.0/24 > > > > ls -l /home/fetchmail/dovecot-postlogin.sh > > -rwxrwxrwx. 1 dovecot root 108 Aug 25 17:08 dovecot-postlogin.sh > > > > Any suggestions are very welcome!! > > > > /Thanks > > > > > > From stephen.feyrer at btinternet.com Sat Aug 27 19:36:12 2011 From: stephen.feyrer at btinternet.com (Stephen Feyrer) Date: Sat, 27 Aug 2011 17:36:12 +0100 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) Message-ID: Hi. I've made a new attempt at build Dovecot. The build and then install processes appeared to work find. Then when I try to run Dovecot it reports the error: /share/MD0_DATA/optware/opt/sbin/dovecot: error while loading shared libraries: libdovecot.so.0: cannot open shared object file: No such file or directory To get a better idea of what's going on, I added --enable-devel-checks at ./configure and then ran gdb: # gdb --args dovecot -F GNU gdb 6.8 [snip] This GDB was configured as "arm-none-linux-gnueabi"... (no debugging symbols found) (gdb) run Starting program: /share/MD0_DATA/optware/opt/sbin/dovecot -F (no debugging symbols found) /share/MD0_DATA/optware/opt/sbin/dovecot: error while loading shared libraries: libdovecot.so.0: cannot open shared object file: No such file or directory Program exited with code 0177. (gdb) bt full No stack. (gdb) quit By the way on a separate but related note, adding --enable-maintiner-mode introduced a new problem also relating to libdovecot.so.0.0.0 I'll refer to that in the post script. # ls -alh /opt/lib/dovecot/ drwxr-xr-x 8 admin administ 4.0k Aug 27 16:31 ./ drwxr-xr-x 37 admin administ 16.0k Aug 27 16:27 ../ drwxr-xr-x 2 avahi avahi 4.0k Nov 26 2009 .debug/ drwxr-xr-x 2 admin administ 4.0k Aug 27 16:27 auth/ drwxr-xr-x 2 admin administ 4.0k Aug 27 16:31 doveadm/ -rw-r--r-- 1 admin administ 678 Aug 27 16:27 dovecot-config drwxr-xr-x 3 admin administ 4.0k Aug 26 18:01 imap/ drwxr-xr-x 2 admin administ 4.0k Aug 26 18:01 lda/ -rw-r--r-- 1 admin administ 527.6k Jan 6 2011 lib01_acl_plugin.a -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 lib01_acl_plugin.la* -rwxr-xr-x 1 admin administ 56.3k Aug 27 16:27 lib01_acl_plugin.so* -rw-r--r-- 1 admin administ 70.5k Jan 6 2011 lib02_imap_acl_plugin.a -rwxr-xr-x 1 admin administ 1.1k Aug 27 16:27 lib02_imap_acl_plugin.la* -rwxr-xr-x 1 admin administ 13.1k Aug 27 16:27 lib02_imap_acl_plugin.so* -rw-r--r-- 1 admin administ 69.9k Jan 6 2011 lib02_lazy_expunge_plugin.a -rwxr-xr-x 1 admin administ 1.1k Aug 27 16:27 lib02_lazy_expunge_plugin.la* -rwxr-xr-x 1 admin administ 13.0k Aug 27 16:27 lib02_lazy_expunge_plugin.so* -rw-r--r-- 1 admin administ 51.3k Jan 6 2011 lib05_snarf_plugin.a -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 lib05_snarf_plugin.la* -rwxr-xr-x 1 admin administ 7.4k Aug 27 16:27 lib05_snarf_plugin.so* -rw-r--r-- 1 admin administ 443.4k Jan 6 2011 lib10_quota_plugin.a -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 lib10_quota_plugin.la* -rwxr-xr-x 1 admin administ 51.5k Aug 27 16:27 lib10_quota_plugin.so* -rw-r--r-- 1 admin administ 23.6k Jan 6 2011 lib11_imap_quota_plugin.a -rwxr-xr-x 1 admin administ 1.1k Aug 27 16:27 lib11_imap_quota_plugin.la* -rwxr-xr-x 1 admin administ 8.3k Aug 27 16:27 lib11_imap_quota_plugin.so* -rw-r--r-- 1 admin administ 56.9k Jan 6 2011 lib11_trash_plugin.a -rwxr-xr-x 1 admin administ 1.1k Aug 27 16:27 lib11_trash_plugin.la* -rwxr-xr-x 1 admin administ 9.9k Aug 27 16:27 lib11_trash_plugin.so* -rw-r--r-- 1 admin administ 71.8k Jan 6 2011 lib15_notify_plugin.a -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 lib15_notify_plugin.la* -rwxr-xr-x 1 admin administ 10.6k Aug 27 16:27 lib15_notify_plugin.so* -rw-r--r-- 1 admin administ 14.4k Jan 6 2011 lib20_autocreate_plugin.a -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 lib20_autocreate_plugin.la* -rwxr-xr-x 1 admin administ 5.3k Aug 27 16:27 lib20_autocreate_plugin.so* -rw-r--r-- 1 avahi avahi 10.9k Nov 26 2009 lib20_convert_plugin.a -rw-r--r-- 1 admin administ 62.7k Jan 6 2011 lib20_expire_plugin.a -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 lib20_expire_plugin.la* -rwxr-xr-x 1 admin administ 10.6k Aug 27 16:27 lib20_expire_plugin.so* -rw-r--r-- 1 admin administ 161.0k Jan 6 2011 lib20_fts_plugin.a -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 lib20_fts_plugin.la* -rwxr-xr-x 1 admin administ 29.4k Aug 27 16:27 lib20_fts_plugin.so* -rw-r--r-- 1 admin administ 59.4k Jan 6 2011 lib20_listescape_plugin.a -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 lib20_listescape_plugin.la* -rwxr-xr-x 1 admin administ 9.4k Aug 27 16:27 lib20_listescape_plugin.so* -rw-r--r-- 1 admin administ 62.8k Jan 6 2011 lib20_mail_log_plugin.a -rwxr-xr-x 1 admin administ 1.1k Aug 27 16:27 lib20_mail_log_plugin.la* -rwxr-xr-x 1 admin administ 10.1k Aug 27 16:27 lib20_mail_log_plugin.so* -rw-r--r-- 1 avahi avahi 54.4k Nov 6 2010 lib20_mbox_snarf_plugin.a -rw-r--r-- 1 admin administ 450.8k Jan 6 2011 lib20_virtual_plugin.a -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 lib20_virtual_plugin.la* -rwxr-xr-x 1 admin administ 47.6k Aug 27 16:27 lib20_virtual_plugin.so* -rw-r--r-- 1 admin administ 115.1k Jan 6 2011 lib20_zlib_plugin.a -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 lib20_zlib_plugin.la* -rwxr-xr-x 1 admin administ 18.4k Aug 27 16:27 lib20_zlib_plugin.so* -rw-r--r-- 1 admin administ 181.7k Jan 6 2011 lib21_fts_squat_plugin.a -rwxr-xr-x 1 admin administ 1.1k Aug 27 16:27 lib21_fts_squat_plugin.la* -rwxr-xr-x 1 admin administ 48.8k Aug 27 16:27 lib21_fts_squat_plugin.so* -rw-r--r-- 1 admin administ 22.0k Jan 6 2011 lib30_imap_zlib_plugin.a -rwxr-xr-x 1 admin administ 1.1k Aug 27 16:27 lib30_imap_zlib_plugin.la* -rwxr-xr-x 1 admin administ 6.5k Aug 27 16:27 lib30_imap_zlib_plugin.so* -rw-r--r-- 1 admin administ 101.3k Jan 6 2011 libdovecot-lda.a -rwxr-xr-x 1 admin administ 1.1k Aug 27 16:27 libdovecot-lda.la* lrwxrwxrwx 1 admin administ 23 Aug 27 16:31 libdovecot-lda.so -> libdovecot-lda.so.0.0.0* lrwxrwxrwx 1 admin administ 23 Aug 27 16:31 libdovecot-lda.so.0 -> libdovecot-lda.so.0.0.0* -rwxr-xr-x 1 admin administ 35.2k Aug 27 16:27 libdovecot-lda.so.0.0.0* -rw-r--r-- 1 admin administ 241.7k Jan 6 2011 libdovecot-login.a -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 libdovecot-login.la* lrwxrwxrwx 1 admin administ 25 Aug 27 16:31 libdovecot-login.so -> libdovecot-login.so.0.0.0* lrwxrwxrwx 1 admin administ 25 Aug 27 16:31 libdovecot-login.so.0 -> libdovecot-login.so.0.0.0* -rwxr-xr-x 1 admin administ 65.5k Aug 27 16:27 libdovecot-login.so.0.0.0* -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 libdovecot-sql.la* lrwxrwxrwx 1 admin administ 23 Aug 27 16:31 libdovecot-sql.so -> libdovecot-sql.so.0.0.0* lrwxrwxrwx 1 admin administ 23 Aug 27 16:31 libdovecot-sql.so.0 -> libdovecot-sql.so.0.0.0* -rwxr-xr-x 1 admin administ 19.3k Aug 27 16:27 libdovecot-sql.so.0.0.0* -rw-r--r-- 1 admin administ 6.2M Jan 6 2011 libdovecot-storage.a -rwxr-xr-x 1 admin administ 1.1k Aug 27 16:27 libdovecot-storage.la* lrwxrwxrwx 1 admin administ 27 Aug 27 16:31 libdovecot-storage.so -> libdovecot-storage.so.0.0.0* lrwxrwxrwx 1 admin administ 27 Aug 27 16:31 libdovecot-storage.so.0 -> libdovecot-storage.so.0.0.0* -rwxr-xr-x 1 admin administ 737.5k Aug 27 16:27 libdovecot-storage.so.0.0.0* -rw-r--r-- 1 admin administ 1.8M Jan 6 2011 libdovecot.a -rwxr-xr-x 1 admin administ 1011 Aug 27 16:27 libdovecot.la* lrwxrwxrwx 1 admin administ 19 Aug 27 16:31 libdovecot.so -> libdovecot.so.0.0.0* lrwxrwxrwx 1 admin administ 19 Aug 27 16:31 libdovecot.so.0 -> libdovecot.so.0.0.0* -rwxr-xr-x 1 admin administ 440.8k Aug 27 16:27 libdovecot.so.0.0.0* drwxr-xr-x 2 admin administ 4.0k Aug 26 18:01 pop3/ Everything seems to be in the right place. So I don't know what's wrong. Now on to my post script. This issue first appears when I try to package my freshly built Dovecot for installation on my arm powered nas. #make dovecot-ipk [...] test -z "/opt/include/dovecot" || /usr/bin/mkdir -p "~/Projects/nslu2/optware/tsx09/builds/dovecot-2.0.13-ipk/opt/include/dovecot" /usr/bin/install -c -m 644 settings.h settings-parser.h '~/Projects/nslu2/optware/tsx09/builds/dovecot-2.0.13-ipk/opt/include/dovecot' make[5]: Leaving directory `~/Projects/nslu2/optware/tsx09/builds/dovecot/src/lib-settings' make[4]: Leaving directory `~/Projects/nslu2/optware/tsx09/builds/dovecot/src/lib-settings' Making install in lib-dovecot make[4]: Entering directory `~/Projects/nslu2/optware/tsx09/builds/dovecot/src/lib-dovecot' make[5]: Entering directory `~/Projects/nslu2/optware/tsx09/builds/dovecot/src/lib-dovecot' test -z "/opt/lib/dovecot" || /usr/bin/mkdir -p "~/Projects/nslu2/optware/tsx09/builds/dovecot-2.0.13-ipk/opt/lib/dovecot" /bin/sh ../../libtool --mode=install /usr/bin/install -c -s libdovecot.la '~/Projects/nslu2/optware/tsx09/builds/dovecot-2.0.13-ipk/opt/lib/dovecot' libtool: install: /usr/bin/install -c .libs/libdovecot.so.0.0.0 ~/Projects/nslu2/optware/tsx09/builds/dovecot-2.0.13-ipk/opt/lib/dovecot/libdovecot.so.0.0.0 libtool: install: strip --strip-unneeded ~/Projects/nslu2/optware/tsx09/builds/dovecot-2.0.13-ipk/opt/lib/dovecot/libdovecot.so.0.0.0 strip: Unable to recognise the format of the input file `~/Projects/nslu2/optware/tsx09/builds/dovecot-2.0.13-ipk/opt/lib/dovecot/libdovecot.so.0.0.0' make[5]: *** [install-pkglibLTLIBRARIES] Error 1 make[5]: Leaving directory `~/Projects/nslu2/optware/tsx09/builds/dovecot/src/lib-dovecot' make[4]: *** [install-am] Error 2 make[4]: Leaving directory `~/Projects/nslu2/optware/tsx09/builds/dovecot/src/lib-dovecot' make[3]: *** [install-recursive] Error 1 make[3]: Leaving directory `~/Projects/nslu2/optware/tsx09/builds/dovecot/src' make[2]: *** [install-recursive] Error 1 make[2]: Leaving directory `~/Projects/nslu2/optware/tsx09/builds/dovecot' make[1]: *** [install-strip] Error 2 make[1]: Leaving directory `~/Projects/nslu2/optware/tsx09/builds/dovecot' make: *** [~/Projects/nslu2/optware/tsx09/builds/dovecot_2.0.13-2_arm.ipk] Error 2 So I went looking for libdovecot.so.0.0.0 and found, ls -ahl ~/Projects/nslu2/optware/tsx09/builds/dovecot-2.0.13-ipk/opt/lib/dovecot/: total 1.3M drwxr-xr-x 2 leonidis leonidis 4.0K Aug 27 17:07 . drwxr-xr-x 3 leonidis leonidis 4.0K Aug 27 17:07 .. -rw-r--r-- 1 leonidis leonidis 678 Aug 27 17:07 dovecot-config -rwxr-xr-x 1 leonidis leonidis 1.3M Aug 27 17:07 libdovecot.so.0.0.0 The other libraries appear to have been built and are waiting to be packaged up but ipackage doesn't seem to get that far. What this says about ipackage and how it might relate to my first problem I don't know. I apologise this all seems a bit like a broken record to me. -- Kind regards Stephen Feyrer. From fcatunda at contactnet.com.br Sat Aug 27 21:13:39 2011 From: fcatunda at contactnet.com.br (Fabio Catunda) Date: Sat, 27 Aug 2011 15:13:39 -0300 Subject: [Dovecot] Pop3 hanging up after login. Message-ID: <4E5933D3.9000508@contactnet.com.br> Hi, I'm trying to implement a second dovecot server on a second machine to try to load balance IMAP/POP3 services. The first machine is already running and is working pretty well with dovecot-pop3d 1:1.0.15-2.3+lenny1. The new machine is running dovecot-pop3d 1:1.2.15-7 and accessing the existing maildirs over a NFS share on /mnt/mail. When I try to telnet localhost 110 on the new machine it just freezes after the "pass MySecret", like this: # telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK Bem Vindo. user my.user at mydomain.com.br +OK pass MySecret ... (Nothing else happens) If I try to stop Dovecot with /etc/init.d/dovecot stop it stops, but the pop3 process keep running and the only way to stop it is with kill -9. On my log I only can see this: Aug 27 15:03:40 radamante dovecot: auth(default): client in: AUTH#0112#011PLAIN#011service=pop3#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=110#011rport=60421#011resp= Aug 27 15:03:40 radamante dovecot: auth-worker(default): pam(my.user at mydomain.com.br,127.0.0.1): lookup service=dovecot Aug 27 15:03:40 radamante dovecot: auth-worker(default): pam(my.user at mydomain.com.br,127.0.0.1): #1/1 style=1 msg=Password: Aug 27 15:03:42 radamante dovecot: auth-worker(default): pam(my.user at mydomain.com.br,127.0.0.1): pam_authenticate() failed: Authentication failure (password mismatch?) Aug 27 15:03:42 radamante dovecot: auth(default): cache(my.user at mydomain.com.br,127.0.0.1): miss Aug 27 15:03:42 radamante dovecot: auth(default): ldap(my.user at mydomain.com.br,127.0.0.1): pass search: base=ou=Users, dc=mydomain, dc=com, dc=br scope=subtree filter=(&(mail=my.user at mydomain.com.br)) fields=mail,userPassword Aug 27 15:03:42 radamante dovecot: auth(default): ldap(my.user at mydomain.com.br,127.0.0.1): result: mail(user at domain)=my.user at mydomain.com.br userPassword(password)= Aug 27 15:03:42 radamante dovecot: auth(default): client out: OK#0112#011user=my.user at mydomain.com.br#011user at domain=my.user at mydomain.com.br Aug 27 15:03:42 radamante dovecot: auth(default): master in: REQUEST#0111#01130330#0112 Aug 27 15:03:42 radamante dovecot: auth(default): passwd(my.user at mydomain.com.br,127.0.0.1): lookup Aug 27 15:03:42 radamante dovecot: auth(default): passwd(my.user at mydomain.com.br,127.0.0.1): unknown user Aug 27 15:03:42 radamante dovecot: auth(default): ldap(my.user at mydomain.com.br,127.0.0.1): user search: base=ou=Users, dc=mydomain, dc=com, dc=br scope=subtree filter=(&(mail=my.user at mydomain.com.br)) fields=homeDirectory,uidNumber,gidNumber Aug 27 15:03:42 radamante dovecot: auth(default): ldap(my.user at mydomain.com.br,127.0.0.1): result: uidNumber(uidNumber)=3478 gidNumber(gidNumber)=513 homeDirectory(homeDirectory)=/home/samba/my.user Aug 27 15:03:42 radamante dovecot: auth(default): master out: USER#0111#011my.user at mydomain.com.br#011uidNumber=3478#011gidNumber=513#011homeDirectory=/home/samba/my.user Aug 27 15:03:42 radamante dovecot: pop3-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Aug 27 15:03:42 radamante dovecot: auth(default): new auth connection: pid=30330 Aug 27 15:03:42 radamante dovecot: POP3(my.user at mydomain.com.br): Effective uid=8, gid=8, home=(none) Aug 27 15:03:42 radamante dovecot: POP3(my.user at mydomain.com.br): maildir: data=/mnt/mail/mydomain.com.br/my.user/Maildir Aug 27 15:03:42 radamante dovecot: POP3(my.user at mydomain.com.br): maildir++: root=/mnt/mail/mydomain.com.br/my.user/Maildir, index=, control=, inbox=/mnt/mail/mydomain.com.br/my.user/Maildir Aug 27 15:03:42 radamante dovecot: POP3(my.user at mydomain.com.br): Namespace : Using permissions from /mnt/mail/mydomain.com.br/my.user/Maildir: mode=0700 gid=-1 By now I have no clue whats going on, any help is appreciated. I don't understand if the problem is the NFS share or if it's something with the new version of Dovecot on Debian. Some more info: # dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 nfs log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 ssl: no disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_greeting: Bem Vindo. login_process_per_connection: no login_chroot: no login_process_size: 128 login_processes_count: 8 max_mail_processes: 2048 mail_max_userip_connections(default): 100 mail_max_userip_connections(imap): 100 mail_max_userip_connections(pop3): 10 verbose_proctitle: yes first_valid_uid: 1 last_valid_uid: 9999 last_valid_gid: 9999 mail_privileged_group: mail mail_uid: mail mail_gid: mail mail_location: maildir:/mnt/mail/%Ld/%Ln/Maildir mail_debug: yes mmap_disable: yes mail_nfs_storage: yes mail_nfs_index: yes maildir_copy_preserve_filename: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_process_size: 512 mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 imap_client_workarounds(default): delay-newmail imap_client_workarounds(imap): delay-newmail imap_client_workarounds(pop3): imap_idle_notify_interval(default): 30 imap_idle_notify_interval(imap): 30 imap_idle_notify_interval(pop3): 120 pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh auth default: default_realm: mydomain.com.br cache_size: 1024 cache_negative_ttl: 0 username_format: %Lu failure_delay: 3 debug: yes passdb: driver: pam passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: passwd userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf root at radamante:/etc/dovecot# egrep -v '^#|^$' dovecot-ldap.conf hosts = 192.168.5.37 192.168.5.124 sasl_bind = no tls = no auth_bind = no ldap_version = 3 base = ou=Users, dc=mydomain, dc=com, dc=br deref = never scope = subtree user_attrs = homeDirectory=homeDirectory,uidNumber=uidNumber,gidNumber=gidNumber user_filter = (&(mail=%u)) pass_attrs = mail=user at domain,userPassword=password pass_filter = (&(mail=%u)) default_pass_scheme = CRYPT Thanks in advance. From pelle2004 at hotmail.com Sun Aug 28 12:50:55 2011 From: pelle2004 at hotmail.com (Pelle Svensson) Date: Sun, 28 Aug 2011 11:50:55 +0200 Subject: [Dovecot] Dovecot service needs a second restart after boot - euid is not dir owner Message-ID: After reboot dovecot service need a restart. dovecot service starts as S99dovecot with only S99rc-local coming up. After boot following error is filled up in dovecot.log Aug 28 11:33:12 imap(vuser): Error: open(/home/fetchmail/mailroot/map/dovecot.index.log) failed: Permission denied (euid=500(vuser) egid=500(vuser) missing +r perm: /home/fetchmail/mailroot/map/dovecot.index.log, euid is not dir owner) Aug 28 11:33:12 imap(vuser): Error: file_dotlock_create(/home/fetchmail/mailroot/map/dovecot-uidlist) failed: Permission denied (euid=500(fetchmail) egid=500(fetchmail) missing +w perm: /home/fetchmail/mailroot/map, euid is not dir owner) Aug 28 11:33:12 imap(vuser): Error: open(/home/fetchmail/mailroot/map/dovecot-uidlist) failed: Permission denied After Linux has booted you just issue service dovecot restart And everything is back to normal and no error. Running on a Pentium 800MHz not too fast pc From tss at iki.fi Mon Aug 29 04:42:13 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 29 Aug 2011 04:42:13 +0300 Subject: [Dovecot] Pop3 hanging up after login. In-Reply-To: <4E5933D3.9000508@contactnet.com.br> References: <4E5933D3.9000508@contactnet.com.br> Message-ID: <1314582134.4008.1.camel@hurina> On Sat, 2011-08-27 at 15:13 -0300, Fabio Catunda wrote: > I'm trying to implement a second dovecot server on a second machine to > try to load balance IMAP/POP3 services. > The first machine is already running and is working pretty well with > dovecot-pop3d 1:1.0.15-2.3+lenny1. The > new machine is running dovecot-pop3d 1:1.2.15-7 and accessing the > existing maildirs over a NFS share on /mnt/mail. This is not a recommended setup. Read http://wiki2.dovecot.org/NFS especially about caching. > # telnet localhost 110 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > +OK Bem Vindo. > user my.user at mydomain.com.br > +OK > pass MySecret > ... (Nothing else happens) > > If I try to stop Dovecot with /etc/init.d/dovecot stop it stops, but the > pop3 process keep running and the only > way to stop it is with kill -9. Sounds like it hangs somewhere. Get gdb backtrace: gdb -p bt full From tss at iki.fi Mon Aug 29 04:44:19 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 29 Aug 2011 04:44:19 +0300 Subject: [Dovecot] Dovecot service needs a second restart after boot - euid is not dir owner In-Reply-To: References: Message-ID: <1314582263.4008.3.camel@hurina> On Sun, 2011-08-28 at 11:50 +0200, Pelle Svensson wrote: > After reboot dovecot service need a restart. > dovecot service starts as S99dovecot with only S99rc-local coming up. > > After boot following error is filled up in dovecot.log > > Aug 28 11:33:12 imap(vuser): Error: open(/home/fetchmail/mailroot/map/dovecot.index.log) failed: Permission denied (euid=500(vuser) egid=500(vuser) missing +r perm: /home/fetchmail/mailroot/map/dovecot.index.log, euid is not dir owner) > Aug 28 11:33:12 imap(vuser): Error: file_dotlock_create(/home/fetchmail/mailroot/map/dovecot-uidlist) failed: Permission denied (euid=500(fetchmail) egid=500(fetchmail) missing +w perm: /home/fetchmail/mailroot/map, euid is not dir owner) > Aug 28 11:33:12 imap(vuser): Error: open(/home/fetchmail/mailroot/map/dovecot-uidlist) failed: Permission denied > > After Linux has booted you just issue > service dovecot restart > > And everything is back to normal and no error. Does it actually need the restart? If you don't restart, do these errors just keep happening forever? I'd guess that the NFS hasn't fully finished mounting by the time Dovecot runs so it fails with these errors.. I'm not really sure though. In any case I don't think there's anything Dovecot can do about this. From tss at iki.fi Mon Aug 29 04:45:40 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 29 Aug 2011 04:45:40 +0300 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: <1314582342.4008.4.camel@hurina> On Sat, 2011-08-27 at 17:36 +0100, Stephen Feyrer wrote: > I've made a new attempt at build Dovecot. The build and then install > processes appeared to work find. Then when I try to run Dovecot it > reports the error: > > /share/MD0_DATA/optware/opt/sbin/dovecot: error while loading shared > libraries: libdovecot.so.0: cannot open shared object file: No such file > or directory No idea. Try without shared libraries: configure --without-shared-libs From tss at iki.fi Mon Aug 29 04:48:53 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 29 Aug 2011 04:48:53 +0300 Subject: [Dovecot] Catch22: user needs space to fix out of space condition In-Reply-To: References: Message-ID: <1314582533.4008.6.camel@hurina> On Fri, 2011-08-26 at 18:30 -0700, Joseph Tam wrote: > On Fri, 26 Aug 2011, Joseph Tam wrote: > > > Thanks to all who've made suggestions. It seems removing dotlocks as > > a locking method is the way to go. > > Actually, this gives me pause that maybe I should not enirely remove > the dotlocking method > > http://mailman2.u.washington.edu/pipermail/alpine-info/2008-July/000996.html > > Any comments on the (sole) use of POSIX fcntl() type locking? As long as you haven't used symlinks in your mboxes there's no problems with fcntl locking with Dovecot (assuming there are no non-Dovecot software writing to them). From tss at iki.fi Mon Aug 29 06:20:54 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 29 Aug 2011 06:20:54 +0300 Subject: [Dovecot] Virtual user and post-login 2.0.13 In-Reply-To: References: , <4E57E8CE.1020808@datahelper.com> Message-ID: <1314588056.4008.7.camel@hurina> On Sat, 2011-08-27 at 16:54 +0200, Pelle Svensson wrote: > dovecot-postlogin.sh (executed as root) > ============= > #!/bin/sh > > date >>/home/fetchmail/script.log > > kill -s 10 `cat /home/fetchmail/.fetchmail.pid | head -n 1` >>/home/fetchmail/script.log > > exit 0 exec "$@", not exit 0 as http://wiki2.dovecot.org/PostLoginScripting shows. From tss at iki.fi Mon Aug 29 06:24:41 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 29 Aug 2011 06:24:41 +0300 Subject: [Dovecot] File Permissions and delivery In-Reply-To: <001701cc6413$20e693c0$62b3bb40$@brereton@buongiorno.com> References: <001701cc6413$20e693c0$62b3bb40$@brereton@buongiorno.com> Message-ID: <1314588283.4008.9.camel@hurina> On Fri, 2011-08-26 at 13:10 -0400, Simon Brereton wrote: > mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/ > -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:33 1314326000.V801I1666018M803015.mail.net,S=2461:2, > -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:36 1314326209.V801I1666019M447273.mail.net,S=2460:2, > -rw-rw---- 1 postfix mailsystem 2.5K Aug 26 04:00 1314327630.V801I166601aM308173.mail.net,S=2477:2, > -rw------- 1 postfix mailsystem 2.5K Aug 26 04:22 1314328966.V801I166601bM756462.mail.net,S=2461:2, > -rw------- 1 postfix mailsystem 1.1K Aug 26 16:28 1314372534.V801I166601cM615258.mail.net,S=1097:2, > -rw------- 1 postfix mailsystem 1.1K Aug 26 16:31 1314372685.V801I166601dM264242.mail.net,S=1097:2, > > Mails are being delivered with 0600 permissions and not 0660 (the mails from courier seem to have all been 0770 as you can see). If I manually change the permission (to 0660) then I can see the mail in the MUA. If /var/spool/mail/virtual/domain.net/simon has 0770 permissions, the new mails should be delivered with 0660 permissions. (I don't remember if having g+s makes any difference in the directory like you have in the domain dir.) In any case, it would be better if mails were delivered as mailsystem:mailsystem 0600 since that's what you're reading them as. Unless you have some other good reason for requiring mailsystem group to be able to read them. From tss at iki.fi Mon Aug 29 06:26:17 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 29 Aug 2011 06:26:17 +0300 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <4E577CF2.2070800@um.es> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> <4E577CF2.2070800@um.es> Message-ID: <1314588382.4008.11.camel@hurina> On Fri, 2011-08-26 at 13:01 +0200, Angel L. Mateo wrote: > El 25/08/11 12:10, Timo Sirainen escribi?: > > On 25.8.2011, at 13.04, Angel L. Mateo wrote: > > > >> Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection lost to LDAP server, reconnecting > >> > >> I have seen in the mail list a patch for 1.2 (http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these logs when the disconnection is because of idle timeouts. As far as I could see in this patch and 2.0.13 source code, this patch is already applied in 2.0. So I guess that the disconnection is for other problem, isn't it? > > > > I had completely forgotten I had added such a feature :) See what it logs with attached patch. > > > I have tried the patch. It confirms my hypothesis, the connection is > closed by my load balancer: > > Aug 26 12:55:27 myotis31 dovecot: auth: Error: LDAP: Connection lost to > LDAP server, reconnecting (1 requests, 3603 idle secs) Ah. So this is noticed only when Dovecot tries to use the LDAP connection that it's been disconnected. > Is there any way to configure ldap connection with a keepalive, so I > don't need a reconnection? Nope. But you could configure your LDAP server to idle-disconnect after some amount of time. From tss at iki.fi Mon Aug 29 06:32:47 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 29 Aug 2011 06:32:47 +0300 Subject: [Dovecot] unlink_directory failed with 'Device or resource busy' on NFS In-Reply-To: <5811AFA0-1036-4851-BDE7-D4B1E850F3D4@sds.co.kr> References: <5811AFA0-1036-4851-BDE7-D4B1E850F3D4@sds.co.kr> Message-ID: <1314588769.4008.16.camel@hurina> On Wed, 2011-08-24 at 03:00 +0000, ??? wrote: > imap(name at domain.com): Error: unlink_directory(/data/domain.com/name/INBOX/direct/.nfs00000000000033fd000000cd) failed: Device or resource busy > > How can I solve this problem? That's a bit problematic, because there's not much Dovecot can do about it.. Another session has the mailbox opened and kernel keeps those files open after deletion as .nfs* files that can't be deleted. > mail_location = maildir:~:LAYOUT=fs LAYOUT=maildir++ solves this by renaming everything under ~/Maildir/DOVECOT-TRASHED/ directory and hiding any errors about not being able to delete .nfs* files. They are then deleted sometimes later. But with LAYOUT=fs this isn't really possible, because such directory would show up as being "DOVECOT-TRASHED" mailbox (not a problem with Maildir++ because all mailboxes begin with "."). I guess maybe the renaming could be done under ~/Maildir/tmp/ but that's a bit ugly since it won't work generally with all mailbox formats.. All in all, currently this seems like too much trouble to fix. From tss at iki.fi Mon Aug 29 07:15:22 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 29 Aug 2011 07:15:22 +0300 Subject: [Dovecot] v2.0.14 released Message-ID: <1314591323.4008.30.camel@hurina> http://dovecot.org/releases/2.0/dovecot-2.0.14.tar.gz http://dovecot.org/releases/2.0/dovecot-2.0.14.tar.gz.sig It's been a while since the previous release.. I've been a bit busy with my newly created Dovecot support company, but it was also summer and I wasted some time doing nothing useful. :) Most of my recent time has gone to adding new features to v2.1 branch. I'm planning on releasing v2.1.alpha1 somewhat soon and the final v2.1.0 sometimes later this year. This v2.0.14 release also contains one larger new feature: Ability to list and kick imap/pop3 proxy connections. This is done via a new "ipc" process where all proxying login processes connect to, which allows doveadm to communicate with them. If you're not using these features, this change (and its potential bugs) should be pretty much invisible. BTW. I know there are still mails I haven't read & replied to. I'll try to get to them eventually, but you may as well re-send anything you want me to read sooner rather than 6 months from now. Some of the largest changes since v2.0.13: + doveadm: Added support for running mail commands by proxying to another doveadm server. + Added "doveadm proxy list" and "doveadm proxy kick" commands to list/kick proxy connections (via a new "ipc" service). + Added "doveadm director move" to assign user from one server to another, killing any existing connections. + Added "doveadm director ring status" command. + userdb extra fields can now return name+=value to append to an existing name, e.g. "mail_plugins+= quota". - script-login attempted an unnecessary config lookup, which usually failed with "Permission denied". - lmtp: Fixed parsing quoted strings with spaces as local-part for MAIL FROM and RCPT TO. - imap: FETCH BODY[HEADER.FIELDS (..)] may have crashed or not returned all data sometimes. - ldap: Fixed random assert-crashing with with sasl_bind=yes. - Fixes to handling mail chroots - Fixed renaming mailboxes under different parent with FS layout when using separate ALT, INDEX or CONTROL paths. - zlib: Fixed reading concatenated .gz files. From jtam.home at gmail.com Mon Aug 29 11:04:01 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 29 Aug 2011 01:04:01 -0700 (PDT) Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: "Stephen Feyrer" writes: > I've made a new attempt at build Dovecot. The build and then install > processes appeared to work find. Then when I try to run Dovecot it > reports the error: > > /share/MD0_DATA/optware/opt/sbin/dovecot: error while loading shared > libraries: libdovecot.so.0: cannot open shared object file: No such file > or directory In cases like this where I have no clue where an executable is trying to load a library from, run a process trace tool (strace, truss, etc.) and you can see all the library run paths it's trying before failing. Joseph Tam From jtam.home at gmail.com Mon Aug 29 12:32:55 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 29 Aug 2011 02:32:55 -0700 (PDT) Subject: [Dovecot] Catch22: user needs space to fix out of space condition In-Reply-To: <1314582533.4008.6.camel@hurina> References: <1314582533.4008.6.camel@hurina> Message-ID: On Mon, 29 Aug 2011, Timo Sirainen wrote: >> Actually, this gives me pause that maybe I should not enirely remove >> the dotlocking method >> >> http://mailman2.u.washington.edu/pipermail/alpine-info/2008-July/000996.html >> >> Any comments on the (sole) use of POSIX fcntl() type locking? > > As long as you haven't used symlinks in your mboxes there's no problems > with fcntl locking with Dovecot (assuming there are no non-Dovecot > software writing to them). Thanks for the info. I don't meet the last criteria: some users have direct file access via pine and other mail readers. There's also procmail, but I don't know what locking method it uses. Reading the pine sources closely, I think it fakes fcntl() for NFS mailboxes. I'm using dotlock_try which solves my immediate problem of allowing users to delete Email under full quota. The long term solution is to replace file access with kerberized IMAP access, but that's much further down the road. Joseph Tam From amateo at um.es Mon Aug 29 12:44:50 2011 From: amateo at um.es (Angel L. Mateo) Date: Mon, 29 Aug 2011 11:44:50 +0200 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <1314588382.4008.11.camel@hurina> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> <4E577CF2.2070800@um.es> <1314588382.4008.11.camel@hurina> Message-ID: <4E5B5F92.2050701@um.es> El 29/08/11 05:26, Timo Sirainen escribi?: > On Fri, 2011-08-26 at 13:01 +0200, Angel L. Mateo wrote: >> El 25/08/11 12:10, Timo Sirainen escribi?: >>> On 25.8.2011, at 13.04, Angel L. Mateo wrote: >>> >>>> Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection lost to LDAP server, reconnecting >>>> >>>> I have seen in the mail list a patch for 1.2 (http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these logs when the disconnection is because of idle timeouts. As far as I could see in this patch and 2.0.13 source code, this patch is already applied in 2.0. So I guess that the disconnection is for other problem, isn't it? >>> >>> I had completely forgotten I had added such a feature :) See what it logs with attached patch. >>> >> I have tried the patch. It confirms my hypothesis, the connection is >> closed by my load balancer: >> >> Aug 26 12:55:27 myotis31 dovecot: auth: Error: LDAP: Connection lost to >> LDAP server, reconnecting (1 requests, 3603 idle secs) > > Ah. So this is noticed only when Dovecot tries to use the LDAP > connection that it's been disconnected. > >> Is there any way to configure ldap connection with a keepalive, so I >> don't need a reconnection? > > Nope. But you could configure your LDAP server to idle-disconnect after > some amount of time. > I know it, but configuring LDAP server does not resolve the problem, because the error (in fact it's just an informational message) still appears. I think the solution is to configure the dovecot auth_cache_ttl to a value less than the idletimeout of the ldap server. -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From duane at duanemail.org Mon Aug 29 13:56:51 2011 From: duane at duanemail.org (Duane Hill) Date: Mon, 29 Aug 2011 05:56:51 -0500 Subject: [Dovecot] Catch22: user needs space to fix out of space condition In-Reply-To: References: <1314582533.4008.6.camel@hurina> Message-ID: <1335134054.20110829055651@duanemail.org> Monday, August 29, 2011, 4:32:55 AM, Joseph wrote: > On Mon, 29 Aug 2011, Timo Sirainen wrote: >>> Actually, this gives me pause that maybe I should not enirely remove >>> the dotlocking method >>> >>> http://mailman2.u.washington.edu/pipermail/alpine-info/2008-July/000996.html >>> >>> Any comments on the (sole) use of POSIX fcntl() type locking? >> >> As long as you haven't used symlinks in your mboxes there's no problems >> with fcntl locking with Dovecot (assuming there are no non-Dovecot >> software writing to them). > Thanks for the info. > I don't meet the last criteria: some users have direct file access via > pine and other mail readers. There's also procmail, but I don't know > what locking method it uses. Reading the pine sources closely, I think > it fakes fcntl() for NFS mailboxes. Pine/Alpine knows IMAP. That's what I use locally on my server. > I'm using dotlock_try which solves my immediate problem of allowing > users to delete Email under full quota. > The long term solution is to replace file access with kerberized IMAP > access, but that's much further down the road. > Joseph Tam -- Best regards, Duane mailto:duane at duanemail.org From klinkov at yandex.ru Mon Aug 29 16:39:14 2011 From: klinkov at yandex.ru (Stanislav Klinkov) Date: Mon, 29 Aug 2011 17:39:14 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab Message-ID: <4E5B9682.1040408@yandex.ru> Hello, ALL. I am trying to organize a transparent single sign-on concept for my Active Directory users into Dovecot via IMAP. On the user's desktop I use Thunderbird 6.0 as a mail client (MUA), Windows XP as an operating system. Domain is controlled by Windows 2008 Server SP2 with Active Directory. I have installed on my Mail server Debian GNU/Linux 6.0.2 (Squeeze) and Dovecot 2.0.13 from official "wheezy" repositories of it with all dependencies. I ran into in a problem with generating proper "/etc/krb5.keytab" file for successful kerberos authentication against AD controller. I has performed all the steps described in official dovecot wiki here: http://wiki2.dovecot.org/Authentication/Kerberos I have generated a service ticket with name "imap/efim.test.local at MYORG.LAN" exactly as described in wiki. ("MYORG.LAN" is my kerberos realm.) But this does not work. I see in debug logs something like this: ******** main service logs ******** Aug 29 16:05:14 auth: Info: gssapi(?,192.168.4.12): While processing incoming data: Unspecified GSS failure. Minor code may provide more information Aug 29 16:05:14 auth: Info: gssapi(?,192.168.4.12): While processing incoming data: Wrong principal in request ************************************* ******** auth debug logs ********* Aug 29 16:05:14 auth: Debug: gssapi(?,192.168.4.12): Obtaining credentials for imap at efim.test.local Aug 29 16:05:14 auth: Debug: client out: CONT 1 Aug 29 16:05:14 auth: Debug: client in: CONT Aug 29 16:05:16 auth: Debug: client out: FAIL 1 ************************************* But (!). If I define << auth_gssapi_hostname = "$ALL" >> instead of << auth_gssapi_hostname = efim.test.local >> then everything works fine. I decided to find out where is the problem, so I dig into source code of gssapi module, "mech-gssapi.c". For versions 2.0.13 and 2.0.14 of dovecot I see there the following: ********* mech-gssapi.c ********* static OM_uint32 obtain_service_credentials(struct auth_request *request, gss_cred_id_t *ret_r) /* blah-blah-blah */ principal_name = t_str_new(128); str_append(principal_name, service_name); str_append_c(principal_name, '@'); str_append(principal_name, request->set->gssapi_hostname); auth_request_log_debug(request, "gssapi", "Obtaining credentials for %s", str_c(principal_name)); inbuf.length = str_len(principal_name); inbuf.value = str_c_modifiable(principal_name); major_status = gss_import_name(&minor_status, &inbuf, GSS_C_NT_HOSTBASED_SERVICE, &gss_principal); ********************************* So, according to source code, Dovecot tries to find in krb5.keytab a principal named "imap at hostname". However wiki says to create the principal named "imap/hostname at REALM". Please, clarify where is the error: in source code, in wiki, or I have misunderstood something. Respectfully, Stanislav Klinkov. From lists at wildgooses.com Mon Aug 29 17:12:35 2011 From: lists at wildgooses.com (Ed W) Date: Mon, 29 Aug 2011 15:12:35 +0100 Subject: [Dovecot] limiting number of incorrect logins per connection In-Reply-To: References: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> <6ed2c04bc55eca5dcdabf46a9836bdd2@ahhyes.net> Message-ID: <4E5B9E53.2090504@wildgooses.com> Slightly advanced, but note that you CAN block in progress connections using iptables What is happening is that the usual top (ish) rule in your iptable script says something like "continue if connection established", this can be seen as a performance optimisation to avoid running your full rulebase after the connection exists, however, it's not a limitation of iptables. So you have two main ways to tackle this: 1) Add your blacklist rules *before* the continue rule. One of the fastest/simplest ways to achieve this is with the new ipset functionality of recent kernels. You can then have a single iptables (block) rule, which references a dynamically updated ipset that contains all your blacklisted IPs. Curiously ipsets can have a timeout value which appears to cause entries to fall out after a set time period. Requires some changes to the "actions" in fail2ban 2) Alternatively note that you can purge specific connections from conntrack (subsequent packets will either be treated as "invalid" or "new" depending on whether you have loose tracking set in /proc/sys/... Something like "conntrack -D -n a.b.c.d" should do it? This still requires some tweaking to fail2ban, but the iptables rules stay the same Just saying... Good luck Ed W On 26/08/2011 13:22, Felipe Scarel wrote: > Yeah, I had read about half of that thread, and after I sent my mail kept > reading and stumbled upon this: "(...) using the recent module needs > dovecotto close the connection upon authentication failure, as iptables only > (normally) comes in to play for new connections (...)". > > So, yeah, my suggestion probably won't work. > > On Fri, Aug 26, 2011 at 09:15, Felipe Scarel wrote: > >> Alex, I've not personally done it (so just speculating here, bear with me) >> but you can customize Fail2Ban's actions if needed. So, if you can match the >> attemps through some regex (and since you're seeing them in the logs, that >> should be quite possible), then you can edit one of the 'actions' to drop >> the connection for . From simon.brereton at buongiorno.com Mon Aug 29 18:04:19 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Mon, 29 Aug 2011 11:04:19 -0400 Subject: [Dovecot] File Permissions and delivery In-Reply-To: <20110826215136.Horde.HKEQbJLnE6FOWE2oep1l82A@mail.patrickdk.com> References: <20110826193509.Horde.CZE5dJLnE6FOWC2tsEPBzxA@mail.patrickdk.com> <20110826215136.Horde.HKEQbJLnE6FOWE2oep1l82A@mail.patrickdk.com> Message-ID: <011501cc665c$ee115740$ca3405c0$@brereton@buongiorno.com> > -----Original Message----- > From: dovecot-bounces at dovecot.org [mailto:dovecot- > bounces at dovecot.org] On Behalf Of Patrick Domack > Just adding that won't make dovecot use it though, you would have to > include the postconf -n output. Normally something like > virtual_transport=dovecot Crap. I had added that. But I'd also forgotten to comment out the original virtual_transport = virtual line. Thanks. I think that has fixed it though I'm still struggling with directory permissions. Simon From simon.brereton at buongiorno.com Mon Aug 29 18:14:15 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Mon, 29 Aug 2011 11:14:15 -0400 Subject: [Dovecot] File Permissions and delivery In-Reply-To: <1314588283.4008.9.camel@hurina> References: <001701cc6413$20e693c0$62b3bb40$@brereton@buongiorno.com> <1314588283.4008.9.camel@hurina> Message-ID: <011801cc665e$5156be20$f4043a60$@brereton@buongiorno.com> > -----Original Message----- > From: Timo Sirainen [mailto:tss at iki.fi] > Sent: Sunday, August 28, 2011 11:25 PM > On Fri, 2011-08-26 at 13:10 -0400, Simon Brereton wrote: > > mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/ > > -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:33 > > 1314326000.V801I1666018M803015.mail.net,S=2461:2, > > -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:36 > > 1314326209.V801I1666019M447273.mail.net,S=2460:2, > > -rw-rw---- 1 postfix mailsystem 2.5K Aug 26 04:00 > > 1314327630.V801I166601aM308173.mail.net,S=2477:2, > > -rw------- 1 postfix mailsystem 2.5K Aug 26 04:22 > > 1314328966.V801I166601bM756462.mail.net,S=2461:2, > > -rw------- 1 postfix mailsystem 1.1K Aug 26 16:28 > > 1314372534.V801I166601cM615258.mail.net,S=1097:2, > > -rw------- 1 postfix mailsystem 1.1K Aug 26 16:31 > > 1314372685.V801I166601dM264242.mail.net,S=1097:2, > > > > Mails are being delivered with 0600 permissions and not 0660 (the > mails from courier seem to have all been 0770 as you can see). If I > manually change the permission (to 0660) then I can see the mail in > the MUA. > > If /var/spool/mail/virtual/domain.net/simon has 0770 permissions, the > new mails should be delivered with 0660 permissions. (I don't > remember if having g+s makes any difference in the directory like you > have in the domain dir.) > > In any case, it would be better if mails were delivered as > mailsystem:mailsystem 0600 since that's what you're reading them as. > Unless you have some other good reason for requiring mailsystem group > to be able to read them. So mean I should change client to mailsystem/mailsystem in the dovecot.conf too? I'm also not sure what (if any) effect the g+s has - that's just how it was (and how it is on the test installation). As per my previous note to Patrick, I think I've fixed the delivery issue, but now I have these in the log again: Aug 29 15:59:14 mail dovecot: deliver(simon at lydiard.net): chdir(/var/spool/mail/virtual/domain.net/simon) failed: Permission denied Aug 29 15:59:14 mail dovecot: deliver(simon at lydiard.net): stat(/var/spool/mail/virtual/domain.net/simon) failed: Permission denied Aug 29 15:59:14 mail dovecot: deliver(simon at lydiard.net): stat(/var/spool/mail/virtual/domain.net/simon/tmp) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +x perm: /var/spool/mail/virtual) Even if I make EVERTHING under /var/spool/mail/virtual/* owned by mailsystem:mailsystem - and reload postfix and restart doevcot. And even if I remove the sticky bit. mail:~# ls /var/spool/mail/virtual/domain.net/simon/ total 880K drwxrwx--- 13 mailsystem mailsystem 4.0K Aug 26 16:53 ./ drwxrwx--- 5 mailsystem mailsystem 4.0K Aug 26 00:39 ../ drwxrwx--- 2 mailsystem mailsystem 4.0K Dec 3 2007 courierimaphieracl/ drwxrwx--- 2 mailsystem mailsystem 4.0K Aug 25 18:57 courierimapkeywords/ -rwxrwx--- 1 mailsystem mailsystem 67 Nov 30 2007 courierimapsubscribed -rwxrwx--- 1 mailsystem mailsystem 15K Aug 25 20:45 courierimapuiddb -rwxrwx--- 1 mailsystem mailsystem 20K Aug 25 20:38 courierpop3dsizelist drwxrwx--- 2 mailsystem mailsystem 32K Aug 26 16:43 cur/ -rwxrwx--- 1 mailsystem mailsystem 3.5K Aug 26 03:37 dovecot.index -rwxrwx--- 1 mailsystem mailsystem 697K Aug 26 16:44 dovecot.index.cache -rwxrwx--- 1 mailsystem mailsystem 8.5K Aug 26 16:53 dovecot.index.log -rw-rwx--- 1 mailsystem mailsystem 25K Aug 26 16:44 dovecot-uidlist -rwxrwx--- 1 mailsystem mailsystem 8 Aug 25 23:14 dovecot-uidvalidity -rwxrwx--- 1 mailsystem mailsystem 0 Aug 25 23:14 dovecot-uidvalidity.4e56c938 drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 26 03:10 .Drafts/ drwxrwx--- 6 mailsystem mailsystem 4.0K Nov 30 2007 .Junk E-mail/ -rwxrwx--- 1 mailsystem mailsystem 7 Aug 26 22:05 maildirsize drwxrwx--- 2 mailsystem mailsystem 4.0K Aug 26 22:05 new/ drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 25 23:14 .Outbox/ drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 26 00:17 .Sent/ drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 25 23:14 .Sent Items/ -rwxrwx--- 1 mailsystem mailsystem 37 Aug 25 22:26 subscriptions drwxrwx--- 2 mailsystem mailsystem 4.0K Aug 26 22:05 tmp/ drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 25 22:26 .Trash/ Any ideas? Simon From steve at toth.org.uk Mon Aug 29 21:39:54 2011 From: steve at toth.org.uk (Stephen Feyrer) Date: Mon, 29 Aug 2011 19:39:54 +0100 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: <1314582342.4008.4.camel@hurina> References: <1314582342.4008.4.camel@hurina> Message-ID: Hi, Firstly I tried building 2.0.14 with my fingers crossed. Sadly that didn't help. However, using configure --without-shared-libs is used make fails: /Projects/nslu2/nas/tsx09/staging/opt/include -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -I/usr/kerberos/include -MT ../lib/mountpoint.o -MD -MP -MF .deps/../lib/mountpoint.Tpo -c -o ../lib/mountpoint.o ../lib/mountpoint.c ../lib/mountpoint.c:222: fatal error: opening dependency file .deps/../lib/mountpoint.Tpo: No such file or directory compilation terminated. make[4]: *** [../lib/mountpoint.o] Error 1 make[4]: Leaving directory `~/Projects/nslu2/nas/tsx09/builds/dovecot/src/imap' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `~/Projects/nslu2/nas/tsx09/builds/dovecot/src' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `~/Projects/nslu2/nas/tsx09/builds/dovecot' make[1]: *** [all] Error 2 make[1]: Leaving directory `~/Projects/nslu2/nas/tsx09/builds/dovecot' make: *** [~Projects/nslu2/nas/tsx09/builds/dovecot/.built] Error 2 Maybe this is more informative. -- All the best. Stephen. On Mon, 29 Aug 2011 02:45:40 +0100, Timo Sirainen wrote: > On Sat, 2011-08-27 at 17:36 +0100, Stephen Feyrer wrote: > >> I've made a new attempt at build Dovecot. The build and then install >> processes appeared to work find. Then when I try to run Dovecot it >> reports the error: >> >> /share/MD0_DATA/optware/opt/sbin/dovecot: error while loading shared >> libraries: libdovecot.so.0: cannot open shared object file: No such file >> or directory > > No idea. Try without shared libraries: configure --without-shared-libs > From shopik at inblock.ru Mon Aug 29 22:08:30 2011 From: shopik at inblock.ru (Nikolay Shopik) Date: Mon, 29 Aug 2011 23:08:30 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5B9682.1040408@yandex.ru> References: <4E5B9682.1040408@yandex.ru> Message-ID: <4E5BE3AE.7080303@inblock.ru> On 29.08.2011 17:39, Stanislav Klinkov wrote: > So, according to source code, Dovecot tries to find in krb5.keytab a > principal named "imap at hostname". However wiki says to create the > principal named "imap/hostname at REALM". > > Please, clarify where is the error: in source code, in wiki, or I have > misunderstood something. Your principial in keytab should look like this - imap/mail.example.com at EXAMPLE.COM Make sure your realm name are all CAPS, otherwise it won't work. From steve at toth.org.uk Tue Aug 30 02:15:09 2011 From: steve at toth.org.uk (Stephen Feyrer) Date: Tue, 30 Aug 2011 00:15:09 +0100 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: Hi. Thanks, I'll give that a try. -- Kind regards Stephen Feyrer. On Mon, 29 Aug 2011 09:04:01 +0100, Joseph Tam wrote: > "Stephen Feyrer" writes: > >> I've made a new attempt at build Dovecot. The build and then install >> processes appeared to work find. Then when I try to run Dovecot it >> reports the error: >> >> /share/MD0_DATA/optware/opt/sbin/dovecot: error while loading shared >> libraries: libdovecot.so.0: cannot open shared object file: No such file >> or directory > > In cases like this where I have no clue where an executable is trying to > load a library from, run a process trace tool (strace, truss, etc.) and > you > can see all the library run paths it's trying before failing. > > Joseph Tam From petre74 at yahoo.com Mon Aug 29 23:26:06 2011 From: petre74 at yahoo.com (Gelu Lupas) Date: Mon, 29 Aug 2011 13:26:06 -0700 (PDT) Subject: [Dovecot] dovecot w/ libwrap on fbsd Message-ID: <1314649566.96249.YahooMailNeo@web111509.mail.gq1.yahoo.com> Dovecot with libwrap doesn't work on FreeBSD for some reason or another. I have these lines in my /etc/hosts.allow: ALL: LOCAL 127.0.0.1: allow pop3: ALL: allow ALL: ALL: deny Yet when you try to telnet to localhost, port 110 this is what happens: Aug 29 22:48:38 dodo dovecot: pop3-login: Error: connect(tcpwrap) failed: Permission denied I also tried auth_debug=yes to see what's wrong but it only shows the processes which handled the connection, no extra info with the reason why it failed. Here's the config: # 2.0.13: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 7.4-RELEASE i386? auth_mechanisms = plain login base_dir = /var/run/dovecot/ disable_plaintext_auth = no dotlock_use_excl = no first_valid_uid = 1000 listen = * login_access_sockets = tcpwrap login_greeting = login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c mail_location = mbox:~/Mail/:INBOX=/var/mail/%u mail_log_prefix = "%Us(%u): " mail_privileged_group = mail maildir_copy_with_hardlinks = no passdb { ? driver = pam } protocols = pop3 service auth { ? executable = /usr/local/libexec/dovecot/auth ? unix_listener /var/spool/postfix/private/auth { ??? group = postfix ??? mode = 0660 ??? user = postfix ? } ? user = root ? vsz_limit = 64 M } service imap-login { ? chroot = login ? client_limit = 128 ? process_limit = 32 ? process_min_avail = 3 ? service_count = 1 ? user = dovecot ? vsz_limit = 32 M } service imap { ? drop_priv_before_exec = no ? process_limit = 128 ? vsz_limit = 256 M } service pop3-login { ? chroot = login ? client_limit = 128 ? process_limit = 32 ? process_min_avail = 3 ? service_count = 1 ? user = dovecot ? vsz_limit = 32 M } service pop3 { ? drop_priv_before_exec = no ? process_limit = 128 ? vsz_limit = 256 M } service tcpwrap { ? unix_listener login/tcpwrap { ??? group = $default_login_user ??? mode = 0600 ??? user = $default_login_user ? } } ssl_cert = References: <1314649566.96249.YahooMailNeo@web111509.mail.gq1.yahoo.com> Message-ID: <1314673433.8787.9.camel@hurina> On Mon, 2011-08-29 at 13:26 -0700, Gelu Lupas wrote: > Aug 29 22:48:38 dodo dovecot: pop3-login: Error: connect(tcpwrap) failed: Permission denied Service permissions are set wrong. > service imap-login { > user = dovecot > } > service pop3-login { > user = dovecot > } You have explicitly changed the login process user above. > service tcpwrap { > unix_listener login/tcpwrap { > group = $default_login_user This group isn't right.. The default is taken from user's default group, so just don't set it. > user = $default_login_user Here you're using default_login_user, which most likely isn't the same as what the login processes are using ("dovecot"). So your solution is to remove the explicit user=dovecot from login services and then possibly set default_login_user=dovecot if you really want that (dovenull user is the default and preferred one). From tss at iki.fi Tue Aug 30 06:11:17 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 30 Aug 2011 06:11:17 +0300 Subject: [Dovecot] File Permissions and delivery In-Reply-To: <011801cc665e$5156be20$f4043a60$@brereton@buongiorno.com> References: <001701cc6413$20e693c0$62b3bb40$@brereton@buongiorno.com> <1314588283.4008.9.camel@hurina> <011801cc665e$5156be20$f4043a60$@brereton@buongiorno.com> Message-ID: <1314673879.8787.10.camel@hurina> On Mon, 2011-08-29 at 11:14 -0400, Simon Brereton wrote: > Aug 29 15:59:14 mail dovecot: deliver(simon at lydiard.net): stat(/var/spool/mail/virtual/domain.net/simon/tmp) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +x perm: /var/spool/mail/virtual) > > Even if I make EVERTHING under /var/spool/mail/virtual/* owned by mailsystem:mailsystem - and reload postfix and restart doevcot. But you didn't change the /var/spool/mail/virtual directory itself? (Like the error message says.) From tss at iki.fi Tue Aug 30 06:13:33 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 30 Aug 2011 06:13:33 +0300 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <4E5B5F92.2050701@um.es> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> <4E577CF2.2070800@um.es> <1314588382.4008.11.camel@hurina> <4E5B5F92.2050701@um.es> Message-ID: <1314674016.8787.12.camel@hurina> On Mon, 2011-08-29 at 11:44 +0200, Angel L. Mateo wrote: > >> Is there any way to configure ldap connection with a keepalive, so I > >> don't need a reconnection? > > > > Nope. But you could configure your LDAP server to idle-disconnect after > > some amount of time. > > > I know it, but configuring LDAP server does not resolve the problem, > because the error (in fact it's just an informational message) still > appears. Why? If LDAP server idle-disconnects after 61 seconds and before NAT timeout then Dovecot doesn't log anything about it. From klinkov at yandex.ru Tue Aug 30 08:24:19 2011 From: klinkov at yandex.ru (Stanislav Klinkov) Date: Tue, 30 Aug 2011 09:24:19 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5BE3AE.7080303@inblock.ru> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> Message-ID: <4E5C7403.6020008@yandex.ru> > Your principial in keytab should look like this - > imap/mail.example.com at EXAMPLE.COM > Make sure your realm name are all CAPS, otherwise it won't work. Thank you, Captain Obvious. From amateo at um.es Tue Aug 30 09:38:49 2011 From: amateo at um.es (Angel L. Mateo) Date: Tue, 30 Aug 2011 08:38:49 +0200 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <1314674016.8787.12.camel@hurina> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> <4E577CF2.2070800@um.es> <1314588382.4008.11.camel@hurina> <4E5B5F92.2050701@um.es> <1314674016.8787.12.camel@hurina> Message-ID: <4E5C8579.7020901@um.es> El 30/08/11 05:13, Timo Sirainen escribi?: > On Mon, 2011-08-29 at 11:44 +0200, Angel L. Mateo wrote: >>>> Is there any way to configure ldap connection with a keepalive, so I >>>> don't need a reconnection? >>> >>> Nope. But you could configure your LDAP server to idle-disconnect after >>> some amount of time. >>> >> I know it, but configuring LDAP server does not resolve the problem, >> because the error (in fact it's just an informational message) still >> appears. > > Why? If LDAP server idle-disconnects after 61 seconds and before NAT > timeout then Dovecot doesn't log anything about it. > I have tried this. My LDAP server closed the connection, but dovecot logged the message. I guess that, for dovecot, is the same situation: it has to auth a user, but it hasn't got any active connection to the ldap server. -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From dlie76 at yahoo.com.au Tue Aug 30 10:09:56 2011 From: dlie76 at yahoo.com.au (Daminto Lie) Date: Tue, 30 Aug 2011 00:09:56 -0700 (PDT) Subject: [Dovecot] ldap authentication Message-ID: <1314688196.77579.YahooMailNeo@web113401.mail.gq1.yahoo.com> Hi, I have got Postfix, Dovecot IMAP and squirrelmail up and running on my ubuntu server 10.04 for a testing purpose. My question is in order to be able to login, do I need to create user accounts for each users on the server? I have about 20 users at the moment, and it's going to take time. I was thinking of using LDAP and have the dovecot authentication through LDAP. This way, I do not have to create accounts for 20 users on the server. The dovecot can just authenticate users by looking them up against the LDAP. I wonder if anyone would be able to share some guides as to how to set it up to work with Postfix and Dovecot. Thank you From tss at iki.fi Tue Aug 30 12:41:26 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 30 Aug 2011 12:41:26 +0300 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <4E5C8579.7020901@um.es> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> <4E577CF2.2070800@um.es> <1314588382.4008.11.camel@hurina> <4E5B5F92.2050701@um.es> <1314674016.8787.12.camel@hurina> <4E5C8579.7020901@um.es> Message-ID: <8800BF81-484F-4497-A33C-4DF85956C54A@iki.fi> On 30.8.2011, at 9.38, Angel L. Mateo wrote: >> Why? If LDAP server idle-disconnects after 61 seconds and before NAT >> timeout then Dovecot doesn't log anything about it. >> > I have tried this. My LDAP server closed the connection, but dovecot logged the message. I guess that, for dovecot, is the same situation: it has to auth a user, but it hasn't got any active connection to the ldap server. Yeah, that happens if the disconnection is noticed at the time when user is trying to authenticate. But if the disconnection is noticed immediately when there are no user requests, there is also no message logged about it. From pelle2004 at hotmail.com Tue Aug 30 13:10:08 2011 From: pelle2004 at hotmail.com (Pelle Svensson) Date: Tue, 30 Aug 2011 12:10:08 +0200 Subject: [Dovecot] Dovecot service needs a second restart after boot - euid is not dir owner In-Reply-To: <1314582263.4008.3.camel@hurina> References: , <1314582263.4008.3.camel@hurina> Message-ID: I have solved it, it was an SELinux isuue. init.d seems to have different SELinux rools than 'service restart dovecot' at command prompt. /Thanks. > From: tss at iki.fi > To: pelle2004 at hotmail.com > Date: Mon, 29 Aug 2011 04:44:19 +0300 > CC: dovecot at dovecot.org > Subject: Re: [Dovecot] Dovecot service needs a second restart after boot - euid is not dir owner > > On Sun, 2011-08-28 at 11:50 +0200, Pelle Svensson wrote: > > After reboot dovecot service need a restart. > > dovecot service starts as S99dovecot with only S99rc-local coming up. > > > > After boot following error is filled up in dovecot.log > > > > Aug 28 11:33:12 imap(vuser): Error: open(/home/fetchmail/mailroot/map/dovecot.index.log) failed: Permission denied (euid=500(vuser) egid=500(vuser) missing +r perm: /home/fetchmail/mailroot/map/dovecot.index.log, euid is not dir owner) > > Aug 28 11:33:12 imap(vuser): Error: file_dotlock_create(/home/fetchmail/mailroot/map/dovecot-uidlist) failed: Permission denied (euid=500(fetchmail) egid=500(fetchmail) missing +w perm: /home/fetchmail/mailroot/map, euid is not dir owner) > > Aug 28 11:33:12 imap(vuser): Error: open(/home/fetchmail/mailroot/map/dovecot-uidlist) failed: Permission denied > > > > After Linux has booted you just issue > > service dovecot restart > > > > And everything is back to normal and no error. > > Does it actually need the restart? If you don't restart, do these errors > just keep happening forever? > > I'd guess that the NFS hasn't fully finished mounting by the time > Dovecot runs so it fails with these errors.. I'm not really sure though. > In any case I don't think there's anything Dovecot can do about this. > > From pelle2004 at hotmail.com Tue Aug 30 15:54:42 2011 From: pelle2004 at hotmail.com (Pelle Svensson) Date: Tue, 30 Aug 2011 14:54:42 +0200 Subject: [Dovecot] Virtual user and post-login 2.0.13 In-Reply-To: <1314588056.4008.7.camel@hurina> References: ,, <4E57E8CE.1020808@datahelper.com>, , <1314588056.4008.7.camel@hurina> Message-ID: You are right! It works now! > From: tss at iki.fi > To: pelle2004 at hotmail.com > Date: Mon, 29 Aug 2011 06:20:54 +0300 > CC: dovecot at dovecot.org > Subject: Re: [Dovecot] Virtual user and post-login 2.0.13 > > On Sat, 2011-08-27 at 16:54 +0200, Pelle Svensson wrote: > > dovecot-postlogin.sh (executed as root) > > ============= > > #!/bin/sh > > > > date >>/home/fetchmail/script.log > > > > kill -s 10 `cat /home/fetchmail/.fetchmail.pid | head -n 1` >>/home/fetchmail/script.log > > > > exit 0 > > exec "$@", not exit 0 as http://wiki2.dovecot.org/PostLoginScripting > shows. > > From simon.brereton at buongiorno.com Tue Aug 30 16:47:04 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Tue, 30 Aug 2011 09:47:04 -0400 Subject: [Dovecot] File Permissions and delivery In-Reply-To: <1314673879.8787.10.camel@hurina> References: <001701cc6413$20e693c0$62b3bb40$@brereton@buongiorno.com> <1314588283.4008.9.camel@hurina> <011801cc665e$5156be20$f4043a60$@brereton@buongiorno.com> <1314673879.8787.10.camel@hurina> Message-ID: <013801cc671b$4e3f9730$eabec590$@brereton@buongiorno.com> > -----Original Message----- > From: Timo Sirainen [mailto:tss at iki.fi] > > On Mon, 2011-08-29 at 11:14 -0400, Simon Brereton wrote: > > Aug 29 15:59:14 mail dovecot: deliver(simon at lydiard.net): > stat(/var/spool/mail/virtual/domain.net/simon/tmp) failed: Permission > denied (euid=999(mailsystem) egid=115(mailsystem) missing +x perm: > /var/spool/mail/virtual) > > > > Even if I make EVERTHING under /var/spool/mail/virtual/* owned by > mailsystem:mailsystem - and reload postfix and restart doevcot. > > But you didn't change the /var/spool/mail/virtual directory itself? > (Like the error message says.) Yes, after sitting looking at that error message for a while, I tried that and it seems to work. I'm confused now as to why is works on the test system - but nonetheless thank you. Simon From Ralf.Hildebrandt at charite.de Tue Aug 30 17:48:53 2011 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Tue, 30 Aug 2011 16:48:53 +0200 Subject: [Dovecot] Message flags Message-ID: <20110830144853.GC24403@charite.de> How do I set message flags in sieve rules in such a way that e.g. Thunderbird is displaying the mail as "important"? Is there a list of hwo flags are interpreted by different IMAP clients? -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From simon.brereton at buongiorno.com Tue Aug 30 18:21:07 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Tue, 30 Aug 2011 11:21:07 -0400 Subject: [Dovecot] Sub-folder outside of the mail store Message-ID: <017801cc6728$715ec210$541c4630$@brereton@buongiorno.com> Hi How do I create an IMAP folder that links to a folder outside of the mail store? For example, I have all domains under /var/spool/mail/virtual/domains.net/ and users under /var/spool/mail/virtual/domains.net/user Amavis delivers quarantine mail to /var/spool/mail/quarantine I would like one user (postmaster) to have a folder /var/spool/mail/virtual/domains.net/postmaster/.Quarantine and link it to that folder - is that possible? Is it safe? The client the postmaster uses can then reinject and deliver the mail if need be (i.e. it's safe or the attachment has been stripped). Thanks. Simon From stephan at rename-it.nl Tue Aug 30 18:37:23 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 30 Aug 2011 17:37:23 +0200 Subject: [Dovecot] Message flags In-Reply-To: <20110830144853.GC24403@charite.de> References: <20110830144853.GC24403@charite.de> Message-ID: <4E5D03B3.3080200@rename-it.nl> Op 30-8-2011 16:48, Ralf Hildebrandt schreef: > How do I set message flags in sieve rules in such a way that e.g. > Thunderbird is displaying the mail as "important"? Is there a list of > hwo flags are interpreted by different IMAP clients? > I'm assuming IMAP flags support (http://tools.ietf.org/html/rfc3501#section-2.3.2) should be similar for most clients, although their exact use may differ. In Thunderbird, the \Answered flag is used for replied mail and the \Flagged flag maps to 'starred' e-mail. (Don't forget to duplicate the '\' in Sieve!) Regarding keywords, there is RFC5788 (http://tools.ietf.org/html/rfc5788), from which at least $Forwarded and $MDNSent are used by Thunderbird. Other keywords used by Thunderbird are entirely custom: $label1: Important (red) $label2: Work (orange) $label3: Personal (green) $label4: ToDo (blue) $label5: Later (violet) Junk: Marked as junk mail NonJunk: Marked as regular mail There is also an example in the wiki: http://wiki2.dovecot.org/Pigeonhole/Sieve/Examples#Flagging_or_Highlighting_your_mail Regards, Stephan. From slusarz at curecanti.org Tue Aug 30 18:39:04 2011 From: slusarz at curecanti.org (Michael M Slusarz) Date: Tue, 30 Aug 2011 09:39:04 -0600 Subject: [Dovecot] Message flags In-Reply-To: <20110830144853.GC24403@charite.de> References: <20110830144853.GC24403@charite.de> Message-ID: <20110830093904.Horde.SIsIOYF5lbhOXQQYU32T7oA@bigworm.curecanti.org> Quoting Ralf Hildebrandt : > How do I set message flags in sieve rules in such a way that e.g. > Thunderbird is displaying the mail as "important"? Is there a list of > hwo flags are interpreted by different IMAP clients? There is no standard/defined "important" IMAP flag/keyword. Thunderbird is most likely using the X-Priority pseudo-standard header in the message itself (which makes sense: it is the sender's intention of the message's importance which should be displayed, not the receiver's. Objections to this reasoning by some is likely the reason the header has never been standardized). michael From lcotton at securecms.com Tue Aug 30 18:01:24 2011 From: lcotton at securecms.com (Lance Cotton) Date: Tue, 30 Aug 2011 10:01:24 -0500 Subject: [Dovecot] Message flags In-Reply-To: <20110830144853.GC24403@charite.de> References: <20110830144853.GC24403@charite.de> Message-ID: <4E5CFB44.9050204@securecms.com> On 8/30/2011 9:48 AM, Ralf Hildebrandt wrote: > How do I set message flags in sieve rules in such a way that e.g. > Thunderbird is displaying the mail as "important"? Is there a list of > hwo flags are interpreted by different IMAP clients? The wiki: http://wiki2.dovecot.org/Pigeonhole/Sieve/Examples addflag "$label1"; # ie 'Important'/red label within Thunderbird # Other flags: # addflag "$label1"; # Important: #ff0000 => red # addflag "$label2"; # Work: #ff9900 => orange # addflag "$label3"; # personal: #009900 => green # addflag "$label4"; # todo: #3333ff => blue # addflag "$label5"; # later: #993399 => violet -- Lance Cotton From steve at toth.org.uk Tue Aug 30 19:46:57 2011 From: steve at toth.org.uk (Stephen Feyrer) Date: Tue, 30 Aug 2011 17:46:57 +0100 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: Hi. Having just removed a number of configure options from the cross compilers recipe to simplify the problem I think one of those I took away overrode --without-shared-libs. Now it seems to install and run cleanly. Even so, while building the ipackage I spotted some warnings. Could these because by my build environment? After some testing I'll let you know if the current dovecot build works. I really appreciate your support and patience, thank you. *** Warning: Linking the shared library lib02_imap_acl_plugin.la against the loadable module *** lib01_acl_plugin.so is not portable! *** Warning: Linking the shared library lib21_fts_squat_plugin.la against the loadable module *** lib20_fts_plugin.so is not portable! *** Warning: Linking the shared library lib20_mail_log_plugin.la against the loadable module *** lib15_notify_plugin.so is not portable! *** Warning: Linking the shared library lib11_imap_quota_plugin.la against the loadable module *** lib10_quota_plugin.so is not portable! *** Warning: Linking the shared library lib30_imap_zlib_plugin.la against the loadable module *** lib20_zlib_plugin.so is not portable! The current cross compile ./configure: i_cv_epoll_works=no \ i_cv_inotify_works=no \ i_cv_posix_fallocate_works=no \ i_cv_signed_size_t=no \ i_cv_gmtime_max_time_t=32 \ i_cv_signed_time_t=yes \ i_cv_mmap_plays_with_write=yes \ i_cv_fd_passing=yes \ i_cv_c99_vsnprintf=yes \ lib_cv_va_copy=yes lib_cv___va_copy=yes \ lib_cv_va_val_copy=yes \ ./configure \ $(DOVECOT_CONFIGURE) \ --build=$(GNU_HOST_NAME) \ --host=$(GNU_TARGET_NAME) \ --target=$(GNU_TARGET_NAME) \ --prefix=/opt \ --without-shared-libs \ --with-notify=dnotify \ --localstatedir=/opt/var \ --with-ioloop=poll; \ old ./configure: i_cv_epoll_works=no i_cv_inotify_works=no i_cv_posix_fallocate_works=no i_cv_signed_size_t=no i_cv_gmtime_max_time_t=32 i_cv_signed_time_t=yes i_cv_mmap_plays_with_write=yes i_cv_fd_passing=yes i_cv_c99_vsnprintf=yes lib_cv_va_copy=yes lib_cv___va_copy=yes lib_cv_va_val_copy=yes ./configure --enable-devel-checks --without-shared-libs\ $(DOVECOT_CONFIGURE) \ --build=$(GNU_HOST_NAME) \ --host=$(GNU_TARGET_NAME) \ --target=$(GNU_TARGET_NAME) \ --prefix=/opt \ --disable-static \ --without-gssapi \ --without-pam \ --with-notify=dnotify \ --sysconfdir=/opt/etc/dovecot \ --localstatedir=/opt/var \ --with-ssldir=/opt/etc/dovecot \ --without-sql-drivers \ --with-ioloop=poll; \ /opt/dovecoti] # ipkg install dovecot_2.0.14-2_arm.ipk Installing dovecot (2.0.14-2) to root... Configuration file '/opt/etc/dovecot/dovecot.conf' ==> File on system created by you or by a script. ==> File also in package provided by package maintainer. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions (if diff is installed) The default action is to keep your current version. *** dovecot.conf (Y/I/N/O/D) [default=N] ?n Configuring dovecot /opt/sbin/dovecot: error while loading shared libraries: libdovecot.so.0: cannot open shared object file: No such file or directory postinst script returned status 127 ERROR: dovecot.postinst returned 127 Successfully terminated. [/opt/dovecoti] # strace dovecot -F execve("/opt/sbin/dovecot", ["dovecot", "-F"], [/* 23 vars */]) = 0 uname({sys="Linux", node="nas2", ...}) = 0 brk(0) = 0x1c000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/opt/lib/v5l/fast-mult/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib/v5l/fast-mult/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/opt/lib/v5l/fast-mult/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib/v5l/fast-mult", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/opt/lib/v5l/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib/v5l/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/opt/lib/v5l/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib/v5l", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/opt/lib/fast-mult/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib/fast-mult/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/opt/lib/fast-mult/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib/fast-mult", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/opt/lib/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/opt/lib/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib", {st_mode=S_IFDIR|0755, st_size=17592186044416, ...}) = 0 open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=17592186044416, ...}) = 0 mmap2(NULL, 10345, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40015000 close(3) = 0 open("/lib/v5l/fast-mult/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib/v5l/fast-mult/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/lib/v5l/fast-mult/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib/v5l/fast-mult", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/lib/v5l/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib/v5l/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/lib/v5l/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib/v5l", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/lib/fast-mult/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib/fast-mult/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/lib/fast-mult/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib/fast-mult", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/lib/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/lib/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib", {st_mode=S_IFDIR|0755, st_size=17592186044416, ...}) = 0 open("/usr/lib/v5l/fast-mult/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/v5l/fast-mult/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/usr/lib/v5l/fast-mult/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/v5l/fast-mult", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/usr/lib/v5l/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/v5l/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/usr/lib/v5l/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/v5l", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/usr/lib/fast-mult/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/fast-mult/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/usr/lib/fast-mult/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/fast-mult", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/usr/lib/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/usr/lib/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib", {st_mode=S_IFDIR|0755, st_size=17592186044416, ...}) = 0 writev(2, [{"dovecot", 7}, {": ", 2}, {"error while loading shared libra"..., 36}, {": ", 2}, {"libdovecot.so.0", 15}, {": ", 2}, {"cannot open shared object file", 30}, {": ", 2}, {"No such file or directory", 25}, {"\n", 1}], 10dovecot: error while loading shared libraries: libdovecot.so.0: cannot open shared object file: No such file or directory ) = 122 exit_group(127) = ? The outcome of the native compile: [/opt/dovecoti] # ./configure --prefix=/opt --enable-devel-checks --enable-maintainer-mode [/opt/etc/dovecot] # gdb --args dovecot -F [snip] This GDB was configured as "arm-none-linux-gnueabi"... (gdb) run Starting program: /share/MD0_DATA/optware/opt/sbin/dovecot -F Panic: Leaked file fd 3: dev 9.0 inode 53040060 Program received signal SIGABRT, Aborted. 0x400c2374 in kill () from /lib/libc.so.6 (gdb) bt full #0 0x400c2374 in kill () from /lib/libc.so.6 No symbol table info available. #1 0x400c21a8 in raise () from /lib/libc.so.6 No symbol table info available. #2 0x400c3328 in abort () from /lib/libc.so.6 No symbol table info available. Backtrace stopped: frame did not save the PC (gdb) quit The program is running. Exit anyway? (y or n) y On Tue, 30 Aug 2011 00:15:09 +0100, Stephen Feyrer wrote: > Hi. > > Thanks, I'll give that a try. > > > -- > Kind regards > > Stephen Feyrer. > > > > On Mon, 29 Aug 2011 09:04:01 +0100, Joseph Tam > wrote: > >> "Stephen Feyrer" writes: >> >>> I've made a new attempt at build Dovecot. The build and then install >>> processes appeared to work find. Then when I try to run Dovecot it >>> reports the error: >>> >>> /share/MD0_DATA/optware/opt/sbin/dovecot: error while loading shared >>> libraries: libdovecot.so.0: cannot open shared object file: No such >>> file >>> or directory >> >> In cases like this where I have no clue where an executable is trying to >> load a library from, run a process trace tool (strace, truss, etc.) and >> you >> can see all the library run paths it's trying before failing. >> >> Joseph Tam From tss at iki.fi Tue Aug 30 20:13:14 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 30 Aug 2011 20:13:14 +0300 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: On 30.8.2011, at 19.46, Stephen Feyrer wrote: > *** Warning: Linking the shared library lib02_imap_acl_plugin.la against the loadable module > *** lib01_acl_plugin.so is not portable! This is normal. > /opt/sbin/dovecot: error while loading shared libraries: libdovecot.so.0: cannot open shared object file: No such file or directory So it's still not working? I guess the libdovecot.so.0 simply isn't in library paths. Typically giving linker -rpath parameter pointing to libdovecot.so.0 makes this problem invisible, but I guess in your system it doesn't do this. > The outcome of the native compile: > [/opt/dovecoti] # ./configure --prefix=/opt --enable-devel-checks --enable-maintainer-mode --enable-devel-checks is pretty useless unless you're developing Dovecot. > [/opt/etc/dovecot] # gdb --args dovecot -F > [snip] > This GDB was configured as "arm-none-linux-gnueabi"... > (gdb) run > Starting program: /share/MD0_DATA/optware/opt/sbin/dovecot -F > Panic: Leaked file fd 3: dev 9.0 inode 53040060 This panic is caused by the --enable-devel-check. It wouldn't have crashed otherwise. You could work around it by setting GDB=1 environment. From public-mail at alekciy.ru Tue Aug 30 21:03:41 2011 From: public-mail at alekciy.ru (=?UTF-8?B?0JDQu9C10LrRgdC10Lkg0KHRg9C90LTRg9C60L7Qsg==?=) Date: Tue, 30 Aug 2011 22:03:41 +0400 Subject: [Dovecot] Message flags In-Reply-To: <20110830144853.GC24403@charite.de> References: <20110830144853.GC24403@charite.de> Message-ID: See also this thread: http://www.mail-archive.com/dovecot at dovecot.org/msg37734.html and https://bugzilla.mozilla.org/show_bug.cgi?id=650623 I hope this fix in the future. 2011/8/30 Ralf Hildebrandt : > How do I set message flags in sieve rules in such a way that e.g. > Thunderbird is displaying the mail as "important"? Is there a list of > hwo flags are interpreted by different IMAP clients? > > -- > Ralf Hildebrandt > ?Gesch?ftsbereich IT | Abteilung Netzwerk > ?Charit? - Universit?tsmedizin Berlin > ?Campus Benjamin Franklin > ?Hindenburgdamm 30 | D-12203 Berlin > ?Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 > ?ralf.hildebrandt at charite.de | http://www.charite.de > > From slusarz at curecanti.org Tue Aug 30 21:18:19 2011 From: slusarz at curecanti.org (Michael M Slusarz) Date: Tue, 30 Aug 2011 12:18:19 -0600 Subject: [Dovecot] Message flags In-Reply-To: References: <20110830144853.GC24403@charite.de> Message-ID: <20110830121819.Horde.t4bPNoF5lbhOXSlri2aVPeA@bigworm.curecanti.org> Quoting ??????? ???????? : > See also this thread: > http://www.mail-archive.com/dovecot at dovecot.org/msg37734.html This has nothing to do with this issue. As mentioned in that thread, there is no standard for non-UTF7 characters in keywords. The OP here just wants to know if a standard flag exists that corresponds to the Important tag in Thunderbird. > https://bugzilla.mozilla.org/show_bug.cgi?id=650623 This bug is bogus. Flags/keywords are case insensitive. michael From shopik at inblock.ru Tue Aug 30 21:50:52 2011 From: shopik at inblock.ru (Nikolay Shopik) Date: Tue, 30 Aug 2011 22:50:52 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5C7403.6020008@yandex.ru> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> Message-ID: On 30.08.2011 9:24, Stanislav Klinkov wrote: > >> Your principial in keytab should look like this - >> imap/mail.example.com at EXAMPLE.COM >> Make sure your realm name are all CAPS, otherwise it won't work. > Thank you, Captain Obvious. > Why such hostility? A lot people miss that, nothing special here. And I did answer your second question about how principal should looks like. Because mech-gssapi.c wasn't changed in years, so I doubt anything changed in 2.0 version compare to 1.2 series in GSSAPI. Maybe I wrong, not running yet 2.0. Make sure your client requesting correct principal in first place. "Wrong principal in request", Usually means the principal in the system keytab for your system doesn't agree with the hostname or DNS name of the system. From steve at toth.org.uk Tue Aug 30 22:16:34 2011 From: steve at toth.org.uk (Stephen Feyrer) Date: Tue, 30 Aug 2011 20:16:34 +0100 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: Hi. Dovecot appears to be running (testing required). /opt/sbin/dovecot:dovecot/anvil:dovecot/log:dovecot/config On Tue, 30 Aug 2011 18:13:14 +0100, Timo Sirainen wrote: > On 30.8.2011, at 19.46, Stephen Feyrer wrote: > >> *** Warning: Linking the shared library lib02_imap_acl_plugin.la >> against the loadable module >> *** lib01_acl_plugin.so is not portable! > > This is normal. Okay. >> /opt/sbin/dovecot: error while loading shared libraries: >> libdovecot.so.0: cannot open shared object file: No such file or >> directory > > So it's still not working? I guess the libdovecot.so.0 simply isn't in > library paths. Typically giving linker -rpath parameter pointing to > libdovecot.so.0 makes this problem invisible, but I guess in your system > it doesn't do this. So far Dovecot seems to be running. I don't want to say it's working or not until I've done some tests. This is using --without-shared-libraries. If it's just the linker in my system that's broken then this is an adequate solution. Otherwise any information I can produce might be useful to you is desirable. >> The outcome of the native compile: >> [/opt/dovecoti] # ./configure --prefix=/opt --enable-devel-checks >> --enable-maintainer-mode > > --enable-devel-checks is pretty useless unless you're developing Dovecot. > >> [/opt/etc/dovecot] # gdb --args dovecot -F >> [snip] >> This GDB was configured as "arm-none-linux-gnueabi"... >> (gdb) run >> Starting program: /share/MD0_DATA/optware/opt/sbin/dovecot -F >> Panic: Leaked file fd 3: dev 9.0 inode 53040060 > > This panic is caused by the --enable-devel-check. It wouldn't have > crashed otherwise. You could work around it by setting GDB=1 environment. I put --enable-devel-check in there in the vain hope that it'd elicit anything useful. I would suspect that this is again the build environment. I won't included in any further tests. Thanks again. -- Kind regards Stephen Feyrer. From dmiller at amfes.com Wed Aug 31 00:43:33 2011 From: dmiller at amfes.com (Daniel L. Miller) Date: Tue, 30 Aug 2011 14:43:33 -0700 Subject: [Dovecot] OT - small hd recommendation Message-ID: A little OT - but I've seen a few opinions voiced here by various admins and I'd like to benefit. Currently running a single combined server for multiple operations - fileserver, mailserver, webserver, virtual server, and whatever else pops up. Current incarnation of the machine, after the last rebuild, is an AMD Opteron 4180 with a Supermicro MB using ATI SB700 chipset - which means it supports SATA 3.0. Current storage is one o/s drive, and a 4-drive RAID10 array. The RAID10 is using the Linux softraid via mdadm. The drives are Seagates - ST3160811AS. So it's 320GB of storage, and SATA 1.5. I'm seeing some warnings & errors in my logs & dmesg - and Google tells me this can the result of several factors, including the hard drives. I haven't seen any SMART warnings as yet - but I am getting a little nervous and thinking about upgrading the storage. At this time, I'm just interested in recommendations for hard drives & partitioning strategy. At the time I created the RAID10 array - I was still in the early stages of learning these technologies (not that I know that much more now!) so I probably didn't take advantage of any of the advanced settings such as stripe size, cluster size, etc. I am using XFS. As part of the potential upgrade, I'm considering changing to RAID6 - seems a bit more efficient use of space. I see no reason for SSD - I think a set of reasonable 7200rpm drives should be just fine. What I don't know is, compared to my current 4 drive RAID10 with SATA 1.5, would even a single SATA 3 drive be comparable in terms of seek performance? Should I stick with the RAID-10? -- Daniel From wgillespie+dovecot at es2eng.com Wed Aug 31 01:08:31 2011 From: wgillespie+dovecot at es2eng.com (Willie Gillespie) Date: Tue, 30 Aug 2011 16:08:31 -0600 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> Message-ID: <4E5D5F5F.4030305@es2eng.com> On 08/30/2011 12:50 PM, Nikolay Shopik wrote: > On 30.08.2011 9:24, Stanislav Klinkov wrote: >> >>> Your principial in keytab should look like this - >>> imap/mail.example.com at EXAMPLE.COM >>> Make sure your realm name are all CAPS, otherwise it won't work. >> Thank you, Captain Obvious. >> > > Why such hostility? A lot people miss that, nothing special here. And I > did answer your second question about how principal should looks like. Agreed. I am unlikely to help with this problem now due to lack of common courtesy. From steve at toth.org.uk Wed Aug 31 03:00:53 2011 From: steve at toth.org.uk (Stephen Feyrer) Date: Wed, 31 Aug 2011 01:00:53 +0100 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: Hi. On Tue, 30 Aug 2011 18:13:14 +0100, Timo Sirainen wrote: > On 30.8.2011, at 19.46, Stephen Feyrer wrote: > >> /opt/sbin/dovecot: error while loading shared libraries: >> libdovecot.so.0: cannot open shared object file: No such file or >> directory > > So it's still not working? I guess the libdovecot.so.0 simply isn't in > library paths. Typically giving linker -rpath parameter pointing to > libdovecot.so.0 makes this problem invisible, but I guess in your system > it doesn't do this. I am planning to use Dovecot SASL with Sendmail as well, will this lack of shared libraries cause a problem? Really I should have thought of this before. I guess I'm going to have to start tracking down the actual source of my linker problem. -- Kind regards. Stephen Feyrer. From patrickdk at patrickdk.com Wed Aug 31 03:51:41 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Tue, 30 Aug 2011 20:51:41 -0400 Subject: [Dovecot] OT - small hd recommendation In-Reply-To: References: Message-ID: <20110830205141.Horde.yw3BXpLnE6FOXYWdD6QXiIA@mail.patrickdk.com> SATA 1 vs SATA 3 won't change the seek performance of the drive, unless your stay fully within the drives cache. Only 2 things affect how many iops you can get from a drive. The physical diameter and the speed. You can affect the physical diameter of the drive by selecting how much of the drive you use, like only using 200gigs out of a 500gig drive. If you do opt for raid6, that would be a huge cpu overhead, and if you stick with 4 drives, not worth it, every write would hit atleast 3 drives then, instead of just two they do currently, with no gain of space. Quoting "Daniel L. Miller" : > A little OT - but I've seen a few opinions voiced here by various > admins and I'd like to benefit. > > Currently running a single combined server for multiple operations - > fileserver, mailserver, webserver, virtual server, and whatever else > pops up. Current incarnation of the machine, after the last > rebuild, is an AMD Opteron 4180 with a Supermicro MB using ATI SB700 > chipset - which means it supports SATA 3.0. > > Current storage is one o/s drive, and a 4-drive RAID10 array. The > RAID10 is using the Linux softraid via mdadm. The drives are > Seagates - ST3160811AS. So it's 320GB of storage, and SATA 1.5. > > I'm seeing some warnings & errors in my logs & dmesg - and Google > tells me this can the result of several factors, including the hard > drives. I haven't seen any SMART warnings as yet - but I am getting > a little nervous and thinking about upgrading the storage. > > At this time, I'm just interested in recommendations for hard drives > & partitioning strategy. At the time I created the RAID10 array - I > was still in the early stages of learning these technologies (not > that I know that much more now!) so I probably didn't take advantage > of any of the advanced settings such as stripe size, cluster size, > etc. I am using XFS. > > As part of the potential upgrade, I'm considering changing to RAID6 > - seems a bit more efficient use of space. I see no reason for SSD > - I think a set of reasonable 7200rpm drives should be just fine. > What I don't know is, compared to my current 4 drive RAID10 with > SATA 1.5, would even a single SATA 3 drive be comparable in terms of > seek performance? Should I stick with the RAID-10? > -- > Daniel From tss at iki.fi Wed Aug 31 04:28:00 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 04:28:00 +0300 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: On 31.8.2011, at 3.00, Stephen Feyrer wrote: >> So it's still not working? I guess the libdovecot.so.0 simply isn't in library paths. Typically giving linker -rpath parameter pointing to libdovecot.so.0 makes this problem invisible, but I guess in your system it doesn't do this. > > I am planning to use Dovecot SASL with Sendmail as well, will this lack of shared libraries cause a problem? Really I should have thought of this before. I don't think Sendmail supports Dovecot SASL? If it does, it talks to Dovecot via UNIX socket and doesn't require any Dovecot libraries. From dlie76 at yahoo.com.au Wed Aug 31 07:09:32 2011 From: dlie76 at yahoo.com.au (Daminto Lie) Date: Tue, 30 Aug 2011 21:09:32 -0700 (PDT) Subject: [Dovecot] dovecot imap permission denied Message-ID: <1314763772.49414.YahooMailNeo@web113404.mail.gq1.yahoo.com> Hi, I received the following error from mail.log Aug 31 13:50:57 server1 dovecot: IMAP(mike_lee): mkdir(/home/mike_lee/Maildir/.INBOX.Sent/cur) failed: Permission denied (euid=1004 egid=1003(companyusergroup) missing +w perm: /home) What I have tried to do is changing the permission for /home by typing "sudo chmod 755 /home" and this does not work. What does it mean by missing +w perm: /home? and wonder how to get around it? This is what I have in main.cf from Postfix myhostname = server1 myorigin = /etc/mailname relayhost = mynetworks = 127.0.0.0/8, 192.168.1.0/24 inet_interfaces = all inet_protocols = ipv4 home_mailbox = Maildir/ smtpd_sasl_type = dovecot #smtpd_sasl_path = private/auth-client smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination #smtpd_sender_login_maps = ldap:/etc/postfix/ldap_senders.cf broken_sasl_auth_clients = yes #dovecot_destination_recipient_limit = 1 debug_peer_list = 127.0.0.1 debug_peer_level = 5 Any help is very much appreciated. Thank you From tss at iki.fi Wed Aug 31 08:02:53 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 08:02:53 +0300 Subject: [Dovecot] dovecot imap permission denied In-Reply-To: <1314763772.49414.YahooMailNeo@web113404.mail.gq1.yahoo.com> References: <1314763772.49414.YahooMailNeo@web113404.mail.gq1.yahoo.com> Message-ID: <1314766974.8787.26.camel@hurina> On Tue, 2011-08-30 at 21:09 -0700, Daminto Lie wrote: > Aug 31 13:50:57 server1 dovecot: IMAP(mike_lee): mkdir(/home/mike_lee/Maildir/.INBOX.Sent/cur) failed: Permission denied (euid=1004 egid=1003(companyusergroup) missing +w perm: /home) > > What I have tried to do is changing the permission for /home by typing "sudo chmod 755 /home" and this does not work. What does it mean by missing +w perm: /home? and wonder how to get around it? It means that Dovecot tries to deliver mails to mike_lee's Maildir, but /home/mike_lee/ directory itself doesn't exist, so Dovecot tries to create it, but it fails because the process doesn't have write permissions to /home. The best way to fix this would be to simply create the user home dirs with proper permissions before Dovecot ever tries to deliver mails to the user. From tss at iki.fi Wed Aug 31 08:05:04 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 08:05:04 +0300 Subject: [Dovecot] dovecot imap permission denied In-Reply-To: <1314766974.8787.26.camel@hurina> References: <1314763772.49414.YahooMailNeo@web113404.mail.gq1.yahoo.com> <1314766974.8787.26.camel@hurina> Message-ID: <1314767104.8787.28.camel@hurina> Oops, you confused me by giving Postfix config, which is completely irrelevant here. Replace "deliver mails" with "access mails". On Wed, 2011-08-31 at 08:02 +0300, Timo Sirainen wrote: > On Tue, 2011-08-30 at 21:09 -0700, Daminto Lie wrote: > > > Aug 31 13:50:57 server1 dovecot: IMAP(mike_lee): mkdir(/home/mike_lee/Maildir/.INBOX.Sent/cur) failed: Permission denied (euid=1004 egid=1003(companyusergroup) missing +w perm: /home) > > > > What I have tried to do is changing the permission for /home by typing "sudo chmod 755 /home" and this does not work. What does it mean by missing +w perm: /home? and wonder how to get around it? > > It means that Dovecot tries to deliver mails to mike_lee's Maildir, > but /home/mike_lee/ directory itself doesn't exist, so Dovecot tries to > create it, but it fails because the process doesn't have write > permissions to /home. > > The best way to fix this would be to simply create the user home dirs > with proper permissions before Dovecot ever tries to deliver mails to > the user. > > From dlie76 at yahoo.com.au Wed Aug 31 09:47:46 2011 From: dlie76 at yahoo.com.au (Daminto Lie) Date: Tue, 30 Aug 2011 23:47:46 -0700 (PDT) Subject: [Dovecot] dovecot imap permission denied In-Reply-To: <1314766974.8787.26.camel@hurina> References: <1314763772.49414.YahooMailNeo@web113404.mail.gq1.yahoo.com> <1314766974.8787.26.camel@hurina> Message-ID: <1314773266.74037.YahooMailNeo@web113409.mail.gq1.yahoo.com> Thanks a lot Timo, Creating directories for new users is not an issue. It's the permission that makes me headache. I tried the following sudo chmod o-r /home/$USER sudo chmod g+rw /home/$USER It did not work until I did chmod 777 /home. Is it safe to make home directory with permission 777? Thanks ________________________________ From: Timo Sirainen To: Daminto Lie Cc: "dovecot at dovecot.org" Sent: Wednesday, 31 August 2011 3:02 PM Subject: Re: [Dovecot] dovecot imap permission denied On Tue, 2011-08-30 at 21:09 -0700, Daminto Lie wrote: > Aug 31 13:50:57 server1 dovecot: IMAP(mike_lee): mkdir(/home/mike_lee/Maildir/.INBOX.Sent/cur) failed: Permission denied (euid=1004 egid=1003(companyusergroup) missing +w perm: /home) > > What I have tried to do is changing the permission for /home by typing "sudo chmod 755 /home" and this does not work. What does it mean by missing +w perm: /home? and wonder how to get around it? It means that Dovecot tries to deliver mails to mike_lee's Maildir, but /home/mike_lee/ directory itself doesn't exist, so Dovecot tries to create it, but it fails because the process doesn't have write permissions to /home. The best way to fix this would be to simply create the user home dirs with proper permissions before Dovecot ever tries to deliver mails to the user. From tss at iki.fi Wed Aug 31 09:52:07 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 09:52:07 +0300 Subject: [Dovecot] dovecot imap permission denied In-Reply-To: <1314773266.74037.YahooMailNeo@web113409.mail.gq1.yahoo.com> References: <1314763772.49414.YahooMailNeo@web113404.mail.gq1.yahoo.com> <1314766974.8787.26.camel@hurina> <1314773266.74037.YahooMailNeo@web113409.mail.gq1.yahoo.com> Message-ID: <69D3650A-1B43-42C7-8FBD-C921F80C5D5F@iki.fi> On 31.8.2011, at 9.47, Daminto Lie wrote: > Thanks a lot Timo, > > Creating directories for new users is not an issue. It's the permission that makes me headache. The error message you showed said that the user's home directory didn't exist, and the permission problem came only because it didn't exist and Dovecot tried to create it. > I tried the following > > sudo chmod o-r /home/$USER > sudo chmod g+rw /home/$USER > > It did not work until I did chmod 777 /home. Right, because only then did it have enough permissions to create the home dir. > Is it safe to make home directory with permission 777? No. From amateo at um.es Wed Aug 31 09:54:12 2011 From: amateo at um.es (Angel L. Mateo) Date: Wed, 31 Aug 2011 08:54:12 +0200 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <8800BF81-484F-4497-A33C-4DF85956C54A@iki.fi> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> <4E577CF2.2070800@um.es> <1314588382.4008.11.camel@hurina> <4E5B5F92.2050701@um.es> <1314674016.8787.12.camel@hurina> <4E5C8579.7020901@um.es> <8800BF81-484F-4497-A33C-4DF85956C54A@iki.fi> Message-ID: <4E5DDA94.1080304@um.es> El 30/08/11 11:41, Timo Sirainen escribi?: > > Yeah, that happens if the disconnection is noticed at the time when user is trying to authenticate. But if the disconnection is noticed immediately when there are no user requests, there is also no message logged about it. > So, there must be any problem, because when my load balancer expires the connection it closes the tcp connection (it sends a fin packet). I guess that slapd too. But I'll check this... -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From steve at toth.org.uk Wed Aug 31 11:51:18 2011 From: steve at toth.org.uk (Stephen Feyrer) Date: Wed, 31 Aug 2011 09:51:18 +0100 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: Hi. Sorry! I was thinking of Postfix (and Exim). That was my mistake, sorry again. Sadly Exim isn't available on my target platform. Thanks. -- Stephen Feyrer. On Wed, 31 Aug 2011 02:28:00 +0100, Timo Sirainen wrote: > On 31.8.2011, at 3.00, Stephen Feyrer wrote: > >>> So it's still not working? I guess the libdovecot.so.0 simply isn't in >>> library paths. Typically giving linker -rpath parameter pointing to >>> libdovecot.so.0 makes this problem invisible, but I guess in your >>> system it doesn't do this. >> >> I am planning to use Dovecot SASL with Sendmail as well, will this lack >> of shared libraries cause a problem? Really I should have thought of >> this before. > > I don't think Sendmail supports Dovecot SASL? If it does, it talks to > Dovecot via UNIX socket and doesn't require any Dovecot libraries. From amateo at um.es Wed Aug 31 13:31:25 2011 From: amateo at um.es (Angel L. Mateo) Date: Wed, 31 Aug 2011 12:31:25 +0200 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <4E5DDA94.1080304@um.es> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> <4E577CF2.2070800@um.es> <1314588382.4008.11.camel@hurina> <4E5B5F92.2050701@um.es> <1314674016.8787.12.camel@hurina> <4E5C8579.7020901@um.es> <8800BF81-484F-4497-A33C-4DF85956C54A@iki.fi> <4E5DDA94.1080304@um.es> Message-ID: <4E5E0D7D.9090103@um.es> El 31/08/11 08:54, Angel L. Mateo escribi?: > El 30/08/11 11:41, Timo Sirainen escribi?: >> >> Yeah, that happens if the disconnection is noticed at the time when >> user is trying to authenticate. But if the disconnection is noticed >> immediately when there are no user requests, there is also no message >> logged about it. >> > So, there must be any problem, because when my load balancer expires the > connection it closes the tcp connection (it sends a fin packet). I guess > that slapd too. But I'll check this... > OK. You were right: * When openldap closes the connection because of the idle timeout, it sends a FIN packet. When dovecot needs the connections, it simply opens a new connection (without any log message). * When my load balancer closes the connection, it doesn't send anything, so dovecot thinks the connection is active. So, when auth needs it, it tries to send the search, then load balancer sends a RST packet, so dovecot logs the message and opens a new connection. So the solution is to configure oldap idletimeout parameter, dovecot auth_cache_ttl and load balancer timeout in order to avoid this last timeout to be reached. -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From amateo at um.es Wed Aug 31 13:51:31 2011 From: amateo at um.es (Angel L. Mateo) Date: Wed, 31 Aug 2011 12:51:31 +0200 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <4E5E0D7D.9090103@um.es> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> <4E577CF2.2070800@um.es> <1314588382.4008.11.camel@hurina> <4E5B5F92.2050701@um.es> <1314674016.8787.12.camel@hurina> <4E5C8579.7020901@um.es> <8800BF81-484F-4497-A33C-4DF85956C54A@iki.fi> <4E5DDA94.1080304@um.es> <4E5E0D7D.9090103@um.es> Message-ID: <4E5E1233.9070604@um.es> El 31/08/11 12:31, Angel L. Mateo escribi?: > > * When openldap closes the connection because of the idle timeout, it > sends a FIN packet. When dovecot needs the connections, it simply opens > a new connection (without any log message). > > * When my load balancer closes the connection, it doesn't send anything, > so dovecot thinks the connection is active. So, when auth needs it, it > tries to send the search, then load balancer sends a RST packet, so > dovecot logs the message and opens a new connection. > > So the solution is to configure oldap idletimeout parameter, dovecot > auth_cache_ttl and load balancer timeout in order to avoid this last > timeout to be reached. > In fact, you could configure dovecot auth_cache_ttl bigger than the other, it doesn't apply. You need to configure it only if you don't want the connection to be really closed. If you just want to not log any message, configuring slapd timeout less than load balancer timeout is enough. -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From janfrode at tanso.net Wed Aug 31 14:03:07 2011 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Wed, 31 Aug 2011 13:03:07 +0200 Subject: [Dovecot] lmtp bouncing -- Invalid parameters (in reply to MAIL FROM command) Message-ID: <20110831110307.GA25350@oc1046828364.ibm.com> I just configured postfix' virtual_transport to point at my dovecot director, but am seeing occational problems like this: Aug 31 11:50:06 smtpgw postfix/lmtp[5339]: 69E2F5410D: to=, relay=loadbalancers.example.net[192.168.42.17]:24, delay=0.15, delays=0.14/0.01/0/0, dsn=5.5.4, status=bounced (host loadbalancers.example.net[192.168.42.17] said: 501 5.5.4 Invalid parameters (in reply to MAIL FROM command)) but can't find anything interesting in the dovecot logs.. Anybody have ideas for how to make postfix play nice with dovecot's lmtp ? smtpgws% rpm -q postfix postfix-2.3.3-2.1.el5_2 loadbalancers% rpm -q dovecot dovecot-2.0.13-2 backendmailstorers% rpm -q dovecot dovecot-2.0.13-2 -jf From janfrode at tanso.net Wed Aug 31 14:21:31 2011 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Wed, 31 Aug 2011 13:21:31 +0200 Subject: [Dovecot] lmtp bouncing -- Invalid parameters (in reply to MAIL FROM command) In-Reply-To: <20110831110307.GA25350@oc1046828364.ibm.com> References: <20110831110307.GA25350@oc1046828364.ibm.com> Message-ID: <20110831112131.GB25350@oc1046828364.ibm.com> On Wed, Aug 31, 2011 at 01:03:07PM +0200, Jan-Frode Myklebust wrote: > I just configured postfix' virtual_transport to point at my dovecot > director, but am seeing occational problems like this: > > Aug 31 11:50:06 smtpgw postfix/lmtp[5339]: 69E2F5410D: to=, relay=loadbalancers.example.net[192.168.42.17]:24, delay=0.15, delays=0.14/0.01/0/0, dsn=5.5.4, status=bounced (host loadbalancers.example.net[192.168.42.17] said: 501 5.5.4 Invalid parameters (in reply to MAIL FROM command)) Further digging shows that these messages are from an address containing quotes and spaces: mail from:<"a b"@no.no> 501 5.5.4 Invalid parameters Testing with postfix + dovecot lda (v1.2.16) the messages gets trough just fine. Is this auth_username_chars kicking in, or some other check of valid characters in lmtp from ? -jf From tss at iki.fi Wed Aug 31 14:38:50 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 14:38:50 +0300 Subject: [Dovecot] lmtp bouncing -- Invalid parameters (in reply to MAIL FROM command) In-Reply-To: <20110831112131.GB25350@oc1046828364.ibm.com> References: <20110831110307.GA25350@oc1046828364.ibm.com> <20110831112131.GB25350@oc1046828364.ibm.com> Message-ID: <1314790730.1197.10.camel@hurina> On Wed, 2011-08-31 at 13:21 +0200, Jan-Frode Myklebust wrote: > mail from:<"a b"@no.no> > 501 5.5.4 Invalid parameters This is fixed in v2.0.14. From klinkov at yandex.ru Wed Aug 31 15:27:54 2011 From: klinkov at yandex.ru (Stanislav Klinkov) Date: Wed, 31 Aug 2011 16:27:54 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> Message-ID: <4E5E28CA.6020602@yandex.ru> > Why such hostility? I beg you pardon, sir. Nothing personal, but to the question like "My car does not move" you provide the answer "Try to wipe screen and kick wheels". How do you think, if one digs into source code, has not he attempted more simple ways? Yes, I have read the manuals and wiki's before posting here. And I know what is wireshark and how to use it. > And I did answer your second question about how principal should looks > like. The matter of my question was how does the string in form of "service at host" agree with keytab entries in form of "service/host at REALM". Now I do know the answer. It is controlled by the argument "GSS_C_NT_HOSTBASED_SERVICE" of function "gss_import_name". > > Maybe I wrong, not running yet 2.0. You are wrong. There were some minor changes. See here, for example: http://www.dovecot.org/list/dovecot-cvs/2010-June/017143.html > > Make sure your client requesting correct principal in first place. Yes, I am sure. I examined logs of my Mozilla Thunderbird client. They look like this: ******* Thunderbird logs ********** 3712[5a9e240]: nsAuthSSPI::Init 3712[5a9e240]: InitSSPI 3712[5a9e240]: Using SPN of [imap/efim.test.local] 3712[5a9e240]: AcquireCredentialsHandle() succeeded. 3712[5a9e240]: entering nsAuthSSPI::GetNextToken() 3712[5a9e240]: InitializeSecurityContext: continue. ************************************* > "Wrong principal in request", Usually means the principal in the > system keytab for your system doesn't agree with the hostname or DNS > name of the system. It does agree. My host is named "efim.test.local". Here is the contents of my krb5.keytab: ******* krb5.keytab *********** slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 4 imap/efim.test.local at ROMASHKA.LAN 2 5 pop/efim.test.local at ROMASHKA.LAN 3 6 smtp/efim.test.local at ROMASHKA.LAN ********************************* I have already found out, that denial is generated somewhere inside krb5 libraries, not in Dovecot's modules. But I see no way to trace or debug kerberos calls. Source codes of kerberos libs are too complex for me to analyze. If you are interested in, you may join the parallel discussion of the topic on iXBT forum here: http://forum.ixbt.com/topic.cgi?id=76:10089 With best regards, Stanislav Klinkov. From warden at geneseo.edu Wed Aug 31 16:11:17 2011 From: warden at geneseo.edu (David Warden) Date: Wed, 31 Aug 2011 09:11:17 -0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5E28CA.6020602@yandex.ru> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> Message-ID: <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> On Aug 31, 2011, at 8:27 AM, Stanislav Klinkov wrote: > >> Why such hostility? > > I beg you pardon, sir. Nothing personal, but to the question like "My > car does not move" you provide the answer "Try to wipe screen and kick > wheels". How do you think, if one digs into source code, has not he > attempted more simple ways? Yes, I have read the manuals and wiki's > before posting here. And I know what is wireshark and how to use it. > >> And I did answer your second question about how principal should looks >> like. > > The matter of my question was how does the string in form of > "service at host" agree with keytab entries in form of > "service/host at REALM". Now I do know the answer. It is controlled by the > argument "GSS_C_NT_HOSTBASED_SERVICE" of function "gss_import_name". > >> >> Maybe I wrong, not running yet 2.0. > > You are wrong. There were some minor changes. See here, for example: > http://www.dovecot.org/list/dovecot-cvs/2010-June/017143.html > >> >> Make sure your client requesting correct principal in first place. > > Yes, I am sure. I examined logs of my Mozilla Thunderbird client. They > look like this: > > ******* Thunderbird logs ********** > 3712[5a9e240]: nsAuthSSPI::Init > 3712[5a9e240]: InitSSPI > 3712[5a9e240]: Using SPN of [imap/efim.test.local] > 3712[5a9e240]: AcquireCredentialsHandle() succeeded. > 3712[5a9e240]: entering nsAuthSSPI::GetNextToken() > 3712[5a9e240]: InitializeSecurityContext: continue. > ************************************* > I take these Thunderbird log entries to mean your workstation was able to get a kerberos ticket for imap/efim.test.local >> "Wrong principal in request", Usually means the principal in the >> system keytab for your system doesn't agree with the hostname or DNS >> name of the system. > > It does agree. My host is named "efim.test.local". Here is the contents > of my krb5.keytab: > > ******* krb5.keytab *********** > slot KVNO Principal > ---- ---- > --------------------------------------------------------------------- > 1 4 imap/efim.test.local at ROMASHKA.LAN > 2 5 pop/efim.test.local at ROMASHKA.LAN > 3 6 smtp/efim.test.local at ROMASHKA.LAN > ********************************* > The fact that you have different KVNOs for multiple services on the same host seems curious. How did you generate those keys and put them into krb5.keytab? Are you using Active Directory for Kerberos? If I ran ktpass multiple times to generate a new key for imap and then smtp, I would get the "wrong principal in request" error. When I ran ktpass once for IMAP and added the SPN for smtp using LDAP/setspn and used ktutil on the dovecot host to add an entry to my keytab with the same key and kvno as ktpass generated the first time, then dovecot and smtp started working. I suppose that's weaker for security but chances are your mail SPNs (imap/pop/smtp) are tied to a single user or machine account anyway... > I have already found out, that denial is generated somewhere inside krb5 > libraries, not in Dovecot's modules. But I see no way to trace or debug > kerberos calls. Source codes of kerberos libs are too complex for me to > analyze. > > If you are interested in, you may join the parallel discussion of the > topic on iXBT forum here: http://forum.ixbt.com/topic.cgi?id=76:10089 > > With best regards, > Stanislav Klinkov. From tss at iki.fi Wed Aug 31 16:24:24 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 16:24:24 +0300 Subject: [Dovecot] [PATCH] Indexing mail attachments with Dovecot + Solr In-Reply-To: References: Message-ID: <1314797064.1197.23.camel@hurina> On Mon, 2011-05-23 at 13:11 +0200, Antonio Perez-Aranda wrote: > Indexing mail attachments with Dovecot + Solr. I've been looking at this and wondering about a few things: The example solrconfig.xml contains: > > .. > > true > links > ignored_ > To me it looks like this requires that there exists a "links" field that is used for.. I guess content between .. tags? Or also for the href URLS? In any case there's no links field in the schema.xml so I don't think this works? Similarly it looks like stuff between
..
is ignored here, which doesn't seem like a good idea. > There is a new property for the section plugin to filter the mimetypes > that you want to index. > * fts_solr_mimetype > files with this mimetype will be sent to solr. In v2.1 I've added a generic "fts decoder" script that can handle attachment decoding. The script contains stuff like: formats='application/pdf pdf application/x-pdf pdf application/msword doc .. So there already exists a place which can list supported MIME types and also what filename extensions they have, so if there's application/octet-stream with filename=foo.pdf, Dovecot's fts code can change the MIME type to application/pdf. This sounds like it could be useful for the Solr attachments too. Maybe instead of fts_solr_mimetype setting the script could be modified a bit so that it would even allow mixed Solr/script attachment extraction. For example: formats='+application/pdf pdf +application/x-pdf pdf application/msword doc' The "+" prefix could tell that the FTS backend (Solr) handles the MIME type instead of the script. So with above config Solr would decode .pdfs, but the script would decode .docs. I was also thinking that the attachment documents could contain some description fields as well, which could be useful if you're searching the Solr index directly instead of via Dovecot. Maybe fields like "attachment_filename" (parsed from Content-Disposition: header) and "attachment_description" (parsed from Content-Description: header). They could of course be empty if those fields don't exist (and probably should be optional anyway). Also there should be "attachment_part" field that would contain the IMAP MIME part number of the attachment (e.g. "2.1.3"), so it would be easy to find and fetch the attachment. This could also be used as part of the ID string instead of the attachment_count. From klinkov at yandex.ru Wed Aug 31 16:35:52 2011 From: klinkov at yandex.ru (Stanislav Klinkov) Date: Wed, 31 Aug 2011 17:35:52 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> Message-ID: <4E5E38B8.7060404@yandex.ru> > How did you generate those keys and put them into krb5.keytab? I logged onto my domain controller via RDP and issued the following commands: **************** keytabs generation ********************* ktpass -princ imap/efim.test.local at ROMASHKA.LAN -mapuser dovecot -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out imap.keytab ktpass -princ pop/efim.test.local at ROMASHKA.LAN -mapuser dovecot -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out pop.keytab ktpass -princ smtp/efim.test.local at ROMASHKA.LAN -mapuser dovecot -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out smtp.keytab ************************************************************ Then I moved "imap.keytab", "pop.keytab" and "smtp.keytab" onto my dovecot server machine and merged them into single file with "ktutil": ************** ktutil commands ************** rkt imap.keytab rkt pop.keytab rkt smtp.keytab wkt krb5.keytab quit ************************************************ > Are you using Active Directory for Kerberos? Yes, I am. > and added the SPN for smtp using LDAP/setspn and used ktutil on the dovecot host to add an entry to my keytab with the same key and kvno Sorry, I'm not sure in realizing what you mean. What is "LDAP/setspn"? From warden at geneseo.edu Wed Aug 31 17:08:30 2011 From: warden at geneseo.edu (David Warden) Date: Wed, 31 Aug 2011 10:08:30 -0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5E38B8.7060404@yandex.ru> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> Message-ID: <93D67517-EEA9-4E73-8484-A56D89149434@geneseo.edu> On Aug 31, 2011, at 9:35 AM, Stanislav Klinkov wrote: > >> How did you generate those keys and put them into krb5.keytab? > I logged onto my domain controller via RDP and issued the following > commands: > > **************** keytabs generation ********************* > ktpass -princ imap/efim.test.local at ROMASHKA.LAN -mapuser dovecot > -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out imap.keytab > > ktpass -princ pop/efim.test.local at ROMASHKA.LAN -mapuser dovecot > -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out pop.keytab > > ktpass -princ smtp/efim.test.local at ROMASHKA.LAN -mapuser dovecot > -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out smtp.keytab > ************************************************************ > > Then I moved "imap.keytab", "pop.keytab" and "smtp.keytab" onto my > dovecot server machine and merged them into single file with "ktutil": > ************** ktutil commands ************** > rkt imap.keytab > rkt pop.keytab > rkt smtp.keytab > wkt krb5.keytab > quit > ************************************************ I did exactly what you did when I was trying to get IMAP and SMTP Kerberized with AD (although I used KRB5_NT_PRINCIPAL in ktpass) and got the same error you were getting. It seemed like running ktpass multiple times invalidated the previous keytabs. What I did to fix it was run ktpass once for imap/fqdn at REALM and copy the hex key, kvno and encryption type to a text file somewhere. (You could also get these from klist -Kek ) Then I used ktutil to rkt the imap keytab and did "addent -key -p smtp/fqdn at REALM -k -e " and then paste the hex key I got from ktpass. Since you're not using +rndPass in ktpass, you may be able to use -password instead of key in the addent command in ktutil, but I haven't used that method before. Then wkt the ticket somewhere and klist -Kek and make sure that all entries have the same KVNO, hex key, and enc type but different principals. Then use your preferred method (setspn.exe or some graphical interface to AD's LDAP) to add entries to your dovecot user's servicePrincipalName attribute for each new principal you added to your keytab. The first ktpass should've put something there for you, just follow that example. To make sure everything should work, hop on a box where you have a valid user Kerberos ticket and do kvno imap/efim.test.local and kvno smtp/efim.test.local. That should try to get tickets for each of those services. If that doesn't work, then something is probably wrong with the servicePrincipalName attribute. One thing I should mention: servicePrincipalNames must be unique in AD, but I don't believe there are any controls to prevent you from making duplicates since it's just an LDAP attribute. The effect of this (as you can probably guess) is that IMAP, POP and SMTP effectively end up as aliases to the dovecot user in AD, using a single key. > >> Are you using Active Directory for Kerberos? > Yes, I am. > >> and added the SPN for smtp using LDAP/setspn and used ktutil on the dovecot host to add an entry to my keytab with the same key and kvno > Sorry, I'm not sure in realizing what you mean. What is "LDAP/setspn"? > > I should've been more clear about LDAP/setspn. You can use setspn.exe command on one of your AD controllers, or Active Directory Users & Computers or AD & GP MMC interfaces (depending on if you have Win Server 2k3 or 2k8) to edit the servicePrincipalName attribute for your dovecot user in AD's LDAP store. From acherniak at gmail.com Wed Aug 31 17:24:49 2011 From: acherniak at gmail.com (Alex Cherniak) Date: Wed, 31 Aug 2011 10:24:49 -0400 Subject: [Dovecot] Proprietary mail storage. Message-ID: I have a large existing read-only collection of mails packaged in individual zip files as +. Is it possible (and how difficult) to create a proprietary plugin (like gzip) which will open a zip file, extract mail and pass it back to Dovecot? Where do I start? If plugin is not the right approach, what is? Another question is how will this affect Dovecot performance and how to avoid any significant degradation. Any help is appreciated.Thanks. From robert at schetterer.org Wed Aug 31 17:29:19 2011 From: robert at schetterer.org (Robert Schetterer) Date: Wed, 31 Aug 2011 16:29:19 +0200 Subject: [Dovecot] Proprietary mail storage. In-Reply-To: References: Message-ID: <4E5E453F.6060508@schetterer.org> Am 31.08.2011 16:24, schrieb Alex Cherniak: > I have a large existing read-only collection of mails packaged in > individual zip files as +. Is it > possible (and how difficult) to create a proprietary plugin (like > gzip) which will open a zip file, extract mail and pass it back to > Dovecot? Where do I start? If plugin is not the right approach, what > is? > Another question is how will this affect Dovecot performance and how > to avoid any significant degradation. > Any help is appreciated.Thanks. did you looked at http://wiki2.dovecot.org/Plugins/Zlib ? -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From tss at iki.fi Wed Aug 31 17:52:42 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 17:52:42 +0300 Subject: [Dovecot] Proprietary mail storage. In-Reply-To: References: Message-ID: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> On 31.8.2011, at 17.24, Alex Cherniak wrote: > I have a large existing read-only collection of mails packaged in > individual zip files as +. Is it > possible (and how difficult) to create a proprietary plugin (like > gzip) which will open a zip file, extract mail and pass it back to > Dovecot? Where do I start? If plugin is not the right approach, what > is? Is it otherwise a Maildir? If yes, you could base your code on the zlib plugin, or perhaps more easily you could use mail-filter plugin: http://dovecot.org/patches/2.0/mail-filter.tar.gz With mail-filter you can basically just put the messages through whatever program/script you want which gets the mail as input and outputs the wanted message body. I think the v2.0 mail-filter had some (potential?) bug, v2.1 mail-filter is anyway redesigned and should work perfectly. > Another question is how will this affect Dovecot performance and how > to avoid any significant degradation. I doubt it's going to be a problem. From klinkov at yandex.ru Wed Aug 31 17:55:04 2011 From: klinkov at yandex.ru (Stanislav Klinkov) Date: Wed, 31 Aug 2011 18:55:04 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <93D67517-EEA9-4E73-8484-A56D89149434@geneseo.edu> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> <93D67517-EEA9-4E73-8484-A56D89149434@geneseo.edu> Message-ID: <4E5E4B48.3010209@yandex.ru> Thank you for sharing a very interesting experience, David. > It seemed like running ktpass multiple times invalidated the previous keytabs. OK. Let us assume. But then how can you explain the fact that the setting <> in dovecot config solves all mentioned troubles at once? As well I just have run the following experiment. I re-generated one more keytab for service "imap/test.efim.local" only. So, it became the last-generated key. Then I copied it onto my dovecot server as the only "krb.keytab" file, and nothing changed. Also, I issued the following command on my AD domain controller: C:\Windows\system32>setspn -L dovecot And the result was: ***************** Registered ServicePrincipalNames for CN=dovecot,OU=Agents,DC=romashka,DC=lan: imap/efim.test.local smtp/efim.test.local pop/efim.test.local ***************** Please note, that I have not apllied any magic to servicePrincipalName of AD user "dovecot" by setspn or other AD snap-ins. > To make sure everything should work, hop on a box where you have a valid user Kerberos ticket and do kvno imap/efim.test.local and kvno smtp/efim.test.local. Sorry, I might have not mentioned above. I run Mozilla Thunderbird on my Windows XP workstation. From robert at schetterer.org Wed Aug 31 18:04:27 2011 From: robert at schetterer.org (Robert Schetterer) Date: Wed, 31 Aug 2011 17:04:27 +0200 Subject: [Dovecot] Proprietary mail storage. In-Reply-To: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> References: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> Message-ID: <4E5E4D7B.3050507@schetterer.org> Am 31.08.2011 16:52, schrieb Timo Sirainen: > On 31.8.2011, at 17.24, Alex Cherniak wrote: > >> I have a large existing read-only collection of mails packaged in >> individual zip files as +. Is it >> possible (and how difficult) to create a proprietary plugin (like >> gzip) which will open a zip file, extract mail and pass it back to >> Dovecot? Where do I start? If plugin is not the right approach, what >> is? > > Is it otherwise a Maildir? If yes, you could base your code on the zlib plugin, or perhaps more easily you could use mail-filter plugin: http://dovecot.org/patches/2.0/mail-filter.tar.gz are there any examples or how too online for mail-filter ? > > With mail-filter you can basically just put the messages through whatever program/script you want which gets the mail as input and outputs the wanted message body. I think the v2.0 mail-filter had some (potential?) bug, v2.1 mail-filter is anyway redesigned and should work perfectly. > >> Another question is how will this affect Dovecot performance and how >> to avoid any significant degradation. > > I doubt it's going to be a problem. > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From tss at iki.fi Wed Aug 31 18:14:57 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 18:14:57 +0300 Subject: [Dovecot] Proprietary mail storage. In-Reply-To: <4E5E4D7B.3050507@schetterer.org> References: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> <4E5E4D7B.3050507@schetterer.org> Message-ID: <6D760583-9552-4772-B862-DB6AA37155B4@iki.fi> On 31.8.2011, at 18.04, Robert Schetterer wrote: >> Is it otherwise a Maildir? If yes, you could base your code on the zlib plugin, or perhaps more easily you could use mail-filter plugin: http://dovecot.org/patches/2.0/mail-filter.tar.gz > > are there any examples or how too online for mail-filter ? For compiling look at the beginning of mail-filter-plugin.c For using add it to mail_plugins and: plugin { mail_filter_executable = /path/to/your/script.sh } A script could be for example (totally insecure and broken): #!/bin/sh sed s/Hello/Hi/ > /tmp/foo cat /tmp/foo rm /tmp/foo Unfortunately you can't both read stdin and write to stdout at the same time because of some internal Dovecot problems with it. So you'll have to write it to a temp file and then output that after the entire input is read. From robert at schetterer.org Wed Aug 31 18:17:51 2011 From: robert at schetterer.org (Robert Schetterer) Date: Wed, 31 Aug 2011 17:17:51 +0200 Subject: [Dovecot] Proprietary mail storage. In-Reply-To: <6D760583-9552-4772-B862-DB6AA37155B4@iki.fi> References: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> <4E5E4D7B.3050507@schetterer.org> <6D760583-9552-4772-B862-DB6AA37155B4@iki.fi> Message-ID: <4E5E509F.2020403@schetterer.org> Am 31.08.2011 17:14, schrieb Timo Sirainen: > On 31.8.2011, at 18.04, Robert Schetterer wrote: > >>> Is it otherwise a Maildir? If yes, you could base your code on the zlib plugin, or perhaps more easily you could use mail-filter plugin: http://dovecot.org/patches/2.0/mail-filter.tar.gz >> >> are there any examples or how too online for mail-filter ? > > For compiling look at the beginning of mail-filter-plugin.c > > For using add it to mail_plugins and: > > plugin { > mail_filter_executable = /path/to/your/script.sh > } > > A script could be for example (totally insecure and broken): > > #!/bin/sh > > sed s/Hello/Hi/ > /tmp/foo > cat /tmp/foo > rm /tmp/foo > > Unfortunately you can't both read stdin and write to stdout at the same time because of some internal Dovecot problems with it. So you'll have to write it to a temp file and then output that after the entire input is read. sorry for silly question is there any known typical usage for that , or was this on the wishlist to solve some stuff ? -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From simon.brereton at buongiorno.com Wed Aug 31 18:19:23 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Wed, 31 Aug 2011 11:19:23 -0400 Subject: [Dovecot] Password query returned multiple matches Message-ID: <006601cc67f1$5e34f550$1a9edff0$@brereton@buongiorno.com> Hi After successfully setting up dovecot, I see this error in the logs. Aug 30 22:41:45 mail dovecot: auth-worker(default): sql(sbrereton at domain.co.uk,64.88.168.84): Password query returned multiple matches Aug 30 22:41:52 mail dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=64.88.168.84, lip=127.0.0.1, TLS Can you tell me what it means or what I should look for? In my dovecot-sql.conf I have this query: password_query = SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='%u' AND active = '1'; Since the EmailAdd is unique I don't see how it can return multiple matches. Thanks. Simon From tss at iki.fi Wed Aug 31 18:21:05 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 18:21:05 +0300 Subject: [Dovecot] Proprietary mail storage. In-Reply-To: <4E5E509F.2020403@schetterer.org> References: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> <4E5E4D7B.3050507@schetterer.org> <6D760583-9552-4772-B862-DB6AA37155B4@iki.fi> <4E5E509F.2020403@schetterer.org> Message-ID: <5D6C1852-9288-4C76-9EF6-6AC549500C2D@iki.fi> On 31.8.2011, at 18.17, Robert Schetterer wrote: >>>> Is it otherwise a Maildir? If yes, you could base your code on the zlib plugin, or perhaps more easily you could use mail-filter plugin: http://dovecot.org/patches/2.0/mail-filter.tar.gz >>> >>> are there any examples or how too online for mail-filter ? .. > sorry for silly question > is there any known typical usage for that , or was this on the wishlist > to solve some stuff ? It was originally written to be used with imapc ("imap proxy") backend. You could use it for stuff like decode encrypted PGP mails or scan for viruses and drop them if found. From tss at iki.fi Wed Aug 31 18:22:22 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 18:22:22 +0300 Subject: [Dovecot] Password query returned multiple matches In-Reply-To: <006601cc67f1$5e34f550$1a9edff0$@brereton@buongiorno.com> References: <006601cc67f1$5e34f550$1a9edff0$@brereton@buongiorno.com> Message-ID: On 31.8.2011, at 18.19, Simon Brereton wrote: > Aug 30 22:41:45 mail dovecot: auth-worker(default): sql(sbrereton at domain.co.uk,64.88.168.84): Password query returned multiple matches .. > password_query = SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='%u' AND active = '1'; > > Since the EmailAdd is unique I don't see how it can return multiple matches. You're querying with Username, not with EmailAdd, and apparently there are multiple rows where Username='sbrereton at domain.co.uk'. From robert at schetterer.org Wed Aug 31 18:27:54 2011 From: robert at schetterer.org (Robert Schetterer) Date: Wed, 31 Aug 2011 17:27:54 +0200 Subject: [Dovecot] Proprietary mail storage. In-Reply-To: <5D6C1852-9288-4C76-9EF6-6AC549500C2D@iki.fi> References: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> <4E5E4D7B.3050507@schetterer.org> <6D760583-9552-4772-B862-DB6AA37155B4@iki.fi> <4E5E509F.2020403@schetterer.org> <5D6C1852-9288-4C76-9EF6-6AC549500C2D@iki.fi> Message-ID: <4E5E52FA.7020503@schetterer.org> Am 31.08.2011 17:21, schrieb Timo Sirainen: > On 31.8.2011, at 18.17, Robert Schetterer wrote: > >>>>> Is it otherwise a Maildir? If yes, you could base your code on the zlib plugin, or perhaps more easily you could use mail-filter plugin: http://dovecot.org/patches/2.0/mail-filter.tar.gz >>>> >>>> are there any examples or how too online for mail-filter ? > .. >> sorry for silly question >> is there any known typical usage for that , or was this on the wishlist >> to solve some stuff ? > > It was originally written to be used with imapc ("imap proxy") backend. You could use it for stuff like decode encrypted PGP mails that sounds like a very good idea or scan for viruses and drop them if found. > ok , thats solved i another way at my setup, but nice to have great idea anyway, thx for coding -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From trever.adams at gmail.com Wed Aug 31 18:28:50 2011 From: trever.adams at gmail.com (Trever L. Adams) Date: Wed, 31 Aug 2011 09:28:50 -0600 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5E38B8.7060404@yandex.ru> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> Message-ID: <4E5E5332.3060006@gmail.com> On 08/31/2011 07:35 AM, Stanislav Klinkov wrote: > > >> and added the SPN for smtp using LDAP/setspn and used ktutil on the dovecot host to add an entry to my keytab with the same key and kvno > Sorry, I'm not sure in realizing what you mean. What is "LDAP/setspn"? > > I have only followed part of this. It the original poster's problem is that the LDAP database is not being able to be accessed with an SPN ticket, this is because SPNs are not allowed to log in in AD. You need to use a user account (including MACHINE$ accounts). It took me forever to figure this out. To use this, you need a cron job that creates/renews tickets from time to time for the user/machine account. Then you use Dovecot's environment setup configuration to set the KRB5_CC (or whatever it is called, my head is elsewhere) env variable to that Kerberos ticket cache that was created in the cronjob. This cache needs to be readable by dovecot and should be owned by its user. Trever -- First Law of System Requirements: "Anything is possible if you don't know what you're talking about..." -- Unknown -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: From simon.brereton at buongiorno.com Wed Aug 31 18:44:03 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Wed, 31 Aug 2011 11:44:03 -0400 Subject: [Dovecot] Password query returned multiple matches In-Reply-To: References: <006601cc67f1$5e34f550$1a9edff0$@brereton@buongiorno.com> Message-ID: <006901cc67f4$d03cd2f0$70b678d0$@brereton@buongiorno.com> > -----Original Message----- > From: Timo Sirainen [mailto:tss at iki.fi] > > On 31.8.2011, at 18.19, Simon Brereton wrote: > > > Aug 30 22:41:45 mail dovecot: auth-worker(default): > sql(sbrereton at domain.co.uk,64.88.168.84): Password query returned > multiple matches > .. > > password_query = SELECT EmailAdd AS user, Password AS password, > concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as > userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='%u' > AND active = '1'; > > > > Since the EmailAdd is unique I don't see how it can return multiple > matches. > > You're querying with Username, not with EmailAdd, and apparently > there are multiple rows where Username='sbrereton at domain.co.uk'. Well, what do you know - there are two Usernames that at the same! I have no idea how that happened. Simon From warden at geneseo.edu Wed Aug 31 18:51:02 2011 From: warden at geneseo.edu (David Warden) Date: Wed, 31 Aug 2011 11:51:02 -0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5E4B48.3010209@yandex.ru> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> <93D67517-EEA9-4E73-8484-A56D89149434@geneseo.edu> <4E5E4B48.3010209@yandex.ru> Message-ID: <8CDCA9B7-4BB1-4253-8D63-684168C38C61@geneseo.edu> On Aug 31, 2011, at 10:55 AM, Stanislav Klinkov wrote: > > Thank you for sharing a very interesting experience, David. > >> It seemed like running ktpass multiple times invalidated the previous keytabs. > OK. Let us assume. But then how can you explain the fact that the > setting <> in dovecot config solves all > mentioned troubles at once? > That is a very good question that I sadly don't have the answer to and I fear I misunderstood the initial problem. It's my understanding that auth_gssapi_hostname controls which entries in the keytab file dovecot will allow itself to use. If you enable debug auth logging in dovecot, do you see anything about which entry in your keytab file it's attempting to use? Also, do you see anything in your AD logs when you get the "invalid principal" error from the IP of your dovecot host? > As well I just have run the following experiment. I re-generated one > more keytab for service "imap/test.efim.local" only. So, it became the > last-generated key. Then I copied it onto my dovecot server as the only > "krb.keytab" file, and nothing changed. > > Also, I issued the following command on my AD domain controller: > C:\Windows\system32>setspn -L dovecot > > And the result was: > ***************** > Registered ServicePrincipalNames for > CN=dovecot,OU=Agents,DC=romashka,DC=lan: > imap/efim.test.local > smtp/efim.test.local > pop/efim.test.local > ***************** > > Please note, that I have not apllied any magic to servicePrincipalName > of AD user "dovecot" by setspn or other AD snap-ins. > >> To make sure everything should work, hop on a box where you have a valid user Kerberos ticket and do kvno imap/efim.test.local and kvno smtp/efim.test.local. > > Sorry, I might have not mentioned above. I run Mozilla Thunderbird on my > Windows XP workstation. > From simon.brereton at buongiorno.com Wed Aug 31 18:54:57 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Wed, 31 Aug 2011 11:54:57 -0400 Subject: [Dovecot] Multiple domains to one inbox and temporary redirects... Message-ID: <007f01cc67f6$5622d1c0$02687540$@brereton@buongiorno.com> Hi Can anyone point me to a howto to arrange for multiple domains to deliver to one inbox with Dovecot? For example, user1 at example.com and user1 at example.net should both be delivered to /var/spool/mail/virtual/example.net/user1 Currently, I have the dovecot LDA set as: dovecot unix - n n - - pipe flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} and in dovecot.conf: mail_location: maildir:/var/spool/mail/virtual/%d/%n For some domains only, I need to override that mail_location. Related to that, when user1 leave and user2 would like to receive user1's email, how can I get it so that email to user1 at example.com is delivered to user2 at example.com? Previously when I was using Postfix to deliver the mails, I could change the maildirloc in the DB - but I?m not sure how to accomplish this with dovecot LDA. Again, any pointers would be welcome. Thanks. Simon From shopik at inblock.ru Wed Aug 31 19:30:48 2011 From: shopik at inblock.ru (Nikolay Shopik) Date: Wed, 31 Aug 2011 20:30:48 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5E4B48.3010209@yandex.ru> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> <93D67517-EEA9-4E73-8484-A56D89149434@geneseo.edu> <4E5E4B48.3010209@yandex.ru> Message-ID: On 31.08.2011 18:55, Stanislav Klinkov wrote: > > Thank you for sharing a very interesting experience, David. > >> It seemed like running ktpass multiple times invalidated the previous keytabs. > OK. Let us assume. But then how can you explain the fact that the > setting<> in dovecot config solves all > mentioned troubles at once? > > As well I just have run the following experiment. I re-generated one > more keytab for service "imap/test.efim.local" only. So, it became the > last-generated key. Then I copied it onto my dovecot server as the only > "krb.keytab" file, and nothing changed. > > Also, I issued the following command on my AD domain controller: > C:\Windows\system32>setspn -L dovecot > > And the result was: > ***************** > Registered ServicePrincipalNames for > CN=dovecot,OU=Agents,DC=romashka,DC=lan: > imap/efim.test.local > smtp/efim.test.local > pop/efim.test.local > ***************** > > Please note, that I have not apllied any magic to servicePrincipalName > of AD user "dovecot" by setspn or other AD snap-ins. Early versions of ktpass only allowed only 1 serviceprincipialnames, thus every time you generate new it was overwrite old one. ktpass from win2008 seems fix this. > >> To make sure everything should work, hop on a box where you have a valid user Kerberos ticket and do kvno imap/efim.test.local and kvno smtp/efim.test.local. > > Sorry, I might have not mentioned above. I run Mozilla Thunderbird on my > Windows XP workstation. > > Can you do kinit -k imap/imap/efim.test.local at ROMASHKA.LAN and then klist, does it work for you? I do recommend tcpdump kerberos traffic between your client and server, this is usually helps me much better then any logging, flow easy to read in wireshark. From nick+dovecot at bunbun.be Wed Aug 31 19:41:42 2011 From: nick+dovecot at bunbun.be (Nick Rosier) Date: Wed, 31 Aug 2011 18:41:42 +0200 Subject: [Dovecot] Multiple domains to one inbox and temporary redirects... In-Reply-To: <007f01cc67f6$5622d1c0$02687540$@brereton@buongiorno.com> References: <007f01cc67f6$5622d1c0$02687540$@brereton@buongiorno.com> Message-ID: <4E5E6446.1070406@bunbun.be> Simon Brereton wrote: > Hi > > Can anyone point me to a howto to arrange for multiple domains to deliver to one inbox with Dovecot? For example, user1 at example.com and user1 at example.net should both be delivered to /var/spool/mail/virtual/example.net/user1 > > Currently, I have the dovecot LDA set as: > > dovecot unix - n n - - pipe > flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} > > > and in dovecot.conf: > > mail_location: maildir:/var/spool/mail/virtual/%d/%n > > For some domains only, I need to override that mail_location. > > > Related to that, when user1 leave and user2 would like to receive user1's email, how can I get it so that email to user1 at example.com is delivered to user2 at example.com? Previously when I was using Postfix to deliver the mails, I could change the maildirloc in the DB - but I?m not sure how to accomplish this with dovecot LDA. > > I'm using Postfixadmin to manage users and have server alias-domains. All mail sent to an alias-domain is delivered to the other domain. Quite easy if you've got postfixadmin already setup. Otherwise I think you could configure virtual_alias_maps in postfix to something like hash:virtual_domains virtual_domains: @example.net @example.com N. From aewhale at ABS-CompTech.com Wed Aug 31 20:34:01 2011 From: aewhale at ABS-CompTech.com (Albert E. Whale) Date: Wed, 31 Aug 2011 13:34:01 -0400 Subject: [Dovecot] Multiple domains to one inbox and temporary redirects... In-Reply-To: <4E5E6446.1070406@bunbun.be> References: <007f01cc67f6$5622d1c0$02687540$@brereton@buongiorno.com> <4E5E6446.1070406@bunbun.be> Message-ID: <4E5E7089.2040701@ABS-CompTech.com> I'm using Sendmail, sample config below: On 8/31/2011 12:41 PM, Nick Rosier wrote: > Simon Brereton wrote: >> Hi >> >> Can anyone point me to a howto to arrange for multiple domains to >> deliver to one inbox with Dovecot? For example, user1 at example.com >> and user1 at example.net should both be delivered to >> /var/spool/mail/virtual/example.net/user1 >> >> Currently, I have the dovecot LDA set as: >> >> dovecot unix - n n - - pipe >> flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f >> ${sender} -d ${user}@${nexthop} >> >> >> and in dovecot.conf: >> >> mail_location: maildir:/var/spool/mail/virtual/%d/%n >> >> For some domains only, I need to override that mail_location. >> >> >> Related to that, when user1 leave and user2 would like to receive >> user1's email, how can I get it so that email to user1 at example.com is >> delivered to user2 at example.com? Previously when I was using Postfix >> to deliver the mails, I could change the maildirloc in the DB - but >> I?m not sure how to accomplish this with dovecot LDA. >> >> > I'm using Postfixadmin to manage users and have server alias-domains. > All mail sent to an alias-domain is delivered to the other domain. > Quite easy if you've got postfixadmin already setup. > > Otherwise I think you could configure virtual_alias_maps in postfix to > something like hash:virtual_domains > > virtual_domains: > @example.net @example.com > > N. > > We deliver multiple multiple domains to the single user name of the domain. admin at NoJunk-Mail.com admin admin at emailsecurity.us admin admin at spam-zapper.com admin admin at abs-comptech.com admin admin at remote-pc-doc.com admin We use our Server Administrator tool to manage the mailboxes. Begin shameless plug: (Server Administrator - http://www.abs-comptech.com/serveradministrator.htm) end shameless plug -- Albert E. Whale, CHS CISA CISSP Senior Technology & Security Director *ABS Computer Technology, Inc. * 412-635-7488 ext 100 aewhale at ABS-CompTech.com www.ABS-CompTech.com -------------- next part -------------- A non-text attachment was scrubbed... Name: aewhale.vcf Type: text/x-vcard Size: 398 bytes Desc: not available URL: From simon.brereton at buongiorno.com Wed Aug 31 20:41:18 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Wed, 31 Aug 2011 13:41:18 -0400 Subject: [Dovecot] Multiple domains to one inbox and temporary redirects... In-Reply-To: <4E5E6446.1070406@bunbun.be> References: <007f01cc67f6$5622d1c0$02687540$@brereton@buongiorno.com> <4E5E6446.1070406@bunbun.be> Message-ID: <008601cc6805$313f77f0$93be67d0$@brereton@buongiorno.com> > -----Original Message----- > From: Nick Rosier [mailto:nick+dovecot at bunbun.be] > > Simon Brereton wrote: > > Hi > > > > Can anyone point me to a howto to arrange for multiple domains to > > deliver to one inbox with Dovecot? For example, user1 at example.com > and > > user1 at example.net should both be delivered to > > /var/spool/mail/virtual/example.net/user1 > > > > Currently, I have the dovecot LDA set as: > > > > dovecot unix - n n - - pipe > > flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f > > ${sender} -d ${user}@${nexthop} > > > > > > and in dovecot.conf: > > > > mail_location: maildir:/var/spool/mail/virtual/%d/%n > > > > For some domains only, I need to override that mail_location. > > > > > > Related to that, when user1 leave and user2 would like to receive > user1's email, how can I get it so that email to user1 at example.com is > delivered to user2 at example.com? Previously when I was using Postfix > to deliver the mails, I could change the maildirloc in the DB - but > I?m not sure how to accomplish this with dovecot LDA. > > > > > I'm using Postfixadmin to manage users and have server alias-domains. > All mail sent to an alias-domain is delivered to the other domain. > Quite easy if you've got postfixadmin already setup. > > Otherwise I think you could configure virtual_alias_maps in postfix > to something like hash:virtual_domains > > virtual_domains: > @example.net @example.com Cheers Nick Of course that will do it. Thanks. Simon From trever.adams at gmail.com Wed Aug 31 20:49:12 2011 From: trever.adams at gmail.com (Trever L. Adams) Date: Wed, 31 Aug 2011 11:49:12 -0600 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> <93D67517-EEA9-4E73-8484-A56D89149434@geneseo.edu> <4E5E4B48.3010209@yandex.ru> Message-ID: <4E5E7418.5010403@gmail.com> On 08/31/2011 10:30 AM, Nikolay Shopik wrote: > > Can you do kinit -k imap/imap/efim.test.local at ROMASHKA.LAN and then > klist, does it work for you? > > I do recommend tcpdump kerberos traffic between your client and > server, this is usually helps me much better then any logging, flow > easy to read in wireshark. > Under active directory, you cannot kinit as an SPN, only UPN (including MACHINE$ accounts). At least this is my experience. Trever -- "Selfishness is really self-destruction in slow motion." -? Elder Neal A. Maxwell - Ensign, May 1999, 23 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: From chris at nmedia.net Wed Aug 31 21:59:48 2011 From: chris at nmedia.net (Chris Cappuccio) Date: Wed, 31 Aug 2011 11:59:48 -0700 Subject: [Dovecot] Thunderbird caching problem Message-ID: <20110831185948.GG4353@ref.nmedia.net> Using a fairly simple dovecot config (which obviously needs some max limit tweaking) we have problems with IMAP synchronization between thunderbird clients. Two TB clients in the same IMAP mailbox will, from time to time, show different views of the same INBOX folders, when TB caching is enabled. The only fix is to right-click on the folder, go to "Properties" and use the "Repair Folder" option which repairs the local TB .msf cache file. Is there any server-side fix/workaround that would keep TB from regularly going out-of-sync ? This happens with TB3 and newer versions, in concert with either dovecot 1 or 2. The obvious fix is to disable TB local caching, which unfortunately also disables certain search features and can be a pain for large mailboxes. # dovecot -n # 2.0.13: /etc/dovecot/dovecot.conf doveconf: Warning: service auth { client_limit=4096 } is lower than required under max. load (7168) doveconf: Warning: service anvil { client_limit=2048 } is lower than required under max. load (3075) # OS: OpenBSD 5.0 amd64 ffs auth_default_realm = dovecot.org auth_mechanisms = plain digest-md5 cram-md5 apop auth_username_translation = :@ default_client_limit = 2048 default_internal_user = _dovecot default_login_user = _dovenull default_process_limit = 1024 disable_plaintext_auth = no first_valid_gid = 125 first_valid_uid = 125 mail_location = maildir:/mail/%d/%n/ managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mbox_write_locks = fcntl mmap_disable = yes passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_global_path = /etc/dovecot/default.sieve } protocols = imap pop3 lmtp sieve service auth { unix_listener auth-userdb { user = mail } } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } ssl_cert = References: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> Message-ID: Thanks, Timo. Technically, it's not a Maildir, but my plan is to re-create one with folders containing hard or symbolic links pointing to the real storage. Is it going to be a problem? On Wed, Aug 31, 2011 at 10:52 AM, Timo Sirainen wrote: > On 31.8.2011, at 17.24, Alex Cherniak wrote: > >> I have a large existing read-only collection of mails packaged in >> individual zip files as +. Is it >> possible (and how difficult) to create a proprietary plugin (like >> gzip) which will open a zip file, extract mail and pass it back to >> Dovecot? Where do I start? If plugin is not the right approach, what >> is? > > Is it otherwise a Maildir? If yes, you could base your code on the zlib plugin, or perhaps more easily you could use mail-filter plugin: http://dovecot.org/patches/2.0/mail-filter.tar.gz > > With mail-filter you can basically just put the messages through whatever program/script you want which gets the mail as input and outputs the wanted message body. I think the v2.0 mail-filter had some (potential?) bug, v2.1 mail-filter is anyway redesigned and should work perfectly. > >> Another question is how will this affect Dovecot performance and how >> to avoid any significant degradation. > > I doubt it's going to be a problem. > > From thomas-lists at nybeta.com Wed Aug 31 22:41:19 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Wed, 31 Aug 2011 15:41:19 -0400 Subject: [Dovecot] OT - small hd recommendation In-Reply-To: References: Message-ID: <4E5E8E5F.4050204@nybeta.com> On 8/30/2011 5:43 PM, Daniel L. Miller wrote: > A little OT - but I've seen a few opinions voiced here by various admins > and I'd like to benefit. RAID-10 is fine (note that the default mdadm RAID10 isn't actually RAID10, but it works well enough). RAID-6 won't be faster (and will probably be worse) although RAID-6 does do a bit better in a double-drive failure over RAID-10. The only way to get more performance out of (4) drives is to switch to 10k or 15k SAS (or SSDs). For more information - see the Linux RAID mailing list: http://vger.kernel.org/majordomo-info.html One problematic issue with consumer-grade SATA drives (which may or may not bite you) is that they will not time out on errors fast enough to keep mdadm happy. The "enterprise" grade drives are better about this (such as the ES.2 series), but for smaller arrays (6 drives or less) it's not as big of a deal. For bigger arrays, it's a definite issue, especially if you try and do RAID-6 over 8+ drives. If you're getting SMART errors, then it's time to swap the drives out. If mdadm is reporting sync errors or dropping drives from the array, then get your backups squared away ASAP before fiddling. My knee-jerk reaction when I hear 4-drive RAID-10 is that it has no hot-spare. Which means that as soon as 1 drive fails you're in dangerous territory (make sure it pages you automatically) since the array can't automatically repair. Make sure you can properly identify the drive that fails (via the serial numbers) and don't try a hot-swap. (Take a look at /dev/disk/by-id, /dev/disk/by-uuid, etc. Export a copy of that information on a daily/weekly basis off of the machine. In a software RAID environment, it gives you better information about which drive serial # failed rather then relying on lights.) Our mail server is 3-way RAID1 (triple mirror) for the OS and mail queue with a 5-disk RAID-10 (4+spare) for mail storage. From mcguire at neurotica.com Wed Aug 31 22:42:05 2011 From: mcguire at neurotica.com (Dave McGuire) Date: Wed, 31 Aug 2011 15:42:05 -0400 Subject: [Dovecot] Thunderbird caching problem In-Reply-To: <20110831185948.GG4353@ref.nmedia.net> References: <20110831185948.GG4353@ref.nmedia.net> Message-ID: <4E5E8E8D.3090406@neurotica.com> On 08/31/2011 02:59 PM, Chris Cappuccio wrote: > Using a fairly simple dovecot config (which obviously needs some max > limit tweaking) we have problems with IMAP synchronization between > thunderbird clients. > > Two TB clients in the same IMAP mailbox will, from time to time, show > different views of the same INBOX folders, when TB caching is > enabled. The only fix is to right-click on the folder, go to > "Properties" and use the "Repair Folder" option which repairs the > local TB .msf cache file. > > Is there any server-side fix/workaround that would keep TB from > regularly going out-of-sync ? This happens with TB3 and newer > versions, in concert with either dovecot 1 or 2. I ran into exactly this problem as well, it is infuriating. A workaround was discussed here awhile back. Sticking this in the "protocol imap" block of dovecot.conf solved the problem completely: imap_capability = IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDP LUS LIST-EXTENDED I18NLEVEL=1 ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS That should all be one line; watch for wrappage. -Dave -- Dave McGuire Port Charlotte, FL From chris at nmedia.net Wed Aug 31 22:49:53 2011 From: chris at nmedia.net (Chris Cappuccio) Date: Wed, 31 Aug 2011 12:49:53 -0700 Subject: [Dovecot] Thunderbird caching problem In-Reply-To: <4E5E8E8D.3090406@neurotica.com> References: <20110831185948.GG4353@ref.nmedia.net> <4E5E8E8D.3090406@neurotica.com> Message-ID: <20110831194953.GN4353@ref.nmedia.net> Dave McGuire [mcguire at neurotica.com] wrote: > On 08/31/2011 02:59 PM, Chris Cappuccio wrote: > >Using a fairly simple dovecot config (which obviously needs some max > >limit tweaking) we have problems with IMAP synchronization between > >thunderbird clients. > > > >Two TB clients in the same IMAP mailbox will, from time to time, show > >different views of the same INBOX folders, when TB caching is > >enabled. The only fix is to right-click on the folder, go to > >"Properties" and use the "Repair Folder" option which repairs the > >local TB .msf cache file. > > > >Is there any server-side fix/workaround that would keep TB from > >regularly going out-of-sync ? This happens with TB3 and newer > >versions, in concert with either dovecot 1 or 2. > > I ran into exactly this problem as well, it is infuriating. A > workaround was discussed here awhile back. Sticking this in the > "protocol imap" block of dovecot.conf solved the problem completely: > > imap_capability = IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID > ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS > MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDP > LUS LIST-EXTENDED I18NLEVEL=1 ESEARCH ESORT SEARCHRES WITHIN > CONTEXT=SEARCH LIST-STATUS > Interesting..How do I know that I really should be announcing all of these capabilities given my current dovecot version and config? With the config I posted, here's what I send out now * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Blahfart From nick+dovecot at bunbun.be Wed Aug 31 22:56:32 2011 From: nick+dovecot at bunbun.be (Nick Rosier) Date: Wed, 31 Aug 2011 21:56:32 +0200 Subject: [Dovecot] Thunderbird caching problem In-Reply-To: <20110831194953.GN4353@ref.nmedia.net> References: <20110831185948.GG4353@ref.nmedia.net> <4E5E8E8D.3090406@neurotica.com> <20110831194953.GN4353@ref.nmedia.net> Message-ID: <4E5E91F0.3020608@bunbun.be> Chris Cappuccio wrote: > Dave McGuire [mcguire at neurotica.com] wrote: >> On 08/31/2011 02:59 PM, Chris Cappuccio wrote: >>> Using a fairly simple dovecot config (which obviously needs some max >>> limit tweaking) we have problems with IMAP synchronization between >>> thunderbird clients. >>> >>> Two TB clients in the same IMAP mailbox will, from time to time, show >>> different views of the same INBOX folders, when TB caching is >>> enabled. The only fix is to right-click on the folder, go to >>> "Properties" and use the "Repair Folder" option which repairs the >>> local TB .msf cache file. >>> >>> Is there any server-side fix/workaround that would keep TB from >>> regularly going out-of-sync ? This happens with TB3 and newer >>> versions, in concert with either dovecot 1 or 2. >> I ran into exactly this problem as well, it is infuriating. A >> workaround was discussed here awhile back. Sticking this in the >> "protocol imap" block of dovecot.conf solved the problem completely: >> >> imap_capability = IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID >> ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS >> MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDP >> LUS LIST-EXTENDED I18NLEVEL=1 ESEARCH ESORT SEARCHRES WITHIN >> CONTEXT=SEARCH LIST-STATUS >> > > Interesting..How do I know that I really should be announcing all of these capabilities given my current dovecot version and config? > > With the config I posted, here's what I send out now > > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Blahfart > This is before login, you need to verify after login. Dovecot changes the capabilities it advertises after login. Remove CONDSTORE and QRESYNC; the CONDSTORE is the one messing it up for you. QRESYNC also implies CONDSTORE so you need to disable this one as well. N. From kgc at corp.sonic.net Wed Aug 31 23:13:27 2011 From: kgc at corp.sonic.net (Kelsey Cummings) Date: Wed, 31 Aug 2011 13:13:27 -0700 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4E2340.4010001@hardwarefreak.com> References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4E2340.4010001@hardwarefreak.com> Message-ID: <20110831201327.GR5381@corp.sonic.net> On Fri, Aug 19, 2011 at 03:48:00AM -0500, Stan Hoeppner wrote: > On 8/17/2011 9:42 AM, Adrian Ulrich wrote: > >> I read that XFS is a good choice, but is not > >> too reliable... > > > > Are you using Maildir or MBOX? > > > > In any case: XFS would be my last choice: > > > > XFS is nice if you are working with large files (> 2GB), but > > for E-Mail i'd stick with ext3 (or maybe even reiser3) > > as it works very well with small files. > > XFS was designed for parallelism, whether with large files or small, ... Anyone been using ZFS on FreeBSD for mail spool storage? -- Kelsey Cummings - kgc at corp.sonic.net sonic.net, inc. System Architect 2260 Apollo Way 707.522.1000 Santa Rosa, CA 95407 From nick+dovecot at bunbun.be Wed Aug 31 23:27:14 2011 From: nick+dovecot at bunbun.be (Nick Rosier) Date: Wed, 31 Aug 2011 22:27:14 +0200 Subject: [Dovecot] mail spool filesystem In-Reply-To: <20110831201327.GR5381@corp.sonic.net> References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4E2340.4010001@hardwarefreak.com> <20110831201327.GR5381@corp.sonic.net> Message-ID: <4E5E9922.8000309@bunbun.be> Kelsey Cummings wrote: > On Fri, Aug 19, 2011 at 03:48:00AM -0500, Stan Hoeppner wrote: >> On 8/17/2011 9:42 AM, Adrian Ulrich wrote: >>>> I read that XFS is a good choice, but is not >>>> too reliable... >>> Are you using Maildir or MBOX? >>> >>> In any case: XFS would be my last choice: >>> >>> XFS is nice if you are working with large files (> 2GB), but >>> for E-Mail i'd stick with ext3 (or maybe even reiser3) >>> as it works very well with small files. >> XFS was designed for parallelism, whether with large files or small, > ... > > Anyone been using ZFS on FreeBSD for mail spool storage? > I'm using ZFS on FreeBSD 8.2. But to be honest, this is a personal/private mail-system with limited mailboxes. I really like the snapshots in ZFS. Every night I make a snapshot which I send to another server for backup. Every hour I make a new snapshot from which I send the incremental to the backup-server. That way if the worst happens I will only loose 1 hour of mail. ZFS was built for data integrity, not speed so if it's speed you are looking for this might not be the fastest but maybe fast enough. N. From jgunthorpe at obsidianresearch.com Wed Aug 31 23:39:56 2011 From: jgunthorpe at obsidianresearch.com (Jason Gunthorpe) Date: Wed, 31 Aug 2011 14:39:56 -0600 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5E5332.3060006@gmail.com> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> <4E5E5332.3060006@gmail.com> Message-ID: <20110831203956.GC30654@obsidianresearch.com> On Wed, Aug 31, 2011 at 09:28:50AM -0600, Trever L. Adams wrote: > I have only followed part of this. It the original poster's problem is > that the LDAP database is not being able to be accessed with an SPN > ticket, this is because SPNs are not allowed to log in in AD. You need > to use a user account (including MACHINE$ accounts). It took me forever > to figure this out. To use this, you need a cron job that creates/renews > tickets from time to time for the user/machine account. Then you use > Dovecot's environment setup configuration to set the KRB5_CC (or > whatever it is called, my head is elsewhere) env variable to that > Kerberos ticket cache that was created in the cronjob. This cache needs > to be readable by dovecot and should be owned by its user. This all works a 1000% better if you use Samba to join the domain and create your keytab with the right SPNs. See my prior posts to this list for a formula. Using the MS kerberos compatability tools is painful, complicated and tends to make a mess. Samba will create a machine UPN and populate the system keytab appropriately. From a cron job you can use 'kinit -k' to maintain an active ticket for the machine UPN which dovecot can use for LDAP operations. Jason From rick at havokmon.com Wed Aug 31 23:43:43 2011 From: rick at havokmon.com (Rick Romero) Date: Wed, 31 Aug 2011 15:43:43 -0500 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E5E9922.8000309@bunbun.be> References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4E2340.4010001@hardwarefreak.com> <20110831201327.GR5381@corp.sonic.net> <4E5E9922.8000309@bunbun.be> Message-ID: <20110831154343.Horde.WdE2Em2tkQ9OXpz-qxFBR7g@beta.vfemail.net> Quoting Nick Rosier : > Kelsey Cummings wrote: >> On Fri, Aug 19, 2011 at 03:48:00AM -0500, Stan Hoeppner wrote: >>> On 8/17/2011 9:42 AM, Adrian Ulrich wrote: >>>>> I read that XFS is a good choice, but is not >>>>> too reliable... >>>> Are you using Maildir or MBOX? >>>> >>>> In any case: XFS would be my last choice: >>>> >>>> XFS is nice if you are working with large files (> 2GB), but >>>> for E-Mail i'd stick with ext3 (or maybe even reiser3) >>>> as it works very well with small files. >>> XFS was designed for parallelism, whether with large files or small, >> ... >> >> Anyone been using ZFS on FreeBSD for mail spool storage? >> > I'm using ZFS on FreeBSD 8.2. But to be honest, this is a > personal/private mail-system with limited mailboxes. I really like > the snapshots in ZFS. Every night I make a snapshot which I send to > another server for backup. Every hour I make a new snapshot from > which I send the incremental to the backup-server. That way if the > worst happens I will only loose 1 hour of mail. > > ZFS was built for data integrity, not speed so if it's speed you are > looking for this might not be the fastest but maybe fast enough. I just migrated to FreeBSD 8.2 ZFS (6 drive u320 raidz + 16GB mirrored SSD ZIL) from OpenSolaris ZFS (10 drive sata raidz10). About 4k daily users. The new setup feels a little faster than the old, but honestly the old ran just fine under normal load. One of the things that pushed the migration was really more CPU for Thunderbird clients using compression, which caused a noticeable delay. Ditto on the snapshots. Rick From kwebb at teradactyl.com Wed Aug 31 23:48:54 2011 From: kwebb at teradactyl.com (Kristen J. Webb) Date: Wed, 31 Aug 2011 14:48:54 -0600 Subject: [Dovecot] thunderbird and subscriptions with sieve Message-ID: <4E5E9E36.8020904@teradactyl.com> Hi All, I'm a newbie trying to move mail out of my ISP onto a ubuntu (lucid) dovecot 1.2.9 server. Is there any way to automatically add folders created by sieve (GNU Mailutils 2.1) to the subscriptions file for a user? I'm currently testing spam, and if sieve created the folder with the first message, the thunderbird user does not see the new folder. Even more interesting, if the user then tries to create the Spam directory it thunderbird seems to quietly ignore the request and the user still cannot see the folder, but I digress... I can manually subscribe with thunderbird, but this won't scale for more complex sieve later by making the user responsible for finding everything. I can turn off subscription view in advanced settings on thunderbird, but we are trying to wean ourselves of of individual mail clients and I don't want to have to test this everywhere. Many thanks in advance! Kris -- Mr. Kristen J. Webb Teradactyl LLC. PHONE: 1-505-242-1091 EMAIL: kwebb at teradactyl.com VISIT: http://www.teradactyl.com Home of the True incremental Backup System From dovecot.user at seibercom.net Wed Aug 31 23:58:36 2011 From: dovecot.user at seibercom.net (Jerry) Date: Wed, 31 Aug 2011 16:58:36 -0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <20110831203956.GC30654@obsidianresearch.com> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> <4E5E5332.3060006@gmail.com> <20110831203956.GC30654@obsidianresearch.com> Message-ID: <20110831165836.7bd29871@scorpio> On Wed, 31 Aug 2011 14:39:56 -0600 Jason Gunthorpe articulated: > On Wed, Aug 31, 2011 at 09:28:50AM -0600, Trever L. Adams wrote: > > > I have only followed part of this. It the original poster's problem > > is that the LDAP database is not being able to be accessed with an > > SPN ticket, this is because SPNs are not allowed to log in in AD. > > You need to use a user account (including MACHINE$ accounts). It > > took me forever to figure this out. To use this, you need a cron > > job that creates/renews tickets from time to time for the > > user/machine account. Then you use Dovecot's environment setup > > configuration to set the KRB5_CC (or whatever it is called, my head > > is elsewhere) env variable to that Kerberos ticket cache that was > > created in the cronjob. This cache needs to be readable by dovecot > > and should be owned by its user. > > This all works a 1000% better if you use Samba to join the domain and > create your keytab with the right SPNs. See my prior posts to this > list for a formula. Using the MS kerberos compatability tools is > painful, complicated and tends to make a mess. > > Samba will create a machine UPN and populate the system keytab > appropriately. From a cron job you can use 'kinit -k' to maintain an > active ticket for the machine UPN which dovecot can use for LDAP > operations. I just got this link from a friend who uses Kerberos on several systems. I have no idea if it will work or help you or not. -- Jerry ? Dovecot.user at seibercom.net Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ Everlasting peace will come to the world when the last man has slain the last but one. Adolf Hitler From thomas-lists at nybeta.com Mon Aug 1 04:53:31 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Sun, 31 Jul 2011 21:53:31 -0400 Subject: [Dovecot] Dovecot Backup In-Reply-To: References: Message-ID: <4E36071B.4080600@nybeta.com> On 7/31/2011 8:02 AM, spamvoll at googlemail.com wrote: > Hi.. > > are there any proofen Methods to backup all mail ? > > shutting down dovecot and tar the hole dir? > using rsnapshot? > > any hints / thoughts > > im running dovecot2 on freebsd We use rdiff-backup to another machine on the same network (for Maildir accounts). (Also talked about last month in the "Performance with 200k messages in Maildir" thread.) From noel.butler at ausics.net Mon Aug 1 08:22:32 2011 From: noel.butler at ausics.net (Noel Butler) Date: Mon, 01 Aug 2011 15:22:32 +1000 Subject: [Dovecot] Dovecot Backup In-Reply-To: References: Message-ID: <1312176152.17809.28.camel@tardis> On Sun, 2011-07-31 at 14:02 +0200, spamvoll at googlemail.com wrote: > Hi.. > > are there any proofen Methods to backup all mail ? > > shutting down dovecot and tar the hole dir? > using rsnapshot? > > any hints / thoughts > > im running dovecot2 on freebsd > I assume it's only a single stand alone server, with system passwd a/c's? It also depends on the type of use. Generally tar or rsync would be fine for that. A word of advice if using tar, do not use tar cvf"z" ... do cvf first, then use gzip in a second process pass, it is easier to recover from a corrupted file this way. But as your setup and/or requirements expand, so does your options. Even if you use a dedicated backend, like NetApp, dont rely solely on snapshots, use backup features as well. Depending on how important the mail is, doing a rolling 7 day rsync or tar might be required as well more than once a week. Do not rely on a single nightly rsync, if someone deletes that important message on Friday, and comes crying to you on Monday, it's tuff luck, in a corporate world that's unacceptable, in some countries it even contravenes commercial law acts. Often over looked is the god file.. you know, the one that decides who gets mail, be it passwd file or database. If your userbase is pretty much static, back it up daily, again on a rolling 7 days. if userbase changes often (eg: hosting), back it up hourly, and do a rolling backup every hour over 7 days, that's what we do, we also once a week back up those files by tar, they are kept indefinitely (read as: until my once a year clean out), but we do not do that for mail for privacy reasons, only 7 days then its gone for good. Best to have too many backup files, than not have a good one at all. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From hostmaster at taunusstein.net Mon Aug 1 11:26:42 2011 From: hostmaster at taunusstein.net (Christian Felsing) Date: Mon, 01 Aug 2011 10:26:42 +0200 Subject: [Dovecot] Update 2.0.12 -> 2.0.13 is broken Message-ID: <4E366342.8080708@taunusstein.net> Hello, today I tried to update 2.0.12 to 2.0.13, but I got those messages, only: Aug 1 10:20:27 mail dovecot: master: Dovecot v2.0.13 starting up (core dumps disabled) Aug 1 10:20:33 mail dovecot: imap-login: Login: user=<***@***.**>, method=PLAIN, rip=192.168.1.99, lip=192.168.1.1 , mpid=5123, TLS Aug 1 10:20:33 mail dovecot: imap-postlogin: Error: script-login: Error: user ***@***.**: Error reading configurati on: net_connect_unix(/opt/dovecot-2.0.13/var/run/dovecot/config) failed: Permission denied Aug 1 10:20:33 mail dovecot: imap-postlogin: Error: script-login: Fatal: Internal error occurred. Refer to server log for more info rmation. Aug 1 10:20:33 mail dovecot: log: Error: service(imap-postlogin): child 5124 returned error 89 (Fatal failure) What has happened ? Christian From jeff.vanepps at gmail.com Mon Aug 1 15:59:48 2011 From: jeff.vanepps at gmail.com (Jeff Van Epps) Date: Mon, 1 Aug 2011 08:59:48 -0400 Subject: [Dovecot] Clients can't retrieve new emails Message-ID: In a formerly working environment suddenly clients aren't notified of new emails and can't retrieve new emails. Server is Ubuntu 11.04 dovecot 1.2.15. Clients which fail are a Pre2 webOS 2.1 and TouchPad webOS 3.0 (those are OS versions, I don't know which particular flavor/version the IMAP clients are); there is also a Thunderbird 3.1.11 client on the same system as the server which works properly. The clients never report an error. I got as far as configuring rawlog: in: ~A2 NAMESPACE ~A3 SELECT "INBOX" ~A4 LIST "" * ~A5 UID STORE 0 +FLAGS.SILENT (\Seen) ~A6 UID STORE 0 +FLAGS.SILENT (\Seen) out: * OK [RAWLOG TIMESTAMP] 2011-08-01 08:28:33 ~A1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in * NAMESPACE (("" "/")) NIL NIL ~A2 OK Namespace completed. * FLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk Junk) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk Junk \*)] Flags permitted. * 101 EXISTS * 0 RECENT * OK [UNSEEN 63] First unseen. * OK [UIDVALIDITY 1222650706] UIDs valid * OK [UIDNEXT 863] Predicted next UID * OK [HIGHESTMODSEQ 1903] Highest ~A3 OK [READ-WRITE] Select completed. * LIST (\NoInferiors \UnMarked) "/" "Trash" * LIST (\NoInferiors \UnMarked) "/" "Sent" * LIST (\NoInferiors \UnMarked) "/" "INBOX" ~A4 OK List completed. ~A5 BAD Error in IMAP command UID STORE: Invalid uidset ~A6 BAD Error in IMAP command UID STORE: Invalid uidset I've searched and read messages saying that there is no such thing as UID 0. Okay. Why are the clients suddenly trying to use it? Why doesn't the server just ignore it? (it seems like it may be terminating the connection) What can I do about it? (I'll nag HP about the client side but I don't expect quick action. The server on the other hand is in my house.) dovecot -n output: # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.38-11-generic i686 Ubuntu 11.04 log_timestamp: %Y-%m-%d %H:%M:%S ssl_cert_file: /etc/ssl/certs/lordbah.com.crt ssl_key_file: /etc/ssl/private/lordbah.com.key ssl_key_password: --redacted-- disable_plaintext_auth: no verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login login_process_per_connection: no login_processes_count: 5 login_max_processes_count: 20 verbose_proctitle: yes mail_privileged_group: mail mail_location: mbox:~*/mail:INBOX=/var/mail/*%u mail_debug: yes mbox_write_locks: fcntl dotlock mail_executable: /usr/lib/dovecot/rawlog /usr/lib/dovecot/imap imap_client_workarounds: tb-extra-mailbox-sep auth default: verbose: yes debug: yes passdb: driver: pam userdb: driver: passwd -- Jeff Van Epps From me at junc.org Mon Aug 1 16:58:31 2011 From: me at junc.org (Benny Pedersen) Date: Mon, 01 Aug 2011 15:58:31 +0200 Subject: [Dovecot] Dovecot Backup In-Reply-To: References: Message-ID: <45f276a7f07fc1453ef521a09ad56962@junc.org> On Sun, 31 Jul 2011 14:02:57 +0200, spamvoll at googlemail.com wrote: > shutting down dovecot and tar the hole dir? > using rsnapshot? imapsync > im running dovecot2 on freebsd dsync have just used imapsync it needs one user and a user-backup login to work From thomas-lists at nybeta.com Mon Aug 1 17:45:41 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Mon, 01 Aug 2011 10:45:41 -0400 Subject: [Dovecot] dovecot-config file location on CentOS5 / RHEL5? Message-ID: <4E36BC15.6040601@nybeta.com> Using the pre-built RPM from ATRPMs. Where does the dovecot-config file get generated? Is there a flag in a config file that controls whether it gets created? Installed Packages Name : dovecot Arch : x86_64 Epoch : 1 Version : 2.0.13 Release : 1_129.el5 Size : 5.1 M Repo : installed Summary : Dovecot Secure imap server URL : http://www.dovecot.org/ License : MIT Do I have to install Dovecot from source in order to also use the Pigeonhole plug-in? From wgillespie+dovecot at es2eng.com Mon Aug 1 17:47:36 2011 From: wgillespie+dovecot at es2eng.com (Willie Gillespie) Date: Mon, 01 Aug 2011 08:47:36 -0600 Subject: [Dovecot] Update 2.0.12 -> 2.0.13 is broken In-Reply-To: <4E366342.8080708@taunusstein.net> References: <4E366342.8080708@taunusstein.net> Message-ID: <4E36BC88.4070603@es2eng.com> On 08/01/2011 02:26 AM, Christian Felsing wrote: > Hello, > > today I tried to update 2.0.12 to 2.0.13, but I got those messages, only: > > Aug 1 10:20:27 mail dovecot: master: Dovecot v2.0.13 starting up (core dumps disabled) > Aug 1 10:20:33 mail dovecot: imap-login: Login: user=<***@***.**>, method=PLAIN, rip=192.168.1.99, lip=192.168.1.1 > , mpid=5123, TLS > Aug 1 10:20:33 mail dovecot: imap-postlogin: Error: script-login: Error: user ***@***.**: Error reading configurati > on: net_connect_unix(/opt/dovecot-2.0.13/var/run/dovecot/config) failed: Permission denied > Aug 1 10:20:33 mail dovecot: imap-postlogin: Error: script-login: Fatal: Internal error occurred. Refer to server log for more info > rmation. > Aug 1 10:20:33 mail dovecot: log: Error: service(imap-postlogin): child 5124 returned error 89 (Fatal failure) > > What has happened ? Error reading configuration: net_connect_unix(/opt/dovecot-2.0.13/var/run/dovecot/config) failed: Permission denied Looks like permission is denied to this file. From sebastian.schlingmann at web.de Mon Aug 1 10:09:05 2011 From: sebastian.schlingmann at web.de (Sebastian Schlingmann) Date: Mon, 1 Aug 2011 09:09:05 +0200 Subject: [Dovecot] Dovecot and pigeonhole: mail not filtered Message-ID: <20110801090905.6e12077b@web.de> Hi everyone, I am running dovecot for quite some time now (currently version 2.0.13). Recently I tried to get Sieve and Managesieve to run. For this purpose I installed pigeonhole 0.2.3 and added sieve to the mail_plugins for lmtp and to the protocols. I also copied the sample 90-sieve.conf and 20-managesieve.conf into my /etc/dovecot/conf.d/ directory. In 90-sieve.conf I uncommented the sieve and sieve_dir options and set them to my desired values. After a restart of dovecot I was able to use my webmailer to add sieve scripts via the managesieve protocol. However the sieve scripts do not trigger. Is there any way to test if sieve is even executed when a mail arrives? mail_debug did not give me any relevant information. BTW: I checked my sieve script with the sieve-test command and it would execute the right action (move a mail into a directory). Bye Sebastian From frank at moltke28.B.Shuttle.DE Mon Aug 1 18:08:35 2011 From: frank at moltke28.B.Shuttle.DE (Frank Elsner) Date: Mon, 1 Aug 2011 17:08:35 +0200 Subject: [Dovecot] Update 2.0.12 -> 2.0.13 is broken In-Reply-To: <4E36BC88.4070603@es2eng.com> References: <4E366342.8080708@taunusstein.net> <4E36BC88.4070603@es2eng.com> Message-ID: (auto-added) On Mon, 01 Aug 2011 08:47:36 -0600 Willie Gillespie wrote: > On 08/01/2011 02:26 AM, Christian Felsing wrote: > > Hello, > > > > today I tried to update 2.0.12 to 2.0.13, but I got those messages, only: > > > > Aug 1 10:20:27 mail dovecot: master: Dovecot v2.0.13 starting up (core dumps disabled) > > Aug 1 10:20:33 mail dovecot: imap-login: Login: user=<***@***.**>, method=PLAIN, rip=192.168.1.99, lip=192.168.1.1 > > , mpid=5123, TLS > > Aug 1 10:20:33 mail dovecot: imap-postlogin: Error: script-login: Error: user ***@***.**: Error reading configurati > > on: net_connect_unix(/opt/dovecot-2.0.13/var/run/dovecot/config) failed: Permission denied > > Aug 1 10:20:33 mail dovecot: imap-postlogin: Error: script-login: Fatal: Internal error occurred. Refer to server log for more info > > rmation. > > Aug 1 10:20:33 mail dovecot: log: Error: service(imap-postlogin): child 5124 returned error 89 (Fatal failure) > > > > What has happened ? > > Error reading configuration: > net_connect_unix(/opt/dovecot-2.0.13/var/run/dovecot/config) failed: > Permission denied > > Looks like permission is denied to this file. I had the same problem. You may want to read the thread "Re: [Dovecot] v2.0.13 released" starting Wed, 11 May 2011 21:03:07 +0200 with Message-Id: --Frank Elsner From warden at geneseo.edu Mon Aug 1 18:33:30 2011 From: warden at geneseo.edu (David Warden) Date: Mon, 1 Aug 2011 11:33:30 -0400 Subject: [Dovecot] dovecot-config file location on CentOS5 / RHEL5? In-Reply-To: <4E36BC15.6040601@nybeta.com> References: <4E36BC15.6040601@nybeta.com> Message-ID: <5D642AD8-C651-433A-A920-DAED8FAE7EA0@geneseo.edu> On Aug 1, 2011, at 10:45 AM, Thomas Harold wrote: > Using the pre-built RPM from ATRPMs. Where does the dovecot-config file get generated? Is there a flag in a config file that controls whether it gets created? > > Installed Packages > Name : dovecot > Arch : x86_64 > Epoch : 1 > Version : 2.0.13 > Release : 1_129.el5 > Size : 5.1 M > Repo : installed > Summary : Dovecot Secure imap server > URL : http://www.dovecot.org/ > License : MIT > > Do I have to install Dovecot from source in order to also use the Pigeonhole plug-in? I'm pretty sure I'm using that RPM and you only get dovecot-config as part of dovecot-devel, which you will need to compile Pigeonhole. For me it is /usr/lib64/dovecot/dovecot-config. -David Warden From stephan at rename-it.nl Mon Aug 1 18:50:47 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 01 Aug 2011 17:50:47 +0200 Subject: [Dovecot] Dovecot and pigeonhole: mail not filtered In-Reply-To: <20110801090905.6e12077b@web.de> References: <20110801090905.6e12077b@web.de> Message-ID: <4E36CB57.3080705@rename-it.nl> Op 1-8-2011 9:09, Sebastian Schlingmann schreef: > Hi everyone, > > I am running dovecot for quite some time now (currently version 2.0.13). > Recently I tried to get Sieve and Managesieve to run. For this purpose > I installed pigeonhole 0.2.3 and added sieve to the mail_plugins for > lmtp and to the protocols. I also copied the sample 90-sieve.conf and > 20-managesieve.conf into my /etc/dovecot/conf.d/ directory. In > 90-sieve.conf I uncommented the sieve and sieve_dir options and set > them to my desired values. > > After a restart of dovecot I was able to use my webmailer to add sieve > scripts via the managesieve protocol. However the sieve scripts do not > trigger. > Is there any way to test if sieve is even executed when a mail arrives? > mail_debug did not give me any relevant information. > > BTW: I checked my sieve script with the sieve-test command and it would > execute the right action (move a mail into a directory). Are you actually using the Dovecot LDA or the LMTP service? Enabling the plugin is not enough. Your MTA (Postfix, Exim, etc) needs to use LDA or LMTP for local delivery. This is usually not the default. For LDA you can check this wiki page: http://wiki2.dovecot.org/LDA and the sub-page relevant to your MTA. Alternatively, you can use LTMP. For enabling LTMP in your particular MTA, you need to check its documentation. For the Dovecot side of LTMP you can check http://wiki2.dovecot.org/LMTP. Regards, Stephan. From thomas-lists at nybeta.com Mon Aug 1 19:45:15 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Mon, 01 Aug 2011 12:45:15 -0400 Subject: [Dovecot] dovecot-config file location on CentOS5 / RHEL5? In-Reply-To: <5D642AD8-C651-433A-A920-DAED8FAE7EA0@geneseo.edu> References: <4E36BC15.6040601@nybeta.com> <5D642AD8-C651-433A-A920-DAED8FAE7EA0@geneseo.edu> Message-ID: <4E36D81B.4040808@nybeta.com> On 8/1/2011 11:33 AM, David Warden wrote: > On Aug 1, 2011, at 10:45 AM, Thomas Harold wrote: > >> Using the pre-built RPM from ATRPMs. Where does the dovecot-config >> file get generated? Is there a flag in a config file that controls >> whether it gets created? >> >> Do I have to install Dovecot from source in order to also use the >> Pigeonhole plug-in? > > I'm pretty sure I'm using that RPM and you only get dovecot-config as > part of dovecot-devel, which you will need to compile Pigeonhole. For > me it is /usr/lib64/dovecot/dovecot-config. > > -David Warden Thanks. That was it, I did not have dovecot-devel installed from ATRPMs-Extras. I still had to tell ./configure where to find it though. ./configure --with-dovecot=/usr/lib64/dovecot/ (Which is good, because I was having trouble telling the dovecot source code config where to find the postgreSQL development packages for 9.0. PGSQL support is already compiled into the ATRPM build so I'm glad that I can just use that.) From thomas-lists at nybeta.com Mon Aug 1 21:22:15 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Mon, 01 Aug 2011 14:22:15 -0400 Subject: [Dovecot] Redelivery of messages in Maildir through sieve to be re-sorted Message-ID: <4E36EED7.40707@nybeta.com> http://wiki2.dovecot.org/HowTo/RefilterMail That solution looks great for a single user, but is it possible to do a larger version that runs for everyone on the server? I'm speaking specifically of a virtual setup where all mailboxes are owned by a common UID/GID. It seems like (with brief testing) that I could search for mail inside of a "Refilter" folder, like /var/vmail/domain.ext/username/Maildir/.Refilter/{cur|new}, and shove that through dovecot-lda. I would just need to put the username/domain.ext back together in the format of username at domain.ext. /usr/libexec/dovecot/dovecot-lda -e -d username at domain.ext -p (path to message) If dovecot-lda doesn't throw an error, then I could delete the message from the "Refilter" folder and move onto the next message. Or does Dovecot get horribly confused when messages vanish out of the "cur" folder? From thomas-lists at nybeta.com Mon Aug 1 23:11:32 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Mon, 01 Aug 2011 16:11:32 -0400 Subject: [Dovecot] sievec - manual compile of global sieve scripts? Message-ID: <4E370874.1080408@nybeta.com> How do you compile global scripts using the sievec command without making the script directory owned (and group writable) by the vmail user? http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage # cd /etc/dovecot/sieve/before/ # (edit some script like spam.sieve that runs for everyone) # /usr/local/bin/sievec spam.sieve spam.svbin sievec(root): Error: sieve: binary save: failed to create temporary file: open(spam.svbin.hostname.26921.) in directory /etc/dovecot/sieve/before failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: /etc/dovecot/sieve/before, euid is not dir owner) # ls -la /etc/dovecot/sieve/before/ drwxrwxr-x 2 root root 4096 Aug 1 15:56 . drwxr-xr-x 5 root root 4096 Aug 1 13:23 .. -rw-rw-r-- 1 root root 477 Aug 1 15:33 spam.sieve Or do I just make the /etc/dovecot/sieve/ tree owned and writable by the vmail:vmail user? (Which worked, but seems like a bad idea.) Output of dovecot -n # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-274.el5 x86_64 Red Hat Enterprise Linux Server release 5.7 (Tikanga) auth_verbose_passwords = sha1 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = 127.0.0.1, 1.2.3.4 mail_gid = vmail mail_home = /var/vmail/%d/%n mail_location = maildir:~/Maildir mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mbox_write_locks = fcntl passdb { args = /etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } plugin { sieve = ~/.dovecot.sieve sieve_after = /etc/dovecot/sieve/after/ sieve_before = /etc/dovecot/sieve/before/ sieve_dir = ~/sieve sieve_global_dir = /etc/dovecot/sieve/globalinclude/ } protocols = imap pop3 lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } unix_listener auth-userdb { group = vmail user = vmail } } service imap-login { process_min_avail = 5 } service pop3-login { inet_listener pop3 { address = 1.2.3.4 } inet_listener pop3s { address = 1.2.3.4 } } ssl = required ssl_cert = Hello, I am not having much luck on this particular issue so I wanted to make sure that this is registered as a potential bug. The essence of the problem is that for a given message addressed to multiple users, lmtp writes the message correctly to the first addressed user only, then subsequent user writes fail as the lmtp process doesn't run with the proper permissions and tries to link files from different users as part of its message writing. Below you can see that lmtp (running with steve's id, who was the first listed recipient) is trying to link a file in jerry's inbox meeting with failure: Jul 27 11:24:42 testmailserver dovecot: lmtp(12412, steve): Error: link(/spool/mail/j/jerry/mail/INBOX/u.20423, /spool/mail/s/steve/mail/INBOX/.temp.1311791081.P12412Q2M989550.testmailserver.) failed: Permission denied Jul 27 11:24:42 testmailserver dovecot: lmtp(12412, steve): +1IXBeVXME58MAAARoVNxQ: msgid <201107271824.p6RIOPa5020900 at backup.>: save failed to INBOX: Internal error occurred. Refer to server log for more information. [2011-07-27 11:24:41] Best regards, -Boris I am using version 2.0.13. dovecot -n shows this: # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-71.29.1.el6.i686 i686 CentOS Linux release 6.0 (Final) ext4 auth_debug = yes auth_master_user_separator = * auth_verbose = yes auth_verbose_passwords = plain lda_mailbox_autocreate = yes mail_debug = yes mail_location = sdbox:/spool/mail/%1Ln/%Ln/mail:INBOX=/spool/mail/%1Ln/%Ln/mail/INBOX mbox_write_locks = fcntl passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes } passdb { args = failure_show_msg=yes driver = pam } plugin { autocreate = INBOX autosubscribe = INBOX } service lmtp { inet_listener ltmp { port = 24 } } ssl_cert = What are the best web interfaces for user/domain management, perhaps one that also allows individual users to edit vacation msgs? Right now I'm using a postfixadmin based mysql control panel. Curious what is the better stuff out there that people are using with dovecot/sieve these days? Are there any decent front-ends to setup/manage per-user sieve filters? From stephan at rename-it.nl Tue Aug 2 03:43:06 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 02 Aug 2011 02:43:06 +0200 Subject: [Dovecot] sievec - manual compile of global sieve scripts? In-Reply-To: <4E370874.1080408@nybeta.com> References: <4E370874.1080408@nybeta.com> Message-ID: <4E37481A.1020703@rename-it.nl> On 8/1/2011 10:11 PM, Thomas Harold wrote: > How do you compile global scripts using the sievec command without > making the script directory owned (and group writable) by the vmail user? > > http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage > > # cd /etc/dovecot/sieve/before/ > # (edit some script like spam.sieve that runs for everyone) > # /usr/local/bin/sievec spam.sieve spam.svbin > > sievec(root): Error: sieve: binary save: failed to create temporary > file: open(spam.svbin.hostname.26921.) in directory > /etc/dovecot/sieve/before failed: Permission denied (euid=5000(vmail) > egid=5000(vmail) missing +w perm: /etc/dovecot/sieve/before, euid is > not dir owner) Why are you executing sievec as vmail in the first place? You should be able to run it as root or any other user you use to manage global sieve scripts. > # ls -la /etc/dovecot/sieve/before/ > drwxrwxr-x 2 root root 4096 Aug 1 15:56 . > drwxr-xr-x 5 root root 4096 Aug 1 13:23 .. > -rw-rw-r-- 1 root root 477 Aug 1 15:33 spam.sieve > > Or do I just make the /etc/dovecot/sieve/ tree owned and writable by > the vmail:vmail user? (Which worked, but seems like a bad idea.) It is a bad idea. Vmail would only need read access. Regards, Stephan From stephan at rename-it.nl Tue Aug 2 04:01:35 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 02 Aug 2011 03:01:35 +0200 Subject: [Dovecot] web interface for user creation/vacation In-Reply-To: <20110801235518.GC13616@ref.nmedia.net> References: <20110801235518.GC13616@ref.nmedia.net> Message-ID: <4E374C6F.2010304@rename-it.nl> On 8/2/2011 1:55 AM, Chris Cappuccio wrote: > Are there any decent front-ends to setup/manage per-user sieve filters? There are several, but so far I am not too impressed by any of them. Most web-based versions are part of a webmail suite. The nicest one I've seen so far is the sieverules plugin for Roundcube. Then there is horde/ingo, which wasn't that fancy last time I looked. There is also squirrelmail/avelsieve, which is a bit ugly in a technical point of view, but it works quite well. There are older ones like smartsieve and websieve, but those are not maintained anymore and not compatible with Dovecot without patching them. I'm hoping that someone writes a proper (native) PHP module for Sieve parsing in the near future. This is something that is currently barely done by web interfaces, with the effect that only one Sieve client can be used at the same time, because competitive clients will overwrite/mangle scripts of others, instead of trying to parse and adjust them. In fact, the only client I know (including the desktop ones) that somewhat parses the script on the server is the sieverules plugin for Roundcube.Therefore such a PHP module solves only part of the problem: web interfaces. Normal mail clients like Thunderbird, Outlook and Evolution don't have (proper) support for Sieve either, let alone script parsing functionality with a user-friendly GUI :/ Perhaps we should make a list of the available clients on the wiki somewhere with some information on how well these work with Dovecot. There is a short list at http://sieve.info/clients. Regards, Stephan. From fumiyas at osstech.jp Tue Aug 2 05:25:49 2011 From: fumiyas at osstech.jp (SATOH Fumiyasu) Date: Tue, 02 Aug 2011 11:25:49 +0900 Subject: [Dovecot] [PATCH] net_connect_*(): Wait for fd to complete connect(2) when fd is non-blocking In-Reply-To: <87y5zf2ekl.wl%fumiyas@osstech.jp> References: <87zkjv3eml.wl%fumiyas@osstech.jp> <87y5zf2ekl.wl%fumiyas@osstech.jp> Message-ID: <87livcr1le.wl%fumiyas@osstech.jp> Hi! At Sun, 31 Jul 2011 14:40:10 +0900, SATOH Fumiyasu wrote: > I've regenerated the patch with 'hg export' instead of 'hg log -p'. > (Sorry, I'm a Mercurial newbie.) > > At Sun, 31 Jul 2011 01:41:22 +0900, > SATOH Fumiyasu wrote: > > Dovecot ignores EINPROGRESS on connect(2) for non-blocking fd. > > This is wrong. After that, read(2) to fd (or write(2) to fd) fails > > with ENOTCONN if the connection of fd is not completed. > > > > The attached patch fixes this problem. Any comment? On a high-load Solaris 10 box, dovecot-lda fails to query (I/O) to dovecot dict socket with ENOTCONN. My patch fixes this problem. Regards, -- -- Name: SATOH Fumiyasu (fumiyas @ osstech co jp) -- Business Home: http://www.OSSTech.co.jp/ -- Personal Home: http://www.SFO.jp/blog/ From dbrooks at mdah.state.ms.us Tue Aug 2 06:44:01 2011 From: dbrooks at mdah.state.ms.us (Donny Brooks) Date: Mon, 01 Aug 2011 22:44:01 -0500 Subject: [Dovecot] web interface for user creation/vacation In-Reply-To: <4E374C6F.2010304@rename-it.nl> References: <20110801235518.GC13616@ref.nmedia.net> <4E374C6F.2010304@rename-it.nl> Message-ID: <4E377281.1070307@mdah.state.ms.us> On 8/1/2011 8:01 PM, Stephan Bosch wrote: > On 8/2/2011 1:55 AM, Chris Cappuccio wrote: > >> Are there any decent front-ends to setup/manage per-user sieve filters? > > There are several, but so far I am not too impressed by any of them. > Most web-based versions are part of a webmail suite. The nicest one > I've seen so far is the sieverules plugin for Roundcube. Then there is > horde/ingo, which wasn't that fancy last time I looked. There is also > squirrelmail/avelsieve, which is a bit ugly in a technical point of > view, but it works quite well. There are older ones like smartsieve > and websieve, but those are not maintained anymore and not compatible > with Dovecot without patching them. > > I'm hoping that someone writes a proper (native) PHP module for Sieve > parsing in the near future. This is something that is currently barely > done by web interfaces, with the effect that only one Sieve client can > be used at the same time, because competitive clients will > overwrite/mangle scripts of others, instead of trying to parse and > adjust them. In fact, the only client I know (including the desktop > ones) that somewhat parses the script on the server is the sieverules > plugin for Roundcube.Therefore such a PHP module solves only part of > the problem: web interfaces. Normal mail clients like Thunderbird, > Outlook and Evolution don't have (proper) support for Sieve either, > let alone script parsing functionality with a user-friendly GUI :/ > > Perhaps we should make a list of the available clients on the wiki > somewhere with some information on how well these work with Dovecot. > > There is a short list at http://sieve.info/clients. > > Regards, > > Stephan. It is not a standalone frontend but the vacation management portion of SOGo (http://sogo.nu/english.html) works well in our tests. Donny B. From fafaforza at gmail.com Tue Aug 2 07:14:08 2011 From: fafaforza at gmail.com (Darek M) Date: Tue, 2 Aug 2011 00:14:08 -0400 Subject: [Dovecot] web interface for user creation/vacation In-Reply-To: <4E377281.1070307@mdah.state.ms.us> References: <20110801235518.GC13616@ref.nmedia.net> <4E374C6F.2010304@rename-it.nl> <4E377281.1070307@mdah.state.ms.us> Message-ID: I'm using postfixadmin without too many issues. What's your problem with it? Also using the RoundCube sieve plugin with not to many problems either. On 8/1/11, Donny Brooks wrote: > On 8/1/2011 8:01 PM, Stephan Bosch wrote: >> On 8/2/2011 1:55 AM, Chris Cappuccio wrote: >> >>> Are there any decent front-ends to setup/manage per-user sieve filters? >> >> There are several, but so far I am not too impressed by any of them. >> Most web-based versions are part of a webmail suite. The nicest one >> I've seen so far is the sieverules plugin for Roundcube. Then there is >> horde/ingo, which wasn't that fancy last time I looked. There is also >> squirrelmail/avelsieve, which is a bit ugly in a technical point of >> view, but it works quite well. There are older ones like smartsieve >> and websieve, but those are not maintained anymore and not compatible >> with Dovecot without patching them. >> >> I'm hoping that someone writes a proper (native) PHP module for Sieve >> parsing in the near future. This is something that is currently barely >> done by web interfaces, with the effect that only one Sieve client can >> be used at the same time, because competitive clients will >> overwrite/mangle scripts of others, instead of trying to parse and >> adjust them. In fact, the only client I know (including the desktop >> ones) that somewhat parses the script on the server is the sieverules >> plugin for Roundcube.Therefore such a PHP module solves only part of >> the problem: web interfaces. Normal mail clients like Thunderbird, >> Outlook and Evolution don't have (proper) support for Sieve either, >> let alone script parsing functionality with a user-friendly GUI :/ >> >> Perhaps we should make a list of the available clients on the wiki >> somewhere with some information on how well these work with Dovecot. >> >> There is a short list at http://sieve.info/clients. >> >> Regards, >> >> Stephan. > It is not a standalone frontend but the vacation management portion of > SOGo (http://sogo.nu/english.html) works well in our tests. > > Donny B. > From john.alexander at preachain.org Tue Aug 2 08:13:31 2011 From: john.alexander at preachain.org (John Alexander) Date: Mon, 01 Aug 2011 22:13:31 -0700 Subject: [Dovecot] mbox issue - dovecot 2.0.13 Message-ID: <4E37877B.9040309@preachain.org> I'm running into the following issue when trying to delete a folder: Aug 2 00:41:46 keg dovecot: imap(user): Error: stat(/home/user/mail/Trash/.imap/MoreTest) failed: Not a directory Dovecot is creating directories correctly /home/user/mail/.imap/Trash directory exists. /home/user/mail/.imap/MoreTest directory exists /home/user/mail/Trash file exists /home/user/mail/MoreTest file exists Config is: mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u Where is this getting munged, please. Thanks much John From swartel at zero-spam.fr Tue Aug 2 13:21:17 2011 From: swartel at zero-spam.fr (=?ISO-8859-1?Q?St=E9phane_Wartel?=) Date: Tue, 02 Aug 2011 12:21:17 +0200 Subject: [Dovecot] sieve vacation reply In-Reply-To: <4DD29C5D.4070405@cimr.cam.ac.uk> References: <4DD29C5D.4070405@cimr.cam.ac.uk> Message-ID: <4E37CF9D.2010209@zero-spam.fr> Hi, I get the same error ! Any idea to fix it ? Regards, Stephane Le 17/05/2011 18:03, Wojciech Giel a ?crit : > Hi, > I'm configuring postfix with dovecot and roundcube. I'm using flat > files as passwdb userdb. > > Everything works fine except sieve vacation reply. when i send mail > from ex. user dennis to tytus I get "discarding vacation response for > message implicitly delivered to". > > What Am i doing wrong? > thanks > > > > > sieve: using sieve path for user's script: /home/tytus/.dovecot.sieve > 2011-05-17 16:56:45 deliver(tytus): Info: sieve: opening script > /home/tytus/.dovecot.sieve > 2011-05-17 16:56:45 deliver(tytus): Info: sieve: executing compiled > script /home/tytus/.dovecot.sieve > 2011-05-17 16:56:45 deliver(tytus): Info: sieve: > msgid=<20110517155641.GA3452 at badger.example.com>: discarding vacation > response for message implicitly delivered to > > /etc/postfix/main.cf > ... > mailbox_command = /usr/lib/dovecot/deliver -n -m "${EXTENSION}" > ... > > > # 1.2.15: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.1 > log_path: /var/log/dovecot.log > log_timestamp: %Y-%m-%d %H:%M:%S > protocols: imap imaps managesieve > listen(default): * > listen(imap): * > listen(managesieve): 127.0.0.1:2000 > ssl_ca_file: /etc/postfix/ssl/cacert.pem > ssl_cert_file: /etc/postfix/ssl/servercrt.pem > ssl_key_file: /etc/postfix/ssl/serverkey.pem > ssl_cipher_list: ALL:!LOW:!SSLv2 > login_dir: /var/run/dovecot/login > login_executable(default): /usr/lib/dovecot/imap-login > login_executable(imap): /usr/lib/dovecot/imap-login > login_executable(managesieve): /usr/lib/dovecot/managesieve-login > mail_location: maildir:~/Maildir:INDEX=~/Maildir/indexes > mail_debug: yes > mbox_write_locks: fcntl dotlock > mail_executable(default): /usr/lib/dovecot/imap > mail_executable(imap): /usr/lib/dovecot/imap > mail_executable(managesieve): /usr/lib/dovecot/managesieve > mail_plugins(default): quota imap_quota autocreate > mail_plugins(imap): quota imap_quota autocreate > mail_plugins(managesieve): > mail_plugin_dir(default): /usr/lib/dovecot/modules/imap > mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap > mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve > imap_client_workarounds(default): tb-extra-mailbox-sep netscape-eoh > delay-newmail outlook-idle > imap_client_workarounds(imap): tb-extra-mailbox-sep netscape-eoh > delay-newmail outlook-idle > imap_client_workarounds(managesieve): > lda: > postmaster_address: postmaster > mail_plugins: sieve quota autocreate > quota_full_tempfail: yes > deliver_log_format: msgid=%m: %$ > rejection_reason: Your message to <%t> was automatically rejected:%n%r > log_path: /var/log/sieve.log > auth default: > mechanisms: plain login cram-md5 > verbose: yes > debug: yes > debug_passwords: yes > passdb: > driver: pam > passdb: > driver: passwd-file > args: scheme=cram-md5 /etc/dovecot/passwd > userdb: > driver: passwd-file > args: /etc/dovecot/passwd > userdb: > driver: passwd > socket: > type: listen > client: > path: /var/spool/postfix/private/dovecot-auth > mode: 432 > user: postfix > group: postfix > master: > path: /var/run/dovecot/auth-master > mode: 384 > plugin: > sieve: ~/.dovecot.sieve > sieve_dir: ~/sieve > autocreate: INBOX > autocreate2: Sent > autocreate3: Trash > autocreate4: Drafts > autocreate5: Junk > autosubscribe: INBOX > autosubscribe2: Sent > autosubscribe3: Trash > autosubscribe4: Drafts > autosubscribe5: Junk > quota: maildir:User quota > quota_rule: Trash:storage=10M > quota_warning: storage=85%% /usr/bin/dovecot-quota-warning.sh 85 > quota_warning2: storage=90%% /usr/bin/dovecot-quota-warning.sh 90 > quota_warning3: storage=95%% /usr/bin/dovecot-quota-warning.sh 95 > > From claudio.prono at atpss.net Tue Aug 2 13:32:54 2011 From: claudio.prono at atpss.net (Claudio Prono) Date: Tue, 02 Aug 2011 12:32:54 +0200 Subject: [Dovecot] web interface for user creation/vacation In-Reply-To: <20110801235518.GC13616@ref.nmedia.net> References: <20110801235518.GC13616@ref.nmedia.net> Message-ID: <4E37D256.5070408@atpss.net> Il 02/08/2011 1.55, Chris Cappuccio ha scritto: > What are the best web interfaces for user/domain management, perhaps one that also allows individual users to edit vacation msgs? > > Right now I'm using a postfixadmin based mysql control panel. Curious what is the better stuff out there that people are using with dovecot/sieve these days? > > Are there any decent front-ends to setup/manage per-user sieve filters? > > > !DSPAM:1,4e373cec96921343316261! > Horde with Ingo can manage Vacation and filter with sieve, with a little configuration (i am using it). > -- -------------------------------------------------------------------------------- Claudio Prono OPST System Developer Gsm: +39-349-54.33.258 @PSS Srl Tel: +39-011-32.72.100 Via San Bernardino, 17 Fax: +39-011-32.46.497 10141 Torino - ITALY http://atpss.net/disclaimer -------------------------------------------------------------------------------- PGP Key - http://keys.atpss.net/c_prono.asc From ngu.antoine at gmail.com Tue Aug 2 13:49:04 2011 From: ngu.antoine at gmail.com (Antoine Nguyen) Date: Tue, 2 Aug 2011 12:49:04 +0200 Subject: [Dovecot] web interface for user creation/vacation In-Reply-To: <20110801235518.GC13616@ref.nmedia.net> References: <20110801235518.GC13616@ref.nmedia.net> Message-ID: You can take a look at modoboa (http://modoboa.org). It supports per user sieve filters and vacation message. Le 2 ao?t 2011 01:55, "Chris Cappuccio" a ?crit : > What are the best web interfaces for user/domain management, perhaps one that also allows individual users to edit vacation msgs? > > Right now I'm using a postfixadmin based mysql control panel. Curious what is the better stuff out there that people are using with dovecot/sieve these days? > > Are there any decent front-ends to setup/manage per-user sieve filters? > From stephan at rename-it.nl Tue Aug 2 13:59:29 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 02 Aug 2011 12:59:29 +0200 Subject: [Dovecot] sieve vacation reply In-Reply-To: <4E37CF9D.2010209@zero-spam.fr> References: <4DD29C5D.4070405@cimr.cam.ac.uk> <4E37CF9D.2010209@zero-spam.fr> Message-ID: <4E37D891.1010103@rename-it.nl> On 8/2/2011 12:21 PM, St?phane Wartel wrote: > Hi, > > I get the same error ! > Any idea to fix it ? > This situation occurs when the message's To,CC,etc. headers do not contain the recipient address (from the envelope). This can be caused by a mailing list (to which it must not respond), but also by some translation in your mail setup. The former case is intended behavior, the latter is problematic. If your final recipient address does not match what is in the message's headers due to some translation step in the mail setup (e.g. aliasing), you have a problem. You can add the address listed in the headers to the :addresses argument of the vacation command. That is not always a good solution however. This problem is a bit old already, but some new solutions have emerged for Dovecot v2. So, what exactly is your situation? Regards, Stephan. > Le 17/05/2011 18:03, Wojciech Giel a ?crit : >> Hi, >> I'm configuring postfix with dovecot and roundcube. I'm using flat >> files as passwdb userdb. >> >> Everything works fine except sieve vacation reply. when i send mail >> from ex. user dennis to tytus I get "discarding vacation response for >> message implicitly delivered to". >> >> What Am i doing wrong? >> thanks >> >> sieve: using sieve path for user's script: /home/tytus/.dovecot.sieve >> 2011-05-17 16:56:45 deliver(tytus): Info: sieve: opening script >> /home/tytus/.dovecot.sieve >> 2011-05-17 16:56:45 deliver(tytus): Info: sieve: executing compiled >> script /home/tytus/.dovecot.sieve >> 2011-05-17 16:56:45 deliver(tytus): Info: sieve: >> msgid=<20110517155641.GA3452 at badger.example.com>: discarding vacation >> response for message implicitly delivered to >> From thomas-lists at nybeta.com Tue Aug 2 15:32:49 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Tue, 02 Aug 2011 08:32:49 -0400 Subject: [Dovecot] sievec - manual compile of global sieve scripts? In-Reply-To: <4E37481A.1020703@rename-it.nl> References: <4E370874.1080408@nybeta.com> <4E37481A.1020703@rename-it.nl> Message-ID: <4E37EE71.30905@nybeta.com> On 8/1/2011 8:43 PM, Stephan Bosch wrote: > On 8/1/2011 10:11 PM, Thomas Harold wrote: >> How do you compile global scripts using the sievec command without >> making the script directory owned (and group writable) by the vmail user? >> >> http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage >> >> # cd /etc/dovecot/sieve/before/ >> # (edit some script like spam.sieve that runs for everyone) >> # /usr/local/bin/sievec spam.sieve spam.svbin >> >> sievec(root): Error: sieve: binary save: failed to create temporary >> file: open(spam.svbin.hostname.26921.) in directory >> /etc/dovecot/sieve/before failed: Permission denied (euid=5000(vmail) >> egid=5000(vmail) missing +w perm: /etc/dovecot/sieve/before, euid is >> not dir owner) > > Why are you executing sievec as vmail in the first place? You should be > able to run it as root or any other user you use to manage global sieve > scripts. > Sorry, I may not have been clear before, I am trying to run sievec as root. So the error is confusing to me because it looks like sievec is trying to drop privs and do the compile as the vmail user. I haven't done anything special to the sievec file (like making it run as vmail or always run as root, SELinux is in permissive mode until I gather up enough entries in the audit log to make an audit2allow run useful). # ls -la /usr/local/bin -rwxr-xr-x 1 root root 123989 Aug 1 12:25 sievec -rwxr-xr-x 1 root root 119415 Aug 1 12:25 sieve-dump -rwxr-xr-x 1 root root 133592 Aug 1 12:25 sieve-test As a workaround, I may temporarily alter my Makefile to set the directory writable by the vmail group, compile the scripts, then set the directory read-only again. The files end up owned as vmail:vmail when I do that, even though I execute the "sievec" command as root. # /usr/local/bin/sievec sortspam.sieve sortspam.svbin -rw-rw-r-- 1 root root 477 Aug 1 15:33 sortspam.sieve -rw-rw-r-- 1 vmail vmail 321 Aug 2 08:26 sortspam.svbin ... My current Makefile. # cat Makefile # http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage#scriptcompile SIEVEC=/usr/local/bin/sievec SRCS=$(wildcard *.sieve) OBJS=$(SRCS:.sieve=.svbin) all: $(OBJS) %.svbin : %.sieve $(SIEVEC) $? $@ From swartel at zero-spam.fr Tue Aug 2 15:43:50 2011 From: swartel at zero-spam.fr (swartel at zero-spam.fr) Date: Tue, 02 Aug 2011 14:43:50 +0200 Subject: [Dovecot] sieve vacation reply In-Reply-To: <4E37D891.1010103@rename-it.nl> References: <4DD29C5D.4070405@cimr.cam.ac.uk> <4E37CF9D.2010209@zero-spam.fr> <4E37D891.1010103@rename-it.nl> Message-ID: <4E37F106.2050500@zero-spam.fr> Hi Stephan, Thanks for your reply. After some more tests, it appears that mail aliases is the reason of this error. The vacation mode has been enabled on a mailbox that contains many aliases and one of them has been used as the recipient. We used dovecot 2.0.12-0~auto+5 from debian old-stable repo. Is there anything we can do ? Thanks, Stephane Le 02/08/2011 12:59, Stephan Bosch a ?crit : > On 8/2/2011 12:21 PM, St?phane Wartel wrote: >> Hi, >> >> I get the same error ! >> Any idea to fix it ? >> > > This situation occurs when the message's To,CC,etc. headers do not > contain the recipient address (from the envelope). This can be caused > by a mailing list (to which it must not respond), but also by some > translation in your mail setup. The former case is intended behavior, > the latter is problematic. If your final recipient address does not > match what is in the message's headers due to some translation step in > the mail setup (e.g. aliasing), you have a problem. > > You can add the address listed in the headers to the :addresses > argument of the vacation command. That is not always a good solution > however. This problem is a bit old already, but some new solutions > have emerged for Dovecot v2. > > So, what exactly is your situation? > > Regards, > > Stephan. > >> Le 17/05/2011 18:03, Wojciech Giel a ?crit : >>> Hi, >>> I'm configuring postfix with dovecot and roundcube. I'm using flat >>> files as passwdb userdb. >>> >>> Everything works fine except sieve vacation reply. when i send mail >>> from ex. user dennis to tytus I get "discarding vacation response >>> for message implicitly delivered to". >>> >>> What Am i doing wrong? >>> thanks >>> >>> sieve: using sieve path for user's script: /home/tytus/.dovecot.sieve >>> 2011-05-17 16:56:45 deliver(tytus): Info: sieve: opening script >>> /home/tytus/.dovecot.sieve >>> 2011-05-17 16:56:45 deliver(tytus): Info: sieve: executing compiled >>> script /home/tytus/.dovecot.sieve >>> 2011-05-17 16:56:45 deliver(tytus): Info: sieve: >>> msgid=<20110517155641.GA3452 at badger.example.com>: discarding >>> vacation response for message implicitly delivered to >>> > From stephan at rename-it.nl Tue Aug 2 15:45:33 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 02 Aug 2011 14:45:33 +0200 Subject: [Dovecot] sievec - manual compile of global sieve scripts? In-Reply-To: <4E37EE71.30905@nybeta.com> References: <4E370874.1080408@nybeta.com> <4E37481A.1020703@rename-it.nl> <4E37EE71.30905@nybeta.com> Message-ID: <4E37F16D.2000401@rename-it.nl> On 8/2/2011 2:32 PM, Thomas Harold wrote: > On 8/1/2011 8:43 PM, Stephan Bosch wrote: >> On 8/1/2011 10:11 PM, Thomas Harold wrote: >>> How do you compile global scripts using the sievec command without >>> making the script directory owned (and group writable) by the vmail >>> user? >>> >>> http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage >>> >>> # cd /etc/dovecot/sieve/before/ >>> # (edit some script like spam.sieve that runs for everyone) >>> # /usr/local/bin/sievec spam.sieve spam.svbin >>> >>> sievec(root): Error: sieve: binary save: failed to create temporary >>> file: open(spam.svbin.hostname.26921.) in directory >>> /etc/dovecot/sieve/before failed: Permission denied (euid=5000(vmail) >>> egid=5000(vmail) missing +w perm: /etc/dovecot/sieve/before, euid is >>> not dir owner) >> >> Why are you executing sievec as vmail in the first place? You should be >> able to run it as root or any other user you use to manage global sieve >> scripts. >> > > Sorry, I may not have been clear before, I am trying to run sievec as > root. So the error is confusing to me because it looks like sievec is > trying to drop privs and do the compile as the vmail user. I haven't > done anything special to the sievec file (like making it run as vmail > or always run as root, SELinux is in permissive mode until I gather up > enough entries in the audit log to make an audit2allow run useful). > > # ls -la /usr/local/bin > -rwxr-xr-x 1 root root 123989 Aug 1 12:25 sievec > -rwxr-xr-x 1 root root 119415 Aug 1 12:25 sieve-dump > -rwxr-xr-x 1 root root 133592 Aug 1 12:25 sieve-test What versions of Dovecot (obviously v2.0+) and Pigeonhole are you using and what is your config (show dovecot -n output) ? I suspect there may be a bug. Regards, Stephan. From thomas-lists at nybeta.com Tue Aug 2 15:55:31 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Tue, 02 Aug 2011 08:55:31 -0400 Subject: [Dovecot] sievec - manual compile of global sieve scripts? In-Reply-To: <4E37F16D.2000401@rename-it.nl> References: <4E370874.1080408@nybeta.com> <4E37481A.1020703@rename-it.nl> <4E37EE71.30905@nybeta.com> <4E37F16D.2000401@rename-it.nl> Message-ID: <4E37F3C3.1090303@nybeta.com> On 8/2/2011 8:45 AM, Stephan Bosch wrote: > > What versions of Dovecot (obviously v2.0+) and Pigeonhole are you using > and what is your config (show dovecot -n output) ? > > I suspect there may be a bug. > dovecot-2.0-pigeonhole-0.2.3 - downloaded and compiled from source this week. The dovecot package itself comes from ATRPMs and is 2.0.13. Name : dovecot Arch : x86_64 Epoch : 1 Version : 2.0.13 Release : 1_129.el5 Size : 5.1 M Repo : installed Summary : Dovecot Secure imap server URL : http://www.dovecot.org/ License : MIT Name : dovecot-devel Arch : x86_64 Epoch : 1 Version : 2.0.13 Release : 1_129.el5 Size : 667 k Repo : installed Summary : Libraries and headers for Dovecot URL : http://www.dovecot.org/ License : MIT Output of dovecot -n # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-274.el5 x86_64 Red Hat Enterprise Linux Server release 5.7 (Tikanga) auth_verbose_passwords = sha1 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = 127.0.0.1, 1.2.3.4 mail_gid = vmail mail_home = /var/vmail/%d/%n mail_location = maildir:~/Maildir mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mbox_write_locks = fcntl passdb { args = /etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } plugin { sieve = ~/.dovecot.sieve sieve_after = /etc/dovecot/sieve/after/ sieve_before = /etc/dovecot/sieve/before/ sieve_dir = ~/sieve sieve_global_dir = /etc/dovecot/sieve/globalinclude/ } protocols = imap pop3 lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } unix_listener auth-userdb { group = vmail user = vmail } } service imap-login { process_min_avail = 5 } service pop3-login { inet_listener pop3 { address = 1.2.3.4 } inet_listener pop3s { address = 1.2.3.4 } } ssl = required ssl_cert = References: <4DD29C5D.4070405@cimr.cam.ac.uk> <4E37CF9D.2010209@zero-spam.fr> <4E37D891.1010103@rename-it.nl> <4E37F106.2050500@zero-spam.fr> Message-ID: <4E3804C7.1030503@rename-it.nl> On 8/2/2011 2:43 PM, swartel at zero-spam.fr wrote: > Hi Stephan, > > Thanks for your reply. > > After some more tests, it appears that mail aliases is the reason of > this error. The vacation mode has been enabled on a mailbox that > contains many aliases and one of them has been used as the recipient. > We used dovecot 2.0.12-0~auto+5 from debian old-stable repo. Is there > anything we can do ? > If you can access the original recipient from your MTA, you can use both -a and -r (if needed) arguments of dovecot-lda as outlined on this wiki page: http://wiki2.dovecot.org/LDA This will make the vacation command perform the checks against the original recipient. Please let me know whether this is an adequate solution for you. Regards, Stephan. From stephan at rename-it.nl Tue Aug 2 17:43:13 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 02 Aug 2011 16:43:13 +0200 Subject: [Dovecot] Pigeon Sieve, redirect action and SPF In-Reply-To: <20110729095322.64c6e966@jimbo> References: <4E2D9F9F.6070301@net.ipl.pt> <4E2DF8A0.3050805@rename-it.nl> <20110726093700.6343d0dc@jimbo> <4E31ADE1.5070109@rename-it.nl> <20110729095322.64c6e966@jimbo> Message-ID: <4E380D01.9030708@rename-it.nl> On 7/29/2011 8:53 AM, Nikita Koshikov wrote: > On Thu, 28 Jul 2011 20:43:45 +0200 > Stephan Bosch wrote: > >> Would the header name need to be configurable, or is >> X-Sieve-Redirected-From good for all purposes? Regards, Stephan. > I saw this > > X-ResentFrom: > X-SRS-Rewrite: > X-Forwarded-(To/For): > > So the name is not significant. If it's not so difficult to code - than configurable header of course is better. But it's only a matter of taste. Adding more settings is best to be avoided. I've added the header: http://hg.rename-it.nl/dovecot-2.0-pigeonhole/rev/81b37c0055c3 http://hg.rename-it.nl/dovecot-2.0-pigeonhole/rev/efad75f779de (d'oh) > One thing to note for implementing: > It will be much more simple for setting up srs, if sieve will export to environment some variables indicating need for rewrite. And than we will be able to write wrapper for sendmail_path that will selectively choose what should we do: > For example, I don't want srs to happen if user is forwarding for local domain mailbox, or if action that trigger mail sending is - "out of office reply". > So, wrapper will analyze need srs or no, and after all invoke srs binary for signing, or just call pure mta. I am not sure Sieve has access to enough information to make such an assessment. And I don't think adding SPF/SRS-specific code to Sieve is a good idea. It would also not be very straight-forward since the low-level mail sending code is part of Dovecot itself. Regards, Stephan. From stephan at rename-it.nl Tue Aug 2 19:02:20 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 02 Aug 2011 18:02:20 +0200 Subject: [Dovecot] sieve vacation reply In-Reply-To: <4E3804C7.1030503@rename-it.nl> References: <4DD29C5D.4070405@cimr.cam.ac.uk> <4E37CF9D.2010209@zero-spam.fr> <4E37D891.1010103@rename-it.nl> <4E37F106.2050500@zero-spam.fr> <4E3804C7.1030503@rename-it.nl> Message-ID: <4E381F8C.5010702@rename-it.nl> On 8/2/2011 4:08 PM, Stephan Bosch wrote: > On 8/2/2011 2:43 PM, swartel at zero-spam.fr wrote: >> Hi Stephan, >> >> Thanks for your reply. >> >> After some more tests, it appears that mail aliases is the reason of >> this error. The vacation mode has been enabled on a mailbox that >> contains many aliases and one of them has been used as the recipient. >> We used dovecot 2.0.12-0~auto+5 from debian old-stable repo. Is there >> anything we can do ? >> > > If you can access the original recipient from your MTA, you can use > both -a and -r (if needed) arguments of dovecot-lda as outlined on > this wiki page: > > http://wiki2.dovecot.org/LDA > > This will make the vacation command perform the checks against the > original recipient. > > Please let me know whether this is an adequate solution for you. Hmm, apparently this was not possible yet, so I've added it now: http://hg.rename-it.nl/dovecot-2.0-pigeonhole/rev/81f7acac82f2 This also adds support to disable this check completely (as explained in doc/vacation.txt). I recommend using that only when all other methods fail. I've still got some more TODO items about this issue, particularly about adding support to check some external aliases database. I am still not sure how I should approach that though. Regards, Stephan. From patrickdk at patrickdk.com Tue Aug 2 19:21:33 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Tue, 02 Aug 2011 12:21:33 -0400 Subject: [Dovecot] sievec - manual compile of global sieve scripts? In-Reply-To: <4E37F3C3.1090303@nybeta.com> References: <4E370874.1080408@nybeta.com> <4E37481A.1020703@rename-it.nl> <4E37EE71.30905@nybeta.com> <4E37F16D.2000401@rename-it.nl> <4E37F3C3.1090303@nybeta.com> Message-ID: <20110802122133.Horde.HGpUb5LnE6FOOCQNmc3hfuA@mail.patrickdk.com> Mine has always behaved like this. It looks up the root user in the auth database from the dovecot config, and attemps to change to that user, and in this type of case that would be vmail. Then it attempts to check the mail_home and kind of fails, unless you give vmail permission to that path that would be created using the root user. Quoting Thomas Harold : > On 8/2/2011 8:45 AM, Stephan Bosch wrote: >> >> What versions of Dovecot (obviously v2.0+) and Pigeonhole are you using >> and what is your config (show dovecot -n output) ? >> >> I suspect there may be a bug. >> > > dovecot-2.0-pigeonhole-0.2.3 - downloaded and compiled from source > this week. The dovecot package itself comes from ATRPMs and is > 2.0.13. > > Name : dovecot > Arch : x86_64 > Epoch : 1 > Version : 2.0.13 > Release : 1_129.el5 > Size : 5.1 M > Repo : installed > Summary : Dovecot Secure imap server > URL : http://www.dovecot.org/ > License : MIT > > Name : dovecot-devel > Arch : x86_64 > Epoch : 1 > Version : 2.0.13 > Release : 1_129.el5 > Size : 667 k > Repo : installed > Summary : Libraries and headers for Dovecot > URL : http://www.dovecot.org/ > License : MIT > > Output of dovecot -n > > # 2.0.13: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.18-274.el5 x86_64 Red Hat Enterprise Linux Server > release 5.7 (Tikanga) > auth_verbose_passwords = sha1 > lda_mailbox_autocreate = yes > lda_mailbox_autosubscribe = yes > listen = 127.0.0.1, 1.2.3.4 > mail_gid = vmail > mail_home = /var/vmail/%d/%n > mail_location = maildir:~/Maildir > mail_uid = vmail > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date > mbox_write_locks = fcntl > passdb { > args = /etc/dovecot/conf.d/dovecot-sql.conf.ext > driver = sql > } > plugin { > sieve = ~/.dovecot.sieve > sieve_after = /etc/dovecot/sieve/after/ > sieve_before = /etc/dovecot/sieve/before/ > sieve_dir = ~/sieve > sieve_global_dir = /etc/dovecot/sieve/globalinclude/ > } > protocols = imap pop3 lmtp sieve > service auth { > unix_listener /var/spool/postfix/private/auth { > mode = 0666 > } > unix_listener auth-userdb { > group = vmail > user = vmail > } > } > service imap-login { > process_min_avail = 5 > } > service pop3-login { > inet_listener pop3 { > address = 1.2.3.4 > } > inet_listener pop3s { > address = 1.2.3.4 > } > } > ssl = required > ssl_cert = ssl_key = protocol lda { > log_path = /var/log/dovecot/dovecot-lda > mail_plugins = " sieve" > } From swartel at zero-spam.fr Tue Aug 2 21:14:55 2011 From: swartel at zero-spam.fr (=?ISO-8859-1?Q?St=E9phane_Wartel?=) Date: Tue, 02 Aug 2011 20:14:55 +0200 Subject: [Dovecot] sieve vacation reply In-Reply-To: <4E381F8C.5010702@rename-it.nl> References: <4DD29C5D.4070405@cimr.cam.ac.uk> <4E37CF9D.2010209@zero-spam.fr> <4E37D891.1010103@rename-it.nl> <4E37F106.2050500@zero-spam.fr> <4E3804C7.1030503@rename-it.nl> <4E381F8C.5010702@rename-it.nl> Message-ID: <4E383E9F.5020503@zero-spam.fr> Hi Stephan, Yep, after some tests you 're right, it's not possible. So, I use :addresses in sieve script and will try -a or -r arguments in LDA command from postfix with the next release. Bye, Stephane Le 02/08/2011 18:02, Stephan Bosch a ?crit : > On 8/2/2011 4:08 PM, Stephan Bosch wrote: >> On 8/2/2011 2:43 PM, swartel at zero-spam.fr wrote: >>> Hi Stephan, >>> >>> Thanks for your reply. >>> >>> After some more tests, it appears that mail aliases is the reason of >>> this error. The vacation mode has been enabled on a mailbox that >>> contains many aliases and one of them has been used as the recipient. >>> We used dovecot 2.0.12-0~auto+5 from debian old-stable repo. Is >>> there anything we can do ? >>> >> >> If you can access the original recipient from your MTA, you can use >> both -a and -r (if needed) arguments of dovecot-lda as outlined on >> this wiki page: >> >> http://wiki2.dovecot.org/LDA >> >> This will make the vacation command perform the checks against the >> original recipient. >> >> Please let me know whether this is an adequate solution for you. > > Hmm, apparently this was not possible yet, so I've added it now: > > http://hg.rename-it.nl/dovecot-2.0-pigeonhole/rev/81f7acac82f2 > > This also adds support to disable this check completely (as explained > in doc/vacation.txt). I recommend using that only when all other > methods fail. > > I've still got some more TODO items about this issue, particularly > about adding support to check some external aliases database. I am > still not sure how I should approach that though. > > Regards, > > Stephan. From al at xjack.org Tue Aug 2 23:46:02 2011 From: al at xjack.org (A.L.) Date: Tue, 02 Aug 2011 13:46:02 -0700 Subject: [Dovecot] $IP not getting set? Message-ID: <4E38620A.20800@xjack.org> Using dovecot 2.0.13. I went to implement relay-ctrl per directions on the Wiki, and failed. After running it down, as best as I can determine, the problem is that the $IP variable is not getting set (and thus not re-set in the script wrapper). I plunked a "set >> debug" into the script, and the only env var's that are set are as listed below (slightly sanitized for public display). Anyone have any ideas? I have tried both the Wiki-way, and this way: http://dovecot.org/list/dovecot/2009-December/045139.html with identical results. CLIENT_LIMIT='1000' CONFIG_FILE='/my_path/config' DOVECOT_CHILD_PROCESS='1' DOVECOT_PRESERVE_ENVS='TZ' DOVECOT_VERSION='2.0.13' GENERATION='7690' IFS=' ' LOG_SERVICE='1' OPTIND='1' PATH='my_path' PPID='1' PS1='# ' PS2='> ' PS4='+ ' PWD='my_pwd' SOCKET_COUNT='1' SSL_SOCKET_COUNT='0' From bazilek at gmail.com Wed Aug 3 01:33:06 2011 From: bazilek at gmail.com (Vasil Mikhalenya) Date: Wed, 3 Aug 2011 01:33:06 +0300 Subject: [Dovecot] shared mailboxes Message-ID: Hi all, I've read all documentation that I could find, but I can not understand 2 simple things 1. How to create a public mailbox - with per user seen flag. In my configuration this flag is shared 2. How to share one user mailbox with other users and set up acl. In Cyrus it was very easy( cyradm sam mailbox user1 lrs or sam mailbox user2 all ). What way there is to do this in dovecot. It was no problem with shared mailboxes in cyrus, but I need maildir support. Thank you. # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain first_valid_uid = 8 last_valid_uid = 8 mail_debug = yes mail_location = mdbox:/var/mail/%1n/%n mail_plugins = acl mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mdbox_preallocate_space = yes namespace { hidden = no inbox = yes list = yes location = prefix = separator = / type = private } namespace { list = children location = mdbox:/var/mail/%%1n/%%n prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace { location = maildir:/var/mail/public prefix = public/ separator = / subscriptions = no type = public } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } passdb { driver = pam } plugin { acl = vfile acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap sieve pop3" service auth { unix_listener auth-client { group = mail mode = 0660 user = Debian-exim } unix_listener auth-userdb { group = mail mode = 0600 user = mail } user = $default_internal_user } service imap-login { process_min_avail = 6 service_count = 0 } ssl_ca = References: Message-ID: <4E388E9A.2090001@delphij.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/29/11 11:30, roberto giuliani wrote: > Hi all, > > I'm testing Dovecot version 1.2.17 on FreeBSD 8.2-RELEASE using ZFS > as filesystem. Searching on google I've ridden about some problem > concerning indexes and mmap. > > I wold like to know if this problem persists on the latest releases. I use Dovecot 2.0.12 on FreeBSD 8.2-RELEASE and didn't see any index corruption in log so far. Admittedly the setup is relatively new, and have been running for only 63 days now, but my understanding is that I shouldn't be that lucky. Also, FreeNAS uses both mmap and sendfile and we didn't see data corruption either nor see any reports about that. Note that my instance is running a heavily modified version (with some driver updates, ZFSv28, etc) though, the latest 8-STABLE have most of the ZFS changes I had in my own tree but I don't think these changes are related to data corruption. If, however, you could reproduce a data corruption on your installation on a recent unmodified FreeBSD 8.2-RELEASE system, please do let me know or post your complain on freebsd-stable at freebsd.org, as that would be a pretty serious problem and we will get it fixed as soon as possible. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) iQEcBAEBCAAGBQJOOI6ZAAoJEATO+BI/yjfBjoYH/1ZTWC3a9kGvUSOvfcSEzL+0 77jHolvQVmWQTCQy8+bKCae3qvD2PNPl3eSz5L1gydKJf8YfM6HdF++0V81yCptd qqIKXXlWyWT5g7u0jF47MQOizYIr4rQXXLToG+DuB6HdHUYP9XG1nnwJne0NkvrR oeHgEVMV4mWIHW1jQfgmkeGrI2SOJVRyDxtc0+miP+pzrPleDXjAg8zETaypNfPA +JKhzLrucctp35D3dM/cTenVH0D8eP8md5CllFOvCYR9RPQJ4xajfca5yxpIDtUG mX373vBjToqGxfpaYa+iDXzP+morTOrif3JUBmuV8JjBeBibnDsovEnvHFhO4fY= =OEZi -----END PGP SIGNATURE----- From koshikov at gmail.com Wed Aug 3 09:56:54 2011 From: koshikov at gmail.com (Nikita Koshikov) Date: Wed, 3 Aug 2011 09:56:54 +0300 Subject: [Dovecot] Pigeon Sieve, redirect action and SPF In-Reply-To: <4E380D01.9030708@rename-it.nl> References: <4E2D9F9F.6070301@net.ipl.pt> <4E2DF8A0.3050805@rename-it.nl> <20110726093700.6343d0dc@jimbo> <4E31ADE1.5070109@rename-it.nl> <20110729095322.64c6e966@jimbo> <4E380D01.9030708@rename-it.nl> Message-ID: <20110803095654.524ecc3f@jimbo> On Tue, 02 Aug 2011 16:43:13 +0200 Stephan Bosch wrote: > On 7/29/2011 8:53 AM, Nikita Koshikov wrote: > > On Thu, 28 Jul 2011 20:43:45 +0200 > > Stephan Bosch wrote: > > > >> Would the header name need to be configurable, or is > >> X-Sieve-Redirected-From good for all purposes? Regards, Stephan. > > I saw this > > > > X-ResentFrom: > > X-SRS-Rewrite: > > X-Forwarded-(To/For): > > > > So the name is not significant. If it's not so difficult to code - than configurable header of course is better. But it's only a matter of taste. > > Adding more settings is best to be avoided. I've added the header: > > http://hg.rename-it.nl/dovecot-2.0-pigeonhole/rev/81b37c0055c3 > http://hg.rename-it.nl/dovecot-2.0-pigeonhole/rev/efad75f779de (d'oh) > > > One thing to note for implementing: > > It will be much more simple for setting up srs, if sieve will export to environment some variables indicating need for rewrite. And than we will be able to write wrapper for sendmail_path that will selectively choose what should we do: > > For example, I don't want srs to happen if user is forwarding for local domain mailbox, or if action that trigger mail sending is - "out of office reply". > > So, wrapper will analyze need srs or no, and after all invoke srs binary for signing, or just call pure mta. > > I am not sure Sieve has access to enough information to make such an > assessment. And I don't think adding SPF/SRS-specific code to Sieve is a > good idea. It would also not be very straight-forward since the > low-level mail sending code is part of Dovecot itself. > > Regards, > > Stephan. I meant export to environment some variables, like dovecot does: USER= IP= MAIL= .... Adding more like: SIEVE_ACTION= SIEVE_RECIPIENT= etc And then execute sendmail_path. Thus program\wrapper can be aware of mail originated from sieve. This is not specific spf\srs code. Seemed, that this section of code need to be in dovecot-lda region, so maybe Timo will be able to catch it. Thanks for your work. From greg.woods at cirrusav.com Thu Aug 4 04:45:46 2011 From: greg.woods at cirrusav.com (Greg Woods) Date: Wed, 3 Aug 2011 18:45:46 -0700 Subject: [Dovecot] Local delivery via deliver fails for 1 user in alias Message-ID: Hi all, I'm a bit baffled. I have an OS X server 10.6.8 and everything was working fine. Now however I seem to be having some issues and I'm unable to find log entries to help point me to the error. I have an alias, sales at cirrusav.com, which forwards mail to myself and two others. This works fine most of the time, but on occasion messages are not delivered to one user. It is possible that one of the other users fails delivery occasionally as well, though this has not been rigorously tested. I always seem to get the messages. I have logging set to debug via the OS X server admin. Looking through /var/log/mailaccess.log I see all the same entries for each user even when messages fail to deliver. The only difference I notice is the order. I see some messages about corrupt index cache files. I can find the missing message in failing user's dovecot.index.cache. However I can not find the message in the cur sub directory or anywhere else (grep -i regency ...). I can find the file in my dovecot.index.cache and cur directory. Details below. I'm continuing to research the internet, but don't know what I'm looking for. I'm also concerned that we might be dropping more mail. Thoughts anyone? Thank you in advance for your help. I greatly appreciate it! -- Greg ______________ Greg Woods Cirrus Aviation Services 702-448-2366 702-343-7784 (mobile) ca1:cur root# /usr/sbin/dovecotd --version 1.1.20apple0.5 ca1:cur root# /usr/sbin/dovecotd -n # 1.1.20apple0.5: /private/etc/dovecot/dovecot.conf Warning: fd limit 256 is lower than what Dovecot can use under full load (more than 456). Either grow the limit or change login_max_processes_count and max_mail_processes settings # OS: Darwin 10.8.0 i386 hfs base_dir: /var/run/dovecot syslog_facility: local6 protocols: managesieve imaps listen(default): * listen(imap): * listen(managesieve): *:2000 ssl_ca_file: /etc/certificates/ca1.cirrusav.com.F0D27741B3FD526D70E5B77878084AF217E1E8B4.chain.pem ssl_cert_file: /etc/certificates/ca1.cirrusav.com.F0D27741B3FD526D70E5B77878084AF217E1E8B4.cert.pem ssl_key_file: /etc/certificates/ca1.cirrusav.com.F0D27741B3FD526D70E5B77878084AF217E1E8B4.key.pem ssl_cipher_list: ALL:!LOW:!SSLv2:!aNULL:!ADH:!eNULL login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(managesieve): /usr/libexec/dovecot/managesieve-login login_user: _dovecot login_process_per_connection: no max_mail_processes: 200 mail_max_userip_connections(default): 20 mail_max_userip_connections(imap): 20 mail_max_userip_connections(managesieve): 10 verbose_proctitle: yes first_valid_uid: 6 first_valid_gid: 6 mail_access_groups: mail mail_location: maildir:/var/spool/imap/dovecot/mail/%u mail_debug: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(managesieve): /usr/libexec/dovecot/managesieve mail_process_sharing(default): full mail_process_sharing(imap): full mail_process_sharing(managesieve): none mail_max_connections(default): 5 mail_max_connections(imap): 5 mail_max_connections(managesieve): 20 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(managesieve): /usr/lib/dovecot/managesieve sieve_storage(default): sieve_storage(imap): sieve_storage(managesieve): /var/spool/imap/dovecot/sieve-scripts/%u sieve(default): sieve(imap): sieve(managesieve): /var/spool/imap/dovecot/sieve-scripts/%u/dovecot.sieve lda: postmaster_address: postmaster at example.com hostname: ca1.cirrusav.com mail_plugins: cmusieve quota quota_full_tempfail: yes sendmail_path: /usr/sbin/sendmail auth_socket_path: /var/run/dovecot/auth-master log_path: /var/log/mailaccess.log info_log_path: /var/log/mailaccess.log auth default: mechanisms: gssapi cram-md5 verbose: yes debug: yes debug_passwords: yes passdb: driver: od userdb: driver: od args: partition=/etc/dovecot/partition_map.conf enforce_quotas=no socket: type: listen master: path: /var/run/dovecot/auth-master mode: 384 user: _dovecot group: mail plugin: quota_warning: storage=100%% /usr/libexec/dovecot/quota-exceeded.sh quota_warning2: storage=90%% /usr/libexec/dovecot/quota-warning.sh quota: maildir:User quota sieve: /var/spool/imap/dovecot/sieve-scripts/%u/dovecot.sieve ################################# # /var/log/mail.log for a FAILED delivery # ################################# Aug 3 15:20:18 ca1 postfix/smtpd[2964]: connect from midas.utopiasystems.net[64.74.150.12] Aug 3 15:20:18 ca1 postfix/smtpd[2964]: C1B521510216: client=midas.utopiasystems.net[64.74.150.12] Aug 3 15:20:18 ca1 postfix/cleanup[2973]: C1B521510216: message-id=<51F8CAD6B1666341B363C2D95F0F91D70195A783 at midas.utopiasystems.net> Aug 3 15:20:19 ca1 postfix/smtpd[2964]: disconnect from midas.utopiasystems.net[64.74.150.12] Aug 3 15:20:19 ca1 postfix/qmgr[126]: C1B521510216: from=, size=23091, nrcpt=1 (queue active) Aug 3 15:20:23 ca1 postfix/smtpd[2978]: connect from localhost[127.0.0.1] Aug 3 15:20:23 ca1 postfix/smtpd[2978]: 1F1041510239: client=localhost[127.0.0.1] Aug 3 15:20:23 ca1 postfix/cleanup[2973]: 1F1041510239: message-id=<51F8CAD6B1666341B363C2D95F0F91D70195A783 at midas.utopiasystems.net> Aug 3 15:20:23 ca1 postfix/smtpd[2978]: disconnect from localhost[127.0.0.1] Aug 3 15:20:23 ca1 postfix/qmgr[126]: 1F1041510239: from=, size=23526, nrcpt=1 (queue active) Aug 3 15:20:23 ca1 postfix/smtp[2974]: C1B521510216: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=4.6, delays=1.2/0/0/3.4, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=94749-20, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1F1041510239) Aug 3 15:20:23 ca1 postfix/local[2980]: od[getpwnam_ext]: no attribute dsAttrTypeStandard:MailAttribute in record for user teamsserver Aug 3 15:20:23 ca1 postfix/qmgr[126]: C1B521510216: removed Aug 3 15:20:32 ca1 postfix/local[2980]: 1F1041510239: to=, orig_to=, relay=local, delay=9.8, delays=0.01/0/0/9.8, dsn=2.0.0, status=sent (delivered to command: /usr/share/wikid/bin/bundleMail.py) Aug 3 15:20:33 ca1 postfix/pipe[2981]: 1F1041510239: to=, orig_to=, relay=dovecot, delay=10, delays=0.01/0/0/10, dsn=2.0.0, status=sent (delivered via dovecot service) Aug 3 15:20:33 ca1 postfix/pipe[2981]: 1F1041510239: to=, orig_to=, relay=dovecot, delay=10, delays=0.01/0/0/10, dsn=2.0.0, status=sent (delivered via dovecot service) Aug 3 15:20:35 ca1 postfix/pipe[2981]: 1F1041510239: to=, orig_to=, relay=dovecot, delay=13, delays=0.01/0/0/13, dsn=2.0.0, status=sent (delivered via dovecot service) Aug 3 15:20:35 ca1 postfix/qmgr[126]: 1F1041510239: removed Aug 3 15:23:39 ca1 postfix/anvil[2688]: statistics: max connection rate 2/60s for (smtp:66.231.183.81) at Aug 3 15:15:14 Aug 3 15:23:39 ca1 postfix/anvil[2688]: statistics: max connection count 1 for (smtp:66.231.183.82) at Aug 3 15:14:40 Aug 3 15:23:39 ca1 postfix/anvil[2688]: statistics: max cache size 2 at Aug 3 15:14:57 ################################## # /var/log/mailaccess.log for a FAILED delivery # # Both greg and mark receive the mail, but milt does not. # ################################## deliver(greg.woods): Aug 03 15:20:32 Info: Loading modules from directory: /usr/lib/dovecot/lda deliver(greg.woods): Aug 03 15:20:32 Info: Module loaded: /usr/lib/dovecot/lda/lib10_quota_plugin.so deliver(greg.woods): Aug 03 15:20:32 Info: Module loaded: /usr/lib/dovecot/lda/lib90_cmusieve_plugin.so Aug 3 15:20:32 ca1 dovecot[58]: auth(default): master in: USER 1 greg.woods service=deliver Aug 3 15:20:32 ca1 dovecot[58]: auth(default): od(greg.woods): lookup user=greg.woods Aug 3 15:20:32 ca1 dovecot[58]: auth(default): od(greg.woods): directory lookup for: user=greg.woods deliver(greg.woods): Aug 03 15:20:32 Info: auth input: greg.woods deliver(greg.woods): Aug 03 15:20:32 Info: auth input: uid=1026 deliver(greg.woods): Aug 03 15:20:32 Info: auth input: gid=20 deliver(greg.woods): Aug 03 15:20:32 Info: auth input: quota=maildir:User quota:noenforcing deliver(greg.woods): Aug 03 15:20:32 Info: auth input: quota_rule=*:storage=0 deliver(greg.woods): Aug 03 15:20:32 Info: auth input: mail=maildir:/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 15:20:32 Info: auth input: mail_location=maildir:/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 15:20:32 Info: auth input: sieve=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639/dovecot.sieve deliver(greg.woods): Aug 03 15:20:32 Info: auth input: sieve_dir=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 15:20:32 Info: auth input: sieve_storage=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 15:20:32 Info: Quota root: name=User quota backend=maildir args=noenforcing deliver(greg.woods): Aug 03 15:20:32 Info: Quota rule: root=User quota mailbox=* bytes=0 messages=0 deliver(greg.woods): Aug 03 15:20:32 Info: Quota warning: bytes=0 (100%) messages=0 command=/usr/libexec/dovecot/quota-exceeded.sh deliver(greg.woods): Aug 03 15:20:32 Info: Quota warning: bytes=0 (90%) messages=0 command=/usr/libexec/dovecot/quota-warning.sh deliver(greg.woods): Aug 03 15:20:32 Info: maildir: data=/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 15:20:32 Info: maildir++: root=/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639, index=, control=, inbox=/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 Aug 3 15:20:32 ca1 dovecot[58]: auth(default): od[getpwnam_ext](greg.woods): uid=1026 gid=20 state=0x6 quota=0 guid=C730546B-FBEF-4E90-92CB-6F95AD8F0639 name=gwoods loc=ca1.cirrusav.com alt=(null) fwd=(null) Aug 3 15:20:32 ca1 dovecot[58]: auth(default): od(greg.woods): user gwoods exists more than once Aug 3 15:20:32 ca1 dovecot[58]: auth(default): od(greg.woods): record name=gwoods, uid=1026, gid=20 Aug 3 15:20:32 ca1 dovecot[58]: auth(default): od(greg.woods): user=gwoods, quota=*:storage=0 Aug 3 15:20:32 ca1 dovecot[58]: auth(default): od(greg.woods): data store location=maildir:/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 Aug 3 15:20:32 ca1 dovecot[58]: auth(default): master out: USER 1 greg.woods uid=1026 gid=20 quota=maildir:User quota:noenforcing quota_rule=*:storage=0 mail=maildir:/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 mail_location=maildir:/var/spool/imap/\ dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 sieve=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639/dovecot.sieve sieve_dir=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639 sieve_storage=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E\ 90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 15:20:32 Info: cmusieve: Using sieve path: /var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639/dovecot.sieve deliver(greg.woods): Aug 03 15:20:32 Info: cmusieve: Executing script /var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639/dovecot.sievec deliver(greg.woods): Aug 03 15:20:33 Info: msgid=<51F8CAD6B1666341B363C2D95F0F91D70195A783 at midas.utopiasystems.net>: saved mail to INBOX deliver(milt.woods): Aug 03 15:20:33 Info: Loading modules from directory: /usr/lib/dovecot/lda deliver(milt.woods): Aug 03 15:20:33 Info: Module loaded: /usr/lib/dovecot/lda/lib10_quota_plugin.so deliver(milt.woods): Aug 03 15:20:33 Info: Module loaded: /usr/lib/dovecot/lda/lib90_cmusieve_plugin.so Aug 3 15:20:33 ca1 dovecot[58]: auth(default): master in: USER 1 milt.woods service=deliver Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(milt.woods): lookup user=milt.woods Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(milt.woods): directory lookup for: user=milt.woods deliver(milt.woods): Aug 03 15:20:33 Info: auth input: milt.woods deliver(milt.woods): Aug 03 15:20:33 Info: auth input: uid=1027 deliver(milt.woods): Aug 03 15:20:33 Info: auth input: gid=20 deliver(milt.woods): Aug 03 15:20:33 Info: auth input: quota=maildir:User quota:noenforcing deliver(milt.woods): Aug 03 15:20:33 Info: auth input: quota_rule=*:storage=0 deliver(milt.woods): Aug 03 15:20:33 Info: auth input: mail=maildir:/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF deliver(milt.woods): Aug 03 15:20:33 Info: auth input: mail_location=maildir:/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF deliver(milt.woods): Aug 03 15:20:33 Info: auth input: sieve=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF/dovecot.sieve deliver(milt.woods): Aug 03 15:20:33 Info: auth input: sieve_dir=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF deliver(milt.woods): Aug 03 15:20:33 Info: auth input: sieve_storage=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od[getpwnam_ext](milt.woods): uid=1027 gid=20 state=0x6 quota=0 guid=E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF name=milt loc=ca1.cirrusav.com alt=(null) fwd=(null) Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(milt.woods): user milt exists more than once deliver(milt.woods): Aug 03 15:20:33 Info: Quota root: name=User quota backend=maildir args=noenforcing deliver(milt.woods): Aug 03 15:20:33 Info: Quota rule: root=User quota mailbox=* bytes=0 messages=0 deliver(milt.woods): Aug 03 15:20:33 Info: Quota warning: bytes=0 (100%) messages=0 command=/usr/libexec/dovecot/quota-exceeded.sh deliver(milt.woods): Aug 03 15:20:33 Info: Quota warning: bytes=0 (90%) messages=0 command=/usr/libexec/dovecot/quota-warning.sh deliver(milt.woods): Aug 03 15:20:33 Info: maildir: data=/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF deliver(milt.woods): Aug 03 15:20:33 Info: maildir++: root=/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF, index=, control=, inbox=/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF deliver(milt.woods): Aug 03 15:20:33 Info: cmusieve: /var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF/dovecot.sieve doesn't exist deliver(milt.woods): Aug 03 15:20:33 Info: msgid=<51F8CAD6B1666341B363C2D95F0F91D70195A783 at midas.utopiasystems.net>: saved mail to INBOX Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(milt.woods): record name=milt, uid=1027, gid=20 Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(milt.woods): user=milt, quota=*:storage=0 Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(milt.woods): data store location=maildir:/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF Aug 3 15:20:33 ca1 dovecot[58]: auth(default): master out: USER 1 milt.woods uid=1027 gid=20 quota=maildir:User quota:noenforcing quota_rule=*:storage=0 mail=maildir:/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF mail_location=maildir:/var/spool/imap/\ dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF sieve=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF/dovecot.sieve sieve_dir=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF sieve_storage=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4C\ D4-8CC2-7587BE5D33CF deliver(mark.woods): Aug 03 15:20:33 Info: Loading modules from directory: /usr/lib/dovecot/lda deliver(mark.woods): Aug 03 15:20:33 Info: Module loaded: /usr/lib/dovecot/lda/lib10_quota_plugin.so deliver(mark.woods): Aug 03 15:20:33 Info: Module loaded: /usr/lib/dovecot/lda/lib90_cmusieve_plugin.so Aug 3 15:20:33 ca1 dovecot[58]: auth(default): master in: USER 1 mark.woods service=deliver Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(mark.woods): lookup user=mark.woods Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(mark.woods): directory lookup for: user=mark.woods deliver(mark.woods): Aug 03 15:20:33 Info: auth input: mark.woods deliver(mark.woods): Aug 03 15:20:33 Info: auth input: uid=1025 deliver(mark.woods): Aug 03 15:20:33 Info: auth input: gid=20 deliver(mark.woods): Aug 03 15:20:33 Info: auth input: quota=maildir:User quota:noenforcing deliver(mark.woods): Aug 03 15:20:33 Info: auth input: quota_rule=*:storage=0 deliver(mark.woods): Aug 03 15:20:33 Info: auth input: mail=maildir:/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 15:20:33 Info: auth input: mail_location=maildir:/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 15:20:33 Info: auth input: sieve=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B/dovecot.sieve deliver(mark.woods): Aug 03 15:20:33 Info: auth input: sieve_dir=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 15:20:33 Info: auth input: sieve_storage=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od[getpwnam_ext](mark.woods): uid=1025 gid=20 state=0x6 quota=0 guid=A3A30056-80F0-42BB-884B-DD1F38913A8B name=mark loc=ca1.cirrusav.com alt=(null) fwd=(null) Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(mark.woods): user mark exists more than once Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(mark.woods): record name=mark, uid=1025, gid=20 Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(mark.woods): user=mark, quota=*:storage=0 Aug 3 15:20:33 ca1 dovecot[58]: auth(default): od(mark.woods): data store location=maildir:/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B Aug 3 15:20:33 ca1 dovecot[58]: auth(default): master out: USER 1 mark.woods uid=1025 gid=20 quota=maildir:User quota:noenforcing quota_rule=*:storage=0 mail=maildir:/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B mail_location=maildir:/var/spool/imap/\ dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B sieve=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B/dovecot.sieve sieve_dir=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B sieve_storage=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42\ BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 15:20:33 Info: Quota root: name=User quota backend=maildir args=noenforcing deliver(mark.woods): Aug 03 15:20:33 Info: Quota rule: root=User quota mailbox=* bytes=0 messages=0 deliver(mark.woods): Aug 03 15:20:33 Info: Quota warning: bytes=0 (100%) messages=0 command=/usr/libexec/dovecot/quota-exceeded.sh deliver(mark.woods): Aug 03 15:20:33 Info: Quota warning: bytes=0 (90%) messages=0 command=/usr/libexec/dovecot/quota-warning.sh deliver(mark.woods): Aug 03 15:20:33 Info: maildir: data=/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 15:20:33 Info: maildir++: root=/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B, index=, control=, inbox=/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 15:20:33 Info: cmusieve: /var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B/dovecot.sieve doesn't exist deliver(mark.woods): Aug 03 15:20:34 Info: msgid=<51F8CAD6B1666341B363C2D95F0F91D70195A783 at midas.utopiasystems.net>: saved mail to INBOX ################################## # dovecot.index.cache for failed delivery showing message header.... # ################################# ("charset" "UTF-8") NIL NIL "8bit" 2959 121 NIL NIL NIL NIL)("text" "html" ("charset" "UTF-8") NIL NIL "8bit" 19027 186 NIL NIL NIL NIL) "alternative" ("boundary" "b1_b5d09c\ ae81d6afae79bdbcb8cea2896a") NIL NIL NIL^@^@^@^A^@^@^@^\\3119N^@^@^@^@^P^E^@^@^D^@^@^@^@^@^@^@^E^@^@^@-^@^@^@^U^@^@^@^@^@^@^@Date: Wed, 3 Aug 2011 18:20:15 -0400 ^@^@^@^F^@^@^@7^@^@^@^[^@^@^@^@^@^@^@From: "Natalie Astor" ^@^G^@^@^@^@^@^@^@^H^@^@^@W^@^@^@^V^@^@^@^@^@^@^@Message-ID: <51F8CAD6B1666341B363C2D95F0F91D70195A783 at midas.utopiasystems.net> ^@ ^@^@^@^@^@^@^@ ^@^@^@^@^@^@^@^K^@^@^@0^@^@^@^T^@^@^@^@^@^@^@Subject: Quote 8/10 & 8/15 SNA-MMSD-SNA ^L^@^@^@!^@^@^@^\^@^@^@^@^@^@^@To: ^@^@^@^M^@^@^@^@^@^@^@^N^@^@^@^@^@^@^@^O^@^@^@^@^@^@^@^P^@^@^@^@^@^@^@^Q^@^@^@^@^@^@^@^R^@^@^@^@^@^@^@^S^@^@^@^@^@^@^@^T^@^@^@^@^@^@^@^U^@^@^@^@^@^@^@^V^@^@^@Y^@^@^@^P^@^@^@\ ^@^@^@^@Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01CC522B.8646FEE6" ^@^@^@^@^@^@^@^H^@^@^@^C^@^@^@\344^@^@^@A^@^@^@^Q^E^@^@^@^@^@^@.^E^@^@^@^@^@^@nU^@^@^@^@^@^@^FW^@^@^@^@^@^@^B^@^@^@A^@^@^@g^E^@^@^@^@^@^@X^@^@^@^@^@^@^@[^@^@^@^@^@^@^@O^N^@^\ @^@^@^@^@\357^N^@^@^@^@^@^@^B^@^@^@H^@^@^@\350^E^@^@^@^@^@^@[^@^@^@^@^@^@^@_^@^@^@^@^@^@^@{^A^@^@^@^@^@^@\234^A^@^@^@^@^@^@!^@^@^@H^@^@^@\347^G^@^@^@^@^@^@Z^@^@^@^@^@^@^@^^@\ ^@^@^@^@^@^@\242^K^@^@^@^@^@^@^S^L^@^@^@^@^@^@q^@^@^@@^@^@^@7^T^@^@^@^@^@^@\332^@^@^@^@^@^@^@\341^@^@^@^@^@^@^@CE^@^@^@^@^@^@*F^@^@^@^@^@^@^B^@^@^@\373^A^@^@(("text" "plain"\ ("charset" "us-ascii") NIL NIL "quoted-printable" 412 33 NIL NIL NIL NIL)("text" "html" ("charset" "us-ascii") NIL NIL "quoted-printable" 3091 113 NIL NIL NIL NIL) "alterna\ tive" ("boundary" "----_=_NextPart_002_01CC522B.8646FEE6") NIL NIL NIL)("application" "octet-stream" ("name" "8-10 Cirrus - MMSD.pdf") NIL "8-10 Cirrus - MMSD.pdf" "base64" \ 17962 NIL ("attachment" ("filename" "8-10 Cirrus - MMSD.pdf")) NIL NIL) "mixed" ("boundary" "----_=_NextPart_001_01CC522B.8646FEE6") NIL NIL NIL^@^@^A^@^@^@\261\3119N^@^@^@^\ @4^D^@^@^D^@^@^@^@^@^@^@^E^@^@^@-^@^@^@^_^@^@^@^@^@^@^@Date: Thu, 4 Aug 2011 09:09:11 +0900 ################################# # /var/log/mail.log for a successful delivery # ################################## Aug 3 14:18:22 ca1 postfix/smtpd[97867]: connect from mail.westcoastcharters.com[65.119.7.90] Aug 3 14:18:22 ca1 postfix/smtpd[97867]: B1667150F981: client=mail.westcoastcharters.com[65.119.7.90] Aug 3 14:18:22 ca1 postfix/cleanup[97874]: B1667150F981: message-id=<7EAD11D11C070740B7BB95F7F81F7AE80250C252 at wcc-exch.westcoastcharters.com> Aug 3 14:18:22 ca1 postfix/qmgr[126]: B1667150F981: from=, size=8004, nrcpt=1 (queue active) Aug 3 14:18:22 ca1 postfix/smtpd[97867]: disconnect from mail.westcoastcharters.com[65.119.7.90] Aug 3 14:18:24 ca1 postfix/smtpd[97879]: connect from localhost[127.0.0.1] Aug 3 14:18:24 ca1 postfix/smtpd[97879]: 3FF65150F992: client=localhost[127.0.0.1] Aug 3 14:18:24 ca1 postfix/cleanup[97874]: 3FF65150F992: message-id=<7EAD11D11C070740B7BB95F7F81F7AE80250C252 at wcc-exch.westcoastcharters.com> Aug 3 14:18:24 ca1 postfix/smtpd[97879]: disconnect from localhost[127.0.0.1] Aug 3 14:18:24 ca1 postfix/qmgr[126]: 3FF65150F992: from=, size=8439, nrcpt=1 (queue active) Aug 3 14:18:24 ca1 postfix/smtp[97875]: B1667150F981: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=1.6, delays=0.17/0.01/0/1.4, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=94749-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 3FF65150F992) Aug 3 14:18:24 ca1 postfix/qmgr[126]: B1667150F981: removed Aug 3 14:18:24 ca1 postfix/local[97881]: od[getpwnam_ext]: no attribute dsAttrTypeStandard:MailAttribute in record for user teamsserver Aug 3 14:18:32 ca1 postfix/local[97881]: 3FF65150F992: to=, orig_to=, relay=local, delay=8.2, delays=0.01/0.1/0/8.1, dsn=2.0.0, status=sent (delivered to command: /usr/share/wikid/bin/bundleMail.py) Aug 3 14:18:32 ca1 postfix/pipe[97895]: 3FF65150F992: to=, orig_to=, relay=dovecot, delay=8.4, delays=0.01/0.1/0/8.3, dsn=2.0.0, status=sent (delivered via dovecot service) Aug 3 14:18:32 ca1 postfix/pipe[97895]: 3FF65150F992: to=, orig_to=, relay=dovecot, delay=8.4, delays=0.01/0.1/0/8.3, dsn=2.0.0, status=sent (delivered via dovecot service) Aug 3 14:18:32 ca1 postfix/pipe[97895]: 3FF65150F992: to=, orig_to=, relay=dovecot, delay=8.7, delays=0.01/0.1/0/8.6, dsn=2.0.0, status=sent (delivered via dovecot service) Aug 3 14:18:32 ca1 postfix/qmgr[126]: 3FF65150F992: removed ################################# # /var/log/mailaccess.log for a successful delivery # ################################# Aug 3 14:11:49 ca1 dovecot[97346]: This is Dovecot's info log Aug 3 14:11:49 ca1 dovecot[97346]: This is Dovecot's warning log Aug 3 14:11:49 ca1 dovecot[97346]: This is Dovecot's error log Aug 3 14:11:49 ca1 dovecot[97346]: Fatal: This is Dovecot's fatal log deliver(greg.woods): Aug 03 14:18:32 Info: Loading modules from directory: /usr/lib/dovecot/lda deliver(greg.woods): Aug 03 14:18:32 Info: Module loaded: /usr/lib/dovecot/lda/lib10_quota_plugin.so deliver(greg.woods): Aug 03 14:18:32 Info: Module loaded: /usr/lib/dovecot/lda/lib90_cmusieve_plugin.so Aug 3 14:18:32 ca1 dovecot[58]: auth(default): master in: USER 1 greg.woods service=deliver Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(greg.woods): lookup user=greg.woods Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(greg.woods): directory lookup for: user=greg.woods deliver(greg.woods): Aug 03 14:18:32 Info: auth input: greg.woods deliver(greg.woods): Aug 03 14:18:32 Info: auth input: uid=1026 deliver(greg.woods): Aug 03 14:18:32 Info: auth input: gid=20 deliver(greg.woods): Aug 03 14:18:32 Info: auth input: quota=maildir:User quota:noenforcing deliver(greg.woods): Aug 03 14:18:32 Info: auth input: quota_rule=*:storage=0 deliver(greg.woods): Aug 03 14:18:32 Info: auth input: mail=maildir:/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 14:18:32 Info: auth input: mail_location=maildir:/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 14:18:32 Info: auth input: sieve=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639/dovecot.sieve deliver(greg.woods): Aug 03 14:18:32 Info: auth input: sieve_dir=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 14:18:32 Info: auth input: sieve_storage=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639 Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od[getpwnam_ext](greg.woods): uid=1026 gid=20 state=0x6 quota=0 guid=C730546B-FBEF-4E90-92CB-6F95AD8F0639 name=gwoods loc=ca1.cirrusav.com alt=(null) fwd=(null) Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(greg.woods): user gwoods exists more than once Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(greg.woods): record name=gwoods, uid=1026, gid=20 Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(greg.woods): user=gwoods, quota=*:storage=0 Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(greg.woods): data store location=maildir:/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 14:18:32 Info: Quota root: name=User quota backend=maildir args=noenforcing deliver(greg.woods): Aug 03 14:18:32 Info: Quota rule: root=User quota mailbox=* bytes=0 messages=0 deliver(greg.woods): Aug 03 14:18:32 Info: Quota warning: bytes=0 (100%) messages=0 command=/usr/libexec/dovecot/quota-exceeded.sh deliver(greg.woods): Aug 03 14:18:32 Info: Quota warning: bytes=0 (90%) messages=0 command=/usr/libexec/dovecot/quota-warning.sh deliver(greg.woods): Aug 03 14:18:32 Info: maildir: data=/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 14:18:32 Info: maildir++: root=/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639, index=, control=, inbox=/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 deliver(greg.woods): Aug 03 14:18:32 Info: cmusieve: Using sieve path: /var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639/dovecot.sieve deliver(greg.woods): Aug 03 14:18:32 Info: cmusieve: Executing script /var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639/dovecot.sievec deliver(greg.woods): Aug 03 14:18:32 Info: msgid=<7EAD11D11C070740B7BB95F7F81F7AE80250C252 at wcc-exch.westcoastcharters.com>: saved mail to INBOX Aug 3 14:18:32 ca1 dovecot[58]: auth(default): master out: USER 1 greg.woods uid=1026 gid=20 quota=maildir:User quota:noenforcing quota_rule=*:storage=0 mail=maildir:/var/spool/imap/dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 mail_location=maildir:/var/spool/imap/\ dovecot/mail/C730546B-FBEF-4E90-92CB-6F95AD8F0639 sieve=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639/dovecot.sieve sieve_dir=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E90-92CB-6F95AD8F0639 sieve_storage=/var/spool/imap/dovecot/sieve-scripts/C730546B-FBEF-4E\ 90-92CB-6F95AD8F0639 deliver(milt.woods): Aug 03 14:18:32 Info: Loading modules from directory: /usr/lib/dovecot/lda deliver(milt.woods): Aug 03 14:18:32 Info: Module loaded: /usr/lib/dovecot/lda/lib10_quota_plugin.so deliver(milt.woods): Aug 03 14:18:32 Info: Module loaded: /usr/lib/dovecot/lda/lib90_cmusieve_plugin.so deliver(milt.woods): Aug 03 14:18:32 Info: auth input: milt.woods deliver(milt.woods): Aug 03 14:18:32 Info: auth input: uid=1027 deliver(milt.woods): Aug 03 14:18:32 Info: auth input: gid=20 deliver(milt.woods): Aug 03 14:18:32 Info: auth input: quota=maildir:User quota:noenforcing deliver(milt.woods): Aug 03 14:18:32 Info: auth input: quota_rule=*:storage=0 deliver(milt.woods): Aug 03 14:18:32 Info: auth input: mail=maildir:/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF deliver(milt.woods): Aug 03 14:18:32 Info: auth input: mail_location=maildir:/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF deliver(milt.woods): Aug 03 14:18:32 Info: auth input: sieve=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF/dovecot.sieve deliver(milt.woods): Aug 03 14:18:32 Info: auth input: sieve_dir=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF deliver(milt.woods): Aug 03 14:18:32 Info: auth input: sieve_storage=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF Aug 3 14:18:32 ca1 dovecot[58]: auth(default): master in: USER 1 milt.woods service=deliver Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(milt.woods): lookup user=milt.woods Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(milt.woods): directory lookup for: user=milt.woods Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od[getpwnam_ext](milt.woods): uid=1027 gid=20 state=0x6 quota=0 guid=E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF name=milt loc=ca1.cirrusav.com alt=(null) fwd=(null) Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(milt.woods): user milt exists more than once Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(milt.woods): record name=milt, uid=1027, gid=20 Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(milt.woods): user=milt, quota=*:storage=0 Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(milt.woods): data store location=maildir:/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF Aug 3 14:18:32 ca1 dovecot[58]: auth(default): master out: USER 1 milt.woods uid=1027 gid=20 quota=maildir:User quota:noenforcing quota_rule=*:storage=0 mail=maildir:/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF mail_location=maildir:/var/spool/imap/\ dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF sieve=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF/dovecot.sieve sieve_dir=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF sieve_storage=/var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4C\ D4-8CC2-7587BE5D33CF deliver(milt.woods): Aug 03 14:18:32 Info: Quota root: name=User quota backend=maildir args=noenforcing deliver(milt.woods): Aug 03 14:18:32 Info: Quota rule: root=User quota mailbox=* bytes=0 messages=0 deliver(milt.woods): Aug 03 14:18:32 Info: Quota warning: bytes=0 (100%) messages=0 command=/usr/libexec/dovecot/quota-exceeded.sh deliver(milt.woods): Aug 03 14:18:32 Info: Quota warning: bytes=0 (90%) messages=0 command=/usr/libexec/dovecot/quota-warning.sh deliver(milt.woods): Aug 03 14:18:32 Info: maildir: data=/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF deliver(milt.woods): Aug 03 14:18:32 Info: maildir++: root=/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF, index=, control=, inbox=/var/spool/imap/dovecot/mail/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF deliver(milt.woods): Aug 03 14:18:32 Info: cmusieve: /var/spool/imap/dovecot/sieve-scripts/E3E1BA44-37D6-4CD4-8CC2-7587BE5D33CF/dovecot.sieve doesn't exist deliver(milt.woods): Aug 03 14:18:32 Info: msgid=<7EAD11D11C070740B7BB95F7F81F7AE80250C252 at wcc-exch.westcoastcharters.com>: saved mail to INBOX deliver(mark.woods): Aug 03 14:18:32 Info: Loading modules from directory: /usr/lib/dovecot/lda deliver(mark.woods): Aug 03 14:18:32 Info: Loading modules from directory: /usr/lib/dovecot/lda deliver(mark.woods): Aug 03 14:18:32 Info: Module loaded: /usr/lib/dovecot/lda/lib10_quota_plugin.so deliver(mark.woods): Aug 03 14:18:32 Info: Module loaded: /usr/lib/dovecot/lda/lib90_cmusieve_plugin.so Aug 3 14:18:32 ca1 dovecot[58]: auth(default): master in: USER 1 mark.woods service=deliver Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(mark.woods): lookup user=mark.woods Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(mark.woods): directory lookup for: user=mark.woods deliver(mark.woods): Aug 03 14:18:32 Info: auth input: mark.woods deliver(mark.woods): Aug 03 14:18:32 Info: auth input: uid=1025 deliver(mark.woods): Aug 03 14:18:32 Info: auth input: gid=20 deliver(mark.woods): Aug 03 14:18:32 Info: auth input: quota=maildir:User quota:noenforcing deliver(mark.woods): Aug 03 14:18:32 Info: auth input: quota_rule=*:storage=0 deliver(mark.woods): Aug 03 14:18:32 Info: auth input: mail=maildir:/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 14:18:32 Info: auth input: mail_location=maildir:/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 14:18:32 Info: auth input: sieve=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B/dovecot.sieve deliver(mark.woods): Aug 03 14:18:32 Info: auth input: sieve_dir=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 14:18:32 Info: auth input: sieve_storage=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od[getpwnam_ext](mark.woods): uid=1025 gid=20 state=0x6 quota=0 guid=A3A30056-80F0-42BB-884B-DD1F38913A8B name=mark loc=ca1.cirrusav.com alt=(null) fwd=(null) Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(mark.woods): adding user to table: mark Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(mark.woods): record name=mark, uid=1025, gid=20 Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(mark.woods): user=mark, quota=*:storage=0 Aug 3 14:18:32 ca1 dovecot[58]: auth(default): od(mark.woods): data store location=maildir:/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B Aug 3 14:18:32 ca1 dovecot[58]: auth(default): master out: USER 1 mark.woods uid=1025 gid=20 quota=maildir:User quota:noenforcing quota_rule=*:storage=0 mail=maildir:/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B mail_location=maildir:/var/spool/imap/\ dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B sieve=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B/dovecot.sieve sieve_dir=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B sieve_storage=/var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42\ BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 14:18:32 Info: Quota root: name=User quota backend=maildir args=noenforcing deliver(mark.woods): Aug 03 14:18:32 Info: Quota rule: root=User quota mailbox=* bytes=0 messages=0 deliver(mark.woods): Aug 03 14:18:32 Info: Quota warning: bytes=0 (100%) messages=0 command=/usr/libexec/dovecot/quota-exceeded.sh deliver(mark.woods): Aug 03 14:18:32 Info: Quota warning: bytes=0 (90%) messages=0 command=/usr/libexec/dovecot/quota-warning.sh deliver(mark.woods): Aug 03 14:18:32 Info: maildir: data=/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 14:18:32 Info: maildir++: root=/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B, index=, control=, inbox=/var/spool/imap/dovecot/mail/A3A30056-80F0-42BB-884B-DD1F38913A8B deliver(mark.woods): Aug 03 14:18:32 Info: cmusieve: /var/spool/imap/dovecot/sieve-scripts/A3A30056-80F0-42BB-884B-DD1F38913A8B/dovecot.sieve doesn't exist deliver(mark.woods): Aug 03 14:18:32 Info: msgid=<7EAD11D11C070740B7BB95F7F81F7AE80250C252 at wcc-exch.westcoastcharters.com>: saved mail to INBOX From tomislav.mihalicek at gmail.com Thu Aug 4 12:57:44 2011 From: tomislav.mihalicek at gmail.com (Tomislav Mihalicek) Date: Thu, 4 Aug 2011 02:57:44 -0700 (PDT) Subject: [Dovecot] dovecot ACL's wrong maildir++ location of shared folder Message-ID: <32193043.post@talk.nabble.com> Hi I am having problem regarding ACLs. I use ldap as db backend and everything seems okay but ACL retrieving of shared folder paths... why is the date and root wrong? dovecot is 1.2.17 ####dovecot-ldap.conf user_attrs = homeDirectory=home,mailQuotaSize=quota_rule=*:bytes=%$,mailQuotaCount=quota_rule2=*:messages=%$ ####dovecot.conf mail_location = maildir:~/Maildir:INDEX=~/index namespace private { separator = / prefix = #location defaults to mail_location. inbox = yes } namespace shared { separator = / prefix = Shared/%%u/ location = maildir:%%h/Maildir:INDEX=%h/index/Shared/%%u # this namespace should handle its own subscriptions or not. subscriptions = yes list = children } i checked there is no "mail=.." in user_attrs!! ####dovecot.info 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: file /mailbox/maildirs02/example.org/t/m/i/tmihalicek/Maildir/.Sent/dovecot-acl not found 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: file /mailbox/maildirs02/example.org/t/m/i/tmihalicek/Maildir/.SpamCop/dovecot-acl not found 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: reading file /mailbox/maildirs02/example.org/t/m/i/tmihalicek/Maildir/.Gmail/dovecot-acl 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: file /mailbox/maildirs02/example.org/t/m/i/tmihalicek/Maildir/dovecot-acl not found 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: dict quota: user=testuser at example.org, uri=proxy::quotadict, noenforcing=0 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: maildir: data=/var/run/dovecot/user-not-found/testuser at example.org 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: maildir++: root=/var/run/dovecot/user-not-found/testuser at example.org, index=, control=, inbox=/var/run/dovecot/user-not-found/testuser at globalnet.hr 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: initializing backend with data: vfile 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: acl username = tmihalicek at example.org 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: owner = 0 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: Global ACL directory: (null) 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: dict quota: user=testuser at example.org, uri=proxy::quotadict, noenforcing=0 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: maildir: data=/var/run/dovecot/user-not-found/testuser at example.org 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: maildir++: root=/var/run/dovecot/user-not-found/testuser at example.org, index=, control=, inbox=/var/run/dovecot/user-not-found/testuser at example.org 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: initializing backend with data: vfile 2010-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: acl username = tmihalicek at example.org 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: owner = 0 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: Global ACL directory: (null) 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: expire: No expiring in mailbox: INBOX 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: Disconnected: Logged out bytes=89/7806 -- View this message in context: http://old.nabble.com/dovecot-ACL%27s-wrong-maildir%2B%2B-location-of-shared-folder-tp32193043p32193043.html Sent from the Dovecot mailing list archive at Nabble.com. From tomislav.mihalicek at gmail.com Thu Aug 4 14:53:00 2011 From: tomislav.mihalicek at gmail.com (Tomislav Mihalicek) Date: Thu, 4 Aug 2011 04:53:00 -0700 (PDT) Subject: [Dovecot] dovecot ACL's wrong maildir++ location of shared folder In-Reply-To: <32193043.post@talk.nabble.com> References: <32193043.post@talk.nabble.com> Message-ID: <32193708.post@talk.nabble.com> SOLVED dovecot-ldap.conf user_filter = (&(objectClass=qmailUser)(accountService=mail)(accountService=%Ls%Lc) accountService internal needs to be added :P Tomislav Mihalicek wrote: > > Hi > > I am having problem regarding ACLs. I use ldap as db backend and > everything seems okay but ACL retrieving of shared folder paths... why is > the date and root wrong? dovecot is 1.2.17 > > ####dovecot-ldap.conf > user_attrs = > homeDirectory=home,mailQuotaSize=quota_rule=*:bytes=%$,mailQuotaCount=quota_rule2=*:messages=%$ > > ####dovecot.conf > mail_location = maildir:~/Maildir:INDEX=~/index > > namespace private { > separator = / > prefix = > #location defaults to mail_location. > inbox = yes > } > > namespace shared { > separator = / > prefix = Shared/%%u/ > location = maildir:%%h/Maildir:INDEX=%h/index/Shared/%%u > # this namespace should handle its own subscriptions or not. > subscriptions = yes > list = children > } > > i checked there is no "mail=.." in user_attrs!! > > ####dovecot.info > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: file > /mailbox/maildirs02/example.org/t/m/i/tmihalicek/Maildir/.Sent/dovecot-acl > not found > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: file > /mailbox/maildirs02/example.org/t/m/i/tmihalicek/Maildir/.SpamCop/dovecot-acl > not found > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: reading > file > /mailbox/maildirs02/example.org/t/m/i/tmihalicek/Maildir/.Gmail/dovecot-acl > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: file > /mailbox/maildirs02/example.org/t/m/i/tmihalicek/Maildir/dovecot-acl not > found > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: dict quota: > user=testuser at example.org, uri=proxy::quotadict, noenforcing=0 > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: maildir: > data=/var/run/dovecot/user-not-found/testuser at example.org > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: maildir++: > root=/var/run/dovecot/user-not-found/testuser at example.org, index=, > control=, inbox=/var/run/dovecot/user-not-found/testuser at globalnet.hr > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: initializing > backend with data: vfile > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: acl username > = tmihalicek at example.org > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: owner = 0 > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: Global > ACL directory: (null) > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: dict quota: > user=testuser at example.org, uri=proxy::quotadict, noenforcing=0 > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: maildir: > data=/var/run/dovecot/user-not-found/testuser at example.org > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: maildir++: > root=/var/run/dovecot/user-not-found/testuser at example.org, index=, > control=, inbox=/var/run/dovecot/user-not-found/testuser at example.org > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: initializing > backend with data: vfile > 2010-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: acl username > = tmihalicek at example.org > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl: owner = 0 > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: acl vfile: Global > ACL directory: (null) > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: expire: No > expiring in mailbox: INBOX > 2011-08-03 22:41:51 IMAP(tmihalicek at example.org): Info: Disconnected: > Logged out bytes=89/7806 > > -- View this message in context: http://old.nabble.com/dovecot-ACL%27s-wrong-maildir%2B%2B-location-of-shared-folder-tp32193043p32193708.html Sent from the Dovecot mailing list archive at Nabble.com. From ross.sysadm at gmail.com Thu Aug 4 15:38:02 2011 From: ross.sysadm at gmail.com (Ross) Date: Thu, 04 Aug 2011 15:38:02 +0300 Subject: [Dovecot] dovecot + postfix + kerberos + AD - Multiple mailboxes ??? Message-ID: <4E3A92AA.5030802@gmail.com> Hi all. I have a problem in configuration Mail Server for my company. Gentoo/Linux, postfix-2.7.3, dovecot-2.0.11, AD-Windows2008R2 *main.cf:* virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf, ldap:/etc/postfix/ldap-users_oblr.cf I create a two ldap files for search Multiple mailboxes in attribute AD (mail, othermailbox). *ldap-users.cf:* server_host = srv-ad.cn.energy search_base = dc=cn,dc=energy version = 3 bind = yes bind_dn = admin bind_pw = passwd chase_referrals = no scope = sub query_filter = (&(objectclass=person)(|(mail=%s))(!(userAccountControl=514))) result_attribute = mail result_format = %s/ *ldap-users_oblr.cf:* server_host = srv-ad.cn.energy search_base = dc=cn,dc=energy version = 3 bind = yes bind_dn = admin bind_pw = passwd chase_referrals = no scope = sub query_filter = (&(objectclass=person)(|(otherMailbox=%s))(!(userAccountControl=514))) result_attribute = otherMailbox So, you want to know why it was done so stupid? I'll try to explain. I have an account in AD ( eg Ross). In the mail attribute is written, my main mailbox ross at energo.cg.ukrtel.net, and attribute otherMailbox my additional mailboxes simbios at oblr.cn.energy.gov.ua,..., Etc. Postfix does not know how to work with attributes that have multiple meanings. If I'm wrong correct me. ) ) ) Dovecot, respectively, too... ) ) ) *What to do in this situation? Maybe there is some solution?* *dovecot-ldap.conf:* user_attrs = mail=mail=maildir:/var/spool/mail/%$, quotaBytes=quota_rule=*:bytes=%$ user_filter = (&(objectClass=Person)(sAMAccountName=%n)) pass_attrs = userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%u)) ls /var/mail ross at energo.cg.ukrtel.net simbios at oblr.cn.energy.gov.ua This directory create postfix. With ross Dovecot working fine, but with simbios NOT. Many thanks for your help! -- Best Regards Ross Remote Server Administration. e-mail: ross.sysadm at gmail.com skype: ross.sysadm icq: 317410068 Best Offers for a full range of server management services and effective on time solutions. From gherzig at fmed.uba.ar Thu Aug 4 16:46:53 2011 From: gherzig at fmed.uba.ar (Gerardo Herzig) Date: Thu, 04 Aug 2011 10:46:53 -0300 Subject: [Dovecot] questions about ldap auth Message-ID: <1312465613.3652.4.camel@inca.fmed.uba.ar> Hi all. I have a couple of questions. ANY of those will solve mi situation. 1) 'Complex' LDAP validation: I need to validate a user in the 2 step authentication / authorizacion mech. The 'users' (with the password) are in ou=Person,o=Work the group which contains the mail users is in cn=MailUsers,ou=Groups,o=Work Can dovecot make such a thing? Cause im not shure if i can make this in a single ldap filter. 2) If not... 2.1) Does dovecot accept more than 1 ldap filter for authenticating? 2.2) Does dovecot accept an arbitrary program for authentication? Well, that's all for now. Thanks! Gerardo From nbw0313 at yahoo.com Thu Aug 4 19:40:19 2011 From: nbw0313 at yahoo.com (DT) Date: Thu, 4 Aug 2011 09:40:19 -0700 (PDT) Subject: [Dovecot] mbox problems on CentOS 6 Message-ID: <1312476019.65873.YahooMailClassic@web161908.mail.bf1.yahoo.com> Hello, I migrated yesterday to Dovecot 2, and I managed to "convert" all the settings I had in dovecot.conf, but I run into a strange problem. I am curently using Dovecot 2.0.13 and bellow is my dovecot.conf current content: ? # 2.0.13: //etc/dovecot/dovecot.conf # OS: Linux 2.6.32-71.29.1.el6.x86_64 x86_64 CentOS Linux release 6.0 (Final) ext4 auth_mechanisms = plain login auth_verbose = yes base_dir = /var/run/dovecot/ disable_plaintext_auth = no first_valid_uid = 901 last_valid_uid = 901 log_path = /var/log/dovecot.log log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = IMAP/POP3 server ready. mail_access_groups = mail mail_debug = yes mail_location = mbox:/vmail/%d/%n:INDEX=/var/indexes/%u mail_max_userip_connections = 16 mail_privileged_group = mail passdb { ? args = /etc/dovecot/dovecot-mysql.conf ? driver = sql } protocols = imap pop3 service auth { ? unix_listener auth-userdb { ??? mode = 0600 ? } ? user = $default_internal_user } service imap-login { ? inet_listener imap { ??? port = 143 ? } } service imap { ? process_limit = 16 } service pop3-login { ? inet_listener pop3 { ??? port = 110 ? } } service pop3 { ? process_limit = 16 } ssl = no userdb { ? args = /etc/dovecot/dovecot-mysql.conf ? driver = sql } protocol pop3 { ? pop3_client_workarounds = outlook-no-nuls oe-ns-eoh ? pop3_uidl_format = %08Xu%08Xv } protocol imap { ? imap_client_workarounds = delay-newmail tb-extra-mailbox-sep } ? I am running along with Dovecot, Postfix and MySQL - oh SASL is of course installed as I want to make use of user auth. On the simplest check - "surprise" ta-daaaa /telnet localhost 143 Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] IMAP/POP3 server ready. a login contact at mydomain.com mypassword * BYE Internal error occurred. Refer to server log for more information. Connection closed by foreign host. I activated debug and looked in the dovecot logs and here is the most intriguing part I found: auth: Info: mysql(localhost): Connected to database postfix imap-login: Info: Login: user=, method=PLAIN, rip=::1, lip=::1, mpid=5821, secured imap: Debug: Added userdb setting: mail=maildir:/vmail/mydomain.com/contact imap: Debug: Added userdb setting: plugin/quota=dirsize:storage=0 imap(contact at mydomain.com): Debug: Effective uid=901, gid=12, home=/vmail/mydomain.com/contact imap(contact at mydomain.com): Error: user contact at mydomain.com: Initialization failed: Initializing mail storage from mail_location setting failed: Unknown mail storage driver maildir imap(contact at mydomain.com): Error: Invalid user settings. Refer to server log for more information. ? I double checked paths - all is ok - postfix is actually receiving and saving in that /vmail... folder # uid=901 coresponds to user # gid=12 corresponds to group # rights on /vmail are vmail.mail ? I think there is actually a problem with mail_location - but I couldnt solve it at all. If anyone can help me with this - please do guys. I googled those terms and found nothing, so this is my last resort, I tried solving this in the last 36hrs but nothing so far. ? Thanks to anyone who can assist me. ? ? From nbw0313 at yahoo.com Thu Aug 4 19:52:46 2011 From: nbw0313 at yahoo.com (DT) Date: Thu, 4 Aug 2011 09:52:46 -0700 (PDT) Subject: [Dovecot] mbox problems on CentOS 6 In-Reply-To: <1312476019.65873.YahooMailClassic@web161908.mail.bf1.yahoo.com> Message-ID: <1312476766.2689.YahooMailClassic@web161905.mail.bf1.yahoo.com> No I noticed Postfix isnt running anymore :( Aug? 4 14:49:25?hostname postfix/smtpd[6414]: connect from mail-fx0-f51.google.com[209.85.161.51] Aug? 4 14:49:25 hostname postfix/smtpd[6414]: warning: SASL: Connect to private/auth failed: Connection refused Aug? 4 14:49:25 hostname postfix/smtpd[6414]: fatal: no SASL authentication mechanisms ? All I did was a simple system reboot ? --- On Thu, 8/4/11, DT wrote: From: DT Subject: [Dovecot] mbox problems on CentOS 6 To: dovecot at dovecot.org Date: Thursday, August 4, 2011, 7:40 PM Hello, I migrated yesterday to Dovecot 2, and I managed to "convert" all the settings I had in dovecot.conf, but I run into a strange problem. I am curently using Dovecot 2.0.13 and bellow is my dovecot.conf current content: ? # 2.0.13: //etc/dovecot/dovecot.conf # OS: Linux 2.6.32-71.29.1.el6.x86_64 x86_64 CentOS Linux release 6.0 (Final) ext4 auth_mechanisms = plain login auth_verbose = yes base_dir = /var/run/dovecot/ disable_plaintext_auth = no first_valid_uid = 901 last_valid_uid = 901 log_path = /var/log/dovecot.log log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = IMAP/POP3 server ready. mail_access_groups = mail mail_debug = yes mail_location = mbox:/vmail/%d/%n:INDEX=/var/indexes/%u mail_max_userip_connections = 16 mail_privileged_group = mail passdb { ? args = /etc/dovecot/dovecot-mysql.conf ? driver = sql } protocols = imap pop3 service auth { ? unix_listener auth-userdb { ??? mode = 0600 ? } ? user = $default_internal_user } service imap-login { ? inet_listener imap { ??? port = 143 ? } } service imap { ? process_limit = 16 } service pop3-login { ? inet_listener pop3 { ??? port = 110 ? } } service pop3 { ? process_limit = 16 } ssl = no userdb { ? args = /etc/dovecot/dovecot-mysql.conf ? driver = sql } protocol pop3 { ? pop3_client_workarounds = outlook-no-nuls oe-ns-eoh ? pop3_uidl_format = %08Xu%08Xv } protocol imap { ? imap_client_workarounds = delay-newmail tb-extra-mailbox-sep } ? I am running along with Dovecot, Postfix and MySQL - oh SASL is of course installed as I want to make use of user auth. On the simplest check - "surprise" ta-daaaa /telnet localhost 143 Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] IMAP/POP3 server ready. a login contact at mydomain.com mypassword * BYE Internal error occurred. Refer to server log for more information. Connection closed by foreign host. I activated debug and looked in the dovecot logs and here is the most intriguing part I found: auth: Info: mysql(localhost): Connected to database postfix imap-login: Info: Login: user=, method=PLAIN, rip=::1, lip=::1, mpid=5821, secured imap: Debug: Added userdb setting: mail=maildir:/vmail/mydomain.com/contact imap: Debug: Added userdb setting: plugin/quota=dirsize:storage=0 imap(contact at mydomain.com): Debug: Effective uid=901, gid=12, home=/vmail/mydomain.com/contact imap(contact at mydomain.com): Error: user contact at mydomain.com: Initialization failed: Initializing mail storage from mail_location setting failed: Unknown mail storage driver maildir imap(contact at mydomain.com): Error: Invalid user settings. Refer to server log for more information. ? I double checked paths - all is ok - postfix is actually receiving and saving in that /vmail... folder # uid=901 coresponds to user # gid=12 corresponds to group # rights on /vmail are vmail.mail ? I think there is actually a problem with mail_location - but I couldnt solve it at all. If anyone can help me with this - please do guys. I googled those terms and found nothing, so this is my last resort, I tried solving this in the last 36hrs but nothing so far. ? Thanks to anyone who can assist me. ? ? From maillistpld at gmail.com Thu Aug 4 22:23:17 2011 From: maillistpld at gmail.com (=?UTF-8?B?UGF3ZcWCIEzEmWN6bmFy?=) Date: Thu, 04 Aug 2011 21:23:17 +0200 Subject: [Dovecot] [BUG?] LDAP authentication with aliases issues In-Reply-To: <4E35BF90.4040507@gmail.com> References: <4E35BF90.4040507@gmail.com> Message-ID: <4E3AF1A5.7040107@gmail.com> W dniu 31.07.2011 22:48, Pawe? L?cznar pisze: > Hello, > > I am trying to configure Dovecot with LDAP authentication. My LDAP > tree structure is as following: > dc=root,dc=pl > \_ ou=Users > \_ uid=test > \_ ou=Mail > \_ ou=domain.pl > \_ uid=alias_to_test > > I cannot authenticate using > 'uid=alias_to_test,ou=domain.pl,ou=Mail,dc=root,dc=pl'. If I try to > authenticate using > 'uid=alias_to_test,ou=domain.pl,ou=Mail,dc=root,dc=pl', following > entry appears in the Dovecot's log file: > > #v+ > auth: Debug: client in: AUTH 1 PLAIN service=imap > secured lip=127.0.0.1 rip=127.0.0.1 lport=993 > rport=59818 > resp=YWxpYXMxQGFsaWFzeS5wbABhbGlhczFAYWxpYXN5LnBsAGFzZHF3ZWFzZA== > auth: Debug: ldap(alias_to_test at domain.pl,127.0.0.1): pass search: > base=uid=alias_to_test,ou=domain.pl,ou=Mail,dc=root,dc=pl scope=base > filter=(&(objectClass=posixAccount)) fields=uid,userPassword > auth: Debug: auth(alias_to_test at domain.pl,127.0.0.1): username changed > alias_to_test at domain.pl -> test > auth: Debug: ldap(test,127.0.0.1): result: uid(user)=test > userPassword(password)={CRYPT}ACnZvF4.K46UI > auth: Debug: client out: OK 1 user=test > auth: Debug: ldap(test,127.0.0.1): user search: > base=uid=test,ou=,ou=Mail,dc=root,dc=pl scope=base > filter=(&(objectClass=posixAccount)(uid=test)) > fields=homeDirectory,uidNumber,gidNumber > auth: Debug: master out: FAIL 2551840769 > #v- > > > In the LDAP server log file, following entries appear during > authentication attempt > > #v+ > ldap slapd[11729]: conn=1125 op=0 BIND dn="cn=Manager,dc=root,dc=pl" > method=128 > ldap slapd[11729]: conn=1125 op=0 BIND dn="cn=Manager,dc=root,dc=pl" > mech=SIMPLE ssf=0 > ldap slapd[11729]: conn=1125 op=0 RESULT tag=97 err=0 text= > ldap slapd[11729]: conn=1125 op=1 SRCH > base="uid=alias_to_test,ou=domain.pl,ou=Mail,dc=root,dc=pl" scope=0 > deref=3 filter="(&(objectClass=posixAccount))" > ldap slapd[11729]: conn=1125 op=1 SRCH attr=uid userPassword > ldap slapd[11729]: conn=1125 op=1 SEARCH RESULT tag=101 err=0 > nentries=1 text= > ldap slapd[11729]: conn=1125 op=2 do_search: invalid dn: > "uid=test,ou=,ou=Mail,dc=root,dc=pl" > ldap slapd[11729]: conn=1125 op=2 SEARCH RESULT tag=101 err=34 > nentries=0 text=invalid DN > #v- > > It seems that LDAP AuthDatabase doesn't change the context when > looking up for the target object, to which the alias points. > Futhermore, the filter for the target object > '(&(objectClass=posixAccount)(uid=test))' was not defined by me > anywhere in the configuration file 'dovecot-ldap.ext'. > I have tried both authentication ways: 'password lookups' and > 'authentication binding' with the same result. However, There is no > problem to authenticate as 'uid=test,ou=Users,dc=root,dc=pl' (of > cource after modifying the configuration file listed at the end). > > I suppose that it can be a bug in LDAP AuthDatabase, so I am writing > this post as a potential bug report. > > > Below are my configuration data: > *************** > # dovecot -n > # 2.0.13: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.38.8-1 x86_64 > auth_debug = yes > auth_debug_passwords = yes > auth_mechanisms = plain login > auth_socket_path = /var/run/dovecot/auth-userdb > auth_verbose = yes > auth_verbose_passwords = plain > listen = * > mail_debug = yes > mail_gid = 2000 > mail_uid = 2000 > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date > passdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > plugin { > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > } > postmaster_address = postmaster at domain.pl > protocols = imap pop3 sieve > service auth { > unix_listener /var/spool/postfix/private/auth { > mode = 0666 > } > unix_listener auth-userdb { > group = vmail > mode = 0600 > user = vmail > } > } > service imap-login { > inet_listener imap { > port = 143 > } > inet_listener imaps { > port = 993 > ssl = yes > } > } > service pop3-login { > inet_listener pop3 { > port = 110 > } > inet_listener pop3s { > port = 995 > ssl = yes > } > } > ssl = required > ssl_cert = ssl_key = userdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > verbose_ssl = yes > > *************** > # cat /etc/dovecot/dovecot-ldap.ext > uris = ldap://X.Y.Z.V/ > dn = cn=Manager,dc=root,dc=pl > dnpass = password > auth_bind = no > ldap_version = 3 > base = uid=%n,ou=%d,ou=Mail,dc=root,dc=pl > deref = always > scope = base > pass_attrs = uid=user,userPassword=password > pass_filter = (&(objectClass=posixAccount)) > default_pass_scheme = CRYPT nobody? nothing? is there any chance that author of authentication ldap module will fix this problem? From apm at one.com Thu Aug 4 23:11:26 2011 From: apm at one.com (Peter Mogensen) Date: Thu, 04 Aug 2011 22:11:26 +0200 Subject: [Dovecot] Question about memory management in plugins Message-ID: <4E3AFCEE.2090808@one.com> Hi, I've writing an passdb/userdb plugin (see my previous question about a plugin authenticating via a UNIX socket protocol). Now... the protocol spoken over this socket is JSON-based and I'm using a SAX-like event based parser which maintains a parse context between callbacks. Now... I'm a little bit in doubt about which dovecot memory management method would be best for data in this parser context. Alloc-only pools seems wrong cause the parser object is used as long as the connection is open and there might run many auth requests over the connection before it's freed making the pool grow for long time. Data stack allocation won't work either, since with all this async network and callbacks, there's really no where to place the stack frame. So I end up using i_* and i_free for all data during the lifetime of the connection. Is there a better way? If I could only free my pool-allocated data, but I can't since it's almost never the last allocated data I want to free. /Peter From apm at one.com Thu Aug 4 23:39:44 2011 From: apm at one.com (Peter Mogensen) Date: Thu, 04 Aug 2011 22:39:44 +0200 Subject: [Dovecot] Question about memory management in plugins In-Reply-To: <4E3AFCEE.2090808@one.com> References: <4E3AFCEE.2090808@one.com> Message-ID: <4E3B0390.7000003@one.com> On 2011-08-04 22:11, Peter Mogensen wrote: > Is there a better way? Maybe I can answer my own question... It dawns upon me that auth_request comes with it's own pool, which of probably should be used for allocations temporary to one passbd/userdb lookup. /Peter From janfrode at tanso.net Fri Aug 5 12:12:03 2011 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Fri, 5 Aug 2011 11:12:03 +0200 Subject: [Dovecot] director monitoring? In-Reply-To: <20110602192910.GB76245@corp.sonic.net> References: <20110602002933.GL30313@corp.sonic.net> <5F82D09D-38E9-4FC0-8660-AC7AFFEBD04B@xs4all.nl> <20110602192910.GB76245@corp.sonic.net> Message-ID: <20110805091203.GA24876@oc1046828364.ibm.com> On Thu, Jun 02, 2011 at 12:29:10PM -0700, Kelsey Cummings wrote: > I'm using a hacked up version of poolmon. The only important changes > are that it actually logs into the real server rather than just making a > connection to it and that has heuristics to prevent the real servers > from flapping and added a timeout to scan_host so if a real server > blocks after the connection is established it won't hang indefinitely. Could you share your hacks ? :-) We're often seeing poolmon not noticing when our backend servers are hanging on busy filesystem. They're probably to busy to complete a login, but not busy enough to fail a connect, so a poolmon that does a full login sounds interesting. -jf From janfrode at tanso.net Fri Aug 5 12:17:04 2011 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Fri, 5 Aug 2011 11:17:04 +0200 Subject: [Dovecot] director monitoring? In-Reply-To: <5F82D09D-38E9-4FC0-8660-AC7AFFEBD04B@xs4all.nl> References: <20110602002933.GL30313@corp.sonic.net> <5F82D09D-38E9-4FC0-8660-AC7AFFEBD04B@xs4all.nl> Message-ID: <20110805091704.GB24876@oc1046828364.ibm.com> On Thu, Jun 02, 2011 at 10:37:23AM +0200, Cor Bosman wrote: > We use a setup as seen on http://grab.by/agCb for about 30.000 simultaneous(!) imap connections. Are you doing NFS against the Netapp(s)? I've always assumed that maildir wouldn't work on NFS (to slow fstat's), but would be interested to learn otherwise. Could you say something about how many email accounts and how many files you have in your maildirs ? -jf From tlx at leuxner.net Fri Aug 5 12:50:12 2011 From: tlx at leuxner.net (Thomas Leuxner) Date: Fri, 5 Aug 2011 11:50:12 +0200 Subject: [Dovecot] mbox problems on CentOS 6 In-Reply-To: <1312476766.2689.YahooMailClassic@web161905.mail.bf1.yahoo.com> References: <1312476766.2689.YahooMailClassic@web161905.mail.bf1.yahoo.com> Message-ID: <543B68AE-1254-4592-B91D-E9069D9A48F1@leuxner.net> Am 04.08.2011 um 18:52 schrieb DT: > No I noticed Postfix isnt running anymore :( > Aug 4 14:49:25 hostname postfix/smtpd[6414]: connect from mail-fx0-f51.google.com[209.85.161.51] > Aug 4 14:49:25 hostname postfix/smtpd[6414]: warning: SASL: Connect to private/auth failed: Connection refused > Aug 4 14:49:25 hostname postfix/smtpd[6414]: fatal: no SASL authentication mechanisms > > All I did was a simple system reboot > In the config posted 'service auth' is not configured: http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL Thomas From doctor at doctor.nl2k.ab.ca Fri Aug 5 22:05:22 2011 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Fri, 5 Aug 2011 13:05:22 -0600 Subject: [Dovecot] Blackberries Message-ID: <20110805190521.GA25305@doctor.nl2k.ab.ca> Wonder if anyone knows how to tell a blackberry portable phone how not to get pick up a message it already got in IMAP. -- Member - Liberal International This is doctor at nl2k.ab.ca Ici doctor at nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.facebook.com/dyadallee IT is done! http://groups.google.com/group/rec.arts.drwho/about From kgc at corp.sonic.net Fri Aug 5 22:21:29 2011 From: kgc at corp.sonic.net (Kelsey Cummings) Date: Fri, 5 Aug 2011 12:21:29 -0700 Subject: [Dovecot] director monitoring? In-Reply-To: <20110805091203.GA24876@oc1046828364.ibm.com> References: <20110602002933.GL30313@corp.sonic.net> <5F82D09D-38E9-4FC0-8660-AC7AFFEBD04B@xs4all.nl> <20110602192910.GB76245@corp.sonic.net> <20110805091203.GA24876@oc1046828364.ibm.com> Message-ID: <20110805192129.GQ55407@corp.sonic.net> On Fri, Aug 05, 2011 at 11:12:03AM +0200, Jan-Frode Myklebust wrote: > On Thu, Jun 02, 2011 at 12:29:10PM -0700, Kelsey Cummings wrote: > > I'm using a hacked up version of poolmon. The only important changes > > are that it actually logs into the real server rather than just making a > > connection to it and that has heuristics to prevent the real servers > > from flapping and added a timeout to scan_host so if a real server > > blocks after the connection is established it won't hang indefinitely. > > Could you share your hacks ? :-) Sure. You'll probably want to change the regex at line 194 to match whatever your server says after the login is complete. My postlogin script puts out some extra info that I'm looking for instead of the deafult. Otherwise, YMMV, works for me so far. http://kgc.users.sonic.net/imapdmon -- Kelsey Cummings - kgc at corp.sonic.net sonic.net, inc. System Architect 2260 Apollo Way 707.522.1000 Santa Rosa, CA 95407 From yzhou at medplus.com Fri Aug 5 23:23:32 2011 From: yzhou at medplus.com (Zhou, Yan) Date: Fri, 5 Aug 2011 16:23:32 -0400 Subject: [Dovecot] DoveCot LDA prefetch fails with LDA, works with POP client Message-ID: Hi there, I am using DoveCot 1.0.7. I know it is real old, but we have to work with it. I have configured LDAP lookup with password prefetch in DoveCot. I can successfully receive emails through DoveCot, thus proving my password prefetch and user authentication are good. The problem is when I use Postfix to deliver message to DoveCot via LDA. My postfix master.cf looks like this: dovecot unix - n n - - pipe flags=Rhu user=hubdirect null_sender= argv=/usr/libexec/dovecot/deliver -e -f ${sender} -d ${user} Given a message, Postfix looks up LDAP and find the user associated with the recipient address and delivers the message using LDA. LDAP logs indicates that Postfix is returning the right user. The problem is that DoveCot complains "passdb did not return userdb entries", but I do not know which entries passdb failed to return. Here is what I have in dovecot-ldap.conf. I have tried different things in "user_attrs", DoveCot keeps complaining the same thing. user_attrs = username=user user_filter = (&(objectClass=DirectUser)(username=%u)(roles=*ROLE_EDGE_EMAIL*)) pass_attrs = username=user,password=password,username=userdb_user,usermaildirectory=u serdb_mail,userhomedirectory=userdb_home,825=userdb_uid,825=userdb_gid pass_filter = (&(objectClass=DirectUser)(username=%u)(roles=*ROLE_EDGE_EMAIL*)) The documentation says LDA does not use prefetch, but the log seems to indicate otherwise. I clearly see the "service=deliver" is authenticating the user first, thus using password prefetch. Can someone clarify this? Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): Loading modules from directory: /usr/lib64/dovecot/lda Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): Module loaded: /usr/lib64/dovecot/lda/lib10_quota_plugin.so Aug 5 15:12:25 dir-dev-pop01 dovecot: auth(default): master in: USER 1 emailspool service=deliver Aug 5 15:12:25 dir-dev-pop01 dovecot: auth(default): prefetch(emailspool): passdb didn't return userdb entries Aug 5 15:12:25 dir-dev-pop01 dovecot: auth(default): ldap(emailspool): user search: base=dc=hubdirect,dc=dev,dc=medplus,dc=com scope=subtree filter=(&(objectClass=DirectUser)(username=emailspool)(roles=*ROLE_EDGE_ EMAIL*)) fields=username Aug 5 15:12:25 dir-dev-pop01 dovecot: auth(default): master out: USER 1 emailspool user=emailspool uid=825 gid=825 Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): auth input: emailspool Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): auth input: user=emailspool Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): auth input: uid=825 Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): auth input: gid=825 Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): maildir: data=/home/hubdirect/emailspool/Maildir Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): maildir: root=/home/hubdirect/emailspool/Maildir, index=/home/hubdirect/emailspool/Maildir, control=, inbox= Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): msgid=<12097075.28.1312571545112.JavaMail.zhou_y at yzhou-lp2>: saved mail to INBOX Thanks, Yan Confidentiality Notice: The information contained in this electronic transmission is confidential and may be legally privileged. It is intended only for the addressee(s) named above. If you are not an intended recipient, be aware that any disclosure, copying, distribution or use of the information contained in this transmission is prohibited and may be unlawful. If you have received this transmission in error, please notify us by telephone (513) 229-5500 or by email (postmaster at MedPlus.com). After replying, please erase it from your computer system. From yzhou at medplus.com Fri Aug 5 23:57:36 2011 From: yzhou at medplus.com (Zhou, Yan) Date: Fri, 5 Aug 2011 16:57:36 -0400 Subject: [Dovecot] DoveCot LDA prefetch fails with LDA, works with POP client In-Reply-To: References: Message-ID: > -----Original Message----- > From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] > On Behalf Of Zhou, Yan > Sent: Friday, August 05, 2011 4:24 PM > To: dovecot at dovecot.org > Subject: [Dovecot] DoveCot LDA prefetch fails with LDA, works with POP > client > > Hi there, > > I am using DoveCot 1.0.7. I know it is real old, but we have to work > with it. I have configured LDAP lookup with password prefetch in > DoveCot. I can successfully receive emails through DoveCot, thus > proving > my password prefetch and user authentication are good. > > The problem is when I use Postfix to deliver message to DoveCot via LDA. > My postfix master.cf looks like this: > > dovecot unix - n n - - pipe > flags=Rhu user=hubdirect null_sender= > argv=/usr/libexec/dovecot/deliver -e -f ${sender} -d ${user} > > Given a message, Postfix looks up LDAP and find the user associated > with > the recipient address and delivers the message using LDA. LDAP logs > indicates that Postfix is returning the right user. > > The problem is that DoveCot complains "passdb did not return userdb > entries", but I do not know which entries passdb failed to return. Here > is what I have in dovecot-ldap.conf. I have tried different things in > "user_attrs", DoveCot keeps complaining the same thing. > > user_attrs = username=user > user_filter = > (&(objectClass=DirectUser)(username=%u)(roles=*ROLE_EDGE_EMAIL*)) > pass_attrs = > username=user,password=password,username=userdb_user,usermaildirectory= > u > serdb_mail,userhomedirectory=userdb_home,825=userdb_uid,825=userdb_gid > pass_filter = > (&(objectClass=DirectUser)(username=%u)(roles=*ROLE_EDGE_EMAIL*)) > > > > The documentation says LDA does not use prefetch, but the log seems to > indicate otherwise. I clearly see the "service=deliver" is > authenticating the user first, thus using password prefetch. Can > someone > clarify this? > > > Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): Loading modules from > directory: /usr/lib64/dovecot/lda > Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): Module loaded: > /usr/lib64/dovecot/lda/lib10_quota_plugin.so > Aug 5 15:12:25 dir-dev-pop01 dovecot: auth(default): master in: USER > 1 emailspool service=deliver > Aug 5 15:12:25 dir-dev-pop01 dovecot: auth(default): > prefetch(emailspool): passdb didn't return userdb entries > Aug 5 15:12:25 dir-dev-pop01 dovecot: auth(default): ldap(emailspool): > user search: base=dc=hubdirect,dc=dev,dc=medplus,dc=com scope=subtree > filter=(&(objectClass=DirectUser)(username=emailspool)(roles=*ROLE_EDGE > _ > EMAIL*)) fields=username > Aug 5 15:12:25 dir-dev-pop01 dovecot: auth(default): master out: USER > 1 emailspool user=emailspool uid=825 gid=825 > Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): auth input: > emailspool > Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): auth input: > user=emailspool > Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): auth input: uid=825 > Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): auth input: gid=825 > Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): maildir: > data=/home/hubdirect/emailspool/Maildir > Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): maildir: > root=/home/hubdirect/emailspool/Maildir, > index=/home/hubdirect/emailspool/Maildir, control=, inbox= > Aug 5 15:12:25 dir-dev-pop01 deliver(emailspool): > msgid=<12097075.28.1312571545112.JavaMail.zhou_y at yzhou-lp2>: saved mail > to INBOX > > Thanks, > Yan > > > I was able to get this working by the following attributes. user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid Thanks! Yan Confidentiality Notice: The information contained in this electronic transmission is confidential and may be legally privileged. It is intended only for the addressee(s) named above. If you are not an intended recipient, be aware that any disclosure, copying, distribution or use of the information contained in this transmission is prohibited and may be unlawful. If you have received this transmission in error, please notify us by telephone (513) 229-5500 or by email (postmaster at MedPlus.com). After replying, please erase it from your computer system. From dheianevans at gmail.com Sat Aug 6 01:32:56 2011 From: dheianevans at gmail.com (Ian Evans) Date: Fri, 5 Aug 2011 18:32:56 -0400 Subject: [Dovecot] Dovecot 1.2.16 and Thunderbird 5 - pop3 mails not getting deleted Message-ID: I run a Dovecot 1.2.16 pop3 server and have just started using the Thunderbird 5 email client. Thunderbird is set to leave the messages on the server unless they are over 91 days old. However, I'm not seeing it delete any of the older messages. I'll run a debug run of Thunderbird when I get back home, but I'm just wondering if there's any gotcha's I should be aware of with Thunderbird and Dovecot in a pop3 environment. The Thunderbird folks are wondering if it's the server not the client. Thanks. From me at junc.org Sat Aug 6 04:19:33 2011 From: me at junc.org (Benny Pedersen) Date: Sat, 06 Aug 2011 03:19:33 +0200 Subject: [Dovecot] Blackberries In-Reply-To: <20110805190521.GA25305@doctor.nl2k.ab.ca> References: <20110805190521.GA25305@doctor.nl2k.ab.ca> Message-ID: On Fri, 5 Aug 2011 13:05:22 -0600, The Doctor wrote: > Wonder if anyone knows how to tell a blackberry > portable phone how not to get pick up a message it already got in > IMAP. turn of offline imap ?, or is it sync setting that check if its in sync ? on my own nokia e51 i read single emails via imap From thomas-lists at nybeta.com Sat Aug 6 06:03:11 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Fri, 05 Aug 2011 23:03:11 -0400 Subject: [Dovecot] Blackberries In-Reply-To: <20110805190521.GA25305@doctor.nl2k.ab.ca> References: <20110805190521.GA25305@doctor.nl2k.ab.ca> Message-ID: <4E3CAEEF.3070804@nybeta.com> On 8/5/2011 3:05 PM, The Doctor wrote: > Wonder if anyone knows how to tell a blackberry > portable phone how not to get pick up a message it already got in IMAP. > Not exactly sure what you mean. My Blackberry plays fine with IMAP (configure it to point at IMAP and not POP3). The oddities are: - Deleting a message on the IMAP mailbox will not make it vanish from the BBerry - Read flags are mostly two-way, but not always - Not much support for IMAP folders From nbw0313 at yahoo.com Sat Aug 6 10:12:54 2011 From: nbw0313 at yahoo.com (DT) Date: Sat, 6 Aug 2011 00:12:54 -0700 (PDT) Subject: [Dovecot] mbox problems on CentOS 6 In-Reply-To: <543B68AE-1254-4592-B91D-E9069D9A48F1@leuxner.net> Message-ID: <1312614774.76715.YahooMailClassic@web161902.mail.bf1.yahoo.com> Thank you Thomas for opening my eyes on that matter, I fixed that area as bellow and it solved the Postfix problem 100% ? service auth { ??? unix_listener /var/spool/postfix/private/auth? { ??????? mode = 0600 ??????? user = postfix ??????? group = postfix ??? } } ? Now I only have same old issue with Dovecot only: 2011-08-05 07:52:21 imap(contact at mydomain.com): Debug: Effective uid=901, gid=12, home=/vmail/mydomain.com/contact 2011-08-05 07:52:21 imap(contact at mydomain.com): Error: user contact at mydomain.com: Initialization failed: Initializing mail storage from mail_location setting failed: Unknown mail storage driver maildir 2011-08-05 07:52:21 imap(contact at mydomain.com): Error: Invalid user settings. Refer to server log for more information. ? Somehow it doesnt like what I have in mail_location or so... but I tried so many other folders, tried maildir also, error keeps showing, I can login to IMAP but once I do I'm dropped :* BYE Internal error occurred. Refer to server log for more information. Connection closed by foreign host. ? Thank you again for any oppinion or advice. ? >In the config posted 'service auth' is not configured: > >http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL > >Thomas ? ? >> No I noticed Postfix isnt running anymore :( >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: connect from mail-fx0-f51.google.com[209.85.161.51] >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: warning: SASL: Connect to private/auth failed: Connection refused >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: fatal: no SASL authentication mechanisms >>? >> All I did was a simple system reboot >>? From forumer at smartmobili.com Sun Aug 7 13:44:17 2011 From: forumer at smartmobili.com (Vincent Richomme) Date: Sun, 07 Aug 2011 12:44:17 +0200 Subject: [Dovecot] Dovecot 2.x configuration Message-ID: <4135aa3a49f5ac820ce2fc95b78d66c9@smartmobili.com> Hi, sorry to post about that but I have some issues to migrate my dovecot 1.x to 2.x. I have installed dovecot 2.x package on ubuntu natty(package were generated from sources found in debian testing), and I have modified config files like that : dovecot.conf: ------------- !include_try /usr/share/dovecot/protocols.d/*.protocol listen = *, :: !include conf.d/*.conf !include_try local.conf conf.d/10-auth.conf: --------------------- !include auth-sql.conf.ext so I have uncommented the auth-sql.conf.ext because I want a sql auth but these file is not available so I copied the file ../dovecot-sql.conf.ext and rename it into auth-sql.conf.ext. conf.d/auth-sql.conf.ext: --------------------- driver = mysql connect = host=127.0.0.1 dbname=foobarserver user=foo password=bar default_pass_scheme = PLAIN-MD5 password_query = SELECT email as user, password FROM view_users WHERE email='%u'; When I try to load the config I get the following error : root at sd-30635:/etc/dovecot/conf.d# dovecot -n # 2.0.13 (ba03935cc599): /etc/dovecot/dovecot.conf doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/auth-sql.conf.ext line 29: Unknown setting: driver doveconf: Error: managesieve-login: dump-capability process returned 89 doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/auth-sql.conf.ext line 29: Unknown setting: driver I searched on the mailing list and I found an answer but I am still not sure how to solve it. UPDATE : after trying to use my brain I found the solution to my issue but I am still posting to help people that may have the same problem and to make you notice that the current configuration files are not logical. I mean in conf.d/10-auth.conf you can uncomment auth-sql.conf.ext but the file is not available (maybe it's a packaging problem). So I did the following steps : cp conf.d/auth-system.conf.ext conf.d/auth-sql.conf.ext Then I have edited conf.d/auth-sql.conf.ext: passdb { driver = mysql args = /etc/dovecot/dovecot-sql.conf.ext } OK so far so good, next problem is about the old configuration lines : # It's possible to export the authentication interface to other programs: socket listen { master { # Master socket provides access to userdb information. It's typically # used to give Dovecot's local delivery agent access to userdb so it # can find mailbox locations. path = /var/run/dovecot/auth-master mode = 0600 # Default user/group is the one who started dovecot-auth (root) user = vmail #group = } client { # The client socket is generally safe to export to everyone. Typical use # is to export it to your SMTP server so it can do SMTP AUTH lookups # using it. path = /var/run/dovecot/auth-client mode = 0660 } } Where should I put them in the new config file hierarchy ? And do I still need them ? Just for information I have based my mail setup on the following guide : http://workaround.org/ispmail/etch Thanks From forumer at smartmobili.com Sun Aug 7 13:50:48 2011 From: forumer at smartmobili.com (Vincent Richomme) Date: Sun, 07 Aug 2011 12:50:48 +0200 Subject: [Dovecot] Dovecot 2.x configuration In-Reply-To: <4135aa3a49f5ac820ce2fc95b78d66c9@smartmobili.com> References: <4135aa3a49f5ac820ce2fc95b78d66c9@smartmobili.com> Message-ID: <1e1f404f6e453bd6ecec66236e4e9894@smartmobili.com> > OK so far so good, next problem is about the old configuration lines : > > # It's possible to export the authentication interface to other > programs: > socket listen { > master { > # Master socket provides access to userdb information. It's > typically > # used to give Dovecot's local delivery agent access to userdb > so it > # can find mailbox locations. > path = /var/run/dovecot/auth-master > mode = 0600 > # Default user/group is the one who started dovecot-auth (root) > user = vmail > #group = > } > client { > # The client socket is generally safe to export to everyone. > Typical use > # is to export it to your SMTP server so it can do SMTP AUTH > lookups > # using it. > path = /var/run/dovecot/auth-client > mode = 0660 > } > } > > Where should I put them in the new config file hierarchy ? And do I > still need them ? > Just for information I have based my mail setup on the following > guide : > http://workaround.org/ispmail/etch I have tested and there is still an issue with mysql because I get the following error : Aug 07 12:51:20 auth: Fatal: Unknown passdb driver 'mysql' Aug 07 12:51:20 master: Error: service(auth): command startup failed, throttling I am sure that mysql is installed and I have also installed dovecot-mysql_2.0.13-0~auto+70_i386.deb From pw at wk-serv.de Sun Aug 7 14:13:05 2011 From: pw at wk-serv.de (Patrick Westenberg) Date: Sun, 07 Aug 2011 13:13:05 +0200 Subject: [Dovecot] Dovecot 2.x configuration In-Reply-To: <1e1f404f6e453bd6ecec66236e4e9894@smartmobili.com> References: <4135aa3a49f5ac820ce2fc95b78d66c9@smartmobili.com> <1e1f404f6e453bd6ecec66236e4e9894@smartmobili.com> Message-ID: <4E3E7341.7030808@wk-serv.de> Vincent Richomme schrieb: > I have tested and there is still an issue with mysql because I get the > following error : > > Aug 07 12:51:20 auth: Fatal: Unknown passdb driver 'mysql' > Aug 07 12:51:20 master: Error: service(auth): command startup failed, > throttling It looks like you haven't compiled dovecot with mysql support. From forumer at smartmobili.com Sun Aug 7 14:36:54 2011 From: forumer at smartmobili.com (Vincent Richomme) Date: Sun, 07 Aug 2011 13:36:54 +0200 Subject: [Dovecot] Dovecot 2.x configuration In-Reply-To: <4E3E7341.7030808@wk-serv.de> References: <4135aa3a49f5ac820ce2fc95b78d66c9@smartmobili.com> <1e1f404f6e453bd6ecec66236e4e9894@smartmobili.com> <4E3E7341.7030808@wk-serv.de> Message-ID: On Sun, 07 Aug 2011 13:13:05 +0200, Patrick Westenberg wrote: > Vincent Richomme schrieb: > >> I have tested and there is still an issue with mysql because I get >> the >> following error : >> >> Aug 07 12:51:20 auth: Fatal: Unknown passdb driver 'mysql' >> Aug 07 12:51:20 master: Error: service(auth): command startup >> failed, >> throttling > > It looks like you haven't compiled dovecot with mysql support. > dpkg-buildpackage -rfakeroot -b sh configure --with-ldap=plugin \ --with-ssl=openssl \ --with-sql=plugin \ --with-pgsql \ --with-mysql \ --with-sqlite \ --with-gssapi=plugin \ --with-ioloop=best \ --host=i686-linux-gnu \ --build=i686-linux-gnu \ --prefix=/usr \ --sysconfdir=/etc \ --libexecdir=\${prefix}/lib \ --localstatedir=/var \ --mandir=\${prefix}/share/man \ --infodir=\${prefix}/share/info \ --with-moduledir=\${prefix}/lib/dovecot/modules \ --disable-rpath \ --disable-static ... checking for mysql_config... mysql_config checking for mysql_init in -lmysqlclient... yes checking mysql.h usability... yes checking mysql.h presence... yes checking for mysql.h... yes checking for mysql_ssl_set in -lmysqlclient... yes ... Install prefix . : /usr File offsets ... : 64bit I/O polling .... : epoll I/O notifys .... : inotify SSL ............ : yes (OpenSSL) GSSAPI ......... : plugin passdbs ........ : static passwd passwd-file shadow pam checkpassword ldap (plugin) sql : -bsdauth -sia -vpopmail userdbs ........ : static prefetch passwd passwd-file checkpassword ldap (plugin) sql nss : -vpopmail SQL drivers .... : pgsql mysql sqlite (plugins) The only weird lines are : dpkg-shlibdeps: warning: dependency on librt.so.1 could be avoided if "debian/dovecot-mysql/usr/lib/dovecot/modules/libdriver_mysql.so" were not uselessly linked against it (they use none of its symbols). dpkg-shlibdeps: warning: debian/dovecot-sqlite/usr/lib/dovecot/modules/libdriver_sqlite.so contains an unresolvable reference to symbol sql_query_s: it's probably a plugin. dpkg-shlibdeps: warning: 15 other similar warnings have been skipped (use -v to see them all). but not even sure it means there was an error during compilation. From bmontgom at montynet.org Sun Aug 7 20:53:17 2011 From: bmontgom at montynet.org (Benjamin Montgomery) Date: Sun, 07 Aug 2011 12:53:17 -0500 Subject: [Dovecot] SQL passdb lookups not working Message-ID: <4E3ED10D.5000200@montynet.org> Hello everyone, I'm trying to make dovecot do user authentication against a SQL database. The passwords (managed by Django) are stored as salted SHA1 encoded in hex. I monkey patched Django's password method so that the password hash is made with (Django does , the patched method was verified to return same value as dovecotpw) and the passwords are stored in the database separately as the salted hash and the salt. When I query the values out of the database, I'm using MySQL's concat function to return the password as {SSHA.hex}. Dovecot is not able to verify any passwords right now. I've scoured the wiki and I think my setup is correct...config info is below. Any advice on where to look for debugging or setup of my passwords would be appreciated! Ben dovecot-sql.conf: default_pass_scheme = SSHA.hex password_query = \ SELECT emailmanager_emailaddresses.account AS username, \ emailmanager_domain.name AS domain, \ CONCAT('{SSHA.hex}', \ emailmanager_userprofile.shadigest, \ emailmanager_userprofile.salt \ ) AS password \ FROM emailmanager_emailaddresses \ JOIN emailmanager_domain ON emailmanager_emailaddresses.id = emailmanager_domain.id \ JOIN emailmanager_userprofile ON emailmanager_emailaddresses.id = emailmanager_userprofile.id \ WHERE emailmanager_emailaddresses.account = '%n' \ AND emailmanager_domain.name = '%d' From mlists0001 at gmail.com Mon Aug 8 00:13:28 2011 From: mlists0001 at gmail.com (ml lists) Date: Sun, 7 Aug 2011 22:13:28 +0100 Subject: [Dovecot] Dovecot + LDAP login issues Message-ID: Morning all, I've managed to work my self into a corner and hoping someone can help me out I have OpenLDAP and Dovecot installed based on the following documents: https://help.ubuntu.com/community/DovecotLDAP https://help.ubuntu.com/community/OpenLDAPServer When Dovecot is set up to log in without using LDAP, connections work fine. However as soon as I change the dovecot.conf to use ldap I get the following error when trying to log in: error in syslog: dovecot: auth(default): ldap(myuser,10.10.10.10): invalid credentials (given password: myuserpasswd) dovecot: auth(default): client out: FAIL#0112#011user=myuser I have checked via phpLDAPadmin that the password I am entering matches what is in the database, so from what I can see the issue lies in how Dovecot is passing the password to openLDAP, though I may be way off base here. No special characters in the passphrase other than spaces. Would anyone be able to shed some light on this? Server Setup and Dovecot Config Ubuntu Server 11.04 # uname -a Linux base 2.6.38-10-server #46-Ubuntu SMP Tue Jun 28 16:31:00 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux[ # slapd -V @(#) $OpenLDAP: slapd 2.4.23 (Apr 7 2011 18:00:55) $[/CODE][CODE] # dovecot --version 1.2.15 # cat dovecot.conf base_dir = /var/run/dovecot/ protocols = imaps imap listen = * disable_plaintext_auth = no shutdown_clients = yes log_timestamp = "%Y-%m-%d %H:%M:%S " ###ssl_disable = no ssl_cert_file = /etc/ssl/private/mail_mydomain_com.crt ssl_key_file = /etc/ssl/private/mail_mydomain_com.key ssl_ca_file = /etc/ssl/private/comodo-bundle.crt mail_location = maildir:/home/MAIL/%n mail_privileged_group = mail mail_debug = yes protocol imap { ### login_greeting_capability = yes imap_client_workarounds = tb-extra-mailbox-sep } protocol lda { postmaster_address = postmaster at mydomain.com hostname = base auth_socket_path = /var/run/dovecot/auth-master mail_plugins = cmusieve } auth_verbose = no auth_debug = yes auth_debug_passwords = yes auth default { mechanisms = plain passdb ldap { args = /etc/dovecot/dovecot-ldap.conf } # passdb passwd-file { # args = /etc/dovecot/passwd # } userdb static { args = uid=vmail gid=vmail home=/home/MAIL/%n allow_all_users=yes } user = vmail socket listen { master { path = /var/run/dovecot/auth-master mode = 0600 user = vmail # User running Dovecot LDA group = vmail # Or alternatively mode 0660 + LDA user in this group } } } dict { } plugin { #cat dovecot-ldap.conf (with a number of commented out lines removed) # Space separated list of LDAP hosts to use. host:port is allowed too. hosts= localhost # Distinguished Name - the username used to login to the LDAP server dn= cn=admin,dc=mydomain # Password for LDAP server dnpass = alongpasswd auth_bind = yes auth_bind_userdn = uid=%u,ou=Users,dc=mydomain # LDAP protocol version to use. Likely 2 or 3. ldap_version = 3 # LDAP base. %variables can be used here. base = ou=Users,dc=mydomain # Dereference: never, searching, finding, always deref = never # Search scope: base, onelevel, subtree scope = subtree user_attrs = mail=uid user_filter = (&(objectClass=posixAccount)(uid=%n)) # Password checking attributes: pass_attrs = uid=user,userPassword=password ###,homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid # Filter for password lookups pass_filter = (&(objectClass=posixAccount)(uid=%n)) # Default password scheme. "{scheme}" before password overrides this. # List of supported schemes is in: http://wiki.dovecot.org/Authentication default_pass_scheme = MD5 From s at s7p.de Mon Aug 8 08:47:36 2011 From: s at s7p.de (Stefan Piegsa) Date: Mon, 08 Aug 2011 07:47:36 +0200 Subject: [Dovecot] How to make dovecot-lda/deliver mark a message as seen Message-ID: <4E3F7878.8090507@s7p.de> Hello everybody, I am using dovecot 2.0.13 and have a special case here in which I want a mail that is delivered locally with dovecot-lda to be marked as "seen". In dovecot 1.1.7 I succeeded to achive this, by modifing deliver.c so that upon adding a -S switch to the command arguments, the flag MAIL_SEEN was added to the call of mailbox_copy(). This seemed to work pretty good. With the new version, i tried to do something similar by selectively adding mail_update_flags(ctx.src_mail, MODIFY_ADD, MAIL_SEEN); just before the call of mail_deliver(), whenever the -S argument is given. But this does not work. What is wrong? Is there a better way to set MAIL_SEEN for a locally delivered mail? I would prefer a method that does not require to mess around in the dovecot sources. :-) Thanks in advance & Best Regards, Stefan From AnFi at onet.eu Mon Aug 8 09:36:17 2011 From: AnFi at onet.eu (Andrzej Adam Filip) Date: Mon, 08 Aug 2011 08:36:17 +0200 Subject: [Dovecot] How to make dovecot-lda/deliver mark a message as seen In-Reply-To: <4E3F7878.8090507@s7p.de> (Stefan Piegsa's message of "Mon, 08 Aug 2011 07:47:36 +0200") References: <4E3F7878.8090507@s7p.de> Message-ID: "Stefan Piegsa" wrote: > Hello everybody, > > I am using dovecot 2.0.13 and have a special case here in which I want > a mail that is delivered locally with dovecot-lda to be marked as > "seen". > > In dovecot 1.1.7 I succeeded to achive this, by modifing deliver.c so > that upon adding a -S switch to the command arguments, the flag > MAIL_SEEN was added to the call of mailbox_copy(). This seemed to work > pretty good. > > With the new version, i tried to do something similar by selectively adding > mail_update_flags(ctx.src_mail, MODIFY_ADD, MAIL_SEEN); > just before the call of mail_deliver(), whenever the -S argument is given. > > But this does not work. What is wrong? > > Is there a better way to set MAIL_SEEN for a locally delivered mail? I > would prefer a method that does not require to mess around in the > dovecot sources. :-) > > Thanks in advance & Best Regards, > Stefan Have you considered using sieve for the task? [Using imap4flags extension] http://wiki.dovecot.org/LDA/Sieve #v+ if address ["Return-Path"] ["my_address at my_domain.com"] { setflag "\\seen"; } #v- -- [pl>en: Andrew] Andrzej Adam Filip : anfi at onet.eu What if nothing exists and we're all in somebody's dream? Or what's worse, what if only that fat guy in the third row exists? -- Woody Allen, "Without Feathers" From AnFi at onet.eu Mon Aug 8 12:50:33 2011 From: AnFi at onet.eu (Andrzej Adam Filip) Date: Mon, 08 Aug 2011 11:50:33 +0200 Subject: [Dovecot] How to make dovecot-lda/deliver mark a message as seen In-Reply-To: (Andrzej Adam Filip's message of "Mon, 08 Aug 2011 08:36:17 +0200") References: <4E3F7878.8090507@s7p.de> Message-ID: <2b4yuucqx5-B88@julia.huge.strangled.net> Andrzej Adam Filip wrote: > "Stefan Piegsa" wrote: >> Hello everybody, >> >> I am using dovecot 2.0.13 and have a special case here in which I want >> a mail that is delivered locally with dovecot-lda to be marked as >> "seen". >> >> In dovecot 1.1.7 I succeeded to achive this, by modifing deliver.c so >> that upon adding a -S switch to the command arguments, the flag >> MAIL_SEEN was added to the call of mailbox_copy(). This seemed to work >> pretty good. >> >> With the new version, i tried to do something similar by selectively adding >> mail_update_flags(ctx.src_mail, MODIFY_ADD, MAIL_SEEN); >> just before the call of mail_deliver(), whenever the -S argument is given. >> >> But this does not work. What is wrong? >> >> Is there a better way to set MAIL_SEEN for a locally delivered mail? I >> would prefer a method that does not require to mess around in the >> dovecot sources. :-) >> >> Thanks in advance & Best Regards, >> Stefan > > Have you considered using sieve for the task? > [Using imap4flags extension] > > http://wiki.dovecot.org/LDA/Sieve > #v+ > if address ["Return-Path"] ["my_address at my_domain.com"] > { > setflag "\\seen"; > } > #v- I think such behavior may be handled by script(s) specified via sieve_before or sieve_after. I would recommend using sieve_after to allow users' to override default handling. http://wiki.dovecot.org/LDA/Sieve/Dovecot -- [pl>en: Andrew] Andrzej Adam Filip : anfi at onet.eu All God's children are not beautiful. Most of God's children are, in fact, barely presentable. -- Fran Lebowitz, "Metropolitan Life" From bar at jungo.com Mon Aug 8 14:47:30 2011 From: bar at jungo.com (Bar Ziony) Date: Mon, 08 Aug 2011 14:47:30 +0300 Subject: [Dovecot] Error when trying to delete folders Message-ID: <4E3FCCD2.4000603@jungo.com> Hi, I'm using Dovecot 2.0.12 as an IMAP server. I'm using the lazy expunge plugin (2 namespaces - default and .EXPUNGED). When trying to delete a folder, I get this error: "Server Error: DELETE: Can't rename mailboxes across specified storages" Is that related to the lazy expunge plugin? What does this error means exactly and how can I fix it? `dovecot -n` output: # 2.0.12: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 auth_master_user_separator = * lda_mailbox_autocreate = yes listen = * log_path = /var/log/dovecot/dovecot.log log_timestamp = "%Y-%m-%d %H:%M:%S " mail_gid = 1001 mail_location = maildir:~/Maildir:INDEX=/var/indexes/%n mail_plugins = quota mail_privileged_group = vmail mail_uid = 1001 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date namespace { inbox = yes location = prefix = separator = / type = private } namespace { hidden = no list = yes location = maildir:~/Maildir/expunged prefix = EXPUNGED/ separator = / type = private } passdb { args = scheme=md5-crypt username_format=%n /etc/dovecot/master-users driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { deleted_to_trash_folder = Trash lazy_expunge = EXPUNGED/ quota = maildir:User quota:ns= quota_warning = storage=98%% quota-warning 98 %n quota_warning2 = storage=95%% quota-warning 95 %n quota_warning3 = storage=92%% quota-warning 92 %n quota_warning4 = storage=90%% quota-warning 90 %n quota_warning5 = storage=85%% quota-warning 85 %n quota_warning6 = storage=80%% quota-warning 80 %n sieve = ~/.dovecot.sieve sieve_before = /var/mail/%n/sieve/vacation_message.sieve sieve_dir = ~/sieve } protocols = " imap sieve pop3" service auth { unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } service imap-login { inet_listener imap { port = 0 } } service pop3-login { inet_listener pop3 { port = 0 } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = vmail } ssl = required ssl_cert = Hi, I'm writing an passdb/userdb plugin to authenticate against an external daemon listening on a UNIX socket. The connection to the daemon is 1 request at a time and thus blocking (unlike passdb-ldap), but the daemon is preforking, so it can handle more connections at a time. I read from the Wiki: http://wiki2.dovecot.org/Design/AuthProcess * "The authentication may begin new authentication requests even before the existing ones are finished. ", and * "If the passdb uses connections to external services, it's preferred that they use non-blocking connections. Dovecot does this whenever possible (PostgreSQL and LDAP for example). If it's not possible, set blocking = TRUE. " ... which tells me to set the module as blocking and let more auth worker processes do the work - creating 1 daemon process for each auth worker process, I guess. But I also have the option, to let the passdb/userdb plugin maintain a pools of used/idle connections to the daemon and just pick a idle connection and moving it to the used pool on each auth_request. Which would save me the auth worker processes. Is there a preferred dovecot way? /Peter From info at averlon.net Mon Aug 8 15:41:59 2011 From: info at averlon.net (Firma Averlon) Date: Mon, 08 Aug 2011 14:41:59 +0200 Subject: [Dovecot] mail delivery location wrong Message-ID: <4E3FD997.2030906@averlon.net> Hi, thanks for offering the oportunity to place a question here. I am now already working since a week to get postfix and dovecot working on a ubuntu 11.04 server. Hard task. First step was naturally to get familiar with the idea behind the archtitecture. I have come very far, but the "last dirty mile" is probably the hardest. My architecture: Postfix Dovecot OpenLDAP Thunderbird as client with pop3 I can meanwhile send e-mails and open my mailbox in thunderbird (not receiving mails so far). The reason why not receiving e-Mails is simply: When sending the mails they are stored in a different directory as where dovecot will look for them !!!! Error message from log: Aug 8 14:09:01 server dovecot: deliver(vmail): maildir: data=/home/vmail//vmail/Maildir Aug 8 14:09:01 server dovecot: deliver(vmail): maildir: data=/home/vmail//vmail/Maildir Aug 8 14:09:01 server dovecot: deliver(vmail): maildir++: root=/home/vmail//vmail/Maildir, index=, control=, inbox=/home/vmail//vmail/Maildir Aug 8 14:09:01 server dovecot: deliver(vmail): maildir++: root=/home/vmail//vmail/Maildir, index=, control=, inbox=/home/vmail//vmail/Maildir What you immediatly see: "vmail//vmail" Although, when authenticating, the result is: Aug 8 14:06:30 server dovecot: auth(default): master out: USER#0113#011userxxx at av.loc#011gid=5000#011home=/home/userxxx#011uid=5000#011mail=/home/vmail/av.loc/userxxx/Maildir/ The following settings are in place: main.cf of postfix: virtual_mailbox_domains = /etc/postfix/vhosts virtual_mailbox_base = /home/vmail virtual_mailbox_maps = ldap:/etc/postfix/ldap-virtual.cf virtual_minimum_uid = 1000 virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 virtual_transport = dovecot mailbox_command = /usr/lib/dovecot/deliver beside others. master.cf of postfix dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -a ${recipient} dovecot.conf sendmail_path = /usr/sbin/sendmail mail_location = maildir:/home/vmail/%d/%n/Maildir beside others. I guess, these are the ones influencing where to store the mail and pick it up. A list of the related filesystem: /home/vmail/ drwx-w--w- 4 vmail vmail 4096 2011-08-08 08:56 av.loc/ drwx------ 3 vmail vmail 4096 2011-08-08 09:42 vmail/ Wher you can see, the structure according "mail_location" parameter of dovecot.conf does show effect, but the mails are stored in /home/vmail//vmail.....". The whole bunch of documentation I have read meanwhile makes my head circle around. You could hopefully give me some help. -- Mit freundlichen Gr??en / Kind Regards Hr. Karl-Heinz Fischbach From dovecot.user at seibercom.net Mon Aug 8 18:15:31 2011 From: dovecot.user at seibercom.net (Jerry) Date: Mon, 8 Aug 2011 11:15:31 -0400 Subject: [Dovecot] mail delivery location wrong In-Reply-To: <4E3FD997.2030906@averlon.net> References: <4E3FD997.2030906@averlon.net> Message-ID: <20110808111531.72f4791c@scorpio> On Mon, 08 Aug 2011 14:41:59 +0200 Firma Averlon articulated: > The following settings are in place: > main.cf of postfix: > > virtual_mailbox_domains = /etc/postfix/vhosts > virtual_mailbox_base = /home/vmail > virtual_mailbox_maps = ldap:/etc/postfix/ldap-virtual.cf > virtual_minimum_uid = 1000 > virtual_uid_maps = static:5000 > virtual_gid_maps = static:5000 > virtual_transport = dovecot > mailbox_command = /usr/lib/dovecot/deliver Why use a mailbox command? I don't have one and I deliver via virtual using dovecot. You have dovecot listed in the master.cf file. Are you trying to deliver to both virtual and non-virtual users? -- Jerry ? Dovecot.user at seibercom.net Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ All theoretical chemistry is really physics; and all theoretical chemists know it. Richard P. Feynman From info at averlon.net Mon Aug 8 18:24:24 2011 From: info at averlon.net (Firma Averlon) Date: Mon, 08 Aug 2011 17:24:24 +0200 Subject: [Dovecot] mail delivery location wrong In-Reply-To: <20110808111531.72f4791c@scorpio> References: <4E3FD997.2030906@averlon.net> <20110808111531.72f4791c@scorpio> Message-ID: <4E3FFFA8.6080902@averlon.net> Hi Jerry, thanks for reply. In fact, I tried already without but with the same result. As far as I understand the documentation with dovecot all "normal" params are related to local mailboxes/users/domains and all "virtual....." params take effect for virtual mailboxes and they do not interfere with each other. Anyhow. Behaviour does not change without it. Mit freundlichen Gr??en / Kind Regards Hr. Karl-Heinz Fischbach On 08.08.2011 17:15, Jerry wrote: > On Mon, 08 Aug 2011 14:41:59 +0200 > Firma Averlon articulated: > >> The following settings are in place: >> main.cf of postfix: >> >> virtual_mailbox_domains = /etc/postfix/vhosts >> virtual_mailbox_base = /home/vmail >> virtual_mailbox_maps = ldap:/etc/postfix/ldap-virtual.cf >> virtual_minimum_uid = 1000 >> virtual_uid_maps = static:5000 >> virtual_gid_maps = static:5000 >> virtual_transport = dovecot >> mailbox_command = /usr/lib/dovecot/deliver > Why use a mailbox command? I don't have one and I deliver via virtual > using dovecot. You have dovecot listed in the master.cf file. Are you > trying to deliver to both virtual and non-virtual users? > From patrickdk at patrickdk.com Mon Aug 8 19:45:23 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Mon, 08 Aug 2011 12:45:23 -0400 Subject: [Dovecot] mail delivery location wrong In-Reply-To: <4E3FD997.2030906@averlon.net> References: <4E3FD997.2030906@averlon.net> Message-ID: <20110808124523.Horde.q6xnH5LnE6FOQBKjUR72NSA@mail.patrickdk.com> looks like your missing the -d option to lda. Quoting Firma Averlon : > Hi, > thanks for offering the oportunity to place a question here. > > I am now already working since a week to get postfix and dovecot > working on a ubuntu 11.04 server. > Hard task. First step was naturally to get familiar with the idea > behind the archtitecture. > > I have come very far, but the "last dirty mile" is probably the hardest. > > My architecture: > Postfix > Dovecot > OpenLDAP > Thunderbird as client with pop3 > > I can meanwhile send e-mails and open my mailbox in thunderbird (not > receiving mails so far). > > The reason why not receiving e-Mails is simply: When sending the > mails they are stored in a different directory as where dovecot will > look for them !!!! > > Error message from log: > Aug 8 14:09:01 server dovecot: deliver(vmail): maildir: > data=/home/vmail//vmail/Maildir > Aug 8 14:09:01 server dovecot: deliver(vmail): maildir: > data=/home/vmail//vmail/Maildir > Aug 8 14:09:01 server dovecot: deliver(vmail): maildir++: > root=/home/vmail//vmail/Maildir, index=, control=, > inbox=/home/vmail//vmail/Maildir > Aug 8 14:09:01 server dovecot: deliver(vmail): maildir++: > root=/home/vmail//vmail/Maildir, index=, control=, > inbox=/home/vmail//vmail/Maildir > > What you immediatly see: "vmail//vmail" > > Although, when authenticating, the result is: > Aug 8 14:06:30 server dovecot: auth(default): master out: > USER#0113#011userxxx at av.loc#011gid=5000#011home=/home/userxxx#011uid=5000#011mail=/home/vmail/av.loc/userxxx/Maildir/ > > The following settings are in place: > main.cf of postfix: > > virtual_mailbox_domains = /etc/postfix/vhosts > virtual_mailbox_base = /home/vmail > virtual_mailbox_maps = ldap:/etc/postfix/ldap-virtual.cf > virtual_minimum_uid = 1000 > virtual_uid_maps = static:5000 > virtual_gid_maps = static:5000 > virtual_transport = dovecot > mailbox_command = /usr/lib/dovecot/deliver > > beside others. > > master.cf of postfix > dovecot unix - n n - - pipe > flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f > ${sender} -a ${recipient} > > dovecot.conf > sendmail_path = /usr/sbin/sendmail > mail_location = maildir:/home/vmail/%d/%n/Maildir > > beside others. > > I guess, these are the ones influencing where to store the mail and > pick it up. > > A list of the related filesystem: > /home/vmail/ > drwx-w--w- 4 vmail vmail 4096 2011-08-08 08:56 av.loc/ > drwx------ 3 vmail vmail 4096 2011-08-08 09:42 vmail/ > > Wher you can see, the structure according "mail_location" parameter > of dovecot.conf does show effect, but the mails are stored in > /home/vmail//vmail.....". > > The whole bunch of documentation I have read meanwhile makes my head > circle around. > You could hopefully give me some help. > -- > > > Mit freundlichen Gr??en / Kind Regards > > Hr. Karl-Heinz Fischbach From gherzig at fmed.uba.ar Mon Aug 8 19:55:23 2011 From: gherzig at fmed.uba.ar (Gerardo Herzig) Date: Mon, 08 Aug 2011 13:55:23 -0300 Subject: [Dovecot] authentication via LDAP Message-ID: <1312822523.3652.8.camel@inca.fmed.uba.ar> Hi all. I have a couple of questions. ANY of those will solve mi situation. 1) 'Complex' LDAP validation: I need to validate a user in the 2 step authentication / authorizacion mech. The 'users' (with the password) are in ou=Person,o=Work the group which contains the mail users is in cn=MailUsers,ou=Groups,o=Work Can dovecot make such a thing? Cause im not shure if i can make this in a single ldap filter. 2) If not... 2.1) Does dovecot accept more than 1 rule for authenticating? 2.2) Does dovecot accept an arbitrary program for authentication? Well, that's all for now. Thanks! Gerardo From juan at inti.gob.ar Mon Aug 8 22:35:53 2011 From: juan at inti.gob.ar (Juan Bernhard) Date: Mon, 08 Aug 2011 16:35:53 -0300 Subject: [Dovecot] Dovecot quota dict Message-ID: <4E403A99.5060102@inti.gob.ar> Hi, Im using dovecot with maildir++ quota and I have this problem, maybe some of you already solve this and can helpme. I want to use some flat file to tell exim and dovecot the quota limit for each user, i tried to work with exim and maildirsize file, but exim just ignores the limits there. I need a way (a really simple one, i dont want to create a database or an ldap server just for this) to tell exim and dovecot to lookup some file to get the quota limits. I know how to doit with exim, now i need to know how to tell dovecot to read the quota limits from this file. I know that dovecot can read the quota limit from the userdb, but im using pam and i dont want to change the entire auth schema. Can I configure dovecot to get the quota limit from a file using pam as userdb? Thanks, Juan. pd: here is my doveconf -n # 2.0.13: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.18-238.9.1.el5 x86_64 CentOS release 5.6 (Final) ext3 auth_cache_size = 10 M auth_debug = yes auth_verbose = yes base_dir = /var/run/dovecot/ default_client_limit = 5000 default_process_limit = 1000 disable_plaintext_auth = no listen = * login_greeting = Server ready. mail_debug = yes mail_location = maildir:/var/mail/%u:INDEX=~/ mail_plugins = quota maildir_very_dirty_syncs = yes passdb { args = failure_show_msg=yes %s driver = pam } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size subject quota = maildir:Cuota de correo quota_rule = *:storage=1G quota_rule2 = Trash:storage=+100M } protocols = imap pop3 service auth { client_limit = 12000 } service imap { process_limit = 5000 } service pop3 { process_limit = 5000 } ssl = no ssl_cert = References: <1312822523.3652.8.camel@inca.fmed.uba.ar> Message-ID: <4E40596D.4040109@apollo.lv> in principle possible: pass auth: auth_bind = yes auth_bind_userdn = uid=%u,ou=Person,o=Work filter by group: user_filter = (&(&(&(objectclass=user)(objectclass=person))(memberOf=*MailUsers.*))(uid=%n)) pass_filter = (&(&(&(objectclass=user)(objectclass=person))(memberOf=*MailUsers.*))(uid=%u)) but need to configure ldap for memberOf .... Gerardo Herzig wrote: > Hi all. I have a couple of questions. ANY of those will solve mi > situation. > > 1) 'Complex' LDAP validation: > I need to validate a user in the 2 step authentication / authorizacion > mech. > > The 'users' (with the password) are in > ou=Person,o=Work > > the group which contains the mail users is in > cn=MailUsers,ou=Groups,o=Work > > From sahil at FreeBSD.org Tue Aug 9 01:17:29 2011 From: sahil at FreeBSD.org (Sahil Tandon) Date: Mon, 8 Aug 2011 18:17:29 -0400 Subject: [Dovecot] mail delivery location wrong In-Reply-To: <4E3FD997.2030906@averlon.net> References: <4E3FD997.2030906@averlon.net> Message-ID: <20110808221729.GA317@magic.hamla.org> On Mon, 2011-08-08 at 14:41:59 +0200, Firma Averlon wrote: > The reason why not receiving e-Mails is simply: When sending the > mails they are stored in a different directory as where dovecot will > look for them !!!! > > Error message from log: > Aug 8 14:09:01 server dovecot: deliver(vmail): maildir: > data=/home/vmail//vmail/Maildir > > What you immediatly see: "vmail//vmail" > > main.cf of postfix: > > virtual_mailbox_maps = ldap:/etc/postfix/ldap-virtual.cf Does the LDAP query inside this file explicitly return the domain part of the recipient address? -- Sahil Tandon From dovecot.user at seibercom.net Tue Aug 9 02:08:58 2011 From: dovecot.user at seibercom.net (Jerry) Date: Mon, 8 Aug 2011 19:08:58 -0400 Subject: [Dovecot] mail delivery location wrong In-Reply-To: <20110808221729.GA317@magic.hamla.org> References: <4E3FD997.2030906@averlon.net> <20110808221729.GA317@magic.hamla.org> Message-ID: <20110808190858.3e686ffd@scorpio> On Mon, 8 Aug 2011 18:17:29 -0400 Sahil Tandon articulated: > On Mon, 2011-08-08 at 14:41:59 +0200, Firma Averlon wrote: > > > The reason why not receiving e-Mails is simply: When sending the > > mails they are stored in a different directory as where dovecot will > > look for them !!!! > > > > Error message from log: > > Aug 8 14:09:01 server dovecot: deliver(vmail): maildir: > > data=/home/vmail//vmail/Maildir > > > > What you immediatly see: "vmail//vmail" > > > > main.cf of postfix: > > > > virtual_mailbox_maps = ldap:/etc/postfix/ldap-virtual.cf > > Does the LDAP query inside this file explicitly return the domain part > of the recipient address? Did you try using "postmap" to see what a look-up returns? -- Jerry ? Dovecot.user at seibercom.net Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ From koshikov at gmail.com Tue Aug 9 09:29:38 2011 From: koshikov at gmail.com (Nikita Koshikov) Date: Tue, 9 Aug 2011 09:29:38 +0300 Subject: [Dovecot] Dovecot quota dict In-Reply-To: <4E403A99.5060102@inti.gob.ar> References: <4E403A99.5060102@inti.gob.ar> Message-ID: <20110809092938.7f2c470e@jimbo> On Mon, 08 Aug 2011 16:35:53 -0300 Juan Bernhard wrote: > Hi, Im using dovecot with maildir++ quota and I have this problem, maybe > some of you already solve this and can helpme. > I want to use some flat file to tell exim and dovecot the quota limit > for each user, i tried to work with exim and maildirsize file, but exim > just ignores the limits there. > I need a way (a really simple one, i dont want to create a database or > an ldap server just for this) to tell exim and dovecot to lookup some > file to get the quota limits. I know how to doit with exim, now i need > to know how to tell dovecot to read the quota limits from this file. I > know that dovecot can read the quota limit from the userdb, but im using > pam and i dont want to change the entire auth schema. > Can I configure dovecot to get the quota limit from a file using pam as > userdb? > > Thanks, Juan. > > pd: here is my doveconf -n > > # 2.0.13: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 2.6.18-238.9.1.el5 x86_64 CentOS release 5.6 (Final) ext3 > auth_cache_size = 10 M > auth_debug = yes > auth_verbose = yes > base_dir = /var/run/dovecot/ > default_client_limit = 5000 > default_process_limit = 1000 > disable_plaintext_auth = no > listen = * > login_greeting = Server ready. > mail_debug = yes > mail_location = maildir:/var/mail/%u:INDEX=~/ > mail_plugins = quota > maildir_very_dirty_syncs = yes > passdb { > args = failure_show_msg=yes %s > driver = pam > } > plugin { > mail_log_events = delete undelete expunge copy mailbox_delete > mailbox_rename > mail_log_fields = uid box msgid size subject > quota = maildir:Cuota de correo > quota_rule = *:storage=1G > quota_rule2 = Trash:storage=+100M > } > protocols = imap pop3 > service auth { > client_limit = 12000 > } > service imap { > process_limit = 5000 > } > service pop3 { > process_limit = 5000 > } > ssl = no > ssl_cert = ssl_key = userdb { > driver = passwd > } > protocol imap { > imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags > mail_plugins = quota imap_quota > } > protocol pop3 { > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > pop3_lock_session = yes > pop3_uidl_format = %08Xv%08Xu > } > Try to google "exim smtp-time quota bounce". This is what you need. Exim can't do rcpt acl quota checks from the box, thus you need: 1)Some external script which will periodically create overquota file\database of users and reject them at smtp-time using lookup 2)Or write perl-script and exec it in router stage. Script will open maildirsize file, count quota and gives you 'yes\no'. Also you need to deliver via dovecot deliver. This scheme will work. From aydin.demirel at endersys.com Tue Aug 9 14:34:57 2011 From: aydin.demirel at endersys.com (=?UTF-8?B?QXlkxLFuIERlbWlyZWw=?=) Date: Tue, 09 Aug 2011 14:34:57 +0300 Subject: [Dovecot] Trash Plugin Message-ID: <4E411B61.1040605@endersys.com> ReHi; I have a question about trash plugin. I added following lines into dovecot.conf: quota_rule = *:storage=2048000 quota_rule2 = Trash:storage=1MB quota_rule3 = SPAM:ignore When I set *:storage line as default quota_rule , There is no problem.. But when I removed this line and set Trash:storage as default quota_rule, plugin is not working.. That I said, Do I have to add *:storage line as first default line in config line? Regards.. -- *Ayd?n Demirel Endersys Ltd. Sistem Destek M?hendisi/ System Support Engineer* * *<> Phone : +90 216 470 9423 | GSM : +90 530 401 8203 Fax : +90 216 470 9508 | Web : http://www.endersys.com Blog : http://blog.endersys.com Twitter : http://www.twitter.com/endersys LPI : The #1 Linux Certification for IT Professionals LPI (Linux Professional Institute) Turkey http://www.lpi-turkey.com From gherzig at fmed.uba.ar Tue Aug 9 15:25:51 2011 From: gherzig at fmed.uba.ar (Gerardo Herzig) Date: Tue, 09 Aug 2011 09:25:51 -0300 Subject: [Dovecot] authentication via LDAP In-Reply-To: <4E40596D.4040109@apollo.lv> References: <1312822523.3652.8.camel@inca.fmed.uba.ar> <4E40596D.4040109@apollo.lv> Message-ID: <1312892751.460.0.camel@inca.fmed.uba.ar> El mar, 09-08-2011 a las 00:47 +0300, DaLiV at apollo.lv escribi?: > in principle possible: > > pass auth: > auth_bind = yes > auth_bind_userdn = uid=%u,ou=Person,o=Work > > filter by group: > user_filter = > (&(&(&(objectclass=user)(objectclass=person))(memberOf=*MailUsers.*))(uid=%n)) > pass_filter = > (&(&(&(objectclass=user)(objectclass=person))(memberOf=*MailUsers.*))(uid=%u)) > > but need to configure ldap for memberOf .... > Gerardo Herzig wrote: > > Hi all. I have a couple of questions. ANY of those will solve mi > > situation. > > > > 1) 'Complex' LDAP validation: > > I need to validate a user in the 2 step authentication / authorizacion > > mech. > > > > The 'users' (with the password) are in > > ou=Person,o=Work > > > > the group which contains the mail users is in > > cn=MailUsers,ou=Groups,o=Work > > > > > Thanks for the guidance, i will try it! Gerardo From juan at inti.gob.ar Tue Aug 9 17:18:55 2011 From: juan at inti.gob.ar (Juan Bernhard) Date: Tue, 09 Aug 2011 11:18:55 -0300 Subject: [Dovecot] Dovecot quota dict In-Reply-To: <20110809092938.7f2c470e@jimbo> References: <4E403A99.5060102@inti.gob.ar> <20110809092938.7f2c470e@jimbo> Message-ID: <4E4141CF.8090107@inti.gob.ar> Hi Nikita, thanks for the help, but I don't have any problem with bouncing the mail after the deliver (in fact, the mail pass two MTAs servers before reaching the final storage) I will try (with my limited english) to explain it better. Now I m working with a single quota rule for everyone. What I need is a mechanism to give a custom quota to each user. I thought that a flat file will be the simple and easy option to implement, and then use "quota=${lookup {$local_part} lsearch .....}" in the exim transport. I need a way to configure dovecot to follow the same file (or at least a modified copy). I've been told on this list that I can't rely on the maildirsize file, because it can be deleted under some conditions... so i neet to stablish quotas to dovecot somewhere else. My question is: can dovecot get a custon quota for a user from a file (not sql or ldap) and use at the same time pam as userdb? Thanks, Juan. El 09/08/2011 03:29 a.m., Nikita Koshikov escribi?: > On Mon, 08 Aug 2011 16:35:53 -0300 > Juan Bernhard wrote: > >> Hi, Im using dovecot with maildir++ quota and I have this problem, maybe >> some of you already solve this and can helpme. >> I want to use some flat file to tell exim and dovecot the quota limit >> for each user, i tried to work with exim and maildirsize file, but exim >> just ignores the limits there. >> I need a way (a really simple one, i dont want to create a database or >> an ldap server just for this) to tell exim and dovecot to lookup some >> file to get the quota limits. I know how to doit with exim, now i need >> to know how to tell dovecot to read the quota limits from this file. I >> know that dovecot can read the quota limit from the userdb, but im using >> pam and i dont want to change the entire auth schema. >> Can I configure dovecot to get the quota limit from a file using pam as >> userdb? >> >> Thanks, Juan. >> >> pd: here is my doveconf -n >> >> # 2.0.13: /usr/local/etc/dovecot/dovecot.conf >> # OS: Linux 2.6.18-238.9.1.el5 x86_64 CentOS release 5.6 (Final) ext3 >> auth_cache_size = 10 M >> auth_debug = yes >> auth_verbose = yes >> base_dir = /var/run/dovecot/ >> default_client_limit = 5000 >> default_process_limit = 1000 >> disable_plaintext_auth = no >> listen = * >> login_greeting = Server ready. >> mail_debug = yes >> mail_location = maildir:/var/mail/%u:INDEX=~/ >> mail_plugins = quota >> maildir_very_dirty_syncs = yes >> passdb { >> args = failure_show_msg=yes %s >> driver = pam >> } >> plugin { >> mail_log_events = delete undelete expunge copy mailbox_delete >> mailbox_rename >> mail_log_fields = uid box msgid size subject >> quota = maildir:Cuota de correo >> quota_rule = *:storage=1G >> quota_rule2 = Trash:storage=+100M >> } >> protocols = imap pop3 >> service auth { >> client_limit = 12000 >> } >> service imap { >> process_limit = 5000 >> } >> service pop3 { >> process_limit = 5000 >> } >> ssl = no >> ssl_cert => ssl_key => userdb { >> driver = passwd >> } >> protocol imap { >> imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags >> mail_plugins = quota imap_quota >> } >> protocol pop3 { >> pop3_client_workarounds = outlook-no-nuls oe-ns-eoh >> pop3_lock_session = yes >> pop3_uidl_format = %08Xv%08Xu >> } >> > Try to google "exim smtp-time quota bounce". This is what you need. > Exim can't do rcpt acl quota checks from the box, thus you need: > 1)Some external script which will periodically create overquota file\database of users and reject them at smtp-time using lookup > 2)Or write perl-script and exec it in router stage. Script will open maildirsize file, count quota and gives you 'yes\no'. > > Also you need to deliver via dovecot deliver. This scheme will work. > From jeff.vanepps at gmail.com Tue Aug 9 17:23:47 2011 From: jeff.vanepps at gmail.com (Jeff Van Epps) Date: Tue, 9 Aug 2011 10:23:47 -0400 Subject: [Dovecot] Clients can't retrieve new emails In-Reply-To: References: Message-ID: Apologies for the repeat post. I just want to take one more try to find someone who can help or point me in a direction on this. Anyone? ---------- Forwarded message ---------- From: Jeff Van Epps Date: Mon, Aug 1, 2011 at 8:59 AM Subject: Clients can't retrieve new emails To: dovecot at dovecot.org In a formerly working environment suddenly clients aren't notified of new emails and can't retrieve new emails. Server is Ubuntu 11.04 dovecot 1.2.15. Clients which fail are a Pre2 webOS 2.1 and TouchPad webOS 3.0 (those are OS versions, I don't know which particular flavor/version the IMAP clients are); there is also a Thunderbird 3.1.11 client on the same system as the server which works properly. The clients never report an error. I got as far as configuring rawlog: in: ~A2 NAMESPACE ~A3 SELECT "INBOX" ~A4 LIST "" * ~A5 UID STORE 0 +FLAGS.SILENT (\Seen) ~A6 UID STORE 0 +FLAGS.SILENT (\Seen) out: * OK [RAWLOG TIMESTAMP] 2011-08-01 08:28:33 ~A1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in * NAMESPACE (("" "/")) NIL NIL ~A2 OK Namespace completed. * FLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk Junk) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk Junk \*)] Flags permitted. * 101 EXISTS * 0 RECENT * OK [UNSEEN 63] First unseen. * OK [UIDVALIDITY 1222650706] UIDs valid * OK [UIDNEXT 863] Predicted next UID * OK [HIGHESTMODSEQ 1903] Highest ~A3 OK [READ-WRITE] Select completed. * LIST (\NoInferiors \UnMarked) "/" "Trash" * LIST (\NoInferiors \UnMarked) "/" "Sent" * LIST (\NoInferiors \UnMarked) "/" "INBOX" ~A4 OK List completed. ~A5 BAD Error in IMAP command UID STORE: Invalid uidset ~A6 BAD Error in IMAP command UID STORE: Invalid uidset I've searched and read messages saying that there is no such thing as UID 0. Okay. Why are the clients suddenly trying to use it? Why doesn't the server just ignore it? (it seems like it may be terminating the connection) What can I do about it? (I'll nag HP about the client side but I don't expect quick action. The server on the other hand is in my house.) dovecot -n output: # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.38-11-generic i686 Ubuntu 11.04 log_timestamp: %Y-%m-%d %H:%M:%S ssl_cert_file: /etc/ssl/certs/lordbah.com.crt ssl_key_file: /etc/ssl/private/lordbah.com.key ssl_key_password: --redacted-- disable_plaintext_auth: no verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login login_process_per_connection: no login_processes_count: 5 login_max_processes_count: 20 verbose_proctitle: yes mail_privileged_group: mail mail_location: mbox:~*/mail:INBOX=/var/mail/*%u mail_debug: yes mbox_write_locks: fcntl dotlock mail_executable: /usr/lib/dovecot/rawlog /usr/lib/dovecot/imap imap_client_workarounds: tb-extra-mailbox-sep auth default: verbose: yes debug: yes passdb: driver: pam userdb: driver: passwd -- Jeff Van Epps From AnFi at onet.eu Tue Aug 9 18:29:12 2011 From: AnFi at onet.eu (Andrzej Adam Filip) Date: Tue, 09 Aug 2011 17:29:12 +0200 Subject: [Dovecot] LMTP over STDIN/STDOUT (non root user) Message-ID: <3kha87i6dl-B89@clifford.huge.strangled.net> Is it possible to get LMTP session over STDIN/STDOUT (for non root user)? I have configured dovecot to allow "server less" access to my mailbox using IMAP over STDIN/STDOUT. I would like to complete the setup by making fetchmail deliver fetched messages via LMTP over STDIN/STDOUT. -- [pl>en: Andrew] Andrzej Adam Filip : anfi at onet.eu There is only one way to kill capitalism -- by taxes, taxes, and more taxes. -- Karl Marx From s at s7p.de Tue Aug 9 18:48:08 2011 From: s at s7p.de (Stefan Piegsa) Date: Tue, 09 Aug 2011 17:48:08 +0200 Subject: [Dovecot] How to make dovecot-lda/deliver mark a message as seen In-Reply-To: <4E3FB08D.4020803@onet.eu> References: <4E3F7878.8090507@s7p.de> <4E3F93A9.6040903@s7p.de> <4E3FB08D.4020803@onet.eu> Message-ID: <4E4156B8.3070008@s7p.de> On 08/08/2011 11:46 AM, Andrzej Adam Filip wrote: > On 08/08/2011 09:43 AM, Stefan Piegsa wrote: >> Thanks for your reply! >> >> On 08/08/2011 08:36 AM, Andrzej Adam Filip wrote: >>> Have you considered using sieve for the task? >>> [Using imap4flags extension] >> Yes, but I think it's not the optimal solution for what I want to do: >> >> Basically, I don't want emails to be sent first to the MTA and then >> again to dovecot to be stored in "Sent Messages". >> So I made a script that puts an email received from the MTA by an >> authenticated user into his local Maildir/Sent folder, using: >> dovecot-lda -d $user -m Sent. Such emails should be marked as seen. >> >> Sieve would be an option if it were possible to have a global sieve >> script that is always executed, not only when there's no user script. >> >> Best Regards, >> Stefan >> > Could not you use sieve_before? > http://wiki.dovecot.org/LDA/Sieve > > You may consider using sieve_after if you want to allow users to > overwrite your choice of "self copy" handling. > sieve_after sounds interesting! Is there a way to match the destination mailbox in a sieve script? The email comes in by dovecot-lda -d $user -m Sent Now the sieve script should somehow match the mailbox "Sent". From wgillespie+dovecot at es2eng.com Tue Aug 9 20:03:11 2011 From: wgillespie+dovecot at es2eng.com (Willie Gillespie) Date: Tue, 09 Aug 2011 11:03:11 -0600 Subject: [Dovecot] Clients can't retrieve new emails In-Reply-To: References: Message-ID: <4E41684F.6060102@es2eng.com> On 08/09/2011 08:23 AM, Jeff Van Epps wrote: > Apologies for the repeat post. I just want to take one more try to find > someone who can help or point me in a direction on this. Anyone? > > ---------- Forwarded message ---------- > From: Jeff Van Epps > Date: Mon, Aug 1, 2011 at 8:59 AM > Subject: Clients can't retrieve new emails > To: dovecot at dovecot.org > > > In a formerly working environment suddenly clients aren't notified of > new emails and can't retrieve new emails. Server is Ubuntu 11.04 dovecot > 1.2.15. Clients which fail are a Pre2 webOS 2.1 and TouchPad webOS 3.0 > (those are OS versions, I don't know which particular flavor/version the > IMAP clients are); there is also a Thunderbird 3.1.11 client on the same > system as the server which works properly. The clients never report an > error. I got as far as configuring rawlog: > > in: > ~A2 NAMESPACE > ~A3 SELECT "INBOX" > ~A4 LIST "" * > ~A5 UID STORE 0 +FLAGS.SILENT (\Seen) > ~A6 UID STORE 0 +FLAGS.SILENT (\Seen) So the client never requests any mail. Just the list of folders. > out: > * OK [RAWLOG TIMESTAMP] 2011-08-01 08:28:33 > ~A1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT > IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE > QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in > * NAMESPACE (("" "/")) NIL NIL > ~A2 OK Namespace completed. > * FLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk Junk) > * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk > Junk \*)] Flags permitted. > * 101 EXISTS > * 0 RECENT > * OK [UNSEEN 63] First unseen. > * OK [UIDVALIDITY 1222650706] UIDs valid > * OK [UIDNEXT 863] Predicted next UID > * OK [HIGHESTMODSEQ 1903] Highest > ~A3 OK [READ-WRITE] Select completed. > * LIST (\NoInferiors \UnMarked) "/" "Trash" > * LIST (\NoInferiors \UnMarked) "/" "Sent" > * LIST (\NoInferiors \UnMarked) "/" "INBOX" > ~A4 OK List completed. > ~A5 BAD Error in IMAP command UID STORE: Invalid uidset > ~A6 BAD Error in IMAP command UID STORE: Invalid uidset > > > I've searched and read messages saying that there is no such thing as > UID 0. Okay. Why are the clients suddenly trying to use it? Why doesn't > the server just ignore it? (it seems like it may be terminating the > connection) I tried the same commands against my Dovecot server and it did not terminate the connection. I may be running a different version than you though. > What can I do about it? (I'll nag HP about the client side but I don't > expect quick action. The server on the other hand is in my house.) That's the real question. I'd be curious to see what Thunderbird does since you say it has the same problem. Do you have rawlogs from that? > > > dovecot -n output: > # 1.2.15: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.38-11-generic i686 Ubuntu 11.04 > log_timestamp: %Y-%m-%d %H:%M:%S > ssl_cert_file: /etc/ssl/certs/lordbah.com.crt > ssl_key_file: /etc/ssl/private/lordbah.com.key > ssl_key_password: --redacted-- > disable_plaintext_auth: no > verbose_ssl: yes > login_dir: /var/run/dovecot/login > login_executable: /usr/lib/dovecot/imap-login > login_process_per_connection: no > login_processes_count: 5 > login_max_processes_count: 20 > verbose_proctitle: yes > mail_privileged_group: mail > mail_location: mbox:~*/mail:INBOX=/var/mail/*%u > mail_debug: yes > mbox_write_locks: fcntl dotlock > mail_executable: /usr/lib/dovecot/rawlog /usr/lib/dovecot/imap > imap_client_workarounds: tb-extra-mailbox-sep > auth default: > verbose: yes > debug: yes > passdb: > driver: pam > userdb: > driver: passwd > From jeff.vanepps at gmail.com Tue Aug 9 20:29:30 2011 From: jeff.vanepps at gmail.com (Jeff Van Epps) Date: Tue, 9 Aug 2011 13:29:30 -0400 Subject: [Dovecot] Clients can't retrieve new emails In-Reply-To: <4E41684F.6060102@es2eng.com> References: <4E41684F.6060102@es2eng.com> Message-ID: On Tue, Aug 9, 2011 at 1:03 PM, Willie Gillespie < wgillespie+dovecot at es2eng.com> wrote: > On 08/09/2011 08:23 AM, Jeff Van Epps wrote: > >> Apologies for the repeat post. I just want to take one more try to find >> someone who can help or point me in a direction on this. Anyone? >> >> ---------- Forwarded message ---------- >> From: Jeff Van Epps >> Date: Mon, Aug 1, 2011 at 8:59 AM >> Subject: Clients can't retrieve new emails >> To: dovecot at dovecot.org >> >> >> In a formerly working environment suddenly clients aren't notified of >> new emails and can't retrieve new emails. Server is Ubuntu 11.04 dovecot >> 1.2.15. Clients which fail are a Pre2 webOS 2.1 and TouchPad webOS 3.0 >> (those are OS versions, I don't know which particular flavor/version the >> IMAP clients are); there is also a Thunderbird 3.1.11 client on the same >> system as the server which works properly. The clients never report an >> error. I got as far as configuring rawlog: >> >> in: >> ~A2 NAMESPACE >> ~A3 SELECT "INBOX" >> ~A4 LIST "" * >> ~A5 UID STORE 0 +FLAGS.SILENT (\Seen) >> ~A6 UID STORE 0 +FLAGS.SILENT (\Seen) >> > > So the client never requests any mail. Just the list of folders. > > > out: >> * OK [RAWLOG TIMESTAMP] 2011-08-01 08:28:33 >> ~A1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >> SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT >> IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE >> QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged >> in >> * NAMESPACE (("" "/")) NIL NIL >> ~A2 OK Namespace completed. >> * FLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk Junk) >> * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk >> Junk \*)] Flags permitted. >> * 101 EXISTS >> * 0 RECENT >> * OK [UNSEEN 63] First unseen. >> * OK [UIDVALIDITY 1222650706] UIDs valid >> * OK [UIDNEXT 863] Predicted next UID >> * OK [HIGHESTMODSEQ 1903] Highest >> ~A3 OK [READ-WRITE] Select completed. >> * LIST (\NoInferiors \UnMarked) "/" "Trash" >> * LIST (\NoInferiors \UnMarked) "/" "Sent" >> * LIST (\NoInferiors \UnMarked) "/" "INBOX" >> ~A4 OK List completed. >> ~A5 BAD Error in IMAP command UID STORE: Invalid uidset >> ~A6 BAD Error in IMAP command UID STORE: Invalid uidset >> >> >> I've searched and read messages saying that there is no such thing as >> UID 0. Okay. Why are the clients suddenly trying to use it? Why doesn't >> the server just ignore it? (it seems like it may be terminating the >> connection) >> > > I tried the same commands against my Dovecot server and it did not > terminate the connection. I may be running a different version than you > though. > > > What can I do about it? (I'll nag HP about the client side but I don't >> expect quick action. The server on the other hand is in my house.) >> > > That's the real question. I'd be curious to see what Thunderbird does > since you say it has the same problem. Do you have rawlogs from that? > > Thunderbird works properly, i.e. it succeeds in retrieving new emails. I don't have the rawlog at the moment but I recall that it did not do any "UID STORE 0". I wonder what the clients think they are accomplishing with that command. I'll start searching for an Ubuntu PPA for version 2 Dovecot so I can see whether the same thing still happens. > >> >> dovecot -n output: >> # 1.2.15: /etc/dovecot/dovecot.conf >> # OS: Linux 2.6.38-11-generic i686 Ubuntu 11.04 >> log_timestamp: %Y-%m-%d %H:%M:%S >> ssl_cert_file: /etc/ssl/certs/lordbah.com.crt >> ssl_key_file: /etc/ssl/private/lordbah.com.**key >> ssl_key_password: --redacted-- >> disable_plaintext_auth: no >> verbose_ssl: yes >> login_dir: /var/run/dovecot/login >> login_executable: /usr/lib/dovecot/imap-login >> login_process_per_connection: no >> login_processes_count: 5 >> login_max_processes_count: 20 >> verbose_proctitle: yes >> mail_privileged_group: mail >> mail_location: mbox:~*/mail:INBOX=/var/mail/***%u >> mail_debug: yes >> mbox_write_locks: fcntl dotlock >> mail_executable: /usr/lib/dovecot/rawlog /usr/lib/dovecot/imap >> imap_client_workarounds: tb-extra-mailbox-sep >> auth default: >> verbose: yes >> debug: yes >> passdb: >> driver: pam >> userdb: >> driver: passwd >> >> From doctor at doctor.nl2k.ab.ca Tue Aug 9 23:38:28 2011 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Tue, 9 Aug 2011 14:38:28 -0600 Subject: [Dovecot] [ips@shaw.ca: Repeat mails. INC000023456674] Message-ID: <20110809203827.GB3458@doctor.nl2k.ab.ca> Anyone seen this before? ----- Forwarded message from ips at shaw.ca ----- X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on doctor.nl2k.ab.ca X-Spam-Level: * X-Spam-Status: No, score=1.0 required=5.0 tests=RCVD_IN_BACKSCATTER autolearn=no version=3.3.2 X-Original-To: root at doctor.nl2k.ab.ca Delivered-To: root at doctor.nl2k.ab.ca X-Virus-Scanned: amavisd-new at doctor.nl2k.ab.ca X-rim-org-msg-ref-id: 1378293038 Reply-To: ips at shaw.ca X-Priority: Normal Sensitivity: Normal Importance: Normal To: "Dr. Inder P Singh" , "Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem" Subject: Repeat mails. INC000023456674 From: ips at shaw.ca Date: Tue, 9 Aug 2011 19:17:34 +0000 X-Sanitizer: This message has been sanitized! X-Sanitizer-URL: http://mailtools.anomy.net/ X-Sanitizer-Rev: $Id: Sanitizer.pm,v 1.94 2006/01/02 16:43:10 bre Exp $ Dave, According to RIM your server is probably changing the assigned serial number or code to mails frequently and because of that Blackberry server takes the same mail as new one and draws again. Read attached link. Inder Sent wirelessly from my BlackBerry device on the Bell network. Envoy? sans fil par mon terminal mobile BlackBerry sur le r?seau de Bell. -----Original Message----- From: BlackBerry Customer Support Date: Tue, 09 Aug 2011 19:07:30 To: Reply-to: BlackBerry Customer Support Subject: INC000023456674 Hello Dr. Inder, Thank you for contacting BlackBerry Customer Support. Here is a link to a relevant article in our BlackBerry Technical Solution Center: Article Title: Duplicate e-mail messages are received on the BlackBerry smartphone Article Number: KB13528 Link: http://www.blackberry.com/btsc/KB13528 I have included below the pieces of information relating to the duplicate or changing IDs of the emails. Cause 8 The BlackBerry Internet Service downloads any email message with an email message UID that it did not find during the previous connection. If the email message UIDs are changed by the messaging server, duplicate email messages are received. This behavior also applies to any email message that has a blank UID. Resolution 8 To resolve this issue, complete one of the following procedures. Make sure that the message UIDs of email messages on the integrated account messaging server do not change or that email messages are not added back to the inbox of the associated account. Ask your administrator if the message UIDs are changing. In the case of an email message that has a blank UID, have your administrator remove the email message from the email server to prevent it from being delivered repeatedly. Delete email messages from the BlackBerry smartphone using the Mailbox & Handheld setting (email messages will be deleted from the associated email account messaging server and will not be retrieved again by the BlackBerry Internet Service). For instructions, see KB11830. Should you require further information on this subject, please don't hesitate to contact us. Thank you again for contacting us Dr.. Inder. Sincerely, Jennifer BlackBerry Customer Support Research In Motion Limited Tel: NA Toll Free: 1-877-255-2377 UK Toll Free: 0808 100 7466 Europe: +44 1753 558400 Worldwide: +1-519-888-6181 Email: help at blackberry.com Web: www.blackberry.com ***Now Available - BlackBerry Training for BlackBerry Enterprise Server software administrators. For information about current course offerings, please visit www.blackberry.com/go/training. BLACKBERRY? PLAYBOOK??? - WORK SMARTER. PLAY HARDER. Introducing the world???s first professional-grade tablet. www.blackberry.com/playbook ----- End forwarded message ----- -- Member - Liberal International This is doctor at nl2k.ab.ca Ici doctor at nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.facebook.com/dyadallee IT is done! http://groups.google.com/group/rec.arts.drwho/about From postmaster at psy.miami.edu Wed Aug 10 00:12:33 2011 From: postmaster at psy.miami.edu (Postmaster) Date: Tue, 09 Aug 2011 17:12:33 -0400 Subject: [Dovecot] list archive Message-ID: <4E41A2C1.9090207@psy.miami.edu> I'm not able to access the mailing list archives following the instructions here... http://www.dovecot.org/mailinglists.html using either IMAP or by downloading the mbox file. From patrickdk at patrickdk.com Wed Aug 10 00:41:57 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Tue, 09 Aug 2011 17:41:57 -0400 Subject: [Dovecot] [ips@shaw.ca: Repeat mails. INC000023456674] In-Reply-To: <20110809203827.GB3458@doctor.nl2k.ab.ca> References: <20110809203827.GB3458@doctor.nl2k.ab.ca> Message-ID: <20110809174157.Horde.uMpebJLnE6FOQamlK_zEAXA@mail.patrickdk.com> Was this using imap or pop3? I haven't looked at how imap works. But if your using pop3, set pop3_uidl_format correctly. If your deleting or purging the index files and have it set to anything other than %f or %Mf it probably won't work so well. Quoting The Doctor : > Anyone seen this before? > > ----- Forwarded message from ips at shaw.ca ----- > > X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on doctor.nl2k.ab.ca > X-Spam-Level: * > X-Spam-Status: No, score=1.0 required=5.0 tests=RCVD_IN_BACKSCATTER > autolearn=no version=3.3.2 > X-Original-To: root at doctor.nl2k.ab.ca > Delivered-To: root at doctor.nl2k.ab.ca > X-Virus-Scanned: amavisd-new at doctor.nl2k.ab.ca > X-rim-org-msg-ref-id: 1378293038 > Reply-To: ips at shaw.ca > X-Priority: Normal > Sensitivity: Normal > Importance: Normal > To: "Dr. Inder P Singh" , > "Dave Shariff Yadallee - System Administrator a.k.a. The Root of the > Problem" > Subject: Repeat mails. INC000023456674 > From: ips at shaw.ca > Date: Tue, 9 Aug 2011 19:17:34 +0000 > X-Sanitizer: This message has been sanitized! > X-Sanitizer-URL: http://mailtools.anomy.net/ > X-Sanitizer-Rev: $Id: Sanitizer.pm,v 1.94 2006/01/02 16:43:10 bre Exp $ > > Dave, > According to RIM your server is probably changing the assigned > serial number or code to mails frequently and because of that > Blackberry server takes the same mail as new one and draws again. > Read attached link. > Inder > Sent wirelessly from my BlackBerry device on the Bell network. > Envoy? sans fil par mon terminal mobile BlackBerry sur le r?seau de Bell. > > -----Original Message----- > From: BlackBerry Customer Support > Date: Tue, 09 Aug 2011 19:07:30 > To: > Reply-to: BlackBerry Customer Support > Subject: INC000023456674 > > Hello Dr. Inder, > > Thank you for contacting BlackBerry Customer Support. > > Here is a link to a relevant article in our BlackBerry Technical > Solution Center: > > Article Title: Duplicate e-mail messages are received on the > BlackBerry smartphone > Article Number: KB13528 > Link: http://www.blackberry.com/btsc/KB13528 > > I have included below the pieces of information relating to the > duplicate or changing IDs of the emails. > > Cause 8 > The BlackBerry Internet Service downloads any email message with an > email message UID that it did not find during the previous > connection. If the email message UIDs are changed by the messaging > server, duplicate email messages are received. This behavior also > applies to any email message that has a blank UID. > > Resolution 8 > To resolve this issue, complete one of the following procedures. > > Make sure that the message UIDs of email messages on the integrated > account messaging server do not change or that email messages are > not added back to the inbox of the associated account. Ask your > administrator if the message UIDs are changing. In the case of an > email message that has a blank UID, have your administrator remove > the email message from the email server to prevent it from being > delivered repeatedly. > Delete email messages from the BlackBerry smartphone using the > Mailbox & Handheld setting (email messages will be deleted from the > associated email account messaging server and will not be retrieved > again by the BlackBerry Internet Service). For instructions, see > KB11830. > > Should you require further information on this subject, please don't > hesitate to contact us. Thank you again for contacting us Dr.. Inder. > > Sincerely, > > Jennifer > BlackBerry Customer Support > Research In Motion Limited > Tel: > NA Toll Free: 1-877-255-2377 > UK Toll Free: 0808 100 7466 > Europe: +44 1753 558400 > Worldwide: +1-519-888-6181 > Email: help at blackberry.com > Web: www.blackberry.com > > ***Now Available - BlackBerry Training for BlackBerry Enterprise > Server software administrators. For information about current course > offerings, please visit www.blackberry.com/go/training. > > > BLACKBERRY? PLAYBOOK??? - WORK SMARTER. PLAY HARDER. > Introducing the world???s first professional-grade tablet. > www.blackberry.com/playbook > > ----- End forwarded message ----- > > -- > Member - Liberal International This is doctor at nl2k.ab.ca Ici > doctor at nl2k.ab.ca > God, Queen and country! Never Satan President Republic! Beware > AntiChrist rising! > http://twitter.com/rootnl2k http://www.facebook.com/dyadallee > IT is done! http://groups.google.com/group/rec.arts.drwho/about From noel.butler at ausics.net Wed Aug 10 02:50:44 2011 From: noel.butler at ausics.net (Noel Butler) Date: Wed, 10 Aug 2011 09:50:44 +1000 Subject: [Dovecot] list archive In-Reply-To: <4E41A2C1.9090207@psy.miami.edu> References: <4E41A2C1.9090207@psy.miami.edu> Message-ID: <1312933844.7178.2.camel@tardis> On Tue, 2011-08-09 at 17:12 -0400, Postmaster wrote: > I'm not able to access the mailing list archives following the > instructions here... > > http://www.dovecot.org/mailinglists.html > > using either IMAP or by downloading the mbox file. replace www.dovecot.org with dovecot.org the mirror at trollweb is broken -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From koshikov at gmail.com Wed Aug 10 09:35:13 2011 From: koshikov at gmail.com (Nikita Koshikov) Date: Wed, 10 Aug 2011 09:35:13 +0300 Subject: [Dovecot] Dovecot quota dict In-Reply-To: <4E4141CF.8090107@inti.gob.ar> References: <4E403A99.5060102@inti.gob.ar> <20110809092938.7f2c470e@jimbo> <4E4141CF.8090107@inti.gob.ar> Message-ID: <20110810093513.2a73ca7c@jimbo> On Tue, 09 Aug 2011 11:18:55 -0300 Juan Bernhard wrote: > Hi Nikita, thanks for the help, but I don't have any problem with > bouncing the mail after the deliver (in fact, the mail pass two MTAs > servers before reaching the final storage) > I will try (with my limited english) to explain it better. Now I m > working with a single quota rule for everyone. What I need is a > mechanism to give a custom quota to each user. I thought that a flat > file will be the simple and easy option to implement, and then use > "quota=${lookup {$local_part} lsearch .....}" in the exim transport. I > need a way to configure dovecot to follow the same file (or at least a > modified copy). I've been told on this list that I can't rely on the > maildirsize file, because it can be deleted under some conditions... so > i neet to stablish quotas to dovecot somewhere else. > My question is: can dovecot get a custon quota for a user from a file > (not sql or ldap) and use at the same time pam as userdb? > > > Thanks, Juan. So, you need customizable userdb lookup without ldap or sql. You can try too use checkpassword as userdb and then, in the script - parse quota-file, make pam lookup and return userdb_quota* values for specific user. More on http://wiki2.dovecot.org/AuthDatabase/CheckPassword . I don't have experience with this authdatabase method, but seems that it suitable for you. But in general - it's better to prevent editing maildirsize file from 2 instances. From kzorba at otenet.gr Wed Aug 10 13:07:48 2011 From: kzorba at otenet.gr (Kostas Zorbadelos) Date: Wed, 10 Aug 2011 13:07:48 +0300 Subject: [Dovecot] Bug report v2.0.13 - CentOS x86_64 - NFS - mbox In-Reply-To: <4E294AC0.2060706@otenet.gr> References: <4E294AC0.2060706@otenet.gr> Message-ID: <4E425874.6040507@otenet.gr> On 07/22/2011 01:02 PM, Kostas Zorbadelos wrote: Hello, since I saw no action on this, here is a newer update we discovered today. After setting pop3_lock_session = no the core dumps went away. We will leave it like that and watch it for the next few days. If we set pop3_lock_session = yes, the problem is reproduced. If I can do anything else to help debug the problem, please let me know. Regards, Kostas > Greetings to all. > > It's my first post to the list. We just completed a migration from qpopper to dovecot > for our IMAP and POP3 services. We have a rather large mail environment > (we are the biggest provider in Greece). > > So, here are the details: > > - Keep getting errors like these in our production environment > > Jul 22 00:18:21 pop01 dovecot: master: Error: service(pop3): child 4078 killed with signal 11 (core dumps disabled) > Jul 22 00:19:31 pop03 dovecot: master: Error: service(pop3): child 18849 killed with signal 11 (core dumps disabled) > > --------------------------------------------------------------------- > dovecot -n output > --------------------------------------------------------------------- > /opt/dovecot/sbin/dovecot -n > # 2.0.13: /opt/dovecot/etc/dovecot/dovecot.conf > # OS: Linux 2.6.18-92.1.22.el5 x86_64 CentOS release 5.5 (Final) > auth_cache_negative_ttl = 10 mins > auth_cache_size = 5 M > auth_cache_ttl = 10 mins > auth_verbose = yes > default_client_limit = 5000 > default_process_limit = 500 > disable_plaintext_auth = no > first_valid_uid = 200 > listen = * > log_timestamp = "%Y-%m-%d %H:%M:%S " > login_greeting = ready > mail_access_groups = mail otemail disk root > mail_fsync = always > mail_location = mbox:INDEX=/var/index/dovecot/%2.16Hn/%2.254Hn/%u > mail_nfs_storage = yes > mbox_lock_timeout = 2 mins > mbox_min_index_size = 200 k > mbox_read_locks = dotlock_try fcntl > mbox_write_locks = dotlock_try fcntl > passdb { > args = /opt/dovecot/etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > protocols = imap pop3 > service auth-worker { > user = dovenull > } > service imap-login { > inet_listener imap { > port = 143 > } > inet_listener imaps { > port = 993 > ssl = yes > } > } > service pop3-login { > inet_listener pop3 { > port = 110 > } > inet_listener pop3s { > port = 995 > ssl = yes > } > } > ssl = no > userdb { > args = /opt/dovecot/etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > verbose_proctitle = yes > protocol imap { > imap_client_workarounds = delay-newmail tb-extra-mailbox-sep > mail_max_userip_connections = 100 > } > protocol pop3 { > mail_max_userip_connections = 100 > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > pop3_fast_size_lookups = yes > pop3_lock_session = yes > pop3_reuse_xuidl = yes > pop3_uidl_format = %08Xu%08Xv > } > > I enabled core dumps in one of our backend servers and here is the relevant gdb trace: > > [root at pop08 ~]# gdb /opt/dovecot/libexec/dovecot/pop3/core.9273 > GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-32.el5_6.2) > Copyright (C) 2009 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > and "show warranty" for details. > This GDB was configured as "x86_64-redhat-linux-gnu". > For bug reporting instructions, please see: > ... > Reading symbols from /opt/dovecot/libexec/dovecot/pop3...(no debugging symbols found)...done. > Reading symbols from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0...(no debugging symbols found)...done. > Loaded symbols for /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > Reading symbols from /opt/dovecot/lib/dovecot/libdovecot.so.0...(no debugging symbols found)...done. > Loaded symbols for /opt/dovecot/lib/dovecot/libdovecot.so.0 > Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done. > Loaded symbols for /lib64/libdl.so.2 > Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done. > Loaded symbols for /lib64/librt.so.1 > Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done. > Loaded symbols for /lib64/libc.so.6 > Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. > Loaded symbols for /lib64/ld-linux-x86-64.so.2 > Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done. > Loaded symbols for /lib64/libpthread.so.0 > Core was generated by `dovecot/pop3'. > Program terminated with signal 11, Segmentation fault. > #0 0x00002b52e1027e54 in istream_raw_mbox_get_start_offset () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > (gdb) bt full > #0 0x00002b52e1027e54 in istream_raw_mbox_get_start_offset () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > No symbol table info available. > #1 0x00002b52e102b759 in ?? () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > No symbol table info available. > #2 0x00002b52e100a2c0 in index_mail_expunge () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > No symbol table info available. > #3 0x0000000000405e9c in client_update_mails () > No symbol table info available. > #4 0x00000000004061c1 in client_command_execute () > No symbol table info available. > #5 0x00000000004045b9 in client_handle_input () > No symbol table info available. > #6 0x00002b52e12df698 in io_loop_call_io () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > No symbol table info available. > #7 0x00002b52e12e09d5 in io_loop_handler_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > No symbol table info available. > #8 0x00002b52e12df62d in io_loop_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > No symbol table info available. > #9 0x00002b52e12cdf13 in master_service_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > No symbol table info available. > #10 0x0000000000403994 in main () > No symbol table info available. > (gdb) > > All traces of the crashes are identical, that is > #0 0x00002b52e1027e54 in istream_raw_mbox_get_start_offset () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > #1 0x00002b52e102b759 in ?? () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > #2 0x00002b52e100a2c0 in index_mail_expunge () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > #3 0x0000000000405e9c in client_update_mails () > #4 0x00000000004061c1 in client_command_execute () > #5 0x00000000004045b9 in client_handle_input () > #6 0x00002b52e12df698 in io_loop_call_io () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > #7 0x00002b52e12e09d5 in io_loop_handler_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > #8 0x00002b52e12df62d in io_loop_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > #9 0x00002b52e12cdf13 in master_service_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > #10 0x0000000000403994 in main () > > We have mboxes over NFS and we also have an ldap user backend. For now, I do not have a scenario > that reproduces the problem. Any idea, or input are highly appreciated. Of course I can provide > any information requested (without exposing restricted company or client data) to help trace > the problem and lead to the solution. > > Thanks and keep up the good work! > > Regards, > > Kostas Zorbadelos > > From juan at inti.gob.ar Wed Aug 10 15:40:55 2011 From: juan at inti.gob.ar (Juan Bernhard) Date: Wed, 10 Aug 2011 09:40:55 -0300 Subject: [Dovecot] Dovecot quota dict In-Reply-To: <20110810093513.2a73ca7c@jimbo> References: <4E403A99.5060102@inti.gob.ar> <20110809092938.7f2c470e@jimbo> <4E4141CF.8090107@inti.gob.ar> <20110810093513.2a73ca7c@jimbo> Message-ID: <4E427C57.1040704@inti.gob.ar> Thank you Nikita, that's what I need. El 10/08/2011 03:35 a.m., Nikita Koshikov escribi?: > On Tue, 09 Aug 2011 11:18:55 -0300 > Juan Bernhard wrote: > >> Hi Nikita, thanks for the help, but I don't have any problem with >> bouncing the mail after the deliver (in fact, the mail pass two MTAs >> servers before reaching the final storage) >> I will try (with my limited english) to explain it better. Now I m >> working with a single quota rule for everyone. What I need is a >> mechanism to give a custom quota to each user. I thought that a flat >> file will be the simple and easy option to implement, and then use >> "quota=${lookup {$local_part} lsearch .....}" in the exim transport. I >> need a way to configure dovecot to follow the same file (or at least a >> modified copy). I've been told on this list that I can't rely on the >> maildirsize file, because it can be deleted under some conditions... so >> i neet to stablish quotas to dovecot somewhere else. >> My question is: can dovecot get a custon quota for a user from a file >> (not sql or ldap) and use at the same time pam as userdb? >> >> >> Thanks, Juan. > So, you need customizable userdb lookup without ldap or sql. You can try too use checkpassword as userdb and then, in the script - parse quota-file, make pam lookup and return userdb_quota* values for specific user. More on http://wiki2.dovecot.org/AuthDatabase/CheckPassword . I don't have experience with this authdatabase method, but seems that it suitable for you. > But in general - it's better to prevent editing maildirsize file from 2 instances. From ian at liuzzifedunstudios.com Wed Aug 10 15:38:06 2011 From: ian at liuzzifedunstudios.com (huntson) Date: Wed, 10 Aug 2011 05:38:06 -0700 (PDT) Subject: [Dovecot] How do I change the date format displayed on webmail? Message-ID: <32233645.post@talk.nabble.com> I am running Dovecot on OS X Lion and the webmail displays the date in a European style format - day of the month and then month number. How can I reverse this? -- View this message in context: http://old.nabble.com/How-do-I-change-the-date-format-displayed-on-webmail--tp32233645p32233645.html Sent from the Dovecot mailing list archive at Nabble.com. From warden at geneseo.edu Wed Aug 10 16:42:36 2011 From: warden at geneseo.edu (David Warden) Date: Wed, 10 Aug 2011 09:42:36 -0400 Subject: [Dovecot] How do I change the date format displayed on webmail? In-Reply-To: <32233645.post@talk.nabble.com> References: <32233645.post@talk.nabble.com> Message-ID: On Aug 10, 2011, at 8:38 AM, huntson wrote: > > I am running Dovecot on OS X Lion and the webmail displays the date in a > European style format - day of the month and then month number. How can I > reverse this? > -- > View this message in context: http://old.nabble.com/How-do-I-change-the-date-format-displayed-on-webmail--tp32233645p32233645.html > Sent from the Dovecot mailing list archive at Nabble.com. > I believe Lion Server uses Roundcube for webmail and it defaults to that date format. I'm not sure what directory it's in but you're looking for config/main.inc.php and the entry you want to change is: // use this format for detailed date/time formatting (date or strftime format) $rcmail_config['date_long'] = 'd.m.Y H:i'; -David Warden From nbw0313 at yahoo.com Wed Aug 10 16:49:33 2011 From: nbw0313 at yahoo.com (DT) Date: Wed, 10 Aug 2011 06:49:33 -0700 (PDT) Subject: [Dovecot] mbox problems on CentOS 6 In-Reply-To: <1312614774.76715.YahooMailClassic@web161902.mail.bf1.yahoo.com> Message-ID: <1312984173.57194.YahooMailClassic@web161914.mail.bf1.yahoo.com> Still couldn't solve this mbox problem... Is there anyone who can assist me with this? ? ? --- On Sat, 8/6/11, DT wrote: From: DT Subject: Re: [Dovecot] mbox problems on CentOS 6 To: dovecot at dovecot.org Date: Saturday, August 6, 2011, 10:12 AM Thank you Thomas for opening my eyes on that matter, I fixed that area as bellow and it solved the Postfix problem 100% ? service auth { ??? unix_listener /var/spool/postfix/private/auth? { ??????? mode = 0600 ??????? user = postfix ??????? group = postfix ??? } } ? Now I only have same old issue with Dovecot only: 2011-08-05 07:52:21 imap(contact at mydomain.com): Debug: Effective uid=901, gid=12, home=/vmail/mydomain.com/contact 2011-08-05 07:52:21 imap(contact at mydomain.com): Error: user contact at mydomain.com: Initialization failed: Initializing mail storage from mail_location setting failed: Unknown mail storage driver maildir 2011-08-05 07:52:21 imap(contact at mydomain.com): Error: Invalid user settings. Refer to server log for more information. ? Somehow it doesnt like what I have in mail_location or so... but I tried so many other folders, tried maildir also, error keeps showing, I can login to IMAP but once I do I'm dropped :* BYE Internal error occurred. Refer to server log for more information. Connection closed by foreign host. ? Thank you again for any oppinion or advice. ? >In the config posted 'service auth' is not configured: > >http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL > >Thomas ? ? >> No I noticed Postfix isnt running anymore :( >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: connect from mail-fx0-f51.google.com[209.85.161.51] >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: warning: SASL: Connect to private/auth failed: Connection refused >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: fatal: no SASL authentication mechanisms >>? >> All I did was a simple system reboot >>? From frank at moltke28.B.Shuttle.DE Wed Aug 10 16:50:28 2011 From: frank at moltke28.B.Shuttle.DE (Frank Elsner) Date: Wed, 10 Aug 2011 15:50:28 +0200 Subject: [Dovecot] How do I change the date format displayed on webmail? In-Reply-To: <32233645.post@talk.nabble.com> References: <32233645.post@talk.nabble.com> Message-ID: (auto-added) On Wed, 10 Aug 2011 05:38:06 -0700 (PDT) huntson wrote: > > I am running Dovecot on OS X Lion and the webmail displays the date in a > European style format - day of the month and then month number. How can I > reverse this? This is not dovecot's job, consult your webmail preferences. --Frank Elsner From nbw0313 at yahoo.com Wed Aug 10 17:12:54 2011 From: nbw0313 at yahoo.com (DT) Date: Wed, 10 Aug 2011 07:12:54 -0700 (PDT) Subject: [Dovecot] mbox problems on CentOS 6 In-Reply-To: <1312984173.57194.YahooMailClassic@web161914.mail.bf1.yahoo.com> Message-ID: <1312985574.67275.YahooMailClassic@web161912.mail.bf1.yahoo.com> [SOLVED] ? For some reason I had to give up compiling/working with?beta version - it seems to have some issue with the storages. Instead I compiled?last stable version and all is working fine - funny thing is that I had to compile with both mbox and maildir storage drivers (probably for postfix compatibility) ? ? --- On Wed, 8/10/11, DT wrote: From: DT Subject: Re: [Dovecot] mbox problems on CentOS 6 To: dovecot at dovecot.org Date: Wednesday, August 10, 2011, 4:49 PM Still couldn't solve this mbox problem... Is there anyone who can assist me with this? ? ? --- On Sat, 8/6/11, DT wrote: From: DT Subject: Re: [Dovecot] mbox problems on CentOS 6 To: dovecot at dovecot.org Date: Saturday, August 6, 2011, 10:12 AM Thank you Thomas for opening my eyes on that matter, I fixed that area as bellow and it solved the Postfix problem 100% ? service auth { ??? unix_listener /var/spool/postfix/private/auth? { ??????? mode = 0600 ??????? user = postfix ??????? group = postfix ??? } } ? Now I only have same old issue with Dovecot only: 2011-08-05 07:52:21 imap(contact at mydomain.com): Debug: Effective uid=901, gid=12, home=/vmail/mydomain.com/contact 2011-08-05 07:52:21 imap(contact at mydomain.com): Error: user contact at mydomain.com: Initialization failed: Initializing mail storage from mail_location setting failed: Unknown mail storage driver maildir 2011-08-05 07:52:21 imap(contact at mydomain.com): Error: Invalid user settings. Refer to server log for more information. ? Somehow it doesnt like what I have in mail_location or so... but I tried so many other folders, tried maildir also, error keeps showing, I can login to IMAP but once I do I'm dropped :* BYE Internal error occurred. Refer to server log for more information. Connection closed by foreign host. ? Thank you again for any oppinion or advice. ? >In the config posted 'service auth' is not configured: > >http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL > >Thomas ? ? >> No I noticed Postfix isnt running anymore :( >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: connect from mail-fx0-f51.google.com[209.85.161.51] >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: warning: SASL: Connect to private/auth failed: Connection refused >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: fatal: no SASL authentication mechanisms >>? >> All I did was a simple system reboot >>? From stsiol at yahoo.co.uk Wed Aug 10 19:30:49 2011 From: stsiol at yahoo.co.uk (Spyros Tsiolis) Date: Wed, 10 Aug 2011 17:30:49 +0100 (BST) Subject: [Dovecot] mbox problems on CentOS 6 In-Reply-To: <1312985574.67275.YahooMailClassic@web161912.mail.bf1.yahoo.com> Message-ID: <1312993849.6518.YahooMailClassic@web27202.mail.ukl.yahoo.com> --- On Wed, 10/8/11, DT wrote: > From: DT > Subject: Re: [Dovecot] mbox problems on CentOS 6 > To: "Dovecot Mailing List" > Date: Wednesday, 10 August, 2011, 17:12 > [SOLVED] > ? > For some reason I had to give up compiling/working > with?beta version - it seems to have some issue with the > storages. Instead I compiled?last stable version and all is > working fine - funny thing is that I had to compile with > both mbox and maildir storage drivers (probably for postfix > compatibility) > ? > ? > > > --- On Wed, 8/10/11, DT > wrote: > > > From: DT > Subject: Re: [Dovecot] mbox problems on CentOS 6 > To: dovecot at dovecot.org > Date: Wednesday, August 10, 2011, 4:49 PM > > > Still couldn't solve this mbox problem... Is there anyone > who can assist me with this? > ? > ? > > > --- On Sat, 8/6/11, DT > wrote: > > > From: DT > Subject: Re: [Dovecot] mbox problems on CentOS 6 > To: dovecot at dovecot.org > Date: Saturday, August 6, 2011, 10:12 AM > > > > > > > > Thank you Thomas for opening my eyes on that matter, I > fixed that area as bellow and it solved the Postfix problem > 100% > ? > service auth { > ??? unix_listener /var/spool/postfix/private/auth? { > ??????? mode = 0600 > ??????? user = postfix > ??????? group = postfix > ??? } > } > ? > Now I only have same old issue with Dovecot only: > 2011-08-05 07:52:21 imap(contact at mydomain.com): > Debug: Effective uid=901, gid=12, > home=/vmail/mydomain.com/contact > 2011-08-05 07:52:21 imap(contact at mydomain.com): > Error: user contact at mydomain.com: > Initialization failed: Initializing mail storage from > mail_location setting failed: Unknown mail storage driver > maildir > 2011-08-05 07:52:21 imap(contact at mydomain.com): > Error: Invalid user settings. Refer to server log for more > information. > ? > Somehow it doesnt like what I have in mail_location or > so... but I tried so many other folders, tried maildir also, > error keeps showing, I can login to IMAP but once I do I'm > dropped :* BYE Internal error occurred. Refer to server log > for more information. > Connection closed by foreign host. > ? > Thank you again for any oppinion or advice. > > > ? > >In the config posted 'service auth' is not configured: > > > >http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL > > > >Thomas > ? > ? > >> No I noticed Postfix isnt running anymore :( > >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: > connect from mail-fx0-f51.google.com[209.85.161.51] > >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: > warning: SASL: Connect to private/auth failed: Connection > refused > >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: > fatal: no SASL authentication mechanisms > >>? > >> All I did was a simple system reboot > >>? > If you don't mind me ask; What version of dovecot were you trying to build ? Were you trying to buld/compile from sources ? Didn't you use the rpms for CentOS that exist ? Regards, s. ---- "I merely function as a channel that filters music through the chaos of noise" - Vangelis From nbw0313 at yahoo.com Wed Aug 10 20:05:53 2011 From: nbw0313 at yahoo.com (DT) Date: Wed, 10 Aug 2011 10:05:53 -0700 (PDT) Subject: [Dovecot] mbox problems on CentOS 6 In-Reply-To: <1312993849.6518.YahooMailClassic@web27202.mail.ukl.yahoo.com> Message-ID: <1312995953.45794.YahooMailClassic@web161907.mail.bf1.yahoo.com> I initially ran dovecot 2.0.13 from CentOS 6 base repository. Then I switched to beta 9 (source)?because I found most articles saying it's stable with the stuff I wanted compiled - compiling it was actually a pain. ? Now I successfully compiled and installed?2.0.13?from source. Works like a charm. Still I can't pinpoint exactly where the problem was: could be a bug OR could be a problematic package in centos6 repository... can't say - maybe I will test more in depth on a dev box. ? All the best ? --- On Wed, 8/10/11, Spyros Tsiolis wrote: From: Spyros Tsiolis Subject: Re: [Dovecot] mbox problems on CentOS 6 To: "Dovecot Mailing List" Cc: nbw0313 at yahoo.com Date: Wednesday, August 10, 2011, 7:30 PM --- On Wed, 10/8/11, DT wrote: > From: DT > Subject: Re: [Dovecot] mbox problems on CentOS 6 > To: "Dovecot Mailing List" > Date: Wednesday, 10 August, 2011, 17:12 > [SOLVED] > ? > For some reason I had to give up compiling/working > with?beta version - it seems to have some issue with the > storages. Instead I compiled?last stable version and all is > working fine - funny thing is that I had to compile with > both mbox and maildir storage drivers (probably for postfix > compatibility) > ? > ? > > > --- On Wed, 8/10/11, DT > wrote: > > > From: DT > Subject: Re: [Dovecot] mbox problems on CentOS 6 > To: dovecot at dovecot.org > Date: Wednesday, August 10, 2011, 4:49 PM > > > Still couldn't solve this mbox problem... Is there anyone > who can assist me with this? > ? > ? > > > --- On Sat, 8/6/11, DT > wrote: > > > From: DT > Subject: Re: [Dovecot] mbox problems on CentOS 6 > To: dovecot at dovecot.org > Date: Saturday, August 6, 2011, 10:12 AM > > > > > > > > Thank you Thomas for opening my eyes on that matter, I > fixed that area as bellow and it solved the Postfix problem > 100% > ? > service auth { > ??? unix_listener /var/spool/postfix/private/auth? { > ??????? mode = 0600 > ??????? user = postfix > ??????? group = postfix > ??? } > } > ? > Now I only have same old issue with Dovecot only: > 2011-08-05 07:52:21 imap(contact at mydomain.com): > Debug: Effective uid=901, gid=12, > home=/vmail/mydomain.com/contact > 2011-08-05 07:52:21 imap(contact at mydomain.com): > Error: user contact at mydomain.com: > Initialization failed: Initializing mail storage from > mail_location setting failed: Unknown mail storage driver > maildir > 2011-08-05 07:52:21 imap(contact at mydomain.com): > Error: Invalid user settings. Refer to server log for more > information. > ? > Somehow it doesnt like what I have in mail_location or > so... but I tried so many other folders, tried maildir also, > error keeps showing, I can login to IMAP but once I do I'm > dropped :* BYE Internal error occurred. Refer to server log > for more information. > Connection closed by foreign host. > ? > Thank you again for any oppinion or advice. > > > ? > >In the config posted 'service auth' is not configured: > > > >http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL > > > >Thomas > ? > ? > >> No I noticed Postfix isnt running anymore :( > >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: > connect from mail-fx0-f51.google.com[209.85.161.51] > >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: > warning: SASL: Connect to private/auth failed: Connection > refused > >> Aug? 4 14:49:25 hostname postfix/smtpd[6414]: > fatal: no SASL authentication mechanisms > >>? > >> All I did was a simple system reboot > >>? > If you don't mind me ask; What version of dovecot were you trying to build ? Were you trying to buld/compile from sources ? Didn't you use the rpms for CentOS that exist ? Regards, s. ---- "I merely function as a channel that filters music through the chaos of noise" - Vangelis From tss at iki.fi Wed Aug 10 20:37:46 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 10 Aug 2011 20:37:46 +0300 Subject: [Dovecot] [PATCH] net_connect_*(): Wait for fd to complete connect(2) when fd is non-blocking In-Reply-To: <87livcr1le.wl%fumiyas@osstech.jp> References: <87zkjv3eml.wl%fumiyas@osstech.jp> <87y5zf2ekl.wl%fumiyas@osstech.jp> <87livcr1le.wl%fumiyas@osstech.jp> Message-ID: <5C45A34F-1472-4DCD-B038-E07CEF6304BD@iki.fi> On 2.8.2011, at 5.25, SATOH Fumiyasu wrote: >>> Dovecot ignores EINPROGRESS on connect(2) for non-blocking fd. >>> This is wrong. After that, read(2) to fd (or write(2) to fd) fails >>> with ENOTCONN if the connection of fd is not completed. >>> >>> The attached patch fixes this problem. If you do that, then there's no point in making the socket non-blocking before connect(). > On a high-load Solaris 10 box, dovecot-lda fails to query (I/O) to > dovecot dict socket with ENOTCONN. My patch fixes this problem. I think Linux/etc returns EAGAIN in such situation. Maybe the right fix is to just add EINPROGRESS check for net_connect_unix_with_retries()? (With some extra changes so that it actually sees that errno from net_connect_unix()) From stsiol at yahoo.co.uk Wed Aug 10 22:49:19 2011 From: stsiol at yahoo.co.uk (Spyros Tsiolis) Date: Wed, 10 Aug 2011 20:49:19 +0100 (BST) Subject: [Dovecot] mbox problems on CentOS 6 In-Reply-To: <1312995953.45794.YahooMailClassic@web161907.mail.bf1.yahoo.com> Message-ID: <1313005759.19881.YahooMailClassic@web27202.mail.ukl.yahoo.com> --- On Wed, 10/8/11, DT wrote: > From: DT > Subject: Re: [Dovecot] mbox problems on CentOS 6 > To: "Dovecot Mailing List" , "Spyros Tsiolis" > Date: Wednesday, 10 August, 2011, 20:05 > I initially ran dovecot 2.0.13 from > CentOS 6 base repository. Then I switched to beta 9 > (source)?because I found most articles saying it's stable > with the stuff I wanted compiled - compiling it was actually > a pain. > ? > Now I successfully compiled and installed?2.0.13?from > source. Works like a charm. Still I can't pinpoint exactly > where the problem was: could be a bug OR could be a > problematic package in centos6 repository... can't say - > maybe I will test more in depth on a dev box. > ? > All the best > ? > > > --- On Wed, 8/10/11, Spyros Tsiolis > wrote: > > > From: Spyros Tsiolis > Subject: Re: [Dovecot] mbox problems on CentOS 6 > To: "Dovecot Mailing List" > Cc: nbw0313 at yahoo.com > Date: Wednesday, August 10, 2011, 7:30 PM > > > --- On Wed, 10/8/11, DT > wrote: > > > From: DT > > Subject: Re: [Dovecot] mbox problems on CentOS 6 > > To: "Dovecot Mailing List" > > Date: Wednesday, 10 August, 2011, 17:12 > > [SOLVED] > > ? > > For some reason I had to give up compiling/working > > with?beta version - it seems to have some issue with > the > > storages. Instead I compiled?last stable version and > all is > > working fine - funny thing is that I had to compile > with > > both mbox and maildir storage drivers (probably for > postfix > > compatibility) > > ? > > ? > > > > > > --- On Wed, 8/10/11, DT > > wrote: > > > > > > From: DT > > Subject: Re: [Dovecot] mbox problems on CentOS 6 > > To: dovecot at dovecot.org > > Date: Wednesday, August 10, 2011, 4:49 PM > > > > > > Still couldn't solve this mbox problem... Is there > anyone > > who can assist me with this? > > ? > > ? > > > > > > --- On Sat, 8/6/11, DT > > wrote: > > > > > > From: DT > > Subject: Re: [Dovecot] mbox problems on CentOS 6 > > To: dovecot at dovecot.org > > Date: Saturday, August 6, 2011, 10:12 AM > > > > > > > > > > > > > > > > Thank you Thomas for opening my eyes on that matter, > I > > fixed that area as bellow and it solved the Postfix > problem > > 100% > > ? > > service auth { > > ??? unix_listener /var/spool/postfix/private/auth? > { > > ??????? mode = 0600 > > ??????? user = postfix > > ??????? group = postfix > > ??? } > > } > > ? > > Now I only have same old issue with Dovecot only: > > 2011-08-05 07:52:21 imap(contact at mydomain.com): > > Debug: Effective uid=901, gid=12, > > home=/vmail/mydomain.com/contact > > 2011-08-05 07:52:21 imap(contact at mydomain.com): > > Error: user contact at mydomain.com: > > Initialization failed: Initializing mail storage from > > mail_location setting failed: Unknown mail storage > driver > > maildir > > 2011-08-05 07:52:21 imap(contact at mydomain.com): > > Error: Invalid user settings. Refer to server log for > more > > information. > > ? > > Somehow it doesnt like what I have in mail_location > or > > so... but I tried so many other folders, tried maildir > also, > > error keeps showing, I can login to IMAP but once I do > I'm > > dropped :* BYE Internal error occurred. Refer to > server log > > for more information. > > Connection closed by foreign host. > > ? > > Thank you again for any oppinion or advice. > > > > > > ? > > >In the config posted 'service auth' is not > configured: > > > > > >http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL > > > > > >Thomas > > ? > > ? > > >> No I noticed Postfix isnt running anymore :( > > >> Aug? 4 14:49:25 hostname > postfix/smtpd[6414]: > > connect from mail-fx0-f51.google.com[209.85.161.51] > > >> Aug? 4 14:49:25 hostname > postfix/smtpd[6414]: > > warning: SASL: Connect to private/auth failed: > Connection > > refused > > >> Aug? 4 14:49:25 hostname > postfix/smtpd[6414]: > > fatal: no SASL authentication mechanisms > > >>? > > >> All I did was a simple system reboot > > >>? > > > > > If you don't mind me ask; What version of dovecot were you > trying > to build ? > > Were you trying to buld/compile from sources ? > Didn't you use the rpms for CentOS that exist ? > > Regards, > > s. > > > ---- > "I merely function as a channel that filters > music through the chaos of noise" > - Vangelis Hi DT, Have you tinkered with debug switches on dovecot ? They are pretty straightforward and down to the point (see: not cryptic :-) I build dovecot from sources too. Not relaying on CentOS repos. I currently have two mailservers with dovecot and have no problems. Then, I am not using v2.x but v1.x (I can't remember the exact version at the moment). HTH s. ---- "I merely function as a channel that filters music through the chaos of noise" - Vangelis From s at s7p.de Wed Aug 10 23:19:30 2011 From: s at s7p.de (Stefan Piegsa) Date: Wed, 10 Aug 2011 22:19:30 +0200 Subject: [Dovecot] [Solved] How to make dovecot-lda/deliver mark a message as seen In-Reply-To: <4E4156B8.3070008@s7p.de> References: <4E3F7878.8090507@s7p.de> <4E3F93A9.6040903@s7p.de> <4E3FB08D.4020803@onet.eu> <4E4156B8.3070008@s7p.de> Message-ID: <4E42E7D2.9030006@s7p.de> On 08/09/2011 05:48 PM, Stefan Piegsa wrote: > On 08/08/2011 11:46 AM, Andrzej Adam Filip wrote: >> On 08/08/2011 09:43 AM, Stefan Piegsa wrote: >>> Thanks for your reply! >>> >>> On 08/08/2011 08:36 AM, Andrzej Adam Filip wrote: >>>> Have you considered using sieve for the task? >>>> [Using imap4flags extension] >>> Yes, but I think it's not the optimal solution for what I want to do: >>> >>> Basically, I don't want emails to be sent first to the MTA and then >>> again to dovecot to be stored in "Sent Messages". >>> So I made a script that puts an email received from the MTA by an >>> authenticated user into his local Maildir/Sent folder, using: >>> dovecot-lda -d $user -m Sent. Such emails should be marked as seen. >>> >>> Sieve would be an option if it were possible to have a global sieve >>> script that is always executed, not only when there's no user script. >>> >>> Best Regards, >>> Stefan >>> >> Could not you use sieve_before? >> http://wiki.dovecot.org/LDA/Sieve >> >> You may consider using sieve_after if you want to allow users to >> overwrite your choice of "self copy" handling. >> > > sieve_after sounds interesting! > > Is there a way to match the destination mailbox in a sieve script? > The email comes in by dovecot-lda -d $user -m Sent > Now the sieve script should somehow match the mailbox "Sent". > I solved the problem now as follows: With MODIFY_REPLACE instead of MODIFY_ADD my original approach seems to work. I added an -S switch to the dovecot-lda sources and when it is set, I do mail_update_flags(ctx.src_mail, MODIFY_REPLACE, MAIL_SEEN) just before mail_deliver(...) A solution without modifing dovecot's source would be more pleasant but I don't see an option to match the destination mailbox with sieve or any other way to set the seen flag upon mail delivery. Best Regards, Stefan From jayw at interoceansystems.com Wed Aug 10 23:36:49 2011 From: jayw at interoceansystems.com (Jay Welch) Date: Wed, 10 Aug 2011 13:36:49 -0700 Subject: [Dovecot] Thunderbird Will Not Download Email Until Computer Is Rebooted Message-ID: <4E42EBE1.9040502@interoceansystems.com> Hey Guys, Have any of you seen an issue with Thunderbird in which the computer has to be rebooted for email to be downloaded? I have been looking over the InterWebs and I cannot find anything. I can see new email on the server as well. Where would be a good place to start for troubleshooting this issue? Thanks From robert at schetterer.org Thu Aug 11 11:00:24 2011 From: robert at schetterer.org (Robert Schetterer) Date: Thu, 11 Aug 2011 10:00:24 +0200 Subject: [Dovecot] Thunderbird Will Not Download Email Until Computer Is Rebooted In-Reply-To: <4E42EBE1.9040502@interoceansystems.com> References: <4E42EBE1.9040502@interoceansystems.com> Message-ID: <4E438C18.5080405@schetterer.org> Am 10.08.2011 22:36, schrieb Jay Welch: > Hey Guys, > > Have any of you seen an issue with Thunderbird in which the computer has > to be rebooted for email to be downloaded? I have been looking over the > InterWebs and I cannot find anything. I can see new email on the server > as well. Where would be a good place to start for troubleshooting this > issue? > > Thanks > > no havent seen this ever perhaps start here http://wiki.dovecot.org/Debugging/Thunderbird -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From stan at hardwarefreak.com Thu Aug 11 15:21:27 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Thu, 11 Aug 2011 07:21:27 -0500 Subject: [Dovecot] Thunderbird Will Not Download Email Until Computer Is Rebooted In-Reply-To: <4E42EBE1.9040502@interoceansystems.com> References: <4E42EBE1.9040502@interoceansystems.com> Message-ID: <4E43C947.9080006@hardwarefreak.com> On 8/10/2011 3:36 PM, Jay Welch wrote: > Have any of you seen an issue with Thunderbird in which the computer has > to be rebooted for email to be downloaded? I have been looking over the > InterWebs and I cannot find anything. I can see new email on the server > as well. Where would be a good place to start for troubleshooting this > issue? Here: http://catb.org/~esr/faqs/smart-questions.html -- Stan From pw at wk-serv.de Thu Aug 11 17:06:58 2011 From: pw at wk-serv.de (Patrick Westenberg) Date: Thu, 11 Aug 2011 16:06:58 +0200 Subject: [Dovecot] Unknown setting: service Message-ID: <4E43E202.4000205@wk-serv.de> Hi guys, I setup a new box with Debian Squeeze 64bit and installed dovecot from the sources. However, I can't start dovecot or even use doveconf: root at imap01:~# doveconf -n # 2.0.13: /usr/local/etc/dovecot/dovecot.conf doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/conf.d/10-mail.conf line 111: Unknown setting: mail_uid Why is mail_uid and mail_gid an unknown setting? On my other box the configuration is identical (but Dovecot is upgraded from early 2.0.x versions to the current one) If I comment the mail_uid and mail_gid lines, I get another error: root at imap01:~# doveconf -n doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/conf.d/10-master.conf line 17: Unknown setting: service doveconf: Error: managesieve-login: dump-capability process returned 89 doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/conf.d/10-master.conf line 17: Unknown setting: service Everything I could find on Google are problems after upgrading from 1.x to 2.x What went wrong? Regards Patrick From remy at luckyhands.nl Thu Aug 11 17:41:40 2011 From: remy at luckyhands.nl (Remy Zandwijk) Date: Thu, 11 Aug 2011 16:41:40 +0200 Subject: [Dovecot] Unknown setting: service In-Reply-To: <4E43E202.4000205@wk-serv.de> References: <4E43E202.4000205@wk-serv.de> Message-ID: <4E43EA24.1000409@luckyhands.nl> On 11.08.2011 16:06 , Patrick Westenberg wrote: > Hi guys, > > I setup a new box with Debian Squeeze 64bit and installed dovecot from > the sources. However, I can't start dovecot or even use doveconf: > > root at imap01:~# doveconf -n > # 2.0.13: /usr/local/etc/dovecot/dovecot.conf > doveconf: Fatal: Error in configuration file > /usr/local/etc/dovecot/conf.d/10-mail.conf line 111: Unknown setting: mail_uid > > Why is mail_uid and mail_gid an unknown setting? > On my other box the configuration is identical (but Dovecot is > upgraded from early 2.0.x versions to the current one) You probably forgot to set an } somewhere. Can you show us the 10-mail.conf file? -Remy From patrickdk at patrickdk.com Fri Aug 12 00:23:38 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Thu, 11 Aug 2011 17:23:38 -0400 Subject: [Dovecot] Unknown setting: service In-Reply-To: <4E43EA24.1000409@luckyhands.nl> References: <4E43E202.4000205@wk-serv.de> <4E43EA24.1000409@luckyhands.nl> Message-ID: <20110811172338.Horde.UUcBQJLnE6FOREhamFLjLkA@mail.patrickdk.com> Ya, would have to be one of the namespace }'s is missing, as they are right before mail_uid/gid Quoting Remy Zandwijk : > On 11.08.2011 16:06 , Patrick Westenberg wrote: >> Hi guys, >> >> I setup a new box with Debian Squeeze 64bit and installed dovecot from >> the sources. However, I can't start dovecot or even use doveconf: >> >> root at imap01:~# doveconf -n >> # 2.0.13: /usr/local/etc/dovecot/dovecot.conf >> doveconf: Fatal: Error in configuration file >> /usr/local/etc/dovecot/conf.d/10-mail.conf line 111: Unknown >> setting: mail_uid >> >> Why is mail_uid and mail_gid an unknown setting? >> On my other box the configuration is identical (but Dovecot is >> upgraded from early 2.0.x versions to the current one) > You probably forgot to set an } somewhere. Can you show us the > 10-mail.conf file? > > -Remy From coding25 at yahoo.com Fri Aug 12 06:13:05 2011 From: coding25 at yahoo.com (New Coder) Date: Thu, 11 Aug 2011 20:13:05 -0700 (PDT) Subject: [Dovecot] commercial use Message-ID: <1313118785.81562.YahooMailClassic@web120706.mail.ne1.yahoo.com> I was wondering if it was possible to use Dovecot as part of a commercial solution. For example, I mean charging for an email service which uses Dovecot.Thanks.? From wgillespie+dovecot at es2eng.com Fri Aug 12 09:05:28 2011 From: wgillespie+dovecot at es2eng.com (Willie Gillespie) Date: Fri, 12 Aug 2011 00:05:28 -0600 Subject: [Dovecot] commercial use In-Reply-To: <1313118785.81562.YahooMailClassic@web120706.mail.ne1.yahoo.com> References: <1313118785.81562.YahooMailClassic@web120706.mail.ne1.yahoo.com> Message-ID: <4E44C2A8.3050403@es2eng.com> On 8/11/2011 9:13 PM, New Coder wrote: > I was wondering if it was possible to use Dovecot as part of a commercial solution. For example, I mean charging for an email service which uses Dovecot.Thanks. Yes. For example, Rackspace uses it for their email solution. From pw at wk-serv.de Fri Aug 12 09:18:38 2011 From: pw at wk-serv.de (Patrick Westenberg) Date: Fri, 12 Aug 2011 08:18:38 +0200 Subject: [Dovecot] Unknown setting: service Message-ID: <2ff98212c733a8576c36980ea222d6c4@wk-serv.de> On Thu, 11 Aug 2011 17:23:38 -0400, Patrick Domack wrote: > Ya, would have to be one of the namespace }'s is missing, as they are > right before mail_uid/gid I really missed to uncomment the namespace ending curly bracket even though I triple checked this file. Thank you guys. From tkrah at fachschaft.imn.htwk-leipzig.de Fri Aug 12 10:16:24 2011 From: tkrah at fachschaft.imn.htwk-leipzig.de (Torsten Krah) Date: Fri, 12 Aug 2011 09:16:24 +0200 Subject: [Dovecot] Clients can't retrieve new emails In-Reply-To: References: <4E41684F.6060102@es2eng.com> Message-ID: <1313133384.25409.2.camel@sf050.friends> Am Dienstag, den 09.08.2011, 13:29 -0400 schrieb Jeff Van Epps: > I'll start searching for an Ubuntu PPA for version 2 Dovecot so I can > see > whether the same thing still happens. In case you did not found any ppa yet: https://launchpad.net/~carsten-uppenbrink-net/+archive/dovecot2 regards -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5253 bytes Desc: not available URL: From jeff.vanepps at gmail.com Fri Aug 12 14:15:55 2011 From: jeff.vanepps at gmail.com (Jeff Van Epps) Date: Fri, 12 Aug 2011 07:15:55 -0400 Subject: [Dovecot] Clients can't retrieve new emails In-Reply-To: <1313133384.25409.2.camel@sf050.friends> References: <4E41684F.6060102@es2eng.com> <1313133384.25409.2.camel@sf050.friends> Message-ID: I spent 3 hours Wednesday night getting Dovecot 2.0.13 to build from source, figuring out which packages were missing and installing them, configuring, debugging, etc. Since then the problem has not occurred ... but the rawlog shows the clients have not sent "STORE 0" during that time either. I don't know what triggered them to do so before. I'll keep running this way for a while. Will you be building a package for natty? On Fri, Aug 12, 2011 at 3:16 AM, Torsten Krah < tkrah at fachschaft.imn.htwk-leipzig.de> wrote: > Am Dienstag, den 09.08.2011, 13:29 -0400 schrieb Jeff Van Epps: > > I'll start searching for an Ubuntu PPA for version 2 Dovecot so I can > > see > > whether the same thing still happens. > > In case you did not found any ppa yet: > > https://launchpad.net/~carsten-uppenbrink-net/+archive/dovecot2 > > > regards > > From bmontgom at montynet.org Sun Aug 14 18:19:25 2011 From: bmontgom at montynet.org (Benjamin Montgomery) Date: Sun, 14 Aug 2011 10:19:25 -0500 Subject: [Dovecot] SQL passdb lookups not working In-Reply-To: <4E3ED10D.5000200@montynet.org> References: <4E3ED10D.5000200@montynet.org> Message-ID: <4E47E77D.9070904@montynet.org> Just in case someone else runs into this... I solved the problem that I described below by switching the password encoding to base64. Also, with django, you have to monkey patch (based on info from [1]) the set_password function in django.contrib.auth.models.User. You also have to use a UserProfile like described at [2]. Code below goes in models.py for your project. import hashlib import base64 from django.contrib.auth.models import User # Save original User set_password method orig_set_password = User.set_password def set_password(user, raw_password): if user.id == None: user.save() # Use the original method to set the django User password: orig_set_password(user, raw_password) userprofile, created = UserProfile.objects.get_or_create(user=user) # Save the salt and sha digest in the correct format for dovecot m = hashlib.sha1() userprofile.salt = user.password.split('$')[1] m.update(raw_password) m.update(userprofile.salt) userprofile.shadigest = base64.b64encode(m.digest() + userprofile.salt) userprofile.save() # Replace the method with the custom set_password User.set_password = set_password [1] https://github.com/jedie/PyLucid/blob/master/pylucid_project/apps/pylucid/models/userprofile.py [2] https://docs.djangoproject.com/en/1.3/topics/auth/#storing-additional-information-about-users On 8/7/2011 12:53 PM, Benjamin Montgomery wrote: > Hello everyone, > > I'm trying to make dovecot do user authentication against a SQL > database. The passwords (managed by Django) are stored as salted SHA1 > encoded in hex. I monkey patched Django's password method so that the > password hash is made with (Django does > , the patched method was verified to return same value > as dovecotpw) and the passwords are stored in the database separately as > the salted hash and the salt. When I query the values out of the > database, I'm using MySQL's concat function to return the password as > {SSHA.hex}. Dovecot is not able to verify any passwords > right now. I've scoured the wiki and I think my setup is > correct...config info is below. Any advice on where to look for > debugging or setup of my passwords would be appreciated! > > Ben > > > dovecot-sql.conf: > > default_pass_scheme = SSHA.hex > > password_query = \ > SELECT emailmanager_emailaddresses.account AS username, \ > emailmanager_domain.name AS domain, \ > CONCAT('{SSHA.hex}', \ > emailmanager_userprofile.shadigest, \ > emailmanager_userprofile.salt \ > ) AS password \ > FROM emailmanager_emailaddresses \ > JOIN emailmanager_domain ON emailmanager_emailaddresses.id = > emailmanager_domain.id \ > JOIN emailmanager_userprofile ON emailmanager_emailaddresses.id = > emailmanager_userprofile.id \ > WHERE emailmanager_emailaddresses.account = '%n' \ > AND emailmanager_domain.name = '%d' From mr.majewski at gmail.com Sun Aug 14 22:33:43 2011 From: mr.majewski at gmail.com (Michael) Date: Sun, 14 Aug 2011 19:33:43 +0000 (UTC) Subject: [Dovecot] migration from courier to dovecot Message-ID: hi all I have a problem with the conversion of files containing UIDL Courier to dovecot uidl , dovecot version is 1.2.15 , format in dovecot is pop3_uidl_format = %08Xu%08Xv i try any other from available list without success courierpop3dsizelist format /2 920 1290084761 1296206202.H818256P31717.domain.tld,S=57135:2,S 57679 87:1290084761 1296239411.H289216P22896.domain.tld,S=1660:2,S 1694 88:1290084761 1296480156.H578502P4335.domain.tld,S=26610:2,S 26995 89:1290084761 1296552510.H517452P28309.domain.tld,S=2894:2,S 2980 90:1290084761 1296740128.H139710P22101.domain.tld,S=4983:2,S 5121 91:1290084761 1296807457.H887067P13955.domain.tld,S=7841:2,S 8038 92:1290084761 1296807652.H904999P14102.domain.tld,S=114839:2,S 116421 93:1290084761 courierimapuiddb 1 1290084574 847 53 1296206202.H818256P31717.domain.tld,S=57135 54 1296239411.H289216P22896.domain.tld,S=1660 55 1296480156.H578502P4335.domain.tld,S=26610 56 1296552510.H517452P28309.domain.tld,S=2894 57 1296740128.H139710P22101.domain.tld,S=4983 58 1296807457.H887067P13955.domain.tld,S=7841 59 1296807652.H904999P14102.domain.tld,S=114839 and after using a script to convert from http://www.dovecot.org/tools/courier-dovecot-migrate.pl got this file dovecot-uidlist 3 V1290084574 N862 53 PUID87-1290084761 W57679 :1296206202.H818256P31717.domain.tld,S=57135:2,S 54 PUID88-1290084761 W1694 :1296239411.H289216P22896.domain.tld,S=1660:2,S 55 PUID89-1290084761 W26995 :1296480156.H578502P4335.domain.tld,S=26610:2,S 56 PUID90-1290084761 W2980 :1296552510.H517452P28309.domain.tld,S=2894:2,S 57 PUID91-1290084761 W5121 :1296740128.H139710P22101.domain.tld,S=4983:2,S 58 PUID92-1290084761 W8038 :1296807457.H887067P13955.domain.tld,S=7841:2,S 59 PUID93-1290084761W116421:1296807652.H904999P14102.domain.tld,S=114839:2,S Unfortunately, messages are downloaded to the client again and with over 300 account its problematic if someone would be willing and able to help I will be grateful , i don't have any idea what next can do with it ;( if any other information would be helpful please let me know From tss at iki.fi Sun Aug 14 23:47:07 2011 From: tss at iki.fi (Timo Sirainen) Date: Sun, 14 Aug 2011 23:47:07 +0300 Subject: [Dovecot] migration from courier to dovecot In-Reply-To: References: Message-ID: <1313354827.10421.1283.camel@hurina> On Sun, 2011-08-14 at 19:33 +0000, Michael wrote: > I have a problem with the conversion of files containing UIDL Courier to dovecot > uidl , dovecot version is 1.2.15 , format in dovecot is pop3_uidl_format = > %08Xu%08Xv i try any other from available list without success 1) Check some user's UIDL reply from Courier. 2) Check the same user's UIDL reply from Dovecot after running the migration script. What do you see? From tss at iki.fi Sun Aug 14 23:50:50 2011 From: tss at iki.fi (Timo Sirainen) Date: Sun, 14 Aug 2011 23:50:50 +0300 Subject: [Dovecot] Bug report v2.0.13 - CentOS x86_64 - NFS - mbox In-Reply-To: <4E425874.6040507@otenet.gr> References: <4E294AC0.2060706@otenet.gr> <4E425874.6040507@otenet.gr> Message-ID: <1313355050.10421.1285.camel@hurina> With a quick test I can't reproduce pop3_lock_session=yes causing a crash. I guess it needs something else besides what I tested. It would be helpful if your Dovecot binaries weren't stripped of debug symbols. I could then ask for some more information from the core dumps with gdb. On Wed, 2011-08-10 at 13:07 +0300, Kostas Zorbadelos wrote: > On 07/22/2011 01:02 PM, Kostas Zorbadelos wrote: > > Hello, > > since I saw no action on this, here is a newer update we discovered today. > > After setting pop3_lock_session = no the core dumps went away. > We will leave it like that and watch it for the next few days. If we set > pop3_lock_session = yes, the problem is reproduced. > > If I can do anything else to help debug the problem, please let me know. > > Regards, > > Kostas > > > Greetings to all. > > > > It's my first post to the list. We just completed a migration from qpopper to dovecot > > for our IMAP and POP3 services. We have a rather large mail environment > > (we are the biggest provider in Greece). > > > > So, here are the details: > > > > - Keep getting errors like these in our production environment > > > > Jul 22 00:18:21 pop01 dovecot: master: Error: service(pop3): child 4078 killed with signal 11 (core dumps disabled) > > Jul 22 00:19:31 pop03 dovecot: master: Error: service(pop3): child 18849 killed with signal 11 (core dumps disabled) > > > > --------------------------------------------------------------------- > > dovecot -n output > > --------------------------------------------------------------------- > > /opt/dovecot/sbin/dovecot -n > > # 2.0.13: /opt/dovecot/etc/dovecot/dovecot.conf > > # OS: Linux 2.6.18-92.1.22.el5 x86_64 CentOS release 5.5 (Final) > > auth_cache_negative_ttl = 10 mins > > auth_cache_size = 5 M > > auth_cache_ttl = 10 mins > > auth_verbose = yes > > default_client_limit = 5000 > > default_process_limit = 500 > > disable_plaintext_auth = no > > first_valid_uid = 200 > > listen = * > > log_timestamp = "%Y-%m-%d %H:%M:%S " > > login_greeting = ready > > mail_access_groups = mail otemail disk root > > mail_fsync = always > > mail_location = mbox:INDEX=/var/index/dovecot/%2.16Hn/%2.254Hn/%u > > mail_nfs_storage = yes > > mbox_lock_timeout = 2 mins > > mbox_min_index_size = 200 k > > mbox_read_locks = dotlock_try fcntl > > mbox_write_locks = dotlock_try fcntl > > passdb { > > args = /opt/dovecot/etc/dovecot/dovecot-ldap.conf.ext > > driver = ldap > > } > > protocols = imap pop3 > > service auth-worker { > > user = dovenull > > } > > service imap-login { > > inet_listener imap { > > port = 143 > > } > > inet_listener imaps { > > port = 993 > > ssl = yes > > } > > } > > service pop3-login { > > inet_listener pop3 { > > port = 110 > > } > > inet_listener pop3s { > > port = 995 > > ssl = yes > > } > > } > > ssl = no > > userdb { > > args = /opt/dovecot/etc/dovecot/dovecot-ldap.conf.ext > > driver = ldap > > } > > verbose_proctitle = yes > > protocol imap { > > imap_client_workarounds = delay-newmail tb-extra-mailbox-sep > > mail_max_userip_connections = 100 > > } > > protocol pop3 { > > mail_max_userip_connections = 100 > > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > > pop3_fast_size_lookups = yes > > pop3_lock_session = yes > > pop3_reuse_xuidl = yes > > pop3_uidl_format = %08Xu%08Xv > > } > > > > I enabled core dumps in one of our backend servers and here is the relevant gdb trace: > > > > [root at pop08 ~]# gdb /opt/dovecot/libexec/dovecot/pop3/core.9273 > > GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-32.el5_6.2) > > Copyright (C) 2009 Free Software Foundation, Inc. > > License GPLv3+: GNU GPL version 3 or later > > This is free software: you are free to change and redistribute it. > > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > > and "show warranty" for details. > > This GDB was configured as "x86_64-redhat-linux-gnu". > > For bug reporting instructions, please see: > > ... > > Reading symbols from /opt/dovecot/libexec/dovecot/pop3...(no debugging symbols found)...done. > > Reading symbols from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0...(no debugging symbols found)...done. > > Loaded symbols for /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > > Reading symbols from /opt/dovecot/lib/dovecot/libdovecot.so.0...(no debugging symbols found)...done. > > Loaded symbols for /opt/dovecot/lib/dovecot/libdovecot.so.0 > > Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done. > > Loaded symbols for /lib64/libdl.so.2 > > Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done. > > Loaded symbols for /lib64/librt.so.1 > > Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done. > > Loaded symbols for /lib64/libc.so.6 > > Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. > > Loaded symbols for /lib64/ld-linux-x86-64.so.2 > > Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done. > > Loaded symbols for /lib64/libpthread.so.0 > > Core was generated by `dovecot/pop3'. > > Program terminated with signal 11, Segmentation fault. > > #0 0x00002b52e1027e54 in istream_raw_mbox_get_start_offset () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > > (gdb) bt full > > #0 0x00002b52e1027e54 in istream_raw_mbox_get_start_offset () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > > No symbol table info available. > > #1 0x00002b52e102b759 in ?? () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > > No symbol table info available. > > #2 0x00002b52e100a2c0 in index_mail_expunge () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > > No symbol table info available. > > #3 0x0000000000405e9c in client_update_mails () > > No symbol table info available. > > #4 0x00000000004061c1 in client_command_execute () > > No symbol table info available. > > #5 0x00000000004045b9 in client_handle_input () > > No symbol table info available. > > #6 0x00002b52e12df698 in io_loop_call_io () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > > No symbol table info available. > > #7 0x00002b52e12e09d5 in io_loop_handler_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > > No symbol table info available. > > #8 0x00002b52e12df62d in io_loop_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > > No symbol table info available. > > #9 0x00002b52e12cdf13 in master_service_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > > No symbol table info available. > > #10 0x0000000000403994 in main () > > No symbol table info available. > > (gdb) > > > > All traces of the crashes are identical, that is > > #0 0x00002b52e1027e54 in istream_raw_mbox_get_start_offset () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > > #1 0x00002b52e102b759 in ?? () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > > #2 0x00002b52e100a2c0 in index_mail_expunge () from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 > > #3 0x0000000000405e9c in client_update_mails () > > #4 0x00000000004061c1 in client_command_execute () > > #5 0x00000000004045b9 in client_handle_input () > > #6 0x00002b52e12df698 in io_loop_call_io () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > > #7 0x00002b52e12e09d5 in io_loop_handler_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > > #8 0x00002b52e12df62d in io_loop_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > > #9 0x00002b52e12cdf13 in master_service_run () from /opt/dovecot/lib/dovecot/libdovecot.so.0 > > #10 0x0000000000403994 in main () > > > > We have mboxes over NFS and we also have an ldap user backend. For now, I do not have a scenario > > that reproduces the problem. Any idea, or input are highly appreciated. Of course I can provide > > any information requested (without exposing restricted company or client data) to help trace > > the problem and lead to the solution. > > > > Thanks and keep up the good work! > > > > Regards, > > > > Kostas Zorbadelos > > > > > From tss at iki.fi Sun Aug 14 23:51:18 2011 From: tss at iki.fi (Timo Sirainen) Date: Sun, 14 Aug 2011 23:51:18 +0300 Subject: [Dovecot] LMTP over STDIN/STDOUT (non root user) In-Reply-To: <3kha87i6dl-B89@clifford.huge.strangled.net> References: <3kha87i6dl-B89@clifford.huge.strangled.net> Message-ID: <1313355078.10421.1286.camel@hurina> On Tue, 2011-08-09 at 17:29 +0200, Andrzej Adam Filip wrote: > Is it possible to get LMTP session over STDIN/STDOUT (for non root user)? Yeah. Just run it. From tss at iki.fi Sun Aug 14 23:53:19 2011 From: tss at iki.fi (Timo Sirainen) Date: Sun, 14 Aug 2011 23:53:19 +0300 Subject: [Dovecot] Trash Plugin In-Reply-To: <4E411B61.1040605@endersys.com> References: <4E411B61.1040605@endersys.com> Message-ID: <1313355199.10421.1288.camel@hurina> On Tue, 2011-08-09 at 14:34 +0300, Ayd?n Demirel wrote: > ReHi; > > I have a question about trash plugin. I added following lines into > dovecot.conf: > > quota_rule = *:storage=2048000 > quota_rule2 = Trash:storage=1MB > quota_rule3 = SPAM:ignore That looks like simply a quota plugin setting. You haven't shown anything settings about trash plugin. Which one do you really mean? > When I set *:storage line as default quota_rule , There is no problem.. > > But when I removed this line and set Trash:storage as default > quota_rule, plugin is not working.. > > That I said, Do I have to add *:storage line as first default line in > config line? You need a *:storage rule in any case. I don't know what you'd want to happen if it didn't exist. From tss at iki.fi Sun Aug 14 23:56:36 2011 From: tss at iki.fi (Timo Sirainen) Date: Sun, 14 Aug 2011 23:56:36 +0300 Subject: [Dovecot] Blocking auth services In-Reply-To: <4E3FD0C1.4000805@one.com> References: <4E3FD0C1.4000805@one.com> Message-ID: <1313355396.10421.1290.camel@hurina> On Mon, 2011-08-08 at 14:04 +0200, Peter Mogensen wrote: > I'm writing an passdb/userdb plugin to authenticate against an external > daemon listening on a UNIX socket. > > The connection to the daemon is 1 request at a time and thus blocking > (unlike passdb-ldap), but the daemon is preforking, so it can handle > more connections at a time. You're talking to it via UNIX socket, so you can talk to it with non-blocking sockets. > But I also have the option, to let the passdb/userdb plugin maintain a > pools of used/idle connections to the daemon and just pick a idle > connection and moving it to the used pool on each auth_request. > Which would save me the auth worker processes. This would be more efficient. (I wonder if you could make your external daemon talk auth-worker protocol and Dovecot would do this pooling automatically by thinking it's talking to its own workers?) From tss at iki.fi Mon Aug 15 00:03:09 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 15 Aug 2011 00:03:09 +0300 Subject: [Dovecot] Error when trying to delete folders In-Reply-To: <4E3FCCD2.4000603@jungo.com> References: <4E3FCCD2.4000603@jungo.com> Message-ID: <1313355789.10421.1294.camel@hurina> On Mon, 2011-08-08 at 14:47 +0300, Bar Ziony wrote: > When trying to delete a folder, I get this error: > "Server Error: DELETE: Can't rename mailboxes across specified storages" The problem is that you've specified a separate INDEX= path for Maildir. Dovecot's generic mailbox renaming code can't currently handle renaming between namespaces when they have different index paths. Since lazy-expunge handles mailbox deletions by renaming them into the lazy-expunge namespace, this fails. So your options are: a) Remove INDEX path from mail_location b) Fix Dovecot code to support renaming from different index paths (for maildir you could basically just delete the old index dir - a more generic solution would be more difficult) c) Forget about using lazy_expunge From tss at iki.fi Mon Aug 15 00:10:11 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 15 Aug 2011 00:10:11 +0300 Subject: [Dovecot] shared mailboxes In-Reply-To: References: Message-ID: <1313356211.10421.1296.camel@hurina> On Wed, 2011-08-03 at 01:33 +0300, Vasil Mikhalenya wrote: > 1. How to create a public mailbox - with per user seen flag. In my > configuration this flag is shared Currently this is possible only with Maildir (by creating dovecot-shared file). > 2. How to share one user mailbox with other users and set up acl. In > Cyrus it was very easy( cyradm sam mailbox user1 lrs or sam mailbox > user2 all ). What way there is to do this in dovecot. doveadm acl set > It was no problem with shared mailboxes in cyrus, but I need maildir support. Hmm? Looks like you're using mdbox..: > mail_location = mdbox:/var/mail/%1n/%n From tss at iki.fi Mon Aug 15 00:13:28 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 15 Aug 2011 00:13:28 +0300 Subject: [Dovecot] $IP not getting set? In-Reply-To: <4E38620A.20800@xjack.org> References: <4E38620A.20800@xjack.org> Message-ID: <1313356408.10421.1298.camel@hurina> On Tue, 2011-08-02 at 13:46 -0700, A.L. wrote: > Using dovecot 2.0.13. I went to implement relay-ctrl per directions > on the Wiki, and failed. After running it down, as best as I can > determine, the problem is that the $IP variable is not getting set (and > thus not re-set in the script wrapper). I plunked a "set >> debug" > into the script, and the only env var's that are set are as listed below > (slightly sanitized for public display). Anyone have any ideas? I > have tried both the Wiki-way, and this way: > http://dovecot.org/list/dovecot/2009-December/045139.html with > identical results. I don't know if the mailing list post is up to date, read the wiki instead: http://wiki2.dovecot.org/PostLoginScripting My test script prints the IP address to the IMAP session just fine: #!/bin/sh echo "* OK $IP" exec "$@" From tss at iki.fi Mon Aug 15 00:17:03 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 15 Aug 2011 00:17:03 +0300 Subject: [Dovecot] mbox issue - dovecot 2.0.13 In-Reply-To: <4E37877B.9040309@preachain.org> References: <4E37877B.9040309@preachain.org> Message-ID: <1313356623.10421.1301.camel@hurina> On Mon, 2011-08-01 at 22:13 -0700, John Alexander wrote: > I'm running into the following issue when trying to delete a folder: > > Aug 2 00:41:46 keg dovecot: imap(user): Error: > stat(/home/user/mail/Trash/.imap/MoreTest) failed: Not a directory 1) This is Thunderbird trying to delete mailbox by moving it under Trash mailbox, which won't work with mbox. You can fix this in TB by setting .. probably the "server supports subfolders" or whatever setting. 2) It's a Dovecot bug that it logs this error message. It's already fixed in v2.1, and I'd rather not spend time backporting the fix to v2.0. From AnFi at onet.eu Mon Aug 15 00:34:58 2011 From: AnFi at onet.eu (Andrzej Adam Filip) Date: Sun, 14 Aug 2011 23:34:58 +0200 Subject: [Dovecot] LMTP over STDIN/STDOUT (non root user) In-Reply-To: <1313355078.10421.1286.camel@hurina> (Timo Sirainen's message of "Sun, 14 Aug 2011 23:51:18 +0300") References: <3kha87i6dl-B89@clifford.huge.strangled.net> <1313355078.10421.1286.camel@hurina> Message-ID: Timo Sirainen wrote: > On Tue, 2011-08-09 at 17:29 +0200, Andrzej Adam Filip wrote: >> Is it possible to get LMTP session over STDIN/STDOUT (for non root user)? > > Yeah. Just run it. Step 1: OK/CLOSED Step 2: lmtp program seems to accept custom configuration file (-c _file_). The file specifies both passdb and userdb using Passwd-file. How to make lmtp skip attempts to contact auth server? P.S. I want to achieve personal (single user) "server less" IMAP&LMTP over STDIN&STDOUT configuration. Now I see: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied ... Fixing/changing socket permissions is no solutuion for me because I want to avoid need for any permanently running server. -- [pl>en: Andrew] Andrzej Adam Filip : anfi at onet.eu The whole history of computers is rampant with cheerleading at best and bigotry at worst. -- Larry Wall in <199702111730.JAA28598 at wall.org> From mr.majewski at gmail.com Mon Aug 15 00:43:32 2011 From: mr.majewski at gmail.com (Michael) Date: Sun, 14 Aug 2011 21:43:32 +0000 (UTC) Subject: [Dovecot] migration from courier to dovecot References: <1313354827.10421.1283.camel@hurina> Message-ID: send same in email ( first saw the email ) uidl's are to above mailbox conversion thanks for fast reply 1 UID87-1290084761 1 UID87-1290084761 2 UID88-1290084761 2 UID88-1290084761 3 UID89-1290084761 3 UID89-1290084761 4 UID90-1290084761 4 UID90-1290084761 . . . . 775 UID909-1290084761 775 UID909-1290084761 776 UID910-1290084761 776 UID910-1290084761 777 UID911-1290084761 777 UID911-1290084761 778 UID912-1290084761 778 UID912-1290084761 779 UID913-1290084761 779 UID913-1290084761 780 UID914-1290084761 780 UID914-1290084761 781 UID915-1290084761 781 UID915-1290084761 782 UID916-1290084761 782 UID916-1290084761 783 UID917-1290084761 783 UID917-1290084761 784 UID918-1290084761 784 UID918-1290084761 785 UID919-1290084761 785 UID919-1290084761 786 UID920-1290084761 786 0000035e4ce520de courier dovecot From tss at iki.fi Mon Aug 15 01:12:57 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 15 Aug 2011 01:12:57 +0300 Subject: [Dovecot] BUG - lmtp multiple recipients fail - setuid issue? In-Reply-To: References: Message-ID: <1313359977.10421.1304.camel@hurina> On Mon, 2011-08-01 at 14:28 -0700, Boris Lordis wrote: > Jul 27 11:24:42 testmailserver dovecot: lmtp(12412, steve): Error: > link(/spool/mail/j/jerry/mail/INBOX/u.20423, > /spool/mail/s/steve/mail/INBOX/.temp.1311791081.P12412Q2M989550.testmailserver.) > failed: Permission denied It shouldn't even try this.. I guess both INBOX directories use the same group? That's why Dovecot's internal check fails to realize that it can't use link(). This is now fixed in v2.1 hg tree. Too big of a change to fix in v2.0. You could work around it by using unique GIDs for users, or patching Dovecot's source code (mail_storage_copy_can_use_hardlink() to always return FALSE) From tss at iki.fi Mon Aug 15 01:20:41 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 15 Aug 2011 01:20:41 +0300 Subject: [Dovecot] migration from courier to dovecot In-Reply-To: References: <1313354827.10421.1283.camel@hurina> Message-ID: <1313360441.10421.1305.camel@hurina> So the UIDLs are preserved perfectly. The problem is with something else then. Such as did you change the server address in the client's config? Some clients trigger a redownload because of that. On Sun, 2011-08-14 at 21:43 +0000, Michael wrote: > send same in email ( first saw the email ) > uidl's are to above mailbox conversion > > thanks for fast reply > > 1 UID87-1290084761 1 UID87-1290084761 > 2 UID88-1290084761 2 UID88-1290084761 > 3 UID89-1290084761 3 UID89-1290084761 > 4 UID90-1290084761 4 UID90-1290084761 > . > . > . > . > > 775 UID909-1290084761 775 UID909-1290084761 > 776 UID910-1290084761 776 UID910-1290084761 > 777 UID911-1290084761 777 UID911-1290084761 > 778 UID912-1290084761 778 UID912-1290084761 > 779 UID913-1290084761 779 UID913-1290084761 > 780 UID914-1290084761 780 UID914-1290084761 > 781 UID915-1290084761 781 UID915-1290084761 > 782 UID916-1290084761 782 UID916-1290084761 > 783 UID917-1290084761 783 UID917-1290084761 > 784 UID918-1290084761 784 UID918-1290084761 > 785 UID919-1290084761 785 UID919-1290084761 > 786 UID920-1290084761 786 0000035e4ce520de > courier dovecot > > > From tss at iki.fi Mon Aug 15 01:24:54 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 15 Aug 2011 01:24:54 +0300 Subject: [Dovecot] LMTP over STDIN/STDOUT (non root user) In-Reply-To: References: <3kha87i6dl-B89@clifford.huge.strangled.net> <1313355078.10421.1286.camel@hurina> Message-ID: <1313360694.10421.1307.camel@hurina> On Sun, 2011-08-14 at 23:34 +0200, Andrzej Adam Filip wrote: > lmtp program seems to accept custom configuration file (-c _file_). > The file specifies both passdb and userdb using Passwd-file. > How to make lmtp skip attempts to contact auth server? Well, since LMTP by design is intended to deliver mails to multiple users, which requires userdb lookup, this is kind of a kludgy way to use it. If you really want to, you can do it by patching the LMTP sources: --- a/src/lmtp/main.c Mon Aug 15 01:18:01 2011 +0300 +++ b/src/lmtp/main.c Mon Aug 15 01:24:39 2011 +0300 @@ -81,7 +81,6 @@ enum master_service_flags service_flags = 0; enum mail_storage_service_flags storage_service_flags = MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT | - MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP | MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP | MAIL_STORAGE_SERVICE_FLAG_NO_LOG_INIT | MAIL_STORAGE_SERVICE_FLAG_NO_IDLE_TIMEOUT; From mr.majewski at gmail.com Mon Aug 15 01:35:07 2011 From: mr.majewski at gmail.com (Michael) Date: Sun, 14 Aug 2011 22:35:07 +0000 (UTC) Subject: [Dovecot] migration from courier to dovecot References: <1313354827.10421.1283.camel@hurina> <1313360441.10421.1305.camel@hurina> Message-ID: domain is the same as was , only ip is changed ( new machine for mx ) the same config ( i dont want to users had to change smth ) i'm confused :(( From tss at iki.fi Mon Aug 15 01:38:18 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 15 Aug 2011 01:38:18 +0300 Subject: [Dovecot] dovecot crashes after reloading service In-Reply-To: References: Message-ID: This is fixed in v2.0. Too much trouble trying to debug and fix it in v1.2. On 22.7.2011, at 23.48, Alan Morais wrote: > Hello, > > I just made a fresh install of dovecot using Iredmail, and works just fine, > but, after changing a parameter on /etc/dovecot.conf, and reloading > service, the daemon crashes, with the message as follows: > > * restarting the service instead of reload works fine. > > ############# Error message > > dovecot: Panic: file dict-process.c: line 154 (dict_listener_input): > assertion failed: (listener->process > es == NULL) > Jul 22 10:50:52 dovecot: Error: Raw backtrace: /usr/sbin/dovecot > [0x805adb0] -> /usr/sbin/dovecot [0x805ae93] -> /usr/sbi > n/dovecot [0x80529c6] -> /usr/sbin/dovecot [0x805a65c] -> /usr/sbin/dovecot > [0x804cd60] -> /usr/sbin/dovecot [0x805ece0] > -> /usr/sbin/dovecot [0x805ddc8] -> /usr/sbin/dovecot [0x805337d] -> > /lib/i686/nosegneg/libc.so.6(__libc_start_main+0xdc) > [0x6cce9c] -> /usr/sbin/dovecot [0x804a571] > > ############## Commands executed > > included parameter "login_greeting =xxxxxxxxxxxxxx" on dovecot.conf > > /etc/init.d/dovecot reload > > ##################### config > [root at correio221 ~]# dovecot -n > # 1.2.16: /etc/dovecot.conf > # OS: Linux 2.6.18-128.el5xen i686 CentOS release 5.3 (Final) nfs > log_path: /var/log/dovecot.log > protocols: pop3 pop3s imap imaps managesieve > listen(default): * > listen(imap): * > listen(pop3): * > listen(managesieve): *:2000 > ssl_ca_file: /etc/pki/tls/certs/iRedMail_CA.pem > ssl_cert_file: /etc/pki/tls/certs/iRedMail_CA.pem > ssl_key_file: /etc/pki/tls/private/iRedMail.key > login_dir: /var/run/dovecot/login > login_executable(default): /usr/libexec/dovecot/imap-login > login_executable(imap): /usr/libexec/dovecot/imap-login > login_executable(pop3): /usr/libexec/dovecot/pop3-login > login_executable(managesieve): /usr/libexec/dovecot/managesieve-login > login_greeting: SIANET POP/IMAP > login_process_size: 512 > login_processes_count: 128 > login_max_processes_count: 256 > login_max_connections: 1024 > max_mail_processes: 256 > first_valid_uid: 5000 > last_valid_uid: 5000 > mail_uid: 5000 > mail_gid: 5000 > mail_location: maildir:/home/vmail/%d/%Ln/Maildir > mmap_disable: yes > mail_nfs_storage: yes > mail_nfs_index: yes > lock_method: dotlock > mail_executable(default): /usr/libexec/dovecot/imap > mail_executable(imap): /usr/libexec/dovecot/imap > mail_executable(pop3): /usr/libexec/dovecot/pop3 > mail_executable(managesieve): /usr/libexec/dovecot/managesieve > mail_process_size: 512 > mail_plugins(default): quota imap_quota autocreate > mail_plugins(imap): quota imap_quota autocreate > mail_plugins(pop3): quota > mail_plugins(managesieve): > mail_plugin_dir(default): /usr/lib/dovecot/imap > mail_plugin_dir(imap): /usr/lib/dovecot/imap > mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 > mail_plugin_dir(managesieve): /usr/lib/dovecot/managesieve > imap_client_workarounds(default): tb-extra-mailbox-sep > imap_client_workarounds(imap): tb-extra-mailbox-sep > imap_client_workarounds(pop3): > imap_client_workarounds(managesieve): > pop3_client_workarounds(default): > pop3_client_workarounds(imap): > pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh > pop3_client_workarounds(managesieve): > namespace: > type: private > prefix: INBOX. > inbox: yes > list: yes > subscriptions: yes > lda: > postmaster_address: root > auth_socket_path: /var/run/dovecot/auth-master > mail_plugins: quota sieve autocreate > sieve_global_path: /home/vmail/sieve/dovecot.sieve > log_path: /var/log/sieve.log > auth default: > mechanisms: plain login > default_realm: sianet.com.br > user: vmail > verbose: yes > passdb: > driver: sql > args: /etc/dovecot-mysql.conf > userdb: > driver: sql > args: /etc/dovecot-mysql.conf > socket: > type: listen > client: > path: /var/spool/postfix/dovecot-auth > mode: 438 > user: postfix > group: postfix > master: > path: /var/run/dovecot/auth-master > mode: 438 > user: vmail > group: vmail > plugin: > quota_warning: storage=85%% /usr/local/bin/dovecot-quota-warning.sh 85 > quota_warning2: storage=90%% /usr/local/bin/dovecot-quota-warning.sh 90 > quota_warning3: storage=95%% /usr/local/bin/dovecot-quota-warning.sh 95 > quota: maildir > quota: dict:user::proxy::quotadict > quota_rule: *:storage=0 > expire: Trash 7 Trash/* 7 Junk 30 > expire_dict: proxy::expire > auth_socket_path: /var/run/dovecot/auth-master > sieve_global_dir: /home/vmail/ > sieve_before: %Lh/dovecot.sieve.before > sieve: /%Lh/dovecot.sieve > sieve_global_path: /home/vmail/dovecot.sieve > global_script_path: /home/vmail/dovecot.sieve > autocreate: INBOX > autocreate2: INBOX.Sent > autocreate3: INBOX.Trash > autocreate4: INBOX.Drafts > autocreate5: INBOX.Junk > autosubscribe: INBOX > autosubscribe2: INBOX.Sent > autosubscribe3: INBOX.Trash > autosubscribe4: INBOX.Drafts > autosubscribe5: INBOX.Junk > dict: > expire: db:/var/lib/dovecot/expire/expire.db > quotadict: mysql:/etc/dovecot-used-quota.conf > > Thanks in advance. > > -- > > Alan Morais > Analista de Suporte > Fone: (11) 2125-9222 > E-mail: alan.morais at sianet.com.br > [1] > > > > Links: > ------ > [1] http://www.sianet.com.br > From tss at iki.fi Mon Aug 15 01:39:09 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 15 Aug 2011 01:39:09 +0300 Subject: [Dovecot] How to "scramble" emails In-Reply-To: <257f8de50ff196dfc1b1daff4fb05a0e@smartmobili.com> References: <257f8de50ff196dfc1b1daff4fb05a0e@smartmobili.com> Message-ID: <1976BEBD-12F9-4B30-A9DD-5F968423A1EA@iki.fi> On 23.7.2011, at 12.38, Vincent Richomme wrote: > I am working on a webmail project using dovecot as imap server and I would need to make a demo > however I don't want to show all my emails addresses. > So my question is knowing that I am using the maildir format, would it ne possible > to do a kind of search and replace of all emails/cc/to and replace them by fake ones or will > it break something like indexes ? I guess you already tried, but yeah, if you modify emails you'll need to delete dovecot.index.cache files also. From mr.majewski at gmail.com Mon Aug 15 01:59:45 2011 From: mr.majewski at gmail.com (Michael) Date: Sun, 14 Aug 2011 22:59:45 +0000 (UTC) Subject: [Dovecot] migration from courier to dovecot References: <1313354827.10421.1283.camel@hurina> <1313360441.10421.1305.camel@hurina> Message-ID: hmm, in the meantime i ran Courier on a new server and the situation is the same messages are downloaded again, I do not understand completely why the change machine ip is so important for email clients , or i miss smth :( From tss at iki.fi Mon Aug 15 02:32:05 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 15 Aug 2011 02:32:05 +0300 Subject: [Dovecot] Parallel auth In-Reply-To: References: Message-ID: On 22.7.2011, at 9.42, Bernhard Schmidt wrote: > passdb { > args = /etc/dovecot/dovecot-passwd > driver = passwd-file > } > passdb { > args = /etc/dovecot/dovecot-ldap-simauth.conf.ext > driver = ldap > } Dovecot should first try the passwd-file and if it succeeds, stop. If it fails, continues to ldap. > Due to a firmware bug, our six-figures NAS causes extremely high LDAP > delays (in the range of 20-60 seconds, instead of the usual 50ms) once > an hour. The weird thing is, I also see these delays in the graph for > the local user. Which got me thinking Yes, that is weird. > * are authentication requests handled serially by dovecot/auth? Yes. > * any way to solve this situation for the local user (not to be blocked > by the delayed LDAP query)? Shouldn't happen! Maybe the delay was caused by something not directly related to the LDAP lookups.. You could also verify with straceing the auth process and authenticating as the local user to verify that it doesn't do an LDAP lookup. > * any way to solve this situation for LDAP users? We could possibly do > some loadbalancing if the auth-daemon opened several LDAP connections Not currently, at least not until I rewrite LDAP's connection pooling to work in a similar way to SQL. Although even that doesn't solve the latency problems, someone else also recently complained about one of their SQL servers giving high latency replies and Dovecot not dropping that server in favor of the second fast one.. I should do something about that. From apm at one.com Mon Aug 15 09:44:29 2011 From: apm at one.com (Peter Mogensen) Date: Mon, 15 Aug 2011 08:44:29 +0200 Subject: [Dovecot] Blocking auth services In-Reply-To: <1313355396.10421.1290.camel@hurina> References: <4E3FD0C1.4000805@one.com> <1313355396.10421.1290.camel@hurina> Message-ID: <4E48C04D.6090707@one.com> On 2011-08-14 22:56, Timo Sirainen wrote: > On Mon, 2011-08-08 at 14:04 +0200, Peter Mogensen wrote: > >> I'm writing an passdb/userdb plugin to authenticate against an external >> daemon listening on a UNIX socket. >> >> The connection to the daemon is 1 request at a time and thus blocking >> (unlike passdb-ldap), but the daemon is preforking, so it can handle >> more connections at a time. > > You're talking to it via UNIX socket, so you can talk to it with > non-blocking sockets. Yes... but a single connection can still only handle one request at a time. It's not the socket, which is blocking - it's the server end of the connection. >> But I also have the option, to let the passdb/userdb plugin maintain a >> pools of used/idle connections to the daemon and just pick a idle >> connection and moving it to the used pool on each auth_request. >> Which would save me the auth worker processes. > > This would be more efficient. (I wonder if you could make your external > daemon talk auth-worker protocol and Dovecot would do this pooling > automatically by thinking it's talking to its own workers?) We actually considered replacing the entire dovecot-auth process with a re-write of the daemon, which we had done with courier. But the courier-auth process is simpler, so we decided to go for a plugin to dovecot-auth. /Peter From fumiyas at osstech.jp Mon Aug 15 10:41:04 2011 From: fumiyas at osstech.jp (SATOH Fumiyasu) Date: Mon, 15 Aug 2011 16:41:04 +0900 Subject: [Dovecot] [PATCH] net_connect_*(): Wait for fd to complete connect(2) when fd is non-blocking In-Reply-To: <5C45A34F-1472-4DCD-B038-E07CEF6304BD@iki.fi> References: <87zkjv3eml.wl%fumiyas@osstech.jp> <87y5zf2ekl.wl%fumiyas@osstech.jp> <87livcr1le.wl%fumiyas@osstech.jp> <5C45A34F-1472-4DCD-B038-E07CEF6304BD@iki.fi> Message-ID: <87ippzp1f3.wl%fumiyas@osstech.jp> At Wed, 10 Aug 2011 20:37:46 +0300, Timo Sirainen wrote: > On 2.8.2011, at 5.25, SATOH Fumiyasu wrote: > > >>> Dovecot ignores EINPROGRESS on connect(2) for non-blocking fd. > >>> This is wrong. After that, read(2) to fd (or write(2) to fd) fails > >>> with ENOTCONN if the connection of fd is not completed. > >>> > >>> The attached patch fixes this problem. > > If you do that, then there's no point in making the socket > non-blocking before connect(). Linux connect(2) manpage said: EINPROGRESS The socket is nonblocking and the connection cannot be completed immediately. It is pos- sible to select(2) or poll(2) for completion by selecting the socket for writing. After select(2) indicates writability, use get- sockopt(2) to read the SO_ERROR option at level SOL_SOCKET to determine whether con- nect() completed successfully (SO_ERROR is zero) or unsuccessfully (SO_ERROR is one of the usual error codes listed here, explain- ing the reason for the failure). Solaris 10 connect(3SOCKET) manpage said: EINPROGRESS The socket is non-blocking, and the connection cannot be completed immediately. You can use select(3C) to complete the connection by selecting the socket for writing. Windows connect function document said (http://msdn.microsoft.com/en-us/library/ms737625%28v=vs.85%29.aspx): With a nonblocking socket, the connection attempt cannot be completed immediately. In this case, connect will return SOCKET_ERROR, and WSAGetLastError will return WSAEWOULDBLOCK. In this case, there are three possible scenarios: * Use the select function to determine the completion of the connection request by checking to see if the socket is writeable. * If the application is using WSAAsyncSelect to indicate interest in connection events, then the application will receive an FD_CONNECT notification indicating that the connect operation is complete (successfully or not). * If the application is using WSAEventSelect to indicate interest in connection events, then the associated event object will be signaled indicating that the connect operation is complete (successfully or not). > > On a high-load Solaris 10 box, dovecot-lda fails to query (I/O) to > > dovecot dict socket with ENOTCONN. My patch fixes this problem. > > I think Linux/etc returns EAGAIN in such situation. Maybe the right > fix is to just add EINPROGRESS check for net_connect_unix_with_retries()? > (With some extra changes so that it actually sees that errno from > net_connect_unix()) I think you MUST wait for the fd to complete connect() before read() from / write() to the fd in such situation. -- -- Name: SATOH Fumiyasu (fumiyas @ osstech co jp) -- Business Home: http://www.OSSTech.co.jp/ -- Personal Home: http://www.SFO.jp/blog/ From kzorba at otenet.gr Mon Aug 15 11:17:01 2011 From: kzorba at otenet.gr (kzorba at otenet.gr) Date: Mon, 15 Aug 2011 11:17:01 +0300 Subject: [Dovecot] Bug report v2.0.13 - CentOS x86_64 - NFS - mbox In-Reply-To: <1313355050.10421.1285.camel@hurina> References: <4E294AC0.2060706@otenet.gr> <4E425874.6040507@otenet.gr> <1313355050.10421.1285.camel@hurina> Message-ID: <20110815111701.68513psu7vb3wflp@noc.otenet.gr> Quoting Timo Sirainen : > With a quick test I can't reproduce pop3_lock_session=yes causing a > crash. I guess it needs something else besides what I tested. It would > be helpful if your Dovecot binaries weren't stripped of debug symbols. I > could then ask for some more information from the core dumps with gdb. > Hi Timo, indeed it is a bug that I could not reproduce myself. Having debug symbols and producing the stack trace is the next logical step and I will work on this tomorrow. Since --enable-debug does not work in your configure script, can you direct me as to what is needed? Is there an option in configure or do I need to mess with the makefiles? On the other hand, I have found two different bugs. Having pop3_lock_session=yes we have the situation described here and also of course delays in local deliveries in case a client has an active pop session. And I can tell you we have a lot of abusing clients that keep hitting our pop servers continuously, or keep connections open for a VERY long time. To address that, we put pop3_lock_session=no. In this case, there is an fcntl lock leak somewhere. The good news is that we have reproduced that and I will send relevant information in a different mail. I also read the following thread, from a while back: http://www.dovecot.org/list/dovecot/2009-February/037098.html Regards, Kostas > On Wed, 2011-08-10 at 13:07 +0300, Kostas Zorbadelos wrote: >> On 07/22/2011 01:02 PM, Kostas Zorbadelos wrote: >> >> Hello, >> >> since I saw no action on this, here is a newer update we discovered today. >> >> After setting pop3_lock_session = no the core dumps went away. >> We will leave it like that and watch it for the next few days. If we set >> pop3_lock_session = yes, the problem is reproduced. >> >> If I can do anything else to help debug the problem, please let me know. >> >> Regards, >> >> Kostas >> >> > Greetings to all. >> > >> > It's my first post to the list. We just completed a migration >> from qpopper to dovecot >> > for our IMAP and POP3 services. We have a rather large mail environment >> > (we are the biggest provider in Greece). >> > >> > So, here are the details: >> > >> > - Keep getting errors like these in our production environment >> > >> > Jul 22 00:18:21 pop01 dovecot: master: Error: service(pop3): >> child 4078 killed with signal 11 (core dumps disabled) >> > Jul 22 00:19:31 pop03 dovecot: master: Error: service(pop3): >> child 18849 killed with signal 11 (core dumps disabled) >> > >> > --------------------------------------------------------------------- >> > dovecot -n output >> > --------------------------------------------------------------------- >> > /opt/dovecot/sbin/dovecot -n >> > # 2.0.13: /opt/dovecot/etc/dovecot/dovecot.conf >> > # OS: Linux 2.6.18-92.1.22.el5 x86_64 CentOS release 5.5 (Final) >> > auth_cache_negative_ttl = 10 mins >> > auth_cache_size = 5 M >> > auth_cache_ttl = 10 mins >> > auth_verbose = yes >> > default_client_limit = 5000 >> > default_process_limit = 500 >> > disable_plaintext_auth = no >> > first_valid_uid = 200 >> > listen = * >> > log_timestamp = "%Y-%m-%d %H:%M:%S " >> > login_greeting = ready >> > mail_access_groups = mail otemail disk root >> > mail_fsync = always >> > mail_location = mbox:INDEX=/var/index/dovecot/%2.16Hn/%2.254Hn/%u >> > mail_nfs_storage = yes >> > mbox_lock_timeout = 2 mins >> > mbox_min_index_size = 200 k >> > mbox_read_locks = dotlock_try fcntl >> > mbox_write_locks = dotlock_try fcntl >> > passdb { >> > args = /opt/dovecot/etc/dovecot/dovecot-ldap.conf.ext >> > driver = ldap >> > } >> > protocols = imap pop3 >> > service auth-worker { >> > user = dovenull >> > } >> > service imap-login { >> > inet_listener imap { >> > port = 143 >> > } >> > inet_listener imaps { >> > port = 993 >> > ssl = yes >> > } >> > } >> > service pop3-login { >> > inet_listener pop3 { >> > port = 110 >> > } >> > inet_listener pop3s { >> > port = 995 >> > ssl = yes >> > } >> > } >> > ssl = no >> > userdb { >> > args = /opt/dovecot/etc/dovecot/dovecot-ldap.conf.ext >> > driver = ldap >> > } >> > verbose_proctitle = yes >> > protocol imap { >> > imap_client_workarounds = delay-newmail tb-extra-mailbox-sep >> > mail_max_userip_connections = 100 >> > } >> > protocol pop3 { >> > mail_max_userip_connections = 100 >> > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh >> > pop3_fast_size_lookups = yes >> > pop3_lock_session = yes >> > pop3_reuse_xuidl = yes >> > pop3_uidl_format = %08Xu%08Xv >> > } >> > >> > I enabled core dumps in one of our backend servers and here is >> the relevant gdb trace: >> > >> > [root at pop08 ~]# gdb >> /opt/dovecot/libexec/dovecot/pop3/core.9273 >> > GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-32.el5_6.2) >> > Copyright (C) 2009 Free Software Foundation, Inc. >> > License GPLv3+: GNU GPL version 3 or >> later >> > This is free software: you are free to change and redistribute it. >> > There is NO WARRANTY, to the extent permitted by law. Type "show copying" >> > and "show warranty" for details. >> > This GDB was configured as "x86_64-redhat-linux-gnu". >> > For bug reporting instructions, please see: >> > ... >> > Reading symbols from /opt/dovecot/libexec/dovecot/pop3...(no >> debugging symbols found)...done. >> > Reading symbols from >> /opt/dovecot/lib/dovecot/libdovecot-storage.so.0...(no debugging >> symbols found)...done. >> > Loaded symbols for /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 >> > Reading symbols from >> /opt/dovecot/lib/dovecot/libdovecot.so.0...(no debugging symbols >> found)...done. >> > Loaded symbols for /opt/dovecot/lib/dovecot/libdovecot.so.0 >> > Reading symbols from /lib64/libdl.so.2...(no debugging symbols >> found)...done. >> > Loaded symbols for /lib64/libdl.so.2 >> > Reading symbols from /lib64/librt.so.1...(no debugging symbols >> found)...done. >> > Loaded symbols for /lib64/librt.so.1 >> > Reading symbols from /lib64/libc.so.6...(no debugging symbols >> found)...done. >> > Loaded symbols for /lib64/libc.so.6 >> > Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging >> symbols found)...done. >> > Loaded symbols for /lib64/ld-linux-x86-64.so.2 >> > Reading symbols from /lib64/libpthread.so.0...(no debugging >> symbols found)...done. >> > Loaded symbols for /lib64/libpthread.so.0 >> > Core was generated by `dovecot/pop3'. >> > Program terminated with signal 11, Segmentation fault. >> > #0 0x00002b52e1027e54 in istream_raw_mbox_get_start_offset () >> from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 >> > (gdb) bt full >> > #0 0x00002b52e1027e54 in istream_raw_mbox_get_start_offset () >> from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 >> > No symbol table info available. >> > #1 0x00002b52e102b759 in ?? () from >> /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 >> > No symbol table info available. >> > #2 0x00002b52e100a2c0 in index_mail_expunge () from >> /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 >> > No symbol table info available. >> > #3 0x0000000000405e9c in client_update_mails () >> > No symbol table info available. >> > #4 0x00000000004061c1 in client_command_execute () >> > No symbol table info available. >> > #5 0x00000000004045b9 in client_handle_input () >> > No symbol table info available. >> > #6 0x00002b52e12df698 in io_loop_call_io () from >> /opt/dovecot/lib/dovecot/libdovecot.so.0 >> > No symbol table info available. >> > #7 0x00002b52e12e09d5 in io_loop_handler_run () from >> /opt/dovecot/lib/dovecot/libdovecot.so.0 >> > No symbol table info available. >> > #8 0x00002b52e12df62d in io_loop_run () from >> /opt/dovecot/lib/dovecot/libdovecot.so.0 >> > No symbol table info available. >> > #9 0x00002b52e12cdf13 in master_service_run () from >> /opt/dovecot/lib/dovecot/libdovecot.so.0 >> > No symbol table info available. >> > #10 0x0000000000403994 in main () >> > No symbol table info available. >> > (gdb) >> > >> > All traces of the crashes are identical, that is >> > #0 0x00002b52e1027e54 in istream_raw_mbox_get_start_offset () >> from /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 >> > #1 0x00002b52e102b759 in ?? () from >> /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 >> > #2 0x00002b52e100a2c0 in index_mail_expunge () from >> /opt/dovecot/lib/dovecot/libdovecot-storage.so.0 >> > #3 0x0000000000405e9c in client_update_mails () >> > #4 0x00000000004061c1 in client_command_execute () >> > #5 0x00000000004045b9 in client_handle_input () >> > #6 0x00002b52e12df698 in io_loop_call_io () from >> /opt/dovecot/lib/dovecot/libdovecot.so.0 >> > #7 0x00002b52e12e09d5 in io_loop_handler_run () from >> /opt/dovecot/lib/dovecot/libdovecot.so.0 >> > #8 0x00002b52e12df62d in io_loop_run () from >> /opt/dovecot/lib/dovecot/libdovecot.so.0 >> > #9 0x00002b52e12cdf13 in master_service_run () from >> /opt/dovecot/lib/dovecot/libdovecot.so.0 >> > #10 0x0000000000403994 in main () >> > >> > We have mboxes over NFS and we also have an ldap user backend. >> For now, I do not have a scenario >> > that reproduces the problem. Any idea, or input are highly >> appreciated. Of course I can provide >> > any information requested (without exposing restricted company or >> client data) to help trace >> > the problem and lead to the solution. >> > >> > Thanks and keep up the good work! >> > >> > Regards, >> > >> > Kostas Zorbadelos >> > >> > >> > > > From AnFi at onet.eu Mon Aug 15 11:30:27 2011 From: AnFi at onet.eu (Andrzej Adam Filip) Date: Mon, 15 Aug 2011 10:30:27 +0200 Subject: [Dovecot] LMTP over STDIN/STDOUT (non root user) In-Reply-To: <1313360694.10421.1307.camel@hurina> (Timo Sirainen's message of "Mon, 15 Aug 2011 01:24:54 +0300") References: <3kha87i6dl-B89@clifford.huge.strangled.net> <1313355078.10421.1286.camel@hurina> <1313360694.10421.1307.camel@hurina> Message-ID: <0rgmp6fipx-B8F@john.huge.strangled.net> Timo Sirainen wrote: > On Sun, 2011-08-14 at 23:34 +0200, Andrzej Adam Filip wrote: >> lmtp program seems to accept custom configuration file (-c _file_). >> The file specifies both passdb and userdb using Passwd-file. >> How to make lmtp skip attempts to contact auth server? > > Well, since LMTP by design is intended to deliver mails to multiple > users, which requires userdb lookup, this is kind of a kludgy way to > use it. LMTP offers *also* a sensible way to reduce number of execution of deliver program, does not it? :-) Such use does make sense when retrieving messages from high volume mailing lists even after "half day break". > If you really want to, you can do it by patching the LMTP sources: > > --- a/src/lmtp/main.c Mon Aug 15 01:18:01 2011 +0300 > +++ b/src/lmtp/main.c Mon Aug 15 01:24:39 2011 +0300 > @@ -81,7 +81,6 @@ > enum master_service_flags service_flags = 0; > enum mail_storage_service_flags storage_service_flags = > MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT | > - MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP | > MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP | > MAIL_STORAGE_SERVICE_FLAG_NO_LOG_INIT | > MAIL_STORAGE_SERVICE_FLAG_NO_IDLE_TIMEOUT; Thank for the patch/consideration. Do you intend to include it into official code base sometime in the (near) future? -- [pl>en: Andrew] Andrzej Adam Filip : anfi at onet.eu We gave you an atomic bomb, what do you want, mermaids? -- I. I. Rabi to the Atomic Energy Commission From tss at iki.fi Mon Aug 15 12:39:31 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 15 Aug 2011 12:39:31 +0300 Subject: [Dovecot] LMTP over STDIN/STDOUT (non root user) In-Reply-To: <0rgmp6fipx-B8F@john.huge.strangled.net> References: <3kha87i6dl-B89@clifford.huge.strangled.net> <1313355078.10421.1286.camel@hurina> <1313360694.10421.1307.camel@hurina> <0rgmp6fipx-B8F@john.huge.strangled.net> Message-ID: On 15.8.2011, at 11.30, Andrzej Adam Filip wrote: > Timo Sirainen wrote: >> On Sun, 2011-08-14 at 23:34 +0200, Andrzej Adam Filip wrote: >>> lmtp program seems to accept custom configuration file (-c _file_). >>> The file specifies both passdb and userdb using Passwd-file. >>> How to make lmtp skip attempts to contact auth server? >> >> Well, since LMTP by design is intended to deliver mails to multiple >> users, which requires userdb lookup, this is kind of a kludgy way to >> use it. > > LMTP offers *also* a sensible way to reduce number of execution of > deliver program, does not it? :-) Depends on how you're intending to run it. If you can manage to keep the session open between mail deliveries, then it'll work, but I don't really know how you could do that. >> If you really want to, you can do it by patching the LMTP sources: >> >> --- a/src/lmtp/main.c Mon Aug 15 01:18:01 2011 +0300 >> +++ b/src/lmtp/main.c Mon Aug 15 01:24:39 2011 +0300 >> @@ -81,7 +81,6 @@ >> enum master_service_flags service_flags = 0; >> enum mail_storage_service_flags storage_service_flags = >> MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT | >> - MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP | >> MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP | >> MAIL_STORAGE_SERVICE_FLAG_NO_LOG_INIT | >> MAIL_STORAGE_SERVICE_FLAG_NO_IDLE_TIMEOUT; > > Thank for the patch/consideration. > > Do you intend to include it into official code base sometime in the > (near) future? No. From anfi at onet.eu Mon Aug 15 16:31:29 2011 From: anfi at onet.eu (Andrzej Adam Filip) Date: Mon, 15 Aug 2011 15:31:29 +0200 Subject: [Dovecot] LMTP over STDIN/STDOUT (non root user) In-Reply-To: (Timo Sirainen's message of "Mon, 15 Aug 2011 12:39:31 +0300") References: <3kha87i6dl-B89@clifford.huge.strangled.net> <1313355078.10421.1286.camel@hurina> <1313360694.10421.1307.camel@hurina> <0rgmp6fipx-B8F@john.huge.strangled.net> Message-ID: Timo Sirainen wrote: > On 15.8.2011, at 11.30, Andrzej Adam Filip wrote: > >> Timo Sirainen wrote: >>> On Sun, 2011-08-14 at 23:34 +0200, Andrzej Adam Filip wrote: >>>> lmtp program seems to accept custom configuration file (-c _file_). >>>> The file specifies both passdb and userdb using Passwd-file. >>>> How to make lmtp skip attempts to contact auth server? >>> >>> Well, since LMTP by design is intended to deliver mails to multiple >>> users, which requires userdb lookup, this is kind of a kludgy way to >>> use it. >> >> LMTP offers *also* a sensible way to reduce number of execution of >> deliver program, does not it? :-) > > Depends on how you're intending to run it. If you can manage to keep > the session open between mail deliveries, then it'll work, but I don't > really know how you could do that. > [...] MTA operating in normal mode of accepting messages over SMTP can hardly benefit without significant delivery delays. Fetchmail polling other POP/IMAP accounts can achieve multiple messages over single LMTP session (to one recipient) especially after "overnight break". MTA perspective is not the only one even if it is the most important. -- [pl>en: Andrew] Andrzej Adam Filip : anfi at onet.eu It's possible that I'm just an idiot, and don't recognize a sleepy slavemaster when I see one. -- Larry Wall in <199708040319.UAA16213 at wall.org> From sollog at digiraticonsulting.com Mon Aug 15 23:41:26 2011 From: sollog at digiraticonsulting.com (Munroe Sollog) Date: Mon, 15 Aug 2011 16:41:26 -0400 Subject: [Dovecot] Last login script Message-ID: <81110451-063E-4A5A-9C73-727B2976CE20@digiraticonsulting.com> I am trying to implement a last login script, however I seem to be having lots of issues. We started with sqlite but we were having locking issues, so we moved to postgresql which seems to have alleviated database specific issues, but now people are complaining about randomly not being able to log in. I don't see any real errors in the logs (dovecot or postgresql) to explain their complaints though, all I am really getting is "Connection closed" here is the log line of a failed attempt (with debug output): http://pastebin.com/5RFgVa8V and here is what we are running as the 'mail executable': http://pastebin.com/L0ibyqSQ Any help would be greatly appreciated, thanks. Munroe Sollog Digirati Consulting sollog at digiraticonsulting.com (610) 332-7234 x805 From postmaster at psy.miami.edu Tue Aug 16 00:13:56 2011 From: postmaster at psy.miami.edu (Postmaster) Date: Mon, 15 Aug 2011 17:13:56 -0400 Subject: [Dovecot] dovecot's documentation dearth Message-ID: <4E498C14.8070200@psy.miami.edu> Hello. The first thing for me to say is thanks! I've been using dovecot since test 61 and it has basically performed flawlessly for me from day number 1. Dovecot makes me look like a genius sysadmin, especially compared to my colleagues struggling with exchange. So thanks, gracias, obrigado!! I'm working on a configuration for 2.0 and I'm finding the documentation somewhat difficult. I think it would be very helpful to me to have encountered a single page that detailed all available configuration sections. I don't know how to find out what the sections are, when to use them or what specifically they control. So far I've encountered... passdb plugin service protocol userdb local_name (and I think there is another one of these for ips) The service section itself would benefit from a single page detailing all of the possible types of service sections available. The next problem I've had is discovering that several parts of dovecot have no documentation at all even though they are standalone executables run by root. config, log, and ssl_params all run as root but there is also anvil and they look to me like they could support listening on a port if inet_interfaces is defined. You can say, "Relax fella, trust me. These programs are all part of dovecot and are run only if they're needed." Then I'll say, "Yes but I'm the administrator. I need to know how the parts fit together to know if the system's broken." Then you say, "Well that makes sense, but the things you're talking about aren't really configured. They are mostly internal to dovecot, they just happen to be broken out into external programs. You may as well be asking for documentation on a specific function in a library. If that's what you want, you can read through the source code." Well I guess that would be one solution. The bottom line is that it gives me an uncomfortableness to not be able to control or explain the operation of the software I'm supposedly administering. Take the program named log (which should be named dovecot-log or something less generic), it is launched even though I've specified syslog in the configuration. Logging is not interrupted when the process is killed. So, why is it running? What is it doing? Why does it need root? How do I control it? I think these are all good questions for an administrator to ask. That's my feedback for what it's worth, but mostly, thanks again for dovecot! From copalfreak at gmail.com Tue Aug 16 02:07:37 2011 From: copalfreak at gmail.com (CopalFreak) Date: Mon, 15 Aug 2011 18:07:37 -0500 Subject: [Dovecot] Slackware Dovecot recompile with SSL/TLS question Message-ID: <4E49A6B9.9000706@gmail.com> I am having some problems and was told to ask in this list to try and get some help. When asking elsewhere, I was told that I was too verbose, so I'll try to be as brief as possible, while still including all the pertinent info. Slackware 13.1.0 Dovecot 2.0.8 Postfix 2.4.3 MySQL (virtual users) Spamassassin 3.3.1 ClamAV 0.97.1 (without Amavis) Have wild-card SSL certs and CA from GoDaddy ##"postconf -a" >> cyrus >> dovecot I compiled Dovecot without SASL support and need to re-compile it WITH SASL support, but I don't want to mess up my existing configuration. (I have it the way I want it as far as where it's installed, where the conf files are located, UID, GID settings, etc.) Dovecot 2.0.13 is out and I would prefer to use the newer version assuming it doesn't have any problems that would prevent me from using it. Is there a way to re-compile (or upgrade) so that it doesn't change any of my existing settings? I would like to be able to bring it down, do upgrade, maybe copy some config files over the defaults etc, and bring it all back up within a few minutes instead of a week of tweaking and fixing stuff. Is there a way to do something like this : stop dovecot backup all dovecot conf files ./configure CPPFLAGS=-I/path/to/openssl LDFLAGS=-L/path/to/openssl --config_dir /etc/dovecot/dovecot.conf (or something like that..not sure what it actually is) make sudo make install edit conf files to point to SSL certs start dovecot IN CASE anything goes wrong, copy old config files back and restart dovecot to make it go back the way it was (only it's using the new 2.0.13 version) any suggestions and/or tips on how-to do this would be greatly appreciated. Thanks! From rob0 at gmx.co.uk Tue Aug 16 05:21:22 2011 From: rob0 at gmx.co.uk (/dev/rob0) Date: Mon, 15 Aug 2011 21:21:22 -0500 Subject: [Dovecot] Slackware Dovecot recompile with SSL/TLS question In-Reply-To: <4E49A6B9.9000706@gmail.com> References: <4E49A6B9.9000706@gmail.com> Message-ID: <20110816022121.GJ14195@harrier.slackbuilds.org> On Mon, Aug 15, 2011 at 06:07:37PM -0500, CopalFreak wrote: > Slackware 13.1.0 > Dovecot 2.0.8 > Postfix 2.4.3 That's rather old, BTW. > MySQL (virtual users) > Spamassassin 3.3.1 > ClamAV 0.97.1 (without Amavis) > Have wild-card SSL certs and CA from GoDaddy > > ##"postconf -a" > >> cyrus > >> dovecot > > I compiled Dovecot without SASL support and need to re-compile it > WITH SASL support, The Subject line says "SSL/TLS", and then here you say "SASL". I suppose the Subject is correct, right? I don't recall there being options to enable/disable SASL in Dovecot. > but I don't want to mess up my existing configuration. (I have > it the way I want it as far as where it's installed, where the > conf files are located, UID, GID settings, etc.) > > Dovecot 2.0.13 is out and I would prefer to use the newer > version assuming it doesn't have any problems that would > prevent me from using it. > > Is there a way to re-compile (or upgrade) so that it doesn't > change any of my existing settings? Did you look at the wiki yet? Upgrading from one minor version to another should be rather simple. Check the NEWS. http://wiki2.dovecot.org/Upgrading http://dovecot.org/doc/NEWS > I would like to be able to bring it down, do upgrade, maybe copy > some config files over the defaults etc, and bring it all back > up within a few minutes instead of a week of tweaking and fixing > stuff. Spend some time in advance, and this should be simple. > Is there a way to do something like this : > > stop dovecot No, this is too early in the process. Compile first. > backup all dovecot conf files > > ./configure CPPFLAGS=-I/path/to/openssl LDFLAGS=-L/path/to/openssl > --config_dir /etc/dovecot/dovecot.conf > (or something like that..not sure what it actually is) > > make Here's where you'd "dovecot stop". > sudo make install > edit conf files to point to SSL certs Actually you can edit the modular /etc/dovecot/conf.d/10-ssl.conf file ahead of time, then just uncomment the include line at this point. > start dovecot > > > IN CASE anything goes wrong, copy old config files back and > restart dovecot to make it go back the way it was (only it's > using the new 2.0.13 version) > > > any suggestions and/or tips on how-to do this would be greatly > appreciated. You might gain some confidence by doing this in a virtual machine and/or chroot in advance. -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header From dlie76 at yahoo.com.au Tue Aug 16 08:19:34 2011 From: dlie76 at yahoo.com.au (Daminto Lie) Date: Mon, 15 Aug 2011 22:19:34 -0700 (PDT) Subject: [Dovecot] imap-login aborted login Message-ID: <1313471974.41094.YahooMailNeo@web113416.mail.gq1.yahoo.com> Hi, I have been trying to set up Apache2, Postfix, Dovecot, openLDAP and squirrelmail on my Ubuntu Server 10.04 machine. The idea is to make use of the LDAP to authenticate users to login to squirrelmail to send/receive emails. I have been using the link - https://help.ubuntu.com/community/Postfix/DovecotLDAP, as a guide to get it all set up. I have checked the status for postfix and dovecot, and they both are up and running by using telnet. I have even installed openldapadmin to check and see if I've got the ldap working. I could login to openldapadmin and saw myself there with uid=msmith. I have also installed squirrelmail as my webmail. After all that installed, I went to localhost/squirrelmail on the firefox browser. It would not log me in. Later I found in the /var/log/dovecot-deliver.log file, I saw the following messages dovecot: Info: Dovecot v1.2.9 starting up (core dumps disabled) imap-login: Info: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured imap-login: Info: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured? imap-login: Info: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured I tried to login with three different usernames but none worked as shown above in the log file. I wonder if it is to do with method=PLAIN and secured. Any help would be greatly appreciated. Thank you From dlie76 at yahoo.com.au Tue Aug 16 10:05:35 2011 From: dlie76 at yahoo.com.au (Daminto Lie) Date: Tue, 16 Aug 2011 00:05:35 -0700 (PDT) Subject: [Dovecot] imap-login aborted login In-Reply-To: <4E4A029E.6090608@gmail.com> References: <1313471974.41094.YahooMailNeo@web113416.mail.gq1.yahoo.com> <4E4A029E.6090608@gmail.com> Message-ID: <1313478335.29213.YahooMailNeo@web113406.mail.gq1.yahoo.com> Thanks for your reply. Now I can see more info after turning on all those debugs Here it is 2011-08-16 16:16:53 dovecot: Warning: Killed with signal 15 (by pid=7250 uid=0 code=kill) 2011-08-16 16:16:53 dovecot: Info: Dovecot v1.2.9 starting up (core dumps disabled) 2011-08-16 16:16:54 auth(default): Info: new auth connection: pid=7259 2011-08-16 16:16:54 auth(default): Info: new auth connection: pid=7264 2011-08-16 16:16:54 auth(default): Info: new auth connection: pid=7263 2011-08-16 16:16:54 auth(default): Info: new auth connection: pid=7261 2011-08-16 16:16:54 auth(default): Info: new auth connection: pid=7262 2011-08-16 16:16:54 auth(default): Info: new auth connection: pid=7260 2011-08-16 16:18:14 auth(default): Info: client in: AUTH??? 1??? PLAIN??? service=imap??? secured??? lip=127.0.0.1??? rip=127.0.0.1??? lport=143??? rport=32973??? resp=AGRsaWUAZGxpZTMyMDU= 2011-08-16 16:18:14 auth-worker(default): Info: pam(msmith,127.0.0.1): lookup service=dovecot 2011-08-16 16:18:14 auth-worker(default): Info: pam(msmith,127.0.0.1): #1/1 style=1 msg=Password: 2011-08-16 16:18:15 auth(default): Info: new auth connection: pid=7271 2011-08-16 16:18:16 auth-worker(default): Info: pam(msmith,127.0.0.1): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: xxx) 2011-08-16 16:18:18 auth(default): Info: client out: FAIL??? 1??? user=msmith 2011-08-16 16:18:23 imap-login: Info: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Here is my dovecot.conf (Note: I have removed all the comments) ## Dovecot configuration file protocols = imap imaps pop3 pop3s listen = * disable_plaintext_auth = no log_path = /var/log/dovecot-deliver.log info_log_path = /var/log/dovecot-deliver.log log_timestamp = "%Y-%m-%d %H:%M:%S " login_user = postfix login_greeting = Dovecot IMAP server! mail_location = maildir:~/Maildir mail_privileged_group = mail mail_debug = yes verbose_proctitle = yes protocol imap { ? login_executable = /usr/lib/dovecot/imap-login ? mail_executable = /usr/lib/dovecot/imap ? imap_client_workarounds = outlook-idle delay-newmail netscape-eoh tb-extra-mailbox-sep } protocol pop3 { ? pop3_uidl_format = %08Xu%08Xv } protocol managesieve { } protocol lda { ? postmaster_address = ? hostname = ubuntuserver ? sendmail_path = /usr/lib/sendmail ? rejection_subject = Rejected: %s ? rejection_reason = Your message to <%t> was automatically rejected:%n%r ? auth_socket_path = /var/run/dovecot/auth-master } auth_username_format = %Lu auth_verbose = yes auth_debug = yes auth_debug_passwords = yes auth default { ? mechanisms = plain ? passdb pam { ? } ? userdb passwd { ? } ? user = root ? socket listen { ??? master { ????? path = /var/run/dovecot/auth-master ????? mode = 0660 ????? user = mail ????? group = mail ??? } ??? client { ????? path = /var/spool/postfix/private/auth-client ????? mode = 0660 ????? user = postfix ????? group = postfix ??? } ? } ? !include_try /etc/dovecot/auth.d/*.auth } dict { } plugin { } # Config files can also be included. deliver doesn't support them currently. #!include /etc/dovecot/conf.d/*.conf # Optional configurations, don't give an error if it's not found: !include_try /etc/dovecot/conf.d/*.conf #!include_try /etc/dovecot/extra.conf I think the issue is with PAM authentication. How do I configure the PAM authentication? Any help would be much appreciated. Thank you ________________________________ From: CopalFreak To: Daminto Lie Sent: Tuesday, 16 August 2011 3:39 PM Subject: Re: [Dovecot] imap-login aborted login You might try turning on the various DEBUG modes in Dovecot. In your dovecot.conf file : Something like this : ------------------------------------- auth_debug = yes auth_debug_passwords = yes auth_verbose - yes verbose_proctitle = yes mail_debug = yes log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot-deliver.log ------------------------------------- After edit, restart dovecot. Then tail your log (tail -f /var/log/dovecot-deliver.log) while attempting to check mail. You should see a bit more info that might help. (be sure to turn it all back off. it will sometimes log the passwords and when using plaintext, thats bad.) Hope this helps, -=*CopalFreak*=- On 8/16/2011 12:19 AM, Daminto Lie wrote: > Hi, > > I have been trying to set up Apache2, Postfix, Dovecot, openLDAP and squirrelmail on my Ubuntu Server 10.04 machine. The idea is to make use of the LDAP to authenticate users to login to squirrelmail to send/receive emails. > > I have been using the link - https://help.ubuntu.com/community/Postfix/DovecotLDAP, as a guide to get it all set up. I have checked the status for postfix and dovecot, and they both are up and running by using telnet. I have even installed openldapadmin to check and see if I've got the ldap working. I could login to openldapadmin and saw myself there with uid=msmith. > > I have also installed squirrelmail as my webmail. After all that installed, I went to localhost/squirrelmail on the firefox browser. It would not log me in. > > Later I found in the /var/log/dovecot-deliver.log file, I saw the following messages > dovecot: Info: Dovecot v1.2.9 starting up (core dumps disabled) > imap-login: Info: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured > imap-login: Info: Aborted login (auth failed, 1 attempts): > user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured? > > imap-login: Info: Aborted login (auth failed, 1 attempts): > user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured > > I tried to login with three different usernames but none worked as shown above in the log file. I wonder if it is to do with method=PLAIN and secured. > > Any help would be greatly appreciated. > > Thank you > From jmreymond at free.fr Tue Aug 16 12:29:28 2011 From: jmreymond at free.fr (Jean-Max Reymond) Date: Tue, 16 Aug 2011 11:29:28 +0200 Subject: [Dovecot] maildirsize not always present Message-ID: <4E4A3878.4000301@free.fr> hi, I have a dovecot 1.2.9 and all is runnig fine except for quotas. Some accounts have a maildirsize file in the mail directory. If I delete the file, it is automatically rebuild: OK But other accounts does not have the maildirsize file even after access from dovecot server. All is OK for theses accounts except quota service. what's wrong ? -- Jean-Max Reymond ?ruption de l'Etna: http://jmreymond.free.fr/Etna2002 From mike at skew.org Tue Aug 16 13:00:13 2011 From: mike at skew.org (Mike Brown) Date: Tue, 16 Aug 2011 04:00:13 -0600 (MDT) Subject: [Dovecot] mbox originally needed 0 bytes, now needs maxint bytes Message-ID: <201108161000.p7GA0Dkx031067@chilled.skew.org> I'm running dovecot 1.2.16 from the ports collection on FreeBSD 8.1-STABLE, amd64. I've long been getting the following kind of messages in my logs, on random occasions when I access or move mail into mboxes: Aug 16 00:43:58 myhost dovecot: IMAP(mike): mbox /home/mike/mail/feedback: seq=88 uid=91 uid_broken=0 originally needed 0 bytes, now needs 18446744073709551615 bytes Whatever I'm trying to do always succeeds, but apparently dovecot is confused about something. That number (2^64-1) suggests it has to do with the amd64 architecture. Did a compile option get overlooked? Thanks for whatever you can suggest. Let me know if you need more info. From jmreymond at free.fr Tue Aug 16 13:01:43 2011 From: jmreymond at free.fr (Jean-Max Reymond) Date: Tue, 16 Aug 2011 12:01:43 +0200 Subject: [Dovecot] maildirsize not always present In-Reply-To: <4E4A3878.4000301@free.fr> References: <4E4A3878.4000301@free.fr> Message-ID: <4E4A4007.8050804@free.fr> Le 16/08/2011 11:29, Jean-Max Reymond a ?crit : > hi, > I have a dovecot 1.2.9 and all is runnig fine except for quotas. > Some accounts have a maildirsize file in the mail directory. If I delete > the file, it is automatically rebuild: OK > But other accounts does not have the maildirsize file even after access > from dovecot server. All is OK for theses accounts except quota service. > what's wrong ? > as complement, there is 75 users OK and 330 users KO for these 330 users, thunderbird does not recognize mail quota. I have created by a touch command a maildirsize file but it does not help -- Jean-Max Reymond ?ruption de l'Etna: http://jmreymond.free.fr/Etna2002 From mike at skew.org Tue Aug 16 13:55:42 2011 From: mike at skew.org (Mike Brown) Date: Tue, 16 Aug 2011 04:55:42 -0600 (MDT) Subject: [Dovecot] mbox originally needed 0 bytes, now needs maxint bytes Message-ID: <201108161055.p7GAtgej073739@chilled.skew.org> I'm running dovecot 1.2.16 from the ports collection on FreeBSD 8.1-STABLE, amd64. I've long been getting the following in my logs, seemingly at random (so, only sometimes), when I access or move mail into mboxes: Aug 16 00:43:58 myhost dovecot: IMAP(mike): mbox /home/mike/mail/feedback: seq=88 uid=91 uid_broken=0 originally needed 0 bytes, now needs 18446744073709551615 bytes Whatever I'm trying to do always succeeds, but apparently dovecot is confused about something. That number (2^64-1) suggests it has to do with the amd64 architecture. Did a compile option get overlooked? Let me know if there's anything I need to do to get rid of these warnings. Thanks, Mike From mike at skew.org Tue Aug 16 14:00:24 2011 From: mike at skew.org (Mike Brown) Date: Tue, 16 Aug 2011 05:00:24 -0600 (MDT) Subject: [Dovecot] signal 11 crash, sometimes, during mbox bz2 decompression Message-ID: <201108161100.p7GB0P3R073897@chilled.skew.org> Hello again, I'm running dovecot 1.2.16 from the ports collection on FreeBSD 8.1-STABLE, amd64. To enable IMAP read-only access to gzip or bzip2 compressed mbox files, I added the following to my dovecot.conf, in the protocol imap { ... } section: mail_plugins = zlib My compressed mbox files are all .bz2 files in an 'old' subdirectory of my main mail directory. I am trying to access them with Thunderbird. I 'subscribed' to them just fine, and at first I thought it was working, but I just got lucky on the first couple I accessed. Dovecot actually fails to decompress them about 90% of the time, seemingly at random; the same box will not work a bunch of times, then work once, then not work again and again. When it works, sometimes only some of the messages get transmitted. Most of the failures are accompanied by this pair of messages in my log: Aug 16 00:25:33 myhost dovecot: dovecot: child 943 (imap) killed with signal 11 (core not dumped - set mail_drop_priv_before_exec=yes) Aug 16 00:25:33 myhost kernel: pid 943 (imap), uid 1001: exited on signal 11 Some of the failures have only the "exited on signal 11" message. The very first failure had this: Aug 16 00:22:47 myhost dovecot: IMAP(mike): Next message unexpectedly lost from mbox file (read-only mbox stream) at 2761 (cached) Aug 16 00:22:47 myhost dovecot: IMAP(mike): read(mail, uid=2) failed: Invalid argument Is this a problem with dovecot? Let me know if/how I can help, or what other info you need. Thanks, Mike From mike at skew.org Tue Aug 16 14:01:43 2011 From: mike at skew.org (Mike Brown) Date: Tue, 16 Aug 2011 05:01:43 -0600 (MDT) Subject: [Dovecot] mbox originally needed 0 bytes, now needs maxint bytes In-Reply-To: <201108161055.p7GAtgej073739@chilled.skew.org> Message-ID: <201108161101.p7GB1h6Z073954@chilled.skew.org> Sorry for the duplicate post. I lost my network connection right as I was sending the first one. From a.cappelli at asidev.com Tue Aug 16 14:44:17 2011 From: a.cappelli at asidev.com (Andrea Cappelli) Date: Tue, 16 Aug 2011 13:44:17 +0200 Subject: [Dovecot] Sieve include Message-ID: <4E4A5811.3080407@asidev.com> Hi, I'm using dovecot 1.2.15 with ISPConfig and Roundcube with sieve plugin. To avoid conflicts between ISPConfig and Roundcube during script writing I would use include in the ISPconfig template to use the roundcube script To simplify this task I'm wondering if there is a way to have a "star include", like include :personal "*.sieve"; Thank you Andrea From stephan at rename-it.nl Wed Aug 17 00:12:38 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 16 Aug 2011 14:12:38 -0700 Subject: [Dovecot] Sieve include In-Reply-To: <4E4A5811.3080407@asidev.com> References: <4E4A5811.3080407@asidev.com> Message-ID: <4E4ADD46.6040509@rename-it.nl> On 8/16/2011 4:44 AM, Andrea Cappelli wrote: > Hi, > I'm using dovecot 1.2.15 with ISPConfig and Roundcube with sieve plugin. > > To avoid conflicts between ISPConfig and Roundcube during script > writing I would use include in the ISPconfig template to use the > roundcube script > > To simplify this task I'm wondering if there is a way to have a "star > include", like > > include :personal "*.sieve"; Eh, no. BTW, the .sieve extension is implicit and should not be specified in the script at all (unless the script file is called script.sieve.sieve). Regards, Stephan. From a.cappelli at asidev.com Tue Aug 16 15:39:22 2011 From: a.cappelli at asidev.com (Andrea Cappelli) Date: Tue, 16 Aug 2011 14:39:22 +0200 Subject: [Dovecot] Sieve include In-Reply-To: <4E4ADD46.6040509@rename-it.nl> References: <4E4A5811.3080407@asidev.com> <4E4ADD46.6040509@rename-it.nl> Message-ID: <4E4A64FA.1000409@asidev.com> Il 16/08/11 23:12, Stephan Bosch ha scritto: > On 8/16/2011 4:44 AM, Andrea Cappelli wrote: >> Hi, >> I'm using dovecot 1.2.15 with ISPConfig and Roundcube with sieve plugin. >> >> To avoid conflicts between ISPConfig and Roundcube during script >> writing I would use include in the ISPconfig template to use the >> roundcube script >> >> To simplify this task I'm wondering if there is a way to have a >> "star include", like >> >> include :personal "*.sieve"; > > Eh, no. Thank you for your quick and precise reply > > BTW, the .sieve extension is implicit and should not be specified in > the script at all (unless the script file is called script.sieve.sieve). > Ah, ok, I'll change my script Andrea From kzorba at otenet.gr Tue Aug 16 16:42:06 2011 From: kzorba at otenet.gr (Kostas Zorbadelos) Date: Tue, 16 Aug 2011 16:42:06 +0300 Subject: [Dovecot] Bug report v2.0.13 - CentOS x86_64 - NFS - mbox In-Reply-To: <20110815111701.68513psu7vb3wflp@noc.otenet.gr> References: <4E294AC0.2060706@otenet.gr> <4E425874.6040507@otenet.gr> <1313355050.10421.1285.camel@hurina> <20110815111701.68513psu7vb3wflp@noc.otenet.gr> Message-ID: <4E4A73AE.7090402@otenet.gr> On 08/15/2011 11:17 AM, kzorba at otenet.gr wrote: > Quoting Timo Sirainen : > >> With a quick test I can't reproduce pop3_lock_session=yes causing a >> crash. I guess it needs something else besides what I tested. It would >> be helpful if your Dovecot binaries weren't stripped of debug symbols. I >> could then ask for some more information from the core dumps with gdb. >> > Timo, all here is a backtrace with debuging symbols in the executables: [root at pop08 ]# gdb /opt/dovecot-debug/libexec/dovecot/pop3 core.2929 GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-32.el5_6.2) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: ... Reading symbols from /opt/dovecot-debug/libexec/dovecot/pop3...done. BFD: Warning: /var/mail7/folders/P/K/U/amihal/core.2929 is truncated: expected core file size >= 569344, found: 565248. Reading symbols from /opt/dovecot-debug/lib/dovecot/libdovecot-storage.so.0...done. Loaded symbols for /opt/dovecot-debug/lib/dovecot/libdovecot-storage.so.0 Reading symbols from /opt/dovecot-debug/lib/dovecot/libdovecot.so.0...done. Loaded symbols for /opt/dovecot-debug/lib/dovecot/libdovecot.so.0 Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libdl.so.2 Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/librt.so.1 Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libc.so.6 Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done. Loaded symbols for /lib64/libpthread.so.0 Core was generated by `dovecot/pop3'. Program terminated with signal 11, Segmentation fault. #0 istream_raw_mbox_get_start_offset (stream=0x0) at istream-raw-mbox.c:498 498 istream-raw-mbox.c: No such file or directory. in istream-raw-mbox.c (gdb) bt #0 istream_raw_mbox_get_start_offset (stream=0x0) at istream-raw-mbox.c:498 #1 0x00002b4114afc769 in mbox_mail_get_special (_mail=0x1bad8fa0, field=, value_r=0x7fff9600fa88) at mbox-mail.c:198 #2 0x00002b4114adb2d0 in index_mail_expunge (mail=0x0) at index-mail.c:1503 #3 0x0000000000405eac in client_update_mails (client=0x1bac4a00) at pop3-commands.c:255 #4 0x00000000004061d1 in cmd_quit (client=0x1bac4a00, name=0x1baccbd4 "", args=0x406a0c "") at pop3-commands.c:274 #5 client_command_execute (client=0x1bac4a00, name=0x1baccbd4 "", args=0x406a0c "") at pop3-commands.c:773 #6 0x00000000004045c9 in client_handle_input (client=0x1bac4a00) at pop3-client.c:628 #7 0x00002b4114db0698 in io_loop_call_io (io=0x1bac01d0) at ioloop.c:384 #8 0x00002b4114db19d5 in io_loop_handler_run (ioloop=) at ioloop-epoll.c:213 #9 0x00002b4114db062d in io_loop_run (ioloop=0x1baa8610) at ioloop.c:405 #10 0x00002b4114d9ef13 in master_service_run (service=0x1baa84e0, callback=0x1baccbe4) at master-service.c:478 #11 0x00000000004039a4 in main (argc=1, argv=0x1baa8370) at main.c:252 (gdb) bt full #0 istream_raw_mbox_get_start_offset (stream=0x0) at istream-raw-mbox.c:498 rstream = __FUNCTION__ = "istream_raw_mbox_get_start_offset" #1 0x00002b4114afc769 in mbox_mail_get_special (_mail=0x1bad8fa0, field=, value_r=0x7fff9600fa88) at mbox-mail.c:198 mail = mbox = 0x1bac97d0 offset = 0 #2 0x00002b4114adb2d0 in index_mail_expunge (mail=0x0) at index-mail.c:1503 value = guid_128 = "\240\267\252\033\000\000\000\000\001\000\000\000\000\000\000" #3 0x0000000000405eac in client_update_mails (client=0x1bac4a00) at pop3-commands.c:255 search_args = 0x0 ctx = 0x1bace150 mail = 0x1bad8fa0 msgnum = 0 bit = 464309220 ret = #4 0x00000000004061d1 in cmd_quit (client=0x1bac4a00, name=0x1baccbd4 "", args=0x406a0c "") at pop3-commands.c:274 No locals. #5 client_command_execute (client=0x1bac4a00, name=0x1baccbd4 "", args=0x406a0c "") at pop3-commands.c:773 No locals. #6 0x00000000004045c9 in client_handle_input (client=0x1bac4a00) at pop3-client.c:628 _data_stack_cur_id = 3 line = 0x1baab872 "QUIT" args = 0x406a0c "" ret = #7 0x00002b4114db0698 in io_loop_call_io (io=0x1bac01d0) at ioloop.c:384 ioloop = 0x1baa8610 t_id = 2 #8 0x00002b4114db19d5 in io_loop_handler_run (ioloop=) at ioloop-epoll.c:213 ctx = event = 0x1baa88b0 list = 0x1bac0220 io = 0x0 tv = {tv_sec = 9, tv_usec = 871818} events_count = msecs = ---Type to continue, or q to quit--- ret = 1 i = 0 call = false #9 0x00002b4114db062d in io_loop_run (ioloop=0x1baa8610) at ioloop.c:405 No locals. #10 0x00002b4114d9ef13 in master_service_run (service=0x1baa84e0, callback=0x1baccbe4) at master-service.c:478 No locals. #11 0x00000000004039a4 in main (argc=1, argv=0x1baa8370) at main.c:252 service_flags = storage_service_flags = MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT postlogin_socket_path = 0x0 username = 0x0 c = set_roots = {0x4072a0, 0x0} (gdb) quit I have also kept the user's mailbox. I couldn't reproduce the problem by talking POP3 directly to the server by hand. Any ideas? Thanks, Kostas > Hi Timo, > > indeed it is a bug that I could not reproduce myself. > Having debug symbols and producing the stack trace is the next > logical step and I will work on this tomorrow. > Since --enable-debug does not work in your configure script, can you > direct me as to what is needed? Is there an option in configure or > do I need to mess with the makefiles? > > On the other hand, I have found two different bugs. > Having pop3_lock_session=yes we have the situation described here and also > of course delays in local deliveries in case a client has an active pop > session. And I can tell you we have a lot of abusing clients that keep > hitting our pop servers continuously, or keep connections open for a VERY > long time. > > To address that, we put pop3_lock_session=no. In this case, there is an > fcntl > lock leak somewhere. The good news is that we have reproduced that and I > will > send relevant information in a different mail. > I also read the following thread, from a while back: > > http://www.dovecot.org/list/dovecot/2009-February/037098.html > > Regards, > > Kostas > From juan at inti.gob.ar Tue Aug 16 17:05:01 2011 From: juan at inti.gob.ar (Juan Bernhard) Date: Tue, 16 Aug 2011 11:05:01 -0300 Subject: [Dovecot] maildirsize not always present In-Reply-To: <4E4A4007.8050804@free.fr> References: <4E4A3878.4000301@free.fr> <4E4A4007.8050804@free.fr> Message-ID: <4E4A790D.9070807@inti.gob.ar> Hi, are you using exim as mta? I been told in exim list that maildirsize might be removed under certain conditions (exim-*/src/transports/tf_maildir.c) El 16/08/2011 07:01 a.m., Jean-Max Reymond escribi?: > Le 16/08/2011 11:29, Jean-Max Reymond a ?crit : >> hi, >> I have a dovecot 1.2.9 and all is runnig fine except for quotas. >> Some accounts have a maildirsize file in the mail directory. If I delete >> the file, it is automatically rebuild: OK >> But other accounts does not have the maildirsize file even after access >> from dovecot server. All is OK for theses accounts except quota service. >> what's wrong ? >> > > as complement, there is 75 users OK and 330 users KO > for these 330 users, thunderbird does not recognize mail quota. I have > created by a touch command a maildirsize file but it does not help > From jmreymond at free.fr Tue Aug 16 18:05:37 2011 From: jmreymond at free.fr (Jean-Max Reymond) Date: Tue, 16 Aug 2011 17:05:37 +0200 Subject: [Dovecot] maildirsize not always present In-Reply-To: <4E4A790D.9070807@inti.gob.ar> References: <4E4A3878.4000301@free.fr> <4E4A4007.8050804@free.fr> <4E4A790D.9070807@inti.gob.ar> Message-ID: <4E4A8741.1000103@free.fr> thanks for your answer but my mta is postfix. If I delete the maidirsize file, it is automatically created for my 75 users OK but for the 330 users, no way to create this file. I am using a postfix database and I have checked the SQL request, the contents of the tables but nothing :-( Le 16/08/2011 16:05, Juan Bernhard a ?crit : > Hi, are you using exim as mta? I been told in exim list that maildirsize > might be removed under certain conditions > (exim-*/src/transports/tf_maildir.c) > > > El 16/08/2011 07:01 a.m., Jean-Max Reymond escribi?: >> Le 16/08/2011 11:29, Jean-Max Reymond a ?crit : >>> hi, >>> I have a dovecot 1.2.9 and all is runnig fine except for quotas. >>> Some accounts have a maildirsize file in the mail directory. If I delete >>> the file, it is automatically rebuild: OK >>> But other accounts does not have the maildirsize file even after access >>> from dovecot server. All is OK for theses accounts except quota service. >>> what's wrong ? >>> >> >> as complement, there is 75 users OK and 330 users KO >> for these 330 users, thunderbird does not recognize mail quota. I have >> created by a touch command a maildirsize file but it does not help >> -- Jean-Max Reymond ?ruption de l'Etna: http://jmreymond.free.fr/Etna2002 From rob0 at gmx.co.uk Tue Aug 16 20:51:29 2011 From: rob0 at gmx.co.uk (/dev/rob0) Date: Tue, 16 Aug 2011 12:51:29 -0500 Subject: [Dovecot] OT: offlist replies (was: Re: Slackware Dovecot recompile with SSL/TLS question) In-Reply-To: <20110816022121.GJ14195@harrier.slackbuilds.org> References: <4E49A6B9.9000706@gmail.com> <20110816022121.GJ14195@harrier.slackbuilds.org> Message-ID: <20110816175129.GK14195@harrier.slackbuilds.org> On Mon, Aug 15, 2011 at 09:21:22PM -0500, I wrote stuff under this header: Reply-To: dovecot at dovecot.org List mail belongs on the list. The only reason to reply offlist as described below is if specifically requested, or if not relevant to the issue at hand. I have no particular interest in this nor any other problem posted on list unless I have been hired to fix it. I see offlist mail as detailed below in the .sig, but I won't participate in offlist discussions which belong on the list. -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header From spodletela at gmail.com Tue Aug 16 22:08:19 2011 From: spodletela at gmail.com (Spod Letela) Date: Tue, 16 Aug 2011 21:08:19 +0200 Subject: [Dovecot] dovecot 2.0.13 fd_send(imap, 15) failed, dovecot 1.2.16 fd_send(10) failed Message-ID: Hi, I am reinstalling my server and i have encoutered a strange problem, both dovecot 2.0.13 and 1.2.16 are reporting me a problem with fd_send Invalid argument on imap login. I am running dragonfly bsd 2.10.1., compiled dovecot from pkgsrc. Can someone help me out or at least point me in some direction, i am a bit lost... :( Aug 15 10:01:00 master: Info: Dovecot v2.0.13 starting up Aug 15 10:01:10 auth: Debug: Loading modules from directory: /usr/pkg/lib/dovecot/auth Aug 15 10:01:10 auth: Debug: auth client connected (pid=1206) Aug 15 10:01:10 auth: Debug: client in: AUTH 1 PLAIN service=imap secured lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=1032 resp=x Aug 15 10:01:10 auth: Debug: Loading modules from directory: /usr/pkg/lib/dovecot/auth Aug 15 10:01:10 auth: Debug: passwd(y,127.0.0.1): lookup Aug 15 10:01:10 auth: Debug: client out: OK 1 user=y Aug 15 10:01:10 imap-login: Error: fd_send(imap, 15) failed: Invalid argument Aug 15 10:01:10 auth: Debug: client in: CANCEL 1 Aug 15 10:01:10 imap-login: Info: Internal login failure (pid=1206 id=1) (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Aug 15 11:01:27 master: Warning: Killed with signal 15 (by pid=0 uid=0 code=kill) Aug 16 01:55:45 dovecot: Info: Dovecot v1.2.16 starting up Aug 16 01:56:35 imap-login: Fatal: fd_send(10) failed: Invalid argument Aug 16 08:22:29 dovecot: Warning: Killed with signal 15 (by pid=0 uid=0 code=kill) Aug 16 08:22:31 dovecot: Info: Dovecot v1.2.16 starting up Aug 16 08:22:48 imap-login: Fatal: fd_send(10) failed: Invalid argument From nick+dovecot at bunbun.be Tue Aug 16 23:38:34 2011 From: nick+dovecot at bunbun.be (Nick Rosier) Date: Tue, 16 Aug 2011 22:38:34 +0200 Subject: [Dovecot] Dovecot-Antispam 2.0 with SpamAssassin (sa-learn) Message-ID: <4E4AD54A.1000507@bunbun.be> Hi, has anyone figured out how to use the dovecot-antispam plugin with sa-learn? I need to pass the username (user at domain.tld) to sa-learn and --ham or --spam depending on the move. I was thinking of using the CRM14 option and replace the command and arguments but cannot find anything about the ability to pass the username. Any pointers would be welcome. N. From tss at iki.fi Wed Aug 17 00:40:07 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 17 Aug 2011 00:40:07 +0300 Subject: [Dovecot] maildirsize not always present In-Reply-To: <4E4A8741.1000103@free.fr> References: <4E4A3878.4000301@free.fr> <4E4A4007.8050804@free.fr> <4E4A790D.9070807@inti.gob.ar> <4E4A8741.1000103@free.fr> Message-ID: <75B811B6-35F0-4F52-9EAF-65411EACE28B@iki.fi> I guess these users have unlimited quota? If not, show dovecot -n output and the dovecot-sql.conf file and what gets logged to these users with auth_debug=yes. On 16.8.2011, at 18.05, Jean-Max Reymond wrote: > thanks for your answer but my mta is postfix. > If I delete the maidirsize file, it is automatically created for my 75 users OK but for the 330 users, no way to create this file. > I am using a postfix database and I have checked the SQL request, the contents of the tables but nothing :-( > > Le 16/08/2011 16:05, Juan Bernhard a ?crit : >> Hi, are you using exim as mta? I been told in exim list that maildirsize >> might be removed under certain conditions >> (exim-*/src/transports/tf_maildir.c) >> >> >> El 16/08/2011 07:01 a.m., Jean-Max Reymond escribi?: >>> Le 16/08/2011 11:29, Jean-Max Reymond a ?crit : >>>> hi, >>>> I have a dovecot 1.2.9 and all is runnig fine except for quotas. >>>> Some accounts have a maildirsize file in the mail directory. If I delete >>>> the file, it is automatically rebuild: OK >>>> But other accounts does not have the maildirsize file even after access >>>> from dovecot server. All is OK for theses accounts except quota service. >>>> what's wrong ? >>>> >>> >>> as complement, there is 75 users OK and 330 users KO >>> for these 330 users, thunderbird does not recognize mail quota. I have >>> created by a touch command a maildirsize file but it does not help >>> > > > -- > Jean-Max Reymond > ?ruption de l'Etna: http://jmreymond.free.fr/Etna2002 > From tss at iki.fi Wed Aug 17 00:42:52 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 17 Aug 2011 00:42:52 +0300 Subject: [Dovecot] dovecot 2.0.13 fd_send(imap, 15) failed, dovecot 1.2.16 fd_send(10) failed In-Reply-To: References: Message-ID: <0F98FDEB-3E08-472B-B89C-1B8F52811611@iki.fi> On 16.8.2011, at 22.08, Spod Letela wrote: > Hi, I am reinstalling my server and i have encoutered a strange problem, > both dovecot 2.0.13 and 1.2.16 are > reporting me a problem with fd_send Invalid argument on imap login. I am > running dragonfly bsd 2.10.1., compiled > dovecot from pkgsrc. This happens always? Try modifying src/lib/fdpass.c file. For example add to line 70: #define BUGGY_CMSG_MACROS If that doesn't help, add: #undef CMSG_SPACE If that doesn't help, I'm not really sure what else to try. In any case I'd say this is a dragonflybsd bug. From jmreymond at free.fr Wed Aug 17 00:48:15 2011 From: jmreymond at free.fr (Jean-Max Reymond) Date: Tue, 16 Aug 2011 23:48:15 +0200 Subject: [Dovecot] maildirsize not always present In-Reply-To: <75B811B6-35F0-4F52-9EAF-65411EACE28B@iki.fi> References: <4E4A3878.4000301@free.fr> <4E4A4007.8050804@free.fr> <4E4A790D.9070807@inti.gob.ar> <4E4A8741.1000103@free.fr> <75B811B6-35F0-4F52-9EAF-65411EACE28B@iki.fi> Message-ID: <4E4AE59F.8010506@free.fr> all seems OK for me and all the users have quota set. $ cat /etc/dovecot/dovecot-sql.conf password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND active='1' # Query to retrieve user information. user_query = SELECT concat('/home/mail/',maildir) as home, 8 AS uid, 8 AS gid, concat('maildir:storage=', quota/1024) AS quota FROM mailbox WHERE username = '%u' AND active='1' Whhen I request the database, quota is working for the first user and not for the second user but it is very similar mysql> SELECT concat('/home/mail/',maildir) as home, 8 AS uid, 8 AS gid, concat('maildir:storage=', quota/1024) AS quota FROM mailbox WHERE username like 'francois.char%' OR username like 'cyril%'; +-----------------------------------------------+-----+-----+-------------------------------+ | home | uid | gid | quota | +-----------------------------------------------+-----+-----+-------------------------------+ | /home/mail/dracenie.com/cyril.lafont/Maildir/ | 8 | 8 | maildir:storage=10000000.0000 | | /home/mail/dracenie.com/francois.charnier/ | 8 | 8 | maildir:storage=1464000.0000 | +-----------------------------------------------+-----+-----+-------------------------------+ 2 rows in set (0.00 sec) So, tomorrow, I will set auth_debug=yes to trace users activity # dovecot -n # 1.2.9: /etc/dovecot/dovecot.conf Warning: fd limit 1024 is lower than what Dovecot can use under full load (more than 2560). Either grow the limit or change login_max_processes_count and max_mail_processes settings # OS: Linux 2.6.32-33-server x86_64 Ubuntu 10.04.3 LTS log_path: /var/log/dovecot.log log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps managesieve ssl_key_file: /etc/ssl/private/dovecot.key login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login login_max_processes_count: 1024 mail_max_userip_connections(default): 500 mail_max_userip_connections(imap): 500 mail_max_userip_connections(managesieve): 10 first_valid_uid: 8 mail_privileged_group: mail mail_location: maildir:%h mmap_disable: yes mail_nfs_storage: yes mail_nfs_index: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve lda: postmaster_address: postmaster at dracenie.com mail_plugins: sieve quota_full_tempfail: yes deliver_log_format: msgid=%m: %$ rejection_reason: Your message to <%t> was automatically rejected:%n%r auth default: mechanisms: plain login passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf plugin: quota: maildir Le 16/08/2011 23:40, Timo Sirainen a ?crit : > I guess these users have unlimited quota? If not, show dovecot -n output and the dovecot-sql.conf file and what gets logged to these users with auth_debug=yes. > > On 16.8.2011, at 18.05, Jean-Max Reymond wrote: > >> thanks for your answer but my mta is postfix. >> If I delete the maidirsize file, it is automatically created for my 75 users OK but for the 330 users, no way to create this file. >> I am using a postfix database and I have checked the SQL request, the contents of the tables but nothing :-( >> >> Le 16/08/2011 16:05, Juan Bernhard a ?crit : >>> Hi, are you using exim as mta? I been told in exim list that maildirsize >>> might be removed under certain conditions >>> (exim-*/src/transports/tf_maildir.c) >>> >>> >>> El 16/08/2011 07:01 a.m., Jean-Max Reymond escribi?: >>>> Le 16/08/2011 11:29, Jean-Max Reymond a ?crit : >>>>> hi, >>>>> I have a dovecot 1.2.9 and all is runnig fine except for quotas. >>>>> Some accounts have a maildirsize file in the mail directory. If I delete >>>>> the file, it is automatically rebuild: OK >>>>> But other accounts does not have the maildirsize file even after access >>>>> from dovecot server. All is OK for theses accounts except quota service. >>>>> what's wrong ? >>>>> >>>> >>>> as complement, there is 75 users OK and 330 users KO >>>> for these 330 users, thunderbird does not recognize mail quota. I have >>>> created by a touch command a maildirsize file but it does not help >>>> >> >> >> -- >> Jean-Max Reymond >> ?ruption de l'Etna: http://jmreymond.free.fr/Etna2002 >> > -- Jean-Max Reymond ?ruption de l'Etna: http://jmreymond.free.fr/Etna2002 From tss at iki.fi Wed Aug 17 00:51:49 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 17 Aug 2011 00:51:49 +0300 Subject: [Dovecot] maildirsize not always present In-Reply-To: <4E4AE59F.8010506@free.fr> References: <4E4A3878.4000301@free.fr> <4E4A4007.8050804@free.fr> <4E4A790D.9070807@inti.gob.ar> <4E4A8741.1000103@free.fr> <75B811B6-35F0-4F52-9EAF-65411EACE28B@iki.fi> <4E4AE59F.8010506@free.fr> Message-ID: <36EC729C-44AB-4504-AE7B-0EC2C194F4E9@iki.fi> On 17.8.2011, at 0.48, Jean-Max Reymond wrote: > user_query = SELECT concat('/home/mail/',maildir) as home, 8 AS uid, 8 AS gid, concat('maildir:storage=', quota/1024) AS quota FROM mailbox WHERE username = '%u' AND active='1' .. > # 1.2.9: /etc/dovecot/dovecot.conf You're using v1.0's quota configuration with v1.2. All of your users have unlimited quota currently. You'll need quota_rules, see wiki. From jmreymond at free.fr Wed Aug 17 00:53:36 2011 From: jmreymond at free.fr (Jean-Max Reymond) Date: Tue, 16 Aug 2011 23:53:36 +0200 Subject: [Dovecot] maildirsize not always present In-Reply-To: <36EC729C-44AB-4504-AE7B-0EC2C194F4E9@iki.fi> References: <4E4A3878.4000301@free.fr> <4E4A4007.8050804@free.fr> <4E4A790D.9070807@inti.gob.ar> <4E4A8741.1000103@free.fr> <75B811B6-35F0-4F52-9EAF-65411EACE28B@iki.fi> <4E4AE59F.8010506@free.fr> <36EC729C-44AB-4504-AE7B-0EC2C194F4E9@iki.fi> Message-ID: <4E4AE6E0.7060101@free.fr> Le 16/08/2011 23:51, Timo Sirainen a ?crit : > On 17.8.2011, at 0.48, Jean-Max Reymond wrote: > >> user_query = SELECT concat('/home/mail/',maildir) as home, 8 AS uid, 8 AS gid, concat('maildir:storage=', quota/1024) AS quota FROM mailbox WHERE username = '%u' AND active='1' > .. >> # 1.2.9: /etc/dovecot/dovecot.conf > > You're using v1.0's quota configuration with v1.2. All of your users have unlimited quota currently. You'll need quota_rules, see wiki. > thanks a lot. I check my 1.2 configuration -- Jean-Max Reymond ?ruption de l'Etna: http://jmreymond.free.fr/Etna2002 From david at davidfavor.com Wed Aug 17 00:55:41 2011 From: david at davidfavor.com (David Favor) Date: Tue, 16 Aug 2011 16:55:41 -0500 Subject: [Dovecot] Dovecot-2.0.14? Message-ID: <4E4AE75D.6040508@davidfavor.com> ETA on 2.0.14? -- Love feeling your best ever, all day, every day? Click http://RadicalHealth.com for the easy way! From tss at iki.fi Wed Aug 17 01:54:09 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 17 Aug 2011 01:54:09 +0300 Subject: [Dovecot] Dovecot-2.0.14? In-Reply-To: <4E4AE75D.6040508@davidfavor.com> References: <4E4AE75D.6040508@davidfavor.com> Message-ID: <1BD0229C-9769-4805-887E-21FF3397B020@iki.fi> On 17.8.2011, at 0.55, David Favor wrote: > ETA on 2.0.14? Dunno. From dlie76 at yahoo.com.au Wed Aug 17 05:44:21 2011 From: dlie76 at yahoo.com.au (Daminto Lie) Date: Tue, 16 Aug 2011 19:44:21 -0700 (PDT) Subject: [Dovecot] invalid credential using openldap Message-ID: <1313549061.94327.YahooMailNeo@web113403.mail.gq1.yahoo.com> Hi, What I have been trying to achieve is to be able to authenticate users through openLDAP while using Postfix, Dovecot as IMAP server and squirrelmail. I keep getting the following error messages when trying to login to squirrelmail 2011-08-17 12:27:59 auth(default): Info: client in: AUTH??? 1??? PLAIN??? service=imap??? secured??? lip=127.0.0.1??? rip=127.0.0.1??? lport=143??? rport=57794??? resp=AGFkbWluAGFwbXg2c3Bu 2011-08-17 12:27:59 auth(default): Info: ldap(myuser,127.0.0.1): invalid credentials (given password: xxx) 2011-08-17 12:28:00 auth(default): Info: new auth connection: pid=1921 2011-08-17 12:28:01 auth(default): Info: client out: FAIL??? 1??? user=myuser 2011-08-17 12:28:06 imap-login: Info: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured This seems to be trivial but I just could not figure out what else went wrong. I wonder if anyone might be able to give me a bit of help as I'm still learning my way around under linux system environment. The following is what I have in /etc/dovecot/dovecot-slapd.conf hosts = localhost dn = cn=myadmin,dc=mycompany,dc=com dnpass = secrets auth_bind = yes auth_bind_userdn = cn=%u,ou=people,dc=mycompany,dc=com ldap_version = 3 base = ou=people, dc=pbj, dc=com, dc=au scope = subtree user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=posixAccount)(uid=%u)) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%u)) Thank you in advance From koshikov at gmail.com Wed Aug 17 09:26:25 2011 From: koshikov at gmail.com (Nikita Koshikov) Date: Wed, 17 Aug 2011 09:26:25 +0300 Subject: [Dovecot] Dovecot-Antispam 2.0 with SpamAssassin (sa-learn) In-Reply-To: <4E4AD54A.1000507@bunbun.be> References: <4E4AD54A.1000507@bunbun.be> Message-ID: <20110817092625.7bf84b43@jimbo> On Tue, 16 Aug 2011 22:38:34 +0200 Nick Rosier wrote: > Hi, > > has anyone figured out how to use the dovecot-antispam plugin with > sa-learn? I need to pass the username (user at domain.tld) to sa-learn and > --ham or --spam depending on the move. I was thinking of using the CRM14 > option and replace the command and arguments but cannot find anything > about the ability to pass the username. > Any pointers would be welcome. > > N. Write a wrapper on sa-learn. The script should parse env first and that exec learning with appropriative args, like: antispam_mail_sendmail = /etc/dovecot/plugins/spam.sh Scrip, something like: #!/bin/bash ( env > /tmp/antispam.$$ /usr/bin/sa-learn $@ exit 0 ) search for PWD environment in /tmp/antispam.$$ . From tom at whyscream.net Wed Aug 17 10:59:57 2011 From: tom at whyscream.net (Tom Hendrikx) Date: Wed, 17 Aug 2011 09:59:57 +0200 Subject: [Dovecot] Dovecot-Antispam 2.0 with SpamAssassin (sa-learn) In-Reply-To: <20110817092625.7bf84b43@jimbo> References: <4E4AD54A.1000507@bunbun.be> <20110817092625.7bf84b43@jimbo> Message-ID: <4E4B74FD.70801@whyscream.net> On 17/08/11 08:26, Nikita Koshikov wrote: > On Tue, 16 Aug 2011 22:38:34 +0200 > Nick Rosier wrote: > >> Hi, >> >> has anyone figured out how to use the dovecot-antispam plugin with >> sa-learn? I need to pass the username (user at domain.tld) to sa-learn and >> --ham or --spam depending on the move. I was thinking of using the CRM14 >> option and replace the command and arguments but cannot find anything >> about the ability to pass the username. >> Any pointers would be welcome. >> >> N. > Write a wrapper on sa-learn. The script should parse env first and that exec learning with appropriative args, like: > antispam_mail_sendmail = /etc/dovecot/plugins/spam.sh > > Scrip, something like: > #!/bin/bash > > ( > env > /tmp/antispam.$$ > /usr/bin/sa-learn $@ > exit 0 > ) > search for PWD environment in /tmp/antispam.$$ . > > I use the dspam backend and pass the user into the commandline with %u, which seems to work, but is not documented in the man page. To be clear, this is with the plugin from: http://wiki2.dovecot.org/Plugins/Antispam -- Regards, Tom From a.chapellon at horoa.net Wed Aug 17 13:03:42 2011 From: a.chapellon at horoa.net (Alexandre Chapellon) Date: Wed, 17 Aug 2011 12:03:42 +0200 Subject: [Dovecot] May Dovecot help in users education Message-ID: <4E4B91FE.6030002@horoa.net> Hello, I was wondering if dovecot could help me in my project to smoothly make all my users switch to TLS encrypted POP / IMAP sessions and forget about cleartext. My first idea was to setup dovecot as a POP/IMAP proxy for my mailhosts and ask dovecot to display a warning message or slowdown non TLS sessions. Is there any way to achieve this with dovecot? Does anybody have another idea smoothly force used to switch to TLS? Regards. -- -------------- next part -------------- A non-text attachment was scrubbed... Name: horoa_sig.png Type: image/png Size: 6693 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: a_chapellon.vcf Type: text/x-vcard Size: 373 bytes Desc: not available URL: From r.vicinus at metaways.de Wed Aug 17 14:42:27 2011 From: r.vicinus at metaways.de (Reinhard Vicinus) Date: Wed, 17 Aug 2011 11:42:27 +0000 Subject: [Dovecot] Segmentation fault in dovecot director lmtp service Message-ID: <20110817114228.2705AA0D2@mx04.metaways.net> Hi, the lmtp service of our dovecot director installation quits with a segmentation fault if a lot of mails are simultaneously delivered. For example if the postfix mailqueue is filled (for whatever reason) and postqueue -f is run the lmtp service quits with a segmentation fault: Program terminated with signal 11, Segmentation fault. #0? o_stream_cork (stream=0x0) at ostream.c:75 75????????????? if (unlikely(stream->closed)) (gdb) backtrace #0? o_stream_cork (stream=0x0) at ostream.c:75 #1? 0x00007fa6e6af45d9 in lmtp_client_send_more (client=0x2435870) at lmtp-client.c:596 #2? 0x0000000002434170 in ?? () #3? 0x00000000004070d9 in proxy_send_more (proxy=0x2435870) at lmtp-proxy.c:390 #4? lmtp_proxy_data_input (proxy=0x2435870) at lmtp-proxy.c:444 #5? 0x00007fa6e6af456f in lmtp_client_send_data (client=0x24347a0) at lmtp-client.c:306 #6? 0x0000000002434f98 in ?? () #7? 0xffffffffe6af73c5 in ?? () #8? 0x0000000002434840 in ?? () #9? 0x0000000000000000 in ?? () I don't have any ideas why the stream is 0. The configuration of the dovecot director installation is attached. Please let me know if i shall provide any more information or test something. Kind regards Reinhard -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: dovecot-director-conf.txt URL: From thierry at mailhub.co.za Wed Aug 17 15:12:54 2011 From: thierry at mailhub.co.za (Thierry de Montaudry) Date: Wed, 17 Aug 2011 14:12:54 +0200 Subject: [Dovecot] Segmentation fault in dovecot director lmtp service In-Reply-To: <20110817114228.2705AA0D2@mx04.metaways.net> References: <20110817114228.2705AA0D2@mx04.metaways.net> Message-ID: On 17 Aug 2011, at 13:42, Reinhard Vicinus wrote: > Hi, > > > the lmtp service of our dovecot director installation quits with a > segmentation fault if a lot of mails are simultaneously delivered. > For example if the postfix mailqueue is filled (for whatever reason) > and postqueue -f is run the lmtp service quits with a segmentation > fault: > > > Program terminated with signal 11, Segmentation fault. > > #0 o_stream_cork (stream=0x0) at ostream.c:75 > > 75 if (unlikely(stream->closed)) > > (gdb) backtrace > > #0 o_stream_cork (stream=0x0) at ostream.c:75 > > #1 0x00007fa6e6af45d9 in lmtp_client_send_more (client=0x2435870) > at lmtp-client.c:596 > > #2 0x0000000002434170 in ?? () > > #3 0x00000000004070d9 in proxy_send_more (proxy=0x2435870) at > lmtp-proxy.c:390 > > #4 lmtp_proxy_data_input (proxy=0x2435870) at lmtp-proxy.c:444 > > #5 0x00007fa6e6af456f in lmtp_client_send_data (client=0x24347a0) > at lmtp-client.c:306 > > #6 0x0000000002434f98 in ?? () > > #7 0xffffffffe6af73c5 in ?? () > > #8 0x0000000002434840 in ?? () > > #9 0x0000000000000000 in ?? () > > > I don't have any ideas why the stream is 0. The configuration of the > dovecot director installation is attached. Please let me know if i > shall provide any more information or test something. > > > Kind regards > > Reinhard > Hi, You might need to limit the concurrent deliveries from postfix. Check the maxproc parameter in your master.conf, which is 100 by default. You should reduce it to some lower value, I would say between 10 and 40 depending on your system. That would allow your queues to grow without putting too much stress on the deliveries, even when forcing it with postqueue -f. Regards, Thierry From per at computer.org Wed Aug 17 15:43:49 2011 From: per at computer.org (Per Jessen) Date: Wed, 17 Aug 2011 14:43:49 +0200 Subject: [Dovecot] Segmentation fault in dovecot director lmtp service References: <20110817114228.2705AA0D2@mx04.metaways.net> Message-ID: Thierry de Montaudry wrote: > On 17 Aug 2011, at 13:42, Reinhard Vicinus wrote: > >> Hi, >> >> >> the lmtp service of our dovecot director installation quits with a >> segmentation fault if a lot of mails are simultaneously delivered. >> For example if the postfix mailqueue is filled (for whatever >> reason) and postqueue -f is run the lmtp service quits with a >> segmentation fault: >> >> >> Program terminated with signal 11, Segmentation fault. >> >> #0 o_stream_cork (stream=0x0) at ostream.c:75 >> >> 75 if (unlikely(stream->closed)) >> >> (gdb) backtrace >> >> #0 o_stream_cork (stream=0x0) at ostream.c:75 >> >> #1 0x00007fa6e6af45d9 in lmtp_client_send_more (client=0x2435870) >> at lmtp-client.c:596 >> >> #2 0x0000000002434170 in ?? () >> >> #3 0x00000000004070d9 in proxy_send_more (proxy=0x2435870) at >> lmtp-proxy.c:390 >> >> #4 lmtp_proxy_data_input (proxy=0x2435870) at lmtp-proxy.c:444 >> >> #5 0x00007fa6e6af456f in lmtp_client_send_data (client=0x24347a0) >> at lmtp-client.c:306 >> >> #6 0x0000000002434f98 in ?? () >> >> #7 0xffffffffe6af73c5 in ?? () >> >> #8 0x0000000002434840 in ?? () >> >> #9 0x0000000000000000 in ?? () >> >> >> I don't have any ideas why the stream is 0. The configuration of >> the dovecot director installation is attached. Please let me know >> if i shall provide any more information or test something. >> >> >> Kind regards >> >> Reinhard >> > > > Hi, > > You might need to limit the concurrent deliveries from postfix. > Check the maxproc parameter in your master.conf, which is 100 by > default. You should reduce it to some lower value, I would say between > 10 and 40 depending on your system. That would allow your queues to > grow without putting too much stress on the deliveries, even when > forcing it with postqueue -f. Regardless, Reinhard still seem to have stumbled on a bug. /Per Jessen, Z?rich From r.vicinus at metaways.de Wed Aug 17 16:03:03 2011 From: r.vicinus at metaways.de (Reinhard Vicinus) Date: Wed, 17 Aug 2011 15:03:03 +0200 Subject: [Dovecot] Segmentation fault in dovecot director lmtp service In-Reply-To: References: <20110817114228.2705AA0D2@mx04.metaways.net> Message-ID: <4E4BBC07.9050106@metaways.de> On 17/08/11 14:12, Thierry de Montaudry wrote: > On 17 Aug 2011, at 13:42, Reinhard Vicinus wrote: > >> Hi, >> >> >> the lmtp service of our dovecot director installation quits with a >> segmentation fault if a lot of mails are simultaneously delivered. >> For example if the postfix mailqueue is filled (for whatever reason) >> and postqueue -f is run the lmtp service quits with a segmentation >> fault: >> >> >> Program terminated with signal 11, Segmentation fault. >> >> #0 o_stream_cork (stream=0x0) at ostream.c:75 >> >> 75 if (unlikely(stream->closed)) >> >> (gdb) backtrace >> >> #0 o_stream_cork (stream=0x0) at ostream.c:75 >> >> #1 0x00007fa6e6af45d9 in lmtp_client_send_more (client=0x2435870) >> at lmtp-client.c:596 >> >> #2 0x0000000002434170 in ?? () >> >> #3 0x00000000004070d9 in proxy_send_more (proxy=0x2435870) at >> lmtp-proxy.c:390 >> >> #4 lmtp_proxy_data_input (proxy=0x2435870) at lmtp-proxy.c:444 >> >> #5 0x00007fa6e6af456f in lmtp_client_send_data (client=0x24347a0) >> at lmtp-client.c:306 >> >> #6 0x0000000002434f98 in ?? () >> >> #7 0xffffffffe6af73c5 in ?? () >> >> #8 0x0000000002434840 in ?? () >> >> #9 0x0000000000000000 in ?? () >> >> >> I don't have any ideas why the stream is 0. The configuration of the >> dovecot director installation is attached. Please let me know if i >> shall provide any more information or test something. >> >> >> Kind regards >> >> Reinhard >> > > Hi, > > You might need to limit the concurrent deliveries from postfix. > Check the maxproc parameter in your master.conf, which is 100 by default. You should reduce it to some lower value, I would say between 10 and 40 depending on your system. That would allow your queues to grow without putting too much stress on the deliveries, even when forcing it with postqueue -f. > > Regards, > > Thierry Hi, i don't think this problem is load related, because the load on the mail servers is generally around 0.1-0.2, the queue contained only 22 messages and the only reason the queues was growing were that i stopped the dovecot director instance on this mailserver. Kind regards Reinhard From julio at psi.com.br Wed Aug 17 16:23:24 2011 From: julio at psi.com.br (Julio Cesar Covolato) Date: Wed, 17 Aug 2011 10:23:24 -0300 Subject: [Dovecot] mail spool filesystem Message-ID: <4E4BC0CC.5010908@psi.com.br> Hi! I?m about to migrate a system whith 5000 accounts whith (~ 500GB) from "postfix/courier-imap/maildrop/mysql" to a new hardware whith "postfix/dovecot/dovecot/mysql". I?ll make a separate partition (raid 1) for the mail spool (/var/spool/vmail) and want to now what type of filesystem to use on it to increase performance. I read that XFS is a good choice, but is not too reliable... Any sugestions? Thanks in advance, -- ----------------------------- _ Julio Cesar Covolato 0v0 /(_)\ F: 55-11-3129-3366 ^ ^ PSI INTERNET ----------------------------- From marcin at mejor.pl Wed Aug 17 16:52:41 2011 From: marcin at mejor.pl (=?UTF-8?B?TWFyY2luIE1pcm9zxYJhdw==?=) Date: Wed, 17 Aug 2011 15:52:41 +0200 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4BC0CC.5010908@psi.com.br> References: <4E4BC0CC.5010908@psi.com.br> Message-ID: <4E4BC7A9.5090505@mejor.pl> W dniu 17.08.2011 15:23, Julio Cesar Covolato pisze: > Hi! Hello! > I read that XFS is a good choice, but is not > too reliable... Why? Who wrote this? And when? In 2005 year? :) From joh.hendriks at gmail.com Wed Aug 17 16:56:25 2011 From: joh.hendriks at gmail.com (Johan Hendriks) Date: Wed, 17 Aug 2011 15:56:25 +0200 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4BC0CC.5010908@psi.com.br> References: <4E4BC0CC.5010908@psi.com.br> Message-ID: <4E4BC889.6060807@gmail.com> Julio Cesar Covolato schreef: > . I read that XFS is a good choice, but is not too reliable... > I did not know FreeBSD had XFS. Well serieus now, be a little more specific. Which OS and so on. regards, Johan Hendriks From a.chapellon at horoa.net Wed Aug 17 17:00:04 2011 From: a.chapellon at horoa.net (Alexandre Chapellon) Date: Wed, 17 Aug 2011 16:00:04 +0200 Subject: [Dovecot] May Dovecot help in users education In-Reply-To: <4E4B91FE.6030002@horoa.net> References: <4E4B91FE.6030002@horoa.net> Message-ID: <4E4BC964.1060905@horoa.net> Hello, I was wondering if dovecot could help me in my project to smoothly make all my users switch to TLS encrypted POP / IMAP sessions and forget about cleartext. My first idea was to setup dovecot as a POP/IMAP proxy for my mailhosts and ask dovecot to display a warning message or slowdown non TLS sessions. Is there any way to achieve this with dovecot? Does anybody have another idea smoothly force used to switch to TLS? Regards. P.S: double posted because previous was HTML and I've seen some MUA fails to display it properly... sorry will only send raw text now. -------------- next part -------------- A non-text attachment was scrubbed... Name: a_chapellon.vcf Type: text/x-vcard Size: 387 bytes Desc: not available URL: From lcaron at lncsa.com Wed Aug 17 17:05:01 2011 From: lcaron at lncsa.com (Laurent CARON) Date: Wed, 17 Aug 2011 16:05:01 +0200 Subject: [Dovecot] May Dovecot help in users education In-Reply-To: <4E4BC964.1060905@horoa.net> References: <4E4B91FE.6030002@horoa.net> <4E4BC964.1060905@horoa.net> Message-ID: <4E4BCA8D.2070902@lncsa.com> On 17/08/2011 16:00, Alexandre Chapellon wrote: > Is there any way to achieve this with dovecot? Does anybody have another > idea smoothly force used to switch to TLS? Hi, Maybe by sending them an email with a deadline for the end of clear text auth support ? If they don't amend their setup they'll be unable to retrieve their emails. Should you want to go the "nicer" way, you could throttle bandwidth to port 110/143 provided you use those for insecure connections. From mstevens at imt-systems.com Wed Aug 17 17:07:25 2011 From: mstevens at imt-systems.com (Morten Stevens) Date: Wed, 17 Aug 2011 16:07:25 +0200 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4BC0CC.5010908@psi.com.br> References: <4E4BC0CC.5010908@psi.com.br> Message-ID: On Wed, 17 Aug 2011 10:23:24 -0300, Julio Cesar Covolato wrote: > I?ll make a separate partition (raid 1) for the mail spool > (/var/spool/vmail) and want to now what type of filesystem to use on > it to increase performance. I read that XFS is a good choice, but is > not too reliable... XFS is reliable. I recommend ext4 or xfs. Both are very good reliable filesystems. You should rather worry about the mailboxformat. The performance difference is much greater than xfs or ext4. Best regards, Morten From a.chapellon at horoa.net Wed Aug 17 17:24:29 2011 From: a.chapellon at horoa.net (Alexandre Chapellon) Date: Wed, 17 Aug 2011 16:24:29 +0200 Subject: [Dovecot] May Dovecot help in users education In-Reply-To: <4E4BCA8D.2070902@lncsa.com> References: <4E4B91FE.6030002@horoa.net> <4E4BC964.1060905@horoa.net> <4E4BCA8D.2070902@lncsa.com> Message-ID: <4E4BCF1D.9080107@horoa.net> Le 17/08/2011 16:05, Laurent CARON a ?crit : > On 17/08/2011 16:00, Alexandre Chapellon wrote: >> Is there any way to achieve this with dovecot? Does anybody have another >> idea smoothly force used to switch to TLS? > > Hi, > > Maybe by sending them an email with a deadline for the end of clear > text auth support ? > > If they don't amend their setup they'll be unable to retrieve their > emails. :)... already tried this in the past and it just don't work... 80% of users never apply changes and prefer getting very angry and call the support. Which is exactly what I want to avoid. > Should you want to go the "nicer" way, you could throttle bandwidth to > port 110/143 provided you use those for insecure connections. This sounds better and I though tc could help going that way, but there is nothing informative in going this way. I know what I ask for seems crappy and probably is out of the scope of what dovecot is supposed to do, but this would be temporary and I wanna make sure it is not possible before digging somewhere else. Thanks -- -------------- next part -------------- A non-text attachment was scrubbed... Name: a_chapellon.vcf Type: text/x-vcard Size: 387 bytes Desc: not available URL: From ejs at shubes.net Wed Aug 17 17:35:06 2011 From: ejs at shubes.net (Eric Shubert) Date: Wed, 17 Aug 2011 07:35:06 -0700 Subject: [Dovecot] May Dovecot help in users education In-Reply-To: <4E4BCF1D.9080107@horoa.net> References: <4E4B91FE.6030002@horoa.net> <4E4BC964.1060905@horoa.net> <4E4BCA8D.2070902@lncsa.com> <4E4BCF1D.9080107@horoa.net> Message-ID: On 08/17/2011 07:24 AM, Alexandre Chapellon wrote: > > > Le 17/08/2011 16:05, Laurent CARON a ?crit : >> On 17/08/2011 16:00, Alexandre Chapellon wrote: >>> Is there any way to achieve this with dovecot? Does anybody have another >>> idea smoothly force used to switch to TLS? >> >> Hi, >> >> Maybe by sending them an email with a deadline for the end of clear >> text auth support ? >> >> If they don't amend their setup they'll be unable to retrieve their >> emails. > :)... already tried this in the past and it just don't work... 80% of > users never apply changes and prefer getting very angry and call the > support. Which is exactly what I want to avoid. > >> Should you want to go the "nicer" way, you could throttle bandwidth to >> port 110/143 provided you use those for insecure connections. > This sounds better and I though tc could help going that way, but there > is nothing informative in going this way. I know what I ask for seems > crappy and probably is out of the scope of what dovecot is supposed to > do, but this would be temporary and I wanna make sure it is not possible > before digging somewhere else. > > Thanks > I think I would write a script that would glean such accounts from the dovecot log, then send them a message every day instructing them how to turn on TLS in order to quit getting this message. A support line to call for help would be nice for those who have difficulty changing their configuration. -- -Eric 'shubes' From adrian at blinkenlights.ch Wed Aug 17 17:42:07 2011 From: adrian at blinkenlights.ch (Adrian Ulrich) Date: Wed, 17 Aug 2011 16:42:07 +0200 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4BC0CC.5010908@psi.com.br> References: <4E4BC0CC.5010908@psi.com.br> Message-ID: <20110817164207.2e9c1d49@echelon.ethz.ch> > I read that XFS is a good choice, but is not > too reliable... Are you using Maildir or MBOX? In any case: XFS would be my last choice: XFS is nice if you are working with large files (> 2GB), but for E-Mail i'd stick with ext3 (or maybe even reiser3) as it works very well with small files. If performance is a problem (iostat output?): Mount it with 'noatime' or/and use a special device for the journal. Regards, Adrian From a.chapellon at horoa.net Wed Aug 17 17:49:49 2011 From: a.chapellon at horoa.net (Alexandre Chapellon) Date: Wed, 17 Aug 2011 16:49:49 +0200 Subject: [Dovecot] May Dovecot help in users education In-Reply-To: References: <4E4B91FE.6030002@horoa.net> <4E4BC964.1060905@horoa.net> <4E4BCA8D.2070902@lncsa.com> <4E4BCF1D.9080107@horoa.net> Message-ID: <4E4BD50D.6010102@horoa.net> Le 17/08/2011 16:35, Eric Shubert a ?crit : > On 08/17/2011 07:24 AM, Alexandre Chapellon wrote: >> >> >> Le 17/08/2011 16:05, Laurent CARON a ?crit : >>> On 17/08/2011 16:00, Alexandre Chapellon wrote: >>>> Is there any way to achieve this with dovecot? Does anybody have >>>> another >>>> idea smoothly force used to switch to TLS? >>> >>> Hi, >>> >>> Maybe by sending them an email with a deadline for the end of clear >>> text auth support ? >>> >>> If they don't amend their setup they'll be unable to retrieve their >>> emails. >> :)... already tried this in the past and it just don't work... 80% of >> users never apply changes and prefer getting very angry and call the >> support. Which is exactly what I want to avoid. >> >>> Should you want to go the "nicer" way, you could throttle bandwidth to >>> port 110/143 provided you use those for insecure connections. >> This sounds better and I though tc could help going that way, but there >> is nothing informative in going this way. I know what I ask for seems >> crappy and probably is out of the scope of what dovecot is supposed to >> do, but this would be temporary and I wanna make sure it is not possible >> before digging somewhere else. >> >> Thanks >> > > I think I would write a script that would glean such accounts from the > dovecot log, then send them a message every day instructing them how > to turn on TLS in order to quit getting this message. A support line > to call for help would be nice for those who have difficulty changing > their configuration. > I didn't think about that.... It's quite basic but i like that. Thanks -- -------------- next part -------------- A non-text attachment was scrubbed... Name: a_chapellon.vcf Type: text/x-vcard Size: 387 bytes Desc: not available URL: From holdenhao at gmail.com Wed Aug 17 18:08:52 2011 From: holdenhao at gmail.com (Holden Hao) Date: Wed, 17 Aug 2011 23:08:52 +0800 Subject: [Dovecot] Duplicate Email with Dovecot Sieve Message-ID: I am trying to use Dovecot Sieve after upgrading Dovecot from 1.0.15 to 1.2.17. I used the same config file from the old version but I added some entries to make sieve work. In my initial tests, sieve works and is able to do the actions that I set it to do. However, I get 2 copies of incoming emails. The inbox would always preserve a copy even if the sieve filter is set to transfer emails to another folder or redirect it to another address. The logs do not seem to report any issues. I don't know what causes the problem and I would appreciate some pointers. Here are some more details of my setup: OS: Linux 2.6.24.2 Dovecot: 1.2.17 Dovecot Sieve:0.1.19 Manage Sieve:0.11.13 MTA: Qmail 1.03 dovecot -n ---------------------------------------------------------------------------- # 1.2.17: /usr/local/etc/dovecot.conf # OS: Linux 2.6.24.2 i686 Debian lenny/sid log_path: /var/log/dovecot.log log_timestamp: protocols: imap pop3 imaps pop3s managesieve ssl_cert_file: /var/dir/etc/certificates/server.crt ssl_key_file: /var/dir/etc/certificates/server.key disable_plaintext_auth: no login_dir: /usr/local/var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login login_executable(managesieve): /usr/local/libexec/dovecot/managesieve-login login_greeting: Welcome login_process_size: 32 verbose_proctitle: yes first_valid_uid: 1000 mail_location: maildir:~/Maildir mail_debug: yes mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_executable(managesieve): /usr/local/libexec/dovecot/managesieve mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugins(managesieve): mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 mail_plugin_dir(managesieve): /usr/local/lib/dovecot/managesieve imap_client_workarounds(default): outlook-idle imap_client_workarounds(imap): outlook-idle imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_uidl_format(default): %08Xu%08Xv pop3_uidl_format(imap): %08Xu%08Xv pop3_uidl_format(pop3): UID%u-%v pop3_uidl_format(managesieve): %08Xu%08Xv managesieve_logout_format(default): bytes=%i/%o managesieve_logout_format(imap): bytes=%i/%o managesieve_logout_format(pop3): bytes=%i/%o managesieve_logout_format(managesieve): bytes ( in=%i : out=%o ) namespace: type: private separator: . prefix: INBOX. location: maildir:~/Maildir inbox: yes list: yes subscriptions: yes lda: postmaster_address: postmaster at xxxxxxxxxx.org mail_plugin_dir: /usr/local/lib/dovecot/lda mail_plugins: quota sieve sendmail_path: /var/qmail/bin/sendmail log_path: /var/log/dovecot-deliver-errors.log info_log_path: /var/log/dovecot-deliver.log auth default: verbose: yes passdb: driver: checkpassword args: /var/qmail/bin/auth_pop userdb: driver: prefetch plugin: quota: maildir sieve: ~/.dovecot.sieve sieve_dir: ~/sieve -------------------------------------------------------------------- from: dovecot-deliver.log -------------------------------------------------------------------- deliver(user): Info: Loading modules from directory: /usr/local/lib/dovecot/lda deliver(user): Info: Module loaded: /usr/local/lib/dovecot/lda/lib10_quota_plugin.so deliver(user): Info: Module loaded: /usr/local/lib/dovecot/lda/lib90_sieve_plugin.so deliver(user): Info: Quota root: name= backend=maildir args= deliver(user): Info: Namespace: type=private, prefix=INBOX., sep=., inbox=yes, hidden=no, list=1, subscriptions=yes deliver(user): Info: maildir: data=/home/user/Maildir deliver(user): Info: maildir++: root=/home/user/Maildir, index=, control=, inbox=/home/user/Maildir deliver(user): Info: sieve: using sieve path for user's script: /home/user/.dovecot.sieve deliver(user): Info: sieve: opening script /home/user/.dovecot.sieve deliver(user): Info: sieve: executing compiled script /home/user/.dovecot.sieve deliver(user): Info: sieve: msgid=< CAJNnNYmQpmEopFfT3+_qHvXYxf3v-4bzv9ojJqGfRtcddnTg8g at mail.gmail.com>: stored mail into mailbox 'Inbox.Test' Thanks in advance for your replies. Holden From floeff at gmail.com Wed Aug 17 20:04:58 2011 From: floeff at gmail.com (Florian Effenberger) Date: Wed, 17 Aug 2011 19:04:58 +0200 Subject: [Dovecot] sender for Sieve vacation message Message-ID: Hello, is it possible to define the sender for the Dovecot Sieve implementation's vacation extension? It seems to be impossible to add, e.g., a name, or choose a different sender address. Thanks, Florian From floeff at gmail.com Wed Aug 17 20:06:37 2011 From: floeff at gmail.com (Florian Effenberger) Date: Wed, 17 Aug 2011 19:06:37 +0200 Subject: [Dovecot] sender for Sieve vacation message In-Reply-To: References: Message-ID: Hello, 2011/8/17 Florian Effenberger : > is it possible to define the sender for the Dovecot Sieve > implementation's vacation extension? It seems to be impossible to add, > e.g., a name, or choose a different sender address. to be precisely: I am talking about the "From" header. Florian From noel.butler at ausics.net Thu Aug 18 01:32:36 2011 From: noel.butler at ausics.net (Noel Butler) Date: Thu, 18 Aug 2011 08:32:36 +1000 Subject: [Dovecot] May Dovecot help in users education In-Reply-To: <4E4BCA8D.2070902@lncsa.com> References: <4E4B91FE.6030002@horoa.net> <4E4BC964.1060905@horoa.net> <4E4BCA8D.2070902@lncsa.com> Message-ID: <1313620356.7169.12.camel@tardis> On Wed, 2011-08-17 at 16:05 +0200, Laurent CARON wrote: > On 17/08/2011 16:00, Alexandre Chapellon wrote: > > Is there any way to achieve this with dovecot? Does anybody have another > > idea smoothly force used to switch to TLS? > > Hi, > > Maybe by sending them an email with a deadline for the end of clear text > auth support ? > This is the best method, give them at least 30 days notice (preferably 90 days), the notices should include a link to a kb/support site showing them how, not doing this will clog up your support lines for sure. Send subsequent warning notices, with slightly stronger language each time, at 21 days, 14 days and 7 days, 3 days and 1 day. We did this when we cut out relaying for IP's and moved entirely to smtp auth, so its much the same thing - getting them to change settings. A safe guard though, if you tell them, say 1st October cut off, don't actually cut off until a week or two after. Yes, you'll still find some have not done it, but that's the nature of some people. > If they don't amend their setup they'll be unable to retrieve their emails. > > Should you want to go the "nicer" way, you could throttle bandwidth to > port 110/143 provided you use those for insecure connections. > That's not the right thing to do, TLS uses those ports too, it's SSL that does not, and it's pointless using other ports, you'll end up creating more problems than what it's worth. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From stephan at rename-it.nl Thu Aug 18 10:30:00 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 18 Aug 2011 00:30:00 -0700 Subject: [Dovecot] sender for Sieve vacation message In-Reply-To: References: Message-ID: <4E4CBF78.8060308@rename-it.nl> On 8/17/2011 10:06 AM, Florian Effenberger wrote: > Hello, > > 2011/8/17 Florian Effenberger: > >> is it possible to define the sender for the Dovecot Sieve >> implementation's vacation extension? It seems to be impossible to add, >> e.g., a name, or choose a different sender address. > to be precisely: I am talking about the "From" header. You can use the :from parameter, e.g.: require "vacation"; vacation :from "floeff at gmail.com" "Not here at the moment!"; Read RFC5230 (http://tools.ietf.org/html/rfc5230) for more info. Regards, Stephan. From stephan at rename-it.nl Thu Aug 18 10:37:00 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Thu, 18 Aug 2011 00:37:00 -0700 Subject: [Dovecot] Duplicate Email with Dovecot Sieve In-Reply-To: References: Message-ID: <4E4CC11C.5050307@rename-it.nl> On 8/17/2011 8:08 AM, Holden Hao wrote: > from: dovecot-deliver.log > -------------------------------------------------------------------- > deliver(user): Info: Loading modules from directory: > /usr/local/lib/dovecot/lda > deliver(user): Info: Module loaded: > /usr/local/lib/dovecot/lda/lib10_quota_plugin.so > deliver(user): Info: Module loaded: > /usr/local/lib/dovecot/lda/lib90_sieve_plugin.so > deliver(user): Info: Quota root: name= backend=maildir args= > deliver(user): Info: Namespace: type=private, prefix=INBOX., sep=., > inbox=yes, hidden=no, list=1, subscriptions=yes > deliver(user): Info: maildir: data=/home/user/Maildir > deliver(user): Info: maildir++: root=/home/user/Maildir, index=, control=, > inbox=/home/user/Maildir > deliver(user): Info: sieve: using sieve path for user's script: > /home/user/.dovecot.sieve > deliver(user): Info: sieve: opening script /home/user/.dovecot.sieve > deliver(user): Info: sieve: executing compiled script > /home/user/.dovecot.sieve > deliver(user): Info: sieve: msgid=< > CAJNnNYmQpmEopFfT3+_qHvXYxf3v-4bzv9ojJqGfRtcddnTg8g at mail.gmail.com>: stored > mail into mailbox 'Inbox.Test' Hmm, odd. The above log only shows one delivery. I would expect a duplicate entry there when Dovecot is causing this. You can enable mail_debug to see whether that shows more. Also, the user log (~/.dovecot.sieve.log) could contain other info. But, I don't expect much more from that. Are you perhaps doing something interesting at MTA level? Regards, Stephan. From sven at svenhartge.de Thu Aug 18 02:25:09 2011 From: sven at svenhartge.de (Sven Hartge) Date: Thu, 18 Aug 2011 01:25:09 +0200 Subject: [Dovecot] mail spool filesystem References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> Message-ID: <1h83k77s2i5v8@mids.svenhartge.de> Adrian Ulrich wrote: >> I read that XFS is a good choice, but is not too reliable... > Are you using Maildir or MBOX? > In any case: XFS would be my last choice: > XFS is nice if you are working with large files (> 2GB), but for > E-Mail i'd stick with ext3 (or maybe even reiser3) as it works very > well with small files. I don't know, but my Courier server (Maildir++ format, 10k users, 12 million mails on server, some users with over 20k mails in one directory/folder) runs _way_ smoother with XFS. I also tested ext4, but this was no large gain over ext3 (with dir_index of course). Gr??e, Sven. -- Sigmentation fault. Core dumped. From nick+dovecot at bunbun.be Thu Aug 18 11:53:05 2011 From: nick+dovecot at bunbun.be (Nick Rosier) Date: Thu, 18 Aug 2011 10:53:05 +0200 Subject: [Dovecot] Dovecot-Antispam 2.0 with SpamAssassin (sa-learn) In-Reply-To: <4E4B74FD.70801@whyscream.net> References: <4E4AD54A.1000507@bunbun.be> <20110817092625.7bf84b43@jimbo> <4E4B74FD.70801@whyscream.net> Message-ID: <4E4CD2F1.6030108@bunbun.be> Tom Hendrikx wrote: > On 17/08/11 08:26, Nikita Koshikov wrote: >> On Tue, 16 Aug 2011 22:38:34 +0200 >> Nick Rosier wrote: >> >>> Hi, >>> >>> has anyone figured out how to use the dovecot-antispam plugin with >>> sa-learn? I need to pass the username (user at domain.tld) to sa-learn and >>> --ham or --spam depending on the move. I was thinking of using the CRM14 >>> option and replace the command and arguments but cannot find anything >>> about the ability to pass the username. >>> Any pointers would be welcome. >>> >>> N. >> Write a wrapper on sa-learn. The script should parse env first and that exec learning with appropriative args, like: >> antispam_mail_sendmail = /etc/dovecot/plugins/spam.sh >> >> Scrip, something like: >> #!/bin/bash >> >> ( >> env> /tmp/antispam.$$ >> /usr/bin/sa-learn $@ >> exit 0 >> ) >> search for PWD environment in /tmp/antispam.$$ . >> >> > > I use the dspam backend and pass the user into the commandline with %u, > which seems to work, but is not documented in the man page. > > To be clear, this is with the plugin from: > http://wiki2.dovecot.org/Plugins/Antispam I've currently got it working with the MailTrain backend. Might consider reconfiguring it to dspam backend as I need to do some ENV parsing to get the user. Using %u as argument to pass to the wrapper would be easier but I couldn't find anything in de documentation as you said. N. From tom at whyscream.net Thu Aug 18 12:10:06 2011 From: tom at whyscream.net (Tom Hendrikx) Date: Thu, 18 Aug 2011 11:10:06 +0200 Subject: [Dovecot] Dovecot-Antispam 2.0 with SpamAssassin (sa-learn) In-Reply-To: <4E4CD2F1.6030108@bunbun.be> References: <4E4AD54A.1000507@bunbun.be> <20110817092625.7bf84b43@jimbo> <4E4B74FD.70801@whyscream.net> <4E4CD2F1.6030108@bunbun.be> Message-ID: <4E4CD6EE.8020905@whyscream.net> On 18/08/11 10:53, Nick Rosier wrote: > Tom Hendrikx wrote: >> On 17/08/11 08:26, Nikita Koshikov wrote: >>> On Tue, 16 Aug 2011 22:38:34 +0200 >>> Nick Rosier wrote: >>> >>>> Hi, >>>> >>>> has anyone figured out how to use the dovecot-antispam plugin with >>>> sa-learn? I need to pass the username (user at domain.tld) to sa-learn and >>>> --ham or --spam depending on the move. I was thinking of using the >>>> CRM14 >>>> option and replace the command and arguments but cannot find anything >>>> about the ability to pass the username. >>>> Any pointers would be welcome. >>>> >>>> N. >>> Write a wrapper on sa-learn. The script should parse env first and >>> that exec learning with appropriative args, like: >>> antispam_mail_sendmail = /etc/dovecot/plugins/spam.sh >>> >>> Scrip, something like: >>> #!/bin/bash >>> >>> ( >>> env> /tmp/antispam.$$ >>> /usr/bin/sa-learn $@ >>> exit 0 >>> ) >>> search for PWD environment in /tmp/antispam.$$ . >>> >>> >> >> I use the dspam backend and pass the user into the commandline with %u, >> which seems to work, but is not documented in the man page. >> >> To be clear, this is with the plugin from: >> http://wiki2.dovecot.org/Plugins/Antispam > I've currently got it working with the MailTrain backend. Might consider > reconfiguring it to dspam backend as I need to do some ENV parsing to > get the user. Using %u as argument to pass to the wrapper would be > easier but I couldn't find anything in de documentation as you said. > > N. > I don't think that the backend has anything to do with the supported variables (http://wiki2.dovecot.org/Variables), but you should check the source to be sure. Maybe Eugene is triggered to create a release when you contribute some documentation on this :) -- Regards, Tom From floeff at gmail.com Thu Aug 18 14:00:55 2011 From: floeff at gmail.com (Florian Effenberger) Date: Thu, 18 Aug 2011 13:00:55 +0200 Subject: [Dovecot] sender for Sieve vacation message In-Reply-To: <4E4CBF78.8060308@rename-it.nl> References: <4E4CBF78.8060308@rename-it.nl> Message-ID: Hi, 2011/8/18 Stephan Bosch : > You can use the :from parameter, e.g.: > > require "vacation"; > vacation :from "floeff at gmail.com" "Not here at the moment!"; > > Read RFC5230 (http://tools.ietf.org/html/rfc5230) for more info. d'oh! Sometimes things are that simply... sorry for the dull question - seems I've read an old RFC where :from wasn't specified yet. Works like a charm now. :) Thanks! Florian From daniel.aschauer at gmail.com Thu Aug 18 14:49:24 2011 From: daniel.aschauer at gmail.com (Daniel Aschauer) Date: Thu, 18 Aug 2011 13:49:24 +0200 Subject: [Dovecot] dovecot with pam - ldap Message-ID: I am running dovecot v1.2.10 on a FreeBSD server and I am facing problems authenticating using pam. I always get the error message, although I do provide the right password: pam_authenticate() failed: authentication error (password mismatch?) I use /etc/pam.d/imap: # # PAM configuration for the "imap" service # # auth auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass # account account required pam_unix.so and my config: srvfbsd01# dovecot -n # 1.2.10: /usr/local/etc/dovecot.conf # OS: FreeBSD 8.0-RELEASE-p2 amd64 protocols: imap ssl: no disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login verbose_proctitle: yes first_valid_uid: 1000 first_valid_gid: 0 mail_location: maildir:~/Maildir namespace: type: private separator: . inbox: yes list: yes subscriptions: yes namespace: type: public separator: . prefix: Public. location: maildir:/home/vmail/public list: yes auth default: debug: yes passdb: driver: pam args: failure_show_msg=yes cache_key=%u imap passdb: driver: passwd-file args: /usr/local/etc/dovecot/vmail userdb: driver: passwd userdb: driver: passwd-file args: /usr/local/etc/dovecot/vmail Logging: Aug 18 12:48:10 srvfbsd01 dovecot: auth(default): passwd-file /usr/local/etc/dovecot/vmail: Read 6 users Aug 18 12:48:10 srvfbsd01 dovecot: auth-worker(default): passwd-file /usr/local/etc/dovecot/vmail: Read 6 users Aug 18 12:48:11 srvfbsd01 dovecot: auth(default): new auth connection: pid=3690 Aug 18 12:48:11 srvfbsd01 dovecot: auth(default): new auth connection: pid=3688 Aug 18 12:48:11 srvfbsd01 dovecot: auth(default): new auth connection: pid=3689 Aug 18 12:48:14 srvfbsd01 dovecot: auth(default): client in: AUTH 1 PLAIN service=imap lip=10.0.10.150 rip=10.0.10.71 lport=143 rport=3583 Aug 18 12:48:14 srvfbsd01 dovecot: auth(default): client out: CONT 1 Aug 18 12:48:14 srvfbsd01 dovecot: auth(default): client in: CONT Aug 18 12:48:14 srvfbsd01 dovecot: auth-worker(default): pam(daniel,10.0.10.71): lookup service=imap Aug 18 12:48:14 srvfbsd01 dovecot: auth-worker(default): pam(daniel,10.0.10.71): #1/1 style=1 msg=Password: Aug 18 12:48:14 srvfbsd01 dovecot: auth-worker(default): pam(daniel,10.0.10.71): pam_authenticate() failed: authentication error (password mismatch?) Aug 18 12:48:14 srvfbsd01 dovecot: auth(default): passwd-file(daniel,10.0.10.71): lookup: user=daniel file=/usr/local/etc/dovecot/vmail Aug 18 12:48:14 srvfbsd01 dovecot: auth(default): passwd-file(daniel,10.0.10.71): unknown user Aug 18 12:48:14 srvfbsd01 dovecot: auth(default): new auth connection: pid=3691 Aug 18 12:48:16 srvfbsd01 dovecot: auth(default): client out: FAIL 1 user=daniel Aug 18 12:48:21 srvfbsd01 dovecot: auth(default): client in: AUTH 2 PLAIN service=imap lip=10.0.10.150 rip=10.0.10.71 lport=143 rport=3583 resp= Aug 18 12:48:21 srvfbsd01 dovecot: auth-worker(default): pam(daniel,10.0.10.71): lookup service=imap Aug 18 12:48:21 srvfbsd01 dovecot: auth-worker(default): pam(daniel,10.0.10.71): #1/1 style=1 msg=Password: Aug 18 12:48:21 srvfbsd01 dovecot: auth-worker(default): pam(daniel,10.0.10.71): pam_authenticate() failed: authentication error (password mismatch?) Aug 18 12:48:21 srvfbsd01 dovecot: auth(default): passwd-file(daniel,10.0.10.71): lookup: user=daniel file=/usr/local/etc/dovecot/vmail Aug 18 12:48:21 srvfbsd01 dovecot: auth(default): passwd-file(daniel,10.0.10.71): unknown user Aug 18 12:48:23 srvfbsd01 dovecot: auth(default): client out: FAIL 2 user=daniel From kzorba at otenet.gr Thu Aug 18 16:03:24 2011 From: kzorba at otenet.gr (Kostas Zorbadelos) Date: Thu, 18 Aug 2011 16:03:24 +0300 Subject: [Dovecot] Bug report v2.0.13 - CentOS x86_64 - NFS - mbox - Problem reproduced In-Reply-To: <4E4A73AE.7090402@otenet.gr> References: <4E294AC0.2060706@otenet.gr> <4E425874.6040507@otenet.gr> <1313355050.10421.1285.camel@hurina> <20110815111701.68513psu7vb3wflp@noc.otenet.gr> <4E4A73AE.7090402@otenet.gr> Message-ID: <4E4D0D9C.6000600@otenet.gr> On 08/16/2011 04:42 PM, Kostas Zorbadelos wrote: > On 08/15/2011 11:17 AM, kzorba at otenet.gr wrote: >> Quoting Timo Sirainen: >> OK, we managed to reproduce the problem with the following scenario. Using Thunderbird (3.1.11 if that matters) we set up a mail account using POP served by dovecot. In the account settings we have checked the boxes "Leave messages on server" and "Until I delete them" which is the default setting for new accounts. We make the first POP session and get the mails. We then delete a message (moving it to trash) and try to Get Mails. Dovecot crashes with the aforementioned stack trace (included below). If you again try Get Mail in the client, you get the deleted mail again. It seems to be related to the indexing code since if we change the setting mbox_min_index_size to something bigger than the mailbox (so no cache index files are created) the problem does not appear and the mails get deleted from the server normally. We didn't manage to reproduce the problem with Microsoft Outlook. We 'll keep investigating until we have a fix. Regards, Kostas >>> With a quick test I can't reproduce pop3_lock_session=yes causing a >>> crash. I guess it needs something else besides what I tested. It would >>> be helpful if your Dovecot binaries weren't stripped of debug symbols. I >>> could then ask for some more information from the core dumps with gdb. >>> >> > > Timo, all > > here is a backtrace with debuging symbols in the executables: > > [root at pop08 ]# gdb /opt/dovecot-debug/libexec/dovecot/pop3 core.2929 > GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-32.el5_6.2) > Copyright (C) 2009 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > and "show warranty" for details. > This GDB was configured as "x86_64-redhat-linux-gnu". > For bug reporting instructions, please see: > ... > Reading symbols from /opt/dovecot-debug/libexec/dovecot/pop3...done. > BFD: Warning: /var/mail7/folders/P/K/U/amihal/core.2929 is truncated: expected core file size>= 569344, found: 565248. > Reading symbols from /opt/dovecot-debug/lib/dovecot/libdovecot-storage.so.0...done. > Loaded symbols for /opt/dovecot-debug/lib/dovecot/libdovecot-storage.so.0 > Reading symbols from /opt/dovecot-debug/lib/dovecot/libdovecot.so.0...done. > Loaded symbols for /opt/dovecot-debug/lib/dovecot/libdovecot.so.0 > Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done. > Loaded symbols for /lib64/libdl.so.2 > Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done. > Loaded symbols for /lib64/librt.so.1 > Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done. > Loaded symbols for /lib64/libc.so.6 > Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. > Loaded symbols for /lib64/ld-linux-x86-64.so.2 > Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done. > Loaded symbols for /lib64/libpthread.so.0 > Core was generated by `dovecot/pop3'. > Program terminated with signal 11, Segmentation fault. > #0 istream_raw_mbox_get_start_offset (stream=0x0) at istream-raw-mbox.c:498 > 498 istream-raw-mbox.c: No such file or directory. > in istream-raw-mbox.c > (gdb) bt > #0 istream_raw_mbox_get_start_offset (stream=0x0) at istream-raw-mbox.c:498 > #1 0x00002b4114afc769 in mbox_mail_get_special (_mail=0x1bad8fa0, field=, value_r=0x7fff9600fa88) at mbox-mail.c:198 > #2 0x00002b4114adb2d0 in index_mail_expunge (mail=0x0) at index-mail.c:1503 > #3 0x0000000000405eac in client_update_mails (client=0x1bac4a00) at pop3-commands.c:255 > #4 0x00000000004061d1 in cmd_quit (client=0x1bac4a00, name=0x1baccbd4 "", args=0x406a0c "") at pop3-commands.c:274 > #5 client_command_execute (client=0x1bac4a00, name=0x1baccbd4 "", args=0x406a0c "") at pop3-commands.c:773 > #6 0x00000000004045c9 in client_handle_input (client=0x1bac4a00) at pop3-client.c:628 > #7 0x00002b4114db0698 in io_loop_call_io (io=0x1bac01d0) at ioloop.c:384 > #8 0x00002b4114db19d5 in io_loop_handler_run (ioloop=) at ioloop-epoll.c:213 > #9 0x00002b4114db062d in io_loop_run (ioloop=0x1baa8610) at ioloop.c:405 > #10 0x00002b4114d9ef13 in master_service_run (service=0x1baa84e0, callback=0x1baccbe4) at master-service.c:478 > #11 0x00000000004039a4 in main (argc=1, argv=0x1baa8370) at main.c:252 > (gdb) bt full > #0 istream_raw_mbox_get_start_offset (stream=0x0) at istream-raw-mbox.c:498 > rstream = > __FUNCTION__ = "istream_raw_mbox_get_start_offset" > #1 0x00002b4114afc769 in mbox_mail_get_special (_mail=0x1bad8fa0, field=, value_r=0x7fff9600fa88) at mbox-mail.c:198 > mail = > mbox = 0x1bac97d0 > offset = 0 > #2 0x00002b4114adb2d0 in index_mail_expunge (mail=0x0) at index-mail.c:1503 > value = > guid_128 = "\240\267\252\033\000\000\000\000\001\000\000\000\000\000\000" > #3 0x0000000000405eac in client_update_mails (client=0x1bac4a00) at pop3-commands.c:255 > search_args = 0x0 > ctx = 0x1bace150 > mail = 0x1bad8fa0 > msgnum = 0 > bit = 464309220 > ret = > #4 0x00000000004061d1 in cmd_quit (client=0x1bac4a00, name=0x1baccbd4 "", args=0x406a0c "") at pop3-commands.c:274 > No locals. > #5 client_command_execute (client=0x1bac4a00, name=0x1baccbd4 "", args=0x406a0c "") at pop3-commands.c:773 > No locals. > #6 0x00000000004045c9 in client_handle_input (client=0x1bac4a00) at pop3-client.c:628 > _data_stack_cur_id = 3 > line = 0x1baab872 "QUIT" > args = 0x406a0c "" > ret = > #7 0x00002b4114db0698 in io_loop_call_io (io=0x1bac01d0) at ioloop.c:384 > ioloop = 0x1baa8610 > t_id = 2 > #8 0x00002b4114db19d5 in io_loop_handler_run (ioloop=) at ioloop-epoll.c:213 > ctx = > event = 0x1baa88b0 > list = 0x1bac0220 > io = 0x0 > tv = {tv_sec = 9, tv_usec = 871818} > events_count = > msecs = > ---Type to continue, or q to quit--- > ret = 1 > i = 0 > call = false > #9 0x00002b4114db062d in io_loop_run (ioloop=0x1baa8610) at ioloop.c:405 > No locals. > #10 0x00002b4114d9ef13 in master_service_run (service=0x1baa84e0, callback=0x1baccbe4) at master-service.c:478 > No locals. > #11 0x00000000004039a4 in main (argc=1, argv=0x1baa8370) at main.c:252 > service_flags = > storage_service_flags = MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT > postlogin_socket_path = 0x0 > username = 0x0 > c = > set_roots = {0x4072a0, 0x0} > (gdb) quit > > I have also kept the user's mailbox. I couldn't reproduce the problem by talking > POP3 directly to the server by hand. > > Any ideas? > > Thanks, > > Kostas > >> Hi Timo, >> >> indeed it is a bug that I could not reproduce myself. >> Having debug symbols and producing the stack trace is the next >> logical step and I will work on this tomorrow. >> Since --enable-debug does not work in your configure script, can you >> direct me as to what is needed? Is there an option in configure or >> do I need to mess with the makefiles? >> >> On the other hand, I have found two different bugs. >> Having pop3_lock_session=yes we have the situation described here and also >> of course delays in local deliveries in case a client has an active pop >> session. And I can tell you we have a lot of abusing clients that keep >> hitting our pop servers continuously, or keep connections open for a VERY >> long time. >> >> To address that, we put pop3_lock_session=no. In this case, there is an >> fcntl >> lock leak somewhere. The good news is that we have reproduced that and I >> will >> send relevant information in a different mail. >> I also read the following thread, from a while back: >> >> http://www.dovecot.org/list/dovecot/2009-February/037098.html >> >> Regards, >> >> Kostas >> From holdenhao at gmail.com Thu Aug 18 17:24:11 2011 From: holdenhao at gmail.com (Holden Hao) Date: Thu, 18 Aug 2011 22:24:11 +0800 Subject: [Dovecot] Duplicate Email with Dovecot Sieve In-Reply-To: <4E4CC11C.5050307@rename-it.nl> References: <4E4CC11C.5050307@rename-it.nl> Message-ID: > > Hmm, odd. The above log only shows one delivery. I would expect a > duplicate entry there when Dovecot is causing this. You can enable > mail_debug to see whether that shows more. Also, the user log > (~/.dovecot.sieve.log) could contain other info. But, I don't expect much > more from that. > Thank you for your reply. However, there are no relevant information in dovecot.log (general log file for dovecot) and from ~/dovecot.sieve.log (nothing specific to the transaction) > Are you perhaps doing something interesting at MTA level? > I am not sure as I just took over management of the server and it is not documented. But if it helps here are some log entries from qmail: General Qmail log: @400000004e4d1d7b2965966c info msg 1337024: bytes 2257 from < testuser at gmail.com> qp 15984 uid 113 @400000004e4d1d7b2965a60c starting delivery 62510: msg 1337024 to local user at xxxxxx.org @400000004e4d1d7b2965b5ac status: local 1/10 remote 0/100 @400000004e4d1d7b390469a4 delivery 62510: success: did_1+0+1/ @400000004e4d1d7b3905119c status: local 0/10 remote 0/100 @400000004e4d1d7b39058ab4 end msg 1337024 ---------------------------------------------- Qmail SMTP log: @400000004e4d1d7b0db7cd7c tcpsvd: info: start 15966 mail.xxxxxx.org:xxx.xx.xx.xxx :mail-gx0-f182.google.com:xxx.xx.xxx.xxx:36540 @400000004e4d1d7b0dc8adcc qmail-smtpd 15966: connection from xxx.xx.xxx.xxx (mail-gx0-f182.google.com) to mail.xxxxxx.org @400000004e4d1d7b0dc8c924 qmail-smtpd 15966: enabled options: starttls sanitycheck sendercheck rcptcheck smtp-auth qmailqueue /var/qmail/bin/ qmail-scanner-queue.pl @400000004e4d1d7b0ef4b664 qmail-smtpd 15966: remote ehlo: mail-gx0-f182.google.com @400000004e4d1d7b13dc6384 qmail-smtpd 15966: remote ehlo: mail-gx0-f182.google.com @400000004e4d1d7b15089714 qmail-smtpd 15966: mail from: testuser at gmail.com @400000004e4d1d7b1508f8bc qmail-smtpd 15966: sender verify, sender not in goodmailaddr @400000004e4d1d7b16316b5c qmail-smtpd 15966: rcpt to: user at xxxxxxx.org @400000004e4d1d7b16318e84 qmail-smtpd 15966: recipient verify, recipient not in goodmailaddr @400000004e4d1d7b16319a3c qmail-smtpd 15966: recipient verify, recipient is local @400000004e4d1d7b1646b87c qmail-verfiy: verifying user at xxxxxxx.org @400000004e4d1d7b165e3434 qmail-smtpd 15966: recipient verify OK @400000004e4d1d7b19e73bb4 qmail-smtpd 15966: go ahead @400000004e4d1d7b28fd762c qmail-smtpd 15966: message queued: 1313676657 qp 15968 size 1227 bytes @400000004e4d1d992a04b4cc qmail-smtpd 15966: quit, closing connection @400000004e4d1d992a051674 tcpsvd: info: end 15966 exit 0 @400000004e4d1d992a05222c tcpsvd: info: status 0/20 Any more ideas? Holden From tss at iki.fi Thu Aug 18 18:22:06 2011 From: tss at iki.fi (Timo Sirainen) Date: Thu, 18 Aug 2011 18:22:06 +0300 Subject: [Dovecot] mdbox and doveadm purge In-Reply-To: <44c1fa7d5832d14fe75a7b5b8052f132@imt-systems.com> References: <44c1fa7d5832d14fe75a7b5b8052f132@imt-systems.com> Message-ID: <1313680926.10421.1311.camel@hurina> On Sat, 2011-07-09 at 19:23 +0200, Morten P.D. Stevens wrote: > We are currently testing Dovecot 2.0.13 with mdbox. If I delete large > objects with refcount=0 the index is not updated apparently. Looks like it happens every time. Fixed: http://hg.dovecot.org/dovecot-2.0/rev/1449a2e2c1f5 From mstevens at imt-systems.com Thu Aug 18 19:05:29 2011 From: mstevens at imt-systems.com (Morten Stevens) Date: Thu, 18 Aug 2011 18:05:29 +0200 Subject: [Dovecot] mdbox and doveadm purge In-Reply-To: <1313680926.10421.1311.camel@hurina> References: <44c1fa7d5832d14fe75a7b5b8052f132@imt-systems.com> <1313680926.10421.1311.camel@hurina> Message-ID: <847e794e3cde7b98df16d47f2ad3e82b@imt-systems.com> On Thu, 18 Aug 2011 18:22:06 +0300, Timo Sirainen wrote: > On Sat, 2011-07-09 at 19:23 +0200, Morten P.D. Stevens wrote: > >> We are currently testing Dovecot 2.0.13 with mdbox. If I delete >> large >> objects with refcount=0 the index is not updated apparently. > > Looks like it happens every time. Fixed: > http://hg.dovecot.org/dovecot-2.0/rev/1449a2e2c1f5 Hi Timo, Thanks. This patch will be a part of version 2.0.14? Best regards, Morten From mstevens at imt-systems.com Thu Aug 18 23:55:09 2011 From: mstevens at imt-systems.com (Morten Stevens) Date: Thu, 18 Aug 2011 22:55:09 +0200 Subject: [Dovecot] segfault in dovecot 2.0.9 In-Reply-To: <1307970177.10421.819.camel@hurina> References: <1307970177.10421.819.camel@hurina> Message-ID: <62fb4ed18663e793aa03b0e653751d80@imt-systems.com> On Mon, 13 Jun 2011 16:02:57 +0300, Timo Sirainen wrote: > On Fri, 2011-06-10 at 19:52 +0200, Morten P.D. Stevens wrote: >> Jun 9 00:12:34 mail dovecot: master: Error: service(imap): child >> 8987 >> killed with signal 11 (core dumps disabled) > > There's really no way to know why this happens without a gdb > backtrace. > See http://dovecot.org/bugreport.html > >> # dovecot -n >> # 2.0.9: /etc/dovecot/dovecot.conf > > It's also possible that it has already been fixed in newer versions. Hi Timo, Small update on this: In 6 months the error occurred only once. The bug was not reproducible. There was a BIOS update for IBM servers which fixes the following microcode error: - Fixed : Intel microcode fix for a potential memory addressing error in 64-bit operating mode; it could cause page fault, data loss, data corruption or other unpredictable system behavior. So I am assuming that it was not a Dovecot bug. Best regards, Morten From stan at hardwarefreak.com Fri Aug 19 02:08:47 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Thu, 18 Aug 2011 18:08:47 -0500 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4BC0CC.5010908@psi.com.br> References: <4E4BC0CC.5010908@psi.com.br> Message-ID: <4E4D9B7F.6010707@hardwarefreak.com> On 8/17/2011 8:23 AM, Julio Cesar Covolato wrote: > Hi! > > I?m about to migrate a system whith 5000 accounts whith (~ 500GB) from > "postfix/courier-imap/maildrop/mysql" to a new hardware whith > "postfix/dovecot/dovecot/mysql". > > I?ll make a separate partition (raid 1) for the mail spool > (/var/spool/vmail) and want to now what type of filesystem to use on it > to increase performance. I read that XFS is a good choice, but is not > too reliable... With only a single spindle of seek performance, which is what mirroring (RAID 1) gives you, about 150-300 seeks/second depending on which disks you use, the filesystem will not be a limiting factor, no matter which one you choose. The low IOPS of the disk will limit your performance. Thus, choose the filesystem you are most comfortable, and experienced, in managing. All other factors being equal (proper fit, use, administration, etc) XFS is as reliable, if not more reliable, than any other Linux filesystem. I'm guessing that what you read related to a bug that was fixed in 2007, which previously could cause corruption in certain circumstances, mainly with many transactions in flight during a power failure, i.e. no UPS or a failed UPS. -- Stan From stan at hardwarefreak.com Fri Aug 19 11:48:00 2011 From: stan at hardwarefreak.com (Stan Hoeppner) Date: Fri, 19 Aug 2011 03:48:00 -0500 Subject: [Dovecot] mail spool filesystem In-Reply-To: <20110817164207.2e9c1d49@echelon.ethz.ch> References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> Message-ID: <4E4E2340.4010001@hardwarefreak.com> On 8/17/2011 9:42 AM, Adrian Ulrich wrote: >> I read that XFS is a good choice, but is not >> too reliable... > > Are you using Maildir or MBOX? > > In any case: XFS would be my last choice: > > XFS is nice if you are working with large files (> 2GB), but > for E-Mail i'd stick with ext3 (or maybe even reiser3) > as it works very well with small files. XFS was designed for parallelism, whether with large files or small, though it has been optimized a bit more for large file throughput. In yet another attempt to dispel the XFS "small file problem" myth, XFS has never had a performance problem with "small" files. In the past XFS did have a performance problem with large metadata operations due to the way the delayed allocation had been designed. The perennial example of this was the horrible unlink performance when whacking a kernel tree with 'rm -rf'. It used to take forever, multiple tens of times slower than Reiser or EXT. This metadata bottleneck in the delayed allocation path was largely resolved by Dave Chinner's delayed logging patch which was experimental in 2.6.35 and is enabled by default in 2.6.39 and later. XFS metadata performance is now on par with that of EXT3/4. Because of this, and XFS' use of allocation groups, today, for a busy IMAP server with lots of maildir mailboxen, one of the highest performance storage stack setups is the following: 1. A dozen or more hardware or software RAID1 mirrors 2. A linear concat over the mirrors 3. XFS with 2*num_mirrors allocation groups, mounted with 'inode64' 4. maildir mailboxes This setup will give you significantly higher real IOPS than any striped array setup with any filesystem atop, for a couple of reasons: 1. No partial stripe width writes, and no unnecessary full stripe reads. All reads and writes match the page size and filesystem block size of 4KB. 2. In the example above, you have two AGs per mirror pair, 24 total AGs on 12 mirrors. The first two maildir directories will be created in AGs 1 and 2 on the first mirror. The second two in AGs 3 & 4 on the 2nd mirror pair, and so on. The 25th/26th directories will 'wrap' back to AGs 1 & 2 and the directory creation pattern will continue. Because of its allocation group design XFS is the only filesystem that can accomplish this level of parallelism with a concatenated array and small email files. All others must rely on striped arrays, either RAID10 or 5/6. These come with the inefficiencies of writing/reading files as small as 2KB on a stripe ranging from 256KB-1MB or larger, depending on the number of disks in the array and the chosen stripe size. If you have a high write load, the Linux allocator will pack multiple files into a single stripe, but one rarely sees 100% efficiency here. Even at 100% on writes, at low read rates, you end up reading a lot of full 256KB-1MB stripes just to get a 2KB file, wasting bandwidth and filling up the buffer cache with unneeded data, not to mention any read cache on your hardware RAID controller or SAN head. The only potential downside to this setup is the rare situation where your current logged in users all have their mailbox in the same AG or two AGs on the same spindle. I've yet to see this happen, though it is a theoretical possibility, though the probability is extremely low. -- Stan From amateo at um.es Fri Aug 19 12:13:21 2011 From: amateo at um.es (Angel L. Mateo) Date: Fri, 19 Aug 2011 11:13:21 +0200 Subject: [Dovecot] Update indexes with dovecot 1.1 Message-ID: <4E4E2931.9020303@um.es> Hello, I have a farm of dovecot 1.1 servers (debian lenny). Mailboxes are in Maildir format. Is there any way to manually update indexes? Does it worth? I mean... Our problem is that mail is delivered via dovecot lda, but, because we have a farm of servers, we don't guarantee that mail is delivered through the same server that the user is using for his imap connection, so the imap server could have this index unupdated. So I want to force an update (or at least nearly updated) in order to have the index updated in all servers at the time the user get to work. -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From voytek at sbt.net.au Fri Aug 19 13:11:29 2011 From: voytek at sbt.net.au (voytek at sbt.net.au) Date: Fri, 19 Aug 2011 21:11:29 +1100 Subject: [Dovecot] ot: iPhone crashed, re-downloading all messages Message-ID: <1d823fe9127254a3b79cfc6002db816f.squirrel@sbt.net.au> I have a 'problem', after iPhone lockup/reset, iPhone now wanting to re-download hundreds of messages of Dovecot 1.x server, is there any fix to reset iPhone counter or ?? From pw at wk-serv.de Fri Aug 19 13:15:37 2011 From: pw at wk-serv.de (Patrick Westenberg) Date: Fri, 19 Aug 2011 12:15:37 +0200 Subject: [Dovecot] Update indexes with dovecot 1.1 In-Reply-To: <4E4E2931.9020303@um.es> References: <4E4E2931.9020303@um.es> Message-ID: On Fri, 19 Aug 2011 11:13:21 +0200, "Angel L. Mateo" wrote: > Is there any way to manually update indexes? As far as I understood, you just have to delete the index files and Dovecot will regenerate them when a user logs in the next time. Regards Patrick From amateo at um.es Fri Aug 19 13:35:59 2011 From: amateo at um.es (Angel L. Mateo) Date: Fri, 19 Aug 2011 12:35:59 +0200 Subject: [Dovecot] Update indexes with dovecot 1.1 In-Reply-To: References: <4E4E2931.9020303@um.es> Message-ID: <4E4E3C8F.6070107@um.es> El 19/08/11 12:15, Patrick Westenberg escribi?: > On Fri, 19 Aug 2011 11:13:21 +0200, "Angel L. Mateo" wrote: > >> Is there any way to manually update indexes? > > As far as I understood, you just have to delete the index files and > Dovecot will regenerate them when a user logs in the next time. > But I want the index to be generated (or updated) before the user login. -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From kunal.gurukul at gmail.com Fri Aug 19 13:37:46 2011 From: kunal.gurukul at gmail.com (kunal verma) Date: Fri, 19 Aug 2011 16:07:46 +0530 Subject: [Dovecot] dovecot deadlock with procmail Message-ID: I m using dovecot 1.0.7. I m having problems in mail delivery to my mail server locally. When a user sends a mail few mails are in mail Q for longer period of time. The local delivery agent(*procmail*) is trying to deliver the mail at regular interval but it is unable to deliver. But as soon as I *restart* *dovecot* the mails in the Q are delivered immediately. I suspect it is because of locking of *mbox* file of users by dovecot. How to overcome this problem as mails are some mails are taking hours to be delivered?? please let me know the solution. Kunal Verma From kzorba at otenet.gr Fri Aug 19 17:52:36 2011 From: kzorba at otenet.gr (Kostas Zorbadelos) Date: Fri, 19 Aug 2011 17:52:36 +0300 Subject: [Dovecot] Bug report v2.0.13 - CentOS x86_64 - NFS - mbox - Problem reproduced In-Reply-To: <4E4D0D9C.6000600@otenet.gr> References: <4E294AC0.2060706@otenet.gr> <4E425874.6040507@otenet.gr> <1313355050.10421.1285.camel@hurina> <20110815111701.68513psu7vb3wflp@noc.otenet.gr> <4E4A73AE.7090402@otenet.gr> <4E4D0D9C.6000600@otenet.gr> Message-ID: <4E4E78B4.9070102@otenet.gr> The problem is more easily introduced than I imagined. Included attached is an example mailbox containing just 3 mails. Use it to make a couple of POP sessions. Make sure indexes are generated for it by setting appropriately mbox_min_index_size e.g. mbox_min_index_size = 2k Now, in the first session just generate the indexes and quit kzorba at enigma(1)[05:23 PM]~->telnet dovecot-dev 110 Trying ... Connected to dovecot-dev. Escape character is '^]'. +OK OTENET ready user kzorba1 +OK pass XXXXXXX +OK Logged in. LIST +OK 3 messages: 1 812 2 821 3 816 . quit +OK Logging out. Connection closed by foreign host. In the second session we LIST and try to DELE a message kzorba at enigma(1)[05:25 PM]~->telnet dovecot-dev 110 Trying ... Connected to dovecot-dev. Escape character is '^]'. +OK OTENET ready user kzorba1 +OK pass XXXXXXX +OK Logged in. LIST +OK 3 messages: 1 812 2 821 3 816 . dele 2 +OK Marked to be deleted. quit Connection closed by foreign host. In the server logs we get Aug 19 17:25:24 dovecot dovecot: master: Error: service(pop3): child 3489 killed with signal 11 (core dumped) With the backtrace: #0 0x00002b9ca3e93dce in istream_raw_mbox_get_start_offset (stream=0x0) at istream-raw-mbox.c:498 #1 0x00002b9ca3e97956 in mbox_mail_get_special (_mail=0x101cf7d0, field=MAIL_FETCH_GUID, value_r=0x7fff1fd69798) at mbox-mail.c:198 #2 0x00002b9ca3e47729 in mail_get_special (mail=0x101cf7d0, field=MAIL_FETCH_GUID, value_r=0x7fff1fd69798) at mail.c:188 #3 0x00002b9ca3e6d133 in index_mail_expunge (mail=0x101cf7d0) at index-mail.c:1503 #4 0x00002b9ca3e4784d in mail_expunge (mail=0x101cf7d0) at mail.c:233 #5 0x0000000000406272 in client_update_mails (client=0x101baa00) at pop3-commands.c:255 #6 0x000000000040635a in cmd_quit (client=0x101baa00, args=0x407f62 "") at pop3-commands.c:274 #7 0x000000000040774a in client_command_execute (client=0x101baa00, name=0x101960c0 "QUIT", args=0x407f62 "") at pop3-commands.c:773 #8 0x000000000040567c in client_handle_input (client=0x101baa00) at pop3-client.c:628 #9 0x0000000000405870 in client_input (client=0x101baa00) at pop3-client.c:681 #10 0x00002b9ca418af83 in io_loop_call_io (io=0x101b61d0) at ioloop.c:384 #11 0x00002b9ca418c685 in io_loop_handler_run (ioloop=0x1019e610) at ioloop-epoll.c:213 #12 0x00002b9ca418b024 in io_loop_run (ioloop=0x1019e610) at ioloop.c:405 #13 0x00002b9ca4171ca2 in master_service_run (service=0x1019e4e0, callback=0x403bab ) at master-service.c:478 #14 0x0000000000403e14 in main (argc=1, argv=0x1019e370) at main.c:252 I guess something is wrong in the indexing code because if I disable the index creation using an appropriate value for mbox_min_index_size everything works as expected and mails are deleted. In our case, all clients that leave messages on server cannot actually delete messages from their inboxes. Clients with Thunderbird, keep getting the mails after they delete them, customers with Outlook don't see them again, but the deleted messages remain in the server. Needless to say that I will try to provide a patch but it will take me far more time than any developer familiar with the code already. Regards, Kostas -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: kzorba1.problem.mbox URL: From fbscarel at gmail.com Fri Aug 19 19:14:35 2011 From: fbscarel at gmail.com (Felipe Scarel) Date: Fri, 19 Aug 2011 13:14:35 -0300 Subject: [Dovecot] Sharing all mailboxes and userdb LDAP attrs Message-ID: Hello all, I'm setting up a Dovecot environment here, version 1.2.15 on Debian 6.0.2 "squeeze". This is actually a complete revamp of the previous setup we have in-place here, built from the ground up with updated versions of all involved software. The operators have told me that they use some scripts hacked up by a previous sysadmin to give a single "admin" account full access to all user mail. That is, if any user runs into problems, they: 1. Call in; 2. The operator logs in as the admin user; 3. Operator performs maintenance duties on user email. I've been researching the possibility of using Dovecot shared namespaces to perform that very same task in a better fashion in this new server. So far, I've been able to globally share users' INBOXes and view them from a single admin account (through user= entries on global acl's). My ultimate goal, however, is to have access to all user mailboxes with any user that's a member of a particular group, adding all operators to that group as needed. - - - - - First question, then, is this one: how can I give global access to all user mailboxes? I've read that it's possible to give access to all subfolders of a particular folder throught the use of a .DEFAUL acl. That didn't seem to work with the uppermost directory, however. Here's what I tried: root at mail:/etc/dovecot# dovecot -a | grep acl: acl: vfile:/etc/dovecot/acl:cache_secs=300 root at mail:/etc/dovecot# cat acl/.DEFAULT owner lrwstipekxa user=admin lrwstipekxa Renaming .DEFAULT to INBOX does achieve the intended goal, but only for the INBOX folder evidently. - - - - - Second question is somewhat simpler. So far I've been using a single admin user, but I'd like to switch to using an admin group in the future. I've read that the best way to do that would be to use the user_attrs entry in my dovecot-ldap.conf file, while using a userdb ldap. The groups should be strings separated by commas in the appropriate attribute, from what I understand. Is there any readily-available or recommended schema I can use to fill up that attribute? I'm using the default ones (plus samba.schema) but I've seen mostly space to fit GID's, not group names. Thanks in advance, fbscarel PS: Here's my dovecot -a output, should it be needed. - - - - - root at mailaluno:~# dovecot -a # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 base_dir: /var/run/dovecot log_path: /var/log/dovecot/error.log info_log_path: /var/log/dovecot/info.log log_timestamp: %Y-%m-%d %H:%M:%S syslog_facility: mail protocols: imap pop3 pop3s managesieve listen(default): * listen(imap): * listen(pop3): * listen(managesieve): localhost:2000 ssl_listen: 127.0.0.1 ssl: yes ssl_ca_file: ssl_cert_file: /etc/ssl/certs/dovecot.pem ssl_key_file: /etc/ssl/private/dovecot.pem ssl_key_password: ssl_parameters_regenerate: 168 ssl_cipher_list: ssl_cert_username_field: commonName ssl_verify_client_cert: no disable_plaintext_auth: no verbose_ssl: yes shutdown_clients: yes nfs_check: yes version_ignore: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login login_user: dovecot login_greeting: Server ready. login_log_format_elements: user=<%u> method=%m rip=%r lip=%l %c login_log_format: %$: %s login_process_per_connection: no login_chroot: yes login_trusted_networks: login_process_size: 64 login_processes_count: 5 login_max_processes_count: 128 login_max_connections: 256 valid_chroot_dirs: mail_chroot: max_mail_processes: 512 mail_max_userip_connections: 10 verbose_proctitle: no first_valid_uid: 108 last_valid_uid: 0 first_valid_gid: 112 last_valid_gid: 0 mail_access_groups: mail_privileged_group: mail mail_uid: mail_gid: mail_location: mail_cache_fields: mail_never_cache_fields: imap.envelope mail_cache_min_mail_count: 0 mailbox_idle_check_interval: 30 mail_debug: yes mail_full_filesystem_access: no mail_max_keyword_length: 50 mail_save_crlf: no mmap_disable: no dotlock_use_excl: yes fsync_disable: no mail_nfs_storage: no mail_nfs_index: no mailbox_list_index_disable: yes lock_method: fcntl maildir_stat_dirs: no maildir_copy_with_hardlinks: yes maildir_copy_preserve_filename: no maildir_very_dirty_syncs: no mbox_read_locks: fcntl mbox_write_locks: fcntl dotlock mbox_lock_timeout: 300 mbox_dotlock_change_timeout: 120 mbox_min_index_size: 0 mbox_dirty_syncs: yes mbox_very_dirty_syncs: no mbox_lazy_writes: yes dbox_rotate_size: 2048 dbox_rotate_min_size: 16 dbox_rotate_days: 1 mail_drop_priv_before_exec: no mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_process_size: 256 mail_plugins(default): quota imap_quota trash mail_log acl imap_acl mail_plugins(imap): quota imap_quota trash mail_log acl imap_acl mail_plugins(pop3): quota mail_log mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve mail_log_prefix: %Us(%u): mail_log_max_lines_per_sec: 0 imap_max_line_length: 65536 imap_capability: imap_client_workarounds: imap_logout_format: bytes=%i/%o imap_id_send: imap_id_log: imap_idle_notify_interval: 120 pop3_no_flag_updates: no pop3_enable_last: no pop3_reuse_xuidl: no pop3_save_uidl: no pop3_lock_session: no pop3_uidl_format: %08Xu%08Xv pop3_client_workarounds: pop3_logout_format: top=%t/%p, retr=%r/%b, del=%d/%m, size=%s dict_db_config: dict_process_count: 1 managesieve_max_line_length: 65536 managesieve_logout_format: bytes=%i/%o managesieve_implementation_string: dovecot namespace: type: private separator: / prefix: location: maildir:/vmail/%Ln/Maildir alias_for: inbox: yes hidden: no list: yes subscriptions: yes namespace: type: shared separator: / prefix: shared/%%n/ location: maildir:/vmail/%%n/Maildir:INDEX=/vmail/%n/Maildir/shared/%%n alias_for: inbox: no hidden: no list: yes subscriptions: no lda: postmaster_address: xxx at xxx mail_plugins: quota sieve trash acl auth default: mechanisms: plain login realms: default_realm: cache_size: 0 cache_ttl: 3600 cache_negative_ttl: 3600 executable: /usr/lib/dovecot/dovecot-auth user: vmail chroot: username_chars: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ username_translation: username_format: %Lu master_user_separator: * anonymous_username: anonymous krb5_keytab: gssapi_hostname: winbind_helper_path: /usr/bin/ntlm_auth failure_delay: 2 verbose: no debug: no debug_passwords: no ssl_require_client_cert: no ssl_username_from_cert: no use_winbind: no count: 1 worker_max_count: 30 process_size: 256 passdb: driver: passwd-file args: /etc/dovecot/passwd.masterusers deny: no pass: no master: yes passdb: driver: shadow args: deny: no pass: no master: no passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf deny: no pass: no master: no userdb: driver: passwd args: userdb: driver: static args: uid=vmail gid=vmail home=/vmail/%Ln allow_all_users=yes socket: type: listen master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail plugin: quota: maildir:User quota quota_rule: *:storage=1G quota_rule2: Trash:storage=100M acl: vfile:/etc/dovecot/acl:cache_secs=300 acl_shared_dict: file:/vmail/shared_mboxes trash: /etc/dovecot/dovecot-trash.conf mail_log_events: delete mailbox_delete mail_log_fields: uid box msgid size sieve: ~/.dovecot.sieve sieve_dir: ~/sieve sieve_before: /vmail/default.sieve From wgillespie+dovecot at es2eng.com Fri Aug 19 19:39:31 2011 From: wgillespie+dovecot at es2eng.com (Willie Gillespie) Date: Fri, 19 Aug 2011 10:39:31 -0600 Subject: [Dovecot] ot: iPhone crashed, re-downloading all messages In-Reply-To: <1d823fe9127254a3b79cfc6002db816f.squirrel@sbt.net.au> References: <1d823fe9127254a3b79cfc6002db816f.squirrel@sbt.net.au> Message-ID: <4E4E91C3.8010106@es2eng.com> On 8/19/2011 4:11 AM, voytek at sbt.net.au wrote: > I have a 'problem', after iPhone lockup/reset, iPhone now wanting to > re-download hundreds of messages of Dovecot 1.x server, is there any fix > to reset iPhone counter or ?? I thought the iPhone only grabbed the last 25-200 messages (depending on which setting you chose) and would only get more if you scroll to the bottom and tap "Load More Messages..." Willie (sorry for the double post when the moderated one makes it through) From CMarcus at Media-Brokers.com Fri Aug 19 19:44:30 2011 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 19 Aug 2011 12:44:30 -0400 Subject: [Dovecot] Sharing all mailboxes and userdb LDAP attrs In-Reply-To: References: Message-ID: <4E4E92EE.4090604@Media-Brokers.com> On 2011-08-19 12:14 PM, Felipe Scarel wrote: > I'm setting up a Dovecot environment here, version 1.2.15 on Debian 6.0.2 > "squeeze". This is actually a complete revamp of the previous setup we have > in-place here, built from the ground up with updated versions of all > involved software. > > The operators have told me that they use some scripts hacked up by a > previous sysadmin to give a single "admin" account full access to all user > mail. That is, if any user runs into problems, they: 1. Call in; 2. The > operator logs in as the admin user; 3. Operator performs maintenance duties > on user email. Isn't this what master users are for? http://wiki2.dovecot.org/Authentication/MasterUsers -- Best regards, Charles From sethm at rollernet.us Fri Aug 19 20:49:01 2011 From: sethm at rollernet.us (Seth Mattinen) Date: Fri, 19 Aug 2011 10:49:01 -0700 Subject: [Dovecot] mail spool filesystem In-Reply-To: <20110817164207.2e9c1d49@echelon.ethz.ch> References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> Message-ID: <4E4EA20D.6090404@rollernet.us> On 8/17/11 7:42 AM, Adrian Ulrich wrote: >> I read that XFS is a good choice, but is not >> too reliable... > > Are you using Maildir or MBOX? > > In any case: XFS would be my last choice: > > XFS is nice if you are working with large files (> 2GB), but > for E-Mail i'd stick with ext3 (or maybe even reiser3) > as it works very well with small files. > I'd have to disagree. This is completely anecdotal, but I originally deployed ext3 on all of my mail servers (Dovecot maildir) and spools (Postfix) until they started exhibiting loading issues when busy. Reformatting into XFS resolved the problem with no other changes. I didn't have time to do any comparisons or gather statistics since it was an emergency situation and this was before ext4, but XFS has performed flawlessly for me. ~Seth From fbscarel at gmail.com Fri Aug 19 21:40:45 2011 From: fbscarel at gmail.com (Felipe Scarel) Date: Fri, 19 Aug 2011 15:40:45 -0300 Subject: [Dovecot] Sharing all mailboxes and userdb LDAP attrs In-Reply-To: <4E4E92EE.4090604@Media-Brokers.com> References: <4E4E92EE.4090604@Media-Brokers.com> Message-ID: You know when you ask that stupid question and then realize you had it all along? Duh... And to top it off, I HAVE configured a master user on my Dovecot install and wasn't using it... man, do I feel stupid now! :) Thanks a bunch Charles! On Fri, Aug 19, 2011 at 13:44, Charles Marcus wrote: > On 2011-08-19 12:14 PM, Felipe Scarel wrote: > > I'm setting up a Dovecot environment here, version 1.2.15 on Debian 6.0.2 > > "squeeze". This is actually a complete revamp of the previous setup we > have > > in-place here, built from the ground up with updated versions of all > > involved software. > > > > The operators have told me that they use some scripts hacked up by a > > previous sysadmin to give a single "admin" account full access to all > user > > mail. That is, if any user runs into problems, they: 1. Call in; 2. The > > operator logs in as the admin user; 3. Operator performs maintenance > duties > > on user email. > > Isn't this what master users are for? > > http://wiki2.dovecot.org/Authentication/MasterUsers > > -- > > Best regards, > > Charles > From fbscarel at gmail.com Fri Aug 19 21:45:33 2011 From: fbscarel at gmail.com (Felipe Scarel) Date: Fri, 19 Aug 2011 15:45:33 -0300 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4EA20D.6090404@rollernet.us> References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4EA20D.6090404@rollernet.us> Message-ID: I'm testing out ZFS-fuse on my new install (talked about it on the other thread), no issues so far. The builtin deduplication and compression sure do help a lot, roughly 30% less storage space required so far. They don't advertise it as exactly "production" quality, but I'm willing to try it out, we're doing regular backups. The mail system hasn't gone live yet though, so I'm a bit uneasy on the performance side of things under heavy load. On Fri, Aug 19, 2011 at 14:49, Seth Mattinen wrote: > On 8/17/11 7:42 AM, Adrian Ulrich wrote: > >> I read that XFS is a good choice, but is not > >> too reliable... > > > > Are you using Maildir or MBOX? > > > > In any case: XFS would be my last choice: > > > > XFS is nice if you are working with large files (> 2GB), but > > for E-Mail i'd stick with ext3 (or maybe even reiser3) > > as it works very well with small files. > > > > I'd have to disagree. This is completely anecdotal, but I originally > deployed ext3 on all of my mail servers (Dovecot maildir) and spools > (Postfix) until they started exhibiting loading issues when busy. > Reformatting into XFS resolved the problem with no other changes. I > didn't have time to do any comparisons or gather statistics since it was > an emergency situation and this was before ext4, but XFS has performed > flawlessly for me. > > ~Seth > > From mcguire at neurotica.com Fri Aug 19 21:48:54 2011 From: mcguire at neurotica.com (Dave McGuire) Date: Fri, 19 Aug 2011 14:48:54 -0400 Subject: [Dovecot] mail spool filesystem In-Reply-To: References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4EA20D.6090404@rollernet.us> Message-ID: <4E4EB016.6020509@neurotica.com> On 08/19/2011 02:45 PM, Felipe Scarel wrote: > I'm testing out ZFS-fuse on my new install (talked about it on the other > thread), no issues so far. The builtin deduplication and compression sure do > help a lot, roughly 30% less storage space required so far. > > They don't advertise it as exactly "production" quality, but I'm willing to > try it out, we're doing regular backups. The mail system hasn't gone live > yet though, so I'm a bit uneasy on the performance side of things under > heavy load. You are aware that there's a real in-kernel ZFS implementation under Linux now, right? See http://zfsonlinux.org/. I've done some very basic testing with it, and so far, it works. Going through FUSE is slower than pissing tar; this implementation won't have that problem. FUSE is useful for many things. Performance-sensitive filesystems on production servers is oh-so-NOT one of them. ;) -Dave -- Dave McGuire Port Charlotte, FL From fbscarel at gmail.com Fri Aug 19 21:57:52 2011 From: fbscarel at gmail.com (Felipe Scarel) Date: Fri, 19 Aug 2011 15:57:52 -0300 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4EB016.6020509@neurotica.com> References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4EA20D.6090404@rollernet.us> <4E4EB016.6020509@neurotica.com> Message-ID: I was not aware of that... I went with FUSE to test the deduplication feature of ZFS. I'll check out this link you've provided, many thanks Dave. :) On Fri, Aug 19, 2011 at 15:48, Dave McGuire wrote: > On 08/19/2011 02:45 PM, Felipe Scarel wrote: > >> I'm testing out ZFS-fuse on my new install (talked about it on the other >> thread), no issues so far. The builtin deduplication and compression sure >> do >> help a lot, roughly 30% less storage space required so far. >> >> They don't advertise it as exactly "production" quality, but I'm willing >> to >> try it out, we're doing regular backups. The mail system hasn't gone live >> yet though, so I'm a bit uneasy on the performance side of things under >> heavy load. >> > > You are aware that there's a real in-kernel ZFS implementation under Linux > now, right? See http://zfsonlinux.org/. I've done some very basic > testing with it, and so far, it works. Going through FUSE is slower than > pissing tar; this implementation won't have that problem. > > FUSE is useful for many things. Performance-sensitive filesystems on > production servers is oh-so-NOT one of them. ;) > > -Dave > > -- > Dave McGuire > Port Charlotte, FL > From mcguire at neurotica.com Fri Aug 19 22:01:09 2011 From: mcguire at neurotica.com (Dave McGuire) Date: Fri, 19 Aug 2011 15:01:09 -0400 Subject: [Dovecot] mail spool filesystem In-Reply-To: References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4EA20D.6090404@rollernet.us> <4E4EB016.6020509@neurotica.com> Message-ID: <4E4EB2F5.5030405@neurotica.com> Good luck! FYI, my mail spools are on ZFS filesystems under Solaris on UltraSPARC. It is lightning fast with 100+ dovecot imap processes pounding away. I've not yet enabled compression and done the copy/recopy dance, though. -Dave On 08/19/2011 02:57 PM, Felipe Scarel wrote: > I was not aware of that... I went with FUSE to test the deduplication > feature of ZFS. I'll check out this link you've provided, many thanks Dave. > :) > > On Fri, Aug 19, 2011 at 15:48, Dave McGuire wrote: > >> On 08/19/2011 02:45 PM, Felipe Scarel wrote: >> >>> I'm testing out ZFS-fuse on my new install (talked about it on the other >>> thread), no issues so far. The builtin deduplication and compression sure >>> do >>> help a lot, roughly 30% less storage space required so far. >>> >>> They don't advertise it as exactly "production" quality, but I'm willing >>> to >>> try it out, we're doing regular backups. The mail system hasn't gone live >>> yet though, so I'm a bit uneasy on the performance side of things under >>> heavy load. >>> >> >> You are aware that there's a real in-kernel ZFS implementation under Linux >> now, right? See http://zfsonlinux.org/. I've done some very basic >> testing with it, and so far, it works. Going through FUSE is slower than >> pissing tar; this implementation won't have that problem. >> >> FUSE is useful for many things. Performance-sensitive filesystems on >> production servers is oh-so-NOT one of them. ;) >> >> -Dave >> >> -- >> Dave McGuire >> Port Charlotte, FL >> > -- Dave McGuire Port Charlotte, FL From fbscarel at gmail.com Fri Aug 19 22:07:56 2011 From: fbscarel at gmail.com (Felipe Scarel) Date: Fri, 19 Aug 2011 16:07:56 -0300 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4EB2F5.5030405@neurotica.com> References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4EA20D.6090404@rollernet.us> <4E4EB016.6020509@neurotica.com> <4E4EB2F5.5030405@neurotica.com> Message-ID: Thanks, I've read some of the FAQ and install instructions and it seems pretty straightforward... I wish I could use Solaris but we're virtualizing everything on our Dell blade through VMWare ESXi and it's somewhat of a "company policy" to use the template Debian that's maintained by the senior sysadmin. About the compression, I've read some benchmarks/tests and the default lzjb algorithm seems to be a good cost/benefit for the usual applications. Without many reads to the filesystem, gzip compresses a whole lot better tho. On Fri, Aug 19, 2011 at 16:01, Dave McGuire wrote: > > Good luck! > > FYI, my mail spools are on ZFS filesystems under Solaris on UltraSPARC. > It is lightning fast with 100+ dovecot imap processes pounding away. I've > not yet enabled compression and done the copy/recopy dance, though. > > -Dave > > > On 08/19/2011 02:57 PM, Felipe Scarel wrote: > >> I was not aware of that... I went with FUSE to test the deduplication >> feature of ZFS. I'll check out this link you've provided, many thanks >> Dave. >> :) >> >> On Fri, Aug 19, 2011 at 15:48, Dave McGuire >> wrote: >> >> On 08/19/2011 02:45 PM, Felipe Scarel wrote: >>> >>> I'm testing out ZFS-fuse on my new install (talked about it on the other >>>> thread), no issues so far. The builtin deduplication and compression >>>> sure >>>> do >>>> help a lot, roughly 30% less storage space required so far. >>>> >>>> They don't advertise it as exactly "production" quality, but I'm willing >>>> to >>>> try it out, we're doing regular backups. The mail system hasn't gone >>>> live >>>> yet though, so I'm a bit uneasy on the performance side of things under >>>> heavy load. >>>> >>>> >>> You are aware that there's a real in-kernel ZFS implementation under >>> Linux >>> now, right? See http://zfsonlinux.org/. I've done some very basic >>> testing with it, and so far, it works. Going through FUSE is slower than >>> pissing tar; this implementation won't have that problem. >>> >>> FUSE is useful for many things. Performance-sensitive filesystems on >>> production servers is oh-so-NOT one of them. ;) >>> >>> -Dave >>> >>> -- >>> Dave McGuire >>> Port Charlotte, FL >>> >>> >> > > -- > Dave McGuire > Port Charlotte, FL > From mcguire at neurotica.com Fri Aug 19 22:15:18 2011 From: mcguire at neurotica.com (Dave McGuire) Date: Fri, 19 Aug 2011 15:15:18 -0400 Subject: [Dovecot] mail spool filesystem In-Reply-To: References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4EA20D.6090404@rollernet.us> <4E4EB016.6020509@neurotica.com> <4E4EB2F5.5030405@neurotica.com> Message-ID: <4E4EB646.6030701@neurotica.com> On 08/19/2011 03:07 PM, Felipe Scarel wrote: > Thanks, I've read some of the FAQ and install instructions and it seems > pretty straightforward... I wish I could use Solaris but we're virtualizing > everything on our Dell blade through VMWare ESXi and it's somewhat of a > "company policy" to use the template Debian that's maintained by the senior > sysadmin. Ahh, "company policies"...restricting innovation and hampering productivity and efficiencty for decades! > About the compression, I've read some benchmarks/tests and the default lzjb > algorithm seems to be a good cost/benefit for the usual applications. > Without many reads to the filesystem, gzip compresses a whole lot better > tho. I agree. I'm running a biggish Usenet news server in a similar configuration, but with compression enabled. I'm getting compression ratios of 1.26x with a ~12GB news spool, using gzip compression. I was expecting a bit more compression, but I'm certainly not complaining. -Dave -- Dave McGuire Port Charlotte, FL From thomas-lists at nybeta.com Fri Aug 19 22:40:28 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Fri, 19 Aug 2011 15:40:28 -0400 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4BC0CC.5010908@psi.com.br> References: <4E4BC0CC.5010908@psi.com.br> Message-ID: <4E4EBC2C.6040300@nybeta.com> On 8/17/2011 9:23 AM, Julio Cesar Covolato wrote: > Hi! > > I?m about to migrate a system whith 5000 accounts whith (~ 500GB) from > "postfix/courier-imap/maildrop/mysql" to a new hardware whith > "postfix/dovecot/dovecot/mysql". > > I?ll make a separate partition (raid 1) for the mail spool > (/var/spool/vmail) and want to now what type of filesystem to use on it > to increase performance. I read that XFS is a good choice, but is not > too reliable... We run ext3 and ext4. Individual mailboxes with a few hundred thousand messages in Maildir on top of ext3 ran fine (800k messages, 4GB mailbox was not unusual). Slowly migrating file systems over to ext4 as we have time (or rollout new hardware). Frankly, for that big of a mail store, I'd go with RAID 1+0 over a minimum of 4 spindles for the storage of the mbox / Maildir files. If you have heavy usage, seek time might be your biggest enemy. Keeping the postfix spools (/var/spool/postfix) on a separate set of disks (like the RAID 1 array that you use to run the operating system off of) helps. From jtam.home at gmail.com Fri Aug 19 23:41:48 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Fri, 19 Aug 2011 13:41:48 -0700 (PDT) Subject: [Dovecot] Update indexes with dovecot 1.1 In-Reply-To: References: Message-ID: Angel L. Mateo writes: > I have a farm of dovecot 1.1 servers (debian lenny). Mailboxes are in > Maildir format. > > Is there any way to manually update indexes? > > Does it worth? I mean... Our problem is that mail is delivered via > dovecot lda, but, because we have a farm of servers, we don't guarantee > that mail is delivered through the same server that the user is using > for his imap connection, so the imap server could have this index > unupdated. So I want to force an update (or at least nearly updated) > in order to have the index updated in all servers at the time the user > get to work. Upgrading to Dovecot2 would allow you to solve this in various ways: - use "doveadm force-resync" - user director to bind to a particular server You could put the indices on a shared filesystem. If neither an update nor shared indices are feasible, maybe you can enable the master user feature, and run a script that logs in as each user and do an IMAP operation that will force a resync of the INBOX indices. For example, # On IMAP server with a localhost interface for u in $users; do echo "1 login $u*master masterpw\n2 SELECT INBOX\n3 logout" | \ nc 127.0.0.1 143 done Joseph Tam From compconsultant at yahoo.com Sun Aug 21 00:38:25 2011 From: compconsultant at yahoo.com (Steve Fatula) Date: Sat, 20 Aug 2011 14:38:25 -0700 (PDT) Subject: [Dovecot] Disconnected: Too many invalid IMAP commands Message-ID: <1313876305.95659.YahooMailNeo@web39405.mail.mud.yahoo.com> Using current Apple mail 4.5 as client to Dovecot 2.0.13 I see lots of these messages in the log file for one machine and account. Near as I can tell, the client still works (it's mine), but, the messages concern me. Is there some known issue with Apple mail, or, if not, how to capture the information needed to debug? Sample log entires for my user matching on the message: Aug 20 16:28:36 host2 dovecot: imap(soho.steve): Disconnected: Too many invalid IMAP commands. bytes=3242/14672 Aug 20 16:28:43 host2 dovecot: imap(soho.steve): Disconnected: Too many invalid IMAP commands. bytes=14219/231327 Aug 20 16:29:50 host2 dovecot: imap(soho.steve): Disconnected: Too many invalid IMAP commands. bytes=640/1968 Aug 20 16:29:57 host2 dovecot: imap(soho.steve): Disconnected: Too many invalid IMAP commands. bytes=3521/2024 Aug 20 16:30:04 host2 dovecot: imap(soho.steve): Disconnected: Too many invalid IMAP commands. bytes=6690/3415 Aug 20 16:30:05 host2 dovecot: imap(soho.steve): Disconnected: Too many invalid IMAP commands. bytes=5098/15294 Aug 20 16:30:06 host2 dovecot: imap(soho.steve): Disconnected: Too many invalid IMAP commands. bytes=706/15684 ? Steve From sahil at FreeBSD.org Sun Aug 21 02:25:21 2011 From: sahil at FreeBSD.org (Sahil Tandon) Date: Sat, 20 Aug 2011 19:25:21 -0400 Subject: [Dovecot] Disconnected: Too many invalid IMAP commands In-Reply-To: <1313876305.95659.YahooMailNeo@web39405.mail.mud.yahoo.com> References: <1313876305.95659.YahooMailNeo@web39405.mail.mud.yahoo.com> Message-ID: <20110820232521.GB1896@magic.hamla.org> On Sat, 2011-08-20 at 14:38:25 -0700, Steve Fatula wrote: > I see lots of these messages in the log file for one machine and > account. Near as I can tell, the client still works (it's mine), but, > the messages concern me. > > Is there some known issue with Apple mail, or, if not, how to capture > the information needed to debug? Use tcpdump to packet capture the problematic session. -- Sahil Tandon From research at the10thfloor.com Sun Aug 21 23:24:04 2011 From: research at the10thfloor.com (research at the10thfloor.com) Date: Sun, 21 Aug 2011 20:24:04 -0000 (UTC) Subject: [Dovecot] Help With 'No SASL Authentication Mechanisms' Error Message-ID: <36124.99.249.115.73.1313958244.squirrel@www.the10thfloor.com> Hi, I'm trying to configure a new server with dovecot 2.0 and postfix 2.6.6. My previous servers have all been dovecot 1.x. Trying to port over my previous configurations has been a real headache. Currently, I'm getting the following errors when trying to connect with: openssl s_client -starttls smtp -connect localhost:25 Aug 21 19:08:46 localhost postfix/smtpd[26252]: connect from localhost[::1] Aug 21 19:08:46 localhost postfix/smtpd[26252]: warning: SASL: Connect to private/auth failed: Permission denied Aug 21 19:08:46 localhost postfix/smtpd[26252]: fatal: no SASL authentication mechanisms Aug 21 19:08:47 localhost postfix/master[26226]: warning: process /usr/libexec/postfix/smtpd pid 26252 exit status 1 Aug 21 19:08:47 localhost postfix/master[26226]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling If someone could help me out I'd really appreciate it. My Dovecot and Postfix configuration changes are below... Thanks, slevytam --------------------------------------------------------------------------- DOVECOT: # 2.0.beta6 (3156315704ef): /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-71.29.1.el6.x86_64 x86_64 CentOS Linux release 6.0 (Final) auth_debug = yes auth_verbose = yes mail_location = maildir:~/Maildir mbox_write_locks = fcntl passdb { args = username_format=%u /etc/dovecot/passwd driver = passwd-file } protocols = imap lmtp service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0600 user = postfix } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } ssl_cert = References: <36124.99.249.115.73.1313958244.squirrel@www.the10thfloor.com> Message-ID: <1313961469.11702.2.camel@coldwell> I believe you need permission 660 on private/auth. On Sun, 2011-08-21 at 20:24 +0000, research at the10thfloor.com wrote: > Hi, > > I'm trying to configure a new server with dovecot 2.0 and postfix 2.6.6. > My previous servers have all been dovecot 1.x. Trying to port over my > previous configurations has been a real headache. > > Currently, I'm getting the following errors when trying to connect with: > openssl s_client -starttls smtp -connect localhost:25 > > Aug 21 19:08:46 localhost postfix/smtpd[26252]: connect from localhost[::1] > Aug 21 19:08:46 localhost postfix/smtpd[26252]: warning: SASL: Connect to > private/auth failed: Permission denied > Aug 21 19:08:46 localhost postfix/smtpd[26252]: fatal: no SASL > authentication mechanisms > Aug 21 19:08:47 localhost postfix/master[26226]: warning: process > /usr/libexec/postfix/smtpd pid 26252 exit status 1 > Aug 21 19:08:47 localhost postfix/master[26226]: warning: > /usr/libexec/postfix/smtpd: bad command startup -- throttling > > If someone could help me out I'd really appreciate it. My Dovecot and > Postfix configuration changes are below... > > Thanks, > > slevytam > > --------------------------------------------------------------------------- > > DOVECOT: > # 2.0.beta6 (3156315704ef): /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-71.29.1.el6.x86_64 x86_64 CentOS Linux release 6.0 (Final) > auth_debug = yes > auth_verbose = yes > mail_location = maildir:~/Maildir > mbox_write_locks = fcntl > passdb { > args = username_format=%u /etc/dovecot/passwd > driver = passwd-file > } > protocols = imap lmtp > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0600 > user = postfix > } > } > service imap-login { > inet_listener imap { > port = 143 > } > inet_listener imaps { > port = 993 > ssl = yes > } > } > ssl_cert = ssl_cipher_list = ALL:!LOW:!SSLv2 > ssl_key = userdb { > args = username_format=%u /etc/dovecot/passwd > driver = passwd-file > } > verbose_proctitle = yes > verbose_ssl = yes > > > POSTFIX: > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases > broken_sasl_auth_clients = yes > command_directory = /usr/sbin > config_directory = /etc/postfix > daemon_directory = /usr/libexec/postfix > data_directory = /var/lib/postfix > debug_peer_level = 2 > html_directory = no > inet_interfaces = localhost > inet_protocols = all > mail_owner = postfix > mailq_path = /usr/bin/mailq.postfix > manpage_directory = /usr/share/man > mydestination = localhost > mydomain = the10thfloor.com > myhostname = mail.the10thfloor.com > myorigin = $mydomain > newaliases_path = /usr/bin/newaliases.postfix > queue_directory = /var/spool/postfix > readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES > sample_directory = /usr/share/doc/postfix-2.6.6/samples > sendmail_path = /usr/sbin/sendmail.postfix > setgid_group = postdrop > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination > smtpd_sasl_auth_enable = yes > smtpd_sasl_path = private/auth > smtpd_sasl_security_options = noanonymous > smtpd_sasl_type = dovecot > smtpd_tls_auth_only = yes > smtpd_tls_cert_file = /etc/pki/tls/certs/mail_the10thfloor_com.crt > smtpd_tls_key_file = /etc/pki/tls/private/mail_the10thfloor_com-nopass.key > smtpd_tls_security_level = may > soft_bounce = no > tls_random_source = dev:/dev/urandom > unknown_local_recipient_reject_code = 550 > virtual_gid_maps = static:502 > virtual_mailbox_base = /home/vmail/ > virtual_mailbox_domains = the10thfloor.com > virtual_mailbox_maps = hash:/etc/postfix/vmailbox > virtual_uid_maps = static:502 > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From wgillespie at es2eng.com Fri Aug 19 19:36:02 2011 From: wgillespie at es2eng.com (Willie Gillespie) Date: Fri, 19 Aug 2011 10:36:02 -0600 Subject: [Dovecot] ot: iPhone crashed, re-downloading all messages In-Reply-To: <1d823fe9127254a3b79cfc6002db816f.squirrel@sbt.net.au> References: <1d823fe9127254a3b79cfc6002db816f.squirrel@sbt.net.au> Message-ID: <4E4E90F2.7030104@es2eng.com> On 8/19/2011 4:11 AM, voytek at sbt.net.au wrote: > I have a 'problem', after iPhone lockup/reset, iPhone now wanting to > re-download hundreds of messages of Dovecot 1.x server, is there any fix > to reset iPhone counter or ?? I thought the iPhone only grabbed the last 25-200 messages (depending on which setting you chose) and would only get more if you scroll to the bottom and tap "Load More Messages..." From voytek at sbt.net.au Mon Aug 22 02:21:23 2011 From: voytek at sbt.net.au (Voytek) Date: Mon, 22 Aug 2011 10:21:23 +1100 Subject: [Dovecot] ot: iPhone crashed, re-downloading all messages In-Reply-To: <4E4E90F2.7030104@es2eng.com> References: <1d823fe9127254a3b79cfc6002db816f.squirrel@sbt.net.au> <4E4E90F2.7030104@es2eng.com> Message-ID: <968ef2e7378c66d0a5639dff52a4f407.squirrel@sbt.net.au> On Sat, August 20, 2011 3:36 am, Willie Gillespie wrote: > On 8/19/2011 4:11 AM, voytek at sbt.net.au wrote: > >> I have a 'problem', after iPhone lockup/reset, iPhone now wanting to >> re-download hundreds of messages of Dovecot 1.x server, is there any fix >> to reset iPhone counter or ?? > > I thought the iPhone only grabbed the last 25-200 messages (depending on > which setting you chose) and would only get more if you scroll to the > bottom and tap "Load More Messages..." Willie, yes, I think you're right, I think the user kept deleting and pressing 'Load' as it was, I moved all mails to a temp path and told him to call me Monday morning, (and, I need to set 'archivemail' to maintain mailboxes) From mezzo at el-berins.de Mon Aug 22 02:18:52 2011 From: mezzo at el-berins.de (mezzo) Date: Sun, 21 Aug 2011 16:18:52 -0700 (PDT) Subject: [Dovecot] Dovecot Postfix and ssl_require_client_cert Message-ID: <32307666.post@talk.nabble.com> Hi, I have a working mail system with postfix 2.7 and dovecot 1.2.15. I use secure connections for imap and smtp. When I try to use client certificate authorisation I have some problems. As soon as I enable the dovecot feature ssl_require_client_cert I have to present a valid certificate to receive or send email. Receiving emails works fine, but I can not send emails any more. The only way I could get this to work was to disable smtpd_sasl_auth_enable so postfix did not tries to get authorisation from dovecot. This way I can not have sasl authorisation for localnet and client certificate authorisation from extern. The reson seams to be that postfix does not sent the valid-client-cert along with the other parameter that are needed to satisfy the auth-process of dovecot. I found a few threads from 2008 where this problem is discussed but without a final solution. Is there a way to enable ssl_require_client_cert in dovecot and have smtpd_sasl_auth_enable=yes in postfix? Better would be a way to tell dovecot only to use ssl_require_client_cert during the imap autorisation. I did not get it to work. I miss something? Cheers mezzo -- View this message in context: http://old.nabble.com/Dovecot-Postfix-and-ssl_require_client_cert-tp32307666p32307666.html Sent from the Dovecot mailing list archive at Nabble.com. From kzorba at otenet.gr Mon Aug 22 09:10:09 2011 From: kzorba at otenet.gr (Kostas Zorbadelos) Date: Mon, 22 Aug 2011 09:10:09 +0300 Subject: [Dovecot] Dovecot 1.2.16 and Thunderbird 5 - pop3 mails not getting deleted In-Reply-To: References: Message-ID: <4E51F2C1.2080901@otenet.gr> On 08/06/2011 01:32 AM, Ian Evans wrote: > I run a Dovecot 1.2.16 pop3 server and have just started using the > Thunderbird 5 email client. > > Thunderbird is set to leave the messages on the server unless they are > over 91 days old. However, I'm not seeing it delete any of the older > messages. > > I'll run a debug run of Thunderbird when I get back home, but I'm just > wondering if there's any gotcha's I should be aware of with > Thunderbird and Dovecot in a pop3 environment. The Thunderbird folks > are wondering if it's the server not the client. > > Thanks. Perhaps this is related to this bug I posted: http://www.dovecot.org/list/dovecot/2011-August/060461.html We still have no fix or confirmation from the developers. A workaround is to disable creation of indexes. From noel.butler at ausics.net Mon Aug 22 10:01:18 2011 From: noel.butler at ausics.net (Noel Butler) Date: Mon, 22 Aug 2011 17:01:18 +1000 Subject: [Dovecot] Dovecot 1.2.16 and Thunderbird 5 - pop3 mails not getting deleted In-Reply-To: <4E51F2C1.2080901@otenet.gr> References: <4E51F2C1.2080901@otenet.gr> Message-ID: <1313996478.19974.10.camel@tardis> On Mon, 2011-08-22 at 09:10 +0300, Kostas Zorbadelos wrote: > On 08/06/2011 01:32 AM, Ian Evans wrote: > > I run a Dovecot 1.2.16 pop3 server and have just started using the > > Thunderbird 5 email client. > > > > Thunderbird is set to leave the messages on the server unless they are > > over 91 days old. However, I'm not seeing it delete any of the older > > messages. > > > > I'll run a debug run of Thunderbird when I get back home, but I'm just > > wondering if there's any gotcha's I should be aware of with > > Thunderbird and Dovecot in a pop3 environment. The Thunderbird folks > > are wondering if it's the server not the client. > > if thunderbird follows the same principles of every other pop3 client out there maybe it would delete them, pop3d only does what it is asked to do, it can not be the server if just one single other client that follows relevant RFC's works Many people have always had gripes with thunderbird not doing this or that, there's always something, tell your clients to use a compliant client, or webmail. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From a.smith at ukgrid.net Mon Aug 22 14:22:55 2011 From: a.smith at ukgrid.net (a.smith at ukgrid.net) Date: Mon, 22 Aug 2011 12:22:55 +0100 Subject: [Dovecot] LDA and auth-userdb socket permissions Message-ID: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> Hi, just wanted to check this as the wiki seems to have contradictory information. With respect to running the LDA as multiple UIDs the wiki says: [QUOTE]If you're using more than one UID for users, you're going to have problems running dovecot-lda, as most MTAs won't let you run dovecot-lda as root[/QUOTE] But in the example for the config file the text reads: [QUOTE] service auth { unix_listener auth-userdb { mode = 0600 user = vmail # User running dovecot-lda #group = vmail # Or alternatively mode 0660 + dovecot-lda user in this group } } [/QUOTE] So it says you can stick the LDA user just in the (vmail or whatever) group and that is enough. So you aren't restricted to a single UID for access anymore... I tested this and the later did not work, that is if I put my LDA user in the group for the auth-userdb socket with permissions 0660 I got an error back from dovecot saying that the owner was incorrect. So, as it stands I guess the bit about setting group should be removed from the wiki? Secondly, why doesn't this currently work? Why is the owner all important? thanks Andy. From CMarcus at Media-Brokers.com Mon Aug 22 14:32:27 2011 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Mon, 22 Aug 2011 07:32:27 -0400 Subject: [Dovecot] Help With 'No SASL Authentication Mechanisms' Error In-Reply-To: <36124.99.249.115.73.1313958244.squirrel@www.the10thfloor.com> References: <36124.99.249.115.73.1313958244.squirrel@www.the10thfloor.com> Message-ID: <4E523E4B.8010404@Media-Brokers.com> On 2011-08-21 4:24 PM, research at the10thfloor.com wrote: > DOVECOT: > # 2.0.beta6 (3156315704ef): /etc/dovecot/dovecot.conf UPGRADE. -- Best regards, Charles From holdenhao at gmail.com Mon Aug 22 18:39:30 2011 From: holdenhao at gmail.com (Holden Hao) Date: Mon, 22 Aug 2011 23:39:30 +0800 Subject: [Dovecot] Duplicate Email with Dovecot Sieve In-Reply-To: References: <4E4CC11C.5050307@rename-it.nl> Message-ID: > > General Qmail log: > > @400000004e4d1d7b2965966c info msg 1337024: bytes 2257 from < > testuser at gmail.com> qp 15984 uid 113 > @400000004e4d1d7b2965a60c starting delivery 62510: msg 1337024 to local > user at xxxxxx.org > @400000004e4d1d7b2965b5ac status: local 1/10 remote 0/100 > @400000004e4d1d7b390469a4 delivery 62510: success: did_1+0+1/ > @400000004e4d1d7b3905119c status: local 0/10 remote 0/100 > @400000004e4d1d7b39058ab4 end msg 1337024 > Upon reading up on understanding qmail logs, I found out that the did_1+0+1 in my logs means that Qmail was successful in delivering to Maildir (first 1) and also it was able to pass the email to an external program (last 1; in this case Dovecot's deliver). So I guess that is why I am getting 2 emails. However, I do not know why qmail still delivered to Maildir when it should have passed on the delivery to Dovecots deliver program. As I understand it the correct delivery should log did_0+0+1 which means that qmail handed the email to an external program successfully and did not deliver the email to Maildir itself. Is this what is to be expected? Thank you for some pointers. Holden From stephan at rename-it.nl Mon Aug 22 19:15:46 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Mon, 22 Aug 2011 09:15:46 -0700 Subject: [Dovecot] Duplicate Email with Dovecot Sieve In-Reply-To: References: <4E4CC11C.5050307@rename-it.nl> Message-ID: <4E5280B2.8040408@rename-it.nl> On 8/22/2011 8:39 AM, Holden Hao wrote: > Upon reading up on understanding qmail logs, I found out that the > did_1+0+1 in my logs means that Qmail was successful in delivering to > Maildir (first 1) and also it was able to pass the email to an > external program (last 1; in this case Dovecot's deliver). So I guess > that is why I am getting 2 emails. However, I do not know why qmail > still delivered to Maildir when it should have passed on the delivery > to Dovecots deliver program. As I understand it the correct delivery > should log did_0+0+1 which means that qmail handed the email to an > external program successfully and did not deliver the email to Maildir > itself. Is this what is to be expected? Thank you for some pointers. > Holden As I suspected, this is an MTA issue. Apparently, you have two parallel local delivery transports configured. I have no idea how this is configured in Qmail and what exactly you may have done wrong. Although other people on this list probably do have knowledge of Qmail configuration, MTA-related questions are mostly off-topic, so you may not get an answer here. I suggest you contact the guys at qmail. Regards, Stephan. From holdenhao at gmail.com Mon Aug 22 19:23:13 2011 From: holdenhao at gmail.com (Holden Hao) Date: Tue, 23 Aug 2011 00:23:13 +0800 Subject: [Dovecot] Duplicate Email with Dovecot Sieve In-Reply-To: <4E5280B2.8040408@rename-it.nl> References: <4E4CC11C.5050307@rename-it.nl> <4E5280B2.8040408@rename-it.nl> Message-ID: > > >> As I suspected, this is an MTA issue. Apparently, you have two parallel > local delivery transports configured. I have no idea how this is configured > in Qmail and what exactly you may have done wrong. > > Although other people on this list probably do have knowledge of Qmail > configuration, MTA-related questions are mostly off-topic, so you may not > get an answer here. I suggest you contact the guys at qmail. > Thank you very much for your reply. I have also sent an email to the Qmail list. I will report back if I resolve this issue. Regards, Holden From dmiller at amfes.com Mon Aug 22 21:06:48 2011 From: dmiller at amfes.com (Daniel L. Miller) Date: Mon, 22 Aug 2011 11:06:48 -0700 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4EA20D.6090404@rollernet.us> References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4EA20D.6090404@rollernet.us> Message-ID: On 8/19/2011 10:49 AM, Seth Mattinen wrote: > On 8/17/11 7:42 AM, Adrian Ulrich wrote: >>> I read that XFS is a good choice, but is not >>> too reliable... >> Are you using Maildir or MBOX? >> >> In any case: XFS would be my last choice: >> >> XFS is nice if you are working with large files (> 2GB), but >> for E-Mail i'd stick with ext3 (or maybe even reiser3) >> as it works very well with small files. >> > I'd have to disagree. This is completely anecdotal, but I originally > deployed ext3 on all of my mail servers (Dovecot maildir) and spools > (Postfix) until they started exhibiting loading issues when busy. > Reformatting into XFS resolved the problem with no other changes. I > didn't have time to do any comparisons or gather statistics since it was > an emergency situation and this was before ext4, but XFS has performed > flawlessly for me. > > ~Seth > +1. :) -- Daniel From lm7812 at gmail.com Tue Aug 23 01:42:01 2011 From: lm7812 at gmail.com (Matt) Date: Mon, 22 Aug 2011 17:42:01 -0500 Subject: [Dovecot] Large Mailbox Slow Message-ID: Doubt if there is any answer to this but will ask anyway. Have a few pop3 accounts with thousands of messages. Its slow when checking email naturally. Are there any tweaks to speed it up? I imagine there is an exchange of the message and header list which is the slow down. Too bad the list could not be compressed with gzip or something first. I think http has an option similar to that. Just asking. From pw at wk-serv.de Tue Aug 23 02:03:22 2011 From: pw at wk-serv.de (Patrick Westenberg) Date: Tue, 23 Aug 2011 01:03:22 +0200 Subject: [Dovecot] Default and per-User sieve script Message-ID: <4E52E03A.9070706@wk-serv.de> Hi guys, is there any way to configure Dovecot to process the default sieve script and, after that, a user specific script? I have a default script to sort spam into a spam folder but if a user specific script is present, the default script is ignored. sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_global_path = /usr/local/etc/dovecot/sieve/default.sieve Regards Patrick From lm7812 at gmail.com Tue Aug 23 02:10:06 2011 From: lm7812 at gmail.com (Matt) Date: Mon, 22 Aug 2011 18:10:06 -0500 Subject: [Dovecot] Large Mailbox Slow In-Reply-To: References: Message-ID: > Doubt if there is any answer to this but will ask anyway. ?Have a few > pop3 accounts with thousands of messages. ?Its slow when checking > email naturally. ?Are there any tweaks to speed it up? ?I imagine > there is an exchange of the message and header list which is the slow > down. ?Too bad the list could not be compressed with gzip or something > first. ?I think http has an option similar to that. > > Just asking. > I am running Maildir format on CentOS 5.x 64bit with Ext3 on raid1. Often wander if Ext4 would have been better. From gfinch at ldmltd.ca Tue Aug 23 02:25:26 2011 From: gfinch at ldmltd.ca (Gregory Finch) Date: Mon, 22 Aug 2011 16:25:26 -0700 Subject: [Dovecot] Default and per-User sieve script In-Reply-To: <4E52E03A.9070706@wk-serv.de> References: <4E52E03A.9070706@wk-serv.de> Message-ID: <4E52E566.3080702@ldmltd.ca> On 2011-08-22 4:03 PM, Patrick Westenberg wrote: > Hi guys, > > is there any way to configure Dovecot to process the default sieve > script and, after that, a user specific script? > > I have a default script to sort spam into a spam folder but if a > user specific script is present, the default script is ignored. > > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > sieve_global_path = /usr/local/etc/dovecot/sieve/default.sieve > > Regards > Patrick http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration see sieve_before= in the Executing Multiple Scripts Sequentially section. -Greg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 260 bytes Desc: OpenPGP digital signature URL: From wgillespie+dovecot at es2eng.com Tue Aug 23 02:29:31 2011 From: wgillespie+dovecot at es2eng.com (Willie Gillespie) Date: Mon, 22 Aug 2011 17:29:31 -0600 Subject: [Dovecot] Disconnected: Too many invalid IMAP commands In-Reply-To: <20110820232521.GB1896@magic.hamla.org> References: <1313876305.95659.YahooMailNeo@web39405.mail.mud.yahoo.com> <20110820232521.GB1896@magic.hamla.org> Message-ID: <4E52E65B.2020100@es2eng.com> On 08/20/2011 05:25 PM, Sahil Tandon wrote: > On Sat, 2011-08-20 at 14:38:25 -0700, Steve Fatula wrote: > >> I see lots of these messages in the log file for one machine and >> account. Near as I can tell, the client still works (it's mine), but, >> the messages concern me. >> >> Is there some known issue with Apple mail, or, if not, how to capture >> the information needed to debug? > > Use tcpdump to packet capture the problematic session. Or Dovecot's rawlog. From patrickdk at patrickdk.com Tue Aug 23 02:47:42 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Mon, 22 Aug 2011 19:47:42 -0400 Subject: [Dovecot] Large Mailbox Slow In-Reply-To: References: Message-ID: <20110822194742.Horde.Ghs5C5LnE6FOUuqeZvVwVNA@mail.patrickdk.com> Only thing that comes to my mind is to use shorter uidl's to id each email, not sure what method your using now. I would seriously consider just changing it to use imap instead, then you can be notified if there is a new email, instead of downloading the list each time. Quoting Matt : >> Doubt if there is any answer to this but will ask anyway. ?Have a few >> pop3 accounts with thousands of messages. ?Its slow when checking >> email naturally. ?Are there any tweaks to speed it up? ?I imagine >> there is an exchange of the message and header list which is the slow >> down. ?Too bad the list could not be compressed with gzip or something >> first. ?I think http has an option similar to that. >> >> Just asking. >> > > I am running Maildir format on CentOS 5.x 64bit with Ext3 on raid1. > Often wander if Ext4 would have been better. From tss at iki.fi Tue Aug 23 05:40:59 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 05:40:59 +0300 Subject: [Dovecot] Update indexes with dovecot 1.1 In-Reply-To: <4E4E2931.9020303@um.es> References: <4E4E2931.9020303@um.es> Message-ID: On 19.8.2011, at 12.13, Angel L. Mateo wrote: > I have a farm of dovecot 1.1 servers (debian lenny). Mailboxes are in Maildir format. > > Is there any way to manually update indexes? v2.0 has "doveadm index" command to do this. There's no other good way to do this. > Does it worth? I mean... Our problem is that mail is delivered via dovecot lda, but, because we have a farm of servers, we don't guarantee that mail is delivered through the same server that the user is using for his imap connection, so the imap server could have this index unupdated. So I want to force an update (or at least nearly updated) in order to have the index updated in all servers at the time the user get to work. Doing it via IMAP won't guarantee that everything the user's client needs is indexed/cached. Different clients need different things, Dovecot only indexes stuff that client requests. You'd have to look up from index files what the client wants indexed and then perform IMAP commands requesting those fields. Even the act of doing this may mess up caching decisions, because user may have changed client and now it's indexing unnecessary fields. (Actually now that I think of it, doveadm index has this same problem. Have to get that fixed.) With v2.0 you could if you use Dovecot proxy (or director) you can also proxy doveadm connections through it, so a "doveadm index" would always go to the correct server. http://wiki2.dovecot.org/Director at the bottom has some info how to set this up (works also with plain proxy, without director). From amateo at um.es Tue Aug 23 09:52:17 2011 From: amateo at um.es (Angel L. Mateo) Date: Tue, 23 Aug 2011 08:52:17 +0200 Subject: [Dovecot] Update indexes with dovecot 1.1 In-Reply-To: References: <4E4E2931.9020303@um.es> Message-ID: <4E534E21.20802@um.es> El 23/08/11 04:40, Timo Sirainen escribi?: > On 19.8.2011, at 12.13, Angel L. Mateo wrote: > >> I have a farm of dovecot 1.1 servers (debian lenny). Mailboxes are in Maildir format. >> >> Is there any way to manually update indexes? > > v2.0 has "doveadm index" command to do this. There's no other good way to do this. > >> Does it worth? I mean... Our problem is that mail is delivered via dovecot lda, but, because we have a farm of servers, we don't guarantee that mail is delivered through the same server that the user is using for his imap connection, so the imap server could have this index unupdated. So I want to force an update (or at least nearly updated) in order to have the index updated in all servers at the time the user get to work. > > Doing it via IMAP won't guarantee that everything the user's client needs is indexed/cached. Different clients need different things, Dovecot only indexes stuff that client requests. You'd have to look up from index files what the client wants indexed and then perform IMAP commands requesting those fields. Even the act of doing this may mess up caching decisions, because user may have changed client and now it's indexing unnecessary fields. (Actually now that I think of it, doveadm index has this same problem. Have to get that fixed.) > > With v2.0 you could if you use Dovecot proxy (or director) you can also proxy doveadm connections through it, so a "doveadm index" would always go to the correct server. http://wiki2.dovecot.org/Director at the bottom has some info how to set this up (works also with plain proxy, without director). > I'm trying this configuration in a test environment, but we are having lot of problems with director. The main problem is with director and LMTP, because it produces a lot timeout of errors (I have previouslly posted about these problems) OK. So my question is, does it worth? Our scenario is 8 POP/IMAP servers with almost 70000 users (not all of them are really active), about 8.5 TB in use, with mailboxes in Maildir format over NFS. Our main problem with this is at return of vacations periods (like the one we'll have next 9/1). Our hypothesis is that the first connection of the user is expensive, because he has a lot of unindexed messages in his mailbox. Supposing that doveadm index indexes the mailbox correctly, does it helps to solve our problem? -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From yaegashi at debian.org Tue Aug 23 10:52:15 2011 From: yaegashi at debian.org (YAEGASHI Takeshi) Date: Tue, 23 Aug 2011 16:52:15 +0900 Subject: [Dovecot] acl with hierarchy separators mismatched config Message-ID: <4E535C2F.7080605@debian.org> Hi there, I'm testing dovecot 2.0.13 on Debian squeeze (deb from http://xi.rename-it.nl/debian) with the following doveconf -n. -------- # 2.0.13 (1449a2e2c1f5): /etc/dovecot/dovecot.conf # OS: Linux 2.6.26-2-openvz-amd64 i686 Debian 6.0.2 first_valid_uid = 8 mail_debug = yes mail_location = maildir:~/Maildir mail_plugins = listescape mail_log notify acl namespace { inbox = yes location = prefix = separator = / type = private } namespace { list = children location = maildir:/var/mail/public:INDEX=~/Maildir/public prefix = Public/ separator = / subscriptions = no type = public } passdb { driver = pam } plugin { acl = vfile } protocols = " imap" ssl = no userdb { args = uid=mail gid=mail home=/var/mail/private/%u driver = static } protocol imap { mail_plugins = listescape mail_log notify acl imap_acl } -------- My primary interest is acl and listescape enabled folders in the public namespace. I've chosen "/" as the hierarchy separator to support folder names with dots ("."). /var/mail/public is a maildir with the maildir++ layout where the separator is a dot ("."). So I set up intial acls and folders as follows: -------- # mkdir /var/mail/public # echo 'anyone lra' >/var/mail/public/dovecot-acl # maildirmake.dovecot /var/mail/public/.aaa # echo 'anyone lrwstipekxa' >/var/mail/public/.aaa/dovecot-acl # chown -R mail.mail /var/mail/public -------- But my attempt to create a mailbox under Public/aaa fails with "Permission denied". -------- # imtest -a yaegashi localhost S: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. C: C01 CAPABILITY S: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN S: C01 OK Pre-login capabilities listed, post-login capabilities have more. Please enter your password: C: A01 AUTHENTICATE PLAIN ?????????????????/ S: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL RIGHTS=texk S: A01 OK Logged in Authenticated. Security strength factor: 0 . getacl Public * ACL "Public" "anyone" alr . OK Getacl completed. . getacl Public/aaa * ACL "Public/aaa" "anyone" akxeilprwtscd . OK Getacl completed. . create Public/aaa/bbb . NO [NOPERM] Permission denied -------- If the layout of /var/mail/public switched to "fs" where the separator is "/", mailbox creation succeeds as expected. -------- namespace { list = children location = maildir:/var/mail/public:INDEX=~/Maildir/public:LAYOUT=fs prefix = Public/ separator = / subscriptions = no type = public } -------- -------- # maildirmake.dovecot /var/mail/public/aaa # echo 'anyone lrwstipekxa' >/var/mail/public/aaa/dovecot-acl # chown -R mail.mail /var/mail/public # imtest -a yaegashi localhost .... . getacl Public * ACL "Public" "anyone" alr . OK Getacl completed. . getacl Public/aaa * ACL "Public/aaa" "anyone" akxeilprwtscd . OK Getacl completed. . create Public/aaa/bbb . OK Create completed. . getacl Public/aaa/bbb * ACL "Public/aaa/bbb" "anyone" akxeilprwtscd . OK Getacl completed. . create Public/aaa/1.2.3 . OK Create completed. . create Public/aaa/cur . NO Invalid mailbox name: Public/aaa/cur -------- Is this behavior expected? Misconfiguration or dovecot bug? I prefer the maildir++ layout with listescape as it's reserved-folder-name free (eg. cur new tmp). Regards, -- YAEGASHI Takeshi From tss at iki.fi Tue Aug 23 18:32:42 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 18:32:42 +0300 Subject: [Dovecot] Update indexes with dovecot 1.1 In-Reply-To: <4E534E21.20802@um.es> References: <4E4E2931.9020303@um.es> <4E534E21.20802@um.es> Message-ID: <469BC6D8-A7A3-4216-985B-A32049A6DCCD@iki.fi> On 23.8.2011, at 9.52, Angel L. Mateo wrote: >> With v2.0 you could if you use Dovecot proxy (or director) you can also proxy doveadm connections through it, so a "doveadm index" would always go to the correct server. http://wiki2.dovecot.org/Director at the bottom has some info how to set this up (works also with plain proxy, without director). > I'm trying this configuration in a test environment, but we are having lot of problems with director. The main problem is with director and LMTP, because it produces a lot timeout of errors (I have previouslly posted about these problems) Yes, I should look into the LMTP proxy problems.. Those are kind of difficult to debug though since I've never been able to reproduce them. In any case, you could initially move to v2.0 + director without LMTP (i.e. deliver to Maildir directly, then run the doveadm index). > OK. So my question is, does it worth? Our scenario is 8 POP/IMAP servers with almost 70000 users (not all of them are really active), about 8.5 TB in use, with mailboxes in Maildir format over NFS. Our main problem with this is at return of vacations periods (like the one we'll have next 9/1). Our hypothesis is that the first connection of the user is expensive, because he has a lot of unindexed messages in his mailbox. Supposing that doveadm index indexes the mailbox correctly, does it helps to solve our problem? Yes, if there's a ton of people returning at the same time it'll create a load spike. It's at least partially because mails aren't indexed, so Dovecot has to first read the message headers (and maybe bodies) to produce the initial message list, and afterwards when user actually reads/downloads the message bodies they're re-read from disk, unless the OS still has them cached. So this kind of preindexing would definitely reduce the CPU load during the spike, but I'm not entirely sure about disk load because of the OS caching (10-50% decrease?). I'd be really interested in seeing actual numbers some day. :) From tss at iki.fi Tue Aug 23 18:39:55 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 18:39:55 +0300 Subject: [Dovecot] acl with hierarchy separators mismatched config In-Reply-To: <4E535C2F.7080605@debian.org> References: <4E535C2F.7080605@debian.org> Message-ID: <0DB68F7E-4FAC-4D83-9BC5-1E991FF65B03@iki.fi> On 23.8.2011, at 10.52, YAEGASHI Takeshi wrote: > I prefer the maildir++ layout with listescape as it's reserved-folder-name free (eg. cur new tmp). I remember listescape had problems with ACLs, and that it wasn't really possible to solve those bugs without major changes. The good news though is that those major changes are done in v2.1 where it should work. Also you could make FS layout almost reserved-folder-name free by adding e.g. :DIRNAME=Mails to your mail_location. Now the only reserved name is "Mails", and you can of course use any other name that users are highly unlikely to use (and remember that folder names are case sensitive). Some day I'm hoping to add yet another option that mailbox names wouldn't be used in filenames at all, but rather their GUIDs. From tss at iki.fi Tue Aug 23 18:44:30 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 18:44:30 +0300 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> Message-ID: <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> On 22.8.2011, at 14.22, a.smith at ukgrid.net wrote: > just wanted to check this as the wiki seems to have contradictory information. With respect to running the LDA as multiple UIDs the wiki says: > > [QUOTE]If you're using more than one UID for users, you're going to have problems running dovecot-lda, as most MTAs won't let you run dovecot-lda as root[/QUOTE] Yep, that's a problem. > But in the example for the config file the text reads: > > [QUOTE] > service auth { > unix_listener auth-userdb { > mode = 0600 > user = vmail # User running dovecot-lda > #group = vmail # Or alternatively mode 0660 + dovecot-lda user in this group > } > } > [/QUOTE] Now you've gone outside the "Multiple UIDs" section in the wiki. There are the 3 different sections of how to run dovecot-lda a different way: * with a lookup * without a lookup * multiple UIDs None of their documentation is compatible with each others. From tss at iki.fi Tue Aug 23 18:46:59 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 18:46:59 +0300 Subject: [Dovecot] Dovecot Postfix and ssl_require_client_cert In-Reply-To: <32307666.post@talk.nabble.com> References: <32307666.post@talk.nabble.com> Message-ID: On 22.8.2011, at 2.18, mezzo wrote: > I have a working mail system with postfix 2.7 and dovecot 1.2.15. .. > Is there a way to enable ssl_require_client_cert in dovecot and have > smtpd_sasl_auth_enable=yes in postfix? Better would be a way to tell dovecot > only to use ssl_require_client_cert during the imap autorisation. With v1.2 you'd have to run two separate Dovecot installations with different configs. With v2.0 you should be able to do: protocol !smtp { ssl_require_client_cert = yes } From thomas-lists at nybeta.com Tue Aug 23 18:50:03 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Tue, 23 Aug 2011 11:50:03 -0400 Subject: [Dovecot] Large Mailbox Slow In-Reply-To: References: Message-ID: <4E53CC2B.5070503@nybeta.com> On 8/22/2011 6:42 PM, Matt wrote: > Doubt if there is any answer to this but will ask anyway. Have a few > pop3 accounts with thousands of messages. Its slow when checking > email naturally. Are there any tweaks to speed it up? I imagine > there is an exchange of the message and header list which is the slow > down. Too bad the list could not be compressed with gzip or something > first. I think http has an option similar to that. > > Just asking. IMAP is a far better choice if you want to leave messages up on the server. (XFS or ext4 plus using Maildir storage format on the server can also be a big help. But unless you have evidence that the disks are buried or the server's CPU is busy, those changes may not help at all. A good and quick tool on Linux servers to monitor that is "atop".) From tss at iki.fi Tue Aug 23 18:51:42 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 18:51:42 +0300 Subject: [Dovecot] dovecot deadlock with procmail In-Reply-To: References: Message-ID: <24B1841D-393F-4B2F-9F15-7BF177C47268@iki.fi> On 19.8.2011, at 13.37, kunal verma wrote: > I m using dovecot 1.0.7. I m having problems in mail delivery to my mail > server locally. > When a user sends a mail few mails are in mail Q for longer period of time. > The local delivery agent(*procmail*) is trying to deliver the mail at > regular interval but it is unable to deliver. > But as soon as I *restart* *dovecot* the mails in the Q are delivered > immediately. > I suspect it is because of locking of *mbox* file of users by dovecot. Dovecot locks the mbox files only as long as it needs to. For IMAP commands it's locked only during those IMAP commands. For POP3 it's locked when the first message is read and kept until POP3 client disconnects (this is what POP3 clients are supposed to do). With v1.2 POP3 sessions also unlock the mbox after idling for 10 seconds. There might have also been some bugs related to this.. You could try if upgrading Dovecot to v1.2 or newer helps. > How to overcome this problem as mails are some mails are taking hours to be > delivered?? > please let me know the solution. The only guaranteed solution would be to not use mbox. From thomas-lists at nybeta.com Tue Aug 23 18:57:36 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Tue, 23 Aug 2011 11:57:36 -0400 Subject: [Dovecot] Default and per-User sieve script In-Reply-To: <4E52E03A.9070706@wk-serv.de> References: <4E52E03A.9070706@wk-serv.de> Message-ID: <4E53CDF0.9050808@nybeta.com> On 8/22/2011 7:03 PM, Patrick Westenberg wrote: > Hi guys, > > is there any way to configure Dovecot to process the default sieve > script and, after that, a user specific script? > > I have a default script to sort spam into a spam folder but if a > user specific script is present, the default script is ignored. > > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > sieve_global_path = /usr/local/etc/dovecot/sieve/default.sieve > sieve_before and sieve_after I keep our global default script in /etc/dovecot/sieve/global, any scripts that run first go in /etc/dovecot/sieve/before and the post-user scripts go in /etc/dovecot/sieve/after. I tend to put most scripts in the "after" folder with only a tiny handful of ultra-specific scripts that must run for every user in the "before" folder. Scripts in the "after" folder can then be easily overridden by the user in their per-user scripts if they don't like how things are working. From a.smith at ukgrid.net Tue Aug 23 19:10:43 2011 From: a.smith at ukgrid.net (a.smith at ukgrid.net) Date: Tue, 23 Aug 2011 17:10:43 +0100 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> Message-ID: <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> Quoting Timo Sirainen : >> But in the example for the config file the text reads: >> >> [QUOTE] >> service auth { >> unix_listener auth-userdb { >> mode = 0600 >> user = vmail # User running dovecot-lda >> #group = vmail # Or alternatively mode 0660 + dovecot-lda user >> in this group >> } >> } >> [/QUOTE] > > Now you've gone outside the "Multiple UIDs" section in the wiki. > There are the 3 different sections of how to run dovecot-lda a > different way: > > * with a lookup > * without a lookup > * multiple UIDs > > None of their documentation is compatible with each others. Ok, I must be misunderstanding. I understand that the multiple UIDs limitation relates to the fact that access to the auth-userdb socket is restricted, is that incorrect? Following that forward, where the example shows that you can set group access to the socket and change permissions to 0660 I took to mean you can now have multiple users so long as they are in the correct group (ie vmail). Which contradicts the statement that you cannot work with multiple UIDs. Can you put that straight if I got it wrong? thanks in advance, Andy. From tss at iki.fi Tue Aug 23 19:19:22 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 19:19:22 +0300 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> Message-ID: <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> On 23.8.2011, at 19.10, a.smith at ukgrid.net wrote: >> Now you've gone outside the "Multiple UIDs" section in the wiki. There are the 3 different sections of how to run dovecot-lda a different way: >> >> * with a lookup >> * without a lookup >> * multiple UIDs >> >> None of their documentation is compatible with each others. > > Ok, I must be misunderstanding. I understand that the multiple UIDs limitation relates to the fact that access to the auth-userdb socket is restricted, is that incorrect? No, that's the least of its troubles. If you can't run dovecot-lda as root, it won't be able to change its UID to the user's UID (and so won't have enough permissions to be able to write mails to user's mailbox). So you need to run dovecot-lda as root in some way, and after that it becomes pretty much irrelevant what auth-userdb's permissions are. From a.smith at ukgrid.net Tue Aug 23 19:37:08 2011 From: a.smith at ukgrid.net (a.smith at ukgrid.net) Date: Tue, 23 Aug 2011 17:37:08 +0100 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> Message-ID: <20110823173708.25235temcjts5e88@webmail2.ukgrid.net> Quoting Timo Sirainen : > > No, that's the least of its troubles. If you can't run dovecot-lda > as root, it won't be able to change its UID to the user's UID (and > so won't have enough permissions to be able to write mails to user's > mailbox). So you need to run dovecot-lda as root in some way, and > after that it becomes pretty much irrelevant what auth-userdb's > permissions are. > Hmmm, well in my setup dovecot-lda is called from Exim with "user=" set to a MySQL query. I'd guess that that means Exim runs dovecot-lda as the user directly so I don't have the issue you mention above. But where the permission on the auth-userdb socket are root:vmail 0660, the dovecot-lda is called as vmail and the vmail user is a member of the vmail group I get the error: Aug 11 03:38:06 lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied (euid=25110(vmail) egid=25110(vmail) missing +r perm: /var/run/dovecot/auth-userdb, euid is not dir owner) In the dovecot log when dovecot-lda is called. Hence I thought the socket permissions where related to the multiple UID restriction... thanks Andy. From tss at iki.fi Tue Aug 23 19:43:56 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 19:43:56 +0300 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <20110823173708.25235temcjts5e88@webmail2.ukgrid.net> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> <20110823173708.25235temcjts5e88@webmail2.ukgrid.net> Message-ID: <0720326B-36C7-4CF6-8314-FB9AEAC1B216@iki.fi> On 23.8.2011, at 19.37, a.smith at ukgrid.net wrote: >> No, that's the least of its troubles. If you can't run dovecot-lda as root, it won't be able to change its UID to the user's UID (and so won't have enough permissions to be able to write mails to user's mailbox). So you need to run dovecot-lda as root in some way, and after that it becomes pretty much irrelevant what auth-userdb's permissions are. >> > > Hmmm, well in my setup dovecot-lda is called from Exim with "user=" set to a MySQL query. Are you sure you even need Dovecot to do a userdb lookup then? If Exim can set up also the other needed things (home dir?) it shouldn't be necessary. > I'd guess that that means Exim runs dovecot-lda as the user directly so I don't have the issue you mention above. But where the permission on the auth-userdb socket are root:vmail 0660, the dovecot-lda is called as vmail and the vmail user is a member of the vmail group I get the error: > > Aug 11 03:38:06 lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied (euid=25110(vmail) egid=25110(vmail) missing +r perm: /var/run/dovecot/auth-userdb, euid is not dir owner) Hmm. So if dovecot-lda is running as vmail group and /var/run/dovecot/auth-userdb has group=vmail and 0660 permissions, this error shouldn' t happen. Check two things: 1) ls -ln /var/run/dovecot/auth-userdb actually shows group as 25110 and mode being 0660 2) If you've any SELinux or app-armor stuff enabled, try disabling them From tss at iki.fi Tue Aug 23 20:44:47 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 20:44:47 +0300 Subject: [Dovecot] Segmentation fault in dovecot director lmtp service In-Reply-To: <20110817114228.2705AA0D2@mx04.metaways.net> References: <20110817114228.2705AA0D2@mx04.metaways.net> Message-ID: <1314121487.10421.1312.camel@hurina> On Wed, 2011-08-17 at 11:42 +0000, Reinhard Vicinus wrote: > Hi, > > > the lmtp service of our dovecot director installation quits with a > segmentation fault if a lot of mails are simultaneously delivered. > For example if the postfix mailqueue is filled (for whatever reason) > and postqueue -f is run the lmtp service quits with a segmentation > fault: It probably means that the remote LMTP server disconnected the client for whatever reason. http://hg.dovecot.org/dovecot-2.0/rev/2f988e370a41 should help. From tss at iki.fi Tue Aug 23 20:47:44 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 20:47:44 +0300 Subject: [Dovecot] signal 11 crash, sometimes, during mbox bz2 decompression In-Reply-To: <201108161100.p7GB0P3R073897@chilled.skew.org> References: <201108161100.p7GB0P3R073897@chilled.skew.org> Message-ID: <1314121664.10421.1314.camel@hurina> On Tue, 2011-08-16 at 05:00 -0600, Mike Brown wrote: > I'm running dovecot 1.2.16 from the ports collection on FreeBSD 8.1-STABLE, > amd64. .. > My compressed mbox files are all .bz2 files in an 'old' subdirectory of my > main mail directory. I am trying to access them with Thunderbird. I > 'subscribed' to them just fine, and at first I thought it was working, but I > just got lucky on the first couple I accessed. Dovecot actually fails to > decompress them about 90% of the time, seemingly at random; the same box will > not work a bunch of times, then work once, then not work again and again. When > it works, sometimes only some of the messages get transmitted. I'm not entirely sure but I kind of remember bzip2 support being at least somewhat broken in v1.x. It's been entirely rewritten in v2.0. > Aug 16 00:25:33 myhost dovecot: dovecot: child 943 (imap) killed with signal 11 (core not dumped - set mail_drop_priv_before_exec=yes) gdb backtrace would show more information about where it crashed: http://dovecot.org/bugreport.html But I don't think there's much point in wasting more time on this before trying if v2.0 has already fixed it. From tss at iki.fi Tue Aug 23 21:01:36 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 21:01:36 +0300 Subject: [Dovecot] dovecot's documentation dearth In-Reply-To: <4E498C14.8070200@psy.miami.edu> References: <4E498C14.8070200@psy.miami.edu> Message-ID: <1314122496.10421.1326.camel@hurina> On Mon, 2011-08-15 at 17:13 -0400, Postmaster wrote: > I'm working on a configuration for 2.0 and I'm finding the documentation > somewhat difficult. I think it would be very helpful to me to have > encountered a single page that detailed all available configuration > sections. I don't know how to find out what the sections are, when to > use them or what specifically they control. So far I've encountered... > > passdb This is same as always: http://wiki2.dovecot.org/PasswordDatabase > plugin Also. Simply settings used by plugins: http://wiki2.dovecot.org/Plugins > service This is a bit tricky one and unfortunately not documented clearly yet. The included example-config/conf.d/10-master.conf has some comments about them though. > protocol A filter for settings inside it to affect only the specified protocol, e.g. protocol imap {} or pop3 or smtp or .. Would have probably been nice to name these filters in a more consistent form (like: filter protocol imap {}) > userdb As before: http://wiki2.dovecot.org/UserDatabase > local_name (and I think there is another one of these for ips) Another filter to apply settings inside it only for the specified hostname/IP address. local_name is mainly about using it for multiple SSL certificates when using TLS SNI. local {} is about any other specific per-IP/network settings. remote {} is similar to local {} except for remote IP/network. I'm not sure where would be a good place to document these.. I suppose I should create a new wiki page about some generic config file syntax things. > The service section itself would benefit from a single page detailing > all of the possible types of service sections available. You can get a list of all default services with "doveconf service", but you can also create your own services. Also e.g. once you install Pigeonhole Sieve you'll get more services. > The next problem I've had is discovering that several parts of dovecot > have no documentation at all even though they are standalone executables > run by root. config, log, and ssl_params all run as root but there is > also anvil These are the services that are run internally by Dovecot. It's part of the same "yeah, would be good to document all services and what they do and what service parameters may and may not be changed for them" but I'm kind of busy.. > and they look to me like they could support listening on a > port if inet_interfaces is defined. Everything supports listening anywhere, but whether it's a good idea is another thing. > Well I guess that would be one solution. The bottom line is that it > gives me an uncomfortableness to not be able to control or explain the > operation of the software I'm supposedly administering. Take the > program named log (which should be named dovecot-log or something less > generic), It shows up as "dovecot/log" in the ps list and exists in libexec/dovecot/log, so I don't think the name is a problem. I considered naming everything dovecot-* but then thought dovecot/* is prettier and doesn't require renaming so many existing binaries from v1.x. > it is launched even though I've specified syslog in the > configuration. Logging is not interrupted when the process is killed. > So, why is it running? What is it doing? Why does it need root? Everything still gets logged through it even if you use syslog. It does a few other small log simplifying things besides just writing to a log file. If you kill it, it's restarted and that's why you don't see logging interruption (some messages might get lost). If you send a SIGSTOP to it the logging should stop and eventually all processes should start blocking on log writes I think. It doesn't need to be root as long as it can do the logging without. From a.smith at ukgrid.net Tue Aug 23 21:27:23 2011 From: a.smith at ukgrid.net (a.smith at ukgrid.net) Date: Tue, 23 Aug 2011 19:27:23 +0100 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <0720326B-36C7-4CF6-8314-FB9AEAC1B216@iki.fi> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> <20110823173708.25235temcjts5e88@webmail2.ukgrid.net> <0720326B-36C7-4CF6-8314-FB9AEAC1B216@iki.fi> Message-ID: <20110823192723.20857dls3diubqko@webmail2.ukgrid.net> Quoting Timo Sirainen : >> Hmmm, well in my setup dovecot-lda is called from Exim with "user=" >> set to a MySQL query. > > Are you sure you even need Dovecot to do a userdb lookup then? If > Exim can set up also the other needed things (home dir?) it > shouldn't be necessary. Yeah, I think I could do that. I followed the setup guide for Exim from the Dovecot wiki and this is the first config I arrived at, which works well apart from this little detail. > > Hmm. So if dovecot-lda is running as vmail group and > /var/run/dovecot/auth-userdb has group=vmail and 0660 permissions, > this error shouldn' t happen. Check two things: > > 1) ls -ln /var/run/dovecot/auth-userdb actually shows group as 25110 > and mode being 0660 srw-rw---- 1 root mailnull 0 Aug 23 19:13 /var/run/dovecot/auth-userdb > > 2) If you've any SELinux or app-armor stuff enabled, try disabling them Im running FreeBSD so no SELinux here. In my test, actually what I have is a vmail user with primary group vmail and secondary group mailnull. Which as mentioned results in this error: Aug 23 19:19:13 lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied (euid=25110(vmail) egid=25110(vmail) missing +r perm: /var/run/dovecot/auth-userdb, euid is not dir owner) It did cross my mind it was a bug, but then I thought the documentation just was wrong on the wiki... From tss at iki.fi Tue Aug 23 21:42:00 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 21:42:00 +0300 Subject: [Dovecot] zlib plugin doesn't read concatenated .gz mailbox In-Reply-To: <20110729170047.GA11833@castle.dion.org.ua> References: <20110729170047.GA11833@castle.dion.org.ua> Message-ID: <1314124920.10421.1327.camel@hurina> On Fri, 2011-07-29 at 20:00 +0300, Dmitry Nezhevenko wrote: > I've observed that dovecot doesn't displays all mails from compressed via > gzip mailbox (mbox). At the same time "mutt -f mailbox.gz" displays it > correctly with all messages. Fixed: http://hg.dovecot.org/dovecot-2.0/rev/35e4a547231c From tss at iki.fi Tue Aug 23 21:52:05 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 21:52:05 +0300 Subject: [Dovecot] dovecot and tcpwrappers In-Reply-To: <201107271539.43111.lemmens_kees@yahoo.co.uk> References: <201107271416.36017.C.W.J.Lemmens@ewi.tudelft.nl> <1311769424.10421.1218.camel@hurina> <201107271512.54139.C.W.J.Lemmens@ewi.tudelft.nl> <201107271539.43111.lemmens_kees@yahoo.co.uk> Message-ID: <1314125525.10421.1329.camel@hurina> On Wed, 2011-07-27 at 15:39 +0200, Kees Lemmens wrote: > I think I sorted it out : I also had to add a service section to > dovecot.conf and I had to change the old "imap-login" settings in > /etc./hosts.allow to be simply "imap" now. .. > Timo : maybe this could be documented a little better ? It took me quite a > while now to figure it all out. Yeah, I've just been too busy.. I added it now to http://wiki2.dovecot.org/LoginProcess > About the "not running from inetd" problem : would it be enough to copy the > modules to the chrooted directory to avoid this connect(imap-login) problem > ? I've removed all the code necessary for running from inetd. It was horribly ugly code and I never liked it. There's not going to be any easy way to add it back. From tss at iki.fi Tue Aug 23 21:53:15 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 21:53:15 +0300 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <20110823192723.20857dls3diubqko@webmail2.ukgrid.net> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> <20110823173708.25235temcjts5e88@webmail2.ukgrid.net> <0720326B-36C7-4CF6-8314-FB9AEAC1B216@iki.fi> <20110823192723.20857dls3diubqko@webmail2.ukgrid.net> Message-ID: <1314125595.10421.1330.camel@hurina> On Tue, 2011-08-23 at 19:27 +0100, a.smith at ukgrid.net wrote: > srw-rw---- 1 root mailnull 0 Aug 23 19:13 /var/run/dovecot/auth-userdb That's not vmail group as you said.. From a.smith at ukgrid.net Tue Aug 23 21:59:04 2011 From: a.smith at ukgrid.net (a.smith at ukgrid.net) Date: Tue, 23 Aug 2011 19:59:04 +0100 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <1314125595.10421.1330.camel@hurina> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> <20110823173708.25235temcjts5e88@webmail2.ukgrid.net> <0720326B-36C7-4CF6-8314-FB9AEAC1B216@iki.fi> <20110823192723.20857dls3diubqko@webmail2.ukgrid.net> <1314125595.10421.1330.camel@hurina> Message-ID: <20110823195904.86516vg9w4fwy1og@webmail2.ukgrid.net> no, I did explain this later in my last email.... Quoting Timo Sirainen : > On Tue, 2011-08-23 at 19:27 +0100, a.smith at ukgrid.net wrote: > >> srw-rw---- 1 root mailnull 0 Aug 23 19:13 /var/run/dovecot/auth-userdb > > That's not vmail group as you said.. > > > From tss at iki.fi Tue Aug 23 22:15:30 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 22:15:30 +0300 Subject: [Dovecot] Bug report v2.0.13 - CentOS x86_64 - NFS - mbox - Problem reproduced In-Reply-To: <4E4E78B4.9070102@otenet.gr> References: <4E294AC0.2060706@otenet.gr> <4E425874.6040507@otenet.gr> <1313355050.10421.1285.camel@hurina> <20110815111701.68513psu7vb3wflp@noc.otenet.gr> <4E4A73AE.7090402@otenet.gr> <4E4D0D9C.6000600@otenet.gr> <4E4E78B4.9070102@otenet.gr> Message-ID: <1314126930.10421.1333.camel@hurina> On Fri, 2011-08-19 at 17:52 +0300, Kostas Zorbadelos wrote: > The problem is more easily introduced than I imagined. Well, I still couldn't reproduce it. But I can kind of see the problem. http://hg.dovecot.org/dovecot-2.0/rev/030394c74f54 should help. From tss at iki.fi Tue Aug 23 22:19:43 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 22:19:43 +0300 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <20110823192723.20857dls3diubqko@webmail2.ukgrid.net> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> <20110823173708.25235temcjts5e88@webmail2.ukgrid.net> <0720326B-36C7-4CF6-8314-FB9AEAC1B216@iki.fi> <20110823192723.20857dls3diubqko@webmail2.ukgrid.net> Message-ID: <1314127183.10421.1337.camel@hurina> On Tue, 2011-08-23 at 19:27 +0100, a.smith at ukgrid.net wrote: > In my test, actually what I have is a vmail user with primary group > vmail and secondary group mailnull. Which as mentioned results in this > error: It doesn't actually matter what groups you have assigned to vmail user. Dovecot only enables the primary group (and not even that if you've overridden it in config), and apparently Exim does the same too. The supplementary groups don't automatically get enabled when process's UID switched, it requires explicit extra code to do it. In most installations this is just useless extra work and a potential accidental security hole. From a.smith at ukgrid.net Tue Aug 23 22:38:19 2011 From: a.smith at ukgrid.net (a.smith at ukgrid.net) Date: Tue, 23 Aug 2011 20:38:19 +0100 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <1314127183.10421.1337.camel@hurina> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> <20110823173708.25235temcjts5e88@webmail2.ukgrid.net> <0720326B-36C7-4CF6-8314-FB9AEAC1B216@iki.fi> <20110823192723.20857dls3diubqko@webmail2.ukgrid.net> <1314127183.10421.1337.camel@hurina> Message-ID: <20110823203819.21196j1545iakszw@webmail2.ukgrid.net> Quoting Timo Sirainen : > On Tue, 2011-08-23 at 19:27 +0100, a.smith at ukgrid.net wrote: > > >> In my test, actually what I have is a vmail user with primary group >> vmail and secondary group mailnull. Which as mentioned results in this >> error: > > It doesn't actually matter what groups you have assigned to vmail user. > Dovecot only enables the primary group (and not even that if you've > overridden it in config), and apparently Exim does the same too. > > The supplementary groups don't automatically get enabled when process's > UID switched, it requires explicit extra code to do it. In most > installations this is just useless extra work and a potential accidental > security hole. > Ok, I assumed that secondary groups are honoured in almost all instances on a UNIX or Linux platform. I can add a note to the wiki making it explicit that the group must be the primary group if you think it's appropriate... From tss at iki.fi Tue Aug 23 22:44:01 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 23 Aug 2011 22:44:01 +0300 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <20110823203819.21196j1545iakszw@webmail2.ukgrid.net> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> <20110823173708.25235temcjts5e88@webmail2.ukgrid.net> <0720326B-36C7-4CF6-8314-FB9AEAC1B216@iki.fi> <20110823192723.20857dls3diubqko@webmail2.ukgrid.net> <1314127183.10421.1337.camel@hurina> <20110823203819.21196j1545iakszw@webmail2.ukgrid.net> Message-ID: <1314128641.10421.1340.camel@hurina> On Tue, 2011-08-23 at 20:38 +0100, a.smith at ukgrid.net wrote: > > It doesn't actually matter what groups you have assigned to vmail user. > > Dovecot only enables the primary group (and not even that if you've > > overridden it in config), and apparently Exim does the same too. > > > > The supplementary groups don't automatically get enabled when process's > > UID switched, it requires explicit extra code to do it. In most > > installations this is just useless extra work and a potential accidental > > security hole. > > > > Ok, I assumed that secondary groups are honoured in almost all > instances on a UNIX or Linux platform. I can add a note to the wiki > making it explicit that the group must be the primary group if you > think it's appropriate... It doesn't have to be the primary group. This is more of an Exim side problem that it doesn't assign the supplementary groups (if it did, it would have worked with dovecot-lda). I don't think the way you configured Exim to call dovecot-lda is explained anywhere in Dovecot wiki? From a.smith at ukgrid.net Tue Aug 23 23:18:02 2011 From: a.smith at ukgrid.net (a.smith at ukgrid.net) Date: Tue, 23 Aug 2011 21:18:02 +0100 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <1314128641.10421.1340.camel@hurina> References: <20110822122255.19095fx2ckdc0lc0@webmail2.ukgrid.net> <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> <20110823173708.25235temcjts5e88@webmail2.ukgrid.net> <0720326B-36C7-4CF6-8314-FB9AEAC1B216@iki.fi> <20110823192723.20857dls3diubqko@webmail2.ukgrid.net> <1314127183.10421.1337.camel@hurina> <20110823203819.21196j1545iakszw@webmail2.ukgrid.net> <1314128641.10421.1340.camel@hurina> Message-ID: <20110823211802.18166sfrmmbwx00s@webmail2.ukgrid.net> Quoting Timo Sirainen : > > It doesn't have to be the primary group. This is more of an Exim side > problem that it doesn't assign the supplementary groups (if it did, it > would have worked with dovecot-lda). I don't think the way you > configured Exim to call dovecot-lda is explained anywhere in Dovecot > wiki? > I'm using the exact transport from the wiki (http://wiki2.dovecot.org/LDA/Exim) but with the addition of setting user and also I have a shadow transport configured. So, yes I do have a couple of differences to what is shown in the wiki... WRT my problem, I will work around it using primary groups or possibly abolishing the option for users/domains to use any user other than vmail. I don't think its necessary but its how I inherited this particular mail setup... thanks for your input, cheers Andy. From Lutz.Pressler at SerNet.DE Wed Aug 24 01:00:30 2011 From: Lutz.Pressler at SerNet.DE (Lutz =?iso-8859-1?Q?Pre=DFler?=) Date: Wed, 24 Aug 2011 00:00:30 +0200 Subject: [Dovecot] LDA and auth-userdb socket permissions In-Reply-To: <20110823211802.18166sfrmmbwx00s@webmail2.ukgrid.net> References: <5E9680BD-CB20-48DE-8F7B-71ACDD795CBD@iki.fi> <20110823171043.26888u9dwc4xvs3k@webmail2.ukgrid.net> <0DF15D90-016D-4AA1-A7BC-8CC89E605A27@iki.fi> <20110823173708.25235temcjts5e88@webmail2.ukgrid.net> <0720326B-36C7-4CF6-8314-FB9AEAC1B216@iki.fi> <20110823192723.20857dls3diubqko@webmail2.ukgrid.net> <1314127183.10421.1337.camel@hurina> <20110823203819.21196j1545iakszw@webmail2.ukgrid.net> <1314128641.10421.1340.camel@hurina> <20110823211802.18166sfrmmbwx00s@webmail2.ukgrid.net> Message-ID: On Di, 23 Aug 2011, a.smith at ukgrid.net wrote: > Quoting Timo Sirainen : > > > > > It doesn't have to be the primary group. This is more of an Exim side > > problem that it doesn't assign the supplementary groups (if it did, it > > would have worked with dovecot-lda). I don't think the way you You probably can use the Exim transport (or router) option "initgroups". Lutz From karsten.becker at ecologic.eu Wed Aug 24 01:08:14 2011 From: karsten.becker at ecologic.eu (Karsten Becker) Date: Wed, 24 Aug 2011 00:08:14 +0200 Subject: [Dovecot] Cannot delete subfolder in public folder Message-ID: <4E5424CE.7050309@ecologic.eu> Hi there, I have the problem that I'm unable to delete a subfolder (again) I created within a public folder. I've already read about configuring Thunderbird to delete immediately - which I did. But it still doesn't work. I delete -> the folder is gone -> I get a TB error message saying "The folder doesn't exist" -> after restarting TB the folders appear again. Maybe someone has a hint. My tip is that I may have a wrong understanding of the ACL mechanism... :-( Regards from Berlin/Germany Karsten ------------------------ Log: > Aug 24 00:01:37 mail01 dovecot: imap(karsten.becker at company.eu): Debug: acl vfile: file /etc/dovecot/global-acls//.DEFAULT not found > Aug 24 00:01:37 mail01 dovecot: imap(karsten.becker at company.eu): Debug: acl vfile: file /srv/vmail/user-mailboxes/company.eu/karsten.becker/mailboxes/dovecot-acl not found > Aug 24 00:01:37 mail01 dovecot: imap(karsten.becker at company.eu): Debug: acl vfile: file /etc/dovecot/global-acls/Folders/test01/aaa not found > Aug 24 00:01:37 mail01 dovecot: imap(karsten.becker at company.eu): Debug: acl vfile: reading file /srv/vmail/public_folders/test01/aaa/dovecot-acl Here's the filesystem structure in /srv/vmail: > root at mail01.compdmz.local:/srv/vmail# ls -l public_folders/test01/ > total 20 > drwxr-xr-x 5 vmail vmail 4096 2011-08-23 23:50 aaa > drwxr-xr-x 2 vmail vmail 4096 2011-08-23 21:45 cur > -rw-r--r-- 1 vmail vmail 25 2011-08-23 22:19 dovecot-acl > drwxr-xr-x 2 vmail vmail 4096 2011-08-23 21:45 new > drwxr-xr-x 2 vmail vmail 4096 2011-08-23 21:45 tmp > root at mail01.compdmz.local:/srv/vmail# Here's the content of dovecot-acl (there are another ones in subfolder aaa with the same content, inherited during creation): > authenticated lrwstipekx Here's my configuration of Dovecot: > # 2.0.13: /usr/local/dovecot-2.0.13/etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-33-server x86_64 Ubuntu 10.04.3 LTS ext4 > doveconf: Warning: Dovecot was last started using /etc/dovecot/dovecot.conf, but this config is /usr/local/dovecot-2.0.13/etc/dovecot/dovecot.conf > auth_cache_negative_ttl = 0 > auth_cache_size = 10 M > auth_mechanisms = plain login > base_dir = /usr/local/dovecot/var/run/dovecot > dict { > acl = mysql:/etc/dovecot/dovecot-dict-shared-mailboxes-mysql.conf > expire = mysql:/etc/dovecot/dovecot-dict-expire-mysql.conf > quota = mysql:/etc/dovecot/dovecot-dict-quota-mysql.conf > } > log_timestamp = "%Y-%m-%d %H:%M:%S " > login_greeting = Company Institute > mail_attachment_dir = /srv/vmail/attachments > mail_attachment_hash = %{sha256} > mail_cache_min_mail_count = 2 > mail_debug = yes > mail_location = mdbox:/srv/vmail/user-mailboxes/%d/%n > mail_plugins = acl expire quota > mailbox_idle_check_interval = 1 mins > namespace { > inbox = yes > location = > prefix = > separator = / > subscriptions = yes > type = private > } > namespace { > list = children > location = mdbox:/srv/vmail/user-mailboxes/%%d/%%n > prefix = Users/%%d/%%n/ > separator = / > subscriptions = no > type = shared > } > namespace { > list = children > location = maildir:/srv/vmail/public_folders:INDEX=/srv/vmail/user-mailboxes/%d/%n/public_folders-seen:LAYOUT=fs > prefix = Folders/ > separator = / > subscriptions = no > type = public > } > passdb { > args = /etc/dovecot/dovecot-mysql.conf > driver = sql > } > plugin { > acl = vfile:/etc/dovecot/global-acls:cache_secs=300 > acl_shared_dict = proxy::acl > expire = Trash > expire2 = Trash/* > expire3 = Junk > expire4 = Junk/* > expire_dict = proxy::expire > quota = dict:User quota::proxy::quota > quota_rule = *:storage=10485760 > quota_rule2 = Trash:storage=+1048576 > quota_warning = storage=95%% quota-warning 95 %u > quota_warning2 = storage=80%% quota-warning 80 %u > } > postmaster_address = postmaster at company.eu > protocols = imap pop3 > service auth { > unix_listener /var/spool/postfix/private/auth_dovecot { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-master { > mode = 0600 > user = vmail > } > user = root > } > service dict { > unix_listener dict { > mode = 0600 > user = vmail > } > } > service imap-login { > inet_listener imaps { > port = 993 > ssl = yes > } > process_min_avail = 2 > } > service imap { > vsz_limit = 512 M > } > service pop3-login { > inet_listener pop3s { > port = 995 > ssl = yes > } > } > service quota-warning { > executable = script /usr/local/bin/quota-warning.sh > user = vmail > } > ssl = required > ssl_cert = ssl_key = userdb { > args = /etc/dovecot/dovecot-mysql.conf > driver = sql > } > verbose_proctitle = yes > protocol lda { > auth_socket_path = auth-master > postmaster_address = postmaster at company.eu > } > protocol imap { > imap_client_workarounds = delay-newmail > imap_max_line_length = 128 k > mail_plugins = acl expire quota imap_acl imap_quota > } > protocol pop3 { > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > } From tss at iki.fi Wed Aug 24 01:48:13 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 24 Aug 2011 01:48:13 +0300 Subject: [Dovecot] Cannot delete subfolder in public folder In-Reply-To: <4E5424CE.7050309@ecologic.eu> References: <4E5424CE.7050309@ecologic.eu> Message-ID: On 24.8.2011, at 1.08, Karsten Becker wrote: > I have the problem that I'm unable to delete a subfolder (again) I > created within a public folder. > > I've already read about configuring Thunderbird to delete immediately - > which I did. But it still doesn't work. Step 1: Verify that it really is a DELETE command that fails and that the returned error is "Permission denied". For example: telnet localhost 143 a login username password b delete Folders/test01 From superkkt at sds.co.kr Wed Aug 24 06:00:41 2011 From: superkkt at sds.co.kr (=?ks_c_5601-1987?B?seix4sXC?=) Date: Wed, 24 Aug 2011 03:00:41 +0000 Subject: [Dovecot] unlink_directory failed with 'Device or resource busy' on NFS Message-ID: <5811AFA0-1036-4851-BDE7-D4B1E850F3D4@sds.co.kr> Hi, I'm getting some errors while I'm trying to move mailboxes from IMAP server to Outlook client. The error message is "IMAP command is failed" and I think it is useless. Here are the error messages written to server's syslog. imap(name at domain.com): Error: unlink_directory(/data/domain.com/name/INBOX/direct/.nfs00000000000033fd000000cd) failed: Device or resource busy imap(name at domain.com): Error: unlink_directory(/data/domain.com/name/INBOX/IDC/.nfs000000000000709d000000e9) failed: Device or resource busy imap(name at domain.com): Error: unlink_directory(/data/domain.com/name/INBOX/OSSEC/.nfs000000000000709f000000f0) failed: Device or resource busy How can I solve this problem? I'm using Dovecot 2.0.13 and my configurations are: # 2.0.13: /usr/local/dovecot/etc/dovecot/dovecot.conf # OS: Linux 2.6.38-11-server x86_64 Ubuntu 11.04 listen = * mail_fsync = always mail_location = maildir:~:LAYOUT=fs mail_nfs_index = yes mail_nfs_storage = yes mmap_disable = yes passdb { args = /usr/local/dovecot/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } ssl_cert = References: <4E535C2F.7080605@debian.org> <0DB68F7E-4FAC-4D83-9BC5-1E991FF65B03@iki.fi> Message-ID: Timo, 2011/8/24 Timo Sirainen : > I remember listescape had problems with ACLs, and that it wasn't really possible to solve those bugs without major changes. The good news though is that those major changes are done in v2.1 where it should work. Ok, I would avoid using maildir++ layout with listescape for now. I confirmed that it could support folder names including dots without listescape by using LAYOUT=fs. > Also you could make FS layout almost reserved-folder-name free by adding e.g. :DIRNAME=Mails to your mail_location. Now the only reserved name is "Mails", and you can of course use any other name that users are highly unlikely to use (and remember that folder names are case sensitive). Yes, I've learnt about DIRNAME from the dovecot wiki. Currently that config could be the best for LAYOUT=fs. Thank you for the valuable information and suggestion! > Seome day I'm hoping to add yet another option that mailbox names wouldn't be used in filenames at all, but rather their GUIDs. Good. Looking forward to seeing it. I also expect some of mailbox migration tools to be available :-) (dsync can do it?). Regards, -- YAEGASHI Takeshi From karsten.becker at ecologic.eu Wed Aug 24 11:34:58 2011 From: karsten.becker at ecologic.eu (Karsten Becker) Date: Wed, 24 Aug 2011 10:34:58 +0200 Subject: [Dovecot] Cannot delete subfolder in public folder In-Reply-To: References: <4E5424CE.7050309@ecologic.eu> Message-ID: <4E54B7B2.1030000@ecologic.eu> Step 1 accomplished: It worked. So, it's a TB bug? Some known workarounds? Regards Karsten On 08/24/2011 12:48 AM, Timo Sirainen wrote: > On 24.8.2011, at 1.08, Karsten Becker wrote: > >> I have the problem that I'm unable to delete a subfolder (again) I >> created within a public folder. >> >> I've already read about configuring Thunderbird to delete immediately - >> which I did. But it still doesn't work. > > Step 1: Verify that it really is a DELETE command that fails and that the returned error is "Permission denied". For example: > > telnet localhost 143 > a login username password > b delete Folders/test01 > From karsten.becker at ecologic.eu Wed Aug 24 12:26:22 2011 From: karsten.becker at ecologic.eu (Karsten Becker) Date: Wed, 24 Aug 2011 11:26:22 +0200 Subject: [Dovecot] Cannot delete subfolder in public folder In-Reply-To: <4E54B7B2.1030000@ecologic.eu> References: <4E5424CE.7050309@ecologic.eu> <4E54B7B2.1030000@ecologic.eu> Message-ID: <4E54C3BE.4020501@ecologic.eu> Yeeeahh! I got it. For those who have the same problem: > http://wiki.dovecot.org/Clients#Thunderbird Then, I took a look in conf.d/20-imap.conf and found the following: > # Workarounds for various client bugs: > # delay-newmail: > # Send EXISTS/RECENT new mail notifications only when replying to NOOP > # and CHECK commands. Some clients ignore them otherwise, for example OSX > # Mail ( # may show user "Message no longer in server" errors. Note that OE6 still > # breaks even with this workaround if synchronization is set to > # "Headers Only". > # tb-extra-mailbox-sep: > # With mbox storage a mailbox can contain either mails or submailboxes, > # but not both. Thunderbird separates these two by forcing server to > # accept '/' suffix in mailbox names in subscriptions list. > # tb-lsub-flags: > # Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox). > # This makes Thunderbird realize they aren't selectable and show them > # greyed out, instead of only later giving "not selectable" popup error. > # > # The list is space-separated. > imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags As we have a very heterogenous infrastructure, with Mac OS X Thunderbird, I added the missing 2 TB options (I also have LAYOUT=fs on the public folders) and restarted Dovecot. Now it works without showing obscure messages - it just deletes a subfolder as a user would expect! :-D Of course TB must be still set up to delete immediately. Regards Karsten On 08/24/2011 10:34 AM, Karsten Becker wrote: > Step 1 accomplished: It worked. > > So, it's a TB bug? Some known workarounds? > > Regards > Karsten > > On 08/24/2011 12:48 AM, Timo Sirainen wrote: >> On 24.8.2011, at 1.08, Karsten Becker wrote: >> >>> I have the problem that I'm unable to delete a subfolder (again) I >>> created within a public folder. >>> >>> I've already read about configuring Thunderbird to delete immediately - >>> which I did. But it still doesn't work. >> >> Step 1: Verify that it really is a DELETE command that fails and that the returned error is "Permission denied". For example: >> >> telnet localhost 143 >> a login username password >> b delete Folders/test01 >> > From karsten.becker at ecologic.eu Wed Aug 24 13:32:41 2011 From: karsten.becker at ecologic.eu (Karsten Becker) Date: Wed, 24 Aug 2011 12:32:41 +0200 Subject: [Dovecot] Attachments not removed from single store Message-ID: <4E54D349.7030005@ecologic.eu> Hi. Well, I've the next problem. I turned on the new attachment de-duplication stuff in the configuration. If I send an attchment between two accounts on my test system, the attment gets saved ion the configured mail_attachment_dir. But... if I delete it from the senders Send folder and the receivers Inbox (and of course empty Trash afterwards in both cases), the hashes and the attachment are not deleted in mail_attachment_dir (as I would expect). Is this a bug, or have I misunderstood the concept of storing attachments? Regards Karsten ------------------------------------------------ > # 2.0.13: /usr/local/dovecot-2.0.13/etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-33-server x86_64 Ubuntu 10.04.3 LTS ext4 > doveconf: Warning: Dovecot was last started using /etc/dovecot/dovecot.conf, but this config is /usr/local/dovecot-2.0.13/etc/dovecot/dovecot.conf > auth_cache_negative_ttl = 0 > auth_cache_size = 10 M > auth_mechanisms = plain login > base_dir = /usr/local/dovecot/var/run/dovecot > dict { > acl = mysql:/etc/dovecot/dovecot-dict-shared-mailboxes-mysql.conf > expire = mysql:/etc/dovecot/dovecot-dict-expire-mysql.conf > quota = mysql:/etc/dovecot/dovecot-dict-quota-mysql.conf > } > log_timestamp = "%Y-%m-%d %H:%M:%S " > login_greeting = Company Institute > mail_attachment_dir = /srv/vmail/attachments > mail_attachment_hash = %{sha256} > mail_cache_min_mail_count = 2 > mail_debug = yes > mail_location = mdbox:/srv/vmail/user-mailboxes/%d/%n > mail_plugins = acl expire quota > mailbox_idle_check_interval = 1 mins > namespace { > inbox = yes > location = > prefix = > separator = / > subscriptions = yes > type = private > } > namespace { > list = children > location = mdbox:/srv/vmail/user-mailboxes/%%d/%%n > prefix = Users/%%d/%%n/ > separator = / > subscriptions = no > type = shared > } > namespace { > list = children > location = maildir:/srv/vmail/public_folders:INDEX=/srv/vmail/user-mailboxes/%d/%n/public_folders-seen:LAYOUT=fs > prefix = Folders/ > separator = / > subscriptions = no > type = public > } > passdb { > args = /etc/dovecot/dovecot-mysql.conf > driver = sql > } > plugin { > acl = vfile:/etc/dovecot/global-acls:cache_secs=300 > acl_shared_dict = proxy::acl > expire = Trash > expire2 = Trash/* > expire3 = Spam > expire4 = Spam/* > expire5 = Junk > expire6 = Junk/* > expire_dict = proxy::expire > quota = dict:User quota::proxy::quota > quota_rule = *:storage=10485760 > quota_rule2 = Trash:storage=+1048576 > quota_warning = storage=95%% quota-warning 95 %u > quota_warning2 = storage=80%% quota-warning 80 %u > } > postmaster_address = postmaster at company.eu > protocols = imap pop3 > service auth { > unix_listener /var/spool/postfix/private/auth_dovecot { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-master { > mode = 0600 > user = vmail > } > user = root > } > service dict { > unix_listener dict { > mode = 0600 > user = vmail > } > } > service imap-login { > inet_listener imaps { > port = 993 > ssl = yes > } > process_min_avail = 2 > } > service imap { > vsz_limit = 512 M > } > service pop3-login { > inet_listener pop3s { > port = 995 > ssl = yes > } > } > service quota-warning { > executable = script /usr/local/bin/quota-warning.sh > user = vmail > } > ssl = required > ssl_cert = ssl_key = userdb { > args = /etc/dovecot/dovecot-mysql.conf > driver = sql > } > verbose_proctitle = yes > protocol lda { > auth_socket_path = auth-master > postmaster_address = postmaster at company.eu > } > protocol imap { > imap_client_workarounds = delay-newmail tb-lsub-flags tb-extra-mailbox-sep > imap_max_line_length = 128 k > mail_plugins = acl expire quota imap_acl imap_quota > } > protocol pop3 { > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > } From kzorba at otenet.gr Wed Aug 24 15:03:34 2011 From: kzorba at otenet.gr (Kostas Zorbadelos) Date: Wed, 24 Aug 2011 15:03:34 +0300 Subject: [Dovecot] POP3 Bug report v2.0.13 - CentOS x86_64 - NFS - mbox - [fixed] In-Reply-To: <1314126930.10421.1333.camel@hurina> References: <4E294AC0.2060706@otenet.gr> <4E425874.6040507@otenet.gr> <1313355050.10421.1285.camel@hurina> <20110815111701.68513psu7vb3wflp@noc.otenet.gr> <4E4A73AE.7090402@otenet.gr> <4E4D0D9C.6000600@otenet.gr> <4E4E78B4.9070102@otenet.gr> <1314126930.10421.1333.camel@hurina> Message-ID: <4E54E896.5050704@otenet.gr> On 08/23/2011 10:15 PM, Timo Sirainen wrote: > On Fri, 2011-08-19 at 17:52 +0300, Kostas Zorbadelos wrote: >> The problem is more easily introduced than I imagined. > > Well, I still couldn't reproduce it. But I can kind of see the problem. > http://hg.dovecot.org/dovecot-2.0/rev/030394c74f54 should help. > > Strange, I thought it would be reproduced easily. Anyway, your patch seems to work. I could also see with gdb that it had to do with an mbox having no open stream and I thought it was some kind of wrong initialization somewhere. I guess you can have an mbox opened, but with no stream created for it :) Thank you so much about this. I guess the fix will be included in 2.0.14. I think we have found another bug concerning fcntl lock leaks when pop3_lock_session = no, but this (if this stands) is a subject for a different thread. Regards, Kostas From andrew at sybaweb.com Wed Aug 24 15:16:39 2011 From: andrew at sybaweb.com (Andrew Lewis) Date: Wed, 24 Aug 2011 14:16:39 +0200 Subject: [Dovecot] Attachments not removed from single store In-Reply-To: <4E54D349.7030005@ecologic.eu> References: <4E54D349.7030005@ecologic.eu> Message-ID: <4E54EBA7.4050404@sybaweb.com> On 24/08/2011 12:32, Karsten Becker wrote: > Is this a bug, or have I misunderstood the concept of storing attachments? Did you run 'doveadm purge -A'? http://wiki2.dovecot.org/MailboxFormat/dbox#Multi-dbox http://wiki2.dovecot.org/Tools/Doveadm/Purge Best, -AL. From karsten.becker at ecologic.eu Wed Aug 24 15:34:21 2011 From: karsten.becker at ecologic.eu (Karsten Becker) Date: Wed, 24 Aug 2011 14:34:21 +0200 Subject: [Dovecot] Attachments not removed from single store In-Reply-To: <4E54EBA7.4050404@sybaweb.com> References: <4E54D349.7030005@ecologic.eu> <4E54EBA7.4050404@sybaweb.com> Message-ID: <4E54EFCD.7020701@ecologic.eu> Of course... I didn't. Thanks. Regards Karsten On 08/24/2011 02:16 PM, Andrew Lewis wrote: > On 24/08/2011 12:32, Karsten Becker wrote: >> Is this a bug, or have I misunderstood the concept of storing >> attachments? > > Did you run 'doveadm purge -A'? > > http://wiki2.dovecot.org/MailboxFormat/dbox#Multi-dbox > http://wiki2.dovecot.org/Tools/Doveadm/Purge > > Best, > -AL. From Guy.Deleeuw at eurofer.be Wed Aug 24 16:31:59 2011 From: Guy.Deleeuw at eurofer.be (Guy Deleeuw) Date: Wed, 24 Aug 2011 15:31:59 +0200 Subject: [Dovecot] SiS Message-ID: <1314192719.2013.7.camel@pc-0100> Hello, SiS is implemented and stable in the last version ? Best Regards Guy From flylordis at gmail.com Wed Aug 24 20:14:11 2011 From: flylordis at gmail.com (Boris Lordis) Date: Wed, 24 Aug 2011 10:14:11 -0700 Subject: [Dovecot] BUG - lmtp multiple recipients fail - setuid issue? In-Reply-To: <1313359977.10421.1304.camel@hurina> References: <1313359977.10421.1304.camel@hurina> Message-ID: Thank you! That worked. Best regards, -Boris On Sun, Aug 14, 2011 at 3:12 PM, Timo Sirainen wrote: > On Mon, 2011-08-01 at 14:28 -0700, Boris Lordis wrote: >> Jul 27 11:24:42 testmailserver dovecot: lmtp(12412, steve): Error: >> link(/spool/mail/j/jerry/mail/INBOX/u.20423, >> /spool/mail/s/steve/mail/INBOX/.temp.1311791081.P12412Q2M989550.testmailserver.) >> failed: Permission denied > > It shouldn't even try this.. I guess both INBOX directories use the same > group? That's why Dovecot's internal check fails to realize that it > can't use link(). > > This is now fixed in v2.1 hg tree. Too big of a change to fix in v2.0. > You could work around it by using unique GIDs for users, or patching > Dovecot's source code (mail_storage_copy_can_use_hardlink() to always > return FALSE) > > > From willcox at datahelper.com Wed Aug 24 21:57:16 2011 From: willcox at datahelper.com (Mark Willcox) Date: Wed, 24 Aug 2011 13:57:16 -0500 Subject: [Dovecot] Post-login scripting with virtual users Message-ID: <4E55498C.6070806@datahelper.com> I am running Dovecot 2.0.13 on Fedora 15. I have migrated from a bincimap installation using checklocalpwd. All email is in folders owned by a unprivileged user, popuser. The email users are entirely virtual and have no relationship to actual linux users. My userdb calls return the UID and GID of popuser and all goes well retrieving the mail via POP3 and IMAP. I am trying to implement a Post-login script to register the IP address that the authentication came from. Dovecot seems to be trying to execute the script as the email non-user, which does not work. I have specified that the script should be run as popuser, but it still runs as devnull at dhzone.com for instance. Everything up top that point seems to be happening happily under popuser. I added a "user = popuser" directive and it had no effect that I could see. I know that dovecot read the directive because I changed it to "user = 555" and dovecot would not run because "555" is not a user. I tried adding a "User = popuser" within the unix_listener but that also had no effect. Any ideas? Thank you! ------------------------------ Here is my dovecot -n: # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.40.3-0.fc15.x86_64 x86_64 Fedora release 15 (Lovelock) auth_debug = yes disable_plaintext_auth = no mail_debug = yes mbox_write_locks = fcntl passdb { args = /etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } protocols = imap pop3 service imap-postpop { executable = script-login /usr/local/bin/set_postpop unix_listener imap-postpop { } user = popuser } service imap { executable = imap imap-postpop } ssl_cert = From the maillog: Aug 24 13:01:57 callisto dovecot: auth: Debug: client out: OK#0111#011user=devnull at dhzone.com Aug 24 13:01:57 callisto dovecot: auth: Debug: master in: REQUEST... Aug 24 13:01:57 callisto dovecot: auth: Debug: sql(devnull at dhzone.com,75.221.209.232): SELECT home, uid, gid FROM users WHERE id = 'devnull at dhzone.com' Aug 24 13:01:57 callisto dovecot: auth: Debug: master out: USER#0114007264257#011devnull at dhzone.com#011home=/var/qmail/popbox/dhzone-com/devnull#011uid=555#011gid=555 Aug 24 13:01:57 callisto dovecot: imap-login: Login: user=, method=PLAIN, rip=75.221.209.232, lip=76.76.59.241, mpid=667 Aug 24 13:01:57 callisto dovecot: imap-postpop: Error: script-login: Error: user devnull at dhzone.com: Error reading configuration: net_connect_unix(/var/run/dovecot/config) failed: Permission denied Aug 24 13:01:57 callisto dovecot: imap-postpop: Error: script-login: Fatal: Internal error occurred. Refer to server log for more information. Aug 24 13:01:57 callisto dovecot: imap(devnull at dhzone.com): Post-login script denied access to user devnull at dhzone.com Aug 24 13:01:57 callisto dovecot: log: Error: service(imap-postpop): child 668 returned error 89 (Fatal failure) Aug 24 13:02:03 callisto dovecot: master: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill) -- _________________ Mark Willcox Data Helper, Inc. From rick at havokmon.com Wed Aug 24 22:06:19 2011 From: rick at havokmon.com (Rick Romero) Date: Wed, 24 Aug 2011 14:06:19 -0500 Subject: [Dovecot] Post-login scripting with virtual users In-Reply-To: <4E55498C.6070806@datahelper.com> References: <4E55498C.6070806@datahelper.com> Message-ID: <20110824140619.Horde.EcbbWG2tkQ9OVUurx-nr4XA@beta.vfemail.net> Quoting Mark Willcox : > I am running Dovecot 2.0.13 on Fedora 15. I have migrated from a > bincimap installation using checklocalpwd. All email is in folders > owned by a unprivileged user, popuser. The email users are entirely > virtual and have no relationship to actual linux users. > > I am trying to implement a Post-login script to register the IP address > that the authentication came from. Dovecot seems to be trying to > execute the script as the email non-user, which does not work. I have > specified that the script should be run as popuser, but it still runs as > devnull at dhzone.com for instance. Everything up top that point seems to > be happening happily under popuser. > I'd remove the unix_listener directive: service imap-postpop { executable = script-login /usr/local/bin/set_postpop user = popuser } The equivalent is working for me. Rick From hobie at rumormillnews.com Wed Aug 24 22:22:56 2011 From: hobie at rumormillnews.com (hobie at rumormillnews.com) Date: Wed, 24 Aug 2011 15:22:56 -0400 (EDT) Subject: [Dovecot] Dovecot rejecting Vpopmail User 89 Message-ID: <1126277c7d9ded7203ccb3b3a54e07ec.squirrel@dragon.rumormillnews.com> I'm working to get Dovecot 2.0.13 working along with qmail, Vpopmail and Squirrelmail on a Debian 6.0.2 system, Dovecot compiled, not from a package. Vpopmail has a widely known assigned user/group ID of 89 and is the owner of all the mail folders. Regardless of value of first_valid_uid (1, 89, other), Dovecot denies Squirrelmail connection, saying it can't allow access to UID 89. "Couldn't drop privileges", it says. I'd be grateful for fixes, suggestions, or a pointer to an existing answer to this problem. Thanks ahead. :) Presently dovecot -n shows: # 2.0.13: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 auth_debug = yes disable_plaintext_auth = no mail_debug = yes mail_location = maildir:/home/vpopmail/domains/%d/%n/Maildir maildir_very_dirty_syncs = yes passdb { driver = vpopmail } protocols = imap pop3 ssl_cert = References: <1126277c7d9ded7203ccb3b3a54e07ec.squirrel@dragon.rumormillnews.com> Message-ID: <20110824143249.Horde.L2bDE6PBW7JOVVHharixOdQ@beta.vfemail.net> Quoting hobie at rumormillnews.com: > I'm working to get Dovecot 2.0.13 working along with qmail, Vpopmail and > Squirrelmail on a Debian 6.0.2 system, Dovecot compiled, not from a > package. > > Vpopmail has a widely known assigned user/group ID of 89 and is the owner > of all the mail folders. > > Regardless of value of first_valid_uid (1, 89, other), Dovecot denies > Squirrelmail connection, saying it can't allow access to UID 89. "Couldn't > drop privileges", it says. I'd be grateful for fixes, suggestions, or a > pointer to an existing answer to this problem. Thanks ahead. :) > Here's mine - I set first and last uid AND gid. Can you telnet to port 110 and test? USER username PASS password LIST # 2.0.13: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 8.2-RELEASE amd64 auth_mechanisms = plain login digest-md5 cram-md5 auth_username_translation = %@ auth_verbose = yes base_dir = /var/run/dovecot/ default_login_user = vpopmail disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = 89 last_valid_gid = 89 last_valid_uid = 89 # run under tcpserver log_path = /dev/stderr login_greeting = Ready. mail_fsync = never mail_plugins = " quota zlib" mail_privileged_group = mail namespace { inbox = yes location = prefix = separator = . } namespace { hidden = yes inbox = no list = no location = prefix = INBOX. separator = . } passdb { driver = vpopmail } plugin { quota = maildir } protocols = imap pop3 service anvil { client_limit = 2000 } service auth { unix_listener auth-master { mode = 0600 } } service imap-login { client_limit = 384 process_limit = 512 process_min_avail = 25 service_count = 0 } service imap-postlogin { executable = script-login rawlog /usr/local/etc/dovecot/lastauth-imap.sh user = vpopmail } service imap { executable = /usr/local/libexec/dovecot/imap } service pop-postlogin { executable = script-login /usr/local/etc/dovecot/lastauth-pop.sh user = vpopmail } service pop3-login { client_limit = 384 process_limit = 512 process_min_avail = 25 service_count = 0 } service pop3 { executable = /usr/local/libexec/dovecot/pop3 } shutdown_clients = no ssl_cert = References: <1126277c7d9ded7203ccb3b3a54e07ec.squirrel@dragon.rumormillnews.com> <20110824143249.Horde.L2bDE6PBW7JOVVHharixOdQ@beta.vfemail.net> Message-ID: <20110824145815.Horde.5xmCTG2tkQ9OVVfXa7tvRKA@beta.vfemail.net> Enable auth_verbose and check the logs. But I'm pretty sure that means Dovecot can't change to the Maildir folder. I assume the user's folder is owned by vpopmail:vchkpw? Is the Maildir NFS mounted or local? Rick Quoting hobie at rumormillnews.com: > Thanks, Rick. :) Changed first/last uid/gid so all show 89 and restarted > Dovecot, no change. Telnetting from remote or from localhost, Dovecot > closes the connection immediately after password is sent. (?) > > --hobie > >> Quoting hobie at rumormillnews.com: >> >>> I'm working to get Dovecot 2.0.13 working along with qmail, Vpopmail and >>> Squirrelmail on a Debian 6.0.2 system, Dovecot compiled, not from a >>> package. >>> >>> Vpopmail has a widely known assigned user/group ID of 89 and is the >>> owner >>> of all the mail folders. >>> >>> Regardless of value of first_valid_uid (1, 89, other), Dovecot denies >>> Squirrelmail connection, saying it can't allow access to UID 89. >>> "Couldn't >>> drop privileges", it says. I'd be grateful for fixes, suggestions, or a >>> pointer to an existing answer to this problem. Thanks ahead. :) >>> >> >> Here's mine - I set first and last uid AND gid. >> Can you telnet to port 110 and test? >> >> USER username >> PASS password >> LIST >> >> >> # 2.0.13: /usr/local/etc/dovecot/dovecot.conf >> # OS: FreeBSD 8.2-RELEASE amd64 >> auth_mechanisms = plain login digest-md5 cram-md5 >> auth_username_translation = %@ >> auth_verbose = yes >> base_dir = /var/run/dovecot/ >> default_login_user = vpopmail >> disable_plaintext_auth = no >> first_valid_gid = 89 >> first_valid_uid = 89 >> last_valid_gid = 89 >> last_valid_uid = 89 >> # run under tcpserver >> log_path = /dev/stderr >> login_greeting = Ready. >> mail_fsync = never >> mail_plugins = " quota zlib" >> mail_privileged_group = mail >> namespace { >> inbox = yes >> location = >> prefix = >> separator = . >> } >> namespace { >> hidden = yes >> inbox = no >> list = no >> location = >> prefix = INBOX. >> separator = . >> } >> passdb { >> driver = vpopmail >> } >> plugin { >> quota = maildir >> } >> protocols = imap pop3 >> service anvil { >> client_limit = 2000 >> } >> service auth { >> unix_listener auth-master { >> mode = 0600 >> } >> } >> service imap-login { >> client_limit = 384 >> process_limit = 512 >> process_min_avail = 25 >> service_count = 0 >> } >> service imap-postlogin { >> executable = script-login rawlog >> /usr/local/etc/dovecot/lastauth-imap.sh >> user = vpopmail >> } >> service imap { >> executable = /usr/local/libexec/dovecot/imap >> } >> service pop-postlogin { >> executable = script-login /usr/local/etc/dovecot/lastauth-pop.sh >> user = vpopmail >> } >> service pop3-login { >> client_limit = 384 >> process_limit = 512 >> process_min_avail = 25 >> service_count = 0 >> } >> service pop3 { >> executable = /usr/local/libexec/dovecot/pop3 >> } >> shutdown_clients = no >> ssl_cert = > ssl_key = > ssl_key_password = password >> userdb { >> driver = vpopmail >> } >> verbose_proctitle = yes >> protocol imap { >> auth_socket_path = /var/run/dovecot/auth-master >> imap_client_workarounds = delay-newmail tb-extra-mailbox-sep >> mail_max_userip_connections = 10 >> mail_plugins = " quota zlib imap_zlib quota imap_quota" >> } >> protocol pop3 { >> auth_socket_path = /var/run/dovecot/auth-master >> mail_max_userip_connections = 10 >> mail_plugins = quota >> pop3_client_workarounds = outlook-no-nuls oe-ns-eoh >> pop3_uidl_format = %08Xu%08Xv >> >> >> From tss at iki.fi Wed Aug 24 23:21:54 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 24 Aug 2011 23:21:54 +0300 Subject: [Dovecot] Dovecot rejecting Vpopmail User 89 In-Reply-To: <1126277c7d9ded7203ccb3b3a54e07ec.squirrel@dragon.rumormillnews.com> References: <1126277c7d9ded7203ccb3b3a54e07ec.squirrel@dragon.rumormillnews.com> Message-ID: <1314217314.10421.1349.camel@hurina> On Wed, 2011-08-24 at 15:22 -0400, hobie at rumormillnews.com wrote: > Regardless of value of first_valid_uid (1, 89, other), Dovecot denies > Squirrelmail connection, saying it can't allow access to UID 89. "Couldn't > drop privileges", it says. I'd be grateful for fixes, suggestions, or a > pointer to an existing answer to this problem. Thanks ahead. :) Show the EXACT full error message. From willcox at datahelper.com Wed Aug 24 23:22:14 2011 From: willcox at datahelper.com (Mark Willcox) Date: Wed, 24 Aug 2011 15:22:14 -0500 Subject: [Dovecot] Post-login scripting with virtual users In-Reply-To: <20110824140619.Horde.EcbbWG2tkQ9OVUurx-nr4XA@beta.vfemail.net> References: <4E55498C.6070806@datahelper.com> <20110824140619.Horde.EcbbWG2tkQ9OVUurx-nr4XA@beta.vfemail.net> Message-ID: <4E555D76.7070109@datahelper.com> Much closer! It seems to run the script, but now I get: Error: net_connect_unix(/var/run/dovecot/imap-postpop) failed: Connection refused I thought it might be because popuser has no logon capability (/sbin/nologin), but I changed that and connection is still refused. Can it be my script? It is just: #!/bin/bash echo "$USER $IP `host $IP`" > /var/lib/postpop/db/$IP exec "$@" The IP-named file is not being created. popuser owns the folder. Also, when I get this working, can I set up a pop3 equivalent? _________________ Mark Willcox Data Helper, Inc. On 8/24/2011 2:06 PM, Rick Romero wrote: > > Quoting Mark Willcox : > >> I am running Dovecot 2.0.13 on Fedora 15. I have migrated from a >> bincimap installation using checklocalpwd. All email is in folders >> owned by a unprivileged user, popuser. The email users are entirely >> virtual and have no relationship to actual linux users. >> >> I am trying to implement a Post-login script to register the IP address >> that the authentication came from. Dovecot seems to be trying to >> execute the script as the email non-user, which does not work. I have >> specified that the script should be run as popuser, but it still runs as >> devnull at dhzone.com for instance. Everything up top that point seems to >> be happening happily under popuser. >> > > I'd remove the unix_listener directive: > service imap-postpop { > executable = script-login /usr/local/bin/set_postpop > user = popuser > } > > The equivalent is working for me. > > Rick From rick at havokmon.com Wed Aug 24 23:29:37 2011 From: rick at havokmon.com (Rick Romero) Date: Wed, 24 Aug 2011 15:29:37 -0500 Subject: [Dovecot] Post-login scripting with virtual users In-Reply-To: <4E555D76.7070109@datahelper.com> References: <4E55498C.6070806@datahelper.com> <20110824140619.Horde.EcbbWG2tkQ9OVUurx-nr4XA@beta.vfemail.net> <4E555D76.7070109@datahelper.com> Message-ID: <20110824152937.Horde.rGxrdm2tkQ9OVV8x3SPhKwE@beta.vfemail.net> Is the script executable? I'm out of ideas. Yes, you can set it up exactly the same for IMAP. Rick Quoting Mark Willcox : > Much closer! It seems to run the script, but now I get: > Error: net_connect_unix(/var/run/dovecot/imap-postpop) failed: > Connection refused > > I thought it might be because popuser has no logon capability > (/sbin/nologin), but I changed that and connection is still refused. > > Can it be my script? It is just: > #!/bin/bash > echo "$USER $IP `host $IP`" > /var/lib/postpop/db/$IP > exec "$@" > > The IP-named file is not being created. popuser owns the folder. > > Also, when I get this working, can I set up a pop3 equivalent? > > _________________ > Mark Willcox > Data Helper, Inc. > > > On 8/24/2011 2:06 PM, Rick Romero wrote: >> >> Quoting Mark Willcox : >> >>> I am running Dovecot 2.0.13 on Fedora 15. I have migrated from a >>> bincimap installation using checklocalpwd. All email is in folders >>> owned by a unprivileged user, popuser. The email users are entirely >>> virtual and have no relationship to actual linux users. >>> >>> I am trying to implement a Post-login script to register the IP address >>> that the authentication came from. Dovecot seems to be trying to >>> execute the script as the email non-user, which does not work. I have >>> specified that the script should be run as popuser, but it still runs as >>> devnull at dhzone.com for instance. Everything up top that point seems to >>> be happening happily under popuser. >>> >> >> I'd remove the unix_listener directive: >> service imap-postpop { >> executable = script-login /usr/local/bin/set_postpop >> user = popuser >> } >> >> The equivalent is working for me. >> >> Rick From hobie at rumormillnews.com Wed Aug 24 23:34:53 2011 From: hobie at rumormillnews.com (hobie at rumormillnews.com) Date: Wed, 24 Aug 2011 16:34:53 -0400 (EDT) Subject: [Dovecot] Dovecot rejecting Vpopmail User 89 In-Reply-To: <1314217314.10421.1349.camel@hurina> References: <1126277c7d9ded7203ccb3b3a54e07ec.squirrel@dragon.rumormillnews.com> <1314217314.10421.1349.camel@hurina> Message-ID: <4e7163945b13323d9a2a5c3c1c96ed0d.squirrel@dragon.rumormillnews.com> Hi, Timo - from mail.warn log file, domain name redacted: Aug 24 16:32:07 debian dovecot: imap(postmaster at v....org): Error: user postmaster at v....org: Couldn't drop privileges: Mail access for users with UID 89 not permitted (see first_valid_uid in config file, uid from userdb lookup). --hobie > On Wed, 2011-08-24 at 15:22 -0400, hobie at rumormillnews.com wrote: > >> Regardless of value of first_valid_uid (1, 89, other), Dovecot denies >> Squirrelmail connection, saying it can't allow access to UID 89. >> "Couldn't >> drop privileges", it says. I'd be grateful for fixes, suggestions, or a >> pointer to an existing answer to this problem. Thanks ahead. :) > > Show the EXACT full error message. > > > From tss at iki.fi Wed Aug 24 23:37:11 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 24 Aug 2011 23:37:11 +0300 Subject: [Dovecot] Post-login scripting with virtual users In-Reply-To: <4E55498C.6070806@datahelper.com> References: <4E55498C.6070806@datahelper.com> Message-ID: <1314218231.10421.1351.camel@hurina> On Wed, 2011-08-24 at 13:57 -0500, Mark Willcox wrote: > Aug 24 13:01:57 callisto dovecot: imap-postpop: Error: script-login: > Error: user devnull at dhzone.com: Error reading configuration: > net_connect_unix(/var/run/dovecot/config) failed: Permission denied This is your problem.. It's a bug in v2.0.13. You could patch with http://hg.dovecot.org/dovecot-2.0/rev/a2d57b43ccb2 or change config socket's permissions. I'll hopefully release v2.0.14 in not too distant future. From tss at iki.fi Wed Aug 24 23:48:00 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 24 Aug 2011 23:48:00 +0300 Subject: [Dovecot] Dovecot rejecting Vpopmail User 89 In-Reply-To: <4e7163945b13323d9a2a5c3c1c96ed0d.squirrel@dragon.rumormillnews.com> References: <1126277c7d9ded7203ccb3b3a54e07ec.squirrel@dragon.rumormillnews.com> <1314217314.10421.1349.camel@hurina> <4e7163945b13323d9a2a5c3c1c96ed0d.squirrel@dragon.rumormillnews.com> Message-ID: <1314218880.10421.1353.camel@hurina> On Wed, 2011-08-24 at 16:34 -0400, hobie at rumormillnews.com wrote: > Hi, Timo - from mail.warn log file, domain name redacted: > > Aug 24 16:32:07 debian dovecot: imap(postmaster at v....org): Error: user > postmaster at v....org: Couldn't drop privileges: Mail access for users with > UID 89 not permitted (see first_valid_uid in config file, uid from userdb > lookup). OK, so it is the first_valid_uid that's the problem.. In your previous doveconf -n output you didn't have first_valid_uid set at all, which defaults to 500. So: set first_valid_uid=89, verify that doveconf -n shows it in its output, and check if the error message changes. From hobie at rumormillnews.com Wed Aug 24 23:56:07 2011 From: hobie at rumormillnews.com (hobie at rumormillnews.com) Date: Wed, 24 Aug 2011 16:56:07 -0400 (EDT) Subject: [Dovecot] Dovecot rejecting Vpopmail User 89 In-Reply-To: <1314218880.10421.1353.camel@hurina> References: <1126277c7d9ded7203ccb3b3a54e07ec.squirrel@dragon.rumormillnews.com> <1314217314.10421.1349.camel@hurina> <4e7163945b13323d9a2a5c3c1c96ed0d.squirrel@dragon.rumormillnews.com> <1314218880.10421.1353.camel@hurina> Message-ID: (Ah!) Thanks, Timo, that allows Squirrelmail to get access. :) I had been making changes to the files in /conf.d, not directly to dovecot.conf - confusing. :) I'm trying now to connect using Thunderbird and that's not working, but I'll dig into that for awhile before asking for further help. Thanks kindly, --hobie > On Wed, 2011-08-24 at 16:34 -0400, hobie at rumormillnews.com wrote: >> Hi, Timo - from mail.warn log file, domain name redacted: >> >> Aug 24 16:32:07 debian dovecot: imap(postmaster at v....org): Error: user >> postmaster at v....org: Couldn't drop privileges: Mail access for users >> with >> UID 89 not permitted (see first_valid_uid in config file, uid from >> userdb >> lookup). > > OK, so it is the first_valid_uid that's the problem.. In your previous > doveconf -n output you didn't have first_valid_uid set at all, which > defaults to 500. So: set first_valid_uid=89, verify that doveconf -n > shows it in its output, and check if the error message changes. > > > From jtam.home at gmail.com Thu Aug 25 00:52:38 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Wed, 24 Aug 2011 14:52:38 -0700 (PDT) Subject: [Dovecot] Catch22: user needs space to fix out of space condition Message-ID: A mail user reported that he filled up his INBOX (despite reminders he was approaching his filesystem quota), and furthermore, he could not fix the situation because he couldn't expunge message he marked for deletion. The dovecot logs revealed the cause dovecot: imap(user): Error: open(/var/mail/user.lock) failed: Disc quota exceeded This created an impasse where a user cannot free space because he needs to create a lock file that cannot be created because he needs free space. Is there any way out of this without administrator intervention? Joseph Tam From willcox at datahelper.com Thu Aug 25 01:16:19 2011 From: willcox at datahelper.com (Mark Willcox) Date: Wed, 24 Aug 2011 17:16:19 -0500 Subject: [Dovecot] Post-login scripting with virtual users In-Reply-To: <1314218231.10421.1351.camel@hurina> References: <4E55498C.6070806@datahelper.com> <1314218231.10421.1351.camel@hurina> Message-ID: <4E557833.4060105@datahelper.com> I don't think that this is the problem now. I removed the unix_listener as per Rick's advice. That got me past the Error reading configuration. Just to be sure, I made the config socket world-readable which made no difference. Now instead I get: Error: net_connect_unix(/var/run/dovecot/imap-postpop) failed: Connection refused The script is executable. On a hunch, I made the directly that the scripts writes to world-writable, which didn't help. The Connection refused" means that there was some kind of problem with my script, I assume. It seems that the script does not run at all. Is there anything I can do to narrow down what is going wrong? Some higher level of logging? Thanks! _________________ Mark Willcox Data Helper, Inc. On 8/24/2011 3:37 PM, Timo Sirainen wrote: > On Wed, 2011-08-24 at 13:57 -0500, Mark Willcox wrote: > >> Aug 24 13:01:57 callisto dovecot: imap-postpop: Error: script-login: >> Error: user devnull at dhzone.com: Error reading configuration: >> net_connect_unix(/var/run/dovecot/config) failed: Permission denied > This is your problem.. It's a bug in v2.0.13. You could patch with > http://hg.dovecot.org/dovecot-2.0/rev/a2d57b43ccb2 or change config > socket's permissions. I'll hopefully release v2.0.14 in not too distant > future. From willcox at datahelper.com Thu Aug 25 01:30:35 2011 From: willcox at datahelper.com (Mark Willcox) Date: Wed, 24 Aug 2011 17:30:35 -0500 Subject: [Dovecot] Post-login scripting with virtual users In-Reply-To: <4E557833.4060105@datahelper.com> References: <4E55498C.6070806@datahelper.com> <1314218231.10421.1351.camel@hurina> <4E557833.4060105@datahelper.com> Message-ID: <4E557B8B.1010701@datahelper.com> I am about 97.2% certain that it never tries to run the script. I changed it to simply touch a file in /tmp with the same result. I simplified it to: #!/bin/sh exec "$@" Still refused. _________________ Mark Willcox Data Helper, Inc. On 8/24/2011 5:16 PM, Mark Willcox wrote: > I don't think that this is the problem now. I removed the unix_listener > as per Rick's advice. That got me past the Error reading > configuration. Just to be sure, I made the config socket world-readable > which made no difference. > > Now instead I get: > Error: net_connect_unix(/var/run/dovecot/imap-postpop) failed: > Connection refused > > The script is executable. On a hunch, I made the directly that the > scripts writes to world-writable, which didn't help. The Connection > refused" means that there was some kind of problem with my script, I > assume. It seems that the script does not run at all. Is there anything > I can do to narrow down what is going wrong? Some higher level of logging? > > Thanks! > > _________________ > Mark Willcox > Data Helper, Inc. > > > On 8/24/2011 3:37 PM, Timo Sirainen wrote: >> On Wed, 2011-08-24 at 13:57 -0500, Mark Willcox wrote: >> >>> Aug 24 13:01:57 callisto dovecot: imap-postpop: Error: script-login: >>> Error: user devnull at dhzone.com: Error reading configuration: >>> net_connect_unix(/var/run/dovecot/config) failed: Permission denied >> This is your problem.. It's a bug in v2.0.13. You could patch with >> http://hg.dovecot.org/dovecot-2.0/rev/a2d57b43ccb2 or change config >> socket's permissions. I'll hopefully release v2.0.14 in not too distant >> future. From patrickdk at patrickdk.com Thu Aug 25 02:13:17 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Wed, 24 Aug 2011 19:13:17 -0400 Subject: [Dovecot] Catch22: user needs space to fix out of space condition In-Reply-To: References: Message-ID: <20110824191317.Horde.2es_VJLnE6FOVYWNtH6A0MA@mail.patrickdk.com> Don't use dotlock files. Method that generally works nice also is to start rejecting email for the user when they are at 99% capacity, so you leave just alittle room for that kind of thing left. Quoting Joseph Tam : > A mail user reported that he filled up his INBOX (despite reminders he > was approaching his filesystem quota), and furthermore, he could not > fix the situation because he couldn't expunge message he marked for > deletion. > > The dovecot logs revealed the cause > > dovecot: imap(user): Error: open(/var/mail/user.lock) failed: > Disc quota exceeded > > This created an impasse where a user cannot free space because he needs > to create a lock file that cannot be created because he needs free > space. Is there any way out of this without administrator intervention? > > Joseph Tam From tss at iki.fi Thu Aug 25 03:04:43 2011 From: tss at iki.fi (Timo Sirainen) Date: Thu, 25 Aug 2011 03:04:43 +0300 Subject: [Dovecot] Post-login scripting with virtual users In-Reply-To: <4E557833.4060105@datahelper.com> References: <4E55498C.6070806@datahelper.com> <1314218231.10421.1351.camel@hurina> <4E557833.4060105@datahelper.com> Message-ID: <1314230683.10421.1354.camel@hurina> You didn't get past the config reading error, it now fails before it even gets that far. On Wed, 2011-08-24 at 17:16 -0500, Mark Willcox wrote: > I don't think that this is the problem now. I removed the unix_listener > as per Rick's advice. That got me past the Error reading > configuration. Just to be sure, I made the config socket world-readable > which made no difference. > > Now instead I get: > Error: net_connect_unix(/var/run/dovecot/imap-postpop) failed: > Connection refused > > The script is executable. On a hunch, I made the directly that the > scripts writes to world-writable, which didn't help. The Connection > refused" means that there was some kind of problem with my script, I > assume. It seems that the script does not run at all. Is there anything > I can do to narrow down what is going wrong? Some higher level of logging? > > Thanks! > > _________________ > Mark Willcox > Data Helper, Inc. > > > On 8/24/2011 3:37 PM, Timo Sirainen wrote: > > On Wed, 2011-08-24 at 13:57 -0500, Mark Willcox wrote: > > > >> Aug 24 13:01:57 callisto dovecot: imap-postpop: Error: script-login: > >> Error: user devnull at dhzone.com: Error reading configuration: > >> net_connect_unix(/var/run/dovecot/config) failed: Permission denied > > This is your problem.. It's a bug in v2.0.13. You could patch with > > http://hg.dovecot.org/dovecot-2.0/rev/a2d57b43ccb2 or change config > > socket's permissions. I'll hopefully release v2.0.14 in not too distant > > future. > From hobie at rumormillnews.com Thu Aug 25 04:00:39 2011 From: hobie at rumormillnews.com (hobie at rumormillnews.com) Date: Wed, 24 Aug 2011 21:00:39 -0400 (EDT) Subject: [Dovecot] On IMAP vhost login, only Username being used Message-ID: <424d429b9b67e0a477a29a7d33fbd7d8.squirrel@dragon.rumormillnews.com> Attempting IMAP SSL login on new installation, using Icedove (Debain Thunderbird variant), login fails. Logs show Dovecot attempting to match username only, not username with domain name, on Vpopmail user, so of course no match. Tried with '@' in full username, also with '%'. What's missing? Log shows: Aug 24 19:30:48 debian dovecot: auth: Debug: client in: CONT Aug 24 19:30:48 debian dovecot: auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth Aug 24 19:30:48 debian dovecot: auth: Debug: vpopmail(postmaster,[IP redacted]): lookup user=postmaster domain= Current config: # 2.0.13: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 auth_debug = yes auth_verbose = yes disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = 89 mail_debug = yes mail_location = maildir:/home/vpopmail/domains/%d/%n/Maildir maildir_very_dirty_syncs = yes passdb { driver = vpopmail } protocols = imap pop3 ssl_cert = References: <4E55498C.6070806@datahelper.com> <1314218231.10421.1351.camel@hurina> <4E557833.4060105@datahelper.com> <1314230683.10421.1354.camel@hurina> Message-ID: <4E55A2BC.9000107@datahelper.com> I downloaded the source and patched script-login.c. It is working fine now! Thank you! My script is running as root now and it resisted all efforts to make it run as popuser, but I can work with that. Why did I wait so long to move from bincimap? _________________ Mark Willcox Data Helper, Inc. On 8/24/2011 7:04 PM, Timo Sirainen wrote: > You didn't get past the config reading error, it now fails before it > even gets that far. > > On Wed, 2011-08-24 at 17:16 -0500, Mark Willcox wrote: >> I don't think that this is the problem now. I removed the unix_listener >> as per Rick's advice. That got me past the Error reading >> configuration. Just to be sure, I made the config socket world-readable >> which made no difference. >> >> Now instead I get: >> Error: net_connect_unix(/var/run/dovecot/imap-postpop) failed: >> Connection refused >> >> The script is executable. On a hunch, I made the directly that the >> scripts writes to world-writable, which didn't help. The Connection >> refused" means that there was some kind of problem with my script, I >> assume. It seems that the script does not run at all. Is there anything >> I can do to narrow down what is going wrong? Some higher level of logging? >> >> Thanks! >> >> _________________ >> Mark Willcox >> Data Helper, Inc. >> >> >> On 8/24/2011 3:37 PM, Timo Sirainen wrote: >>> On Wed, 2011-08-24 at 13:57 -0500, Mark Willcox wrote: >>> >>>> Aug 24 13:01:57 callisto dovecot: imap-postpop: Error: script-login: >>>> Error: user devnull at dhzone.com: Error reading configuration: >>>> net_connect_unix(/var/run/dovecot/config) failed: Permission denied >>> This is your problem.. It's a bug in v2.0.13. You could patch with >>> http://hg.dovecot.org/dovecot-2.0/rev/a2d57b43ccb2 or change config >>> socket's permissions. I'll hopefully release v2.0.14 in not too distant >>> future. From tss at iki.fi Thu Aug 25 05:09:16 2011 From: tss at iki.fi (Timo Sirainen) Date: Thu, 25 Aug 2011 05:09:16 +0300 Subject: [Dovecot] Post-login scripting with virtual users In-Reply-To: <4E55A2BC.9000107@datahelper.com> References: <4E55498C.6070806@datahelper.com> <1314218231.10421.1351.camel@hurina> <4E557833.4060105@datahelper.com> <1314230683.10421.1354.camel@hurina> <4E55A2BC.9000107@datahelper.com> Message-ID: <29DEE195-62D5-447E-88B4-F2FF3FCC49BB@iki.fi> On 25.8.2011, at 4.17, Mark Willcox wrote: > My script is running as root now and it resisted all efforts to make it > run as popuser, but I can work with that. Hmm. If it's running as root, you shouldn't have had the config problem in the first place because that means it's not running as root.. From warden at geneseo.edu Thu Aug 25 05:12:27 2011 From: warden at geneseo.edu (David Warden) Date: Wed, 24 Aug 2011 22:12:27 -0400 Subject: [Dovecot] Catch22: user needs space to fix out of space condition In-Reply-To: References: Message-ID: <96BC604E-BDB4-4482-9013-DB85B9616D7E@geneseo.edu> On Aug 24, 2011, at 5:52 PM, Joseph Tam wrote: > > A mail user reported that he filled up his INBOX (despite reminders he > was approaching his filesystem quota), and furthermore, he could not > fix the situation because he couldn't expunge message he marked for > deletion. > > The dovecot logs revealed the cause > > dovecot: imap(user): Error: open(/var/mail/user.lock) failed: > Disc quota exceeded > > This created an impasse where a user cannot free space because he needs > to create a lock file that cannot be created because he needs free > space. Is there any way out of this without administrator intervention? > In your mail_location you can specify a different control and index directory as a place where the user has no quotas. I'm not quite sure which it is (control or index) that says where the dotlock file goes but it should be one of them. Check out the mail_location page in the wiki for more info. This introduces more filesystem complexity (you need one tree for message files and another for mail control/index files) but it does mean that people can log in when they hit their quota and the storage space consumed by their dovecot indexes won't count against them, which I personally think is more fair than letting those things consume quota. Also, as someone who was using dotlocks for a long time until I could make fcntl locks work over NFS to our Netapp filers, I would strongly recommend trying to move away from dotlocks if you can. We were seeing poor performance and some cache corruption (mail, indexes, control all on NFS with multiple hosts possibly accessing the same user's files) with dotlocks that went away when we switched to native locks. > Joseph Tam David Warden From a.kostyrev at serverc.ru Thu Aug 25 08:17:43 2011 From: a.kostyrev at serverc.ru (=?koi8-r?B?68/T1NnSxdcg4czFy9PBzsTSIOHMxcvTxcXXyd4=?=) Date: Thu, 25 Aug 2011 16:17:43 +1100 Subject: [Dovecot] dovecot and maillists problem Message-ID: <213B51F00051AE48A9F0E112880177178F77D4@Delta.sc.local> Hello there! I have a little trouble with using dovecot as lmtp and maillists. I use dovecot 2.0.13 with exim 4.72 on Debian 6.0. (All stuff at one host). info of maillists is store in mysql table, for example: +---------+-------------------------------------------------------------------------------------------------+ | name | recipients | +---------+-------------------------------------------------------------------------------------------------+ | Hab_Tax | 2504000067-253601001.253809737993 at 25.example.org,2721097514-272101001.271300057673 at .example.org | +---------+-------------------------------------------------------------------------------------------------+ The problem is: When I send a letter to short maillist (as above) it get the same ID and stored only once in the maildir of one user who is the member of that maillist - that's ok, but When I send a letter to maillist with a large number of recipients it occurred that it's saved more than one, because of the headers added by dovecot lmtp (I've changed host name): diff letter_in_one_user/1314238006.M841940P6916.pink\,S\=12778136\,W\=12953189 letler_in_second_user/new/1314237993.M460165P6916.pink\,S\=12778136\,W\=12953189 3,4c3,4 < by pink.atlas-2.ru (Dovecot) with LMTP id 6UiGJBWuVU4EGwAA1nFjLA < ; Thu, 25 Aug 2011 13:06:46 +1100 --- > by pink.atlas-2.ru (Dovecot) with LMTP id VUeGJBWuVU4EGwAA1nFjLA > ; Thu, 25 Aug 2011 13:06:29 +1100 It's the same letter accept the date and id. What I get in logs is: I see that exim send letters in maillist with one and the same id: ...skipped... 13:06:46 1QwPKe-0001nU-U5 <2502 at example.org> ... 13:06:47 1QwPKe-0001nU-U5 <2502 at example.org> ... But in logs of dovecot I see: 13:06:14 msgid=: wUWGJBWuVU4EGwAA1nFjLA: 13:06:18 msgid=: wEWGJBWuVU4EGwAA1nFjLA: 13:06:22 msgid=: JkaGJBWuVU4EGwAA1nFjLA: 13:06:26 msgid=: i0aGJBWuVU4EGwAA1nFjLA: 13:06:30 msgid=: 8EaGJBWuVU4EGwAA1nFjLA: 13:06:34 msgid=: VUeGJBWuVU4EGwAA1nFjLA: 13:06:37 msgid=: ukeGJBWuVU4EGwAA1nFjLA: 13:06:42 msgid=: H0iGJBWuVU4EGwAA1nFjLA: 13:06:46 msgid=: hEiGJBWuVU4EGwAA1nFjLA: 13:06:47 msgid=: 6UiGJBWuVU4EGwAA1nFjLA: Also in dovecot log I've noticed that: at first auth is searching info in sql for 200 users then log continues with lmtp's info then auth is searching info in sql for another portion of users and this loop in log continues. Dovecot.conf: http://pastebin.com/ueCBU3bP dovecot.sql: http://pastebin.com/kqCq52mC dovecot.log http://pastebin.com/YiyMWpx1 exim.conf: http://pastebin.com/F4MNQkAx exim.log: http://pastebin.com/wn83TZpX From tss at iki.fi Thu Aug 25 08:36:13 2011 From: tss at iki.fi (Timo Sirainen) Date: Thu, 25 Aug 2011 08:36:13 +0300 Subject: [Dovecot] dovecot and maillists problem In-Reply-To: <213B51F00051AE48A9F0E112880177178F77D4@Delta.sc.local> References: <213B51F00051AE48A9F0E112880177178F77D4@Delta.sc.local> Message-ID: <92C9B986-DAE0-447F-A41F-1F6ACCBDB5AC@iki.fi> On 25.8.2011, at 8.17, ???????? ????????? ?????????? wrote: > The problem is: > When I send a letter to short maillist (as above) it get the same ID and stored only once in the maildir of one user who is the member of that maillist - that's ok, but > When I send a letter to maillist with a large number of recipients it occurred that it's saved more than one, because of the headers added by dovecot lmtp (I've changed host name): > > diff letter_in_one_user/1314238006.M841940P6916.pink\,S\=12778136\,W\=12953189 letler_in_second_user/new/1314237993.M460165P6916.pink\,S\=12778136\,W\=12953189 > 3,4c3,4 > < by pink.atlas-2.ru (Dovecot) with LMTP id 6UiGJBWuVU4EGwAA1nFjLA > < ; Thu, 25 Aug 2011 13:06:46 +1100 > --- >> by pink.atlas-2.ru (Dovecot) with LMTP id VUeGJBWuVU4EGwAA1nFjLA >> ; Thu, 25 Aug 2011 13:06:29 +1100 > > It's the same letter accept the date and id. Try capturing the LMTP traffic between Dovecot and Exim? I'm not sure if there's a good way to capture traffic from UNIX sockets, but at least if Exim and Dovecot talk via TCP there are many ways. The different LMTP ids and dates are added only when there are different DATA commands, which would mean that Exim has sent separate RCPT TO + DATA commands for each of these mails. But that kind of conflicts on your logs that show tons of SQL lookups one after another.. From tss at iki.fi Thu Aug 25 08:38:48 2011 From: tss at iki.fi (Timo Sirainen) Date: Thu, 25 Aug 2011 08:38:48 +0300 Subject: [Dovecot] Catch22: user needs space to fix out of space condition In-Reply-To: <96BC604E-BDB4-4482-9013-DB85B9616D7E@geneseo.edu> References: <96BC604E-BDB4-4482-9013-DB85B9616D7E@geneseo.edu> Message-ID: <664F152B-0AE0-4D52-BD62-991707A0C372@iki.fi> On 25.8.2011, at 5.12, David Warden wrote: > In your mail_location you can specify a different control and index directory as a place where the user has no quotas. I'm not quite sure which it is (control or index) that says where the dotlock file goes but it should be one of them. Nope, dotlocks go to exactly where the mbox file is, never elsewhere (otherwise using Dovecot with non-Dovecot software could cause corruption). fcntl locks is the only solution. From a.kostyrev at serverc.ru Thu Aug 25 08:49:16 2011 From: a.kostyrev at serverc.ru (=?koi8-r?B?68/T1NnSxdcg4czFy9PBzsTSIOHMxcvTxcXXyd4=?=) Date: Thu, 25 Aug 2011 16:49:16 +1100 Subject: [Dovecot] dovecot and maillists problem References: <213B51F00051AE48A9F0E112880177178F77D4@Delta.sc.local> <92C9B986-DAE0-447F-A41F-1F6ACCBDB5AC@iki.fi> Message-ID: <213B51F00051AE48A9F0E112880177178F77D5@Delta.sc.local> >But that kind of conflicts on your logs that show tons of SQL lookups one after another.. I'm not sure that these are conflicts. As I see it, it's legitimate lookups for the users who are the members of maillist I thought that's correct behavior, am I wrong? -----Original Message----- From: Timo Sirainen [mailto:tss at iki.fi] Sent: Thursday, August 25, 2011 4:36 PM To: ???????? ????????? ?????????? Cc: dovecot at dovecot.org Subject: Re: [Dovecot] dovecot and maillists problem On 25.8.2011, at 8.17, ???????? ????????? ?????????? wrote: > The problem is: > When I send a letter to short maillist (as above) it get the same ID and stored only once in the maildir of one user who is the member of that maillist - that's ok, but > When I send a letter to maillist with a large number of recipients it occurred that it's saved more than one, because of the headers added by dovecot lmtp (I've changed host name): > > diff letter_in_one_user/1314238006.M841940P6916.pink\,S\=12778136\,W\=12953189 letler_in_second_user/new/1314237993.M460165P6916.pink\,S\=12778136\,W\=12953189 > 3,4c3,4 > < by pink.atlas-2.ru (Dovecot) with LMTP id 6UiGJBWuVU4EGwAA1nFjLA > < ; Thu, 25 Aug 2011 13:06:46 +1100 > --- >> by pink.atlas-2.ru (Dovecot) with LMTP id VUeGJBWuVU4EGwAA1nFjLA >> ; Thu, 25 Aug 2011 13:06:29 +1100 > > It's the same letter accept the date and id. Try capturing the LMTP traffic between Dovecot and Exim? I'm not sure if there's a good way to capture traffic from UNIX sockets, but at least if Exim and Dovecot talk via TCP there are many ways. The different LMTP ids and dates are added only when there are different DATA commands, which would mean that Exim has sent separate RCPT TO + DATA commands for each of these mails. But that kind of conflicts on your logs that show tons of SQL lookups one after another.. From hobie at rumormillnews.com Thu Aug 25 08:57:35 2011 From: hobie at rumormillnews.com (hobie) Date: Thu, 25 Aug 2011 01:57:35 -0400 Subject: [Dovecot] On IMAP vhost login, only Username being used In-Reply-To: <424d429b9b67e0a477a29a7d33fbd7d8.squirrel@dragon.rumormillnews.com> References: <424d429b9b67e0a477a29a7d33fbd7d8.squirrel@dragon.rumormillnews.com> Message-ID: <4E55E44F.20006@rumormillnews.com> I tried the runtbird.sh script, hoping for more info - all it did was show that auth is failing. I don't understand why Dovecot is separating the username from the domain name, and trying to match only on the username. Seems like there must be a config setting that affects this and that I'm overlooking. Thanks ahead for any help with this. --hobie hobie wrote earlier: ===== Attempting IMAP SSL login on new installation, using Icedove (Debain Thunderbird variant), login fails. Logs show Dovecot attempting to match username only, not username with domain name, on Vpopmail user, so of course no match. Tried with '@' in full username, also with '%'. What's missing? Log shows: Aug 24 19:30:48 debian dovecot: auth: Debug: client in: CONT Aug 24 19:30:48 debian dovecot: auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth Aug 24 19:30:48 debian dovecot: auth: Debug: vpopmail(postmaster,[IP redacted]): lookup user=postmaster domain= Current config: # 2.0.13: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 auth_debug = yes auth_verbose = yes disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = 89 mail_debug = yes mail_location = maildir:/home/vpopmail/domains/%d/%n/Maildir maildir_very_dirty_syncs = yes passdb { driver = vpopmail } protocols = imap pop3 ssl_cert = References: <213B51F00051AE48A9F0E112880177178F77D4@Delta.sc.local> <92C9B986-DAE0-447F-A41F-1F6ACCBDB5AC@iki.fi> <213B51F00051AE48A9F0E112880177178F77D5@Delta.sc.local> Message-ID: <01AEBCD9-BDAC-4821-877C-0FDCC35AFCA1@iki.fi> I mean, my point of view of what is happening is is disagreement with the logs you showed. So something's weird here and only the LMTP traffic logs can lead to more clarity. On 25.8.2011, at 8.49, ???????? ????????? ?????????? wrote: >> But that kind of conflicts on your logs that show tons of SQL lookups one after another.. > > I'm not sure that these are conflicts. > As I see it, it's legitimate lookups for the users who are the members of maillist > I thought that's correct behavior, am I wrong? > > > > > -----Original Message----- > From: Timo Sirainen [mailto:tss at iki.fi] > Sent: Thursday, August 25, 2011 4:36 PM > To: ???????? ????????? ?????????? > Cc: dovecot at dovecot.org > Subject: Re: [Dovecot] dovecot and maillists problem > > On 25.8.2011, at 8.17, ???????? ????????? ?????????? wrote: > >> The problem is: >> When I send a letter to short maillist (as above) it get the same ID and stored only once in the maildir of one user who is the member of that maillist - that's ok, but >> When I send a letter to maillist with a large number of recipients it occurred that it's saved more than one, because of the headers added by dovecot lmtp (I've changed host name): >> >> diff letter_in_one_user/1314238006.M841940P6916.pink\,S\=12778136\,W\=12953189 letler_in_second_user/new/1314237993.M460165P6916.pink\,S\=12778136\,W\=12953189 >> 3,4c3,4 >> < by pink.atlas-2.ru (Dovecot) with LMTP id 6UiGJBWuVU4EGwAA1nFjLA >> < ; Thu, 25 Aug 2011 13:06:46 +1100 >> --- >>> by pink.atlas-2.ru (Dovecot) with LMTP id VUeGJBWuVU4EGwAA1nFjLA >>> ; Thu, 25 Aug 2011 13:06:29 +1100 >> >> It's the same letter accept the date and id. > > Try capturing the LMTP traffic between Dovecot and Exim? I'm not sure if there's a good way to capture traffic from UNIX sockets, but at least if Exim and Dovecot talk via TCP there are many ways. > > The different LMTP ids and dates are added only when there are different DATA commands, which would mean that Exim has sent separate RCPT TO + DATA commands for each of these mails. But that kind of conflicts on your logs that show tons of SQL lookups one after another.. > > From a.kostyrev at serverc.ru Thu Aug 25 10:14:30 2011 From: a.kostyrev at serverc.ru (=?koi8-r?B?68/T1NnSxdcg4czFy9PBzsTSIOHMxcvTxcXXyd4=?=) Date: Thu, 25 Aug 2011 18:14:30 +1100 Subject: [Dovecot] dovecot and maillists problem References: <213B51F00051AE48A9F0E112880177178F77D4@Delta.sc.local> <92C9B986-DAE0-447F-A41F-1F6ACCBDB5AC@iki.fi> <213B51F00051AE48A9F0E112880177178F77D5@Delta.sc.local> <01AEBCD9-BDAC-4821-877C-0FDCC35AFCA1@iki.fi> Message-ID: <213B51F00051AE48A9F0E112880177178F77D6@Delta.sc.local> I've sniffed traffic between exim and lmtp In log of dovecot I have: 17:17:46 msgid=: G48FNNjoVU63IwAA1nFjLA: 17:17:51 msgid=: HI8FNNjoVU63IwAA1nFjLA: 17:17:56 msgid=: gY8FNNjoVU63IwAA1nFjLA: 17:18:01 msgid=: 5o8FNNjoVU63IwAA1nFjLA: 17:18:08 msgid=: S5AFNNjoVU63IwAA1nFjLA: 17:18:13 msgid=: sJAFNNjoVU63IwAA1nFjLA: 17:18:18 msgid=: FZEFNNjoVU63IwAA1nFjLA: 17:18:23 msgid=: epEFNNjoVU63IwAA1nFjLA: 17:18:29 msgid=: 35EFNNjoVU63IwAA1nFjLA: 17:18:31 msgid=: RJIFNNjoVU63IwAA1nFjLA: Totally 10 different lmtp ids. According to wireshark while sending I've got 2 tcp streams with 5 different ids in each Log of one the streams (I've truncated DATA part - it's the same for both streams): http://pastebin.com/w4qJqZMG *note I've send message in maillist with mailx -s 'g' 2502 at atlas-2.ru < /boot/initrd.img-686 -----Original Message----- From: Timo Sirainen [mailto:tss at iki.fi] Sent: Thursday, August 25, 2011 5:01 PM To: ???????? ????????? ?????????? Cc: dovecot at dovecot.org Subject: Re: [Dovecot] dovecot and maillists problem I mean, my point of view of what is happening is is disagreement with the logs you showed. So something's weird here and only the LMTP traffic logs can lead to more clarity. On 25.8.2011, at 8.49, ???????? ????????? ?????????? wrote: >> But that kind of conflicts on your logs that show tons of SQL lookups one after another.. > > I'm not sure that these are conflicts. > As I see it, it's legitimate lookups for the users who are the members of maillist > I thought that's correct behavior, am I wrong? > > > > > -----Original Message----- > From: Timo Sirainen [mailto:tss at iki.fi] > Sent: Thursday, August 25, 2011 4:36 PM > To: ???????? ????????? ?????????? > Cc: dovecot at dovecot.org > Subject: Re: [Dovecot] dovecot and maillists problem > > On 25.8.2011, at 8.17, ???????? ????????? ?????????? wrote: > >> The problem is: >> When I send a letter to short maillist (as above) it get the same ID and stored only once in the maildir of one user who is the member of that maillist - that's ok, but >> When I send a letter to maillist with a large number of recipients it occurred that it's saved more than one, because of the headers added by dovecot lmtp (I've changed host name): >> >> diff letter_in_one_user/1314238006.M841940P6916.pink\,S\=12778136\,W\=12953189 letler_in_second_user/new/1314237993.M460165P6916.pink\,S\=12778136\,W\=12953189 >> 3,4c3,4 >> < by pink.example.com (Dovecot) with LMTP id 6UiGJBWuVU4EGwAA1nFjLA >> < ; Thu, 25 Aug 2011 13:06:46 +1100 >> --- >>> by pink.example.com (Dovecot) with LMTP id VUeGJBWuVU4EGwAA1nFjLA >>> ; Thu, 25 Aug 2011 13:06:29 +1100 >> >> It's the same letter accept the date and id. > > Try capturing the LMTP traffic between Dovecot and Exim? I'm not sure if there's a good way to capture traffic from UNIX sockets, but at least if Exim and Dovecot talk via TCP there are many ways. > > The different LMTP ids and dates are added only when there are different DATA commands, which would mean that Exim has sent separate RCPT TO + DATA commands for each of these mails. But that kind of conflicts on your logs that show tons of SQL lookups one after another.. > > From tss at iki.fi Thu Aug 25 10:18:49 2011 From: tss at iki.fi (Timo Sirainen) Date: Thu, 25 Aug 2011 10:18:49 +0300 Subject: [Dovecot] dovecot and maillists problem In-Reply-To: <213B51F00051AE48A9F0E112880177178F77D6@Delta.sc.local> References: <213B51F00051AE48A9F0E112880177178F77D4@Delta.sc.local> <92C9B986-DAE0-447F-A41F-1F6ACCBDB5AC@iki.fi> <213B51F00051AE48A9F0E112880177178F77D5@Delta.sc.local> <01AEBCD9-BDAC-4821-877C-0FDCC35AFCA1@iki.fi> <213B51F00051AE48A9F0E112880177178F77D6@Delta.sc.local> Message-ID: <60965AF7-ADC9-4264-88A5-41590C94A471@iki.fi> Right, so it looks like Exim is configured to send DATA after each 100 RCPT TOs, which means Dovecot links each message 100 times. If you want it linked those ~500 times, I guess you'll need to increase some limit in Exim. On 25.8.2011, at 10.14, ???????? ????????? ?????????? wrote: > I've sniffed traffic between exim and lmtp > > In log of dovecot I have: > 17:17:46 msgid=: G48FNNjoVU63IwAA1nFjLA: > 17:17:51 msgid=: HI8FNNjoVU63IwAA1nFjLA: > 17:17:56 msgid=: gY8FNNjoVU63IwAA1nFjLA: > 17:18:01 msgid=: 5o8FNNjoVU63IwAA1nFjLA: > 17:18:08 msgid=: S5AFNNjoVU63IwAA1nFjLA: > 17:18:13 msgid=: sJAFNNjoVU63IwAA1nFjLA: > 17:18:18 msgid=: FZEFNNjoVU63IwAA1nFjLA: > 17:18:23 msgid=: epEFNNjoVU63IwAA1nFjLA: > 17:18:29 msgid=: 35EFNNjoVU63IwAA1nFjLA: > 17:18:31 msgid=: RJIFNNjoVU63IwAA1nFjLA: > Totally 10 different lmtp ids. > > According to wireshark while sending I've got 2 tcp streams with 5 different ids in each > > Log of one the streams (I've truncated DATA part - it's the same for both streams): > http://pastebin.com/w4qJqZMG > > *note > I've send message in maillist with > mailx -s 'g' 2502 at atlas-2.ru < /boot/initrd.img-686 > > > -----Original Message----- > From: Timo Sirainen [mailto:tss at iki.fi] > Sent: Thursday, August 25, 2011 5:01 PM > To: ???????? ????????? ?????????? > Cc: dovecot at dovecot.org > Subject: Re: [Dovecot] dovecot and maillists problem > > I mean, my point of view of what is happening is is disagreement with the logs you showed. So something's weird here and only the LMTP traffic logs can lead to more clarity. > > On 25.8.2011, at 8.49, ???????? ????????? ?????????? wrote: > >>> But that kind of conflicts on your logs that show tons of SQL lookups one after another.. >> >> I'm not sure that these are conflicts. >> As I see it, it's legitimate lookups for the users who are the members of maillist >> I thought that's correct behavior, am I wrong? >> >> >> >> >> -----Original Message----- >> From: Timo Sirainen [mailto:tss at iki.fi] >> Sent: Thursday, August 25, 2011 4:36 PM >> To: ???????? ????????? ?????????? >> Cc: dovecot at dovecot.org >> Subject: Re: [Dovecot] dovecot and maillists problem >> >> On 25.8.2011, at 8.17, ???????? ????????? ?????????? wrote: >> >>> The problem is: >>> When I send a letter to short maillist (as above) it get the same ID and stored only once in the maildir of one user who is the member of that maillist - that's ok, but >>> When I send a letter to maillist with a large number of recipients it occurred that it's saved more than one, because of the headers added by dovecot lmtp (I've changed host name): >>> >>> diff letter_in_one_user/1314238006.M841940P6916.pink\,S\=12778136\,W\=12953189 letler_in_second_user/new/1314237993.M460165P6916.pink\,S\=12778136\,W\=12953189 >>> 3,4c3,4 >>> < by pink.example.com (Dovecot) with LMTP id 6UiGJBWuVU4EGwAA1nFjLA >>> < ; Thu, 25 Aug 2011 13:06:46 +1100 >>> --- >>>> by pink.example.com (Dovecot) with LMTP id VUeGJBWuVU4EGwAA1nFjLA >>>> ; Thu, 25 Aug 2011 13:06:29 +1100 >>> >>> It's the same letter accept the date and id. >> >> Try capturing the LMTP traffic between Dovecot and Exim? I'm not sure if there's a good way to capture traffic from UNIX sockets, but at least if Exim and Dovecot talk via TCP there are many ways. >> >> The different LMTP ids and dates are added only when there are different DATA commands, which would mean that Exim has sent separate RCPT TO + DATA commands for each of these mails. But that kind of conflicts on your logs that show tons of SQL lookups one after another.. >> >> > From ben at benweblife.fr Thu Aug 25 11:01:04 2011 From: ben at benweblife.fr (ben at benweblife.fr) Date: Thu, 25 Aug 2011 10:01:04 +0200 Subject: [Dovecot] Sieve and UserDB/SQL support Message-ID: <270879f071d71e54745e1373c34ad61a@benweblife.fr> Hi, I would like to know if plugins of sieve support UserDB/SQL backend. For example, for the vacation plugin, is it possible to retrieve a field like "sieve_vacation_days", "sieve_vacation_reason", and so on.. on user_query? Or, there is a plan for implement this? Thanks ------ dovecot version: 2.0.13 From a.kostyrev at serverc.ru Thu Aug 25 11:08:42 2011 From: a.kostyrev at serverc.ru (=?koi8-r?B?68/T1NnSxdcg4czFy9PBzsTSIOHMxcvTxcXXyd4=?=) Date: Thu, 25 Aug 2011 19:08:42 +1100 Subject: [Dovecot] dovecot and maillists problem References: <213B51F00051AE48A9F0E112880177178F77D4@Delta.sc.local> <92C9B986-DAE0-447F-A41F-1F6ACCBDB5AC@iki.fi> <213B51F00051AE48A9F0E112880177178F77D5@Delta.sc.local> <01AEBCD9-BDAC-4821-877C-0FDCC35AFCA1@iki.fi> <213B51F00051AE48A9F0E112880177178F77D6@Delta.sc.local> <60965AF7-ADC9-4264-88A5-41590C94A471@iki.fi> Message-ID: <213B51F00051AE48A9F0E112880177178F77D7@Delta.sc.local> Yes, Timo, you were absolutely right! if someone stucks at this: read http://exim.org/exim-html-current/doc/html/spec_html/ch30.html I had to tune max_rcpt parameter in transport section. Thank you very much! -----Original Message----- From: Timo Sirainen [mailto:tss at iki.fi] Sent: Thursday, August 25, 2011 6:19 PM To: ???????? ????????? ?????????? Cc: dovecot at dovecot.org Subject: Re: [Dovecot] dovecot and maillists problem Right, so it looks like Exim is configured to send DATA after each 100 RCPT TOs, which means Dovecot links each message 100 times. If you want it linked those ~500 times, I guess you'll need to increase some limit in Exim. On 25.8.2011, at 10.14, ???????? ????????? ?????????? wrote: > I've sniffed traffic between exim and lmtp > > In log of dovecot I have: > 17:17:46 msgid=: G48FNNjoVU63IwAA1nFjLA: > 17:17:51 msgid=: HI8FNNjoVU63IwAA1nFjLA: > 17:17:56 msgid=: gY8FNNjoVU63IwAA1nFjLA: > 17:18:01 msgid=: 5o8FNNjoVU63IwAA1nFjLA: > 17:18:08 msgid=: S5AFNNjoVU63IwAA1nFjLA: > 17:18:13 msgid=: sJAFNNjoVU63IwAA1nFjLA: > 17:18:18 msgid=: FZEFNNjoVU63IwAA1nFjLA: > 17:18:23 msgid=: epEFNNjoVU63IwAA1nFjLA: > 17:18:29 msgid=: 35EFNNjoVU63IwAA1nFjLA: > 17:18:31 msgid=: RJIFNNjoVU63IwAA1nFjLA: > Totally 10 different lmtp ids. > > According to wireshark while sending I've got 2 tcp streams with 5 different ids in each > > Log of one the streams (I've truncated DATA part - it's the same for both streams): > http://pastebin.com/w4qJqZMG > > *note > I've send message in maillist with > mailx -s 'g' 2502 at atlas-2.ru < /boot/initrd.img-686 > > > -----Original Message----- > From: Timo Sirainen [mailto:tss at iki.fi] > Sent: Thursday, August 25, 2011 5:01 PM > To: ???????? ????????? ?????????? > Cc: dovecot at dovecot.org > Subject: Re: [Dovecot] dovecot and maillists problem > > I mean, my point of view of what is happening is is disagreement with the logs you showed. So something's weird here and only the LMTP traffic logs can lead to more clarity. > > On 25.8.2011, at 8.49, ???????? ????????? ?????????? wrote: > >>> But that kind of conflicts on your logs that show tons of SQL lookups one after another.. >> >> I'm not sure that these are conflicts. >> As I see it, it's legitimate lookups for the users who are the members of maillist >> I thought that's correct behavior, am I wrong? >> >> >> >> >> -----Original Message----- >> From: Timo Sirainen [mailto:tss at iki.fi] >> Sent: Thursday, August 25, 2011 4:36 PM >> To: ???????? ????????? ?????????? >> Cc: dovecot at dovecot.org >> Subject: Re: [Dovecot] dovecot and maillists problem >> >> On 25.8.2011, at 8.17, ???????? ????????? ?????????? wrote: >> >>> The problem is: >>> When I send a letter to short maillist (as above) it get the same ID and stored only once in the maildir of one user who is the member of that maillist - that's ok, but >>> When I send a letter to maillist with a large number of recipients it occurred that it's saved more than one, because of the headers added by dovecot lmtp (I've changed host name): >>> >>> diff letter_in_one_user/1314238006.M841940P6916.pink\,S\=12778136\,W\=12953189 letler_in_second_user/new/1314237993.M460165P6916.pink\,S\=12778136\,W\=12953189 >>> 3,4c3,4 >>> < by pink.example.com (Dovecot) with LMTP id 6UiGJBWuVU4EGwAA1nFjLA >>> < ; Thu, 25 Aug 2011 13:06:46 +1100 >>> --- >>>> by pink.example.com (Dovecot) with LMTP id VUeGJBWuVU4EGwAA1nFjLA >>>> ; Thu, 25 Aug 2011 13:06:29 +1100 >>> >>> It's the same letter accept the date and id. >> >> Try capturing the LMTP traffic between Dovecot and Exim? I'm not sure if there's a good way to capture traffic from UNIX sockets, but at least if Exim and Dovecot talk via TCP there are many ways. >> >> The different LMTP ids and dates are added only when there are different DATA commands, which would mean that Exim has sent separate RCPT TO + DATA commands for each of these mails. But that kind of conflicts on your logs that show tons of SQL lookups one after another.. >> >> > From amateo at um.es Thu Aug 25 13:04:32 2011 From: amateo at um.es (Angel L. Mateo) Date: Thu, 25 Aug 2011 12:04:32 +0200 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting Message-ID: <4E561E30.8020509@um.es> Hello, I continue debugging my problems with my update to dovecot 2.x :-( I have dovecot 2.0.13 running in ubuntu 10.04 (lucid) x64. My users are in a ldap directory. The problem is that I have a lot of errors like: Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection lost to LDAP server, reconnecting I have seen in the mail list a patch for 1.2 (http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these logs when the disconnection is because of idle timeouts. As far as I could see in this patch and 2.0.13 source code, this patch is already applied in 2.0. So I guess that the disconnection is for other problem, isn't it? -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From tss at iki.fi Thu Aug 25 13:10:18 2011 From: tss at iki.fi (Timo Sirainen) Date: Thu, 25 Aug 2011 13:10:18 +0300 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <4E561E30.8020509@um.es> References: <4E561E30.8020509@um.es> Message-ID: <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> On 25.8.2011, at 13.04, Angel L. Mateo wrote: > Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection lost to LDAP server, reconnecting > > I have seen in the mail list a patch for 1.2 (http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these logs when the disconnection is because of idle timeouts. As far as I could see in this patch and 2.0.13 source code, this patch is already applied in 2.0. So I guess that the disconnection is for other problem, isn't it? I had completely forgotten I had added such a feature :) See what it logs with attached patch. -------------- next part -------------- A non-text attachment was scrubbed... Name: diff Type: application/octet-stream Size: 630 bytes Desc: not available URL: -------------- next part -------------- From karsten.becker at ecologic.eu Thu Aug 25 14:43:41 2011 From: karsten.becker at ecologic.eu (Karsten Becker) Date: Thu, 25 Aug 2011 13:43:41 +0200 Subject: [Dovecot] Catch22: user needs space to fix out of space condition In-Reply-To: <664F152B-0AE0-4D52-BD62-991707A0C372@iki.fi> References: <96BC604E-BDB4-4482-9013-DB85B9616D7E@geneseo.edu> <664F152B-0AE0-4D52-BD62-991707A0C372@iki.fi> Message-ID: <4E56356D.9070409@ecologic.eu> On 08/25/2011 07:38 AM, Timo Sirainen wrote: > On 25.8.2011, at 5.12, David Warden wrote: > >> In your mail_location you can specify a different control and index directory as a place where the user has no quotas. I'm not quite sure which it is (control or index) that says where the dotlock file goes but it should be one of them. > > Nope, dotlocks go to exactly where the mbox file is, never elsewhere (otherwise using Dovecot with non-Dovecot software could cause corruption). fcntl locks is the only solution. > Quota rule (conf.d/90-quota.conf)? > plugin { > # 10 GByte in kbytes > quota_rule = *:storage=10485760 > > # 1 GByte in kbytes > quota_rule2 = Trash:storage=+1048576 > } So you have a quota of 10GB on the mailbox, but the Trash has an additional space of 1GB for the abilioty to delete mails. Regards Karsten From pelle2004 at hotmail.com Thu Aug 25 18:47:42 2011 From: pelle2004 at hotmail.com (Pelle Svensson) Date: Thu, 25 Aug 2011 17:47:42 +0200 Subject: [Dovecot] Virtual user and post-login 2.0.13 Message-ID: Hi I tried several variants of suggestions but I can't get it working dovecot-info.log: =========== Aug 25 17:37:48 imap-login: Info: Login: user=, method=PLAIN, rip=192.168.1.xx, lip=192.168.1.xx, mpid=11264 Aug 25 17:37:48 imap(vuser): Info: Post-login script denied access to user vuser dovecot.log ======== Aug 25 17:31:28 imap-postlogin: Error: script-login: Error: user pmp at bredband.net: Error reading configuration: net_connect_unix(/var/run/dovecot/config) failed: Permission denied Aug 25 17:31:28 imap-postlogin: Error: script-login: Fatal: Internal error occurred. Refer to server log for more information. Aug 25 17:31:28 log: Error: service(imap-postlogin): child 11082 returned error 89 (Fatal failure) dovecot.conf ======== protocols = imap pop3 base_dir = /var/run/dovecot/ log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot-info.log ssl = no # v1.2+, for older versions use: ssl_disable = yes disable_plaintext_auth = no mail_location = maildir:/home/fetchmail/mailroot/dummy pop3_uidl_format = %08Xu%08Xv !include conf.d/*.conf !include_try local.conf mail_uid=500 mail_gid=500 auth_verbose = yes auth_debug=yes auth_debug_passwords=yes mail_debug=yes # Optional tried with this!!! service config { unix_listener config { group = dovecot mode = 0660 } } service imap { # tell imap to do post-login lookup using a socket called "imap-postlogin" executable = imap imap-postlogin # Optional tried with this!!! user=dovecot } # The service name below doesn't actually matter. service imap-postlogin { # all post-login scripts are executed via script-login binary executable = script-login /home/fetchmail/dovecot-postlogin.sh # the script process runs as the user specified here (v2.0.14+): # Optional tried with this!!! # user=dovecot # user = $default_internal_user # this UNIX socket listener must use the same name as given to imap executable # Optional tried with this!!! #unix_listener imap-postlogin { #} } users ==== vuser:{PLAIN}pass:500:500::/home/fetchmail::userdb_mail=maildir:/home/fetchmail/mailroot/vuser-root allow_nets=192.168.1.0/24 ls -l /home/fetchmail/dovecot-postlogin.sh -rwxrwxrwx. 1 dovecot root 108 Aug 25 17:08 dovecot-postlogin.sh Any suggestions are very welcome!! /Thanks From lists at celebic.net Thu Aug 25 22:11:37 2011 From: lists at celebic.net (Nick Celebic) Date: Thu, 25 Aug 2011 15:11:37 -0400 Subject: [Dovecot] Dovecot 2.0.13 How to use POP3 order Message-ID: <4E569E69.7080801@celebic.net> I saw a few commits for 2.0.13 that added MAIL_FETCH_POP3_ORDER, but I haven't been able to find any information on how to use it. I'm migrating from a Merak mail server into dovecot and all the email can be copied directly into a Maildir/cur directory. The filenames are just the timestamps. When I check with dovecot pop3, they seem to be randomly ordered. I'm hoping this provides a solution where it will look at the file list or stat order. If this isn't possible, can someone tell me how I can change the order in which dovecot lists mails in a UIDL in POP3? Thanks, Nick Celebic From tss at iki.fi Fri Aug 26 03:21:25 2011 From: tss at iki.fi (Timo Sirainen) Date: Fri, 26 Aug 2011 03:21:25 +0300 Subject: [Dovecot] Dovecot 2.0.13 How to use POP3 order In-Reply-To: <4E569E69.7080801@celebic.net> References: <4E569E69.7080801@celebic.net> Message-ID: <1314318085.10421.1359.camel@hurina> On Thu, 2011-08-25 at 15:11 -0400, Nick Celebic wrote: > I saw a few commits for 2.0.13 that added MAIL_FETCH_POP3_ORDER, but I > haven't been able to find any information on how to use it. You'll need to add "O" fields to dovecot-uidlist where the numbers are sorted in the order you want the mails to show up. For example: 1 O2 Pfoo :mailfile1 2 O1 Pbar :mailfile2 Now message with IMAP UID 2 is shown first in POP3 UIDL (with POP3 UIDL "bar") and the message with IMAP UID 1 is shown second in POP3 UIDL (with POP3 UIDL "foo"). But if you're only migrating from another POP3 server, this doesn't matter. It was added only to fix the situation when IMAP UID order doesn't match POP3 UIDL order and the user has been using both IMAP and POP3. So if you simply want POP3 UIDLs to be in wanted order, just put them in the right order to dovecot-uidlist: 1 Pbar :mailfile2 2 Pfoo :mailfile1 http://no1.wiki2.dovecot.org/MailboxFormat/Maildir explains dovecot-uidlist more, and you can also look at http://www.dovecot.org/tools/courier-dovecot-migrate.pl as an example. From hobie at rumormillnews.com Fri Aug 26 07:28:05 2011 From: hobie at rumormillnews.com (hobie at rumormillnews.com) Date: Fri, 26 Aug 2011 00:28:05 -0400 (EDT) Subject: [Dovecot] On IMAP vhost login, only Username being used Message-ID: <41edad3f7c299016fa1102f376f37ba6.squirrel@dragon.rumormillnews.com> Recapping: I'm working to set up Dovecot 2.0.13 along with some additional software (qmail, vpopmail, squirrelmail). It's working fine with squirrelmail now, but trying to connect over SSL with a Thunderbird variant and using IMAP, authentication fails because Dovecot is trying to match only the front part of the name (the user part), ignoring the domain name part of what it's being sent. So, instead of seeking to match virtual user: joe_blow at some_domain.com ...it's trying to match: joe_blow ...and failing, since joe_blow is not a system user but is a virtual host user. With Squirrelmail, connecting from localhost via non-SSL IMAP, the match is handled correctly, no problem. I've run the runtbird.sh script but no light was shed on this by the resulting output, all it said was that authentication was failing. Has anyone else encountered this problem? Any suggestions on how to fix it or where to look for additional info? Thanks kindly. --hobie > I tried the runtbird.sh script, hoping for more info - all it did was show that auth is failing. I don't understand why Dovecot is separating the username from the domain name, and trying to match only on the username. Seems like there must be a config setting that affects this and that I'm overlooking. Thanks ahead for any help with this. > > --hobie > > hobie wrote earlier: > > ===== > > Attempting IMAP SSL login on new installation, using Icedove (Debain Thunderbird variant), login fails. Logs show Dovecot attempting to match username only, not username with domain name, on Vpopmail user, so of course no match. Tried with '@' in full username, also with '%'. What's missing? > > Log shows: > > Aug 24 19:30:48 debian dovecot: auth: Debug: client in: CONT Aug 24 19:30:48 debian dovecot: auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth > Aug 24 19:30:48 debian dovecot: auth: Debug: vpopmail(postmaster,[IP redacted]): lookup user=postmaster domain= > > Current config: > > # 2.0.13: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 > auth_debug = yes > auth_verbose = yes > disable_plaintext_auth = no > first_valid_gid = 89 > first_valid_uid = 89 > mail_debug = yes > mail_location = maildir:/home/vpopmail/domains/%d/%n/Maildir > maildir_very_dirty_syncs = yes > passdb { > driver = vpopmail > } > protocols = imap pop3 > ssl_cert = ssl_key = userdb { > args = quota_template=quota_rule=*:backend=%q > driver = vpopmail > } > > --hobie > > ===== > From amateo at um.es Fri Aug 26 09:43:29 2011 From: amateo at um.es (Angel L. Mateo) Date: Fri, 26 Aug 2011 08:43:29 +0200 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> Message-ID: <4E574091.3040604@um.es> El 25/08/11 12:10, Timo Sirainen escribi?: > On 25.8.2011, at 13.04, Angel L. Mateo wrote: > >> Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection lost to LDAP server, reconnecting >> >> I have seen in the mail list a patch for 1.2 (http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these logs when the disconnection is because of idle timeouts. As far as I could see in this patch and 2.0.13 source code, this patch is already applied in 2.0. So I guess that the disconnection is for other problem, isn't it? > > I had completely forgotten I had added such a feature :) See what it logs with attached patch. > Hello, I have found the problem. Is not a dovecot issue. The problem (if this is a problem) is that our ldap is behind a load balancer. This load balancer has a timeout of 3600s for ldap connections. If there is a connection with more than 3600s without activity, the load balancer close it, and this is the reason of the message. Now I'm trying to find why dovecot has a ldap connection with inactivity. One question, does auth process use more than one ldap connection? If it uses a pool is more reasonable, because we have auth cache enabled and now he have low activity, so it could be that a connection last more than 1 hour with activity, isn't it? -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From alex at ahhyes.net Fri Aug 26 10:25:57 2011 From: alex at ahhyes.net (Alex) Date: Fri, 26 Aug 2011 17:25:57 +1000 Subject: [Dovecot] limiting number of incorrect logins per connection Message-ID: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> Hi Guys, Running Dovecot 2 on my server. It is regularly getting dictionary auth attacked. What I have noticed is that once connected to a pop3/imap login session, you can send endless incorrect usernames+passwords attempts. This is a problem for me... I use fail2ban to try and stop these script kiddies. The problem is that fail2ban detects the bad auths, firewalls the IP, however, since it's an "established" session, the attacker can keep authing away... It's only on a subsequent (new) connection that the firewalling will take effect. Why is there no configuration option such as "max auth attempts per connection"? This would be useful, so once the limit is reached, the connection is dropped. is there a patch/workaround? From robert at schetterer.org Fri Aug 26 10:59:26 2011 From: robert at schetterer.org (Robert Schetterer) Date: Fri, 26 Aug 2011 09:59:26 +0200 Subject: [Dovecot] limiting number of incorrect logins per connection In-Reply-To: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> References: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> Message-ID: <4E57525E.2070107@schetterer.org> Am 26.08.2011 09:25, schrieb Alex: > Hi Guys, > > Running Dovecot 2 on my server. It is regularly getting dictionary auth > attacked. What I have noticed is that once connected to a pop3/imap > login session, you can send endless incorrect usernames+passwords > attempts. This is a problem for me... I use fail2ban to try and stop > these script kiddies. The problem is that fail2ban detects the bad > auths, firewalls the IP, however, since it's an "established" session, > the attacker can keep authing away... It's only on a subsequent (new) > connection that the firewalling will take effect. > > Why is there no configuration option such as "max auth attempts per > connection"? This would be useful, so once the limit is reached, the > connection is dropped. > > is there a patch/workaround? > there where equal questions in the past i.e read http://comments.gmane.org/gmane.mail.imap.dovecot/46204 -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From alex at ahhyes.net Fri Aug 26 11:39:35 2011 From: alex at ahhyes.net (=?utf-8?B?YWxleEBhaGh5ZXMubmV0?=) Date: Fri, 26 Aug 2011 18:39:35 +1000 Subject: [Dovecot] =?utf-8?q?limiting_number_of_incorrect_logins_per_conne?= =?utf-8?q?ction?= Message-ID: Hi, I saw that thread already, however it does not offer any solution that can be applied to dovecot directly. That thread has also been asleep for well over a year. It couldnt be that hard for the author to implement this function. It would only require a few lines of code. ----- Reply message ----- From: "Robert Schetterer" Date: Fri, Aug 26, 2011 17:59 Subject: [Dovecot] limiting number of incorrect logins per connection To: Am 26.08.2011 09:25, schrieb Alex: > Hi Guys, > > Running Dovecot 2 on my server. It is regularly getting dictionary auth > attacked. What I have noticed is that once connected to a pop3/imap > login session, you can send endless incorrect usernames+passwords > attempts. This is a problem for me... I use fail2ban to try and stop > these script kiddies. The problem is that fail2ban detects the bad > auths, firewalls the IP, however, since it's an "established" session, > the attacker can keep authing away... It's only on a subsequent (new) > connection that the firewalling will take effect. > > Why is there no configuration option such as "max auth attempts per > connection"? This would be useful, so once the limit is reached, the > connection is dropped. > > is there a patch/workaround? > there where equal questions in the past i.e read http://comments.gmane.org/gmane.mail.imap.dovecot/46204 -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From tss at iki.fi Fri Aug 26 11:44:45 2011 From: tss at iki.fi (Timo Sirainen) Date: Fri, 26 Aug 2011 11:44:45 +0300 Subject: [Dovecot] limiting number of incorrect logins per connection In-Reply-To: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> References: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> Message-ID: On 26.8.2011, at 10.25, Alex wrote: > Running Dovecot 2 on my server. It is regularly getting dictionary auth attacked. What I have noticed is that once connected to a pop3/imap login session, you can send endless incorrect usernames+passwords attempts. This is a problem for me... I use fail2ban to try and stop these script kiddies. The problem is that fail2ban detects the bad auths, firewalls the IP, however, since it's an "established" session, the attacker can keep authing away... It's only on a subsequent (new) connection that the firewalling will take effect. Umm. If client hasn't managed to log in in 3 minutes, it's disconnected (no matter what it does with the connection). From alex at ahhyes.net Fri Aug 26 12:07:08 2011 From: alex at ahhyes.net (Alex) Date: Fri, 26 Aug 2011 19:07:08 +1000 Subject: [Dovecot] limiting number of incorrect logins per connection In-Reply-To: References: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> Message-ID: <6ed2c04bc55eca5dcdabf46a9836bdd2@ahhyes.net> 3 minutes! I think that's too long, how can I drop that down to about 45 seconds? On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote: > On 26.8.2011, at 10.25, Alex wrote: > >> Running Dovecot 2 on my server. It is regularly getting dictionary >> auth attacked. What I have noticed is that once connected to a >> pop3/imap login session, you can send endless incorrect >> usernames+passwords attempts. This is a problem for me... I use >> fail2ban to try and stop these script kiddies. The problem is that >> fail2ban detects the bad auths, firewalls the IP, however, since it's >> an "established" session, the attacker can keep authing away... It's >> only on a subsequent (new) connection that the firewalling will take >> effect. > > Umm. If client hasn't managed to log in in 3 minutes, it's > disconnected (no matter what it does with the connection). From alex at ahhyes.net Fri Aug 26 12:14:34 2011 From: alex at ahhyes.net (Alex) Date: Fri, 26 Aug 2011 19:14:34 +1000 Subject: [Dovecot] limiting number of incorrect logins per connection In-Reply-To: <6ed2c04bc55eca5dcdabf46a9836bdd2@ahhyes.net> References: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> <6ed2c04bc55eca5dcdabf46a9836bdd2@ahhyes.net> Message-ID: I am happy to recompile if there is no config option. I gather it's in the src/auth dir somewhere in one of the C source files. Just need to be pointed in the right dir. On Fri, 26 Aug 2011 19:07:08 +1000, Alex wrote: > 3 minutes! I think that's too long, how can I drop that down to about > 45 seconds? > > > On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote: >> On 26.8.2011, at 10.25, Alex wrote: >> >>> Running Dovecot 2 on my server. It is regularly getting dictionary >>> auth attacked. What I have noticed is that once connected to a >>> pop3/imap login session, you can send endless incorrect >>> usernames+passwords attempts. This is a problem for me... I use >>> fail2ban to try and stop these script kiddies. The problem is that >>> fail2ban detects the bad auths, firewalls the IP, however, since it's >>> an "established" session, the attacker can keep authing away... It's >>> only on a subsequent (new) connection that the firewalling will take >>> effect. >> >> Umm. If client hasn't managed to log in in 3 minutes, it's >> disconnected (no matter what it does with the connection). From amateo at um.es Fri Aug 26 14:01:06 2011 From: amateo at um.es (Angel L. Mateo) Date: Fri, 26 Aug 2011 13:01:06 +0200 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> Message-ID: <4E577CF2.2070800@um.es> El 25/08/11 12:10, Timo Sirainen escribi?: > On 25.8.2011, at 13.04, Angel L. Mateo wrote: > >> Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection lost to LDAP server, reconnecting >> >> I have seen in the mail list a patch for 1.2 (http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these logs when the disconnection is because of idle timeouts. As far as I could see in this patch and 2.0.13 source code, this patch is already applied in 2.0. So I guess that the disconnection is for other problem, isn't it? > > I had completely forgotten I had added such a feature :) See what it logs with attached patch. > I have tried the patch. It confirms my hypothesis, the connection is closed by my load balancer: Aug 26 12:55:27 myotis31 dovecot: auth: Error: LDAP: Connection lost to LDAP server, reconnecting (1 requests, 3603 idle secs) Is there any way to configure ldap connection with a keepalive, so I don't need a reconnection? -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From fbscarel at gmail.com Fri Aug 26 15:15:18 2011 From: fbscarel at gmail.com (Felipe Scarel) Date: Fri, 26 Aug 2011 09:15:18 -0300 Subject: [Dovecot] limiting number of incorrect logins per connection In-Reply-To: References: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> <6ed2c04bc55eca5dcdabf46a9836bdd2@ahhyes.net> Message-ID: Alex, I've not personally done it (so just speculating here, bear with me) but you can customize Fail2Ban's actions if needed. So, if you can match the attemps through some regex (and since you're seeing them in the logs, that should be quite possible), then you can edit one of the 'actions' to drop the connection for . I'm just not entirely sure that iptables (or pf, or whatever firewall you've got) can do it to active connections, 'cause that problem hasn't arised for me so far. On Fri, Aug 26, 2011 at 06:14, Alex wrote: > I am happy to recompile if there is no config option. I gather it's in the > src/auth dir somewhere in one of the C source files. Just need to be pointed > in the right dir. > > > On Fri, 26 Aug 2011 19:07:08 +1000, Alex wrote: > >> 3 minutes! I think that's too long, how can I drop that down to about >> 45 seconds? >> >> >> On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote: >> >>> On 26.8.2011, at 10.25, Alex wrote: >>> >>> Running Dovecot 2 on my server. It is regularly getting dictionary auth >>>> attacked. What I have noticed is that once connected to a pop3/imap login >>>> session, you can send endless incorrect usernames+passwords attempts. This >>>> is a problem for me... I use fail2ban to try and stop these script kiddies. >>>> The problem is that fail2ban detects the bad auths, firewalls the IP, >>>> however, since it's an "established" session, the attacker can keep authing >>>> away... It's only on a subsequent (new) connection that the firewalling will >>>> take effect. >>>> >>> >>> Umm. If client hasn't managed to log in in 3 minutes, it's >>> disconnected (no matter what it does with the connection). >>> >> > From fbscarel at gmail.com Fri Aug 26 15:22:16 2011 From: fbscarel at gmail.com (Felipe Scarel) Date: Fri, 26 Aug 2011 09:22:16 -0300 Subject: [Dovecot] limiting number of incorrect logins per connection In-Reply-To: References: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> <6ed2c04bc55eca5dcdabf46a9836bdd2@ahhyes.net> Message-ID: Yeah, I had read about half of that thread, and after I sent my mail kept reading and stumbled upon this: "(...) using the recent module needs dovecotto close the connection upon authentication failure, as iptables only (normally) comes in to play for new connections (...)". So, yeah, my suggestion probably won't work. On Fri, Aug 26, 2011 at 09:15, Felipe Scarel wrote: > Alex, I've not personally done it (so just speculating here, bear with me) > but you can customize Fail2Ban's actions if needed. So, if you can match the > attemps through some regex (and since you're seeing them in the logs, that > should be quite possible), then you can edit one of the 'actions' to drop > the connection for . > > I'm just not entirely sure that iptables (or pf, or whatever firewall > you've got) can do it to active connections, 'cause that problem hasn't > arised for me so far. > > > On Fri, Aug 26, 2011 at 06:14, Alex wrote: > >> I am happy to recompile if there is no config option. I gather it's in the >> src/auth dir somewhere in one of the C source files. Just need to be pointed >> in the right dir. >> >> >> On Fri, 26 Aug 2011 19:07:08 +1000, Alex wrote: >> >>> 3 minutes! I think that's too long, how can I drop that down to about >>> 45 seconds? >>> >>> >>> On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote: >>> >>>> On 26.8.2011, at 10.25, Alex wrote: >>>> >>>> Running Dovecot 2 on my server. It is regularly getting dictionary auth >>>>> attacked. What I have noticed is that once connected to a pop3/imap login >>>>> session, you can send endless incorrect usernames+passwords attempts. This >>>>> is a problem for me... I use fail2ban to try and stop these script kiddies. >>>>> The problem is that fail2ban detects the bad auths, firewalls the IP, >>>>> however, since it's an "established" session, the attacker can keep authing >>>>> away... It's only on a subsequent (new) connection that the firewalling will >>>>> take effect. >>>>> >>>> >>>> Umm. If client hasn't managed to log in in 3 minutes, it's >>>> disconnected (no matter what it does with the connection). >>>> >>> >> > From a.chapellon at horoa.net Fri Aug 26 16:14:27 2011 From: a.chapellon at horoa.net (Alexandre Chapellon) Date: Fri, 26 Aug 2011 15:14:27 +0200 Subject: [Dovecot] limiting number of incorrect logins per connection In-Reply-To: References: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> <6ed2c04bc55eca5dcdabf46a9836bdd2@ahhyes.net> Message-ID: <4E579C33.7010305@horoa.net> fail2ban will work as soon as dovecot have closed a none-authenticated connection: 3mins->180sec If tarpit delay for auth failures in a connection is set to 15s (which seems to be the default unless i missunderstood).... this let an attackers only 12 tries (at most) before IP gets blacklisted by fail2ban... Far enough to circumvent bruteforce and even dictionnary based attacks... unless the attacker has a botnet and uses non agressives retry policy. But in the last case, even if you blacklist IP at first failed tried, you're still vuln to such attacks. regards. Le 26/08/2011 14:22, Felipe Scarel a ?crit : > Yeah, I had read about half of that thread, and after I sent my mail kept > reading and stumbled upon this: "(...) using the recent module needs > dovecotto close the connection upon authentication failure, as iptables only > (normally) comes in to play for new connections (...)". > > So, yeah, my suggestion probably won't work. > > On Fri, Aug 26, 2011 at 09:15, Felipe Scarel wrote: > >> Alex, I've not personally done it (so just speculating here, bear with me) >> but you can customize Fail2Ban's actions if needed. So, if you can match the >> attemps through some regex (and since you're seeing them in the logs, that >> should be quite possible), then you can edit one of the 'actions' to drop >> the connection for. >> >> I'm just not entirely sure that iptables (or pf, or whatever firewall >> you've got) can do it to active connections, 'cause that problem hasn't >> arised for me so far. >> >> >> On Fri, Aug 26, 2011 at 06:14, Alex wrote: >> >>> I am happy to recompile if there is no config option. I gather it's in the >>> src/auth dir somewhere in one of the C source files. Just need to be pointed >>> in the right dir. >>> >>> >>> On Fri, 26 Aug 2011 19:07:08 +1000, Alex wrote: >>> >>>> 3 minutes! I think that's too long, how can I drop that down to about >>>> 45 seconds? >>>> >>>> >>>> On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote: >>>> >>>>> On 26.8.2011, at 10.25, Alex wrote: >>>>> >>>>> Running Dovecot 2 on my server. It is regularly getting dictionary auth >>>>>> attacked. What I have noticed is that once connected to a pop3/imap login >>>>>> session, you can send endless incorrect usernames+passwords attempts. This >>>>>> is a problem for me... I use fail2ban to try and stop these script kiddies. >>>>>> The problem is that fail2ban detects the bad auths, firewalls the IP, >>>>>> however, since it's an "established" session, the attacker can keep authing >>>>>> away... It's only on a subsequent (new) connection that the firewalling will >>>>>> take effect. >>>>>> >>>>> Umm. If client hasn't managed to log in in 3 minutes, it's >>>>> disconnected (no matter what it does with the connection). >>>>> -- -------------- next part -------------- A non-text attachment was scrubbed... Name: a_chapellon.vcf Type: text/x-vcard Size: 373 bytes Desc: not available URL: From allan.cassaro at gmail.com Fri Aug 26 18:27:25 2011 From: allan.cassaro at gmail.com (Allan Cassaro) Date: Fri, 26 Aug 2011 12:27:25 -0300 Subject: [Dovecot] limiting number of incorrect logins per connection In-Reply-To: <4E579C33.7010305@horoa.net> References: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> <6ed2c04bc55eca5dcdabf46a9836bdd2@ahhyes.net> <4E579C33.7010305@horoa.net> Message-ID: On Fri, Aug 26, 2011 at 10:14 AM, Alexandre Chapellon wrote: > fail2ban will work as soon as dovecot have closed a none-authenticated > connection: 3mins->180sec > If tarpit delay for auth failures in a connection is set to 15s (which > seems to be the default unless i missunderstood).... this let an attackers > only 12 tries (at most) before IP gets blacklisted by fail2ban... Far enough > to circumvent bruteforce and even dictionnary based attacks... unless the > attacker has a botnet and uses non agressives retry policy. But in the last > case, even if you blacklist IP at first failed tried, you're still vuln to > such attacks. > > regards. > > Le 26/08/2011 14:22, Felipe Scarel a ?crit : > > Yeah, I had read about half of that thread, and after I sent my mail kept >> reading and stumbled upon this: "(...) using the recent module needs >> dovecotto close the connection upon authentication failure, as iptables >> only >> (normally) comes in to play for new connections (...)". >> >> So, yeah, my suggestion probably won't work. >> >> On Fri, Aug 26, 2011 at 09:15, Felipe Scarel wrote: >> >> Alex, I've not personally done it (so just speculating here, bear with >>> me) >>> but you can customize Fail2Ban's actions if needed. So, if you can match >>> the >>> attemps through some regex (and since you're seeing them in the logs, >>> that >>> should be quite possible), then you can edit one of the 'actions' to drop >>> the connection for. >>> >>> I'm just not entirely sure that iptables (or pf, or whatever firewall >>> you've got) can do it to active connections, 'cause that problem hasn't >>> arised for me so far. >>> >>> >>> On Fri, Aug 26, 2011 at 06:14, Alex wrote: >>> >>> I am happy to recompile if there is no config option. I gather it's in >>>> the >>>> src/auth dir somewhere in one of the C source files. Just need to be >>>> pointed >>>> in the right dir. >>>> >>>> >>>> On Fri, 26 Aug 2011 19:07:08 +1000, Alex wrote: >>>> >>>> 3 minutes! I think that's too long, how can I drop that down to about >>>>> 45 seconds? >>>>> >>>>> >>>>> On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote: >>>>> >>>>> On 26.8.2011, at 10.25, Alex wrote: >>>>>> >>>>>> Running Dovecot 2 on my server. It is regularly getting dictionary >>>>>> auth >>>>>> >>>>>>> attacked. What I have noticed is that once connected to a pop3/imap >>>>>>> login >>>>>>> session, you can send endless incorrect usernames+passwords attempts. >>>>>>> This >>>>>>> is a problem for me... I use fail2ban to try and stop these script >>>>>>> kiddies. >>>>>>> The problem is that fail2ban detects the bad auths, firewalls the IP, >>>>>>> however, since it's an "established" session, the attacker can keep >>>>>>> authing >>>>>>> away... It's only on a subsequent (new) connection that the >>>>>>> firewalling will >>>>>>> take effect. >>>>>>> >>>>>>> Umm. If client hasn't managed to log in in 3 minutes, it's >>>>>> disconnected (no matter what it does with the connection). >>>>>> >>>>> If you substitute (create a wrap to) the "imap-login" binary with an script? The script can create a "fail attempt/ip" file into home dir and return ok or not to dovecot main process based on this information. This will solve you problem with established connections and will ban the "badguy" in realtime. I know this is possible in 1.x version. Timo, this is possible on 2.x version? Regards. -- Use c?pia oculta (BCC ou CCO) e apague dados pessoais no campo da mensagem ao encaminhar qualquer e-mail. http://allan.cassaro.googlepages.com From tss at iki.fi Fri Aug 26 19:28:40 2011 From: tss at iki.fi (Timo Sirainen) Date: Fri, 26 Aug 2011 19:28:40 +0300 Subject: [Dovecot] limiting number of incorrect logins per connection In-Reply-To: References: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> <6ed2c04bc55eca5dcdabf46a9836bdd2@ahhyes.net> <4E579C33.7010305@horoa.net> Message-ID: <8F8A7075-B221-4DD5-A9FC-AD922204C2AE@iki.fi> On 26.8.2011, at 18.27, Allan Cassaro wrote: > If you substitute (create a wrap to) the "imap-login" binary with an script? > The script can create a "fail attempt/ip" file into home dir and return ok > or not to dovecot main process based on this information. imap-login is typically chrooted and running with nonprivileged account that can't access user's home dir. I guess you could change those, but wrapping imap-login won't help because you don't know the username at that point.. Either auth or anvil process could do something like this. From tss at iki.fi Fri Aug 26 19:30:01 2011 From: tss at iki.fi (Timo Sirainen) Date: Fri, 26 Aug 2011 19:30:01 +0300 Subject: [Dovecot] limiting number of incorrect logins per connection In-Reply-To: <6ed2c04bc55eca5dcdabf46a9836bdd2@ahhyes.net> References: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> <6ed2c04bc55eca5dcdabf46a9836bdd2@ahhyes.net> Message-ID: <742D9DFB-819D-4F1C-8E88-E08B8894B135@iki.fi> login-common/client-common.h : #define CLIENT_LOGIN_TIMEOUT_MSECS (MASTER_LOGIN_TIMEOUT_SECS*1000) So set it to (45*60*1000) But I don't think there's much of a practical difference between these. On 26.8.2011, at 12.07, Alex wrote: > 3 minutes! I think that's too long, how can I drop that down to about 45 seconds? > > > On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote: >> On 26.8.2011, at 10.25, Alex wrote: >> >>> Running Dovecot 2 on my server. It is regularly getting dictionary auth attacked. What I have noticed is that once connected to a pop3/imap login session, you can send endless incorrect usernames+passwords attempts. This is a problem for me... I use fail2ban to try and stop these script kiddies. The problem is that fail2ban detects the bad auths, firewalls the IP, however, since it's an "established" session, the attacker can keep authing away... It's only on a subsequent (new) connection that the firewalling will take effect. >> >> Umm. If client hasn't managed to log in in 3 minutes, it's >> disconnected (no matter what it does with the connection). > From simon.brereton at buongiorno.com Fri Aug 26 20:10:59 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Fri, 26 Aug 2011 13:10:59 -0400 Subject: [Dovecot] File Permissions and delivery Message-ID: <001701cc6413$20e693c0$62b3bb40$@brereton@buongiorno.com> Hi I'm very new to Dovecot (been using Courier for 5 years), but I've been persuaded of the merits of Dovecot and since the server needs upgrading that seems like the perfect time/excuse. On a test server, I set up postfix and installed Dovecot (running 32-bit Debian Squeeze, installed from apt-get). I mirrored the mail store (Maildirs, for historical reasons located under /var/spool/mail/virtual/domain.com/user). Then I ran the courier migration perl script and everything was fine and dandy. However, when I can to do the production migration, things weren't as smooth. The new server is 64-bit (not that I think it makes a difference, but if you're going to help me you should have all the information :) Again, I installed Postfix and Dovecot Took down the old server Mirrored the Maildirs Ran the migration script Restarted everything At this point everything looked like it was ok. Mail was being received and delivered to the Maildirs and the IMAP login was fine. However, I noticed errors in the logs when retreiving mail with the MUA along the lines of: Aug 26 16:59:48 mail dovecot: IMAP(simon at lydiard.net): open(/var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +r perm: /var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) After messing around with the chown and chmod (even though these were exactly the same as the test server) I finally discovered the issue. mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/ -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:33 1314326000.V801I1666018M803015.mail.net,S=2461:2, -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:36 1314326209.V801I1666019M447273.mail.net,S=2460:2, -rw-rw---- 1 postfix mailsystem 2.5K Aug 26 04:00 1314327630.V801I166601aM308173.mail.net,S=2477:2, -rw------- 1 postfix mailsystem 2.5K Aug 26 04:22 1314328966.V801I166601bM756462.mail.net,S=2461:2, -rw------- 1 postfix mailsystem 1.1K Aug 26 16:28 1314372534.V801I166601cM615258.mail.net,S=1097:2, -rw------- 1 postfix mailsystem 1.1K Aug 26 16:31 1314372685.V801I166601dM264242.mail.net,S=1097:2, Mails are being delivered with 0600 permissions and not 0660 (the mails from courier seem to have all been 0770 as you can see). If I manually change the permission (to 0660) then I can see the mail in the MUA. After thinking for a while it occurred to me that this is covered in the LDA section. But making changes to the config file (either permissions or UID/GID) doesn't seem to make a difference. (Yes, I did restart postfix and dovecot after the changes). Anyway, here is my dovecot -n: mail:~# dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 pop3s ssl_ca_file: /etc/ssl/keys/ca.crt ssl_cert_file: /etc/ssl/keys/mail.net.crt ssl_key_file: /etc/ssl/private/mail.net.key disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_privileged_group: mailsystem mail_location: maildir:/var/spool/mail/virtual/%d/%n maildir_very_dirty_syncs: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh lda: postmaster_address: postmaster at net mail_plugins: quota log_path: info_log_path: deliver_log_format: msgid=%m: %f: %$ auth default: mechanisms: plain login user: mailsystem verbose: yes passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: prefetch userdb: driver: static args: uid=999 gid=115 home=/var/spool/mail/virtual/%d/%n allow_all_users=yes socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: mailsystem master: path: /var/run/dovecot/auth-master mode: 432 user: mailsystem group: mailsystem plugin: quota: maildir As you can see, I tried to go 0660 in both client and master. The portion of my master.cf 81 # SPB - Attempt to deliver with Dovecot LDA 82 dovecot unix - n n - - pipe 83 flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} Is there anything else I should include? I'm pretty sure it's an error on my part. I'm just not clued up enough to know where. My second problem is that I thought I had things back to where they were before I messed with chown and chmod, but now I get this in the logs dovecot: dovecot: Fatal: chdir(/var/spool/mail/virtual/domain.net/simon//) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +x perm: /var/spool/mail/virtual) But the ls on that is exactly the same as on the test server: ls /var/spool/mail/virtual/ total 44K drwxrwS--- 11 postfix mailsystem 4.0K Aug 25 23:07 ./ drwxrwsr-x 5 amavis mailsystem 4.0K Oct 19 2009 ../ drwxrws--- 5 mailsystem mailsystem 4.0K Aug 26 02:33 domain.net/ So, now I'm stumped. I hope someone can spot the simple thing I've missed! Thanks. Simon From willcox at datahelper.com Fri Aug 26 21:41:18 2011 From: willcox at datahelper.com (Mark Willcox) Date: Fri, 26 Aug 2011 13:41:18 -0500 Subject: [Dovecot] Virtual user and post-login 2.0.13 In-Reply-To: References: Message-ID: <4E57E8CE.1020808@datahelper.com> Did you try installing from source after applying the patch? As in: This is your problem.. It's a bug in v2.0.13. You could patch with http://hg.dovecot.org/dovecot-2.0/rev/a2d57b43ccb2 or change config socket's permissions. I'll hopefully release v2.0.14 in not too distant future. -- Timo That got it working for me. Plus this: service imap { executable = imap imap-postlogin } service imap-postlogin { executable = script-login /usr/local/bin/set_postpop unix_listener imap-postlogin { } } The script seems to run as root so I set ownership to the proper user in the script. _________________ Mark Willcox Data Helper, Inc. On 8/25/2011 10:47 AM, Pelle Svensson wrote: > Hi > > I tried several variants of suggestions but I can't get it working > > dovecot-info.log: > =========== > Aug 25 17:37:48 imap-login: Info: Login: user=, method=PLAIN, rip=192.168.1.xx, lip=192.168.1.xx, mpid=11264 > Aug 25 17:37:48 imap(vuser): Info: Post-login script denied access to user vuser > > dovecot.log > ======== > Aug 25 17:31:28 imap-postlogin: Error: script-login: Error: user pmp at bredband.net: Error reading configuration: net_connect_unix(/var/run/dovecot/config) failed: Permission denied > Aug 25 17:31:28 imap-postlogin: Error: script-login: Fatal: Internal error occurred. Refer to server log for more information. > Aug 25 17:31:28 log: Error: service(imap-postlogin): child 11082 returned error 89 (Fatal failure) > > dovecot.conf > ======== > protocols = imap pop3 > base_dir = /var/run/dovecot/ > > log_path = /var/log/dovecot.log > info_log_path = /var/log/dovecot-info.log > > ssl = no # v1.2+, for older versions use: ssl_disable = yes > disable_plaintext_auth = no > > mail_location = maildir:/home/fetchmail/mailroot/dummy > > pop3_uidl_format = %08Xu%08Xv > > > !include conf.d/*.conf > !include_try local.conf > > mail_uid=500 > mail_gid=500 > > auth_verbose = yes > auth_debug=yes > auth_debug_passwords=yes > mail_debug=yes > > # Optional tried with this!!! > service config { > unix_listener config { > group = dovecot > mode = 0660 > } > } > > service imap { > # tell imap to do post-login lookup using a socket called "imap-postlogin" > executable = imap imap-postlogin > # Optional tried with this!!! > > user=dovecot > } > > # The service name below doesn't actually matter. > service imap-postlogin { > # all post-login scripts are executed via script-login binary > executable = script-login /home/fetchmail/dovecot-postlogin.sh > > # the script process runs as the user specified here (v2.0.14+): > # Optional tried with this!!! > > # user=dovecot > # user = $default_internal_user > # this UNIX socket listener must use the same name as given to imap executable > # Optional tried with this!!! > > #unix_listener imap-postlogin { > #} > } > > > users > ==== > vuser:{PLAIN}pass:500:500::/home/fetchmail::userdb_mail=maildir:/home/fetchmail/mailroot/vuser-root allow_nets=192.168.1.0/24 > > ls -l /home/fetchmail/dovecot-postlogin.sh > -rwxrwxrwx. 1 dovecot root 108 Aug 25 17:08 dovecot-postlogin.sh > > Any suggestions are very welcome!! > > /Thanks > > > From florin at andrei.myip.org Fri Aug 26 22:07:15 2011 From: florin at andrei.myip.org (Florin Andrei) Date: Fri, 26 Aug 2011 12:07:15 -0700 Subject: [Dovecot] performance with 100k messages per folder Message-ID: <4E57EEE3.9000504@andrei.myip.org> dovecot-2.0-0.10.beta6.20100630.el6.x86_64 on CentOS 6. Virtual machine with 1 GB of RAM on VMWare. The configuration is more or less stock. Postfix receives then delivers to Dovecot. IMAP with mbox. Only one user account, but shared by several people via webmail (Roundcube webmail in Apache on the same machine). No other MUAs. 100k new messages per month, inbox is rotated monthly into a YYYYMM folder by a cron job. Only one monthly folder so far. Messages are never deleted (but I may start deleting old folders a year or two from now). This is mostly for reading, with occasional messages being forwarded. The email was pretty sluggish when logging in to the webmail interface. I asked the admin to increase the RAM from 0.5 to 1 GB. I changed mbox_very_dirty_syncs to yes. These measures seemed to accelerate it a lot. There's still a 1 sec pause when logging in, during which time the dovecot/imap process is using a lot of CPU. It looks like, as long as I give it enough RAM to keep the folders in memory, the whole thing should be fast enough, which is great. Any other tips-n-tricks to keep the email server speedy and the users happy? Should I worry about mbox_very_dirty_syncs as long as there are no other MUAs? -- Florin Andrei http://florin.myip.org/ From CMarcus at Media-Brokers.com Fri Aug 26 22:53:44 2011 From: CMarcus at Media-Brokers.com (Charles Marcus) Date: Fri, 26 Aug 2011 15:53:44 -0400 Subject: [Dovecot] performance with 100k messages per folder In-Reply-To: <4E57EEE3.9000504@andrei.myip.org> References: <4E57EEE3.9000504@andrei.myip.org> Message-ID: <4E57F9C8.4060601@Media-Brokers.com> On 2011-08-26 3:07 PM, Florin Andrei wrote: > dovecot-2.0-0.10.beta6.20100630.el6.x86_64 Don't need to read further. Upgrade to a recent stable release - if that doesn't fix your problem, *then* come back and ask again... -- Best regards, Charles From hobie at rumormillnews.com Fri Aug 26 23:05:47 2011 From: hobie at rumormillnews.com (hobie at rumormillnews.com) Date: Fri, 26 Aug 2011 16:05:47 -0400 (EDT) Subject: [Dovecot] On IMAP vhost login, only Username being used Message-ID: Found it. :) Not a dovecot problem but a field in Icedove (Thunderbird variant) that had been automatically filled in by the software "to serve you better". It's on the Server Settings page as "User Name". "Never mind..." :) --hobie > Recapping: I'm working to set up Dovecot 2.0.13 along with some additional software (qmail, vpopmail, squirrelmail). It's working fine with squirrelmail now, but trying to connect over SSL with a Thunderbird variant and using IMAP, authentication fails because Dovecot is trying to match only the front part of the name (the user part), ignoring the domain name part of what it's being sent. So, instead of seeking to match virtual user: > > joe_blow at some_domain.com > > ...it's trying to match: > > joe_blow > > ...and failing, since joe_blow is not a system user but is a virtual host user. With Squirrelmail, connecting from localhost via non-SSL IMAP, the match is handled correctly, no problem. I've run the runtbird.sh script but no light was shed on this by the resulting output, all it said was that authentication was failing. > > Has anyone else encountered this problem? Any suggestions on how to fix it or where to look for additional info? Thanks kindly. > > --hobie > >> I tried the runtbird.sh script, hoping for more info - all it did was > show that auth is failing. I don't understand why Dovecot is separating the username from the domain name, and trying to match only on the username. Seems like there must be a config setting that affects this and that I'm overlooking. Thanks ahead for any help with this. >> >> --hobie >> >> hobie wrote earlier: >> >> ===== >> >> Attempting IMAP SSL login on new installation, using Icedove (Debain > Thunderbird variant), login fails. Logs show Dovecot attempting to match username only, not username with domain name, on Vpopmail user, so of course no match. Tried with '@' in full username, also with '%'. What's missing? >> >> Log shows: >> >> Aug 24 19:30:48 debian dovecot: auth: Debug: client in: CONT Aug > 24 19:30:48 debian dovecot: auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth >> Aug 24 19:30:48 debian dovecot: auth: Debug: vpopmail(postmaster,[IP > redacted]): lookup user=postmaster domain= >> >> Current config: >> >> # 2.0.13: /usr/local/etc/dovecot/dovecot.conf >> # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 >> auth_debug = yes >> auth_verbose = yes >> disable_plaintext_auth = no >> first_valid_gid = 89 >> first_valid_uid = 89 >> mail_debug = yes >> mail_location = maildir:/home/vpopmail/domains/%d/%n/Maildir >> maildir_very_dirty_syncs = yes >> passdb { >> driver = vpopmail >> } >> protocols = imap pop3 >> ssl_cert = > ssl_key = > userdb { >> args = quota_template=quota_rule=*:backend=%q >> driver = vpopmail >> } >> >> --hobie >> >> ===== >> > > > > > > > From patrickdk at patrickdk.com Sat Aug 27 02:35:09 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Fri, 26 Aug 2011 19:35:09 -0400 Subject: [Dovecot] File Permissions and delivery In-Reply-To: <001701cc6413$20e693c0$62b3bb40$@brereton@buongiorno.com> References: <001701cc6413$20e693c0$62b3bb40$@brereton@buongiorno.com> Message-ID: <20110826193509.Horde.CZE5dJLnE6FOWC2tsEPBzxA@mail.patrickdk.com> My guess is your delivering email with postfix to the inbox, instead of using dovecot-lda. And something odd is going on with that postfix to get odd permissions like that. You probably needed to edit the postfix virtual deliever transport, or maybe you just forget to active the dovecot-lda (deliever) transport. Quoting Simon Brereton : > Hi > > I'm very new to Dovecot (been using Courier for 5 years), but I've > been persuaded of the merits of Dovecot and since the server needs > upgrading that seems like the perfect time/excuse. > > On a test server, I set up postfix and installed Dovecot (running > 32-bit Debian Squeeze, installed from apt-get). I mirrored the mail > store (Maildirs, for historical reasons located under > /var/spool/mail/virtual/domain.com/user). Then I ran the courier > migration perl script and everything was fine and dandy. > > However, when I can to do the production migration, things weren't > as smooth. The new server is 64-bit (not that I think it makes a > difference, but if you're going to help me you should have all the > information :) > > Again, I installed Postfix and Dovecot > Took down the old server > Mirrored the Maildirs > Ran the migration script > Restarted everything > > At this point everything looked like it was ok. Mail was being > received and delivered to the Maildirs and the IMAP login was fine. > However, I noticed errors in the logs when retreiving mail with the > MUA along the lines of: > > Aug 26 16:59:48 mail dovecot: IMAP(simon at lydiard.net): > open(/var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +r perm: > /var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) > > After messing around with the chown and chmod (even though these > were exactly the same as the test server) I finally discovered the > issue. > > mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/ > -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:33 > 1314326000.V801I1666018M803015.mail.net,S=2461:2, > -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:36 > 1314326209.V801I1666019M447273.mail.net,S=2460:2, > -rw-rw---- 1 postfix mailsystem 2.5K Aug 26 04:00 > 1314327630.V801I166601aM308173.mail.net,S=2477:2, > -rw------- 1 postfix mailsystem 2.5K Aug 26 04:22 > 1314328966.V801I166601bM756462.mail.net,S=2461:2, > -rw------- 1 postfix mailsystem 1.1K Aug 26 16:28 > 1314372534.V801I166601cM615258.mail.net,S=1097:2, > -rw------- 1 postfix mailsystem 1.1K Aug 26 16:31 > 1314372685.V801I166601dM264242.mail.net,S=1097:2, > > Mails are being delivered with 0600 permissions and not 0660 (the > mails from courier seem to have all been 0770 as you can see). If I > manually change the permission (to 0660) then I can see the mail in > the MUA. > > After thinking for a while it occurred to me that this is covered in > the LDA section. But making changes to the config file (either > permissions or UID/GID) doesn't seem to make a difference. (Yes, I > did restart postfix and dovecot after the changes). > > Anyway, here is my dovecot -n: > > mail:~# dovecot -n > # 1.2.15: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 > log_timestamp: %Y-%m-%d %H:%M:%S > protocols: imap imaps pop3 pop3s > ssl_ca_file: /etc/ssl/keys/ca.crt > ssl_cert_file: /etc/ssl/keys/mail.net.crt > ssl_key_file: /etc/ssl/private/mail.net.key > disable_plaintext_auth: no > login_dir: /var/run/dovecot/login > login_executable(default): /usr/lib/dovecot/imap-login > login_executable(imap): /usr/lib/dovecot/imap-login > login_executable(pop3): /usr/lib/dovecot/pop3-login > mail_privileged_group: mailsystem > mail_location: maildir:/var/spool/mail/virtual/%d/%n > maildir_very_dirty_syncs: yes > mbox_write_locks: fcntl dotlock > mail_executable(default): /usr/lib/dovecot/imap > mail_executable(imap): /usr/lib/dovecot/imap > mail_executable(pop3): /usr/lib/dovecot/pop3 > mail_plugins(default): quota imap_quota > mail_plugins(imap): quota imap_quota > mail_plugins(pop3): quota > mail_plugin_dir(default): /usr/lib/dovecot/modules/imap > mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap > mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 > imap_client_workarounds(default): outlook-idle delay-newmail > imap_client_workarounds(imap): outlook-idle delay-newmail > imap_client_workarounds(pop3): > pop3_client_workarounds(default): > pop3_client_workarounds(imap): > pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh > lda: > postmaster_address: postmaster at net > mail_plugins: quota > log_path: > info_log_path: > deliver_log_format: msgid=%m: %f: %$ > auth default: > mechanisms: plain login > user: mailsystem > verbose: yes > passdb: > driver: sql > args: /etc/dovecot/dovecot-sql.conf > userdb: > driver: prefetch > userdb: > driver: static > args: uid=999 gid=115 home=/var/spool/mail/virtual/%d/%n > allow_all_users=yes > socket: > type: listen > client: > path: /var/spool/postfix/private/auth > mode: 432 > user: postfix > group: mailsystem > master: > path: /var/run/dovecot/auth-master > mode: 432 > user: mailsystem > group: mailsystem > plugin: > quota: maildir > > As you can see, I tried to go 0660 in both client and master. > > The portion of my master.cf > 81 # SPB - Attempt to deliver with Dovecot LDA > 82 dovecot unix - n n - - pipe > 83 flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f > ${sender} -d ${user}@${nexthop} > > Is there anything else I should include? > > I'm pretty sure it's an error on my part. I'm just not clued up > enough to know where. > > My second problem is that I thought I had things back to where they > were before I messed with chown and chmod, but now I get this in the > logs > > dovecot: dovecot: Fatal: > chdir(/var/spool/mail/virtual/domain.net/simon//) failed: Permission > denied (euid=999(mailsystem) egid=115(mailsystem) missing +x perm: > /var/spool/mail/virtual) > > But the ls on that is exactly the same as on the test server: > ls /var/spool/mail/virtual/ > total 44K > drwxrwS--- 11 postfix mailsystem 4.0K Aug 25 23:07 ./ > drwxrwsr-x 5 amavis mailsystem 4.0K Oct 19 2009 ../ > drwxrws--- 5 mailsystem mailsystem 4.0K Aug 26 02:33 domain.net/ > > So, now I'm stumped. I hope someone can spot the simple thing I've missed! > > Thanks. > > > Simon From jtam.home at gmail.com Sat Aug 27 02:57:18 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Fri, 26 Aug 2011 16:57:18 -0700 (PDT) Subject: [Dovecot] Catch22: user needs space to fix out of space condition In-Reply-To: References: Message-ID: Thanks to all who've made suggestions. It seems removing dotlocks as a locking method is the way to go. There is another dotlock locking variant mentioned in 10-mail.conf that seems to address this situation for those that can't get away from dotlocks: # dotlock_try: Same as dotlock, but if it fails because of permissions or # because there isn't enough disk space, just skip it. mbox_write_locks = dotlock_try fcntl Joseph Tam From simon.brereton at buongiorno.com Sat Aug 27 04:00:06 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Fri, 26 Aug 2011 21:00:06 -0400 Subject: [Dovecot] File Permissions and delivery In-Reply-To: <20110826193509.Horde.CZE5dJLnE6FOWC2tsEPBzxA@mail.patrickdk.com> References: <20110826193509.Horde.CZE5dJLnE6FOWC2tsEPBzxA@mail.patrickdk.com> Message-ID: On 26 August 2011 19:35, Patrick Domack wrote: > > My guess is your delivering email with postfix to the inbox, instead of using dovecot-lda. And something odd is going on with that postfix to get odd permissions like that. > > You probably needed to edit the postfix virtual deliever transport, or maybe you just forget to active the dovecot-lda (deliever) transport. That's why I included the portion from my master.cf The portion of my master.cf 81 # SPB - Attempt to deliver with Dovecot LDA 82 dovecot unix - n n - - pipe 83 flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} The numbers are just line numbers from vim. The entry reads like: # SPB - Attempt to deliver with Dovecot LDA dovecot unix - n n - - pipe flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} malsystem is the user and /usr/lib/dovecot/deliver exists. Simon > > Quoting Simon Brereton : > >> Hi >> >> I'm very new to Dovecot (been using Courier for 5 years), but I've been persuaded of the merits of Dovecot and since the server needs upgrading that seems like the perfect time/excuse. >> >> On a test server, I set up postfix and installed Dovecot (running 32-bit Debian Squeeze, installed from apt-get). ?I mirrored the mail store (Maildirs, for historical reasons located under /var/spool/mail/virtual/domain.com/user). ?Then I ran the courier migration perl script and everything was fine and dandy. >> >> However, when I can to do the production migration, things weren't as smooth. ?The new server is 64-bit (not that I think it makes a difference, but if you're going to help me you should have all the information :) >> >> Again, I installed Postfix and Dovecot >> Took down the old server >> Mirrored the Maildirs >> Ran the migration script >> Restarted everything >> >> At this point everything looked like it was ok. ?Mail was being received and delivered to the Maildirs and the IMAP login was fine. ?However, I noticed errors in the logs when retreiving mail with the MUA along the lines of: >> >> Aug 26 16:59:48 mail dovecot: IMAP(simon at lydiard.net): open(/var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +r perm: /var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) >> >> After messing around with the chown and chmod (even though these were exactly the same as the test server) I finally discovered the issue. >> >> mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/ >> -rwxrwx--- ?1 postfix mailsystem 2.5K Aug 26 03:33 1314326000.V801I1666018M803015.mail.net,S=2461:2, >> -rwxrwx--- ?1 postfix mailsystem 2.5K Aug 26 03:36 1314326209.V801I1666019M447273.mail.net,S=2460:2, >> -rw-rw---- ?1 postfix mailsystem 2.5K Aug 26 04:00 1314327630.V801I166601aM308173.mail.net,S=2477:2, >> -rw------- ?1 postfix mailsystem 2.5K Aug 26 04:22 1314328966.V801I166601bM756462.mail.net,S=2461:2, >> -rw------- ?1 postfix mailsystem 1.1K Aug 26 16:28 1314372534.V801I166601cM615258.mail.net,S=1097:2, >> -rw------- ?1 postfix mailsystem 1.1K Aug 26 16:31 1314372685.V801I166601dM264242.mail.net,S=1097:2, >> >> Mails are being delivered with 0600 permissions and not 0660 (the mails from courier seem to have all been 0770 as you can see). ?If I manually change the permission (to 0660) then I can see the mail in the MUA. >> >> After thinking for a while it occurred to me that this is covered in the LDA section. ?But making changes to the config file (either permissions or UID/GID) doesn't seem to make a difference. ?(Yes, I did restart postfix and dovecot after the changes). >> >> Anyway, here is my dovecot -n: >> >> mail:~# dovecot -n >> # 1.2.15: /etc/dovecot/dovecot.conf >> # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 >> log_timestamp: %Y-%m-%d %H:%M:%S >> protocols: imap imaps pop3 pop3s >> ssl_ca_file: /etc/ssl/keys/ca.crt >> ssl_cert_file: /etc/ssl/keys/mail.net.crt >> ssl_key_file: /etc/ssl/private/mail.net.key >> disable_plaintext_auth: no >> login_dir: /var/run/dovecot/login >> login_executable(default): /usr/lib/dovecot/imap-login >> login_executable(imap): /usr/lib/dovecot/imap-login >> login_executable(pop3): /usr/lib/dovecot/pop3-login >> mail_privileged_group: mailsystem >> mail_location: maildir:/var/spool/mail/virtual/%d/%n >> maildir_very_dirty_syncs: yes >> mbox_write_locks: fcntl dotlock >> mail_executable(default): /usr/lib/dovecot/imap >> mail_executable(imap): /usr/lib/dovecot/imap >> mail_executable(pop3): /usr/lib/dovecot/pop3 >> mail_plugins(default): quota imap_quota >> mail_plugins(imap): quota imap_quota >> mail_plugins(pop3): quota >> mail_plugin_dir(default): /usr/lib/dovecot/modules/imap >> mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap >> mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 >> imap_client_workarounds(default): outlook-idle delay-newmail >> imap_client_workarounds(imap): outlook-idle delay-newmail >> imap_client_workarounds(pop3): >> pop3_client_workarounds(default): >> pop3_client_workarounds(imap): >> pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh >> lda: >> ?postmaster_address: postmaster at net >> ?mail_plugins: quota >> ?log_path: >> ?info_log_path: >> ?deliver_log_format: msgid=%m: %f: %$ >> auth default: >> ?mechanisms: plain login >> ?user: mailsystem >> ?verbose: yes >> ?passdb: >> ? ?driver: sql >> ? ?args: /etc/dovecot/dovecot-sql.conf >> ?userdb: >> ? ?driver: prefetch >> ?userdb: >> ? ?driver: static >> ? ?args: uid=999 gid=115 home=/var/spool/mail/virtual/%d/%n allow_all_users=yes >> ?socket: >> ? ?type: listen >> ? ?client: >> ? ? ?path: /var/spool/postfix/private/auth >> ? ? ?mode: 432 >> ? ? ?user: postfix >> ? ? ?group: mailsystem >> ? ?master: >> ? ? ?path: /var/run/dovecot/auth-master >> ? ? ?mode: 432 >> ? ? ?user: mailsystem >> ? ? ?group: mailsystem >> plugin: >> ?quota: maildir >> >> As you can see, I tried to go 0660 in both client and master. >> >> The portion of my master.cf >> 81 # SPB - Attempt to deliver with Dovecot LDA >> ?82 dovecot ? unix ?- ? ? ? n ? ? ? n ? ? ? - ? ? ? - ? ? ? pipe >> ?83 ? flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} >> >> Is there anything else I should include? >> >> I'm pretty sure it's an error on my part. ?I'm just not clued up enough to know where. >> >> My second problem is that I thought I had things back to where they were before I messed with chown and chmod, but now I get this in the logs >> >> dovecot: dovecot: Fatal: chdir(/var/spool/mail/virtual/domain.net/simon//) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +x perm: /var/spool/mail/virtual) >> >> But the ls on that is exactly the same as on the test server: >> ls /var/spool/mail/virtual/ >> total 44K >> drwxrwS--- 11 postfix ? ?mailsystem 4.0K Aug 25 23:07 ./ >> drwxrwsr-x ?5 amavis ? ? mailsystem 4.0K Oct 19 ?2009 ../ >> drwxrws--- ?5 mailsystem mailsystem 4.0K Aug 26 02:33 domain.net/ >> >> So, now I'm stumped. ?I hope someone can spot the simple thing I've missed! >> >> Thanks. >> >> >> Simon > > > From jtam.home at gmail.com Sat Aug 27 04:30:01 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Fri, 26 Aug 2011 18:30:01 -0700 (PDT) Subject: [Dovecot] Catch22: user needs space to fix out of space condition In-Reply-To: References: Message-ID: On Fri, 26 Aug 2011, Joseph Tam wrote: > Thanks to all who've made suggestions. It seems removing dotlocks as > a locking method is the way to go. Actually, this gives me pause that maybe I should not enirely remove the dotlocking method http://mailman2.u.washington.edu/pipermail/alpine-info/2008-July/000996.html Any comments on the (sole) use of POSIX fcntl() type locking? Joseph Tam From patrickdk at patrickdk.com Sat Aug 27 04:51:36 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Fri, 26 Aug 2011 21:51:36 -0400 Subject: [Dovecot] File Permissions and delivery In-Reply-To: References: <20110826193509.Horde.CZE5dJLnE6FOWC2tsEPBzxA@mail.patrickdk.com> Message-ID: <20110826215136.Horde.HKEQbJLnE6FOWE2oep1l82A@mail.patrickdk.com> Just adding that won't make dovecot use it though, you would have to include the postconf -n output. Normally something like virtual_transport=dovecot Quoting Simon Brereton : > On 26 August 2011 19:35, Patrick Domack wrote: >> >> My guess is your delivering email with postfix to the inbox, >> instead of using dovecot-lda. And something odd is going on with >> that postfix to get odd permissions like that. >> >> You probably needed to edit the postfix virtual deliever transport, >> or maybe you just forget to active the dovecot-lda (deliever) >> transport. > > > That's why I included the portion from my master.cf > > > The portion of my master.cf > 81 # SPB - Attempt to deliver with Dovecot LDA > 82 dovecot unix - n n - - pipe > 83 flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f > ${sender} -d ${user}@${nexthop} > > The numbers are just line numbers from vim. The entry reads like: > > # SPB - Attempt to deliver with Dovecot LDA > dovecot unix - n n - - pipe > flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f > ${sender} -d ${user}@${nexthop} > > malsystem is the user and /usr/lib/dovecot/deliver exists. > > > Simon > > > >> >> Quoting Simon Brereton : >> >>> Hi >>> >>> I'm very new to Dovecot (been using Courier for 5 years), but I've >>> been persuaded of the merits of Dovecot and since the server needs >>> upgrading that seems like the perfect time/excuse. >>> >>> On a test server, I set up postfix and installed Dovecot (running >>> 32-bit Debian Squeeze, installed from apt-get). ?I mirrored the >>> mail store (Maildirs, for historical reasons located under >>> /var/spool/mail/virtual/domain.com/user). ?Then I ran the courier >>> migration perl script and everything was fine and dandy. >>> >>> However, when I can to do the production migration, things weren't >>> as smooth. ?The new server is 64-bit (not that I think it makes a >>> difference, but if you're going to help me you should have all the >>> information :) >>> >>> Again, I installed Postfix and Dovecot >>> Took down the old server >>> Mirrored the Maildirs >>> Ran the migration script >>> Restarted everything >>> >>> At this point everything looked like it was ok. ?Mail was being >>> received and delivered to the Maildirs and the IMAP login was >>> fine. ?However, I noticed errors in the logs when retreiving mail >>> with the MUA along the lines of: >>> >>> Aug 26 16:59:48 mail dovecot: IMAP(simon at lydiard.net): >>> open(/var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +r perm: >>> /var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) >>> >>> After messing around with the chown and chmod (even though these >>> were exactly the same as the test server) I finally discovered the >>> issue. >>> >>> mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/ >>> -rwxrwx--- ?1 postfix mailsystem 2.5K Aug 26 03:33 >>> 1314326000.V801I1666018M803015.mail.net,S=2461:2, >>> -rwxrwx--- ?1 postfix mailsystem 2.5K Aug 26 03:36 >>> 1314326209.V801I1666019M447273.mail.net,S=2460:2, >>> -rw-rw---- ?1 postfix mailsystem 2.5K Aug 26 04:00 >>> 1314327630.V801I166601aM308173.mail.net,S=2477:2, >>> -rw------- ?1 postfix mailsystem 2.5K Aug 26 04:22 >>> 1314328966.V801I166601bM756462.mail.net,S=2461:2, >>> -rw------- ?1 postfix mailsystem 1.1K Aug 26 16:28 >>> 1314372534.V801I166601cM615258.mail.net,S=1097:2, >>> -rw------- ?1 postfix mailsystem 1.1K Aug 26 16:31 >>> 1314372685.V801I166601dM264242.mail.net,S=1097:2, >>> >>> Mails are being delivered with 0600 permissions and not 0660 (the >>> mails from courier seem to have all been 0770 as you can see). ?If >>> I manually change the permission (to 0660) then I can see the mail >>> in the MUA. >>> >>> After thinking for a while it occurred to me that this is covered >>> in the LDA section. ?But making changes to the config file (either >>> permissions or UID/GID) doesn't seem to make a difference. ?(Yes, >>> I did restart postfix and dovecot after the changes). >>> >>> Anyway, here is my dovecot -n: >>> >>> mail:~# dovecot -n >>> # 1.2.15: /etc/dovecot/dovecot.conf >>> # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 >>> log_timestamp: %Y-%m-%d %H:%M:%S >>> protocols: imap imaps pop3 pop3s >>> ssl_ca_file: /etc/ssl/keys/ca.crt >>> ssl_cert_file: /etc/ssl/keys/mail.net.crt >>> ssl_key_file: /etc/ssl/private/mail.net.key >>> disable_plaintext_auth: no >>> login_dir: /var/run/dovecot/login >>> login_executable(default): /usr/lib/dovecot/imap-login >>> login_executable(imap): /usr/lib/dovecot/imap-login >>> login_executable(pop3): /usr/lib/dovecot/pop3-login >>> mail_privileged_group: mailsystem >>> mail_location: maildir:/var/spool/mail/virtual/%d/%n >>> maildir_very_dirty_syncs: yes >>> mbox_write_locks: fcntl dotlock >>> mail_executable(default): /usr/lib/dovecot/imap >>> mail_executable(imap): /usr/lib/dovecot/imap >>> mail_executable(pop3): /usr/lib/dovecot/pop3 >>> mail_plugins(default): quota imap_quota >>> mail_plugins(imap): quota imap_quota >>> mail_plugins(pop3): quota >>> mail_plugin_dir(default): /usr/lib/dovecot/modules/imap >>> mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap >>> mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 >>> imap_client_workarounds(default): outlook-idle delay-newmail >>> imap_client_workarounds(imap): outlook-idle delay-newmail >>> imap_client_workarounds(pop3): >>> pop3_client_workarounds(default): >>> pop3_client_workarounds(imap): >>> pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh >>> lda: >>> ?postmaster_address: postmaster at net >>> ?mail_plugins: quota >>> ?log_path: >>> ?info_log_path: >>> ?deliver_log_format: msgid=%m: %f: %$ >>> auth default: >>> ?mechanisms: plain login >>> ?user: mailsystem >>> ?verbose: yes >>> ?passdb: >>> ? ?driver: sql >>> ? ?args: /etc/dovecot/dovecot-sql.conf >>> ?userdb: >>> ? ?driver: prefetch >>> ?userdb: >>> ? ?driver: static >>> ? ?args: uid=999 gid=115 home=/var/spool/mail/virtual/%d/%n >>> allow_all_users=yes >>> ?socket: >>> ? ?type: listen >>> ? ?client: >>> ? ? ?path: /var/spool/postfix/private/auth >>> ? ? ?mode: 432 >>> ? ? ?user: postfix >>> ? ? ?group: mailsystem >>> ? ?master: >>> ? ? ?path: /var/run/dovecot/auth-master >>> ? ? ?mode: 432 >>> ? ? ?user: mailsystem >>> ? ? ?group: mailsystem >>> plugin: >>> ?quota: maildir >>> >>> As you can see, I tried to go 0660 in both client and master. >>> >>> The portion of my master.cf >>> 81 # SPB - Attempt to deliver with Dovecot LDA >>> ?82 dovecot ? unix ?- ? ? ? n ? ? ? n ? ? ? - ? ? ? - ? ? ? pipe >>> ?83 ? flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f >>> ${sender} -d ${user}@${nexthop} >>> >>> Is there anything else I should include? >>> >>> I'm pretty sure it's an error on my part. ?I'm just not clued up >>> enough to know where. >>> >>> My second problem is that I thought I had things back to where >>> they were before I messed with chown and chmod, but now I get this >>> in the logs >>> >>> dovecot: dovecot: Fatal: >>> chdir(/var/spool/mail/virtual/domain.net/simon//) failed: >>> Permission denied (euid=999(mailsystem) egid=115(mailsystem) >>> missing +x perm: /var/spool/mail/virtual) >>> >>> But the ls on that is exactly the same as on the test server: >>> ls /var/spool/mail/virtual/ >>> total 44K >>> drwxrwS--- 11 postfix ? ?mailsystem 4.0K Aug 25 23:07 ./ >>> drwxrwsr-x ?5 amavis ? ? mailsystem 4.0K Oct 19 ?2009 ../ >>> drwxrws--- ?5 mailsystem mailsystem 4.0K Aug 26 02:33 domain.net/ >>> >>> So, now I'm stumped. ?I hope someone can spot the simple thing I've missed! >>> >>> Thanks. >>> >>> >>> Simon >> >> >> From alex at ahhyes.net Sat Aug 27 05:18:50 2011 From: alex at ahhyes.net (=?utf-8?B?YWxleEBhaGh5ZXMubmV0?=) Date: Sat, 27 Aug 2011 12:18:50 +1000 Subject: [Dovecot] =?utf-8?q?limiting_number_of_incorrect_logins_per_conne?= =?utf-8?q?ction?= Message-ID: Thanks for that. I will change it and recompile. Sorry for the grumpyness yesterday in my posts. Was having a bad day. Is there any chance of there being an option on future versions that allow a number of failed auth attempts to be specified before dropping the connection? The other thread you mentioned, I see someone devised a small patch in c to add this functionality. It didnt look like a lot of code to do it. What are your thoughts? ----- Reply message ----- From: "Timo Sirainen" Date: Sat, Aug 27, 2011 02:30 Subject: [Dovecot] limiting number of incorrect logins per connection To: "Alex" Cc: login-common/client-common.h : #define CLIENT_LOGIN_TIMEOUT_MSECS (MASTER_LOGIN_TIMEOUT_SECS*1000) So set it to (45*60*1000) But I don't think there's much of a practical difference between these. On 26.8.2011, at 12.07, Alex wrote: > 3 minutes! I think that's too long, how can I drop that down to about 45 seconds? > > > On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote: >> On 26.8.2011, at 10.25, Alex wrote: >> >>> Running Dovecot 2 on my server. It is regularly getting dictionary auth attacked. What I have noticed is that once connected to a pop3/imap login session, you can send endless incorrect usernames+passwords attempts. This is a problem for me... I use fail2ban to try and stop these script kiddies. The problem is that fail2ban detects the bad auths, firewalls the IP, however, since it's an "established" session, the attacker can keep authing away... It's only on a subsequent (new) connection that the firewalling will take effect. >> >> Umm. If client hasn't managed to log in in 3 minutes, it's >> disconnected (no matter what it does with the connection). > From clements at brinckerhoff.org Fri Aug 26 21:38:08 2011 From: clements at brinckerhoff.org (John Clements) Date: Fri, 26 Aug 2011 11:38:08 -0700 Subject: [Dovecot] occasional dovecot crash, core captured but no symbol table info? Message-ID: <2C44F103-A69A-4322-B746-59F6615D3DD0@brinckerhoff.org> Dovecot is crashing occasionally for me. Today it crashed six times in quick succession, as I fired up a computer (Mac) I hadn't used in a while, and my mail application (Apple Mail) tried to synchronize many large mailboxes. The log entries look like this: Aug 26 10:26:15 computer dovecot: dovecot: child 23223 (imap) killed with signal 6 (core dumped) Aug 26 10:26:30 computer dovecot: IMAP(granitemon): Panic: file istream-raw-mbox.c: line 583 (istream_raw_mbox_get_body_size): assertion failed: (rstream->body_offset != (uoff_t)-1) Aug 26 10:26:30 computer dovecot: IMAP(granitemon): Raw backtrace: imap() [0x80f0e1e] -> imap() [0x80f0e82] -> imap() [0x80f0809] -> imap(istream_raw_mbox_get_body_size+0x407) [0x8092f47] -> imap(istream_raw_mbox_next+0x25) [0x8093025] -> imap(istream_raw_mbox_seek+0x1f3) [0x8093323] -> imap(mbox_file_seek+0x55) [0x8093745] -> imap() [0x8095852] -> imap() [0x8095c8d] -> imap(index_mail_set_seq+0x153) [0x80a35c3] -> imap() [0x8095fb9] -> imap(index_storage_search_next_nonblock+0x13b) [0x80a763b] -> imap(mailbox_search_next_nonblock+0x2a) [0x80b5c1a] -> imap(mailbox_search_next+0x28) [0x80b5c68] -> imap(imap_fetch_more+0x274) [0x806a4c4] -> imap() [0x8062665] -> imap() [0x806753f] -> imap(client_output+0xeb) [0x806862b] -> imap() [0x810007e] -> imap(io_loop_handler_run+0xd6) [0x80f9aa6] -> imap(io_loop_run+0x20) [0x80f8f20] -> imap(main+0x5b4) [0x8070f24] -> /lib/i686/cmov/libc.so.6(__libc_start_main+0xe6) [0xb75f3c76] -> imap() [0x80603a1] Aug 26 10:26:30 computer dovecot: dovecot: child 23228 (imap) killed with signal 6 (core dumped) Here's the output of dovecot -n: clements at computer:/home/granitemon$ sudo dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-686 i686 Debian 6.0.2 log_timestamp: %Y-%m-%d %H:%M:%S login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mbox_write_locks: fcntl dotlock lda: postmaster_address: postmaster at brinckerhoff.org mail_plugins: sieve auth default: passdb: driver: pam userdb: driver: passwd ... this is the version associated with debian stable. Finally, since I had coredumps enabled, I'm in a position to provide 'bt full', but it looks like my binaries are stripped, so I'm not getting source code line numbers. granitemon at computer:~$ gdb /usr/lib/dovecot/imap ./core GNU gdb (GDB) 7.0.1-debian Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu". For bug reporting instructions, please see: ... Reading symbols from /usr/lib/dovecot/imap...(no debugging symbols found)...done. warning: Can't read pathname for load map: Input/output error. Reading symbols from /lib/i686/cmov/libdl.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/i686/cmov/libdl.so.2 Reading symbols from /usr/lib/libldap_r-2.4.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libldap_r-2.4.so.2 Reading symbols from /lib/i686/cmov/librt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/i686/cmov/librt.so.1 Reading symbols from /lib/i686/cmov/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/i686/cmov/libc.so.6 Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /usr/lib/liblber-2.4.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/liblber-2.4.so.2 Reading symbols from /lib/i686/cmov/libresolv.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/i686/cmov/libresolv.so.2 Reading symbols from /usr/lib/libsasl2.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libsasl2.so.2 Reading symbols from /usr/lib/libgnutls.so.26...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgnutls.so.26 Reading symbols from /lib/i686/cmov/libpthread.so.0...(no debugging symbols found)...done. Loaded symbols for /lib/i686/cmov/libpthread.so.0 Reading symbols from /usr/lib/libtasn1.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libtasn1.so.3 Reading symbols from /usr/lib/libz.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libz.so.1 Reading symbols from /usr/lib/libgcrypt.so.11...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgcrypt.so.11 Reading symbols from /usr/lib/libgpg-error.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgpg-error.so.0 Reading symbols from /lib/i686/cmov/libnss_compat.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/i686/cmov/libnss_compat.so.2 Reading symbols from /lib/i686/cmov/libnsl.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/i686/cmov/libnsl.so.1 Reading symbols from /lib/i686/cmov/libnss_nis.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/i686/cmov/libnss_nis.so.2 Reading symbols from /lib/i686/cmov/libnss_files.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/i686/cmov/libnss_files.so.2 Reading symbols from /lib/libgcc_s.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libgcc_s.so.1 Core was generated by `imap'. Program terminated with signal 6, Aborted. #0 0xb7788424 in __kernel_vsyscall () (gdb) bt full #0 0xb7788424 in __kernel_vsyscall () No symbol table info available. #1 0xb7607751 in raise () from /lib/i686/cmov/libc.so.6 No symbol table info available. #2 0xb760ab82 in abort () from /lib/i686/cmov/libc.so.6 No symbol table info available. #3 0x080f0e2e in ?? () No symbol table info available. #4 0x080f0e82 in ?? () No symbol table info available. #5 0x080f0809 in i_panic () No symbol table info available. #6 0x08092f47 in istream_raw_mbox_get_body_size () No symbol table info available. #7 0x08093025 in istream_raw_mbox_next () No symbol table info available. #8 0x08093323 in istream_raw_mbox_seek () No symbol table info available. #9 0x08093745 in mbox_file_seek () No symbol table info available. #10 0x08095852 in ?? () No symbol table info available. #11 0x08095c8d in ?? () No symbol table info available. #12 0x080a35c3 in index_mail_set_seq () No symbol table info available. #13 0x08095fb9 in ?? () No symbol table info available. #14 0x080a763b in index_storage_search_next_nonblock () No symbol table info available. #15 0x080b5c1a in mailbox_search_next_nonblock () No symbol table info available. #16 0x080b5c68 in mailbox_search_next () No symbol table info available. #17 0x0806a4c4 in imap_fetch_more () No symbol table info available. #18 0x08062665 in ?? () No symbol table info available. #19 0x0806753f in ?? () No symbol table info available. #20 0x0806862b in client_output () No symbol table info available. #21 0x0810007e in ?? () No symbol table info available. #22 0x080f9aa6 in io_loop_handler_run () ---Type to continue, or q to quit--- No symbol table info available. #23 0x080f8f20 in io_loop_run () No symbol table info available. #24 0x08070f24 in main () No symbol table info available. (gdb) q Does anyone have any suggestions, here? Many thanks in advance; let me know if I can provide more information! All the best, John Clements -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4624 bytes Desc: not available URL: From mailing at securitylabs.it Sat Aug 27 08:30:51 2011 From: mailing at securitylabs.it (mailing at securitylabs.it) Date: Sat, 27 Aug 2011 07:30:51 +0200 Subject: [Dovecot] occasional dovecot crash, core captured but no symbol table info? In-Reply-To: <2C44F103-A69A-4322-B746-59F6615D3DD0@brinckerhoff.org> References: <2C44F103-A69A-4322-B746-59F6615D3DD0@brinckerhoff.org> Message-ID: <4E58810B.2040507@securitylabs.it> Il 26/08/2011 20:38, John Clements ha scritto: > Dovecot is crashing occasionally for me. Today it crashed six times in quick succession, as I fired up a computer (Mac) I hadn't used in a while, and my mail application (Apple Mail) tried to synchronize many large mailboxes. > > The log entries look like this: > > Aug 26 10:26:15 computer dovecot: dovecot: child 23223 (imap) killed with signal 6 (core dumped) > Aug 26 10:26:30 computer dovecot: IMAP(granitemon): Panic: file istream-raw-mbox.c: line 583 (istream_raw_mbox_get_body_size): assertion failed: (rstream->body_offset != (uoff_t)-1) Hello, http://www.dovecot.org/list/dovecot/2010-March/047426.html dunno if it has been fixed in 1.2.16 or 1.2.17, you may try to upgrade to 1.2.17 or apply the above patch. From aoeudovecot at brinckerhoff.org Sat Aug 27 19:57:48 2011 From: aoeudovecot at brinckerhoff.org (John Clements) Date: Sat, 27 Aug 2011 09:57:48 -0700 Subject: [Dovecot] occasional dovecot crash, core captured but no symbol table info? In-Reply-To: <4E58810B.2040507@securitylabs.it> References: <2C44F103-A69A-4322-B746-59F6615D3DD0@brinckerhoff.org> <4E58810B.2040507@securitylabs.it> Message-ID: <558754BD-AB19-402C-887C-66E1BC209F2F@brinckerhoff.org> On Aug 26, 2011, at 10:30 PM, mailing at securitylabs.it wrote: > Il 26/08/2011 20:38, John Clements ha scritto: >> Dovecot is crashing occasionally for me. Today it crashed six times in quick succession, as I fired up a computer (Mac) I hadn't used in a while, and my mail application (Apple Mail) tried to synchronize many large mailboxes. >> >> The log entries look like this: >> >> Aug 26 10:26:15 computer dovecot: dovecot: child 23223 (imap) killed with signal 6 (core dumped) >> Aug 26 10:26:30 computer dovecot: IMAP(granitemon): Panic: file istream-raw-mbox.c: line 583 (istream_raw_mbox_get_body_size): assertion failed: (rstream->body_offset != (uoff_t)-1) > > Hello, > > http://www.dovecot.org/list/dovecot/2010-March/047426.html > > dunno if it has been fixed in 1.2.16 or 1.2.17, you may try to upgrade to 1.2.17 or apply the above patch. Thanks for googling that for me... :) The tone of that message suggests that this core dump is probably not associated with data loss; any idea if that's true? Thanks and apologies for not doing enough homework, John Clements From pelle2004 at hotmail.com Sat Aug 27 17:54:00 2011 From: pelle2004 at hotmail.com (Pelle Svensson) Date: Sat, 27 Aug 2011 16:54:00 +0200 Subject: [Dovecot] Virtual user and post-login 2.0.13 In-Reply-To: <4E57E8CE.1020808@datahelper.com> References: , <4E57E8CE.1020808@datahelper.com> Message-ID: Yes and No! After applied the patch and changed settings it started to work. But there seems to be things that is not right. Evolution makes sever attempts to login -> all with socket closed If I remove the script (see below) THEN IT'S OKAY. dovecot is executed as root. dovecot.conf ======== protocols = imap pop3 base_dir = /var/run/dovecot/ #base_dir = /home/fetchmail/ log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot-info.log ssl = no # v1.2+, for older versions use: ssl_disable = yes disable_plaintext_auth = no mail_location = maildir:/home/fetchmail/mailroot/dummy pop3_uidl_format = %08Xu%08Xv !include conf.d/*.conf !include_try local.conf mail_uid=500 mail_gid=500 auth_verbose = yes auth_debug=yes auth_debug_passwords=yes mail_debug=yes service imap { executable = imap imap-postlogin } service imap-postlogin { executable = script-login /home/fetchmail/dovecot-postlogin.sh unix_listener imap-postlogin { } } dovecot-postlogin.sh (executed as root) ============= #!/bin/sh date >>/home/fetchmail/script.log kill -s 10 `cat /home/fetchmail/.fetchmail.pid | head -n 1` >>/home/fetchmail/script.log exit 0 script.log ====== Sat Aug 27 16:04:41 CEST 2011 Sat Aug 27 16:04:41 CEST 2011 Sat Aug 27 16:04:41 CEST 2011 Wireshark ======= 5 0.001422 192.168.1. 192.168.1. TCP 46940 > imap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSV=16435269 TSER=0 WS=7 6 0.001641 192.168.1. 192.168.1. TCP imap > 46940 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 SACK_PERM=1 TSV=189223554 TSER=16435269 WS=7 7 0.001666 192.168.1. 192.168.1. TCP 46940 > imap [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=16435269 TSER=189223554 8 0.055 192.168.1. 192.168.1. IMAP Response: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. 9 0.052267 192.168.1. 192.168.1. TCP 46940 > imap [ACK] Seq=1 Ack=104 Win=5888 Len=0 TSV=16435320 TSER=189223605 10 0.055497 192.168.1. 192.168.1. IMAP Request: A00000 CAPABILITY 11 0.055724 192.168.1. 192.168.1. TCP imap > 46940 [ACK] Seq=104 Ack=20 Win=5888 Len=0 TSV=189223609 TSER=16435324 12 0.055930 192.168.1. 192.168.1. IMAP Response: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN 13 0.095377 192.168.1. 192.168.1. TCP 46940 > imap [ACK] Seq=20 Ack=264 Win=6912 Len=0 TSV=16435364 TSER=189223609 14 0.344714 192.168.1. 192.168.1. IMAP Request: A00001 LOGIN 15 0.378516 192.168.1. 192.168.1. TCP imap > 46940 [FIN, ACK] Seq=264 Ack=60 Win=5888 Len=0 TSV=189223931 TSER=16435613 16 0.378630 192.168.1. 192.168.1. TCP 46940 > imap [FIN, ACK] Seq=60 Ack=265 Win=6912 Len=0 TSV=16435647 TSER=189223931 17 0.378922 192.168.1. 192.168.1. TCP imap > 46940 [ACK] Seq=265 Ack=61 Win=5888 Len=0 TSV=189223932 TSER=16435647 22 0.380520 192.168.1. 192.168.1. TCP 46941 > imap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSV=16435649 TSER=0 WS=7 23 0.380776 192.168.1. 192.168.1. TCP imap > 46941 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 SACK_PERM=1 TSV=189223934 TSER=16435649 WS=7 24 0.380796 192.168.1. 192.168.1. TCP 46941 > imap [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=16435649 TSER=189223934 25 0.392120 192.168.1. 192.168.1. IMAP Response: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. 26 0.392148 192.168.1. 192.168.1. TCP 46941 > imap [ACK] Seq=1 Ack=104 Win=5888 Len=0 TSV=16435660 TSER=189223945 27 0.392197 192.168.1. 192.168.1. IMAP Request: A00000 CAPABILITY 28 0.392528 192.168.1. 192.168.1. TCP imap > 46941 [ACK] Seq=104 Ack=20 Win=5888 Len=0 TSV=189223945 TSER=16435660 29 0.392529 192.168.1. 192.168.1. IMAP Response: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN 30 0.394038 192.168.1. 192.168.1. IMAP Request: A00001 LOGIN 31 0.431080 192.168.1. 192.168.1. TCP imap > 46941 [FIN, ACK] Seq=264 Ack=60 Win=5888 Len=0 TSV=189223984 TSER=16435662 32 0.431175 192.168.1. 192.168.1. TCP 46941 > imap [FIN, ACK] Seq=60 Ack=265 Win=6912 Len=0 TSV=16435699 TSER=189223984 33 0.431487 192.168.1. 192.168.1. TCP imap > 46941 [ACK] Seq=265 Ack=61 Win=5888 Len=0 TSV=189223984 TSER=16435699 38 0.433085 192.168.1. 192.168.1. TCP 46942 > imap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSV=16435701 TSER=0 WS=7 39 0.433373 192.168.1. 192.168.1. TCP imap > 46942 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 SACK_PERM=1 TSV=189223986 TSER=16435701 WS=7 40 0.433400 192.168.1. 192.168.1. TCP 46942 > imap [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=16435702 TSER=189223986 41 0.444437 192.168.1. 192.168.1. IMAP Response: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. 42 0.444460 192.168.1. 192.168.1. TCP 46942 > imap [ACK] Seq=1 Ack=104 Win=5888 Len=0 TSV=16435713 TSER=189223997 43 0.444513 192.168.1. 192.168.1. IMAP Request: A00000 CAPABILITY 44 0.444845 192.168.1. 192.168.1. TCP imap > 46942 [ACK] Seq=104 Ack=20 Win=5888 Len=0 TSV=189223997 TSER=16435713 45 0.445050 192.168.1. 192.168.1. IMAP Response: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN 46 0.445088 192.168.1. 192.168.1. IMAP Request: A00001 LOGIN 47 0.478720 192.168.1. 192.168.1. TCP imap > 46942 [FIN, ACK] Seq=264 Ack=60 Win=5888 Len=0 TSV=189224031 TSER=16435713 48 0.478773 192.168.1. 192.168.1. TCP 46942 > imap [FIN, ACK] Seq=60 Ack=265 Win=6912 Len=0 TSV=16435747 TSER=189224031 49 0.479127 192.168.1. 192.168.1. TCP imap > 46942 [ACK] Seq=265 Ack=61 Win=5888 Len=0 TSV=189224032 TSER=16435747 dovecot-info.log ========== Aug 27 16:04:21 master: Info: Dovecot v2.0.13 starting up (core dumps disabled) Aug 27 16:04:41 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Aug 27 16:04:41 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Aug 27 16:04:41 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Aug 27 16:04:41 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Aug 27 16:04:41 auth: Debug: passwd-file /etc/dovecot/users: Read 3 users Aug 27 16:04:41 auth: Debug: auth client connected (pid=9059) Aug 27 16:04:41 auth: Debug: client in: AUTH 1 PLAIN service=imap lip=192.168.1. rip=192.168.1. lport=143 rport=46940 resp=AHBtcEBicmVkYmFuZC5uZXQAQWc4MkltYXA= Aug 27 16:04:41 auth: Debug: passwd-file(,192.168.1.): lookup: user= file=/etc/dovecot/users Aug 27 16:04:41 auth: Debug: auth(,192.168.1.): allow_nets: Matching for network 192.168.1.0/24 Aug 27 16:04:41 auth: Debug: client out: OK 1 user= Aug 27 16:04:41 auth: Debug: master in: REQUEST 927727617 9059 1 c568e08d3d68829bca50fda1a4f8ed97 Aug 27 16:04:41 auth: Debug: passwd-file(,192.168.1.): lookup: user= file=/etc/dovecot/users Aug 27 16:04:41 auth: Debug: master out: USER 927727617 uid=500 gid=500 home=/home/fetchmail mail=maildir:/home/fetchmail/mailroot/ Aug 27 16:04:41 imap-login: Info: Login: user=<>, method=PLAIN, rip=192.168.1., lip=192.168.1., mpid=9061 Aug 27 16:04:41 script-login: Debug: Added userdb setting: mail=maildir:/home/fetchmail/mailroot/ Aug 27 16:04:41 imap(): Info: Post-login script denied access to user Aug 27 16:04:41 auth: Debug: auth client connected (pid=9067) Aug 27 16:04:41 auth: Debug: client in: AUTH 1 PLAIN service=imap lip=192.168.1. rip=192.168.1. lport=143 rport=46941 resp=AHBtcEBicmVkYmFuZC5uZXQAQWc4MkltYXA= Aug 27 16:04:41 auth: Debug: passwd-file(,192.168.1.): lookup: user= file=/etc/dovecot/users Aug 27 16:04:41 auth: Debug: auth(,192.168.1.): allow_nets: Matching for network 192.168.1.0/24 Aug 27 16:04:41 auth: Debug: client out: OK 1 user= Aug 27 16:04:41 auth: Debug: master in: REQUEST 1678376961 9067 1 cb882af650f4f063315e94b62647e68f Aug 27 16:04:41 auth: Debug: passwd-file(,192.168.1.): lookup: user= file=/etc/dovecot/users Aug 27 16:04:41 auth: Debug: master out: USER 1678376961 uid=500 gid=500 home=/home/fetchmail mail=maildir:/home/fetchmail/mailroot/ Aug 27 16:04:41 imap-login: Info: Login: user=<>, method=PLAIN, rip=192.168.1., lip=192.168.1., mpid=9068 Aug 27 16:04:41 script-login: Debug: Added userdb setting: mail=maildir:/home/fetchmail/mailroot/ Aug 27 16:04:41 imap(): Info: Post-login script denied access to user Aug 27 16:04:41 auth: Debug: auth client connected (pid=9074) Aug 27 16:04:41 auth: Debug: client in: AUTH 1 PLAIN service=imap lip=192.168.1. rip=192.168.1. lport=143 rport=46942 resp=AHBtcEBicmVkYmFuZC5uZXQAQWc4MkltYXA= Aug 27 16:04:41 auth: Debug: passwd-file(,192.168.1.): lookup: user= file=/etc/dovecot/users Aug 27 16:04:41 auth: Debug: auth(,192.168.1.): allow_nets: Matching for network 192.168.1.0/24 Aug 27 16:04:41 auth: Debug: client out: OK 1 user= Aug 27 16:04:41 auth: Debug: master in: REQUEST 1091174401 9074 1 9c488b8afd276e661170f65f0e8d0a2c Aug 27 16:04:41 auth: Debug: passwd-file(,192.168.1.): lookup: user= file=/etc/dovecot/users Aug 27 16:04:41 auth: Debug: master out: USER 1091174401 uid=500 gid=500 home=/home/fetchmail mail=maildir:/home/fetchmail/mailroot/ Aug 27 16:04:41 imap-login: Info: Login: user=<>, method=PLAIN, rip=192.168.1., lip=192.168.1., mpid=9075 Aug 27 16:04:41 script-login: Debug: Added userdb setting: mail=maildir:/home/fetchmail/mailroot/ Aug 27 16:04:41 imap(): Info: Post-login script denied access to user dovecot.log ======== ######################################## ############## No without script ############### ######################################## dovecot.conf ======== protocols = imap pop3 base_dir = /var/run/dovecot/ #base_dir = /home/fetchmail/ log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot-info.log ssl = no # v1.2+, for older versions use: ssl_disable = yes disable_plaintext_auth = no mail_location = maildir:/home/fetchmail/mailroot/dummy pop3_uidl_format = %08Xu%08Xv !include conf.d/*.conf !include_try local.conf mail_uid=500 mail_gid=500 auth_verbose = yes auth_debug=yes auth_debug_passwords=yes mail_debug=yes #service imap { # executable = imap imap-postlogin #} #service imap-postlogin { # executable = script-login /home/fetchmail/dovecot-postlogin.sh # unix_listener imap-postlogin { # } #} Wireshark ======= 25 7.624239 192.168.1. 192.168.1. TCP 54240 > imap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSV=18242752 TSER=0 WS=7 26 7.624457 192.168.1. 192.168.1. TCP imap > 54240 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 SACK_PERM=1 TSV=191031128 TSER=18242752 WS=7 27 7.624482 192.168.1. 192.168.1. TCP 54240 > imap [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=18242752 TSER=191031128 28 7.675570 192.168.1. 192.168.1. IMAP Response: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. 29 7.675608 192.168.1. 192.168.1. TCP 54240 > imap [ACK] Seq=1 Ack=104 Win=5888 Len=0 TSV=18242804 TSER=191031179 30 7.675716 192.168.1. 192.168.1. IMAP Request: A00000 CAPABILITY 31 7.675977 192.168.1. 192.168.1. TCP imap > 54240 [ACK] Seq=104 Ack=20 Win=5888 Len=0 TSV=191031179 TSER=18242804 32 7.676181 192.168.1. 192.168.1. IMAP Response: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN 33 7.715281 192.168.1. 192.168.1. TCP 54240 > imap [ACK] Seq=20 Ack=264 Win=6912 Len=0 TSV=18242844 TSER=191031180 34 7.924499 192.168.1. 192.168.1. IMAP Request: A00001 LOGIN 35 7.936249 192.168.1. 192.168.1. IMAP Response: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS 36 7.936292 192.168.1. 192.168.1. TCP 54240 > imap [ACK] Seq=60 Ack=555 Win=8064 Len=0 TSV=18243065 TSER=191031439 37 7.936406 192.168.1. 192.168.1. IMAP Request: A00002 LIST "" "" 38 7.936864 192.168.1. 192.168.1. IMAP Response: * LIST (\Noselect) "." "" 39 7.936951 192.168.1. 192.168.1. IMAP Request: A00003 LIST "" {1+} 40 7.937715 192.168.1. 192.168.1. IMAP Response: * LIST (\HasNoChildren) "." "Trash" 41 7.937987 192.168.1. 192.168.1. IMAP Request: A00004 LSUB "" {1+} 42 7.938655 192.168.1. 192.168.1. IMAP Response: * LSUB () "." "INBOX" 43 7.938903 192.168.1. 192.168.1. IMAP Request: A00005 LIST "" {1+} 44 7.939538 192.168.1. 192.168.1. IMAP Response: * LIST (\HasNoChildren) "." "Trash" 45 7.939781 192.168.1. 192.168.1. IMAP Request: A00006 LSUB "" {1+} 46 7.940370 192.168.1. 192.168.1. IMAP Response: * LSUB () "." "INBOX" 47 7.980409 192.168.1. 192.168.1. TCP 54240 > imap [ACK] Seq=175 Ack=2853 Win=13312 Len=0 TSV=18243109 TSER=191031444 48 8.024229 192.168.1. 192.168.1. IMAP Request: A00007 SELECT {20+} 49 8.025564 192.168.1. 192.168.1. IMAP Response: * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) 50 8.025591 192.168.1. 192.168.1. TCP 54240 > imap [ACK] Seq=218 Ack=3168 Win=14592 Len=0 TSV=18243154 TSER=191031529 51 8.025718 192.168.1. 192.168.1. IMAP Request: A00008 UID FETCH 1:4 (FLAGS) 52 8.026519 192.168.1. 192.168.1. IMAP Response: * 1 FETCH (UID 1 FLAGS (\Seen)) 53 8.026654 192.168.1. 192.168.1. IMAP Request: A00009 STATUS {20+} dovecot-info.log =========== Aug 27 16:34:45 master: Info: Dovecot v2.0.13 starting up (core dumps disabled) Aug 27 16:34:48 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Aug 27 16:34:48 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Aug 27 16:34:48 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Aug 27 16:34:48 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Aug 27 16:34:48 auth: Debug: passwd-file /etc/dovecot/users: Read 3 users Aug 27 16:34:48 auth: Debug: auth client connected (pid=9352) Aug 27 16:34:49 auth: Debug: client in: AUTH 1 PLAIN service=imap lip=192.168.1. rip=192.168.1. lport=143 rport=54240 resp=AHBtcEBicmVkYmFuZC5uZXQAQWc4MkltYXA= Aug 27 16:34:49 auth: Debug: passwd-file(,192.168.1.): lookup: user= file=/etc/dovecot/users Aug 27 16:34:49 auth: Debug: auth(,192.168.1.): allow_nets: Matching for network 192.168.1.0/24 Aug 27 16:34:49 auth: Debug: client out: OK 1 user= Aug 27 16:34:49 auth: Debug: master in: REQUEST 2999713793 9352 1 595e05b06e4f241795732866abb9cf89 Aug 27 16:34:49 auth: Debug: passwd-file(,192.168.1.): lookup: user= file=/etc/dovecot/users Aug 27 16:34:49 auth: Debug: master out: USER 2999713793 uid=500 gid=500 home=/home/fetchmail mail=maildir:/home/fetchmail/mailroot/ Aug 27 16:34:49 imap-login: Info: Login: user=<>, method=PLAIN, rip=192.168.1., lip=192.168.1., mpid=9354 Aug 27 16:34:49 imap: Debug: Added userdb setting: mail=maildir:/home/fetchmail/mailroot/ Aug 27 16:34:49 imap(): Debug: Effective uid=500, gid=500, home=/home/fetchmail Aug 27 16:34:49 imap(): Debug: maildir++: root=/home/fetchmail/mailroot/, index=, control=, inbox=/home/fetchmail/mailroot/ > Date: Fri, 26 Aug 2011 13:41:18 -0500 > From: willcox at datahelper.com > CC: dovecot at dovecot.org > Subject: Re: [Dovecot] Virtual user and post-login 2.0.13 > > Did you try installing from source after applying the patch? As in: > > This is your problem.. It's a bug in v2.0.13. You could patch with > http://hg.dovecot.org/dovecot-2.0/rev/a2d57b43ccb2 or change config > socket's permissions. I'll hopefully release v2.0.14 in not too distant > future. > -- Timo > > That got it working for me. Plus this: > service imap { > executable = imap imap-postlogin > } > > service imap-postlogin { > executable = script-login /usr/local/bin/set_postpop > unix_listener imap-postlogin { > } > } > > The script seems to run as root so I set ownership to the proper user in > the script. > > _________________ > Mark Willcox > Data Helper, Inc. > > > On 8/25/2011 10:47 AM, Pelle Svensson wrote: > > Hi > > > > I tried several variants of suggestions but I can't get it working > > > > dovecot-info.log: > > =========== > > Aug 25 17:37:48 imap-login: Info: Login: user=, method=PLAIN, rip=192.168.1.xx, lip=192.168.1.xx, mpid=11264 > > Aug 25 17:37:48 imap(vuser): Info: Post-login script denied access to user vuser > > > > dovecot.log > > ======== > > Aug 25 17:31:28 imap-postlogin: Error: script-login: Error: user pmp at bredband.net: Error reading configuration: net_connect_unix(/var/run/dovecot/config) failed: Permission denied > > Aug 25 17:31:28 imap-postlogin: Error: script-login: Fatal: Internal error occurred. Refer to server log for more information. > > Aug 25 17:31:28 log: Error: service(imap-postlogin): child 11082 returned error 89 (Fatal failure) > > > > dovecot.conf > > ======== > > protocols = imap pop3 > > base_dir = /var/run/dovecot/ > > > > log_path = /var/log/dovecot.log > > info_log_path = /var/log/dovecot-info.log > > > > ssl = no # v1.2+, for older versions use: ssl_disable = yes > > disable_plaintext_auth = no > > > > mail_location = maildir:/home/fetchmail/mailroot/dummy > > > > pop3_uidl_format = %08Xu%08Xv > > > > > > !include conf.d/*.conf > > !include_try local.conf > > > > mail_uid=500 > > mail_gid=500 > > > > auth_verbose = yes > > auth_debug=yes > > auth_debug_passwords=yes > > mail_debug=yes > > > > # Optional tried with this!!! > > service config { > > unix_listener config { > > group = dovecot > > mode = 0660 > > } > > } > > > > service imap { > > # tell imap to do post-login lookup using a socket called "imap-postlogin" > > executable = imap imap-postlogin > > # Optional tried with this!!! > > > > user=dovecot > > } > > > > # The service name below doesn't actually matter. > > service imap-postlogin { > > # all post-login scripts are executed via script-login binary > > executable = script-login /home/fetchmail/dovecot-postlogin.sh > > > > # the script process runs as the user specified here (v2.0.14+): > > # Optional tried with this!!! > > > > # user=dovecot > > # user = $default_internal_user > > # this UNIX socket listener must use the same name as given to imap executable > > # Optional tried with this!!! > > > > #unix_listener imap-postlogin { > > #} > > } > > > > > > users > > ==== > > vuser:{PLAIN}pass:500:500::/home/fetchmail::userdb_mail=maildir:/home/fetchmail/mailroot/vuser-root allow_nets=192.168.1.0/24 > > > > ls -l /home/fetchmail/dovecot-postlogin.sh > > -rwxrwxrwx. 1 dovecot root 108 Aug 25 17:08 dovecot-postlogin.sh > > > > Any suggestions are very welcome!! > > > > /Thanks > > > > > > From stephen.feyrer at btinternet.com Sat Aug 27 19:36:12 2011 From: stephen.feyrer at btinternet.com (Stephen Feyrer) Date: Sat, 27 Aug 2011 17:36:12 +0100 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) Message-ID: Hi. I've made a new attempt at build Dovecot. The build and then install processes appeared to work find. Then when I try to run Dovecot it reports the error: /share/MD0_DATA/optware/opt/sbin/dovecot: error while loading shared libraries: libdovecot.so.0: cannot open shared object file: No such file or directory To get a better idea of what's going on, I added --enable-devel-checks at ./configure and then ran gdb: # gdb --args dovecot -F GNU gdb 6.8 [snip] This GDB was configured as "arm-none-linux-gnueabi"... (no debugging symbols found) (gdb) run Starting program: /share/MD0_DATA/optware/opt/sbin/dovecot -F (no debugging symbols found) /share/MD0_DATA/optware/opt/sbin/dovecot: error while loading shared libraries: libdovecot.so.0: cannot open shared object file: No such file or directory Program exited with code 0177. (gdb) bt full No stack. (gdb) quit By the way on a separate but related note, adding --enable-maintiner-mode introduced a new problem also relating to libdovecot.so.0.0.0 I'll refer to that in the post script. # ls -alh /opt/lib/dovecot/ drwxr-xr-x 8 admin administ 4.0k Aug 27 16:31 ./ drwxr-xr-x 37 admin administ 16.0k Aug 27 16:27 ../ drwxr-xr-x 2 avahi avahi 4.0k Nov 26 2009 .debug/ drwxr-xr-x 2 admin administ 4.0k Aug 27 16:27 auth/ drwxr-xr-x 2 admin administ 4.0k Aug 27 16:31 doveadm/ -rw-r--r-- 1 admin administ 678 Aug 27 16:27 dovecot-config drwxr-xr-x 3 admin administ 4.0k Aug 26 18:01 imap/ drwxr-xr-x 2 admin administ 4.0k Aug 26 18:01 lda/ -rw-r--r-- 1 admin administ 527.6k Jan 6 2011 lib01_acl_plugin.a -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 lib01_acl_plugin.la* -rwxr-xr-x 1 admin administ 56.3k Aug 27 16:27 lib01_acl_plugin.so* -rw-r--r-- 1 admin administ 70.5k Jan 6 2011 lib02_imap_acl_plugin.a -rwxr-xr-x 1 admin administ 1.1k Aug 27 16:27 lib02_imap_acl_plugin.la* -rwxr-xr-x 1 admin administ 13.1k Aug 27 16:27 lib02_imap_acl_plugin.so* -rw-r--r-- 1 admin administ 69.9k Jan 6 2011 lib02_lazy_expunge_plugin.a -rwxr-xr-x 1 admin administ 1.1k Aug 27 16:27 lib02_lazy_expunge_plugin.la* -rwxr-xr-x 1 admin administ 13.0k Aug 27 16:27 lib02_lazy_expunge_plugin.so* -rw-r--r-- 1 admin administ 51.3k Jan 6 2011 lib05_snarf_plugin.a -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 lib05_snarf_plugin.la* -rwxr-xr-x 1 admin administ 7.4k Aug 27 16:27 lib05_snarf_plugin.so* -rw-r--r-- 1 admin administ 443.4k Jan 6 2011 lib10_quota_plugin.a -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 lib10_quota_plugin.la* -rwxr-xr-x 1 admin administ 51.5k Aug 27 16:27 lib10_quota_plugin.so* -rw-r--r-- 1 admin administ 23.6k Jan 6 2011 lib11_imap_quota_plugin.a -rwxr-xr-x 1 admin administ 1.1k Aug 27 16:27 lib11_imap_quota_plugin.la* -rwxr-xr-x 1 admin administ 8.3k Aug 27 16:27 lib11_imap_quota_plugin.so* -rw-r--r-- 1 admin administ 56.9k Jan 6 2011 lib11_trash_plugin.a -rwxr-xr-x 1 admin administ 1.1k Aug 27 16:27 lib11_trash_plugin.la* -rwxr-xr-x 1 admin administ 9.9k Aug 27 16:27 lib11_trash_plugin.so* -rw-r--r-- 1 admin administ 71.8k Jan 6 2011 lib15_notify_plugin.a -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 lib15_notify_plugin.la* -rwxr-xr-x 1 admin administ 10.6k Aug 27 16:27 lib15_notify_plugin.so* -rw-r--r-- 1 admin administ 14.4k Jan 6 2011 lib20_autocreate_plugin.a -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 lib20_autocreate_plugin.la* -rwxr-xr-x 1 admin administ 5.3k Aug 27 16:27 lib20_autocreate_plugin.so* -rw-r--r-- 1 avahi avahi 10.9k Nov 26 2009 lib20_convert_plugin.a -rw-r--r-- 1 admin administ 62.7k Jan 6 2011 lib20_expire_plugin.a -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 lib20_expire_plugin.la* -rwxr-xr-x 1 admin administ 10.6k Aug 27 16:27 lib20_expire_plugin.so* -rw-r--r-- 1 admin administ 161.0k Jan 6 2011 lib20_fts_plugin.a -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 lib20_fts_plugin.la* -rwxr-xr-x 1 admin administ 29.4k Aug 27 16:27 lib20_fts_plugin.so* -rw-r--r-- 1 admin administ 59.4k Jan 6 2011 lib20_listescape_plugin.a -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 lib20_listescape_plugin.la* -rwxr-xr-x 1 admin administ 9.4k Aug 27 16:27 lib20_listescape_plugin.so* -rw-r--r-- 1 admin administ 62.8k Jan 6 2011 lib20_mail_log_plugin.a -rwxr-xr-x 1 admin administ 1.1k Aug 27 16:27 lib20_mail_log_plugin.la* -rwxr-xr-x 1 admin administ 10.1k Aug 27 16:27 lib20_mail_log_plugin.so* -rw-r--r-- 1 avahi avahi 54.4k Nov 6 2010 lib20_mbox_snarf_plugin.a -rw-r--r-- 1 admin administ 450.8k Jan 6 2011 lib20_virtual_plugin.a -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 lib20_virtual_plugin.la* -rwxr-xr-x 1 admin administ 47.6k Aug 27 16:27 lib20_virtual_plugin.so* -rw-r--r-- 1 admin administ 115.1k Jan 6 2011 lib20_zlib_plugin.a -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 lib20_zlib_plugin.la* -rwxr-xr-x 1 admin administ 18.4k Aug 27 16:27 lib20_zlib_plugin.so* -rw-r--r-- 1 admin administ 181.7k Jan 6 2011 lib21_fts_squat_plugin.a -rwxr-xr-x 1 admin administ 1.1k Aug 27 16:27 lib21_fts_squat_plugin.la* -rwxr-xr-x 1 admin administ 48.8k Aug 27 16:27 lib21_fts_squat_plugin.so* -rw-r--r-- 1 admin administ 22.0k Jan 6 2011 lib30_imap_zlib_plugin.a -rwxr-xr-x 1 admin administ 1.1k Aug 27 16:27 lib30_imap_zlib_plugin.la* -rwxr-xr-x 1 admin administ 6.5k Aug 27 16:27 lib30_imap_zlib_plugin.so* -rw-r--r-- 1 admin administ 101.3k Jan 6 2011 libdovecot-lda.a -rwxr-xr-x 1 admin administ 1.1k Aug 27 16:27 libdovecot-lda.la* lrwxrwxrwx 1 admin administ 23 Aug 27 16:31 libdovecot-lda.so -> libdovecot-lda.so.0.0.0* lrwxrwxrwx 1 admin administ 23 Aug 27 16:31 libdovecot-lda.so.0 -> libdovecot-lda.so.0.0.0* -rwxr-xr-x 1 admin administ 35.2k Aug 27 16:27 libdovecot-lda.so.0.0.0* -rw-r--r-- 1 admin administ 241.7k Jan 6 2011 libdovecot-login.a -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 libdovecot-login.la* lrwxrwxrwx 1 admin administ 25 Aug 27 16:31 libdovecot-login.so -> libdovecot-login.so.0.0.0* lrwxrwxrwx 1 admin administ 25 Aug 27 16:31 libdovecot-login.so.0 -> libdovecot-login.so.0.0.0* -rwxr-xr-x 1 admin administ 65.5k Aug 27 16:27 libdovecot-login.so.0.0.0* -rwxr-xr-x 1 admin administ 1.0k Aug 27 16:27 libdovecot-sql.la* lrwxrwxrwx 1 admin administ 23 Aug 27 16:31 libdovecot-sql.so -> libdovecot-sql.so.0.0.0* lrwxrwxrwx 1 admin administ 23 Aug 27 16:31 libdovecot-sql.so.0 -> libdovecot-sql.so.0.0.0* -rwxr-xr-x 1 admin administ 19.3k Aug 27 16:27 libdovecot-sql.so.0.0.0* -rw-r--r-- 1 admin administ 6.2M Jan 6 2011 libdovecot-storage.a -rwxr-xr-x 1 admin administ 1.1k Aug 27 16:27 libdovecot-storage.la* lrwxrwxrwx 1 admin administ 27 Aug 27 16:31 libdovecot-storage.so -> libdovecot-storage.so.0.0.0* lrwxrwxrwx 1 admin administ 27 Aug 27 16:31 libdovecot-storage.so.0 -> libdovecot-storage.so.0.0.0* -rwxr-xr-x 1 admin administ 737.5k Aug 27 16:27 libdovecot-storage.so.0.0.0* -rw-r--r-- 1 admin administ 1.8M Jan 6 2011 libdovecot.a -rwxr-xr-x 1 admin administ 1011 Aug 27 16:27 libdovecot.la* lrwxrwxrwx 1 admin administ 19 Aug 27 16:31 libdovecot.so -> libdovecot.so.0.0.0* lrwxrwxrwx 1 admin administ 19 Aug 27 16:31 libdovecot.so.0 -> libdovecot.so.0.0.0* -rwxr-xr-x 1 admin administ 440.8k Aug 27 16:27 libdovecot.so.0.0.0* drwxr-xr-x 2 admin administ 4.0k Aug 26 18:01 pop3/ Everything seems to be in the right place. So I don't know what's wrong. Now on to my post script. This issue first appears when I try to package my freshly built Dovecot for installation on my arm powered nas. #make dovecot-ipk [...] test -z "/opt/include/dovecot" || /usr/bin/mkdir -p "~/Projects/nslu2/optware/tsx09/builds/dovecot-2.0.13-ipk/opt/include/dovecot" /usr/bin/install -c -m 644 settings.h settings-parser.h '~/Projects/nslu2/optware/tsx09/builds/dovecot-2.0.13-ipk/opt/include/dovecot' make[5]: Leaving directory `~/Projects/nslu2/optware/tsx09/builds/dovecot/src/lib-settings' make[4]: Leaving directory `~/Projects/nslu2/optware/tsx09/builds/dovecot/src/lib-settings' Making install in lib-dovecot make[4]: Entering directory `~/Projects/nslu2/optware/tsx09/builds/dovecot/src/lib-dovecot' make[5]: Entering directory `~/Projects/nslu2/optware/tsx09/builds/dovecot/src/lib-dovecot' test -z "/opt/lib/dovecot" || /usr/bin/mkdir -p "~/Projects/nslu2/optware/tsx09/builds/dovecot-2.0.13-ipk/opt/lib/dovecot" /bin/sh ../../libtool --mode=install /usr/bin/install -c -s libdovecot.la '~/Projects/nslu2/optware/tsx09/builds/dovecot-2.0.13-ipk/opt/lib/dovecot' libtool: install: /usr/bin/install -c .libs/libdovecot.so.0.0.0 ~/Projects/nslu2/optware/tsx09/builds/dovecot-2.0.13-ipk/opt/lib/dovecot/libdovecot.so.0.0.0 libtool: install: strip --strip-unneeded ~/Projects/nslu2/optware/tsx09/builds/dovecot-2.0.13-ipk/opt/lib/dovecot/libdovecot.so.0.0.0 strip: Unable to recognise the format of the input file `~/Projects/nslu2/optware/tsx09/builds/dovecot-2.0.13-ipk/opt/lib/dovecot/libdovecot.so.0.0.0' make[5]: *** [install-pkglibLTLIBRARIES] Error 1 make[5]: Leaving directory `~/Projects/nslu2/optware/tsx09/builds/dovecot/src/lib-dovecot' make[4]: *** [install-am] Error 2 make[4]: Leaving directory `~/Projects/nslu2/optware/tsx09/builds/dovecot/src/lib-dovecot' make[3]: *** [install-recursive] Error 1 make[3]: Leaving directory `~/Projects/nslu2/optware/tsx09/builds/dovecot/src' make[2]: *** [install-recursive] Error 1 make[2]: Leaving directory `~/Projects/nslu2/optware/tsx09/builds/dovecot' make[1]: *** [install-strip] Error 2 make[1]: Leaving directory `~/Projects/nslu2/optware/tsx09/builds/dovecot' make: *** [~/Projects/nslu2/optware/tsx09/builds/dovecot_2.0.13-2_arm.ipk] Error 2 So I went looking for libdovecot.so.0.0.0 and found, ls -ahl ~/Projects/nslu2/optware/tsx09/builds/dovecot-2.0.13-ipk/opt/lib/dovecot/: total 1.3M drwxr-xr-x 2 leonidis leonidis 4.0K Aug 27 17:07 . drwxr-xr-x 3 leonidis leonidis 4.0K Aug 27 17:07 .. -rw-r--r-- 1 leonidis leonidis 678 Aug 27 17:07 dovecot-config -rwxr-xr-x 1 leonidis leonidis 1.3M Aug 27 17:07 libdovecot.so.0.0.0 The other libraries appear to have been built and are waiting to be packaged up but ipackage doesn't seem to get that far. What this says about ipackage and how it might relate to my first problem I don't know. I apologise this all seems a bit like a broken record to me. -- Kind regards Stephen Feyrer. From fcatunda at contactnet.com.br Sat Aug 27 21:13:39 2011 From: fcatunda at contactnet.com.br (Fabio Catunda) Date: Sat, 27 Aug 2011 15:13:39 -0300 Subject: [Dovecot] Pop3 hanging up after login. Message-ID: <4E5933D3.9000508@contactnet.com.br> Hi, I'm trying to implement a second dovecot server on a second machine to try to load balance IMAP/POP3 services. The first machine is already running and is working pretty well with dovecot-pop3d 1:1.0.15-2.3+lenny1. The new machine is running dovecot-pop3d 1:1.2.15-7 and accessing the existing maildirs over a NFS share on /mnt/mail. When I try to telnet localhost 110 on the new machine it just freezes after the "pass MySecret", like this: # telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK Bem Vindo. user my.user at mydomain.com.br +OK pass MySecret ... (Nothing else happens) If I try to stop Dovecot with /etc/init.d/dovecot stop it stops, but the pop3 process keep running and the only way to stop it is with kill -9. On my log I only can see this: Aug 27 15:03:40 radamante dovecot: auth(default): client in: AUTH#0112#011PLAIN#011service=pop3#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=110#011rport=60421#011resp= Aug 27 15:03:40 radamante dovecot: auth-worker(default): pam(my.user at mydomain.com.br,127.0.0.1): lookup service=dovecot Aug 27 15:03:40 radamante dovecot: auth-worker(default): pam(my.user at mydomain.com.br,127.0.0.1): #1/1 style=1 msg=Password: Aug 27 15:03:42 radamante dovecot: auth-worker(default): pam(my.user at mydomain.com.br,127.0.0.1): pam_authenticate() failed: Authentication failure (password mismatch?) Aug 27 15:03:42 radamante dovecot: auth(default): cache(my.user at mydomain.com.br,127.0.0.1): miss Aug 27 15:03:42 radamante dovecot: auth(default): ldap(my.user at mydomain.com.br,127.0.0.1): pass search: base=ou=Users, dc=mydomain, dc=com, dc=br scope=subtree filter=(&(mail=my.user at mydomain.com.br)) fields=mail,userPassword Aug 27 15:03:42 radamante dovecot: auth(default): ldap(my.user at mydomain.com.br,127.0.0.1): result: mail(user at domain)=my.user at mydomain.com.br userPassword(password)= Aug 27 15:03:42 radamante dovecot: auth(default): client out: OK#0112#011user=my.user at mydomain.com.br#011user at domain=my.user at mydomain.com.br Aug 27 15:03:42 radamante dovecot: auth(default): master in: REQUEST#0111#01130330#0112 Aug 27 15:03:42 radamante dovecot: auth(default): passwd(my.user at mydomain.com.br,127.0.0.1): lookup Aug 27 15:03:42 radamante dovecot: auth(default): passwd(my.user at mydomain.com.br,127.0.0.1): unknown user Aug 27 15:03:42 radamante dovecot: auth(default): ldap(my.user at mydomain.com.br,127.0.0.1): user search: base=ou=Users, dc=mydomain, dc=com, dc=br scope=subtree filter=(&(mail=my.user at mydomain.com.br)) fields=homeDirectory,uidNumber,gidNumber Aug 27 15:03:42 radamante dovecot: auth(default): ldap(my.user at mydomain.com.br,127.0.0.1): result: uidNumber(uidNumber)=3478 gidNumber(gidNumber)=513 homeDirectory(homeDirectory)=/home/samba/my.user Aug 27 15:03:42 radamante dovecot: auth(default): master out: USER#0111#011my.user at mydomain.com.br#011uidNumber=3478#011gidNumber=513#011homeDirectory=/home/samba/my.user Aug 27 15:03:42 radamante dovecot: pop3-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Aug 27 15:03:42 radamante dovecot: auth(default): new auth connection: pid=30330 Aug 27 15:03:42 radamante dovecot: POP3(my.user at mydomain.com.br): Effective uid=8, gid=8, home=(none) Aug 27 15:03:42 radamante dovecot: POP3(my.user at mydomain.com.br): maildir: data=/mnt/mail/mydomain.com.br/my.user/Maildir Aug 27 15:03:42 radamante dovecot: POP3(my.user at mydomain.com.br): maildir++: root=/mnt/mail/mydomain.com.br/my.user/Maildir, index=, control=, inbox=/mnt/mail/mydomain.com.br/my.user/Maildir Aug 27 15:03:42 radamante dovecot: POP3(my.user at mydomain.com.br): Namespace : Using permissions from /mnt/mail/mydomain.com.br/my.user/Maildir: mode=0700 gid=-1 By now I have no clue whats going on, any help is appreciated. I don't understand if the problem is the NFS share or if it's something with the new version of Dovecot on Debian. Some more info: # dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 nfs log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 ssl: no disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_greeting: Bem Vindo. login_process_per_connection: no login_chroot: no login_process_size: 128 login_processes_count: 8 max_mail_processes: 2048 mail_max_userip_connections(default): 100 mail_max_userip_connections(imap): 100 mail_max_userip_connections(pop3): 10 verbose_proctitle: yes first_valid_uid: 1 last_valid_uid: 9999 last_valid_gid: 9999 mail_privileged_group: mail mail_uid: mail mail_gid: mail mail_location: maildir:/mnt/mail/%Ld/%Ln/Maildir mail_debug: yes mmap_disable: yes mail_nfs_storage: yes mail_nfs_index: yes maildir_copy_preserve_filename: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_process_size: 512 mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 imap_client_workarounds(default): delay-newmail imap_client_workarounds(imap): delay-newmail imap_client_workarounds(pop3): imap_idle_notify_interval(default): 30 imap_idle_notify_interval(imap): 30 imap_idle_notify_interval(pop3): 120 pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh auth default: default_realm: mydomain.com.br cache_size: 1024 cache_negative_ttl: 0 username_format: %Lu failure_delay: 3 debug: yes passdb: driver: pam passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: passwd userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf root at radamante:/etc/dovecot# egrep -v '^#|^$' dovecot-ldap.conf hosts = 192.168.5.37 192.168.5.124 sasl_bind = no tls = no auth_bind = no ldap_version = 3 base = ou=Users, dc=mydomain, dc=com, dc=br deref = never scope = subtree user_attrs = homeDirectory=homeDirectory,uidNumber=uidNumber,gidNumber=gidNumber user_filter = (&(mail=%u)) pass_attrs = mail=user at domain,userPassword=password pass_filter = (&(mail=%u)) default_pass_scheme = CRYPT Thanks in advance. From pelle2004 at hotmail.com Sun Aug 28 12:50:55 2011 From: pelle2004 at hotmail.com (Pelle Svensson) Date: Sun, 28 Aug 2011 11:50:55 +0200 Subject: [Dovecot] Dovecot service needs a second restart after boot - euid is not dir owner Message-ID: After reboot dovecot service need a restart. dovecot service starts as S99dovecot with only S99rc-local coming up. After boot following error is filled up in dovecot.log Aug 28 11:33:12 imap(vuser): Error: open(/home/fetchmail/mailroot/map/dovecot.index.log) failed: Permission denied (euid=500(vuser) egid=500(vuser) missing +r perm: /home/fetchmail/mailroot/map/dovecot.index.log, euid is not dir owner) Aug 28 11:33:12 imap(vuser): Error: file_dotlock_create(/home/fetchmail/mailroot/map/dovecot-uidlist) failed: Permission denied (euid=500(fetchmail) egid=500(fetchmail) missing +w perm: /home/fetchmail/mailroot/map, euid is not dir owner) Aug 28 11:33:12 imap(vuser): Error: open(/home/fetchmail/mailroot/map/dovecot-uidlist) failed: Permission denied After Linux has booted you just issue service dovecot restart And everything is back to normal and no error. Running on a Pentium 800MHz not too fast pc From tss at iki.fi Mon Aug 29 04:42:13 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 29 Aug 2011 04:42:13 +0300 Subject: [Dovecot] Pop3 hanging up after login. In-Reply-To: <4E5933D3.9000508@contactnet.com.br> References: <4E5933D3.9000508@contactnet.com.br> Message-ID: <1314582134.4008.1.camel@hurina> On Sat, 2011-08-27 at 15:13 -0300, Fabio Catunda wrote: > I'm trying to implement a second dovecot server on a second machine to > try to load balance IMAP/POP3 services. > The first machine is already running and is working pretty well with > dovecot-pop3d 1:1.0.15-2.3+lenny1. The > new machine is running dovecot-pop3d 1:1.2.15-7 and accessing the > existing maildirs over a NFS share on /mnt/mail. This is not a recommended setup. Read http://wiki2.dovecot.org/NFS especially about caching. > # telnet localhost 110 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > +OK Bem Vindo. > user my.user at mydomain.com.br > +OK > pass MySecret > ... (Nothing else happens) > > If I try to stop Dovecot with /etc/init.d/dovecot stop it stops, but the > pop3 process keep running and the only > way to stop it is with kill -9. Sounds like it hangs somewhere. Get gdb backtrace: gdb -p bt full From tss at iki.fi Mon Aug 29 04:44:19 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 29 Aug 2011 04:44:19 +0300 Subject: [Dovecot] Dovecot service needs a second restart after boot - euid is not dir owner In-Reply-To: References: Message-ID: <1314582263.4008.3.camel@hurina> On Sun, 2011-08-28 at 11:50 +0200, Pelle Svensson wrote: > After reboot dovecot service need a restart. > dovecot service starts as S99dovecot with only S99rc-local coming up. > > After boot following error is filled up in dovecot.log > > Aug 28 11:33:12 imap(vuser): Error: open(/home/fetchmail/mailroot/map/dovecot.index.log) failed: Permission denied (euid=500(vuser) egid=500(vuser) missing +r perm: /home/fetchmail/mailroot/map/dovecot.index.log, euid is not dir owner) > Aug 28 11:33:12 imap(vuser): Error: file_dotlock_create(/home/fetchmail/mailroot/map/dovecot-uidlist) failed: Permission denied (euid=500(fetchmail) egid=500(fetchmail) missing +w perm: /home/fetchmail/mailroot/map, euid is not dir owner) > Aug 28 11:33:12 imap(vuser): Error: open(/home/fetchmail/mailroot/map/dovecot-uidlist) failed: Permission denied > > After Linux has booted you just issue > service dovecot restart > > And everything is back to normal and no error. Does it actually need the restart? If you don't restart, do these errors just keep happening forever? I'd guess that the NFS hasn't fully finished mounting by the time Dovecot runs so it fails with these errors.. I'm not really sure though. In any case I don't think there's anything Dovecot can do about this. From tss at iki.fi Mon Aug 29 04:45:40 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 29 Aug 2011 04:45:40 +0300 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: <1314582342.4008.4.camel@hurina> On Sat, 2011-08-27 at 17:36 +0100, Stephen Feyrer wrote: > I've made a new attempt at build Dovecot. The build and then install > processes appeared to work find. Then when I try to run Dovecot it > reports the error: > > /share/MD0_DATA/optware/opt/sbin/dovecot: error while loading shared > libraries: libdovecot.so.0: cannot open shared object file: No such file > or directory No idea. Try without shared libraries: configure --without-shared-libs From tss at iki.fi Mon Aug 29 04:48:53 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 29 Aug 2011 04:48:53 +0300 Subject: [Dovecot] Catch22: user needs space to fix out of space condition In-Reply-To: References: Message-ID: <1314582533.4008.6.camel@hurina> On Fri, 2011-08-26 at 18:30 -0700, Joseph Tam wrote: > On Fri, 26 Aug 2011, Joseph Tam wrote: > > > Thanks to all who've made suggestions. It seems removing dotlocks as > > a locking method is the way to go. > > Actually, this gives me pause that maybe I should not enirely remove > the dotlocking method > > http://mailman2.u.washington.edu/pipermail/alpine-info/2008-July/000996.html > > Any comments on the (sole) use of POSIX fcntl() type locking? As long as you haven't used symlinks in your mboxes there's no problems with fcntl locking with Dovecot (assuming there are no non-Dovecot software writing to them). From tss at iki.fi Mon Aug 29 06:20:54 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 29 Aug 2011 06:20:54 +0300 Subject: [Dovecot] Virtual user and post-login 2.0.13 In-Reply-To: References: , <4E57E8CE.1020808@datahelper.com> Message-ID: <1314588056.4008.7.camel@hurina> On Sat, 2011-08-27 at 16:54 +0200, Pelle Svensson wrote: > dovecot-postlogin.sh (executed as root) > ============= > #!/bin/sh > > date >>/home/fetchmail/script.log > > kill -s 10 `cat /home/fetchmail/.fetchmail.pid | head -n 1` >>/home/fetchmail/script.log > > exit 0 exec "$@", not exit 0 as http://wiki2.dovecot.org/PostLoginScripting shows. From tss at iki.fi Mon Aug 29 06:24:41 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 29 Aug 2011 06:24:41 +0300 Subject: [Dovecot] File Permissions and delivery In-Reply-To: <001701cc6413$20e693c0$62b3bb40$@brereton@buongiorno.com> References: <001701cc6413$20e693c0$62b3bb40$@brereton@buongiorno.com> Message-ID: <1314588283.4008.9.camel@hurina> On Fri, 2011-08-26 at 13:10 -0400, Simon Brereton wrote: > mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/ > -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:33 1314326000.V801I1666018M803015.mail.net,S=2461:2, > -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:36 1314326209.V801I1666019M447273.mail.net,S=2460:2, > -rw-rw---- 1 postfix mailsystem 2.5K Aug 26 04:00 1314327630.V801I166601aM308173.mail.net,S=2477:2, > -rw------- 1 postfix mailsystem 2.5K Aug 26 04:22 1314328966.V801I166601bM756462.mail.net,S=2461:2, > -rw------- 1 postfix mailsystem 1.1K Aug 26 16:28 1314372534.V801I166601cM615258.mail.net,S=1097:2, > -rw------- 1 postfix mailsystem 1.1K Aug 26 16:31 1314372685.V801I166601dM264242.mail.net,S=1097:2, > > Mails are being delivered with 0600 permissions and not 0660 (the mails from courier seem to have all been 0770 as you can see). If I manually change the permission (to 0660) then I can see the mail in the MUA. If /var/spool/mail/virtual/domain.net/simon has 0770 permissions, the new mails should be delivered with 0660 permissions. (I don't remember if having g+s makes any difference in the directory like you have in the domain dir.) In any case, it would be better if mails were delivered as mailsystem:mailsystem 0600 since that's what you're reading them as. Unless you have some other good reason for requiring mailsystem group to be able to read them. From tss at iki.fi Mon Aug 29 06:26:17 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 29 Aug 2011 06:26:17 +0300 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <4E577CF2.2070800@um.es> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> <4E577CF2.2070800@um.es> Message-ID: <1314588382.4008.11.camel@hurina> On Fri, 2011-08-26 at 13:01 +0200, Angel L. Mateo wrote: > El 25/08/11 12:10, Timo Sirainen escribi?: > > On 25.8.2011, at 13.04, Angel L. Mateo wrote: > > > >> Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection lost to LDAP server, reconnecting > >> > >> I have seen in the mail list a patch for 1.2 (http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these logs when the disconnection is because of idle timeouts. As far as I could see in this patch and 2.0.13 source code, this patch is already applied in 2.0. So I guess that the disconnection is for other problem, isn't it? > > > > I had completely forgotten I had added such a feature :) See what it logs with attached patch. > > > I have tried the patch. It confirms my hypothesis, the connection is > closed by my load balancer: > > Aug 26 12:55:27 myotis31 dovecot: auth: Error: LDAP: Connection lost to > LDAP server, reconnecting (1 requests, 3603 idle secs) Ah. So this is noticed only when Dovecot tries to use the LDAP connection that it's been disconnected. > Is there any way to configure ldap connection with a keepalive, so I > don't need a reconnection? Nope. But you could configure your LDAP server to idle-disconnect after some amount of time. From tss at iki.fi Mon Aug 29 06:32:47 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 29 Aug 2011 06:32:47 +0300 Subject: [Dovecot] unlink_directory failed with 'Device or resource busy' on NFS In-Reply-To: <5811AFA0-1036-4851-BDE7-D4B1E850F3D4@sds.co.kr> References: <5811AFA0-1036-4851-BDE7-D4B1E850F3D4@sds.co.kr> Message-ID: <1314588769.4008.16.camel@hurina> On Wed, 2011-08-24 at 03:00 +0000, ??? wrote: > imap(name at domain.com): Error: unlink_directory(/data/domain.com/name/INBOX/direct/.nfs00000000000033fd000000cd) failed: Device or resource busy > > How can I solve this problem? That's a bit problematic, because there's not much Dovecot can do about it.. Another session has the mailbox opened and kernel keeps those files open after deletion as .nfs* files that can't be deleted. > mail_location = maildir:~:LAYOUT=fs LAYOUT=maildir++ solves this by renaming everything under ~/Maildir/DOVECOT-TRASHED/ directory and hiding any errors about not being able to delete .nfs* files. They are then deleted sometimes later. But with LAYOUT=fs this isn't really possible, because such directory would show up as being "DOVECOT-TRASHED" mailbox (not a problem with Maildir++ because all mailboxes begin with "."). I guess maybe the renaming could be done under ~/Maildir/tmp/ but that's a bit ugly since it won't work generally with all mailbox formats.. All in all, currently this seems like too much trouble to fix. From tss at iki.fi Mon Aug 29 07:15:22 2011 From: tss at iki.fi (Timo Sirainen) Date: Mon, 29 Aug 2011 07:15:22 +0300 Subject: [Dovecot] v2.0.14 released Message-ID: <1314591323.4008.30.camel@hurina> http://dovecot.org/releases/2.0/dovecot-2.0.14.tar.gz http://dovecot.org/releases/2.0/dovecot-2.0.14.tar.gz.sig It's been a while since the previous release.. I've been a bit busy with my newly created Dovecot support company, but it was also summer and I wasted some time doing nothing useful. :) Most of my recent time has gone to adding new features to v2.1 branch. I'm planning on releasing v2.1.alpha1 somewhat soon and the final v2.1.0 sometimes later this year. This v2.0.14 release also contains one larger new feature: Ability to list and kick imap/pop3 proxy connections. This is done via a new "ipc" process where all proxying login processes connect to, which allows doveadm to communicate with them. If you're not using these features, this change (and its potential bugs) should be pretty much invisible. BTW. I know there are still mails I haven't read & replied to. I'll try to get to them eventually, but you may as well re-send anything you want me to read sooner rather than 6 months from now. Some of the largest changes since v2.0.13: + doveadm: Added support for running mail commands by proxying to another doveadm server. + Added "doveadm proxy list" and "doveadm proxy kick" commands to list/kick proxy connections (via a new "ipc" service). + Added "doveadm director move" to assign user from one server to another, killing any existing connections. + Added "doveadm director ring status" command. + userdb extra fields can now return name+=value to append to an existing name, e.g. "mail_plugins+= quota". - script-login attempted an unnecessary config lookup, which usually failed with "Permission denied". - lmtp: Fixed parsing quoted strings with spaces as local-part for MAIL FROM and RCPT TO. - imap: FETCH BODY[HEADER.FIELDS (..)] may have crashed or not returned all data sometimes. - ldap: Fixed random assert-crashing with with sasl_bind=yes. - Fixes to handling mail chroots - Fixed renaming mailboxes under different parent with FS layout when using separate ALT, INDEX or CONTROL paths. - zlib: Fixed reading concatenated .gz files. From jtam.home at gmail.com Mon Aug 29 11:04:01 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 29 Aug 2011 01:04:01 -0700 (PDT) Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: "Stephen Feyrer" writes: > I've made a new attempt at build Dovecot. The build and then install > processes appeared to work find. Then when I try to run Dovecot it > reports the error: > > /share/MD0_DATA/optware/opt/sbin/dovecot: error while loading shared > libraries: libdovecot.so.0: cannot open shared object file: No such file > or directory In cases like this where I have no clue where an executable is trying to load a library from, run a process trace tool (strace, truss, etc.) and you can see all the library run paths it's trying before failing. Joseph Tam From jtam.home at gmail.com Mon Aug 29 12:32:55 2011 From: jtam.home at gmail.com (Joseph Tam) Date: Mon, 29 Aug 2011 02:32:55 -0700 (PDT) Subject: [Dovecot] Catch22: user needs space to fix out of space condition In-Reply-To: <1314582533.4008.6.camel@hurina> References: <1314582533.4008.6.camel@hurina> Message-ID: On Mon, 29 Aug 2011, Timo Sirainen wrote: >> Actually, this gives me pause that maybe I should not enirely remove >> the dotlocking method >> >> http://mailman2.u.washington.edu/pipermail/alpine-info/2008-July/000996.html >> >> Any comments on the (sole) use of POSIX fcntl() type locking? > > As long as you haven't used symlinks in your mboxes there's no problems > with fcntl locking with Dovecot (assuming there are no non-Dovecot > software writing to them). Thanks for the info. I don't meet the last criteria: some users have direct file access via pine and other mail readers. There's also procmail, but I don't know what locking method it uses. Reading the pine sources closely, I think it fakes fcntl() for NFS mailboxes. I'm using dotlock_try which solves my immediate problem of allowing users to delete Email under full quota. The long term solution is to replace file access with kerberized IMAP access, but that's much further down the road. Joseph Tam From amateo at um.es Mon Aug 29 12:44:50 2011 From: amateo at um.es (Angel L. Mateo) Date: Mon, 29 Aug 2011 11:44:50 +0200 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <1314588382.4008.11.camel@hurina> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> <4E577CF2.2070800@um.es> <1314588382.4008.11.camel@hurina> Message-ID: <4E5B5F92.2050701@um.es> El 29/08/11 05:26, Timo Sirainen escribi?: > On Fri, 2011-08-26 at 13:01 +0200, Angel L. Mateo wrote: >> El 25/08/11 12:10, Timo Sirainen escribi?: >>> On 25.8.2011, at 13.04, Angel L. Mateo wrote: >>> >>>> Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection lost to LDAP server, reconnecting >>>> >>>> I have seen in the mail list a patch for 1.2 (http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these logs when the disconnection is because of idle timeouts. As far as I could see in this patch and 2.0.13 source code, this patch is already applied in 2.0. So I guess that the disconnection is for other problem, isn't it? >>> >>> I had completely forgotten I had added such a feature :) See what it logs with attached patch. >>> >> I have tried the patch. It confirms my hypothesis, the connection is >> closed by my load balancer: >> >> Aug 26 12:55:27 myotis31 dovecot: auth: Error: LDAP: Connection lost to >> LDAP server, reconnecting (1 requests, 3603 idle secs) > > Ah. So this is noticed only when Dovecot tries to use the LDAP > connection that it's been disconnected. > >> Is there any way to configure ldap connection with a keepalive, so I >> don't need a reconnection? > > Nope. But you could configure your LDAP server to idle-disconnect after > some amount of time. > I know it, but configuring LDAP server does not resolve the problem, because the error (in fact it's just an informational message) still appears. I think the solution is to configure the dovecot auth_cache_ttl to a value less than the idletimeout of the ldap server. -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From duane at duanemail.org Mon Aug 29 13:56:51 2011 From: duane at duanemail.org (Duane Hill) Date: Mon, 29 Aug 2011 05:56:51 -0500 Subject: [Dovecot] Catch22: user needs space to fix out of space condition In-Reply-To: References: <1314582533.4008.6.camel@hurina> Message-ID: <1335134054.20110829055651@duanemail.org> Monday, August 29, 2011, 4:32:55 AM, Joseph wrote: > On Mon, 29 Aug 2011, Timo Sirainen wrote: >>> Actually, this gives me pause that maybe I should not enirely remove >>> the dotlocking method >>> >>> http://mailman2.u.washington.edu/pipermail/alpine-info/2008-July/000996.html >>> >>> Any comments on the (sole) use of POSIX fcntl() type locking? >> >> As long as you haven't used symlinks in your mboxes there's no problems >> with fcntl locking with Dovecot (assuming there are no non-Dovecot >> software writing to them). > Thanks for the info. > I don't meet the last criteria: some users have direct file access via > pine and other mail readers. There's also procmail, but I don't know > what locking method it uses. Reading the pine sources closely, I think > it fakes fcntl() for NFS mailboxes. Pine/Alpine knows IMAP. That's what I use locally on my server. > I'm using dotlock_try which solves my immediate problem of allowing > users to delete Email under full quota. > The long term solution is to replace file access with kerberized IMAP > access, but that's much further down the road. > Joseph Tam -- Best regards, Duane mailto:duane at duanemail.org From klinkov at yandex.ru Mon Aug 29 16:39:14 2011 From: klinkov at yandex.ru (Stanislav Klinkov) Date: Mon, 29 Aug 2011 17:39:14 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab Message-ID: <4E5B9682.1040408@yandex.ru> Hello, ALL. I am trying to organize a transparent single sign-on concept for my Active Directory users into Dovecot via IMAP. On the user's desktop I use Thunderbird 6.0 as a mail client (MUA), Windows XP as an operating system. Domain is controlled by Windows 2008 Server SP2 with Active Directory. I have installed on my Mail server Debian GNU/Linux 6.0.2 (Squeeze) and Dovecot 2.0.13 from official "wheezy" repositories of it with all dependencies. I ran into in a problem with generating proper "/etc/krb5.keytab" file for successful kerberos authentication against AD controller. I has performed all the steps described in official dovecot wiki here: http://wiki2.dovecot.org/Authentication/Kerberos I have generated a service ticket with name "imap/efim.test.local at MYORG.LAN" exactly as described in wiki. ("MYORG.LAN" is my kerberos realm.) But this does not work. I see in debug logs something like this: ******** main service logs ******** Aug 29 16:05:14 auth: Info: gssapi(?,192.168.4.12): While processing incoming data: Unspecified GSS failure. Minor code may provide more information Aug 29 16:05:14 auth: Info: gssapi(?,192.168.4.12): While processing incoming data: Wrong principal in request ************************************* ******** auth debug logs ********* Aug 29 16:05:14 auth: Debug: gssapi(?,192.168.4.12): Obtaining credentials for imap at efim.test.local Aug 29 16:05:14 auth: Debug: client out: CONT 1 Aug 29 16:05:14 auth: Debug: client in: CONT Aug 29 16:05:16 auth: Debug: client out: FAIL 1 ************************************* But (!). If I define << auth_gssapi_hostname = "$ALL" >> instead of << auth_gssapi_hostname = efim.test.local >> then everything works fine. I decided to find out where is the problem, so I dig into source code of gssapi module, "mech-gssapi.c". For versions 2.0.13 and 2.0.14 of dovecot I see there the following: ********* mech-gssapi.c ********* static OM_uint32 obtain_service_credentials(struct auth_request *request, gss_cred_id_t *ret_r) /* blah-blah-blah */ principal_name = t_str_new(128); str_append(principal_name, service_name); str_append_c(principal_name, '@'); str_append(principal_name, request->set->gssapi_hostname); auth_request_log_debug(request, "gssapi", "Obtaining credentials for %s", str_c(principal_name)); inbuf.length = str_len(principal_name); inbuf.value = str_c_modifiable(principal_name); major_status = gss_import_name(&minor_status, &inbuf, GSS_C_NT_HOSTBASED_SERVICE, &gss_principal); ********************************* So, according to source code, Dovecot tries to find in krb5.keytab a principal named "imap at hostname". However wiki says to create the principal named "imap/hostname at REALM". Please, clarify where is the error: in source code, in wiki, or I have misunderstood something. Respectfully, Stanislav Klinkov. From lists at wildgooses.com Mon Aug 29 17:12:35 2011 From: lists at wildgooses.com (Ed W) Date: Mon, 29 Aug 2011 15:12:35 +0100 Subject: [Dovecot] limiting number of incorrect logins per connection In-Reply-To: References: <57ffb026f1289c9b6aec31c18afb80dc@ahhyes.net> <6ed2c04bc55eca5dcdabf46a9836bdd2@ahhyes.net> Message-ID: <4E5B9E53.2090504@wildgooses.com> Slightly advanced, but note that you CAN block in progress connections using iptables What is happening is that the usual top (ish) rule in your iptable script says something like "continue if connection established", this can be seen as a performance optimisation to avoid running your full rulebase after the connection exists, however, it's not a limitation of iptables. So you have two main ways to tackle this: 1) Add your blacklist rules *before* the continue rule. One of the fastest/simplest ways to achieve this is with the new ipset functionality of recent kernels. You can then have a single iptables (block) rule, which references a dynamically updated ipset that contains all your blacklisted IPs. Curiously ipsets can have a timeout value which appears to cause entries to fall out after a set time period. Requires some changes to the "actions" in fail2ban 2) Alternatively note that you can purge specific connections from conntrack (subsequent packets will either be treated as "invalid" or "new" depending on whether you have loose tracking set in /proc/sys/... Something like "conntrack -D -n a.b.c.d" should do it? This still requires some tweaking to fail2ban, but the iptables rules stay the same Just saying... Good luck Ed W On 26/08/2011 13:22, Felipe Scarel wrote: > Yeah, I had read about half of that thread, and after I sent my mail kept > reading and stumbled upon this: "(...) using the recent module needs > dovecotto close the connection upon authentication failure, as iptables only > (normally) comes in to play for new connections (...)". > > So, yeah, my suggestion probably won't work. > > On Fri, Aug 26, 2011 at 09:15, Felipe Scarel wrote: > >> Alex, I've not personally done it (so just speculating here, bear with me) >> but you can customize Fail2Ban's actions if needed. So, if you can match the >> attemps through some regex (and since you're seeing them in the logs, that >> should be quite possible), then you can edit one of the 'actions' to drop >> the connection for . From simon.brereton at buongiorno.com Mon Aug 29 18:04:19 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Mon, 29 Aug 2011 11:04:19 -0400 Subject: [Dovecot] File Permissions and delivery In-Reply-To: <20110826215136.Horde.HKEQbJLnE6FOWE2oep1l82A@mail.patrickdk.com> References: <20110826193509.Horde.CZE5dJLnE6FOWC2tsEPBzxA@mail.patrickdk.com> <20110826215136.Horde.HKEQbJLnE6FOWE2oep1l82A@mail.patrickdk.com> Message-ID: <011501cc665c$ee115740$ca3405c0$@brereton@buongiorno.com> > -----Original Message----- > From: dovecot-bounces at dovecot.org [mailto:dovecot- > bounces at dovecot.org] On Behalf Of Patrick Domack > Just adding that won't make dovecot use it though, you would have to > include the postconf -n output. Normally something like > virtual_transport=dovecot Crap. I had added that. But I'd also forgotten to comment out the original virtual_transport = virtual line. Thanks. I think that has fixed it though I'm still struggling with directory permissions. Simon From simon.brereton at buongiorno.com Mon Aug 29 18:14:15 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Mon, 29 Aug 2011 11:14:15 -0400 Subject: [Dovecot] File Permissions and delivery In-Reply-To: <1314588283.4008.9.camel@hurina> References: <001701cc6413$20e693c0$62b3bb40$@brereton@buongiorno.com> <1314588283.4008.9.camel@hurina> Message-ID: <011801cc665e$5156be20$f4043a60$@brereton@buongiorno.com> > -----Original Message----- > From: Timo Sirainen [mailto:tss at iki.fi] > Sent: Sunday, August 28, 2011 11:25 PM > On Fri, 2011-08-26 at 13:10 -0400, Simon Brereton wrote: > > mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/ > > -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:33 > > 1314326000.V801I1666018M803015.mail.net,S=2461:2, > > -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:36 > > 1314326209.V801I1666019M447273.mail.net,S=2460:2, > > -rw-rw---- 1 postfix mailsystem 2.5K Aug 26 04:00 > > 1314327630.V801I166601aM308173.mail.net,S=2477:2, > > -rw------- 1 postfix mailsystem 2.5K Aug 26 04:22 > > 1314328966.V801I166601bM756462.mail.net,S=2461:2, > > -rw------- 1 postfix mailsystem 1.1K Aug 26 16:28 > > 1314372534.V801I166601cM615258.mail.net,S=1097:2, > > -rw------- 1 postfix mailsystem 1.1K Aug 26 16:31 > > 1314372685.V801I166601dM264242.mail.net,S=1097:2, > > > > Mails are being delivered with 0600 permissions and not 0660 (the > mails from courier seem to have all been 0770 as you can see). If I > manually change the permission (to 0660) then I can see the mail in > the MUA. > > If /var/spool/mail/virtual/domain.net/simon has 0770 permissions, the > new mails should be delivered with 0660 permissions. (I don't > remember if having g+s makes any difference in the directory like you > have in the domain dir.) > > In any case, it would be better if mails were delivered as > mailsystem:mailsystem 0600 since that's what you're reading them as. > Unless you have some other good reason for requiring mailsystem group > to be able to read them. So mean I should change client to mailsystem/mailsystem in the dovecot.conf too? I'm also not sure what (if any) effect the g+s has - that's just how it was (and how it is on the test installation). As per my previous note to Patrick, I think I've fixed the delivery issue, but now I have these in the log again: Aug 29 15:59:14 mail dovecot: deliver(simon at lydiard.net): chdir(/var/spool/mail/virtual/domain.net/simon) failed: Permission denied Aug 29 15:59:14 mail dovecot: deliver(simon at lydiard.net): stat(/var/spool/mail/virtual/domain.net/simon) failed: Permission denied Aug 29 15:59:14 mail dovecot: deliver(simon at lydiard.net): stat(/var/spool/mail/virtual/domain.net/simon/tmp) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +x perm: /var/spool/mail/virtual) Even if I make EVERTHING under /var/spool/mail/virtual/* owned by mailsystem:mailsystem - and reload postfix and restart doevcot. And even if I remove the sticky bit. mail:~# ls /var/spool/mail/virtual/domain.net/simon/ total 880K drwxrwx--- 13 mailsystem mailsystem 4.0K Aug 26 16:53 ./ drwxrwx--- 5 mailsystem mailsystem 4.0K Aug 26 00:39 ../ drwxrwx--- 2 mailsystem mailsystem 4.0K Dec 3 2007 courierimaphieracl/ drwxrwx--- 2 mailsystem mailsystem 4.0K Aug 25 18:57 courierimapkeywords/ -rwxrwx--- 1 mailsystem mailsystem 67 Nov 30 2007 courierimapsubscribed -rwxrwx--- 1 mailsystem mailsystem 15K Aug 25 20:45 courierimapuiddb -rwxrwx--- 1 mailsystem mailsystem 20K Aug 25 20:38 courierpop3dsizelist drwxrwx--- 2 mailsystem mailsystem 32K Aug 26 16:43 cur/ -rwxrwx--- 1 mailsystem mailsystem 3.5K Aug 26 03:37 dovecot.index -rwxrwx--- 1 mailsystem mailsystem 697K Aug 26 16:44 dovecot.index.cache -rwxrwx--- 1 mailsystem mailsystem 8.5K Aug 26 16:53 dovecot.index.log -rw-rwx--- 1 mailsystem mailsystem 25K Aug 26 16:44 dovecot-uidlist -rwxrwx--- 1 mailsystem mailsystem 8 Aug 25 23:14 dovecot-uidvalidity -rwxrwx--- 1 mailsystem mailsystem 0 Aug 25 23:14 dovecot-uidvalidity.4e56c938 drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 26 03:10 .Drafts/ drwxrwx--- 6 mailsystem mailsystem 4.0K Nov 30 2007 .Junk E-mail/ -rwxrwx--- 1 mailsystem mailsystem 7 Aug 26 22:05 maildirsize drwxrwx--- 2 mailsystem mailsystem 4.0K Aug 26 22:05 new/ drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 25 23:14 .Outbox/ drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 26 00:17 .Sent/ drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 25 23:14 .Sent Items/ -rwxrwx--- 1 mailsystem mailsystem 37 Aug 25 22:26 subscriptions drwxrwx--- 2 mailsystem mailsystem 4.0K Aug 26 22:05 tmp/ drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 25 22:26 .Trash/ Any ideas? Simon From steve at toth.org.uk Mon Aug 29 21:39:54 2011 From: steve at toth.org.uk (Stephen Feyrer) Date: Mon, 29 Aug 2011 19:39:54 +0100 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: <1314582342.4008.4.camel@hurina> References: <1314582342.4008.4.camel@hurina> Message-ID: Hi, Firstly I tried building 2.0.14 with my fingers crossed. Sadly that didn't help. However, using configure --without-shared-libs is used make fails: /Projects/nslu2/nas/tsx09/staging/opt/include -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -I/usr/kerberos/include -MT ../lib/mountpoint.o -MD -MP -MF .deps/../lib/mountpoint.Tpo -c -o ../lib/mountpoint.o ../lib/mountpoint.c ../lib/mountpoint.c:222: fatal error: opening dependency file .deps/../lib/mountpoint.Tpo: No such file or directory compilation terminated. make[4]: *** [../lib/mountpoint.o] Error 1 make[4]: Leaving directory `~/Projects/nslu2/nas/tsx09/builds/dovecot/src/imap' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `~/Projects/nslu2/nas/tsx09/builds/dovecot/src' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `~/Projects/nslu2/nas/tsx09/builds/dovecot' make[1]: *** [all] Error 2 make[1]: Leaving directory `~/Projects/nslu2/nas/tsx09/builds/dovecot' make: *** [~Projects/nslu2/nas/tsx09/builds/dovecot/.built] Error 2 Maybe this is more informative. -- All the best. Stephen. On Mon, 29 Aug 2011 02:45:40 +0100, Timo Sirainen wrote: > On Sat, 2011-08-27 at 17:36 +0100, Stephen Feyrer wrote: > >> I've made a new attempt at build Dovecot. The build and then install >> processes appeared to work find. Then when I try to run Dovecot it >> reports the error: >> >> /share/MD0_DATA/optware/opt/sbin/dovecot: error while loading shared >> libraries: libdovecot.so.0: cannot open shared object file: No such file >> or directory > > No idea. Try without shared libraries: configure --without-shared-libs > From shopik at inblock.ru Mon Aug 29 22:08:30 2011 From: shopik at inblock.ru (Nikolay Shopik) Date: Mon, 29 Aug 2011 23:08:30 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5B9682.1040408@yandex.ru> References: <4E5B9682.1040408@yandex.ru> Message-ID: <4E5BE3AE.7080303@inblock.ru> On 29.08.2011 17:39, Stanislav Klinkov wrote: > So, according to source code, Dovecot tries to find in krb5.keytab a > principal named "imap at hostname". However wiki says to create the > principal named "imap/hostname at REALM". > > Please, clarify where is the error: in source code, in wiki, or I have > misunderstood something. Your principial in keytab should look like this - imap/mail.example.com at EXAMPLE.COM Make sure your realm name are all CAPS, otherwise it won't work. From steve at toth.org.uk Tue Aug 30 02:15:09 2011 From: steve at toth.org.uk (Stephen Feyrer) Date: Tue, 30 Aug 2011 00:15:09 +0100 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: Hi. Thanks, I'll give that a try. -- Kind regards Stephen Feyrer. On Mon, 29 Aug 2011 09:04:01 +0100, Joseph Tam wrote: > "Stephen Feyrer" writes: > >> I've made a new attempt at build Dovecot. The build and then install >> processes appeared to work find. Then when I try to run Dovecot it >> reports the error: >> >> /share/MD0_DATA/optware/opt/sbin/dovecot: error while loading shared >> libraries: libdovecot.so.0: cannot open shared object file: No such file >> or directory > > In cases like this where I have no clue where an executable is trying to > load a library from, run a process trace tool (strace, truss, etc.) and > you > can see all the library run paths it's trying before failing. > > Joseph Tam From petre74 at yahoo.com Mon Aug 29 23:26:06 2011 From: petre74 at yahoo.com (Gelu Lupas) Date: Mon, 29 Aug 2011 13:26:06 -0700 (PDT) Subject: [Dovecot] dovecot w/ libwrap on fbsd Message-ID: <1314649566.96249.YahooMailNeo@web111509.mail.gq1.yahoo.com> Dovecot with libwrap doesn't work on FreeBSD for some reason or another. I have these lines in my /etc/hosts.allow: ALL: LOCAL 127.0.0.1: allow pop3: ALL: allow ALL: ALL: deny Yet when you try to telnet to localhost, port 110 this is what happens: Aug 29 22:48:38 dodo dovecot: pop3-login: Error: connect(tcpwrap) failed: Permission denied I also tried auth_debug=yes to see what's wrong but it only shows the processes which handled the connection, no extra info with the reason why it failed. Here's the config: # 2.0.13: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 7.4-RELEASE i386? auth_mechanisms = plain login base_dir = /var/run/dovecot/ disable_plaintext_auth = no dotlock_use_excl = no first_valid_uid = 1000 listen = * login_access_sockets = tcpwrap login_greeting = login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c mail_location = mbox:~/Mail/:INBOX=/var/mail/%u mail_log_prefix = "%Us(%u): " mail_privileged_group = mail maildir_copy_with_hardlinks = no passdb { ? driver = pam } protocols = pop3 service auth { ? executable = /usr/local/libexec/dovecot/auth ? unix_listener /var/spool/postfix/private/auth { ??? group = postfix ??? mode = 0660 ??? user = postfix ? } ? user = root ? vsz_limit = 64 M } service imap-login { ? chroot = login ? client_limit = 128 ? process_limit = 32 ? process_min_avail = 3 ? service_count = 1 ? user = dovecot ? vsz_limit = 32 M } service imap { ? drop_priv_before_exec = no ? process_limit = 128 ? vsz_limit = 256 M } service pop3-login { ? chroot = login ? client_limit = 128 ? process_limit = 32 ? process_min_avail = 3 ? service_count = 1 ? user = dovecot ? vsz_limit = 32 M } service pop3 { ? drop_priv_before_exec = no ? process_limit = 128 ? vsz_limit = 256 M } service tcpwrap { ? unix_listener login/tcpwrap { ??? group = $default_login_user ??? mode = 0600 ??? user = $default_login_user ? } } ssl_cert = References: <1314649566.96249.YahooMailNeo@web111509.mail.gq1.yahoo.com> Message-ID: <1314673433.8787.9.camel@hurina> On Mon, 2011-08-29 at 13:26 -0700, Gelu Lupas wrote: > Aug 29 22:48:38 dodo dovecot: pop3-login: Error: connect(tcpwrap) failed: Permission denied Service permissions are set wrong. > service imap-login { > user = dovecot > } > service pop3-login { > user = dovecot > } You have explicitly changed the login process user above. > service tcpwrap { > unix_listener login/tcpwrap { > group = $default_login_user This group isn't right.. The default is taken from user's default group, so just don't set it. > user = $default_login_user Here you're using default_login_user, which most likely isn't the same as what the login processes are using ("dovecot"). So your solution is to remove the explicit user=dovecot from login services and then possibly set default_login_user=dovecot if you really want that (dovenull user is the default and preferred one). From tss at iki.fi Tue Aug 30 06:11:17 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 30 Aug 2011 06:11:17 +0300 Subject: [Dovecot] File Permissions and delivery In-Reply-To: <011801cc665e$5156be20$f4043a60$@brereton@buongiorno.com> References: <001701cc6413$20e693c0$62b3bb40$@brereton@buongiorno.com> <1314588283.4008.9.camel@hurina> <011801cc665e$5156be20$f4043a60$@brereton@buongiorno.com> Message-ID: <1314673879.8787.10.camel@hurina> On Mon, 2011-08-29 at 11:14 -0400, Simon Brereton wrote: > Aug 29 15:59:14 mail dovecot: deliver(simon at lydiard.net): stat(/var/spool/mail/virtual/domain.net/simon/tmp) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +x perm: /var/spool/mail/virtual) > > Even if I make EVERTHING under /var/spool/mail/virtual/* owned by mailsystem:mailsystem - and reload postfix and restart doevcot. But you didn't change the /var/spool/mail/virtual directory itself? (Like the error message says.) From tss at iki.fi Tue Aug 30 06:13:33 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 30 Aug 2011 06:13:33 +0300 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <4E5B5F92.2050701@um.es> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> <4E577CF2.2070800@um.es> <1314588382.4008.11.camel@hurina> <4E5B5F92.2050701@um.es> Message-ID: <1314674016.8787.12.camel@hurina> On Mon, 2011-08-29 at 11:44 +0200, Angel L. Mateo wrote: > >> Is there any way to configure ldap connection with a keepalive, so I > >> don't need a reconnection? > > > > Nope. But you could configure your LDAP server to idle-disconnect after > > some amount of time. > > > I know it, but configuring LDAP server does not resolve the problem, > because the error (in fact it's just an informational message) still > appears. Why? If LDAP server idle-disconnects after 61 seconds and before NAT timeout then Dovecot doesn't log anything about it. From klinkov at yandex.ru Tue Aug 30 08:24:19 2011 From: klinkov at yandex.ru (Stanislav Klinkov) Date: Tue, 30 Aug 2011 09:24:19 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5BE3AE.7080303@inblock.ru> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> Message-ID: <4E5C7403.6020008@yandex.ru> > Your principial in keytab should look like this - > imap/mail.example.com at EXAMPLE.COM > Make sure your realm name are all CAPS, otherwise it won't work. Thank you, Captain Obvious. From amateo at um.es Tue Aug 30 09:38:49 2011 From: amateo at um.es (Angel L. Mateo) Date: Tue, 30 Aug 2011 08:38:49 +0200 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <1314674016.8787.12.camel@hurina> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> <4E577CF2.2070800@um.es> <1314588382.4008.11.camel@hurina> <4E5B5F92.2050701@um.es> <1314674016.8787.12.camel@hurina> Message-ID: <4E5C8579.7020901@um.es> El 30/08/11 05:13, Timo Sirainen escribi?: > On Mon, 2011-08-29 at 11:44 +0200, Angel L. Mateo wrote: >>>> Is there any way to configure ldap connection with a keepalive, so I >>>> don't need a reconnection? >>> >>> Nope. But you could configure your LDAP server to idle-disconnect after >>> some amount of time. >>> >> I know it, but configuring LDAP server does not resolve the problem, >> because the error (in fact it's just an informational message) still >> appears. > > Why? If LDAP server idle-disconnects after 61 seconds and before NAT > timeout then Dovecot doesn't log anything about it. > I have tried this. My LDAP server closed the connection, but dovecot logged the message. I guess that, for dovecot, is the same situation: it has to auth a user, but it hasn't got any active connection to the ldap server. -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From dlie76 at yahoo.com.au Tue Aug 30 10:09:56 2011 From: dlie76 at yahoo.com.au (Daminto Lie) Date: Tue, 30 Aug 2011 00:09:56 -0700 (PDT) Subject: [Dovecot] ldap authentication Message-ID: <1314688196.77579.YahooMailNeo@web113401.mail.gq1.yahoo.com> Hi, I have got Postfix, Dovecot IMAP and squirrelmail up and running on my ubuntu server 10.04 for a testing purpose. My question is in order to be able to login, do I need to create user accounts for each users on the server? I have about 20 users at the moment, and it's going to take time. I was thinking of using LDAP and have the dovecot authentication through LDAP. This way, I do not have to create accounts for 20 users on the server. The dovecot can just authenticate users by looking them up against the LDAP. I wonder if anyone would be able to share some guides as to how to set it up to work with Postfix and Dovecot. Thank you From tss at iki.fi Tue Aug 30 12:41:26 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 30 Aug 2011 12:41:26 +0300 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <4E5C8579.7020901@um.es> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> <4E577CF2.2070800@um.es> <1314588382.4008.11.camel@hurina> <4E5B5F92.2050701@um.es> <1314674016.8787.12.camel@hurina> <4E5C8579.7020901@um.es> Message-ID: <8800BF81-484F-4497-A33C-4DF85956C54A@iki.fi> On 30.8.2011, at 9.38, Angel L. Mateo wrote: >> Why? If LDAP server idle-disconnects after 61 seconds and before NAT >> timeout then Dovecot doesn't log anything about it. >> > I have tried this. My LDAP server closed the connection, but dovecot logged the message. I guess that, for dovecot, is the same situation: it has to auth a user, but it hasn't got any active connection to the ldap server. Yeah, that happens if the disconnection is noticed at the time when user is trying to authenticate. But if the disconnection is noticed immediately when there are no user requests, there is also no message logged about it. From pelle2004 at hotmail.com Tue Aug 30 13:10:08 2011 From: pelle2004 at hotmail.com (Pelle Svensson) Date: Tue, 30 Aug 2011 12:10:08 +0200 Subject: [Dovecot] Dovecot service needs a second restart after boot - euid is not dir owner In-Reply-To: <1314582263.4008.3.camel@hurina> References: , <1314582263.4008.3.camel@hurina> Message-ID: I have solved it, it was an SELinux isuue. init.d seems to have different SELinux rools than 'service restart dovecot' at command prompt. /Thanks. > From: tss at iki.fi > To: pelle2004 at hotmail.com > Date: Mon, 29 Aug 2011 04:44:19 +0300 > CC: dovecot at dovecot.org > Subject: Re: [Dovecot] Dovecot service needs a second restart after boot - euid is not dir owner > > On Sun, 2011-08-28 at 11:50 +0200, Pelle Svensson wrote: > > After reboot dovecot service need a restart. > > dovecot service starts as S99dovecot with only S99rc-local coming up. > > > > After boot following error is filled up in dovecot.log > > > > Aug 28 11:33:12 imap(vuser): Error: open(/home/fetchmail/mailroot/map/dovecot.index.log) failed: Permission denied (euid=500(vuser) egid=500(vuser) missing +r perm: /home/fetchmail/mailroot/map/dovecot.index.log, euid is not dir owner) > > Aug 28 11:33:12 imap(vuser): Error: file_dotlock_create(/home/fetchmail/mailroot/map/dovecot-uidlist) failed: Permission denied (euid=500(fetchmail) egid=500(fetchmail) missing +w perm: /home/fetchmail/mailroot/map, euid is not dir owner) > > Aug 28 11:33:12 imap(vuser): Error: open(/home/fetchmail/mailroot/map/dovecot-uidlist) failed: Permission denied > > > > After Linux has booted you just issue > > service dovecot restart > > > > And everything is back to normal and no error. > > Does it actually need the restart? If you don't restart, do these errors > just keep happening forever? > > I'd guess that the NFS hasn't fully finished mounting by the time > Dovecot runs so it fails with these errors.. I'm not really sure though. > In any case I don't think there's anything Dovecot can do about this. > > From pelle2004 at hotmail.com Tue Aug 30 15:54:42 2011 From: pelle2004 at hotmail.com (Pelle Svensson) Date: Tue, 30 Aug 2011 14:54:42 +0200 Subject: [Dovecot] Virtual user and post-login 2.0.13 In-Reply-To: <1314588056.4008.7.camel@hurina> References: ,, <4E57E8CE.1020808@datahelper.com>, , <1314588056.4008.7.camel@hurina> Message-ID: You are right! It works now! > From: tss at iki.fi > To: pelle2004 at hotmail.com > Date: Mon, 29 Aug 2011 06:20:54 +0300 > CC: dovecot at dovecot.org > Subject: Re: [Dovecot] Virtual user and post-login 2.0.13 > > On Sat, 2011-08-27 at 16:54 +0200, Pelle Svensson wrote: > > dovecot-postlogin.sh (executed as root) > > ============= > > #!/bin/sh > > > > date >>/home/fetchmail/script.log > > > > kill -s 10 `cat /home/fetchmail/.fetchmail.pid | head -n 1` >>/home/fetchmail/script.log > > > > exit 0 > > exec "$@", not exit 0 as http://wiki2.dovecot.org/PostLoginScripting > shows. > > From simon.brereton at buongiorno.com Tue Aug 30 16:47:04 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Tue, 30 Aug 2011 09:47:04 -0400 Subject: [Dovecot] File Permissions and delivery In-Reply-To: <1314673879.8787.10.camel@hurina> References: <001701cc6413$20e693c0$62b3bb40$@brereton@buongiorno.com> <1314588283.4008.9.camel@hurina> <011801cc665e$5156be20$f4043a60$@brereton@buongiorno.com> <1314673879.8787.10.camel@hurina> Message-ID: <013801cc671b$4e3f9730$eabec590$@brereton@buongiorno.com> > -----Original Message----- > From: Timo Sirainen [mailto:tss at iki.fi] > > On Mon, 2011-08-29 at 11:14 -0400, Simon Brereton wrote: > > Aug 29 15:59:14 mail dovecot: deliver(simon at lydiard.net): > stat(/var/spool/mail/virtual/domain.net/simon/tmp) failed: Permission > denied (euid=999(mailsystem) egid=115(mailsystem) missing +x perm: > /var/spool/mail/virtual) > > > > Even if I make EVERTHING under /var/spool/mail/virtual/* owned by > mailsystem:mailsystem - and reload postfix and restart doevcot. > > But you didn't change the /var/spool/mail/virtual directory itself? > (Like the error message says.) Yes, after sitting looking at that error message for a while, I tried that and it seems to work. I'm confused now as to why is works on the test system - but nonetheless thank you. Simon From Ralf.Hildebrandt at charite.de Tue Aug 30 17:48:53 2011 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Tue, 30 Aug 2011 16:48:53 +0200 Subject: [Dovecot] Message flags Message-ID: <20110830144853.GC24403@charite.de> How do I set message flags in sieve rules in such a way that e.g. Thunderbird is displaying the mail as "important"? Is there a list of hwo flags are interpreted by different IMAP clients? -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From simon.brereton at buongiorno.com Tue Aug 30 18:21:07 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Tue, 30 Aug 2011 11:21:07 -0400 Subject: [Dovecot] Sub-folder outside of the mail store Message-ID: <017801cc6728$715ec210$541c4630$@brereton@buongiorno.com> Hi How do I create an IMAP folder that links to a folder outside of the mail store? For example, I have all domains under /var/spool/mail/virtual/domains.net/ and users under /var/spool/mail/virtual/domains.net/user Amavis delivers quarantine mail to /var/spool/mail/quarantine I would like one user (postmaster) to have a folder /var/spool/mail/virtual/domains.net/postmaster/.Quarantine and link it to that folder - is that possible? Is it safe? The client the postmaster uses can then reinject and deliver the mail if need be (i.e. it's safe or the attachment has been stripped). Thanks. Simon From stephan at rename-it.nl Tue Aug 30 18:37:23 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 30 Aug 2011 17:37:23 +0200 Subject: [Dovecot] Message flags In-Reply-To: <20110830144853.GC24403@charite.de> References: <20110830144853.GC24403@charite.de> Message-ID: <4E5D03B3.3080200@rename-it.nl> Op 30-8-2011 16:48, Ralf Hildebrandt schreef: > How do I set message flags in sieve rules in such a way that e.g. > Thunderbird is displaying the mail as "important"? Is there a list of > hwo flags are interpreted by different IMAP clients? > I'm assuming IMAP flags support (http://tools.ietf.org/html/rfc3501#section-2.3.2) should be similar for most clients, although their exact use may differ. In Thunderbird, the \Answered flag is used for replied mail and the \Flagged flag maps to 'starred' e-mail. (Don't forget to duplicate the '\' in Sieve!) Regarding keywords, there is RFC5788 (http://tools.ietf.org/html/rfc5788), from which at least $Forwarded and $MDNSent are used by Thunderbird. Other keywords used by Thunderbird are entirely custom: $label1: Important (red) $label2: Work (orange) $label3: Personal (green) $label4: ToDo (blue) $label5: Later (violet) Junk: Marked as junk mail NonJunk: Marked as regular mail There is also an example in the wiki: http://wiki2.dovecot.org/Pigeonhole/Sieve/Examples#Flagging_or_Highlighting_your_mail Regards, Stephan. From slusarz at curecanti.org Tue Aug 30 18:39:04 2011 From: slusarz at curecanti.org (Michael M Slusarz) Date: Tue, 30 Aug 2011 09:39:04 -0600 Subject: [Dovecot] Message flags In-Reply-To: <20110830144853.GC24403@charite.de> References: <20110830144853.GC24403@charite.de> Message-ID: <20110830093904.Horde.SIsIOYF5lbhOXQQYU32T7oA@bigworm.curecanti.org> Quoting Ralf Hildebrandt : > How do I set message flags in sieve rules in such a way that e.g. > Thunderbird is displaying the mail as "important"? Is there a list of > hwo flags are interpreted by different IMAP clients? There is no standard/defined "important" IMAP flag/keyword. Thunderbird is most likely using the X-Priority pseudo-standard header in the message itself (which makes sense: it is the sender's intention of the message's importance which should be displayed, not the receiver's. Objections to this reasoning by some is likely the reason the header has never been standardized). michael From lcotton at securecms.com Tue Aug 30 18:01:24 2011 From: lcotton at securecms.com (Lance Cotton) Date: Tue, 30 Aug 2011 10:01:24 -0500 Subject: [Dovecot] Message flags In-Reply-To: <20110830144853.GC24403@charite.de> References: <20110830144853.GC24403@charite.de> Message-ID: <4E5CFB44.9050204@securecms.com> On 8/30/2011 9:48 AM, Ralf Hildebrandt wrote: > How do I set message flags in sieve rules in such a way that e.g. > Thunderbird is displaying the mail as "important"? Is there a list of > hwo flags are interpreted by different IMAP clients? The wiki: http://wiki2.dovecot.org/Pigeonhole/Sieve/Examples addflag "$label1"; # ie 'Important'/red label within Thunderbird # Other flags: # addflag "$label1"; # Important: #ff0000 => red # addflag "$label2"; # Work: #ff9900 => orange # addflag "$label3"; # personal: #009900 => green # addflag "$label4"; # todo: #3333ff => blue # addflag "$label5"; # later: #993399 => violet -- Lance Cotton From steve at toth.org.uk Tue Aug 30 19:46:57 2011 From: steve at toth.org.uk (Stephen Feyrer) Date: Tue, 30 Aug 2011 17:46:57 +0100 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: Hi. Having just removed a number of configure options from the cross compilers recipe to simplify the problem I think one of those I took away overrode --without-shared-libs. Now it seems to install and run cleanly. Even so, while building the ipackage I spotted some warnings. Could these because by my build environment? After some testing I'll let you know if the current dovecot build works. I really appreciate your support and patience, thank you. *** Warning: Linking the shared library lib02_imap_acl_plugin.la against the loadable module *** lib01_acl_plugin.so is not portable! *** Warning: Linking the shared library lib21_fts_squat_plugin.la against the loadable module *** lib20_fts_plugin.so is not portable! *** Warning: Linking the shared library lib20_mail_log_plugin.la against the loadable module *** lib15_notify_plugin.so is not portable! *** Warning: Linking the shared library lib11_imap_quota_plugin.la against the loadable module *** lib10_quota_plugin.so is not portable! *** Warning: Linking the shared library lib30_imap_zlib_plugin.la against the loadable module *** lib20_zlib_plugin.so is not portable! The current cross compile ./configure: i_cv_epoll_works=no \ i_cv_inotify_works=no \ i_cv_posix_fallocate_works=no \ i_cv_signed_size_t=no \ i_cv_gmtime_max_time_t=32 \ i_cv_signed_time_t=yes \ i_cv_mmap_plays_with_write=yes \ i_cv_fd_passing=yes \ i_cv_c99_vsnprintf=yes \ lib_cv_va_copy=yes lib_cv___va_copy=yes \ lib_cv_va_val_copy=yes \ ./configure \ $(DOVECOT_CONFIGURE) \ --build=$(GNU_HOST_NAME) \ --host=$(GNU_TARGET_NAME) \ --target=$(GNU_TARGET_NAME) \ --prefix=/opt \ --without-shared-libs \ --with-notify=dnotify \ --localstatedir=/opt/var \ --with-ioloop=poll; \ old ./configure: i_cv_epoll_works=no i_cv_inotify_works=no i_cv_posix_fallocate_works=no i_cv_signed_size_t=no i_cv_gmtime_max_time_t=32 i_cv_signed_time_t=yes i_cv_mmap_plays_with_write=yes i_cv_fd_passing=yes i_cv_c99_vsnprintf=yes lib_cv_va_copy=yes lib_cv___va_copy=yes lib_cv_va_val_copy=yes ./configure --enable-devel-checks --without-shared-libs\ $(DOVECOT_CONFIGURE) \ --build=$(GNU_HOST_NAME) \ --host=$(GNU_TARGET_NAME) \ --target=$(GNU_TARGET_NAME) \ --prefix=/opt \ --disable-static \ --without-gssapi \ --without-pam \ --with-notify=dnotify \ --sysconfdir=/opt/etc/dovecot \ --localstatedir=/opt/var \ --with-ssldir=/opt/etc/dovecot \ --without-sql-drivers \ --with-ioloop=poll; \ /opt/dovecoti] # ipkg install dovecot_2.0.14-2_arm.ipk Installing dovecot (2.0.14-2) to root... Configuration file '/opt/etc/dovecot/dovecot.conf' ==> File on system created by you or by a script. ==> File also in package provided by package maintainer. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions (if diff is installed) The default action is to keep your current version. *** dovecot.conf (Y/I/N/O/D) [default=N] ?n Configuring dovecot /opt/sbin/dovecot: error while loading shared libraries: libdovecot.so.0: cannot open shared object file: No such file or directory postinst script returned status 127 ERROR: dovecot.postinst returned 127 Successfully terminated. [/opt/dovecoti] # strace dovecot -F execve("/opt/sbin/dovecot", ["dovecot", "-F"], [/* 23 vars */]) = 0 uname({sys="Linux", node="nas2", ...}) = 0 brk(0) = 0x1c000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/opt/lib/v5l/fast-mult/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib/v5l/fast-mult/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/opt/lib/v5l/fast-mult/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib/v5l/fast-mult", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/opt/lib/v5l/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib/v5l/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/opt/lib/v5l/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib/v5l", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/opt/lib/fast-mult/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib/fast-mult/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/opt/lib/fast-mult/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib/fast-mult", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/opt/lib/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/opt/lib/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib", {st_mode=S_IFDIR|0755, st_size=17592186044416, ...}) = 0 open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=17592186044416, ...}) = 0 mmap2(NULL, 10345, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40015000 close(3) = 0 open("/lib/v5l/fast-mult/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib/v5l/fast-mult/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/lib/v5l/fast-mult/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib/v5l/fast-mult", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/lib/v5l/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib/v5l/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/lib/v5l/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib/v5l", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/lib/fast-mult/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib/fast-mult/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/lib/fast-mult/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib/fast-mult", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/lib/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/lib/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib", {st_mode=S_IFDIR|0755, st_size=17592186044416, ...}) = 0 open("/usr/lib/v5l/fast-mult/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/v5l/fast-mult/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/usr/lib/v5l/fast-mult/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/v5l/fast-mult", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/usr/lib/v5l/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/v5l/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/usr/lib/v5l/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/v5l", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/usr/lib/fast-mult/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/fast-mult/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/usr/lib/fast-mult/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/fast-mult", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/usr/lib/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/usr/lib/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib", {st_mode=S_IFDIR|0755, st_size=17592186044416, ...}) = 0 writev(2, [{"dovecot", 7}, {": ", 2}, {"error while loading shared libra"..., 36}, {": ", 2}, {"libdovecot.so.0", 15}, {": ", 2}, {"cannot open shared object file", 30}, {": ", 2}, {"No such file or directory", 25}, {"\n", 1}], 10dovecot: error while loading shared libraries: libdovecot.so.0: cannot open shared object file: No such file or directory ) = 122 exit_group(127) = ? The outcome of the native compile: [/opt/dovecoti] # ./configure --prefix=/opt --enable-devel-checks --enable-maintainer-mode [/opt/etc/dovecot] # gdb --args dovecot -F [snip] This GDB was configured as "arm-none-linux-gnueabi"... (gdb) run Starting program: /share/MD0_DATA/optware/opt/sbin/dovecot -F Panic: Leaked file fd 3: dev 9.0 inode 53040060 Program received signal SIGABRT, Aborted. 0x400c2374 in kill () from /lib/libc.so.6 (gdb) bt full #0 0x400c2374 in kill () from /lib/libc.so.6 No symbol table info available. #1 0x400c21a8 in raise () from /lib/libc.so.6 No symbol table info available. #2 0x400c3328 in abort () from /lib/libc.so.6 No symbol table info available. Backtrace stopped: frame did not save the PC (gdb) quit The program is running. Exit anyway? (y or n) y On Tue, 30 Aug 2011 00:15:09 +0100, Stephen Feyrer wrote: > Hi. > > Thanks, I'll give that a try. > > > -- > Kind regards > > Stephen Feyrer. > > > > On Mon, 29 Aug 2011 09:04:01 +0100, Joseph Tam > wrote: > >> "Stephen Feyrer" writes: >> >>> I've made a new attempt at build Dovecot. The build and then install >>> processes appeared to work find. Then when I try to run Dovecot it >>> reports the error: >>> >>> /share/MD0_DATA/optware/opt/sbin/dovecot: error while loading shared >>> libraries: libdovecot.so.0: cannot open shared object file: No such >>> file >>> or directory >> >> In cases like this where I have no clue where an executable is trying to >> load a library from, run a process trace tool (strace, truss, etc.) and >> you >> can see all the library run paths it's trying before failing. >> >> Joseph Tam From tss at iki.fi Tue Aug 30 20:13:14 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 30 Aug 2011 20:13:14 +0300 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: On 30.8.2011, at 19.46, Stephen Feyrer wrote: > *** Warning: Linking the shared library lib02_imap_acl_plugin.la against the loadable module > *** lib01_acl_plugin.so is not portable! This is normal. > /opt/sbin/dovecot: error while loading shared libraries: libdovecot.so.0: cannot open shared object file: No such file or directory So it's still not working? I guess the libdovecot.so.0 simply isn't in library paths. Typically giving linker -rpath parameter pointing to libdovecot.so.0 makes this problem invisible, but I guess in your system it doesn't do this. > The outcome of the native compile: > [/opt/dovecoti] # ./configure --prefix=/opt --enable-devel-checks --enable-maintainer-mode --enable-devel-checks is pretty useless unless you're developing Dovecot. > [/opt/etc/dovecot] # gdb --args dovecot -F > [snip] > This GDB was configured as "arm-none-linux-gnueabi"... > (gdb) run > Starting program: /share/MD0_DATA/optware/opt/sbin/dovecot -F > Panic: Leaked file fd 3: dev 9.0 inode 53040060 This panic is caused by the --enable-devel-check. It wouldn't have crashed otherwise. You could work around it by setting GDB=1 environment. From public-mail at alekciy.ru Tue Aug 30 21:03:41 2011 From: public-mail at alekciy.ru (=?UTF-8?B?0JDQu9C10LrRgdC10Lkg0KHRg9C90LTRg9C60L7Qsg==?=) Date: Tue, 30 Aug 2011 22:03:41 +0400 Subject: [Dovecot] Message flags In-Reply-To: <20110830144853.GC24403@charite.de> References: <20110830144853.GC24403@charite.de> Message-ID: See also this thread: http://www.mail-archive.com/dovecot at dovecot.org/msg37734.html and https://bugzilla.mozilla.org/show_bug.cgi?id=650623 I hope this fix in the future. 2011/8/30 Ralf Hildebrandt : > How do I set message flags in sieve rules in such a way that e.g. > Thunderbird is displaying the mail as "important"? Is there a list of > hwo flags are interpreted by different IMAP clients? > > -- > Ralf Hildebrandt > ?Gesch?ftsbereich IT | Abteilung Netzwerk > ?Charit? - Universit?tsmedizin Berlin > ?Campus Benjamin Franklin > ?Hindenburgdamm 30 | D-12203 Berlin > ?Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 > ?ralf.hildebrandt at charite.de | http://www.charite.de > > From slusarz at curecanti.org Tue Aug 30 21:18:19 2011 From: slusarz at curecanti.org (Michael M Slusarz) Date: Tue, 30 Aug 2011 12:18:19 -0600 Subject: [Dovecot] Message flags In-Reply-To: References: <20110830144853.GC24403@charite.de> Message-ID: <20110830121819.Horde.t4bPNoF5lbhOXSlri2aVPeA@bigworm.curecanti.org> Quoting ??????? ???????? : > See also this thread: > http://www.mail-archive.com/dovecot at dovecot.org/msg37734.html This has nothing to do with this issue. As mentioned in that thread, there is no standard for non-UTF7 characters in keywords. The OP here just wants to know if a standard flag exists that corresponds to the Important tag in Thunderbird. > https://bugzilla.mozilla.org/show_bug.cgi?id=650623 This bug is bogus. Flags/keywords are case insensitive. michael From shopik at inblock.ru Tue Aug 30 21:50:52 2011 From: shopik at inblock.ru (Nikolay Shopik) Date: Tue, 30 Aug 2011 22:50:52 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5C7403.6020008@yandex.ru> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> Message-ID: On 30.08.2011 9:24, Stanislav Klinkov wrote: > >> Your principial in keytab should look like this - >> imap/mail.example.com at EXAMPLE.COM >> Make sure your realm name are all CAPS, otherwise it won't work. > Thank you, Captain Obvious. > Why such hostility? A lot people miss that, nothing special here. And I did answer your second question about how principal should looks like. Because mech-gssapi.c wasn't changed in years, so I doubt anything changed in 2.0 version compare to 1.2 series in GSSAPI. Maybe I wrong, not running yet 2.0. Make sure your client requesting correct principal in first place. "Wrong principal in request", Usually means the principal in the system keytab for your system doesn't agree with the hostname or DNS name of the system. From steve at toth.org.uk Tue Aug 30 22:16:34 2011 From: steve at toth.org.uk (Stephen Feyrer) Date: Tue, 30 Aug 2011 20:16:34 +0100 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: Hi. Dovecot appears to be running (testing required). /opt/sbin/dovecot:dovecot/anvil:dovecot/log:dovecot/config On Tue, 30 Aug 2011 18:13:14 +0100, Timo Sirainen wrote: > On 30.8.2011, at 19.46, Stephen Feyrer wrote: > >> *** Warning: Linking the shared library lib02_imap_acl_plugin.la >> against the loadable module >> *** lib01_acl_plugin.so is not portable! > > This is normal. Okay. >> /opt/sbin/dovecot: error while loading shared libraries: >> libdovecot.so.0: cannot open shared object file: No such file or >> directory > > So it's still not working? I guess the libdovecot.so.0 simply isn't in > library paths. Typically giving linker -rpath parameter pointing to > libdovecot.so.0 makes this problem invisible, but I guess in your system > it doesn't do this. So far Dovecot seems to be running. I don't want to say it's working or not until I've done some tests. This is using --without-shared-libraries. If it's just the linker in my system that's broken then this is an adequate solution. Otherwise any information I can produce might be useful to you is desirable. >> The outcome of the native compile: >> [/opt/dovecoti] # ./configure --prefix=/opt --enable-devel-checks >> --enable-maintainer-mode > > --enable-devel-checks is pretty useless unless you're developing Dovecot. > >> [/opt/etc/dovecot] # gdb --args dovecot -F >> [snip] >> This GDB was configured as "arm-none-linux-gnueabi"... >> (gdb) run >> Starting program: /share/MD0_DATA/optware/opt/sbin/dovecot -F >> Panic: Leaked file fd 3: dev 9.0 inode 53040060 > > This panic is caused by the --enable-devel-check. It wouldn't have > crashed otherwise. You could work around it by setting GDB=1 environment. I put --enable-devel-check in there in the vain hope that it'd elicit anything useful. I would suspect that this is again the build environment. I won't included in any further tests. Thanks again. -- Kind regards Stephen Feyrer. From dmiller at amfes.com Wed Aug 31 00:43:33 2011 From: dmiller at amfes.com (Daniel L. Miller) Date: Tue, 30 Aug 2011 14:43:33 -0700 Subject: [Dovecot] OT - small hd recommendation Message-ID: A little OT - but I've seen a few opinions voiced here by various admins and I'd like to benefit. Currently running a single combined server for multiple operations - fileserver, mailserver, webserver, virtual server, and whatever else pops up. Current incarnation of the machine, after the last rebuild, is an AMD Opteron 4180 with a Supermicro MB using ATI SB700 chipset - which means it supports SATA 3.0. Current storage is one o/s drive, and a 4-drive RAID10 array. The RAID10 is using the Linux softraid via mdadm. The drives are Seagates - ST3160811AS. So it's 320GB of storage, and SATA 1.5. I'm seeing some warnings & errors in my logs & dmesg - and Google tells me this can the result of several factors, including the hard drives. I haven't seen any SMART warnings as yet - but I am getting a little nervous and thinking about upgrading the storage. At this time, I'm just interested in recommendations for hard drives & partitioning strategy. At the time I created the RAID10 array - I was still in the early stages of learning these technologies (not that I know that much more now!) so I probably didn't take advantage of any of the advanced settings such as stripe size, cluster size, etc. I am using XFS. As part of the potential upgrade, I'm considering changing to RAID6 - seems a bit more efficient use of space. I see no reason for SSD - I think a set of reasonable 7200rpm drives should be just fine. What I don't know is, compared to my current 4 drive RAID10 with SATA 1.5, would even a single SATA 3 drive be comparable in terms of seek performance? Should I stick with the RAID-10? -- Daniel From wgillespie+dovecot at es2eng.com Wed Aug 31 01:08:31 2011 From: wgillespie+dovecot at es2eng.com (Willie Gillespie) Date: Tue, 30 Aug 2011 16:08:31 -0600 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> Message-ID: <4E5D5F5F.4030305@es2eng.com> On 08/30/2011 12:50 PM, Nikolay Shopik wrote: > On 30.08.2011 9:24, Stanislav Klinkov wrote: >> >>> Your principial in keytab should look like this - >>> imap/mail.example.com at EXAMPLE.COM >>> Make sure your realm name are all CAPS, otherwise it won't work. >> Thank you, Captain Obvious. >> > > Why such hostility? A lot people miss that, nothing special here. And I > did answer your second question about how principal should looks like. Agreed. I am unlikely to help with this problem now due to lack of common courtesy. From steve at toth.org.uk Wed Aug 31 03:00:53 2011 From: steve at toth.org.uk (Stephen Feyrer) Date: Wed, 31 Aug 2011 01:00:53 +0100 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: Hi. On Tue, 30 Aug 2011 18:13:14 +0100, Timo Sirainen wrote: > On 30.8.2011, at 19.46, Stephen Feyrer wrote: > >> /opt/sbin/dovecot: error while loading shared libraries: >> libdovecot.so.0: cannot open shared object file: No such file or >> directory > > So it's still not working? I guess the libdovecot.so.0 simply isn't in > library paths. Typically giving linker -rpath parameter pointing to > libdovecot.so.0 makes this problem invisible, but I guess in your system > it doesn't do this. I am planning to use Dovecot SASL with Sendmail as well, will this lack of shared libraries cause a problem? Really I should have thought of this before. I guess I'm going to have to start tracking down the actual source of my linker problem. -- Kind regards. Stephen Feyrer. From patrickdk at patrickdk.com Wed Aug 31 03:51:41 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Tue, 30 Aug 2011 20:51:41 -0400 Subject: [Dovecot] OT - small hd recommendation In-Reply-To: References: Message-ID: <20110830205141.Horde.yw3BXpLnE6FOXYWdD6QXiIA@mail.patrickdk.com> SATA 1 vs SATA 3 won't change the seek performance of the drive, unless your stay fully within the drives cache. Only 2 things affect how many iops you can get from a drive. The physical diameter and the speed. You can affect the physical diameter of the drive by selecting how much of the drive you use, like only using 200gigs out of a 500gig drive. If you do opt for raid6, that would be a huge cpu overhead, and if you stick with 4 drives, not worth it, every write would hit atleast 3 drives then, instead of just two they do currently, with no gain of space. Quoting "Daniel L. Miller" : > A little OT - but I've seen a few opinions voiced here by various > admins and I'd like to benefit. > > Currently running a single combined server for multiple operations - > fileserver, mailserver, webserver, virtual server, and whatever else > pops up. Current incarnation of the machine, after the last > rebuild, is an AMD Opteron 4180 with a Supermicro MB using ATI SB700 > chipset - which means it supports SATA 3.0. > > Current storage is one o/s drive, and a 4-drive RAID10 array. The > RAID10 is using the Linux softraid via mdadm. The drives are > Seagates - ST3160811AS. So it's 320GB of storage, and SATA 1.5. > > I'm seeing some warnings & errors in my logs & dmesg - and Google > tells me this can the result of several factors, including the hard > drives. I haven't seen any SMART warnings as yet - but I am getting > a little nervous and thinking about upgrading the storage. > > At this time, I'm just interested in recommendations for hard drives > & partitioning strategy. At the time I created the RAID10 array - I > was still in the early stages of learning these technologies (not > that I know that much more now!) so I probably didn't take advantage > of any of the advanced settings such as stripe size, cluster size, > etc. I am using XFS. > > As part of the potential upgrade, I'm considering changing to RAID6 > - seems a bit more efficient use of space. I see no reason for SSD > - I think a set of reasonable 7200rpm drives should be just fine. > What I don't know is, compared to my current 4 drive RAID10 with > SATA 1.5, would even a single SATA 3 drive be comparable in terms of > seek performance? Should I stick with the RAID-10? > -- > Daniel From tss at iki.fi Wed Aug 31 04:28:00 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 04:28:00 +0300 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: On 31.8.2011, at 3.00, Stephen Feyrer wrote: >> So it's still not working? I guess the libdovecot.so.0 simply isn't in library paths. Typically giving linker -rpath parameter pointing to libdovecot.so.0 makes this problem invisible, but I guess in your system it doesn't do this. > > I am planning to use Dovecot SASL with Sendmail as well, will this lack of shared libraries cause a problem? Really I should have thought of this before. I don't think Sendmail supports Dovecot SASL? If it does, it talks to Dovecot via UNIX socket and doesn't require any Dovecot libraries. From dlie76 at yahoo.com.au Wed Aug 31 07:09:32 2011 From: dlie76 at yahoo.com.au (Daminto Lie) Date: Tue, 30 Aug 2011 21:09:32 -0700 (PDT) Subject: [Dovecot] dovecot imap permission denied Message-ID: <1314763772.49414.YahooMailNeo@web113404.mail.gq1.yahoo.com> Hi, I received the following error from mail.log Aug 31 13:50:57 server1 dovecot: IMAP(mike_lee): mkdir(/home/mike_lee/Maildir/.INBOX.Sent/cur) failed: Permission denied (euid=1004 egid=1003(companyusergroup) missing +w perm: /home) What I have tried to do is changing the permission for /home by typing "sudo chmod 755 /home" and this does not work. What does it mean by missing +w perm: /home? and wonder how to get around it? This is what I have in main.cf from Postfix myhostname = server1 myorigin = /etc/mailname relayhost = mynetworks = 127.0.0.0/8, 192.168.1.0/24 inet_interfaces = all inet_protocols = ipv4 home_mailbox = Maildir/ smtpd_sasl_type = dovecot #smtpd_sasl_path = private/auth-client smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination #smtpd_sender_login_maps = ldap:/etc/postfix/ldap_senders.cf broken_sasl_auth_clients = yes #dovecot_destination_recipient_limit = 1 debug_peer_list = 127.0.0.1 debug_peer_level = 5 Any help is very much appreciated. Thank you From tss at iki.fi Wed Aug 31 08:02:53 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 08:02:53 +0300 Subject: [Dovecot] dovecot imap permission denied In-Reply-To: <1314763772.49414.YahooMailNeo@web113404.mail.gq1.yahoo.com> References: <1314763772.49414.YahooMailNeo@web113404.mail.gq1.yahoo.com> Message-ID: <1314766974.8787.26.camel@hurina> On Tue, 2011-08-30 at 21:09 -0700, Daminto Lie wrote: > Aug 31 13:50:57 server1 dovecot: IMAP(mike_lee): mkdir(/home/mike_lee/Maildir/.INBOX.Sent/cur) failed: Permission denied (euid=1004 egid=1003(companyusergroup) missing +w perm: /home) > > What I have tried to do is changing the permission for /home by typing "sudo chmod 755 /home" and this does not work. What does it mean by missing +w perm: /home? and wonder how to get around it? It means that Dovecot tries to deliver mails to mike_lee's Maildir, but /home/mike_lee/ directory itself doesn't exist, so Dovecot tries to create it, but it fails because the process doesn't have write permissions to /home. The best way to fix this would be to simply create the user home dirs with proper permissions before Dovecot ever tries to deliver mails to the user. From tss at iki.fi Wed Aug 31 08:05:04 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 08:05:04 +0300 Subject: [Dovecot] dovecot imap permission denied In-Reply-To: <1314766974.8787.26.camel@hurina> References: <1314763772.49414.YahooMailNeo@web113404.mail.gq1.yahoo.com> <1314766974.8787.26.camel@hurina> Message-ID: <1314767104.8787.28.camel@hurina> Oops, you confused me by giving Postfix config, which is completely irrelevant here. Replace "deliver mails" with "access mails". On Wed, 2011-08-31 at 08:02 +0300, Timo Sirainen wrote: > On Tue, 2011-08-30 at 21:09 -0700, Daminto Lie wrote: > > > Aug 31 13:50:57 server1 dovecot: IMAP(mike_lee): mkdir(/home/mike_lee/Maildir/.INBOX.Sent/cur) failed: Permission denied (euid=1004 egid=1003(companyusergroup) missing +w perm: /home) > > > > What I have tried to do is changing the permission for /home by typing "sudo chmod 755 /home" and this does not work. What does it mean by missing +w perm: /home? and wonder how to get around it? > > It means that Dovecot tries to deliver mails to mike_lee's Maildir, > but /home/mike_lee/ directory itself doesn't exist, so Dovecot tries to > create it, but it fails because the process doesn't have write > permissions to /home. > > The best way to fix this would be to simply create the user home dirs > with proper permissions before Dovecot ever tries to deliver mails to > the user. > > From dlie76 at yahoo.com.au Wed Aug 31 09:47:46 2011 From: dlie76 at yahoo.com.au (Daminto Lie) Date: Tue, 30 Aug 2011 23:47:46 -0700 (PDT) Subject: [Dovecot] dovecot imap permission denied In-Reply-To: <1314766974.8787.26.camel@hurina> References: <1314763772.49414.YahooMailNeo@web113404.mail.gq1.yahoo.com> <1314766974.8787.26.camel@hurina> Message-ID: <1314773266.74037.YahooMailNeo@web113409.mail.gq1.yahoo.com> Thanks a lot Timo, Creating directories for new users is not an issue. It's the permission that makes me headache. I tried the following sudo chmod o-r /home/$USER sudo chmod g+rw /home/$USER It did not work until I did chmod 777 /home. Is it safe to make home directory with permission 777? Thanks ________________________________ From: Timo Sirainen To: Daminto Lie Cc: "dovecot at dovecot.org" Sent: Wednesday, 31 August 2011 3:02 PM Subject: Re: [Dovecot] dovecot imap permission denied On Tue, 2011-08-30 at 21:09 -0700, Daminto Lie wrote: > Aug 31 13:50:57 server1 dovecot: IMAP(mike_lee): mkdir(/home/mike_lee/Maildir/.INBOX.Sent/cur) failed: Permission denied (euid=1004 egid=1003(companyusergroup) missing +w perm: /home) > > What I have tried to do is changing the permission for /home by typing "sudo chmod 755 /home" and this does not work. What does it mean by missing +w perm: /home? and wonder how to get around it? It means that Dovecot tries to deliver mails to mike_lee's Maildir, but /home/mike_lee/ directory itself doesn't exist, so Dovecot tries to create it, but it fails because the process doesn't have write permissions to /home. The best way to fix this would be to simply create the user home dirs with proper permissions before Dovecot ever tries to deliver mails to the user. From tss at iki.fi Wed Aug 31 09:52:07 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 09:52:07 +0300 Subject: [Dovecot] dovecot imap permission denied In-Reply-To: <1314773266.74037.YahooMailNeo@web113409.mail.gq1.yahoo.com> References: <1314763772.49414.YahooMailNeo@web113404.mail.gq1.yahoo.com> <1314766974.8787.26.camel@hurina> <1314773266.74037.YahooMailNeo@web113409.mail.gq1.yahoo.com> Message-ID: <69D3650A-1B43-42C7-8FBD-C921F80C5D5F@iki.fi> On 31.8.2011, at 9.47, Daminto Lie wrote: > Thanks a lot Timo, > > Creating directories for new users is not an issue. It's the permission that makes me headache. The error message you showed said that the user's home directory didn't exist, and the permission problem came only because it didn't exist and Dovecot tried to create it. > I tried the following > > sudo chmod o-r /home/$USER > sudo chmod g+rw /home/$USER > > It did not work until I did chmod 777 /home. Right, because only then did it have enough permissions to create the home dir. > Is it safe to make home directory with permission 777? No. From amateo at um.es Wed Aug 31 09:54:12 2011 From: amateo at um.es (Angel L. Mateo) Date: Wed, 31 Aug 2011 08:54:12 +0200 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <8800BF81-484F-4497-A33C-4DF85956C54A@iki.fi> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> <4E577CF2.2070800@um.es> <1314588382.4008.11.camel@hurina> <4E5B5F92.2050701@um.es> <1314674016.8787.12.camel@hurina> <4E5C8579.7020901@um.es> <8800BF81-484F-4497-A33C-4DF85956C54A@iki.fi> Message-ID: <4E5DDA94.1080304@um.es> El 30/08/11 11:41, Timo Sirainen escribi?: > > Yeah, that happens if the disconnection is noticed at the time when user is trying to authenticate. But if the disconnection is noticed immediately when there are no user requests, there is also no message logged about it. > So, there must be any problem, because when my load balancer expires the connection it closes the tcp connection (it sends a fin packet). I guess that slapd too. But I'll check this... -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From steve at toth.org.uk Wed Aug 31 11:51:18 2011 From: steve at toth.org.uk (Stephen Feyrer) Date: Wed, 31 Aug 2011 09:51:18 +0100 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: Hi. Sorry! I was thinking of Postfix (and Exim). That was my mistake, sorry again. Sadly Exim isn't available on my target platform. Thanks. -- Stephen Feyrer. On Wed, 31 Aug 2011 02:28:00 +0100, Timo Sirainen wrote: > On 31.8.2011, at 3.00, Stephen Feyrer wrote: > >>> So it's still not working? I guess the libdovecot.so.0 simply isn't in >>> library paths. Typically giving linker -rpath parameter pointing to >>> libdovecot.so.0 makes this problem invisible, but I guess in your >>> system it doesn't do this. >> >> I am planning to use Dovecot SASL with Sendmail as well, will this lack >> of shared libraries cause a problem? Really I should have thought of >> this before. > > I don't think Sendmail supports Dovecot SASL? If it does, it talks to > Dovecot via UNIX socket and doesn't require any Dovecot libraries. From amateo at um.es Wed Aug 31 13:31:25 2011 From: amateo at um.es (Angel L. Mateo) Date: Wed, 31 Aug 2011 12:31:25 +0200 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <4E5DDA94.1080304@um.es> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> <4E577CF2.2070800@um.es> <1314588382.4008.11.camel@hurina> <4E5B5F92.2050701@um.es> <1314674016.8787.12.camel@hurina> <4E5C8579.7020901@um.es> <8800BF81-484F-4497-A33C-4DF85956C54A@iki.fi> <4E5DDA94.1080304@um.es> Message-ID: <4E5E0D7D.9090103@um.es> El 31/08/11 08:54, Angel L. Mateo escribi?: > El 30/08/11 11:41, Timo Sirainen escribi?: >> >> Yeah, that happens if the disconnection is noticed at the time when >> user is trying to authenticate. But if the disconnection is noticed >> immediately when there are no user requests, there is also no message >> logged about it. >> > So, there must be any problem, because when my load balancer expires the > connection it closes the tcp connection (it sends a fin packet). I guess > that slapd too. But I'll check this... > OK. You were right: * When openldap closes the connection because of the idle timeout, it sends a FIN packet. When dovecot needs the connections, it simply opens a new connection (without any log message). * When my load balancer closes the connection, it doesn't send anything, so dovecot thinks the connection is active. So, when auth needs it, it tries to send the search, then load balancer sends a RST packet, so dovecot logs the message and opens a new connection. So the solution is to configure oldap idletimeout parameter, dovecot auth_cache_ttl and load balancer timeout in order to avoid this last timeout to be reached. -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From amateo at um.es Wed Aug 31 13:51:31 2011 From: amateo at um.es (Angel L. Mateo) Date: Wed, 31 Aug 2011 12:51:31 +0200 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <4E5E0D7D.9090103@um.es> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> <4E577CF2.2070800@um.es> <1314588382.4008.11.camel@hurina> <4E5B5F92.2050701@um.es> <1314674016.8787.12.camel@hurina> <4E5C8579.7020901@um.es> <8800BF81-484F-4497-A33C-4DF85956C54A@iki.fi> <4E5DDA94.1080304@um.es> <4E5E0D7D.9090103@um.es> Message-ID: <4E5E1233.9070604@um.es> El 31/08/11 12:31, Angel L. Mateo escribi?: > > * When openldap closes the connection because of the idle timeout, it > sends a FIN packet. When dovecot needs the connections, it simply opens > a new connection (without any log message). > > * When my load balancer closes the connection, it doesn't send anything, > so dovecot thinks the connection is active. So, when auth needs it, it > tries to send the search, then load balancer sends a RST packet, so > dovecot logs the message and opens a new connection. > > So the solution is to configure oldap idletimeout parameter, dovecot > auth_cache_ttl and load balancer timeout in order to avoid this last > timeout to be reached. > In fact, you could configure dovecot auth_cache_ttl bigger than the other, it doesn't apply. You need to configure it only if you don't want the connection to be really closed. If you just want to not log any message, configuring slapd timeout less than load balancer timeout is enough. -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From janfrode at tanso.net Wed Aug 31 14:03:07 2011 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Wed, 31 Aug 2011 13:03:07 +0200 Subject: [Dovecot] lmtp bouncing -- Invalid parameters (in reply to MAIL FROM command) Message-ID: <20110831110307.GA25350@oc1046828364.ibm.com> I just configured postfix' virtual_transport to point at my dovecot director, but am seeing occational problems like this: Aug 31 11:50:06 smtpgw postfix/lmtp[5339]: 69E2F5410D: to=, relay=loadbalancers.example.net[192.168.42.17]:24, delay=0.15, delays=0.14/0.01/0/0, dsn=5.5.4, status=bounced (host loadbalancers.example.net[192.168.42.17] said: 501 5.5.4 Invalid parameters (in reply to MAIL FROM command)) but can't find anything interesting in the dovecot logs.. Anybody have ideas for how to make postfix play nice with dovecot's lmtp ? smtpgws% rpm -q postfix postfix-2.3.3-2.1.el5_2 loadbalancers% rpm -q dovecot dovecot-2.0.13-2 backendmailstorers% rpm -q dovecot dovecot-2.0.13-2 -jf From janfrode at tanso.net Wed Aug 31 14:21:31 2011 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Wed, 31 Aug 2011 13:21:31 +0200 Subject: [Dovecot] lmtp bouncing -- Invalid parameters (in reply to MAIL FROM command) In-Reply-To: <20110831110307.GA25350@oc1046828364.ibm.com> References: <20110831110307.GA25350@oc1046828364.ibm.com> Message-ID: <20110831112131.GB25350@oc1046828364.ibm.com> On Wed, Aug 31, 2011 at 01:03:07PM +0200, Jan-Frode Myklebust wrote: > I just configured postfix' virtual_transport to point at my dovecot > director, but am seeing occational problems like this: > > Aug 31 11:50:06 smtpgw postfix/lmtp[5339]: 69E2F5410D: to=, relay=loadbalancers.example.net[192.168.42.17]:24, delay=0.15, delays=0.14/0.01/0/0, dsn=5.5.4, status=bounced (host loadbalancers.example.net[192.168.42.17] said: 501 5.5.4 Invalid parameters (in reply to MAIL FROM command)) Further digging shows that these messages are from an address containing quotes and spaces: mail from:<"a b"@no.no> 501 5.5.4 Invalid parameters Testing with postfix + dovecot lda (v1.2.16) the messages gets trough just fine. Is this auth_username_chars kicking in, or some other check of valid characters in lmtp from ? -jf From tss at iki.fi Wed Aug 31 14:38:50 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 14:38:50 +0300 Subject: [Dovecot] lmtp bouncing -- Invalid parameters (in reply to MAIL FROM command) In-Reply-To: <20110831112131.GB25350@oc1046828364.ibm.com> References: <20110831110307.GA25350@oc1046828364.ibm.com> <20110831112131.GB25350@oc1046828364.ibm.com> Message-ID: <1314790730.1197.10.camel@hurina> On Wed, 2011-08-31 at 13:21 +0200, Jan-Frode Myklebust wrote: > mail from:<"a b"@no.no> > 501 5.5.4 Invalid parameters This is fixed in v2.0.14. From klinkov at yandex.ru Wed Aug 31 15:27:54 2011 From: klinkov at yandex.ru (Stanislav Klinkov) Date: Wed, 31 Aug 2011 16:27:54 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> Message-ID: <4E5E28CA.6020602@yandex.ru> > Why such hostility? I beg you pardon, sir. Nothing personal, but to the question like "My car does not move" you provide the answer "Try to wipe screen and kick wheels". How do you think, if one digs into source code, has not he attempted more simple ways? Yes, I have read the manuals and wiki's before posting here. And I know what is wireshark and how to use it. > And I did answer your second question about how principal should looks > like. The matter of my question was how does the string in form of "service at host" agree with keytab entries in form of "service/host at REALM". Now I do know the answer. It is controlled by the argument "GSS_C_NT_HOSTBASED_SERVICE" of function "gss_import_name". > > Maybe I wrong, not running yet 2.0. You are wrong. There were some minor changes. See here, for example: http://www.dovecot.org/list/dovecot-cvs/2010-June/017143.html > > Make sure your client requesting correct principal in first place. Yes, I am sure. I examined logs of my Mozilla Thunderbird client. They look like this: ******* Thunderbird logs ********** 3712[5a9e240]: nsAuthSSPI::Init 3712[5a9e240]: InitSSPI 3712[5a9e240]: Using SPN of [imap/efim.test.local] 3712[5a9e240]: AcquireCredentialsHandle() succeeded. 3712[5a9e240]: entering nsAuthSSPI::GetNextToken() 3712[5a9e240]: InitializeSecurityContext: continue. ************************************* > "Wrong principal in request", Usually means the principal in the > system keytab for your system doesn't agree with the hostname or DNS > name of the system. It does agree. My host is named "efim.test.local". Here is the contents of my krb5.keytab: ******* krb5.keytab *********** slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 4 imap/efim.test.local at ROMASHKA.LAN 2 5 pop/efim.test.local at ROMASHKA.LAN 3 6 smtp/efim.test.local at ROMASHKA.LAN ********************************* I have already found out, that denial is generated somewhere inside krb5 libraries, not in Dovecot's modules. But I see no way to trace or debug kerberos calls. Source codes of kerberos libs are too complex for me to analyze. If you are interested in, you may join the parallel discussion of the topic on iXBT forum here: http://forum.ixbt.com/topic.cgi?id=76:10089 With best regards, Stanislav Klinkov. From warden at geneseo.edu Wed Aug 31 16:11:17 2011 From: warden at geneseo.edu (David Warden) Date: Wed, 31 Aug 2011 09:11:17 -0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5E28CA.6020602@yandex.ru> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> Message-ID: <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> On Aug 31, 2011, at 8:27 AM, Stanislav Klinkov wrote: > >> Why such hostility? > > I beg you pardon, sir. Nothing personal, but to the question like "My > car does not move" you provide the answer "Try to wipe screen and kick > wheels". How do you think, if one digs into source code, has not he > attempted more simple ways? Yes, I have read the manuals and wiki's > before posting here. And I know what is wireshark and how to use it. > >> And I did answer your second question about how principal should looks >> like. > > The matter of my question was how does the string in form of > "service at host" agree with keytab entries in form of > "service/host at REALM". Now I do know the answer. It is controlled by the > argument "GSS_C_NT_HOSTBASED_SERVICE" of function "gss_import_name". > >> >> Maybe I wrong, not running yet 2.0. > > You are wrong. There were some minor changes. See here, for example: > http://www.dovecot.org/list/dovecot-cvs/2010-June/017143.html > >> >> Make sure your client requesting correct principal in first place. > > Yes, I am sure. I examined logs of my Mozilla Thunderbird client. They > look like this: > > ******* Thunderbird logs ********** > 3712[5a9e240]: nsAuthSSPI::Init > 3712[5a9e240]: InitSSPI > 3712[5a9e240]: Using SPN of [imap/efim.test.local] > 3712[5a9e240]: AcquireCredentialsHandle() succeeded. > 3712[5a9e240]: entering nsAuthSSPI::GetNextToken() > 3712[5a9e240]: InitializeSecurityContext: continue. > ************************************* > I take these Thunderbird log entries to mean your workstation was able to get a kerberos ticket for imap/efim.test.local >> "Wrong principal in request", Usually means the principal in the >> system keytab for your system doesn't agree with the hostname or DNS >> name of the system. > > It does agree. My host is named "efim.test.local". Here is the contents > of my krb5.keytab: > > ******* krb5.keytab *********** > slot KVNO Principal > ---- ---- > --------------------------------------------------------------------- > 1 4 imap/efim.test.local at ROMASHKA.LAN > 2 5 pop/efim.test.local at ROMASHKA.LAN > 3 6 smtp/efim.test.local at ROMASHKA.LAN > ********************************* > The fact that you have different KVNOs for multiple services on the same host seems curious. How did you generate those keys and put them into krb5.keytab? Are you using Active Directory for Kerberos? If I ran ktpass multiple times to generate a new key for imap and then smtp, I would get the "wrong principal in request" error. When I ran ktpass once for IMAP and added the SPN for smtp using LDAP/setspn and used ktutil on the dovecot host to add an entry to my keytab with the same key and kvno as ktpass generated the first time, then dovecot and smtp started working. I suppose that's weaker for security but chances are your mail SPNs (imap/pop/smtp) are tied to a single user or machine account anyway... > I have already found out, that denial is generated somewhere inside krb5 > libraries, not in Dovecot's modules. But I see no way to trace or debug > kerberos calls. Source codes of kerberos libs are too complex for me to > analyze. > > If you are interested in, you may join the parallel discussion of the > topic on iXBT forum here: http://forum.ixbt.com/topic.cgi?id=76:10089 > > With best regards, > Stanislav Klinkov. From tss at iki.fi Wed Aug 31 16:24:24 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 16:24:24 +0300 Subject: [Dovecot] [PATCH] Indexing mail attachments with Dovecot + Solr In-Reply-To: References: Message-ID: <1314797064.1197.23.camel@hurina> On Mon, 2011-05-23 at 13:11 +0200, Antonio Perez-Aranda wrote: > Indexing mail attachments with Dovecot + Solr. I've been looking at this and wondering about a few things: The example solrconfig.xml contains: > > .. > > true > links > ignored_ > To me it looks like this requires that there exists a "links" field that is used for.. I guess content between .. tags? Or also for the href URLS? In any case there's no links field in the schema.xml so I don't think this works? Similarly it looks like stuff between
..
is ignored here, which doesn't seem like a good idea. > There is a new property for the section plugin to filter the mimetypes > that you want to index. > * fts_solr_mimetype > files with this mimetype will be sent to solr. In v2.1 I've added a generic "fts decoder" script that can handle attachment decoding. The script contains stuff like: formats='application/pdf pdf application/x-pdf pdf application/msword doc .. So there already exists a place which can list supported MIME types and also what filename extensions they have, so if there's application/octet-stream with filename=foo.pdf, Dovecot's fts code can change the MIME type to application/pdf. This sounds like it could be useful for the Solr attachments too. Maybe instead of fts_solr_mimetype setting the script could be modified a bit so that it would even allow mixed Solr/script attachment extraction. For example: formats='+application/pdf pdf +application/x-pdf pdf application/msword doc' The "+" prefix could tell that the FTS backend (Solr) handles the MIME type instead of the script. So with above config Solr would decode .pdfs, but the script would decode .docs. I was also thinking that the attachment documents could contain some description fields as well, which could be useful if you're searching the Solr index directly instead of via Dovecot. Maybe fields like "attachment_filename" (parsed from Content-Disposition: header) and "attachment_description" (parsed from Content-Description: header). They could of course be empty if those fields don't exist (and probably should be optional anyway). Also there should be "attachment_part" field that would contain the IMAP MIME part number of the attachment (e.g. "2.1.3"), so it would be easy to find and fetch the attachment. This could also be used as part of the ID string instead of the attachment_count. From klinkov at yandex.ru Wed Aug 31 16:35:52 2011 From: klinkov at yandex.ru (Stanislav Klinkov) Date: Wed, 31 Aug 2011 17:35:52 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> Message-ID: <4E5E38B8.7060404@yandex.ru> > How did you generate those keys and put them into krb5.keytab? I logged onto my domain controller via RDP and issued the following commands: **************** keytabs generation ********************* ktpass -princ imap/efim.test.local at ROMASHKA.LAN -mapuser dovecot -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out imap.keytab ktpass -princ pop/efim.test.local at ROMASHKA.LAN -mapuser dovecot -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out pop.keytab ktpass -princ smtp/efim.test.local at ROMASHKA.LAN -mapuser dovecot -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out smtp.keytab ************************************************************ Then I moved "imap.keytab", "pop.keytab" and "smtp.keytab" onto my dovecot server machine and merged them into single file with "ktutil": ************** ktutil commands ************** rkt imap.keytab rkt pop.keytab rkt smtp.keytab wkt krb5.keytab quit ************************************************ > Are you using Active Directory for Kerberos? Yes, I am. > and added the SPN for smtp using LDAP/setspn and used ktutil on the dovecot host to add an entry to my keytab with the same key and kvno Sorry, I'm not sure in realizing what you mean. What is "LDAP/setspn"? From warden at geneseo.edu Wed Aug 31 17:08:30 2011 From: warden at geneseo.edu (David Warden) Date: Wed, 31 Aug 2011 10:08:30 -0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5E38B8.7060404@yandex.ru> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> Message-ID: <93D67517-EEA9-4E73-8484-A56D89149434@geneseo.edu> On Aug 31, 2011, at 9:35 AM, Stanislav Klinkov wrote: > >> How did you generate those keys and put them into krb5.keytab? > I logged onto my domain controller via RDP and issued the following > commands: > > **************** keytabs generation ********************* > ktpass -princ imap/efim.test.local at ROMASHKA.LAN -mapuser dovecot > -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out imap.keytab > > ktpass -princ pop/efim.test.local at ROMASHKA.LAN -mapuser dovecot > -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out pop.keytab > > ktpass -princ smtp/efim.test.local at ROMASHKA.LAN -mapuser dovecot > -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out smtp.keytab > ************************************************************ > > Then I moved "imap.keytab", "pop.keytab" and "smtp.keytab" onto my > dovecot server machine and merged them into single file with "ktutil": > ************** ktutil commands ************** > rkt imap.keytab > rkt pop.keytab > rkt smtp.keytab > wkt krb5.keytab > quit > ************************************************ I did exactly what you did when I was trying to get IMAP and SMTP Kerberized with AD (although I used KRB5_NT_PRINCIPAL in ktpass) and got the same error you were getting. It seemed like running ktpass multiple times invalidated the previous keytabs. What I did to fix it was run ktpass once for imap/fqdn at REALM and copy the hex key, kvno and encryption type to a text file somewhere. (You could also get these from klist -Kek ) Then I used ktutil to rkt the imap keytab and did "addent -key -p smtp/fqdn at REALM -k -e " and then paste the hex key I got from ktpass. Since you're not using +rndPass in ktpass, you may be able to use -password instead of key in the addent command in ktutil, but I haven't used that method before. Then wkt the ticket somewhere and klist -Kek and make sure that all entries have the same KVNO, hex key, and enc type but different principals. Then use your preferred method (setspn.exe or some graphical interface to AD's LDAP) to add entries to your dovecot user's servicePrincipalName attribute for each new principal you added to your keytab. The first ktpass should've put something there for you, just follow that example. To make sure everything should work, hop on a box where you have a valid user Kerberos ticket and do kvno imap/efim.test.local and kvno smtp/efim.test.local. That should try to get tickets for each of those services. If that doesn't work, then something is probably wrong with the servicePrincipalName attribute. One thing I should mention: servicePrincipalNames must be unique in AD, but I don't believe there are any controls to prevent you from making duplicates since it's just an LDAP attribute. The effect of this (as you can probably guess) is that IMAP, POP and SMTP effectively end up as aliases to the dovecot user in AD, using a single key. > >> Are you using Active Directory for Kerberos? > Yes, I am. > >> and added the SPN for smtp using LDAP/setspn and used ktutil on the dovecot host to add an entry to my keytab with the same key and kvno > Sorry, I'm not sure in realizing what you mean. What is "LDAP/setspn"? > > I should've been more clear about LDAP/setspn. You can use setspn.exe command on one of your AD controllers, or Active Directory Users & Computers or AD & GP MMC interfaces (depending on if you have Win Server 2k3 or 2k8) to edit the servicePrincipalName attribute for your dovecot user in AD's LDAP store. From acherniak at gmail.com Wed Aug 31 17:24:49 2011 From: acherniak at gmail.com (Alex Cherniak) Date: Wed, 31 Aug 2011 10:24:49 -0400 Subject: [Dovecot] Proprietary mail storage. Message-ID: I have a large existing read-only collection of mails packaged in individual zip files as +. Is it possible (and how difficult) to create a proprietary plugin (like gzip) which will open a zip file, extract mail and pass it back to Dovecot? Where do I start? If plugin is not the right approach, what is? Another question is how will this affect Dovecot performance and how to avoid any significant degradation. Any help is appreciated.Thanks. From robert at schetterer.org Wed Aug 31 17:29:19 2011 From: robert at schetterer.org (Robert Schetterer) Date: Wed, 31 Aug 2011 16:29:19 +0200 Subject: [Dovecot] Proprietary mail storage. In-Reply-To: References: Message-ID: <4E5E453F.6060508@schetterer.org> Am 31.08.2011 16:24, schrieb Alex Cherniak: > I have a large existing read-only collection of mails packaged in > individual zip files as +. Is it > possible (and how difficult) to create a proprietary plugin (like > gzip) which will open a zip file, extract mail and pass it back to > Dovecot? Where do I start? If plugin is not the right approach, what > is? > Another question is how will this affect Dovecot performance and how > to avoid any significant degradation. > Any help is appreciated.Thanks. did you looked at http://wiki2.dovecot.org/Plugins/Zlib ? -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From tss at iki.fi Wed Aug 31 17:52:42 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 17:52:42 +0300 Subject: [Dovecot] Proprietary mail storage. In-Reply-To: References: Message-ID: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> On 31.8.2011, at 17.24, Alex Cherniak wrote: > I have a large existing read-only collection of mails packaged in > individual zip files as +. Is it > possible (and how difficult) to create a proprietary plugin (like > gzip) which will open a zip file, extract mail and pass it back to > Dovecot? Where do I start? If plugin is not the right approach, what > is? Is it otherwise a Maildir? If yes, you could base your code on the zlib plugin, or perhaps more easily you could use mail-filter plugin: http://dovecot.org/patches/2.0/mail-filter.tar.gz With mail-filter you can basically just put the messages through whatever program/script you want which gets the mail as input and outputs the wanted message body. I think the v2.0 mail-filter had some (potential?) bug, v2.1 mail-filter is anyway redesigned and should work perfectly. > Another question is how will this affect Dovecot performance and how > to avoid any significant degradation. I doubt it's going to be a problem. From klinkov at yandex.ru Wed Aug 31 17:55:04 2011 From: klinkov at yandex.ru (Stanislav Klinkov) Date: Wed, 31 Aug 2011 18:55:04 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <93D67517-EEA9-4E73-8484-A56D89149434@geneseo.edu> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> <93D67517-EEA9-4E73-8484-A56D89149434@geneseo.edu> Message-ID: <4E5E4B48.3010209@yandex.ru> Thank you for sharing a very interesting experience, David. > It seemed like running ktpass multiple times invalidated the previous keytabs. OK. Let us assume. But then how can you explain the fact that the setting <> in dovecot config solves all mentioned troubles at once? As well I just have run the following experiment. I re-generated one more keytab for service "imap/test.efim.local" only. So, it became the last-generated key. Then I copied it onto my dovecot server as the only "krb.keytab" file, and nothing changed. Also, I issued the following command on my AD domain controller: C:\Windows\system32>setspn -L dovecot And the result was: ***************** Registered ServicePrincipalNames for CN=dovecot,OU=Agents,DC=romashka,DC=lan: imap/efim.test.local smtp/efim.test.local pop/efim.test.local ***************** Please note, that I have not apllied any magic to servicePrincipalName of AD user "dovecot" by setspn or other AD snap-ins. > To make sure everything should work, hop on a box where you have a valid user Kerberos ticket and do kvno imap/efim.test.local and kvno smtp/efim.test.local. Sorry, I might have not mentioned above. I run Mozilla Thunderbird on my Windows XP workstation. From robert at schetterer.org Wed Aug 31 18:04:27 2011 From: robert at schetterer.org (Robert Schetterer) Date: Wed, 31 Aug 2011 17:04:27 +0200 Subject: [Dovecot] Proprietary mail storage. In-Reply-To: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> References: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> Message-ID: <4E5E4D7B.3050507@schetterer.org> Am 31.08.2011 16:52, schrieb Timo Sirainen: > On 31.8.2011, at 17.24, Alex Cherniak wrote: > >> I have a large existing read-only collection of mails packaged in >> individual zip files as +. Is it >> possible (and how difficult) to create a proprietary plugin (like >> gzip) which will open a zip file, extract mail and pass it back to >> Dovecot? Where do I start? If plugin is not the right approach, what >> is? > > Is it otherwise a Maildir? If yes, you could base your code on the zlib plugin, or perhaps more easily you could use mail-filter plugin: http://dovecot.org/patches/2.0/mail-filter.tar.gz are there any examples or how too online for mail-filter ? > > With mail-filter you can basically just put the messages through whatever program/script you want which gets the mail as input and outputs the wanted message body. I think the v2.0 mail-filter had some (potential?) bug, v2.1 mail-filter is anyway redesigned and should work perfectly. > >> Another question is how will this affect Dovecot performance and how >> to avoid any significant degradation. > > I doubt it's going to be a problem. > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From tss at iki.fi Wed Aug 31 18:14:57 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 18:14:57 +0300 Subject: [Dovecot] Proprietary mail storage. In-Reply-To: <4E5E4D7B.3050507@schetterer.org> References: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> <4E5E4D7B.3050507@schetterer.org> Message-ID: <6D760583-9552-4772-B862-DB6AA37155B4@iki.fi> On 31.8.2011, at 18.04, Robert Schetterer wrote: >> Is it otherwise a Maildir? If yes, you could base your code on the zlib plugin, or perhaps more easily you could use mail-filter plugin: http://dovecot.org/patches/2.0/mail-filter.tar.gz > > are there any examples or how too online for mail-filter ? For compiling look at the beginning of mail-filter-plugin.c For using add it to mail_plugins and: plugin { mail_filter_executable = /path/to/your/script.sh } A script could be for example (totally insecure and broken): #!/bin/sh sed s/Hello/Hi/ > /tmp/foo cat /tmp/foo rm /tmp/foo Unfortunately you can't both read stdin and write to stdout at the same time because of some internal Dovecot problems with it. So you'll have to write it to a temp file and then output that after the entire input is read. From robert at schetterer.org Wed Aug 31 18:17:51 2011 From: robert at schetterer.org (Robert Schetterer) Date: Wed, 31 Aug 2011 17:17:51 +0200 Subject: [Dovecot] Proprietary mail storage. In-Reply-To: <6D760583-9552-4772-B862-DB6AA37155B4@iki.fi> References: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> <4E5E4D7B.3050507@schetterer.org> <6D760583-9552-4772-B862-DB6AA37155B4@iki.fi> Message-ID: <4E5E509F.2020403@schetterer.org> Am 31.08.2011 17:14, schrieb Timo Sirainen: > On 31.8.2011, at 18.04, Robert Schetterer wrote: > >>> Is it otherwise a Maildir? If yes, you could base your code on the zlib plugin, or perhaps more easily you could use mail-filter plugin: http://dovecot.org/patches/2.0/mail-filter.tar.gz >> >> are there any examples or how too online for mail-filter ? > > For compiling look at the beginning of mail-filter-plugin.c > > For using add it to mail_plugins and: > > plugin { > mail_filter_executable = /path/to/your/script.sh > } > > A script could be for example (totally insecure and broken): > > #!/bin/sh > > sed s/Hello/Hi/ > /tmp/foo > cat /tmp/foo > rm /tmp/foo > > Unfortunately you can't both read stdin and write to stdout at the same time because of some internal Dovecot problems with it. So you'll have to write it to a temp file and then output that after the entire input is read. sorry for silly question is there any known typical usage for that , or was this on the wishlist to solve some stuff ? -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From simon.brereton at buongiorno.com Wed Aug 31 18:19:23 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Wed, 31 Aug 2011 11:19:23 -0400 Subject: [Dovecot] Password query returned multiple matches Message-ID: <006601cc67f1$5e34f550$1a9edff0$@brereton@buongiorno.com> Hi After successfully setting up dovecot, I see this error in the logs. Aug 30 22:41:45 mail dovecot: auth-worker(default): sql(sbrereton at domain.co.uk,64.88.168.84): Password query returned multiple matches Aug 30 22:41:52 mail dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=64.88.168.84, lip=127.0.0.1, TLS Can you tell me what it means or what I should look for? In my dovecot-sql.conf I have this query: password_query = SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='%u' AND active = '1'; Since the EmailAdd is unique I don't see how it can return multiple matches. Thanks. Simon From tss at iki.fi Wed Aug 31 18:21:05 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 18:21:05 +0300 Subject: [Dovecot] Proprietary mail storage. In-Reply-To: <4E5E509F.2020403@schetterer.org> References: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> <4E5E4D7B.3050507@schetterer.org> <6D760583-9552-4772-B862-DB6AA37155B4@iki.fi> <4E5E509F.2020403@schetterer.org> Message-ID: <5D6C1852-9288-4C76-9EF6-6AC549500C2D@iki.fi> On 31.8.2011, at 18.17, Robert Schetterer wrote: >>>> Is it otherwise a Maildir? If yes, you could base your code on the zlib plugin, or perhaps more easily you could use mail-filter plugin: http://dovecot.org/patches/2.0/mail-filter.tar.gz >>> >>> are there any examples or how too online for mail-filter ? .. > sorry for silly question > is there any known typical usage for that , or was this on the wishlist > to solve some stuff ? It was originally written to be used with imapc ("imap proxy") backend. You could use it for stuff like decode encrypted PGP mails or scan for viruses and drop them if found. From tss at iki.fi Wed Aug 31 18:22:22 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 18:22:22 +0300 Subject: [Dovecot] Password query returned multiple matches In-Reply-To: <006601cc67f1$5e34f550$1a9edff0$@brereton@buongiorno.com> References: <006601cc67f1$5e34f550$1a9edff0$@brereton@buongiorno.com> Message-ID: On 31.8.2011, at 18.19, Simon Brereton wrote: > Aug 30 22:41:45 mail dovecot: auth-worker(default): sql(sbrereton at domain.co.uk,64.88.168.84): Password query returned multiple matches .. > password_query = SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='%u' AND active = '1'; > > Since the EmailAdd is unique I don't see how it can return multiple matches. You're querying with Username, not with EmailAdd, and apparently there are multiple rows where Username='sbrereton at domain.co.uk'. From robert at schetterer.org Wed Aug 31 18:27:54 2011 From: robert at schetterer.org (Robert Schetterer) Date: Wed, 31 Aug 2011 17:27:54 +0200 Subject: [Dovecot] Proprietary mail storage. In-Reply-To: <5D6C1852-9288-4C76-9EF6-6AC549500C2D@iki.fi> References: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> <4E5E4D7B.3050507@schetterer.org> <6D760583-9552-4772-B862-DB6AA37155B4@iki.fi> <4E5E509F.2020403@schetterer.org> <5D6C1852-9288-4C76-9EF6-6AC549500C2D@iki.fi> Message-ID: <4E5E52FA.7020503@schetterer.org> Am 31.08.2011 17:21, schrieb Timo Sirainen: > On 31.8.2011, at 18.17, Robert Schetterer wrote: > >>>>> Is it otherwise a Maildir? If yes, you could base your code on the zlib plugin, or perhaps more easily you could use mail-filter plugin: http://dovecot.org/patches/2.0/mail-filter.tar.gz >>>> >>>> are there any examples or how too online for mail-filter ? > .. >> sorry for silly question >> is there any known typical usage for that , or was this on the wishlist >> to solve some stuff ? > > It was originally written to be used with imapc ("imap proxy") backend. You could use it for stuff like decode encrypted PGP mails that sounds like a very good idea or scan for viruses and drop them if found. > ok , thats solved i another way at my setup, but nice to have great idea anyway, thx for coding -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From trever.adams at gmail.com Wed Aug 31 18:28:50 2011 From: trever.adams at gmail.com (Trever L. Adams) Date: Wed, 31 Aug 2011 09:28:50 -0600 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5E38B8.7060404@yandex.ru> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> Message-ID: <4E5E5332.3060006@gmail.com> On 08/31/2011 07:35 AM, Stanislav Klinkov wrote: > > >> and added the SPN for smtp using LDAP/setspn and used ktutil on the dovecot host to add an entry to my keytab with the same key and kvno > Sorry, I'm not sure in realizing what you mean. What is "LDAP/setspn"? > > I have only followed part of this. It the original poster's problem is that the LDAP database is not being able to be accessed with an SPN ticket, this is because SPNs are not allowed to log in in AD. You need to use a user account (including MACHINE$ accounts). It took me forever to figure this out. To use this, you need a cron job that creates/renews tickets from time to time for the user/machine account. Then you use Dovecot's environment setup configuration to set the KRB5_CC (or whatever it is called, my head is elsewhere) env variable to that Kerberos ticket cache that was created in the cronjob. This cache needs to be readable by dovecot and should be owned by its user. Trever -- First Law of System Requirements: "Anything is possible if you don't know what you're talking about..." -- Unknown -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: From simon.brereton at buongiorno.com Wed Aug 31 18:44:03 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Wed, 31 Aug 2011 11:44:03 -0400 Subject: [Dovecot] Password query returned multiple matches In-Reply-To: References: <006601cc67f1$5e34f550$1a9edff0$@brereton@buongiorno.com> Message-ID: <006901cc67f4$d03cd2f0$70b678d0$@brereton@buongiorno.com> > -----Original Message----- > From: Timo Sirainen [mailto:tss at iki.fi] > > On 31.8.2011, at 18.19, Simon Brereton wrote: > > > Aug 30 22:41:45 mail dovecot: auth-worker(default): > sql(sbrereton at domain.co.uk,64.88.168.84): Password query returned > multiple matches > .. > > password_query = SELECT EmailAdd AS user, Password AS password, > concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as > userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='%u' > AND active = '1'; > > > > Since the EmailAdd is unique I don't see how it can return multiple > matches. > > You're querying with Username, not with EmailAdd, and apparently > there are multiple rows where Username='sbrereton at domain.co.uk'. Well, what do you know - there are two Usernames that at the same! I have no idea how that happened. Simon From warden at geneseo.edu Wed Aug 31 18:51:02 2011 From: warden at geneseo.edu (David Warden) Date: Wed, 31 Aug 2011 11:51:02 -0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5E4B48.3010209@yandex.ru> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> <93D67517-EEA9-4E73-8484-A56D89149434@geneseo.edu> <4E5E4B48.3010209@yandex.ru> Message-ID: <8CDCA9B7-4BB1-4253-8D63-684168C38C61@geneseo.edu> On Aug 31, 2011, at 10:55 AM, Stanislav Klinkov wrote: > > Thank you for sharing a very interesting experience, David. > >> It seemed like running ktpass multiple times invalidated the previous keytabs. > OK. Let us assume. But then how can you explain the fact that the > setting <> in dovecot config solves all > mentioned troubles at once? > That is a very good question that I sadly don't have the answer to and I fear I misunderstood the initial problem. It's my understanding that auth_gssapi_hostname controls which entries in the keytab file dovecot will allow itself to use. If you enable debug auth logging in dovecot, do you see anything about which entry in your keytab file it's attempting to use? Also, do you see anything in your AD logs when you get the "invalid principal" error from the IP of your dovecot host? > As well I just have run the following experiment. I re-generated one > more keytab for service "imap/test.efim.local" only. So, it became the > last-generated key. Then I copied it onto my dovecot server as the only > "krb.keytab" file, and nothing changed. > > Also, I issued the following command on my AD domain controller: > C:\Windows\system32>setspn -L dovecot > > And the result was: > ***************** > Registered ServicePrincipalNames for > CN=dovecot,OU=Agents,DC=romashka,DC=lan: > imap/efim.test.local > smtp/efim.test.local > pop/efim.test.local > ***************** > > Please note, that I have not apllied any magic to servicePrincipalName > of AD user "dovecot" by setspn or other AD snap-ins. > >> To make sure everything should work, hop on a box where you have a valid user Kerberos ticket and do kvno imap/efim.test.local and kvno smtp/efim.test.local. > > Sorry, I might have not mentioned above. I run Mozilla Thunderbird on my > Windows XP workstation. > From simon.brereton at buongiorno.com Wed Aug 31 18:54:57 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Wed, 31 Aug 2011 11:54:57 -0400 Subject: [Dovecot] Multiple domains to one inbox and temporary redirects... Message-ID: <007f01cc67f6$5622d1c0$02687540$@brereton@buongiorno.com> Hi Can anyone point me to a howto to arrange for multiple domains to deliver to one inbox with Dovecot? For example, user1 at example.com and user1 at example.net should both be delivered to /var/spool/mail/virtual/example.net/user1 Currently, I have the dovecot LDA set as: dovecot unix - n n - - pipe flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} and in dovecot.conf: mail_location: maildir:/var/spool/mail/virtual/%d/%n For some domains only, I need to override that mail_location. Related to that, when user1 leave and user2 would like to receive user1's email, how can I get it so that email to user1 at example.com is delivered to user2 at example.com? Previously when I was using Postfix to deliver the mails, I could change the maildirloc in the DB - but I?m not sure how to accomplish this with dovecot LDA. Again, any pointers would be welcome. Thanks. Simon From shopik at inblock.ru Wed Aug 31 19:30:48 2011 From: shopik at inblock.ru (Nikolay Shopik) Date: Wed, 31 Aug 2011 20:30:48 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5E4B48.3010209@yandex.ru> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> <93D67517-EEA9-4E73-8484-A56D89149434@geneseo.edu> <4E5E4B48.3010209@yandex.ru> Message-ID: On 31.08.2011 18:55, Stanislav Klinkov wrote: > > Thank you for sharing a very interesting experience, David. > >> It seemed like running ktpass multiple times invalidated the previous keytabs. > OK. Let us assume. But then how can you explain the fact that the > setting<> in dovecot config solves all > mentioned troubles at once? > > As well I just have run the following experiment. I re-generated one > more keytab for service "imap/test.efim.local" only. So, it became the > last-generated key. Then I copied it onto my dovecot server as the only > "krb.keytab" file, and nothing changed. > > Also, I issued the following command on my AD domain controller: > C:\Windows\system32>setspn -L dovecot > > And the result was: > ***************** > Registered ServicePrincipalNames for > CN=dovecot,OU=Agents,DC=romashka,DC=lan: > imap/efim.test.local > smtp/efim.test.local > pop/efim.test.local > ***************** > > Please note, that I have not apllied any magic to servicePrincipalName > of AD user "dovecot" by setspn or other AD snap-ins. Early versions of ktpass only allowed only 1 serviceprincipialnames, thus every time you generate new it was overwrite old one. ktpass from win2008 seems fix this. > >> To make sure everything should work, hop on a box where you have a valid user Kerberos ticket and do kvno imap/efim.test.local and kvno smtp/efim.test.local. > > Sorry, I might have not mentioned above. I run Mozilla Thunderbird on my > Windows XP workstation. > > Can you do kinit -k imap/imap/efim.test.local at ROMASHKA.LAN and then klist, does it work for you? I do recommend tcpdump kerberos traffic between your client and server, this is usually helps me much better then any logging, flow easy to read in wireshark. From nick+dovecot at bunbun.be Wed Aug 31 19:41:42 2011 From: nick+dovecot at bunbun.be (Nick Rosier) Date: Wed, 31 Aug 2011 18:41:42 +0200 Subject: [Dovecot] Multiple domains to one inbox and temporary redirects... In-Reply-To: <007f01cc67f6$5622d1c0$02687540$@brereton@buongiorno.com> References: <007f01cc67f6$5622d1c0$02687540$@brereton@buongiorno.com> Message-ID: <4E5E6446.1070406@bunbun.be> Simon Brereton wrote: > Hi > > Can anyone point me to a howto to arrange for multiple domains to deliver to one inbox with Dovecot? For example, user1 at example.com and user1 at example.net should both be delivered to /var/spool/mail/virtual/example.net/user1 > > Currently, I have the dovecot LDA set as: > > dovecot unix - n n - - pipe > flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} > > > and in dovecot.conf: > > mail_location: maildir:/var/spool/mail/virtual/%d/%n > > For some domains only, I need to override that mail_location. > > > Related to that, when user1 leave and user2 would like to receive user1's email, how can I get it so that email to user1 at example.com is delivered to user2 at example.com? Previously when I was using Postfix to deliver the mails, I could change the maildirloc in the DB - but I?m not sure how to accomplish this with dovecot LDA. > > I'm using Postfixadmin to manage users and have server alias-domains. All mail sent to an alias-domain is delivered to the other domain. Quite easy if you've got postfixadmin already setup. Otherwise I think you could configure virtual_alias_maps in postfix to something like hash:virtual_domains virtual_domains: @example.net @example.com N. From aewhale at ABS-CompTech.com Wed Aug 31 20:34:01 2011 From: aewhale at ABS-CompTech.com (Albert E. Whale) Date: Wed, 31 Aug 2011 13:34:01 -0400 Subject: [Dovecot] Multiple domains to one inbox and temporary redirects... In-Reply-To: <4E5E6446.1070406@bunbun.be> References: <007f01cc67f6$5622d1c0$02687540$@brereton@buongiorno.com> <4E5E6446.1070406@bunbun.be> Message-ID: <4E5E7089.2040701@ABS-CompTech.com> I'm using Sendmail, sample config below: On 8/31/2011 12:41 PM, Nick Rosier wrote: > Simon Brereton wrote: >> Hi >> >> Can anyone point me to a howto to arrange for multiple domains to >> deliver to one inbox with Dovecot? For example, user1 at example.com >> and user1 at example.net should both be delivered to >> /var/spool/mail/virtual/example.net/user1 >> >> Currently, I have the dovecot LDA set as: >> >> dovecot unix - n n - - pipe >> flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f >> ${sender} -d ${user}@${nexthop} >> >> >> and in dovecot.conf: >> >> mail_location: maildir:/var/spool/mail/virtual/%d/%n >> >> For some domains only, I need to override that mail_location. >> >> >> Related to that, when user1 leave and user2 would like to receive >> user1's email, how can I get it so that email to user1 at example.com is >> delivered to user2 at example.com? Previously when I was using Postfix >> to deliver the mails, I could change the maildirloc in the DB - but >> I?m not sure how to accomplish this with dovecot LDA. >> >> > I'm using Postfixadmin to manage users and have server alias-domains. > All mail sent to an alias-domain is delivered to the other domain. > Quite easy if you've got postfixadmin already setup. > > Otherwise I think you could configure virtual_alias_maps in postfix to > something like hash:virtual_domains > > virtual_domains: > @example.net @example.com > > N. > > We deliver multiple multiple domains to the single user name of the domain. admin at NoJunk-Mail.com admin admin at emailsecurity.us admin admin at spam-zapper.com admin admin at abs-comptech.com admin admin at remote-pc-doc.com admin We use our Server Administrator tool to manage the mailboxes. Begin shameless plug: (Server Administrator - http://www.abs-comptech.com/serveradministrator.htm) end shameless plug -- Albert E. Whale, CHS CISA CISSP Senior Technology & Security Director *ABS Computer Technology, Inc. * 412-635-7488 ext 100 aewhale at ABS-CompTech.com www.ABS-CompTech.com -------------- next part -------------- A non-text attachment was scrubbed... Name: aewhale.vcf Type: text/x-vcard Size: 398 bytes Desc: not available URL: From simon.brereton at buongiorno.com Wed Aug 31 20:41:18 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Wed, 31 Aug 2011 13:41:18 -0400 Subject: [Dovecot] Multiple domains to one inbox and temporary redirects... In-Reply-To: <4E5E6446.1070406@bunbun.be> References: <007f01cc67f6$5622d1c0$02687540$@brereton@buongiorno.com> <4E5E6446.1070406@bunbun.be> Message-ID: <008601cc6805$313f77f0$93be67d0$@brereton@buongiorno.com> > -----Original Message----- > From: Nick Rosier [mailto:nick+dovecot at bunbun.be] > > Simon Brereton wrote: > > Hi > > > > Can anyone point me to a howto to arrange for multiple domains to > > deliver to one inbox with Dovecot? For example, user1 at example.com > and > > user1 at example.net should both be delivered to > > /var/spool/mail/virtual/example.net/user1 > > > > Currently, I have the dovecot LDA set as: > > > > dovecot unix - n n - - pipe > > flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f > > ${sender} -d ${user}@${nexthop} > > > > > > and in dovecot.conf: > > > > mail_location: maildir:/var/spool/mail/virtual/%d/%n > > > > For some domains only, I need to override that mail_location. > > > > > > Related to that, when user1 leave and user2 would like to receive > user1's email, how can I get it so that email to user1 at example.com is > delivered to user2 at example.com? Previously when I was using Postfix > to deliver the mails, I could change the maildirloc in the DB - but > I?m not sure how to accomplish this with dovecot LDA. > > > > > I'm using Postfixadmin to manage users and have server alias-domains. > All mail sent to an alias-domain is delivered to the other domain. > Quite easy if you've got postfixadmin already setup. > > Otherwise I think you could configure virtual_alias_maps in postfix > to something like hash:virtual_domains > > virtual_domains: > @example.net @example.com Cheers Nick Of course that will do it. Thanks. Simon From trever.adams at gmail.com Wed Aug 31 20:49:12 2011 From: trever.adams at gmail.com (Trever L. Adams) Date: Wed, 31 Aug 2011 11:49:12 -0600 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> <93D67517-EEA9-4E73-8484-A56D89149434@geneseo.edu> <4E5E4B48.3010209@yandex.ru> Message-ID: <4E5E7418.5010403@gmail.com> On 08/31/2011 10:30 AM, Nikolay Shopik wrote: > > Can you do kinit -k imap/imap/efim.test.local at ROMASHKA.LAN and then > klist, does it work for you? > > I do recommend tcpdump kerberos traffic between your client and > server, this is usually helps me much better then any logging, flow > easy to read in wireshark. > Under active directory, you cannot kinit as an SPN, only UPN (including MACHINE$ accounts). At least this is my experience. Trever -- "Selfishness is really self-destruction in slow motion." -? Elder Neal A. Maxwell - Ensign, May 1999, 23 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: From chris at nmedia.net Wed Aug 31 21:59:48 2011 From: chris at nmedia.net (Chris Cappuccio) Date: Wed, 31 Aug 2011 11:59:48 -0700 Subject: [Dovecot] Thunderbird caching problem Message-ID: <20110831185948.GG4353@ref.nmedia.net> Using a fairly simple dovecot config (which obviously needs some max limit tweaking) we have problems with IMAP synchronization between thunderbird clients. Two TB clients in the same IMAP mailbox will, from time to time, show different views of the same INBOX folders, when TB caching is enabled. The only fix is to right-click on the folder, go to "Properties" and use the "Repair Folder" option which repairs the local TB .msf cache file. Is there any server-side fix/workaround that would keep TB from regularly going out-of-sync ? This happens with TB3 and newer versions, in concert with either dovecot 1 or 2. The obvious fix is to disable TB local caching, which unfortunately also disables certain search features and can be a pain for large mailboxes. # dovecot -n # 2.0.13: /etc/dovecot/dovecot.conf doveconf: Warning: service auth { client_limit=4096 } is lower than required under max. load (7168) doveconf: Warning: service anvil { client_limit=2048 } is lower than required under max. load (3075) # OS: OpenBSD 5.0 amd64 ffs auth_default_realm = dovecot.org auth_mechanisms = plain digest-md5 cram-md5 apop auth_username_translation = :@ default_client_limit = 2048 default_internal_user = _dovecot default_login_user = _dovenull default_process_limit = 1024 disable_plaintext_auth = no first_valid_gid = 125 first_valid_uid = 125 mail_location = maildir:/mail/%d/%n/ managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mbox_write_locks = fcntl mmap_disable = yes passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_global_path = /etc/dovecot/default.sieve } protocols = imap pop3 lmtp sieve service auth { unix_listener auth-userdb { user = mail } } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } ssl_cert = References: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> Message-ID: Thanks, Timo. Technically, it's not a Maildir, but my plan is to re-create one with folders containing hard or symbolic links pointing to the real storage. Is it going to be a problem? On Wed, Aug 31, 2011 at 10:52 AM, Timo Sirainen wrote: > On 31.8.2011, at 17.24, Alex Cherniak wrote: > >> I have a large existing read-only collection of mails packaged in >> individual zip files as +. Is it >> possible (and how difficult) to create a proprietary plugin (like >> gzip) which will open a zip file, extract mail and pass it back to >> Dovecot? Where do I start? If plugin is not the right approach, what >> is? > > Is it otherwise a Maildir? If yes, you could base your code on the zlib plugin, or perhaps more easily you could use mail-filter plugin: http://dovecot.org/patches/2.0/mail-filter.tar.gz > > With mail-filter you can basically just put the messages through whatever program/script you want which gets the mail as input and outputs the wanted message body. I think the v2.0 mail-filter had some (potential?) bug, v2.1 mail-filter is anyway redesigned and should work perfectly. > >> Another question is how will this affect Dovecot performance and how >> to avoid any significant degradation. > > I doubt it's going to be a problem. > > From thomas-lists at nybeta.com Wed Aug 31 22:41:19 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Wed, 31 Aug 2011 15:41:19 -0400 Subject: [Dovecot] OT - small hd recommendation In-Reply-To: References: Message-ID: <4E5E8E5F.4050204@nybeta.com> On 8/30/2011 5:43 PM, Daniel L. Miller wrote: > A little OT - but I've seen a few opinions voiced here by various admins > and I'd like to benefit. RAID-10 is fine (note that the default mdadm RAID10 isn't actually RAID10, but it works well enough). RAID-6 won't be faster (and will probably be worse) although RAID-6 does do a bit better in a double-drive failure over RAID-10. The only way to get more performance out of (4) drives is to switch to 10k or 15k SAS (or SSDs). For more information - see the Linux RAID mailing list: http://vger.kernel.org/majordomo-info.html One problematic issue with consumer-grade SATA drives (which may or may not bite you) is that they will not time out on errors fast enough to keep mdadm happy. The "enterprise" grade drives are better about this (such as the ES.2 series), but for smaller arrays (6 drives or less) it's not as big of a deal. For bigger arrays, it's a definite issue, especially if you try and do RAID-6 over 8+ drives. If you're getting SMART errors, then it's time to swap the drives out. If mdadm is reporting sync errors or dropping drives from the array, then get your backups squared away ASAP before fiddling. My knee-jerk reaction when I hear 4-drive RAID-10 is that it has no hot-spare. Which means that as soon as 1 drive fails you're in dangerous territory (make sure it pages you automatically) since the array can't automatically repair. Make sure you can properly identify the drive that fails (via the serial numbers) and don't try a hot-swap. (Take a look at /dev/disk/by-id, /dev/disk/by-uuid, etc. Export a copy of that information on a daily/weekly basis off of the machine. In a software RAID environment, it gives you better information about which drive serial # failed rather then relying on lights.) Our mail server is 3-way RAID1 (triple mirror) for the OS and mail queue with a 5-disk RAID-10 (4+spare) for mail storage. From mcguire at neurotica.com Wed Aug 31 22:42:05 2011 From: mcguire at neurotica.com (Dave McGuire) Date: Wed, 31 Aug 2011 15:42:05 -0400 Subject: [Dovecot] Thunderbird caching problem In-Reply-To: <20110831185948.GG4353@ref.nmedia.net> References: <20110831185948.GG4353@ref.nmedia.net> Message-ID: <4E5E8E8D.3090406@neurotica.com> On 08/31/2011 02:59 PM, Chris Cappuccio wrote: > Using a fairly simple dovecot config (which obviously needs some max > limit tweaking) we have problems with IMAP synchronization between > thunderbird clients. > > Two TB clients in the same IMAP mailbox will, from time to time, show > different views of the same INBOX folders, when TB caching is > enabled. The only fix is to right-click on the folder, go to > "Properties" and use the "Repair Folder" option which repairs the > local TB .msf cache file. > > Is there any server-side fix/workaround that would keep TB from > regularly going out-of-sync ? This happens with TB3 and newer > versions, in concert with either dovecot 1 or 2. I ran into exactly this problem as well, it is infuriating. A workaround was discussed here awhile back. Sticking this in the "protocol imap" block of dovecot.conf solved the problem completely: imap_capability = IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDP LUS LIST-EXTENDED I18NLEVEL=1 ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS That should all be one line; watch for wrappage. -Dave -- Dave McGuire Port Charlotte, FL From chris at nmedia.net Wed Aug 31 22:49:53 2011 From: chris at nmedia.net (Chris Cappuccio) Date: Wed, 31 Aug 2011 12:49:53 -0700 Subject: [Dovecot] Thunderbird caching problem In-Reply-To: <4E5E8E8D.3090406@neurotica.com> References: <20110831185948.GG4353@ref.nmedia.net> <4E5E8E8D.3090406@neurotica.com> Message-ID: <20110831194953.GN4353@ref.nmedia.net> Dave McGuire [mcguire at neurotica.com] wrote: > On 08/31/2011 02:59 PM, Chris Cappuccio wrote: > >Using a fairly simple dovecot config (which obviously needs some max > >limit tweaking) we have problems with IMAP synchronization between > >thunderbird clients. > > > >Two TB clients in the same IMAP mailbox will, from time to time, show > >different views of the same INBOX folders, when TB caching is > >enabled. The only fix is to right-click on the folder, go to > >"Properties" and use the "Repair Folder" option which repairs the > >local TB .msf cache file. > > > >Is there any server-side fix/workaround that would keep TB from > >regularly going out-of-sync ? This happens with TB3 and newer > >versions, in concert with either dovecot 1 or 2. > > I ran into exactly this problem as well, it is infuriating. A > workaround was discussed here awhile back. Sticking this in the > "protocol imap" block of dovecot.conf solved the problem completely: > > imap_capability = IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID > ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS > MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDP > LUS LIST-EXTENDED I18NLEVEL=1 ESEARCH ESORT SEARCHRES WITHIN > CONTEXT=SEARCH LIST-STATUS > Interesting..How do I know that I really should be announcing all of these capabilities given my current dovecot version and config? With the config I posted, here's what I send out now * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Blahfart From nick+dovecot at bunbun.be Wed Aug 31 22:56:32 2011 From: nick+dovecot at bunbun.be (Nick Rosier) Date: Wed, 31 Aug 2011 21:56:32 +0200 Subject: [Dovecot] Thunderbird caching problem In-Reply-To: <20110831194953.GN4353@ref.nmedia.net> References: <20110831185948.GG4353@ref.nmedia.net> <4E5E8E8D.3090406@neurotica.com> <20110831194953.GN4353@ref.nmedia.net> Message-ID: <4E5E91F0.3020608@bunbun.be> Chris Cappuccio wrote: > Dave McGuire [mcguire at neurotica.com] wrote: >> On 08/31/2011 02:59 PM, Chris Cappuccio wrote: >>> Using a fairly simple dovecot config (which obviously needs some max >>> limit tweaking) we have problems with IMAP synchronization between >>> thunderbird clients. >>> >>> Two TB clients in the same IMAP mailbox will, from time to time, show >>> different views of the same INBOX folders, when TB caching is >>> enabled. The only fix is to right-click on the folder, go to >>> "Properties" and use the "Repair Folder" option which repairs the >>> local TB .msf cache file. >>> >>> Is there any server-side fix/workaround that would keep TB from >>> regularly going out-of-sync ? This happens with TB3 and newer >>> versions, in concert with either dovecot 1 or 2. >> I ran into exactly this problem as well, it is infuriating. A >> workaround was discussed here awhile back. Sticking this in the >> "protocol imap" block of dovecot.conf solved the problem completely: >> >> imap_capability = IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID >> ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS >> MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDP >> LUS LIST-EXTENDED I18NLEVEL=1 ESEARCH ESORT SEARCHRES WITHIN >> CONTEXT=SEARCH LIST-STATUS >> > > Interesting..How do I know that I really should be announcing all of these capabilities given my current dovecot version and config? > > With the config I posted, here's what I send out now > > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Blahfart > This is before login, you need to verify after login. Dovecot changes the capabilities it advertises after login. Remove CONDSTORE and QRESYNC; the CONDSTORE is the one messing it up for you. QRESYNC also implies CONDSTORE so you need to disable this one as well. N. From kgc at corp.sonic.net Wed Aug 31 23:13:27 2011 From: kgc at corp.sonic.net (Kelsey Cummings) Date: Wed, 31 Aug 2011 13:13:27 -0700 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4E2340.4010001@hardwarefreak.com> References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4E2340.4010001@hardwarefreak.com> Message-ID: <20110831201327.GR5381@corp.sonic.net> On Fri, Aug 19, 2011 at 03:48:00AM -0500, Stan Hoeppner wrote: > On 8/17/2011 9:42 AM, Adrian Ulrich wrote: > >> I read that XFS is a good choice, but is not > >> too reliable... > > > > Are you using Maildir or MBOX? > > > > In any case: XFS would be my last choice: > > > > XFS is nice if you are working with large files (> 2GB), but > > for E-Mail i'd stick with ext3 (or maybe even reiser3) > > as it works very well with small files. > > XFS was designed for parallelism, whether with large files or small, ... Anyone been using ZFS on FreeBSD for mail spool storage? -- Kelsey Cummings - kgc at corp.sonic.net sonic.net, inc. System Architect 2260 Apollo Way 707.522.1000 Santa Rosa, CA 95407 From nick+dovecot at bunbun.be Wed Aug 31 23:27:14 2011 From: nick+dovecot at bunbun.be (Nick Rosier) Date: Wed, 31 Aug 2011 22:27:14 +0200 Subject: [Dovecot] mail spool filesystem In-Reply-To: <20110831201327.GR5381@corp.sonic.net> References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4E2340.4010001@hardwarefreak.com> <20110831201327.GR5381@corp.sonic.net> Message-ID: <4E5E9922.8000309@bunbun.be> Kelsey Cummings wrote: > On Fri, Aug 19, 2011 at 03:48:00AM -0500, Stan Hoeppner wrote: >> On 8/17/2011 9:42 AM, Adrian Ulrich wrote: >>>> I read that XFS is a good choice, but is not >>>> too reliable... >>> Are you using Maildir or MBOX? >>> >>> In any case: XFS would be my last choice: >>> >>> XFS is nice if you are working with large files (> 2GB), but >>> for E-Mail i'd stick with ext3 (or maybe even reiser3) >>> as it works very well with small files. >> XFS was designed for parallelism, whether with large files or small, > ... > > Anyone been using ZFS on FreeBSD for mail spool storage? > I'm using ZFS on FreeBSD 8.2. But to be honest, this is a personal/private mail-system with limited mailboxes. I really like the snapshots in ZFS. Every night I make a snapshot which I send to another server for backup. Every hour I make a new snapshot from which I send the incremental to the backup-server. That way if the worst happens I will only loose 1 hour of mail. ZFS was built for data integrity, not speed so if it's speed you are looking for this might not be the fastest but maybe fast enough. N. From jgunthorpe at obsidianresearch.com Wed Aug 31 23:39:56 2011 From: jgunthorpe at obsidianresearch.com (Jason Gunthorpe) Date: Wed, 31 Aug 2011 14:39:56 -0600 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5E5332.3060006@gmail.com> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> <4E5E5332.3060006@gmail.com> Message-ID: <20110831203956.GC30654@obsidianresearch.com> On Wed, Aug 31, 2011 at 09:28:50AM -0600, Trever L. Adams wrote: > I have only followed part of this. It the original poster's problem is > that the LDAP database is not being able to be accessed with an SPN > ticket, this is because SPNs are not allowed to log in in AD. You need > to use a user account (including MACHINE$ accounts). It took me forever > to figure this out. To use this, you need a cron job that creates/renews > tickets from time to time for the user/machine account. Then you use > Dovecot's environment setup configuration to set the KRB5_CC (or > whatever it is called, my head is elsewhere) env variable to that > Kerberos ticket cache that was created in the cronjob. This cache needs > to be readable by dovecot and should be owned by its user. This all works a 1000% better if you use Samba to join the domain and create your keytab with the right SPNs. See my prior posts to this list for a formula. Using the MS kerberos compatability tools is painful, complicated and tends to make a mess. Samba will create a machine UPN and populate the system keytab appropriately. From a cron job you can use 'kinit -k' to maintain an active ticket for the machine UPN which dovecot can use for LDAP operations. Jason From rick at havokmon.com Wed Aug 31 23:43:43 2011 From: rick at havokmon.com (Rick Romero) Date: Wed, 31 Aug 2011 15:43:43 -0500 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E5E9922.8000309@bunbun.be> References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4E2340.4010001@hardwarefreak.com> <20110831201327.GR5381@corp.sonic.net> <4E5E9922.8000309@bunbun.be> Message-ID: <20110831154343.Horde.WdE2Em2tkQ9OXpz-qxFBR7g@beta.vfemail.net> Quoting Nick Rosier : > Kelsey Cummings wrote: >> On Fri, Aug 19, 2011 at 03:48:00AM -0500, Stan Hoeppner wrote: >>> On 8/17/2011 9:42 AM, Adrian Ulrich wrote: >>>>> I read that XFS is a good choice, but is not >>>>> too reliable... >>>> Are you using Maildir or MBOX? >>>> >>>> In any case: XFS would be my last choice: >>>> >>>> XFS is nice if you are working with large files (> 2GB), but >>>> for E-Mail i'd stick with ext3 (or maybe even reiser3) >>>> as it works very well with small files. >>> XFS was designed for parallelism, whether with large files or small, >> ... >> >> Anyone been using ZFS on FreeBSD for mail spool storage? >> > I'm using ZFS on FreeBSD 8.2. But to be honest, this is a > personal/private mail-system with limited mailboxes. I really like > the snapshots in ZFS. Every night I make a snapshot which I send to > another server for backup. Every hour I make a new snapshot from > which I send the incremental to the backup-server. That way if the > worst happens I will only loose 1 hour of mail. > > ZFS was built for data integrity, not speed so if it's speed you are > looking for this might not be the fastest but maybe fast enough. I just migrated to FreeBSD 8.2 ZFS (6 drive u320 raidz + 16GB mirrored SSD ZIL) from OpenSolaris ZFS (10 drive sata raidz10). About 4k daily users. The new setup feels a little faster than the old, but honestly the old ran just fine under normal load. One of the things that pushed the migration was really more CPU for Thunderbird clients using compression, which caused a noticeable delay. Ditto on the snapshots. Rick From kwebb at teradactyl.com Wed Aug 31 23:48:54 2011 From: kwebb at teradactyl.com (Kristen J. Webb) Date: Wed, 31 Aug 2011 14:48:54 -0600 Subject: [Dovecot] thunderbird and subscriptions with sieve Message-ID: <4E5E9E36.8020904@teradactyl.com> Hi All, I'm a newbie trying to move mail out of my ISP onto a ubuntu (lucid) dovecot 1.2.9 server. Is there any way to automatically add folders created by sieve (GNU Mailutils 2.1) to the subscriptions file for a user? I'm currently testing spam, and if sieve created the folder with the first message, the thunderbird user does not see the new folder. Even more interesting, if the user then tries to create the Spam directory it thunderbird seems to quietly ignore the request and the user still cannot see the folder, but I digress... I can manually subscribe with thunderbird, but this won't scale for more complex sieve later by making the user responsible for finding everything. I can turn off subscription view in advanced settings on thunderbird, but we are trying to wean ourselves of of individual mail clients and I don't want to have to test this everywhere. Many thanks in advance! Kris -- Mr. Kristen J. Webb Teradactyl LLC. PHONE: 1-505-242-1091 EMAIL: kwebb at teradactyl.com VISIT: http://www.teradactyl.com Home of the True incremental Backup System From dovecot.user at seibercom.net Wed Aug 31 23:58:36 2011 From: dovecot.user at seibercom.net (Jerry) Date: Wed, 31 Aug 2011 16:58:36 -0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <20110831203956.GC30654@obsidianresearch.com> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> <4E5E5332.3060006@gmail.com> <20110831203956.GC30654@obsidianresearch.com> Message-ID: <20110831165836.7bd29871@scorpio> On Wed, 31 Aug 2011 14:39:56 -0600 Jason Gunthorpe articulated: > On Wed, Aug 31, 2011 at 09:28:50AM -0600, Trever L. Adams wrote: > > > I have only followed part of this. It the original poster's problem > > is that the LDAP database is not being able to be accessed with an > > SPN ticket, this is because SPNs are not allowed to log in in AD. > > You need to use a user account (including MACHINE$ accounts). It > > took me forever to figure this out. To use this, you need a cron > > job that creates/renews tickets from time to time for the > > user/machine account. Then you use Dovecot's environment setup > > configuration to set the KRB5_CC (or whatever it is called, my head > > is elsewhere) env variable to that Kerberos ticket cache that was > > created in the cronjob. This cache needs to be readable by dovecot > > and should be owned by its user. > > This all works a 1000% better if you use Samba to join the domain and > create your keytab with the right SPNs. See my prior posts to this > list for a formula. Using the MS kerberos compatability tools is > painful, complicated and tends to make a mess. > > Samba will create a machine UPN and populate the system keytab > appropriately. From a cron job you can use 'kinit -k' to maintain an > active ticket for the machine UPN which dovecot can use for LDAP > operations. I just got this link from a friend who uses Kerberos on several systems. I have no idea if it will work or help you or not. -- Jerry ? Dovecot.user at seibercom.net Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ Everlasting peace will come to the world when the last man has slain the last but one. Adolf Hitler From simon.brereton at buongiorno.com Mon Aug 29 18:04:19 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Mon, 29 Aug 2011 11:04:19 -0400 Subject: [Dovecot] File Permissions and delivery In-Reply-To: <20110826215136.Horde.HKEQbJLnE6FOWE2oep1l82A@mail.patrickdk.com> References: <20110826193509.Horde.CZE5dJLnE6FOWC2tsEPBzxA@mail.patrickdk.com> <20110826215136.Horde.HKEQbJLnE6FOWE2oep1l82A@mail.patrickdk.com> Message-ID: <011501cc665c$ee115740$ca3405c0$@brereton@buongiorno.com> > -----Original Message----- > From: dovecot-bounces at dovecot.org [mailto:dovecot- > bounces at dovecot.org] On Behalf Of Patrick Domack > Just adding that won't make dovecot use it though, you would have to > include the postconf -n output. Normally something like > virtual_transport=dovecot Crap. I had added that. But I'd also forgotten to comment out the original virtual_transport = virtual line. Thanks. I think that has fixed it though I'm still struggling with directory permissions. Simon From simon.brereton at buongiorno.com Mon Aug 29 18:14:15 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Mon, 29 Aug 2011 11:14:15 -0400 Subject: [Dovecot] File Permissions and delivery In-Reply-To: <1314588283.4008.9.camel@hurina> References: <001701cc6413$20e693c0$62b3bb40$@brereton@buongiorno.com> <1314588283.4008.9.camel@hurina> Message-ID: <011801cc665e$5156be20$f4043a60$@brereton@buongiorno.com> > -----Original Message----- > From: Timo Sirainen [mailto:tss at iki.fi] > Sent: Sunday, August 28, 2011 11:25 PM > On Fri, 2011-08-26 at 13:10 -0400, Simon Brereton wrote: > > mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/ > > -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:33 > > 1314326000.V801I1666018M803015.mail.net,S=2461:2, > > -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:36 > > 1314326209.V801I1666019M447273.mail.net,S=2460:2, > > -rw-rw---- 1 postfix mailsystem 2.5K Aug 26 04:00 > > 1314327630.V801I166601aM308173.mail.net,S=2477:2, > > -rw------- 1 postfix mailsystem 2.5K Aug 26 04:22 > > 1314328966.V801I166601bM756462.mail.net,S=2461:2, > > -rw------- 1 postfix mailsystem 1.1K Aug 26 16:28 > > 1314372534.V801I166601cM615258.mail.net,S=1097:2, > > -rw------- 1 postfix mailsystem 1.1K Aug 26 16:31 > > 1314372685.V801I166601dM264242.mail.net,S=1097:2, > > > > Mails are being delivered with 0600 permissions and not 0660 (the > mails from courier seem to have all been 0770 as you can see). If I > manually change the permission (to 0660) then I can see the mail in > the MUA. > > If /var/spool/mail/virtual/domain.net/simon has 0770 permissions, the > new mails should be delivered with 0660 permissions. (I don't > remember if having g+s makes any difference in the directory like you > have in the domain dir.) > > In any case, it would be better if mails were delivered as > mailsystem:mailsystem 0600 since that's what you're reading them as. > Unless you have some other good reason for requiring mailsystem group > to be able to read them. So mean I should change client to mailsystem/mailsystem in the dovecot.conf too? I'm also not sure what (if any) effect the g+s has - that's just how it was (and how it is on the test installation). As per my previous note to Patrick, I think I've fixed the delivery issue, but now I have these in the log again: Aug 29 15:59:14 mail dovecot: deliver(simon at lydiard.net): chdir(/var/spool/mail/virtual/domain.net/simon) failed: Permission denied Aug 29 15:59:14 mail dovecot: deliver(simon at lydiard.net): stat(/var/spool/mail/virtual/domain.net/simon) failed: Permission denied Aug 29 15:59:14 mail dovecot: deliver(simon at lydiard.net): stat(/var/spool/mail/virtual/domain.net/simon/tmp) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +x perm: /var/spool/mail/virtual) Even if I make EVERTHING under /var/spool/mail/virtual/* owned by mailsystem:mailsystem - and reload postfix and restart doevcot. And even if I remove the sticky bit. mail:~# ls /var/spool/mail/virtual/domain.net/simon/ total 880K drwxrwx--- 13 mailsystem mailsystem 4.0K Aug 26 16:53 ./ drwxrwx--- 5 mailsystem mailsystem 4.0K Aug 26 00:39 ../ drwxrwx--- 2 mailsystem mailsystem 4.0K Dec 3 2007 courierimaphieracl/ drwxrwx--- 2 mailsystem mailsystem 4.0K Aug 25 18:57 courierimapkeywords/ -rwxrwx--- 1 mailsystem mailsystem 67 Nov 30 2007 courierimapsubscribed -rwxrwx--- 1 mailsystem mailsystem 15K Aug 25 20:45 courierimapuiddb -rwxrwx--- 1 mailsystem mailsystem 20K Aug 25 20:38 courierpop3dsizelist drwxrwx--- 2 mailsystem mailsystem 32K Aug 26 16:43 cur/ -rwxrwx--- 1 mailsystem mailsystem 3.5K Aug 26 03:37 dovecot.index -rwxrwx--- 1 mailsystem mailsystem 697K Aug 26 16:44 dovecot.index.cache -rwxrwx--- 1 mailsystem mailsystem 8.5K Aug 26 16:53 dovecot.index.log -rw-rwx--- 1 mailsystem mailsystem 25K Aug 26 16:44 dovecot-uidlist -rwxrwx--- 1 mailsystem mailsystem 8 Aug 25 23:14 dovecot-uidvalidity -rwxrwx--- 1 mailsystem mailsystem 0 Aug 25 23:14 dovecot-uidvalidity.4e56c938 drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 26 03:10 .Drafts/ drwxrwx--- 6 mailsystem mailsystem 4.0K Nov 30 2007 .Junk E-mail/ -rwxrwx--- 1 mailsystem mailsystem 7 Aug 26 22:05 maildirsize drwxrwx--- 2 mailsystem mailsystem 4.0K Aug 26 22:05 new/ drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 25 23:14 .Outbox/ drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 26 00:17 .Sent/ drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 25 23:14 .Sent Items/ -rwxrwx--- 1 mailsystem mailsystem 37 Aug 25 22:26 subscriptions drwxrwx--- 2 mailsystem mailsystem 4.0K Aug 26 22:05 tmp/ drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 25 22:26 .Trash/ Any ideas? Simon From steve at toth.org.uk Mon Aug 29 21:39:54 2011 From: steve at toth.org.uk (Stephen Feyrer) Date: Mon, 29 Aug 2011 19:39:54 +0100 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: <1314582342.4008.4.camel@hurina> References: <1314582342.4008.4.camel@hurina> Message-ID: Hi, Firstly I tried building 2.0.14 with my fingers crossed. Sadly that didn't help. However, using configure --without-shared-libs is used make fails: /Projects/nslu2/nas/tsx09/staging/opt/include -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -I/usr/kerberos/include -MT ../lib/mountpoint.o -MD -MP -MF .deps/../lib/mountpoint.Tpo -c -o ../lib/mountpoint.o ../lib/mountpoint.c ../lib/mountpoint.c:222: fatal error: opening dependency file .deps/../lib/mountpoint.Tpo: No such file or directory compilation terminated. make[4]: *** [../lib/mountpoint.o] Error 1 make[4]: Leaving directory `~/Projects/nslu2/nas/tsx09/builds/dovecot/src/imap' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `~/Projects/nslu2/nas/tsx09/builds/dovecot/src' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `~/Projects/nslu2/nas/tsx09/builds/dovecot' make[1]: *** [all] Error 2 make[1]: Leaving directory `~/Projects/nslu2/nas/tsx09/builds/dovecot' make: *** [~Projects/nslu2/nas/tsx09/builds/dovecot/.built] Error 2 Maybe this is more informative. -- All the best. Stephen. On Mon, 29 Aug 2011 02:45:40 +0100, Timo Sirainen wrote: > On Sat, 2011-08-27 at 17:36 +0100, Stephen Feyrer wrote: > >> I've made a new attempt at build Dovecot. The build and then install >> processes appeared to work find. Then when I try to run Dovecot it >> reports the error: >> >> /share/MD0_DATA/optware/opt/sbin/dovecot: error while loading shared >> libraries: libdovecot.so.0: cannot open shared object file: No such file >> or directory > > No idea. Try without shared libraries: configure --without-shared-libs > From shopik at inblock.ru Mon Aug 29 22:08:30 2011 From: shopik at inblock.ru (Nikolay Shopik) Date: Mon, 29 Aug 2011 23:08:30 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5B9682.1040408@yandex.ru> References: <4E5B9682.1040408@yandex.ru> Message-ID: <4E5BE3AE.7080303@inblock.ru> On 29.08.2011 17:39, Stanislav Klinkov wrote: > So, according to source code, Dovecot tries to find in krb5.keytab a > principal named "imap at hostname". However wiki says to create the > principal named "imap/hostname at REALM". > > Please, clarify where is the error: in source code, in wiki, or I have > misunderstood something. Your principial in keytab should look like this - imap/mail.example.com at EXAMPLE.COM Make sure your realm name are all CAPS, otherwise it won't work. From steve at toth.org.uk Tue Aug 30 02:15:09 2011 From: steve at toth.org.uk (Stephen Feyrer) Date: Tue, 30 Aug 2011 00:15:09 +0100 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: Hi. Thanks, I'll give that a try. -- Kind regards Stephen Feyrer. On Mon, 29 Aug 2011 09:04:01 +0100, Joseph Tam wrote: > "Stephen Feyrer" writes: > >> I've made a new attempt at build Dovecot. The build and then install >> processes appeared to work find. Then when I try to run Dovecot it >> reports the error: >> >> /share/MD0_DATA/optware/opt/sbin/dovecot: error while loading shared >> libraries: libdovecot.so.0: cannot open shared object file: No such file >> or directory > > In cases like this where I have no clue where an executable is trying to > load a library from, run a process trace tool (strace, truss, etc.) and > you > can see all the library run paths it's trying before failing. > > Joseph Tam From petre74 at yahoo.com Mon Aug 29 23:26:06 2011 From: petre74 at yahoo.com (Gelu Lupas) Date: Mon, 29 Aug 2011 13:26:06 -0700 (PDT) Subject: [Dovecot] dovecot w/ libwrap on fbsd Message-ID: <1314649566.96249.YahooMailNeo@web111509.mail.gq1.yahoo.com> Dovecot with libwrap doesn't work on FreeBSD for some reason or another. I have these lines in my /etc/hosts.allow: ALL: LOCAL 127.0.0.1: allow pop3: ALL: allow ALL: ALL: deny Yet when you try to telnet to localhost, port 110 this is what happens: Aug 29 22:48:38 dodo dovecot: pop3-login: Error: connect(tcpwrap) failed: Permission denied I also tried auth_debug=yes to see what's wrong but it only shows the processes which handled the connection, no extra info with the reason why it failed. Here's the config: # 2.0.13: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 7.4-RELEASE i386? auth_mechanisms = plain login base_dir = /var/run/dovecot/ disable_plaintext_auth = no dotlock_use_excl = no first_valid_uid = 1000 listen = * login_access_sockets = tcpwrap login_greeting = login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c mail_location = mbox:~/Mail/:INBOX=/var/mail/%u mail_log_prefix = "%Us(%u): " mail_privileged_group = mail maildir_copy_with_hardlinks = no passdb { ? driver = pam } protocols = pop3 service auth { ? executable = /usr/local/libexec/dovecot/auth ? unix_listener /var/spool/postfix/private/auth { ??? group = postfix ??? mode = 0660 ??? user = postfix ? } ? user = root ? vsz_limit = 64 M } service imap-login { ? chroot = login ? client_limit = 128 ? process_limit = 32 ? process_min_avail = 3 ? service_count = 1 ? user = dovecot ? vsz_limit = 32 M } service imap { ? drop_priv_before_exec = no ? process_limit = 128 ? vsz_limit = 256 M } service pop3-login { ? chroot = login ? client_limit = 128 ? process_limit = 32 ? process_min_avail = 3 ? service_count = 1 ? user = dovecot ? vsz_limit = 32 M } service pop3 { ? drop_priv_before_exec = no ? process_limit = 128 ? vsz_limit = 256 M } service tcpwrap { ? unix_listener login/tcpwrap { ??? group = $default_login_user ??? mode = 0600 ??? user = $default_login_user ? } } ssl_cert = References: <1314649566.96249.YahooMailNeo@web111509.mail.gq1.yahoo.com> Message-ID: <1314673433.8787.9.camel@hurina> On Mon, 2011-08-29 at 13:26 -0700, Gelu Lupas wrote: > Aug 29 22:48:38 dodo dovecot: pop3-login: Error: connect(tcpwrap) failed: Permission denied Service permissions are set wrong. > service imap-login { > user = dovecot > } > service pop3-login { > user = dovecot > } You have explicitly changed the login process user above. > service tcpwrap { > unix_listener login/tcpwrap { > group = $default_login_user This group isn't right.. The default is taken from user's default group, so just don't set it. > user = $default_login_user Here you're using default_login_user, which most likely isn't the same as what the login processes are using ("dovecot"). So your solution is to remove the explicit user=dovecot from login services and then possibly set default_login_user=dovecot if you really want that (dovenull user is the default and preferred one). From tss at iki.fi Tue Aug 30 06:11:17 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 30 Aug 2011 06:11:17 +0300 Subject: [Dovecot] File Permissions and delivery In-Reply-To: <011801cc665e$5156be20$f4043a60$@brereton@buongiorno.com> References: <001701cc6413$20e693c0$62b3bb40$@brereton@buongiorno.com> <1314588283.4008.9.camel@hurina> <011801cc665e$5156be20$f4043a60$@brereton@buongiorno.com> Message-ID: <1314673879.8787.10.camel@hurina> On Mon, 2011-08-29 at 11:14 -0400, Simon Brereton wrote: > Aug 29 15:59:14 mail dovecot: deliver(simon at lydiard.net): stat(/var/spool/mail/virtual/domain.net/simon/tmp) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +x perm: /var/spool/mail/virtual) > > Even if I make EVERTHING under /var/spool/mail/virtual/* owned by mailsystem:mailsystem - and reload postfix and restart doevcot. But you didn't change the /var/spool/mail/virtual directory itself? (Like the error message says.) From tss at iki.fi Tue Aug 30 06:13:33 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 30 Aug 2011 06:13:33 +0300 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <4E5B5F92.2050701@um.es> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> <4E577CF2.2070800@um.es> <1314588382.4008.11.camel@hurina> <4E5B5F92.2050701@um.es> Message-ID: <1314674016.8787.12.camel@hurina> On Mon, 2011-08-29 at 11:44 +0200, Angel L. Mateo wrote: > >> Is there any way to configure ldap connection with a keepalive, so I > >> don't need a reconnection? > > > > Nope. But you could configure your LDAP server to idle-disconnect after > > some amount of time. > > > I know it, but configuring LDAP server does not resolve the problem, > because the error (in fact it's just an informational message) still > appears. Why? If LDAP server idle-disconnects after 61 seconds and before NAT timeout then Dovecot doesn't log anything about it. From klinkov at yandex.ru Tue Aug 30 08:24:19 2011 From: klinkov at yandex.ru (Stanislav Klinkov) Date: Tue, 30 Aug 2011 09:24:19 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5BE3AE.7080303@inblock.ru> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> Message-ID: <4E5C7403.6020008@yandex.ru> > Your principial in keytab should look like this - > imap/mail.example.com at EXAMPLE.COM > Make sure your realm name are all CAPS, otherwise it won't work. Thank you, Captain Obvious. From amateo at um.es Tue Aug 30 09:38:49 2011 From: amateo at um.es (Angel L. Mateo) Date: Tue, 30 Aug 2011 08:38:49 +0200 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <1314674016.8787.12.camel@hurina> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> <4E577CF2.2070800@um.es> <1314588382.4008.11.camel@hurina> <4E5B5F92.2050701@um.es> <1314674016.8787.12.camel@hurina> Message-ID: <4E5C8579.7020901@um.es> El 30/08/11 05:13, Timo Sirainen escribi?: > On Mon, 2011-08-29 at 11:44 +0200, Angel L. Mateo wrote: >>>> Is there any way to configure ldap connection with a keepalive, so I >>>> don't need a reconnection? >>> >>> Nope. But you could configure your LDAP server to idle-disconnect after >>> some amount of time. >>> >> I know it, but configuring LDAP server does not resolve the problem, >> because the error (in fact it's just an informational message) still >> appears. > > Why? If LDAP server idle-disconnects after 61 seconds and before NAT > timeout then Dovecot doesn't log anything about it. > I have tried this. My LDAP server closed the connection, but dovecot logged the message. I guess that, for dovecot, is the same situation: it has to auth a user, but it hasn't got any active connection to the ldap server. -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From dlie76 at yahoo.com.au Tue Aug 30 10:09:56 2011 From: dlie76 at yahoo.com.au (Daminto Lie) Date: Tue, 30 Aug 2011 00:09:56 -0700 (PDT) Subject: [Dovecot] ldap authentication Message-ID: <1314688196.77579.YahooMailNeo@web113401.mail.gq1.yahoo.com> Hi, I have got Postfix, Dovecot IMAP and squirrelmail up and running on my ubuntu server 10.04 for a testing purpose. My question is in order to be able to login, do I need to create user accounts for each users on the server? I have about 20 users at the moment, and it's going to take time. I was thinking of using LDAP and have the dovecot authentication through LDAP. This way, I do not have to create accounts for 20 users on the server. The dovecot can just authenticate users by looking them up against the LDAP. I wonder if anyone would be able to share some guides as to how to set it up to work with Postfix and Dovecot. Thank you From tss at iki.fi Tue Aug 30 12:41:26 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 30 Aug 2011 12:41:26 +0300 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <4E5C8579.7020901@um.es> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> <4E577CF2.2070800@um.es> <1314588382.4008.11.camel@hurina> <4E5B5F92.2050701@um.es> <1314674016.8787.12.camel@hurina> <4E5C8579.7020901@um.es> Message-ID: <8800BF81-484F-4497-A33C-4DF85956C54A@iki.fi> On 30.8.2011, at 9.38, Angel L. Mateo wrote: >> Why? If LDAP server idle-disconnects after 61 seconds and before NAT >> timeout then Dovecot doesn't log anything about it. >> > I have tried this. My LDAP server closed the connection, but dovecot logged the message. I guess that, for dovecot, is the same situation: it has to auth a user, but it hasn't got any active connection to the ldap server. Yeah, that happens if the disconnection is noticed at the time when user is trying to authenticate. But if the disconnection is noticed immediately when there are no user requests, there is also no message logged about it. From pelle2004 at hotmail.com Tue Aug 30 13:10:08 2011 From: pelle2004 at hotmail.com (Pelle Svensson) Date: Tue, 30 Aug 2011 12:10:08 +0200 Subject: [Dovecot] Dovecot service needs a second restart after boot - euid is not dir owner In-Reply-To: <1314582263.4008.3.camel@hurina> References: , <1314582263.4008.3.camel@hurina> Message-ID: I have solved it, it was an SELinux isuue. init.d seems to have different SELinux rools than 'service restart dovecot' at command prompt. /Thanks. > From: tss at iki.fi > To: pelle2004 at hotmail.com > Date: Mon, 29 Aug 2011 04:44:19 +0300 > CC: dovecot at dovecot.org > Subject: Re: [Dovecot] Dovecot service needs a second restart after boot - euid is not dir owner > > On Sun, 2011-08-28 at 11:50 +0200, Pelle Svensson wrote: > > After reboot dovecot service need a restart. > > dovecot service starts as S99dovecot with only S99rc-local coming up. > > > > After boot following error is filled up in dovecot.log > > > > Aug 28 11:33:12 imap(vuser): Error: open(/home/fetchmail/mailroot/map/dovecot.index.log) failed: Permission denied (euid=500(vuser) egid=500(vuser) missing +r perm: /home/fetchmail/mailroot/map/dovecot.index.log, euid is not dir owner) > > Aug 28 11:33:12 imap(vuser): Error: file_dotlock_create(/home/fetchmail/mailroot/map/dovecot-uidlist) failed: Permission denied (euid=500(fetchmail) egid=500(fetchmail) missing +w perm: /home/fetchmail/mailroot/map, euid is not dir owner) > > Aug 28 11:33:12 imap(vuser): Error: open(/home/fetchmail/mailroot/map/dovecot-uidlist) failed: Permission denied > > > > After Linux has booted you just issue > > service dovecot restart > > > > And everything is back to normal and no error. > > Does it actually need the restart? If you don't restart, do these errors > just keep happening forever? > > I'd guess that the NFS hasn't fully finished mounting by the time > Dovecot runs so it fails with these errors.. I'm not really sure though. > In any case I don't think there's anything Dovecot can do about this. > > From pelle2004 at hotmail.com Tue Aug 30 15:54:42 2011 From: pelle2004 at hotmail.com (Pelle Svensson) Date: Tue, 30 Aug 2011 14:54:42 +0200 Subject: [Dovecot] Virtual user and post-login 2.0.13 In-Reply-To: <1314588056.4008.7.camel@hurina> References: ,, <4E57E8CE.1020808@datahelper.com>, , <1314588056.4008.7.camel@hurina> Message-ID: You are right! It works now! > From: tss at iki.fi > To: pelle2004 at hotmail.com > Date: Mon, 29 Aug 2011 06:20:54 +0300 > CC: dovecot at dovecot.org > Subject: Re: [Dovecot] Virtual user and post-login 2.0.13 > > On Sat, 2011-08-27 at 16:54 +0200, Pelle Svensson wrote: > > dovecot-postlogin.sh (executed as root) > > ============= > > #!/bin/sh > > > > date >>/home/fetchmail/script.log > > > > kill -s 10 `cat /home/fetchmail/.fetchmail.pid | head -n 1` >>/home/fetchmail/script.log > > > > exit 0 > > exec "$@", not exit 0 as http://wiki2.dovecot.org/PostLoginScripting > shows. > > From simon.brereton at buongiorno.com Tue Aug 30 16:47:04 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Tue, 30 Aug 2011 09:47:04 -0400 Subject: [Dovecot] File Permissions and delivery In-Reply-To: <1314673879.8787.10.camel@hurina> References: <001701cc6413$20e693c0$62b3bb40$@brereton@buongiorno.com> <1314588283.4008.9.camel@hurina> <011801cc665e$5156be20$f4043a60$@brereton@buongiorno.com> <1314673879.8787.10.camel@hurina> Message-ID: <013801cc671b$4e3f9730$eabec590$@brereton@buongiorno.com> > -----Original Message----- > From: Timo Sirainen [mailto:tss at iki.fi] > > On Mon, 2011-08-29 at 11:14 -0400, Simon Brereton wrote: > > Aug 29 15:59:14 mail dovecot: deliver(simon at lydiard.net): > stat(/var/spool/mail/virtual/domain.net/simon/tmp) failed: Permission > denied (euid=999(mailsystem) egid=115(mailsystem) missing +x perm: > /var/spool/mail/virtual) > > > > Even if I make EVERTHING under /var/spool/mail/virtual/* owned by > mailsystem:mailsystem - and reload postfix and restart doevcot. > > But you didn't change the /var/spool/mail/virtual directory itself? > (Like the error message says.) Yes, after sitting looking at that error message for a while, I tried that and it seems to work. I'm confused now as to why is works on the test system - but nonetheless thank you. Simon From Ralf.Hildebrandt at charite.de Tue Aug 30 17:48:53 2011 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Tue, 30 Aug 2011 16:48:53 +0200 Subject: [Dovecot] Message flags Message-ID: <20110830144853.GC24403@charite.de> How do I set message flags in sieve rules in such a way that e.g. Thunderbird is displaying the mail as "important"? Is there a list of hwo flags are interpreted by different IMAP clients? -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From simon.brereton at buongiorno.com Tue Aug 30 18:21:07 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Tue, 30 Aug 2011 11:21:07 -0400 Subject: [Dovecot] Sub-folder outside of the mail store Message-ID: <017801cc6728$715ec210$541c4630$@brereton@buongiorno.com> Hi How do I create an IMAP folder that links to a folder outside of the mail store? For example, I have all domains under /var/spool/mail/virtual/domains.net/ and users under /var/spool/mail/virtual/domains.net/user Amavis delivers quarantine mail to /var/spool/mail/quarantine I would like one user (postmaster) to have a folder /var/spool/mail/virtual/domains.net/postmaster/.Quarantine and link it to that folder - is that possible? Is it safe? The client the postmaster uses can then reinject and deliver the mail if need be (i.e. it's safe or the attachment has been stripped). Thanks. Simon From stephan at rename-it.nl Tue Aug 30 18:37:23 2011 From: stephan at rename-it.nl (Stephan Bosch) Date: Tue, 30 Aug 2011 17:37:23 +0200 Subject: [Dovecot] Message flags In-Reply-To: <20110830144853.GC24403@charite.de> References: <20110830144853.GC24403@charite.de> Message-ID: <4E5D03B3.3080200@rename-it.nl> Op 30-8-2011 16:48, Ralf Hildebrandt schreef: > How do I set message flags in sieve rules in such a way that e.g. > Thunderbird is displaying the mail as "important"? Is there a list of > hwo flags are interpreted by different IMAP clients? > I'm assuming IMAP flags support (http://tools.ietf.org/html/rfc3501#section-2.3.2) should be similar for most clients, although their exact use may differ. In Thunderbird, the \Answered flag is used for replied mail and the \Flagged flag maps to 'starred' e-mail. (Don't forget to duplicate the '\' in Sieve!) Regarding keywords, there is RFC5788 (http://tools.ietf.org/html/rfc5788), from which at least $Forwarded and $MDNSent are used by Thunderbird. Other keywords used by Thunderbird are entirely custom: $label1: Important (red) $label2: Work (orange) $label3: Personal (green) $label4: ToDo (blue) $label5: Later (violet) Junk: Marked as junk mail NonJunk: Marked as regular mail There is also an example in the wiki: http://wiki2.dovecot.org/Pigeonhole/Sieve/Examples#Flagging_or_Highlighting_your_mail Regards, Stephan. From slusarz at curecanti.org Tue Aug 30 18:39:04 2011 From: slusarz at curecanti.org (Michael M Slusarz) Date: Tue, 30 Aug 2011 09:39:04 -0600 Subject: [Dovecot] Message flags In-Reply-To: <20110830144853.GC24403@charite.de> References: <20110830144853.GC24403@charite.de> Message-ID: <20110830093904.Horde.SIsIOYF5lbhOXQQYU32T7oA@bigworm.curecanti.org> Quoting Ralf Hildebrandt : > How do I set message flags in sieve rules in such a way that e.g. > Thunderbird is displaying the mail as "important"? Is there a list of > hwo flags are interpreted by different IMAP clients? There is no standard/defined "important" IMAP flag/keyword. Thunderbird is most likely using the X-Priority pseudo-standard header in the message itself (which makes sense: it is the sender's intention of the message's importance which should be displayed, not the receiver's. Objections to this reasoning by some is likely the reason the header has never been standardized). michael From lcotton at securecms.com Tue Aug 30 18:01:24 2011 From: lcotton at securecms.com (Lance Cotton) Date: Tue, 30 Aug 2011 10:01:24 -0500 Subject: [Dovecot] Message flags In-Reply-To: <20110830144853.GC24403@charite.de> References: <20110830144853.GC24403@charite.de> Message-ID: <4E5CFB44.9050204@securecms.com> On 8/30/2011 9:48 AM, Ralf Hildebrandt wrote: > How do I set message flags in sieve rules in such a way that e.g. > Thunderbird is displaying the mail as "important"? Is there a list of > hwo flags are interpreted by different IMAP clients? The wiki: http://wiki2.dovecot.org/Pigeonhole/Sieve/Examples addflag "$label1"; # ie 'Important'/red label within Thunderbird # Other flags: # addflag "$label1"; # Important: #ff0000 => red # addflag "$label2"; # Work: #ff9900 => orange # addflag "$label3"; # personal: #009900 => green # addflag "$label4"; # todo: #3333ff => blue # addflag "$label5"; # later: #993399 => violet -- Lance Cotton From steve at toth.org.uk Tue Aug 30 19:46:57 2011 From: steve at toth.org.uk (Stephen Feyrer) Date: Tue, 30 Aug 2011 17:46:57 +0100 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: Hi. Having just removed a number of configure options from the cross compilers recipe to simplify the problem I think one of those I took away overrode --without-shared-libs. Now it seems to install and run cleanly. Even so, while building the ipackage I spotted some warnings. Could these because by my build environment? After some testing I'll let you know if the current dovecot build works. I really appreciate your support and patience, thank you. *** Warning: Linking the shared library lib02_imap_acl_plugin.la against the loadable module *** lib01_acl_plugin.so is not portable! *** Warning: Linking the shared library lib21_fts_squat_plugin.la against the loadable module *** lib20_fts_plugin.so is not portable! *** Warning: Linking the shared library lib20_mail_log_plugin.la against the loadable module *** lib15_notify_plugin.so is not portable! *** Warning: Linking the shared library lib11_imap_quota_plugin.la against the loadable module *** lib10_quota_plugin.so is not portable! *** Warning: Linking the shared library lib30_imap_zlib_plugin.la against the loadable module *** lib20_zlib_plugin.so is not portable! The current cross compile ./configure: i_cv_epoll_works=no \ i_cv_inotify_works=no \ i_cv_posix_fallocate_works=no \ i_cv_signed_size_t=no \ i_cv_gmtime_max_time_t=32 \ i_cv_signed_time_t=yes \ i_cv_mmap_plays_with_write=yes \ i_cv_fd_passing=yes \ i_cv_c99_vsnprintf=yes \ lib_cv_va_copy=yes lib_cv___va_copy=yes \ lib_cv_va_val_copy=yes \ ./configure \ $(DOVECOT_CONFIGURE) \ --build=$(GNU_HOST_NAME) \ --host=$(GNU_TARGET_NAME) \ --target=$(GNU_TARGET_NAME) \ --prefix=/opt \ --without-shared-libs \ --with-notify=dnotify \ --localstatedir=/opt/var \ --with-ioloop=poll; \ old ./configure: i_cv_epoll_works=no i_cv_inotify_works=no i_cv_posix_fallocate_works=no i_cv_signed_size_t=no i_cv_gmtime_max_time_t=32 i_cv_signed_time_t=yes i_cv_mmap_plays_with_write=yes i_cv_fd_passing=yes i_cv_c99_vsnprintf=yes lib_cv_va_copy=yes lib_cv___va_copy=yes lib_cv_va_val_copy=yes ./configure --enable-devel-checks --without-shared-libs\ $(DOVECOT_CONFIGURE) \ --build=$(GNU_HOST_NAME) \ --host=$(GNU_TARGET_NAME) \ --target=$(GNU_TARGET_NAME) \ --prefix=/opt \ --disable-static \ --without-gssapi \ --without-pam \ --with-notify=dnotify \ --sysconfdir=/opt/etc/dovecot \ --localstatedir=/opt/var \ --with-ssldir=/opt/etc/dovecot \ --without-sql-drivers \ --with-ioloop=poll; \ /opt/dovecoti] # ipkg install dovecot_2.0.14-2_arm.ipk Installing dovecot (2.0.14-2) to root... Configuration file '/opt/etc/dovecot/dovecot.conf' ==> File on system created by you or by a script. ==> File also in package provided by package maintainer. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions (if diff is installed) The default action is to keep your current version. *** dovecot.conf (Y/I/N/O/D) [default=N] ?n Configuring dovecot /opt/sbin/dovecot: error while loading shared libraries: libdovecot.so.0: cannot open shared object file: No such file or directory postinst script returned status 127 ERROR: dovecot.postinst returned 127 Successfully terminated. [/opt/dovecoti] # strace dovecot -F execve("/opt/sbin/dovecot", ["dovecot", "-F"], [/* 23 vars */]) = 0 uname({sys="Linux", node="nas2", ...}) = 0 brk(0) = 0x1c000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/opt/lib/v5l/fast-mult/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib/v5l/fast-mult/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/opt/lib/v5l/fast-mult/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib/v5l/fast-mult", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/opt/lib/v5l/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib/v5l/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/opt/lib/v5l/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib/v5l", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/opt/lib/fast-mult/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib/fast-mult/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/opt/lib/fast-mult/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib/fast-mult", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/opt/lib/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/opt/lib/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/opt/lib", {st_mode=S_IFDIR|0755, st_size=17592186044416, ...}) = 0 open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=17592186044416, ...}) = 0 mmap2(NULL, 10345, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40015000 close(3) = 0 open("/lib/v5l/fast-mult/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib/v5l/fast-mult/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/lib/v5l/fast-mult/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib/v5l/fast-mult", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/lib/v5l/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib/v5l/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/lib/v5l/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib/v5l", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/lib/fast-mult/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib/fast-mult/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/lib/fast-mult/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib/fast-mult", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/lib/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/lib/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/lib", {st_mode=S_IFDIR|0755, st_size=17592186044416, ...}) = 0 open("/usr/lib/v5l/fast-mult/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/v5l/fast-mult/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/usr/lib/v5l/fast-mult/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/v5l/fast-mult", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/usr/lib/v5l/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/v5l/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/usr/lib/v5l/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/v5l", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/usr/lib/fast-mult/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/fast-mult/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/usr/lib/fast-mult/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/fast-mult", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/usr/lib/half/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/half", 0xbe920fa8) = -1 ENOENT (No such file or directory) open("/usr/lib/libdovecot.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib", {st_mode=S_IFDIR|0755, st_size=17592186044416, ...}) = 0 writev(2, [{"dovecot", 7}, {": ", 2}, {"error while loading shared libra"..., 36}, {": ", 2}, {"libdovecot.so.0", 15}, {": ", 2}, {"cannot open shared object file", 30}, {": ", 2}, {"No such file or directory", 25}, {"\n", 1}], 10dovecot: error while loading shared libraries: libdovecot.so.0: cannot open shared object file: No such file or directory ) = 122 exit_group(127) = ? The outcome of the native compile: [/opt/dovecoti] # ./configure --prefix=/opt --enable-devel-checks --enable-maintainer-mode [/opt/etc/dovecot] # gdb --args dovecot -F [snip] This GDB was configured as "arm-none-linux-gnueabi"... (gdb) run Starting program: /share/MD0_DATA/optware/opt/sbin/dovecot -F Panic: Leaked file fd 3: dev 9.0 inode 53040060 Program received signal SIGABRT, Aborted. 0x400c2374 in kill () from /lib/libc.so.6 (gdb) bt full #0 0x400c2374 in kill () from /lib/libc.so.6 No symbol table info available. #1 0x400c21a8 in raise () from /lib/libc.so.6 No symbol table info available. #2 0x400c3328 in abort () from /lib/libc.so.6 No symbol table info available. Backtrace stopped: frame did not save the PC (gdb) quit The program is running. Exit anyway? (y or n) y On Tue, 30 Aug 2011 00:15:09 +0100, Stephen Feyrer wrote: > Hi. > > Thanks, I'll give that a try. > > > -- > Kind regards > > Stephen Feyrer. > > > > On Mon, 29 Aug 2011 09:04:01 +0100, Joseph Tam > wrote: > >> "Stephen Feyrer" writes: >> >>> I've made a new attempt at build Dovecot. The build and then install >>> processes appeared to work find. Then when I try to run Dovecot it >>> reports the error: >>> >>> /share/MD0_DATA/optware/opt/sbin/dovecot: error while loading shared >>> libraries: libdovecot.so.0: cannot open shared object file: No such >>> file >>> or directory >> >> In cases like this where I have no clue where an executable is trying to >> load a library from, run a process trace tool (strace, truss, etc.) and >> you >> can see all the library run paths it's trying before failing. >> >> Joseph Tam From tss at iki.fi Tue Aug 30 20:13:14 2011 From: tss at iki.fi (Timo Sirainen) Date: Tue, 30 Aug 2011 20:13:14 +0300 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: On 30.8.2011, at 19.46, Stephen Feyrer wrote: > *** Warning: Linking the shared library lib02_imap_acl_plugin.la against the loadable module > *** lib01_acl_plugin.so is not portable! This is normal. > /opt/sbin/dovecot: error while loading shared libraries: libdovecot.so.0: cannot open shared object file: No such file or directory So it's still not working? I guess the libdovecot.so.0 simply isn't in library paths. Typically giving linker -rpath parameter pointing to libdovecot.so.0 makes this problem invisible, but I guess in your system it doesn't do this. > The outcome of the native compile: > [/opt/dovecoti] # ./configure --prefix=/opt --enable-devel-checks --enable-maintainer-mode --enable-devel-checks is pretty useless unless you're developing Dovecot. > [/opt/etc/dovecot] # gdb --args dovecot -F > [snip] > This GDB was configured as "arm-none-linux-gnueabi"... > (gdb) run > Starting program: /share/MD0_DATA/optware/opt/sbin/dovecot -F > Panic: Leaked file fd 3: dev 9.0 inode 53040060 This panic is caused by the --enable-devel-check. It wouldn't have crashed otherwise. You could work around it by setting GDB=1 environment. From public-mail at alekciy.ru Tue Aug 30 21:03:41 2011 From: public-mail at alekciy.ru (=?UTF-8?B?0JDQu9C10LrRgdC10Lkg0KHRg9C90LTRg9C60L7Qsg==?=) Date: Tue, 30 Aug 2011 22:03:41 +0400 Subject: [Dovecot] Message flags In-Reply-To: <20110830144853.GC24403@charite.de> References: <20110830144853.GC24403@charite.de> Message-ID: See also this thread: http://www.mail-archive.com/dovecot at dovecot.org/msg37734.html and https://bugzilla.mozilla.org/show_bug.cgi?id=650623 I hope this fix in the future. 2011/8/30 Ralf Hildebrandt : > How do I set message flags in sieve rules in such a way that e.g. > Thunderbird is displaying the mail as "important"? Is there a list of > hwo flags are interpreted by different IMAP clients? > > -- > Ralf Hildebrandt > ?Gesch?ftsbereich IT | Abteilung Netzwerk > ?Charit? - Universit?tsmedizin Berlin > ?Campus Benjamin Franklin > ?Hindenburgdamm 30 | D-12203 Berlin > ?Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 > ?ralf.hildebrandt at charite.de | http://www.charite.de > > From slusarz at curecanti.org Tue Aug 30 21:18:19 2011 From: slusarz at curecanti.org (Michael M Slusarz) Date: Tue, 30 Aug 2011 12:18:19 -0600 Subject: [Dovecot] Message flags In-Reply-To: References: <20110830144853.GC24403@charite.de> Message-ID: <20110830121819.Horde.t4bPNoF5lbhOXSlri2aVPeA@bigworm.curecanti.org> Quoting ??????? ???????? : > See also this thread: > http://www.mail-archive.com/dovecot at dovecot.org/msg37734.html This has nothing to do with this issue. As mentioned in that thread, there is no standard for non-UTF7 characters in keywords. The OP here just wants to know if a standard flag exists that corresponds to the Important tag in Thunderbird. > https://bugzilla.mozilla.org/show_bug.cgi?id=650623 This bug is bogus. Flags/keywords are case insensitive. michael From shopik at inblock.ru Tue Aug 30 21:50:52 2011 From: shopik at inblock.ru (Nikolay Shopik) Date: Tue, 30 Aug 2011 22:50:52 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5C7403.6020008@yandex.ru> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> Message-ID: On 30.08.2011 9:24, Stanislav Klinkov wrote: > >> Your principial in keytab should look like this - >> imap/mail.example.com at EXAMPLE.COM >> Make sure your realm name are all CAPS, otherwise it won't work. > Thank you, Captain Obvious. > Why such hostility? A lot people miss that, nothing special here. And I did answer your second question about how principal should looks like. Because mech-gssapi.c wasn't changed in years, so I doubt anything changed in 2.0 version compare to 1.2 series in GSSAPI. Maybe I wrong, not running yet 2.0. Make sure your client requesting correct principal in first place. "Wrong principal in request", Usually means the principal in the system keytab for your system doesn't agree with the hostname or DNS name of the system. From steve at toth.org.uk Tue Aug 30 22:16:34 2011 From: steve at toth.org.uk (Stephen Feyrer) Date: Tue, 30 Aug 2011 20:16:34 +0100 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: Hi. Dovecot appears to be running (testing required). /opt/sbin/dovecot:dovecot/anvil:dovecot/log:dovecot/config On Tue, 30 Aug 2011 18:13:14 +0100, Timo Sirainen wrote: > On 30.8.2011, at 19.46, Stephen Feyrer wrote: > >> *** Warning: Linking the shared library lib02_imap_acl_plugin.la >> against the loadable module >> *** lib01_acl_plugin.so is not portable! > > This is normal. Okay. >> /opt/sbin/dovecot: error while loading shared libraries: >> libdovecot.so.0: cannot open shared object file: No such file or >> directory > > So it's still not working? I guess the libdovecot.so.0 simply isn't in > library paths. Typically giving linker -rpath parameter pointing to > libdovecot.so.0 makes this problem invisible, but I guess in your system > it doesn't do this. So far Dovecot seems to be running. I don't want to say it's working or not until I've done some tests. This is using --without-shared-libraries. If it's just the linker in my system that's broken then this is an adequate solution. Otherwise any information I can produce might be useful to you is desirable. >> The outcome of the native compile: >> [/opt/dovecoti] # ./configure --prefix=/opt --enable-devel-checks >> --enable-maintainer-mode > > --enable-devel-checks is pretty useless unless you're developing Dovecot. > >> [/opt/etc/dovecot] # gdb --args dovecot -F >> [snip] >> This GDB was configured as "arm-none-linux-gnueabi"... >> (gdb) run >> Starting program: /share/MD0_DATA/optware/opt/sbin/dovecot -F >> Panic: Leaked file fd 3: dev 9.0 inode 53040060 > > This panic is caused by the --enable-devel-check. It wouldn't have > crashed otherwise. You could work around it by setting GDB=1 environment. I put --enable-devel-check in there in the vain hope that it'd elicit anything useful. I would suspect that this is again the build environment. I won't included in any further tests. Thanks again. -- Kind regards Stephen Feyrer. From dmiller at amfes.com Wed Aug 31 00:43:33 2011 From: dmiller at amfes.com (Daniel L. Miller) Date: Tue, 30 Aug 2011 14:43:33 -0700 Subject: [Dovecot] OT - small hd recommendation Message-ID: A little OT - but I've seen a few opinions voiced here by various admins and I'd like to benefit. Currently running a single combined server for multiple operations - fileserver, mailserver, webserver, virtual server, and whatever else pops up. Current incarnation of the machine, after the last rebuild, is an AMD Opteron 4180 with a Supermicro MB using ATI SB700 chipset - which means it supports SATA 3.0. Current storage is one o/s drive, and a 4-drive RAID10 array. The RAID10 is using the Linux softraid via mdadm. The drives are Seagates - ST3160811AS. So it's 320GB of storage, and SATA 1.5. I'm seeing some warnings & errors in my logs & dmesg - and Google tells me this can the result of several factors, including the hard drives. I haven't seen any SMART warnings as yet - but I am getting a little nervous and thinking about upgrading the storage. At this time, I'm just interested in recommendations for hard drives & partitioning strategy. At the time I created the RAID10 array - I was still in the early stages of learning these technologies (not that I know that much more now!) so I probably didn't take advantage of any of the advanced settings such as stripe size, cluster size, etc. I am using XFS. As part of the potential upgrade, I'm considering changing to RAID6 - seems a bit more efficient use of space. I see no reason for SSD - I think a set of reasonable 7200rpm drives should be just fine. What I don't know is, compared to my current 4 drive RAID10 with SATA 1.5, would even a single SATA 3 drive be comparable in terms of seek performance? Should I stick with the RAID-10? -- Daniel From wgillespie+dovecot at es2eng.com Wed Aug 31 01:08:31 2011 From: wgillespie+dovecot at es2eng.com (Willie Gillespie) Date: Tue, 30 Aug 2011 16:08:31 -0600 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> Message-ID: <4E5D5F5F.4030305@es2eng.com> On 08/30/2011 12:50 PM, Nikolay Shopik wrote: > On 30.08.2011 9:24, Stanislav Klinkov wrote: >> >>> Your principial in keytab should look like this - >>> imap/mail.example.com at EXAMPLE.COM >>> Make sure your realm name are all CAPS, otherwise it won't work. >> Thank you, Captain Obvious. >> > > Why such hostility? A lot people miss that, nothing special here. And I > did answer your second question about how principal should looks like. Agreed. I am unlikely to help with this problem now due to lack of common courtesy. From steve at toth.org.uk Wed Aug 31 03:00:53 2011 From: steve at toth.org.uk (Stephen Feyrer) Date: Wed, 31 Aug 2011 01:00:53 +0100 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: Hi. On Tue, 30 Aug 2011 18:13:14 +0100, Timo Sirainen wrote: > On 30.8.2011, at 19.46, Stephen Feyrer wrote: > >> /opt/sbin/dovecot: error while loading shared libraries: >> libdovecot.so.0: cannot open shared object file: No such file or >> directory > > So it's still not working? I guess the libdovecot.so.0 simply isn't in > library paths. Typically giving linker -rpath parameter pointing to > libdovecot.so.0 makes this problem invisible, but I guess in your system > it doesn't do this. I am planning to use Dovecot SASL with Sendmail as well, will this lack of shared libraries cause a problem? Really I should have thought of this before. I guess I'm going to have to start tracking down the actual source of my linker problem. -- Kind regards. Stephen Feyrer. From patrickdk at patrickdk.com Wed Aug 31 03:51:41 2011 From: patrickdk at patrickdk.com (Patrick Domack) Date: Tue, 30 Aug 2011 20:51:41 -0400 Subject: [Dovecot] OT - small hd recommendation In-Reply-To: References: Message-ID: <20110830205141.Horde.yw3BXpLnE6FOXYWdD6QXiIA@mail.patrickdk.com> SATA 1 vs SATA 3 won't change the seek performance of the drive, unless your stay fully within the drives cache. Only 2 things affect how many iops you can get from a drive. The physical diameter and the speed. You can affect the physical diameter of the drive by selecting how much of the drive you use, like only using 200gigs out of a 500gig drive. If you do opt for raid6, that would be a huge cpu overhead, and if you stick with 4 drives, not worth it, every write would hit atleast 3 drives then, instead of just two they do currently, with no gain of space. Quoting "Daniel L. Miller" : > A little OT - but I've seen a few opinions voiced here by various > admins and I'd like to benefit. > > Currently running a single combined server for multiple operations - > fileserver, mailserver, webserver, virtual server, and whatever else > pops up. Current incarnation of the machine, after the last > rebuild, is an AMD Opteron 4180 with a Supermicro MB using ATI SB700 > chipset - which means it supports SATA 3.0. > > Current storage is one o/s drive, and a 4-drive RAID10 array. The > RAID10 is using the Linux softraid via mdadm. The drives are > Seagates - ST3160811AS. So it's 320GB of storage, and SATA 1.5. > > I'm seeing some warnings & errors in my logs & dmesg - and Google > tells me this can the result of several factors, including the hard > drives. I haven't seen any SMART warnings as yet - but I am getting > a little nervous and thinking about upgrading the storage. > > At this time, I'm just interested in recommendations for hard drives > & partitioning strategy. At the time I created the RAID10 array - I > was still in the early stages of learning these technologies (not > that I know that much more now!) so I probably didn't take advantage > of any of the advanced settings such as stripe size, cluster size, > etc. I am using XFS. > > As part of the potential upgrade, I'm considering changing to RAID6 > - seems a bit more efficient use of space. I see no reason for SSD > - I think a set of reasonable 7200rpm drives should be just fine. > What I don't know is, compared to my current 4 drive RAID10 with > SATA 1.5, would even a single SATA 3 drive be comparable in terms of > seek performance? Should I stick with the RAID-10? > -- > Daniel From tss at iki.fi Wed Aug 31 04:28:00 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 04:28:00 +0300 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: On 31.8.2011, at 3.00, Stephen Feyrer wrote: >> So it's still not working? I guess the libdovecot.so.0 simply isn't in library paths. Typically giving linker -rpath parameter pointing to libdovecot.so.0 makes this problem invisible, but I guess in your system it doesn't do this. > > I am planning to use Dovecot SASL with Sendmail as well, will this lack of shared libraries cause a problem? Really I should have thought of this before. I don't think Sendmail supports Dovecot SASL? If it does, it talks to Dovecot via UNIX socket and doesn't require any Dovecot libraries. From dlie76 at yahoo.com.au Wed Aug 31 07:09:32 2011 From: dlie76 at yahoo.com.au (Daminto Lie) Date: Tue, 30 Aug 2011 21:09:32 -0700 (PDT) Subject: [Dovecot] dovecot imap permission denied Message-ID: <1314763772.49414.YahooMailNeo@web113404.mail.gq1.yahoo.com> Hi, I received the following error from mail.log Aug 31 13:50:57 server1 dovecot: IMAP(mike_lee): mkdir(/home/mike_lee/Maildir/.INBOX.Sent/cur) failed: Permission denied (euid=1004 egid=1003(companyusergroup) missing +w perm: /home) What I have tried to do is changing the permission for /home by typing "sudo chmod 755 /home" and this does not work. What does it mean by missing +w perm: /home? and wonder how to get around it? This is what I have in main.cf from Postfix myhostname = server1 myorigin = /etc/mailname relayhost = mynetworks = 127.0.0.0/8, 192.168.1.0/24 inet_interfaces = all inet_protocols = ipv4 home_mailbox = Maildir/ smtpd_sasl_type = dovecot #smtpd_sasl_path = private/auth-client smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination #smtpd_sender_login_maps = ldap:/etc/postfix/ldap_senders.cf broken_sasl_auth_clients = yes #dovecot_destination_recipient_limit = 1 debug_peer_list = 127.0.0.1 debug_peer_level = 5 Any help is very much appreciated. Thank you From tss at iki.fi Wed Aug 31 08:02:53 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 08:02:53 +0300 Subject: [Dovecot] dovecot imap permission denied In-Reply-To: <1314763772.49414.YahooMailNeo@web113404.mail.gq1.yahoo.com> References: <1314763772.49414.YahooMailNeo@web113404.mail.gq1.yahoo.com> Message-ID: <1314766974.8787.26.camel@hurina> On Tue, 2011-08-30 at 21:09 -0700, Daminto Lie wrote: > Aug 31 13:50:57 server1 dovecot: IMAP(mike_lee): mkdir(/home/mike_lee/Maildir/.INBOX.Sent/cur) failed: Permission denied (euid=1004 egid=1003(companyusergroup) missing +w perm: /home) > > What I have tried to do is changing the permission for /home by typing "sudo chmod 755 /home" and this does not work. What does it mean by missing +w perm: /home? and wonder how to get around it? It means that Dovecot tries to deliver mails to mike_lee's Maildir, but /home/mike_lee/ directory itself doesn't exist, so Dovecot tries to create it, but it fails because the process doesn't have write permissions to /home. The best way to fix this would be to simply create the user home dirs with proper permissions before Dovecot ever tries to deliver mails to the user. From tss at iki.fi Wed Aug 31 08:05:04 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 08:05:04 +0300 Subject: [Dovecot] dovecot imap permission denied In-Reply-To: <1314766974.8787.26.camel@hurina> References: <1314763772.49414.YahooMailNeo@web113404.mail.gq1.yahoo.com> <1314766974.8787.26.camel@hurina> Message-ID: <1314767104.8787.28.camel@hurina> Oops, you confused me by giving Postfix config, which is completely irrelevant here. Replace "deliver mails" with "access mails". On Wed, 2011-08-31 at 08:02 +0300, Timo Sirainen wrote: > On Tue, 2011-08-30 at 21:09 -0700, Daminto Lie wrote: > > > Aug 31 13:50:57 server1 dovecot: IMAP(mike_lee): mkdir(/home/mike_lee/Maildir/.INBOX.Sent/cur) failed: Permission denied (euid=1004 egid=1003(companyusergroup) missing +w perm: /home) > > > > What I have tried to do is changing the permission for /home by typing "sudo chmod 755 /home" and this does not work. What does it mean by missing +w perm: /home? and wonder how to get around it? > > It means that Dovecot tries to deliver mails to mike_lee's Maildir, > but /home/mike_lee/ directory itself doesn't exist, so Dovecot tries to > create it, but it fails because the process doesn't have write > permissions to /home. > > The best way to fix this would be to simply create the user home dirs > with proper permissions before Dovecot ever tries to deliver mails to > the user. > > From dlie76 at yahoo.com.au Wed Aug 31 09:47:46 2011 From: dlie76 at yahoo.com.au (Daminto Lie) Date: Tue, 30 Aug 2011 23:47:46 -0700 (PDT) Subject: [Dovecot] dovecot imap permission denied In-Reply-To: <1314766974.8787.26.camel@hurina> References: <1314763772.49414.YahooMailNeo@web113404.mail.gq1.yahoo.com> <1314766974.8787.26.camel@hurina> Message-ID: <1314773266.74037.YahooMailNeo@web113409.mail.gq1.yahoo.com> Thanks a lot Timo, Creating directories for new users is not an issue. It's the permission that makes me headache. I tried the following sudo chmod o-r /home/$USER sudo chmod g+rw /home/$USER It did not work until I did chmod 777 /home. Is it safe to make home directory with permission 777? Thanks ________________________________ From: Timo Sirainen To: Daminto Lie Cc: "dovecot at dovecot.org" Sent: Wednesday, 31 August 2011 3:02 PM Subject: Re: [Dovecot] dovecot imap permission denied On Tue, 2011-08-30 at 21:09 -0700, Daminto Lie wrote: > Aug 31 13:50:57 server1 dovecot: IMAP(mike_lee): mkdir(/home/mike_lee/Maildir/.INBOX.Sent/cur) failed: Permission denied (euid=1004 egid=1003(companyusergroup) missing +w perm: /home) > > What I have tried to do is changing the permission for /home by typing "sudo chmod 755 /home" and this does not work. What does it mean by missing +w perm: /home? and wonder how to get around it? It means that Dovecot tries to deliver mails to mike_lee's Maildir, but /home/mike_lee/ directory itself doesn't exist, so Dovecot tries to create it, but it fails because the process doesn't have write permissions to /home. The best way to fix this would be to simply create the user home dirs with proper permissions before Dovecot ever tries to deliver mails to the user. From tss at iki.fi Wed Aug 31 09:52:07 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 09:52:07 +0300 Subject: [Dovecot] dovecot imap permission denied In-Reply-To: <1314773266.74037.YahooMailNeo@web113409.mail.gq1.yahoo.com> References: <1314763772.49414.YahooMailNeo@web113404.mail.gq1.yahoo.com> <1314766974.8787.26.camel@hurina> <1314773266.74037.YahooMailNeo@web113409.mail.gq1.yahoo.com> Message-ID: <69D3650A-1B43-42C7-8FBD-C921F80C5D5F@iki.fi> On 31.8.2011, at 9.47, Daminto Lie wrote: > Thanks a lot Timo, > > Creating directories for new users is not an issue. It's the permission that makes me headache. The error message you showed said that the user's home directory didn't exist, and the permission problem came only because it didn't exist and Dovecot tried to create it. > I tried the following > > sudo chmod o-r /home/$USER > sudo chmod g+rw /home/$USER > > It did not work until I did chmod 777 /home. Right, because only then did it have enough permissions to create the home dir. > Is it safe to make home directory with permission 777? No. From amateo at um.es Wed Aug 31 09:54:12 2011 From: amateo at um.es (Angel L. Mateo) Date: Wed, 31 Aug 2011 08:54:12 +0200 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <8800BF81-484F-4497-A33C-4DF85956C54A@iki.fi> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> <4E577CF2.2070800@um.es> <1314588382.4008.11.camel@hurina> <4E5B5F92.2050701@um.es> <1314674016.8787.12.camel@hurina> <4E5C8579.7020901@um.es> <8800BF81-484F-4497-A33C-4DF85956C54A@iki.fi> Message-ID: <4E5DDA94.1080304@um.es> El 30/08/11 11:41, Timo Sirainen escribi?: > > Yeah, that happens if the disconnection is noticed at the time when user is trying to authenticate. But if the disconnection is noticed immediately when there are no user requests, there is also no message logged about it. > So, there must be any problem, because when my load balancer expires the connection it closes the tcp connection (it sends a fin packet). I guess that slapd too. But I'll check this... -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From steve at toth.org.uk Wed Aug 31 11:51:18 2011 From: steve at toth.org.uk (Stephen Feyrer) Date: Wed, 31 Aug 2011 09:51:18 +0100 Subject: [Dovecot] : error while loading shared libraries: libdovecot.so.0 (arm cross compile) In-Reply-To: References: Message-ID: Hi. Sorry! I was thinking of Postfix (and Exim). That was my mistake, sorry again. Sadly Exim isn't available on my target platform. Thanks. -- Stephen Feyrer. On Wed, 31 Aug 2011 02:28:00 +0100, Timo Sirainen wrote: > On 31.8.2011, at 3.00, Stephen Feyrer wrote: > >>> So it's still not working? I guess the libdovecot.so.0 simply isn't in >>> library paths. Typically giving linker -rpath parameter pointing to >>> libdovecot.so.0 makes this problem invisible, but I guess in your >>> system it doesn't do this. >> >> I am planning to use Dovecot SASL with Sendmail as well, will this lack >> of shared libraries cause a problem? Really I should have thought of >> this before. > > I don't think Sendmail supports Dovecot SASL? If it does, it talks to > Dovecot via UNIX socket and doesn't require any Dovecot libraries. From amateo at um.es Wed Aug 31 13:31:25 2011 From: amateo at um.es (Angel L. Mateo) Date: Wed, 31 Aug 2011 12:31:25 +0200 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <4E5DDA94.1080304@um.es> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> <4E577CF2.2070800@um.es> <1314588382.4008.11.camel@hurina> <4E5B5F92.2050701@um.es> <1314674016.8787.12.camel@hurina> <4E5C8579.7020901@um.es> <8800BF81-484F-4497-A33C-4DF85956C54A@iki.fi> <4E5DDA94.1080304@um.es> Message-ID: <4E5E0D7D.9090103@um.es> El 31/08/11 08:54, Angel L. Mateo escribi?: > El 30/08/11 11:41, Timo Sirainen escribi?: >> >> Yeah, that happens if the disconnection is noticed at the time when >> user is trying to authenticate. But if the disconnection is noticed >> immediately when there are no user requests, there is also no message >> logged about it. >> > So, there must be any problem, because when my load balancer expires the > connection it closes the tcp connection (it sends a fin packet). I guess > that slapd too. But I'll check this... > OK. You were right: * When openldap closes the connection because of the idle timeout, it sends a FIN packet. When dovecot needs the connections, it simply opens a new connection (without any log message). * When my load balancer closes the connection, it doesn't send anything, so dovecot thinks the connection is active. So, when auth needs it, it tries to send the search, then load balancer sends a RST packet, so dovecot logs the message and opens a new connection. So the solution is to configure oldap idletimeout parameter, dovecot auth_cache_ttl and load balancer timeout in order to avoid this last timeout to be reached. -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From amateo at um.es Wed Aug 31 13:51:31 2011 From: amateo at um.es (Angel L. Mateo) Date: Wed, 31 Aug 2011 12:51:31 +0200 Subject: [Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting In-Reply-To: <4E5E0D7D.9090103@um.es> References: <4E561E30.8020509@um.es> <69D3431E-A226-4E70-9549-08C7B45ACB30@iki.fi> <4E577CF2.2070800@um.es> <1314588382.4008.11.camel@hurina> <4E5B5F92.2050701@um.es> <1314674016.8787.12.camel@hurina> <4E5C8579.7020901@um.es> <8800BF81-484F-4497-A33C-4DF85956C54A@iki.fi> <4E5DDA94.1080304@um.es> <4E5E0D7D.9090103@um.es> Message-ID: <4E5E1233.9070604@um.es> El 31/08/11 12:31, Angel L. Mateo escribi?: > > * When openldap closes the connection because of the idle timeout, it > sends a FIN packet. When dovecot needs the connections, it simply opens > a new connection (without any log message). > > * When my load balancer closes the connection, it doesn't send anything, > so dovecot thinks the connection is active. So, when auth needs it, it > tries to send the search, then load balancer sends a RST packet, so > dovecot logs the message and opens a new connection. > > So the solution is to configure oldap idletimeout parameter, dovecot > auth_cache_ttl and load balancer timeout in order to avoid this last > timeout to be reached. > In fact, you could configure dovecot auth_cache_ttl bigger than the other, it doesn't apply. You need to configure it only if you don't want the connection to be really closed. If you just want to not log any message, configuring slapd timeout less than load balancer timeout is enough. -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337 From janfrode at tanso.net Wed Aug 31 14:03:07 2011 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Wed, 31 Aug 2011 13:03:07 +0200 Subject: [Dovecot] lmtp bouncing -- Invalid parameters (in reply to MAIL FROM command) Message-ID: <20110831110307.GA25350@oc1046828364.ibm.com> I just configured postfix' virtual_transport to point at my dovecot director, but am seeing occational problems like this: Aug 31 11:50:06 smtpgw postfix/lmtp[5339]: 69E2F5410D: to=, relay=loadbalancers.example.net[192.168.42.17]:24, delay=0.15, delays=0.14/0.01/0/0, dsn=5.5.4, status=bounced (host loadbalancers.example.net[192.168.42.17] said: 501 5.5.4 Invalid parameters (in reply to MAIL FROM command)) but can't find anything interesting in the dovecot logs.. Anybody have ideas for how to make postfix play nice with dovecot's lmtp ? smtpgws% rpm -q postfix postfix-2.3.3-2.1.el5_2 loadbalancers% rpm -q dovecot dovecot-2.0.13-2 backendmailstorers% rpm -q dovecot dovecot-2.0.13-2 -jf From janfrode at tanso.net Wed Aug 31 14:21:31 2011 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Wed, 31 Aug 2011 13:21:31 +0200 Subject: [Dovecot] lmtp bouncing -- Invalid parameters (in reply to MAIL FROM command) In-Reply-To: <20110831110307.GA25350@oc1046828364.ibm.com> References: <20110831110307.GA25350@oc1046828364.ibm.com> Message-ID: <20110831112131.GB25350@oc1046828364.ibm.com> On Wed, Aug 31, 2011 at 01:03:07PM +0200, Jan-Frode Myklebust wrote: > I just configured postfix' virtual_transport to point at my dovecot > director, but am seeing occational problems like this: > > Aug 31 11:50:06 smtpgw postfix/lmtp[5339]: 69E2F5410D: to=, relay=loadbalancers.example.net[192.168.42.17]:24, delay=0.15, delays=0.14/0.01/0/0, dsn=5.5.4, status=bounced (host loadbalancers.example.net[192.168.42.17] said: 501 5.5.4 Invalid parameters (in reply to MAIL FROM command)) Further digging shows that these messages are from an address containing quotes and spaces: mail from:<"a b"@no.no> 501 5.5.4 Invalid parameters Testing with postfix + dovecot lda (v1.2.16) the messages gets trough just fine. Is this auth_username_chars kicking in, or some other check of valid characters in lmtp from ? -jf From tss at iki.fi Wed Aug 31 14:38:50 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 14:38:50 +0300 Subject: [Dovecot] lmtp bouncing -- Invalid parameters (in reply to MAIL FROM command) In-Reply-To: <20110831112131.GB25350@oc1046828364.ibm.com> References: <20110831110307.GA25350@oc1046828364.ibm.com> <20110831112131.GB25350@oc1046828364.ibm.com> Message-ID: <1314790730.1197.10.camel@hurina> On Wed, 2011-08-31 at 13:21 +0200, Jan-Frode Myklebust wrote: > mail from:<"a b"@no.no> > 501 5.5.4 Invalid parameters This is fixed in v2.0.14. From klinkov at yandex.ru Wed Aug 31 15:27:54 2011 From: klinkov at yandex.ru (Stanislav Klinkov) Date: Wed, 31 Aug 2011 16:27:54 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> Message-ID: <4E5E28CA.6020602@yandex.ru> > Why such hostility? I beg you pardon, sir. Nothing personal, but to the question like "My car does not move" you provide the answer "Try to wipe screen and kick wheels". How do you think, if one digs into source code, has not he attempted more simple ways? Yes, I have read the manuals and wiki's before posting here. And I know what is wireshark and how to use it. > And I did answer your second question about how principal should looks > like. The matter of my question was how does the string in form of "service at host" agree with keytab entries in form of "service/host at REALM". Now I do know the answer. It is controlled by the argument "GSS_C_NT_HOSTBASED_SERVICE" of function "gss_import_name". > > Maybe I wrong, not running yet 2.0. You are wrong. There were some minor changes. See here, for example: http://www.dovecot.org/list/dovecot-cvs/2010-June/017143.html > > Make sure your client requesting correct principal in first place. Yes, I am sure. I examined logs of my Mozilla Thunderbird client. They look like this: ******* Thunderbird logs ********** 3712[5a9e240]: nsAuthSSPI::Init 3712[5a9e240]: InitSSPI 3712[5a9e240]: Using SPN of [imap/efim.test.local] 3712[5a9e240]: AcquireCredentialsHandle() succeeded. 3712[5a9e240]: entering nsAuthSSPI::GetNextToken() 3712[5a9e240]: InitializeSecurityContext: continue. ************************************* > "Wrong principal in request", Usually means the principal in the > system keytab for your system doesn't agree with the hostname or DNS > name of the system. It does agree. My host is named "efim.test.local". Here is the contents of my krb5.keytab: ******* krb5.keytab *********** slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 4 imap/efim.test.local at ROMASHKA.LAN 2 5 pop/efim.test.local at ROMASHKA.LAN 3 6 smtp/efim.test.local at ROMASHKA.LAN ********************************* I have already found out, that denial is generated somewhere inside krb5 libraries, not in Dovecot's modules. But I see no way to trace or debug kerberos calls. Source codes of kerberos libs are too complex for me to analyze. If you are interested in, you may join the parallel discussion of the topic on iXBT forum here: http://forum.ixbt.com/topic.cgi?id=76:10089 With best regards, Stanislav Klinkov. From warden at geneseo.edu Wed Aug 31 16:11:17 2011 From: warden at geneseo.edu (David Warden) Date: Wed, 31 Aug 2011 09:11:17 -0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5E28CA.6020602@yandex.ru> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> Message-ID: <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> On Aug 31, 2011, at 8:27 AM, Stanislav Klinkov wrote: > >> Why such hostility? > > I beg you pardon, sir. Nothing personal, but to the question like "My > car does not move" you provide the answer "Try to wipe screen and kick > wheels". How do you think, if one digs into source code, has not he > attempted more simple ways? Yes, I have read the manuals and wiki's > before posting here. And I know what is wireshark and how to use it. > >> And I did answer your second question about how principal should looks >> like. > > The matter of my question was how does the string in form of > "service at host" agree with keytab entries in form of > "service/host at REALM". Now I do know the answer. It is controlled by the > argument "GSS_C_NT_HOSTBASED_SERVICE" of function "gss_import_name". > >> >> Maybe I wrong, not running yet 2.0. > > You are wrong. There were some minor changes. See here, for example: > http://www.dovecot.org/list/dovecot-cvs/2010-June/017143.html > >> >> Make sure your client requesting correct principal in first place. > > Yes, I am sure. I examined logs of my Mozilla Thunderbird client. They > look like this: > > ******* Thunderbird logs ********** > 3712[5a9e240]: nsAuthSSPI::Init > 3712[5a9e240]: InitSSPI > 3712[5a9e240]: Using SPN of [imap/efim.test.local] > 3712[5a9e240]: AcquireCredentialsHandle() succeeded. > 3712[5a9e240]: entering nsAuthSSPI::GetNextToken() > 3712[5a9e240]: InitializeSecurityContext: continue. > ************************************* > I take these Thunderbird log entries to mean your workstation was able to get a kerberos ticket for imap/efim.test.local >> "Wrong principal in request", Usually means the principal in the >> system keytab for your system doesn't agree with the hostname or DNS >> name of the system. > > It does agree. My host is named "efim.test.local". Here is the contents > of my krb5.keytab: > > ******* krb5.keytab *********** > slot KVNO Principal > ---- ---- > --------------------------------------------------------------------- > 1 4 imap/efim.test.local at ROMASHKA.LAN > 2 5 pop/efim.test.local at ROMASHKA.LAN > 3 6 smtp/efim.test.local at ROMASHKA.LAN > ********************************* > The fact that you have different KVNOs for multiple services on the same host seems curious. How did you generate those keys and put them into krb5.keytab? Are you using Active Directory for Kerberos? If I ran ktpass multiple times to generate a new key for imap and then smtp, I would get the "wrong principal in request" error. When I ran ktpass once for IMAP and added the SPN for smtp using LDAP/setspn and used ktutil on the dovecot host to add an entry to my keytab with the same key and kvno as ktpass generated the first time, then dovecot and smtp started working. I suppose that's weaker for security but chances are your mail SPNs (imap/pop/smtp) are tied to a single user or machine account anyway... > I have already found out, that denial is generated somewhere inside krb5 > libraries, not in Dovecot's modules. But I see no way to trace or debug > kerberos calls. Source codes of kerberos libs are too complex for me to > analyze. > > If you are interested in, you may join the parallel discussion of the > topic on iXBT forum here: http://forum.ixbt.com/topic.cgi?id=76:10089 > > With best regards, > Stanislav Klinkov. From tss at iki.fi Wed Aug 31 16:24:24 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 16:24:24 +0300 Subject: [Dovecot] [PATCH] Indexing mail attachments with Dovecot + Solr In-Reply-To: References: Message-ID: <1314797064.1197.23.camel@hurina> On Mon, 2011-05-23 at 13:11 +0200, Antonio Perez-Aranda wrote: > Indexing mail attachments with Dovecot + Solr. I've been looking at this and wondering about a few things: The example solrconfig.xml contains: > > .. > > true > links > ignored_ > To me it looks like this requires that there exists a "links" field that is used for.. I guess content between .. tags? Or also for the href URLS? In any case there's no links field in the schema.xml so I don't think this works? Similarly it looks like stuff between
..
is ignored here, which doesn't seem like a good idea. > There is a new property for the section plugin to filter the mimetypes > that you want to index. > * fts_solr_mimetype > files with this mimetype will be sent to solr. In v2.1 I've added a generic "fts decoder" script that can handle attachment decoding. The script contains stuff like: formats='application/pdf pdf application/x-pdf pdf application/msword doc .. So there already exists a place which can list supported MIME types and also what filename extensions they have, so if there's application/octet-stream with filename=foo.pdf, Dovecot's fts code can change the MIME type to application/pdf. This sounds like it could be useful for the Solr attachments too. Maybe instead of fts_solr_mimetype setting the script could be modified a bit so that it would even allow mixed Solr/script attachment extraction. For example: formats='+application/pdf pdf +application/x-pdf pdf application/msword doc' The "+" prefix could tell that the FTS backend (Solr) handles the MIME type instead of the script. So with above config Solr would decode .pdfs, but the script would decode .docs. I was also thinking that the attachment documents could contain some description fields as well, which could be useful if you're searching the Solr index directly instead of via Dovecot. Maybe fields like "attachment_filename" (parsed from Content-Disposition: header) and "attachment_description" (parsed from Content-Description: header). They could of course be empty if those fields don't exist (and probably should be optional anyway). Also there should be "attachment_part" field that would contain the IMAP MIME part number of the attachment (e.g. "2.1.3"), so it would be easy to find and fetch the attachment. This could also be used as part of the ID string instead of the attachment_count. From klinkov at yandex.ru Wed Aug 31 16:35:52 2011 From: klinkov at yandex.ru (Stanislav Klinkov) Date: Wed, 31 Aug 2011 17:35:52 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> Message-ID: <4E5E38B8.7060404@yandex.ru> > How did you generate those keys and put them into krb5.keytab? I logged onto my domain controller via RDP and issued the following commands: **************** keytabs generation ********************* ktpass -princ imap/efim.test.local at ROMASHKA.LAN -mapuser dovecot -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out imap.keytab ktpass -princ pop/efim.test.local at ROMASHKA.LAN -mapuser dovecot -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out pop.keytab ktpass -princ smtp/efim.test.local at ROMASHKA.LAN -mapuser dovecot -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out smtp.keytab ************************************************************ Then I moved "imap.keytab", "pop.keytab" and "smtp.keytab" onto my dovecot server machine and merged them into single file with "ktutil": ************** ktutil commands ************** rkt imap.keytab rkt pop.keytab rkt smtp.keytab wkt krb5.keytab quit ************************************************ > Are you using Active Directory for Kerberos? Yes, I am. > and added the SPN for smtp using LDAP/setspn and used ktutil on the dovecot host to add an entry to my keytab with the same key and kvno Sorry, I'm not sure in realizing what you mean. What is "LDAP/setspn"? From warden at geneseo.edu Wed Aug 31 17:08:30 2011 From: warden at geneseo.edu (David Warden) Date: Wed, 31 Aug 2011 10:08:30 -0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5E38B8.7060404@yandex.ru> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> Message-ID: <93D67517-EEA9-4E73-8484-A56D89149434@geneseo.edu> On Aug 31, 2011, at 9:35 AM, Stanislav Klinkov wrote: > >> How did you generate those keys and put them into krb5.keytab? > I logged onto my domain controller via RDP and issued the following > commands: > > **************** keytabs generation ********************* > ktpass -princ imap/efim.test.local at ROMASHKA.LAN -mapuser dovecot > -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out imap.keytab > > ktpass -princ pop/efim.test.local at ROMASHKA.LAN -mapuser dovecot > -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out pop.keytab > > ktpass -princ smtp/efim.test.local at ROMASHKA.LAN -mapuser dovecot > -pass megasuperpassword -ptype KRB5_NT_SRV_HST -out smtp.keytab > ************************************************************ > > Then I moved "imap.keytab", "pop.keytab" and "smtp.keytab" onto my > dovecot server machine and merged them into single file with "ktutil": > ************** ktutil commands ************** > rkt imap.keytab > rkt pop.keytab > rkt smtp.keytab > wkt krb5.keytab > quit > ************************************************ I did exactly what you did when I was trying to get IMAP and SMTP Kerberized with AD (although I used KRB5_NT_PRINCIPAL in ktpass) and got the same error you were getting. It seemed like running ktpass multiple times invalidated the previous keytabs. What I did to fix it was run ktpass once for imap/fqdn at REALM and copy the hex key, kvno and encryption type to a text file somewhere. (You could also get these from klist -Kek ) Then I used ktutil to rkt the imap keytab and did "addent -key -p smtp/fqdn at REALM -k -e " and then paste the hex key I got from ktpass. Since you're not using +rndPass in ktpass, you may be able to use -password instead of key in the addent command in ktutil, but I haven't used that method before. Then wkt the ticket somewhere and klist -Kek and make sure that all entries have the same KVNO, hex key, and enc type but different principals. Then use your preferred method (setspn.exe or some graphical interface to AD's LDAP) to add entries to your dovecot user's servicePrincipalName attribute for each new principal you added to your keytab. The first ktpass should've put something there for you, just follow that example. To make sure everything should work, hop on a box where you have a valid user Kerberos ticket and do kvno imap/efim.test.local and kvno smtp/efim.test.local. That should try to get tickets for each of those services. If that doesn't work, then something is probably wrong with the servicePrincipalName attribute. One thing I should mention: servicePrincipalNames must be unique in AD, but I don't believe there are any controls to prevent you from making duplicates since it's just an LDAP attribute. The effect of this (as you can probably guess) is that IMAP, POP and SMTP effectively end up as aliases to the dovecot user in AD, using a single key. > >> Are you using Active Directory for Kerberos? > Yes, I am. > >> and added the SPN for smtp using LDAP/setspn and used ktutil on the dovecot host to add an entry to my keytab with the same key and kvno > Sorry, I'm not sure in realizing what you mean. What is "LDAP/setspn"? > > I should've been more clear about LDAP/setspn. You can use setspn.exe command on one of your AD controllers, or Active Directory Users & Computers or AD & GP MMC interfaces (depending on if you have Win Server 2k3 or 2k8) to edit the servicePrincipalName attribute for your dovecot user in AD's LDAP store. From acherniak at gmail.com Wed Aug 31 17:24:49 2011 From: acherniak at gmail.com (Alex Cherniak) Date: Wed, 31 Aug 2011 10:24:49 -0400 Subject: [Dovecot] Proprietary mail storage. Message-ID: I have a large existing read-only collection of mails packaged in individual zip files as +. Is it possible (and how difficult) to create a proprietary plugin (like gzip) which will open a zip file, extract mail and pass it back to Dovecot? Where do I start? If plugin is not the right approach, what is? Another question is how will this affect Dovecot performance and how to avoid any significant degradation. Any help is appreciated.Thanks. From robert at schetterer.org Wed Aug 31 17:29:19 2011 From: robert at schetterer.org (Robert Schetterer) Date: Wed, 31 Aug 2011 16:29:19 +0200 Subject: [Dovecot] Proprietary mail storage. In-Reply-To: References: Message-ID: <4E5E453F.6060508@schetterer.org> Am 31.08.2011 16:24, schrieb Alex Cherniak: > I have a large existing read-only collection of mails packaged in > individual zip files as +. Is it > possible (and how difficult) to create a proprietary plugin (like > gzip) which will open a zip file, extract mail and pass it back to > Dovecot? Where do I start? If plugin is not the right approach, what > is? > Another question is how will this affect Dovecot performance and how > to avoid any significant degradation. > Any help is appreciated.Thanks. did you looked at http://wiki2.dovecot.org/Plugins/Zlib ? -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From tss at iki.fi Wed Aug 31 17:52:42 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 17:52:42 +0300 Subject: [Dovecot] Proprietary mail storage. In-Reply-To: References: Message-ID: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> On 31.8.2011, at 17.24, Alex Cherniak wrote: > I have a large existing read-only collection of mails packaged in > individual zip files as +. Is it > possible (and how difficult) to create a proprietary plugin (like > gzip) which will open a zip file, extract mail and pass it back to > Dovecot? Where do I start? If plugin is not the right approach, what > is? Is it otherwise a Maildir? If yes, you could base your code on the zlib plugin, or perhaps more easily you could use mail-filter plugin: http://dovecot.org/patches/2.0/mail-filter.tar.gz With mail-filter you can basically just put the messages through whatever program/script you want which gets the mail as input and outputs the wanted message body. I think the v2.0 mail-filter had some (potential?) bug, v2.1 mail-filter is anyway redesigned and should work perfectly. > Another question is how will this affect Dovecot performance and how > to avoid any significant degradation. I doubt it's going to be a problem. From klinkov at yandex.ru Wed Aug 31 17:55:04 2011 From: klinkov at yandex.ru (Stanislav Klinkov) Date: Wed, 31 Aug 2011 18:55:04 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <93D67517-EEA9-4E73-8484-A56D89149434@geneseo.edu> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> <93D67517-EEA9-4E73-8484-A56D89149434@geneseo.edu> Message-ID: <4E5E4B48.3010209@yandex.ru> Thank you for sharing a very interesting experience, David. > It seemed like running ktpass multiple times invalidated the previous keytabs. OK. Let us assume. But then how can you explain the fact that the setting <> in dovecot config solves all mentioned troubles at once? As well I just have run the following experiment. I re-generated one more keytab for service "imap/test.efim.local" only. So, it became the last-generated key. Then I copied it onto my dovecot server as the only "krb.keytab" file, and nothing changed. Also, I issued the following command on my AD domain controller: C:\Windows\system32>setspn -L dovecot And the result was: ***************** Registered ServicePrincipalNames for CN=dovecot,OU=Agents,DC=romashka,DC=lan: imap/efim.test.local smtp/efim.test.local pop/efim.test.local ***************** Please note, that I have not apllied any magic to servicePrincipalName of AD user "dovecot" by setspn or other AD snap-ins. > To make sure everything should work, hop on a box where you have a valid user Kerberos ticket and do kvno imap/efim.test.local and kvno smtp/efim.test.local. Sorry, I might have not mentioned above. I run Mozilla Thunderbird on my Windows XP workstation. From robert at schetterer.org Wed Aug 31 18:04:27 2011 From: robert at schetterer.org (Robert Schetterer) Date: Wed, 31 Aug 2011 17:04:27 +0200 Subject: [Dovecot] Proprietary mail storage. In-Reply-To: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> References: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> Message-ID: <4E5E4D7B.3050507@schetterer.org> Am 31.08.2011 16:52, schrieb Timo Sirainen: > On 31.8.2011, at 17.24, Alex Cherniak wrote: > >> I have a large existing read-only collection of mails packaged in >> individual zip files as +. Is it >> possible (and how difficult) to create a proprietary plugin (like >> gzip) which will open a zip file, extract mail and pass it back to >> Dovecot? Where do I start? If plugin is not the right approach, what >> is? > > Is it otherwise a Maildir? If yes, you could base your code on the zlib plugin, or perhaps more easily you could use mail-filter plugin: http://dovecot.org/patches/2.0/mail-filter.tar.gz are there any examples or how too online for mail-filter ? > > With mail-filter you can basically just put the messages through whatever program/script you want which gets the mail as input and outputs the wanted message body. I think the v2.0 mail-filter had some (potential?) bug, v2.1 mail-filter is anyway redesigned and should work perfectly. > >> Another question is how will this affect Dovecot performance and how >> to avoid any significant degradation. > > I doubt it's going to be a problem. > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From tss at iki.fi Wed Aug 31 18:14:57 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 18:14:57 +0300 Subject: [Dovecot] Proprietary mail storage. In-Reply-To: <4E5E4D7B.3050507@schetterer.org> References: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> <4E5E4D7B.3050507@schetterer.org> Message-ID: <6D760583-9552-4772-B862-DB6AA37155B4@iki.fi> On 31.8.2011, at 18.04, Robert Schetterer wrote: >> Is it otherwise a Maildir? If yes, you could base your code on the zlib plugin, or perhaps more easily you could use mail-filter plugin: http://dovecot.org/patches/2.0/mail-filter.tar.gz > > are there any examples or how too online for mail-filter ? For compiling look at the beginning of mail-filter-plugin.c For using add it to mail_plugins and: plugin { mail_filter_executable = /path/to/your/script.sh } A script could be for example (totally insecure and broken): #!/bin/sh sed s/Hello/Hi/ > /tmp/foo cat /tmp/foo rm /tmp/foo Unfortunately you can't both read stdin and write to stdout at the same time because of some internal Dovecot problems with it. So you'll have to write it to a temp file and then output that after the entire input is read. From robert at schetterer.org Wed Aug 31 18:17:51 2011 From: robert at schetterer.org (Robert Schetterer) Date: Wed, 31 Aug 2011 17:17:51 +0200 Subject: [Dovecot] Proprietary mail storage. In-Reply-To: <6D760583-9552-4772-B862-DB6AA37155B4@iki.fi> References: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> <4E5E4D7B.3050507@schetterer.org> <6D760583-9552-4772-B862-DB6AA37155B4@iki.fi> Message-ID: <4E5E509F.2020403@schetterer.org> Am 31.08.2011 17:14, schrieb Timo Sirainen: > On 31.8.2011, at 18.04, Robert Schetterer wrote: > >>> Is it otherwise a Maildir? If yes, you could base your code on the zlib plugin, or perhaps more easily you could use mail-filter plugin: http://dovecot.org/patches/2.0/mail-filter.tar.gz >> >> are there any examples or how too online for mail-filter ? > > For compiling look at the beginning of mail-filter-plugin.c > > For using add it to mail_plugins and: > > plugin { > mail_filter_executable = /path/to/your/script.sh > } > > A script could be for example (totally insecure and broken): > > #!/bin/sh > > sed s/Hello/Hi/ > /tmp/foo > cat /tmp/foo > rm /tmp/foo > > Unfortunately you can't both read stdin and write to stdout at the same time because of some internal Dovecot problems with it. So you'll have to write it to a temp file and then output that after the entire input is read. sorry for silly question is there any known typical usage for that , or was this on the wishlist to solve some stuff ? -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From simon.brereton at buongiorno.com Wed Aug 31 18:19:23 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Wed, 31 Aug 2011 11:19:23 -0400 Subject: [Dovecot] Password query returned multiple matches Message-ID: <006601cc67f1$5e34f550$1a9edff0$@brereton@buongiorno.com> Hi After successfully setting up dovecot, I see this error in the logs. Aug 30 22:41:45 mail dovecot: auth-worker(default): sql(sbrereton at domain.co.uk,64.88.168.84): Password query returned multiple matches Aug 30 22:41:52 mail dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=64.88.168.84, lip=127.0.0.1, TLS Can you tell me what it means or what I should look for? In my dovecot-sql.conf I have this query: password_query = SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='%u' AND active = '1'; Since the EmailAdd is unique I don't see how it can return multiple matches. Thanks. Simon From tss at iki.fi Wed Aug 31 18:21:05 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 18:21:05 +0300 Subject: [Dovecot] Proprietary mail storage. In-Reply-To: <4E5E509F.2020403@schetterer.org> References: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> <4E5E4D7B.3050507@schetterer.org> <6D760583-9552-4772-B862-DB6AA37155B4@iki.fi> <4E5E509F.2020403@schetterer.org> Message-ID: <5D6C1852-9288-4C76-9EF6-6AC549500C2D@iki.fi> On 31.8.2011, at 18.17, Robert Schetterer wrote: >>>> Is it otherwise a Maildir? If yes, you could base your code on the zlib plugin, or perhaps more easily you could use mail-filter plugin: http://dovecot.org/patches/2.0/mail-filter.tar.gz >>> >>> are there any examples or how too online for mail-filter ? .. > sorry for silly question > is there any known typical usage for that , or was this on the wishlist > to solve some stuff ? It was originally written to be used with imapc ("imap proxy") backend. You could use it for stuff like decode encrypted PGP mails or scan for viruses and drop them if found. From tss at iki.fi Wed Aug 31 18:22:22 2011 From: tss at iki.fi (Timo Sirainen) Date: Wed, 31 Aug 2011 18:22:22 +0300 Subject: [Dovecot] Password query returned multiple matches In-Reply-To: <006601cc67f1$5e34f550$1a9edff0$@brereton@buongiorno.com> References: <006601cc67f1$5e34f550$1a9edff0$@brereton@buongiorno.com> Message-ID: On 31.8.2011, at 18.19, Simon Brereton wrote: > Aug 30 22:41:45 mail dovecot: auth-worker(default): sql(sbrereton at domain.co.uk,64.88.168.84): Password query returned multiple matches .. > password_query = SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='%u' AND active = '1'; > > Since the EmailAdd is unique I don't see how it can return multiple matches. You're querying with Username, not with EmailAdd, and apparently there are multiple rows where Username='sbrereton at domain.co.uk'. From robert at schetterer.org Wed Aug 31 18:27:54 2011 From: robert at schetterer.org (Robert Schetterer) Date: Wed, 31 Aug 2011 17:27:54 +0200 Subject: [Dovecot] Proprietary mail storage. In-Reply-To: <5D6C1852-9288-4C76-9EF6-6AC549500C2D@iki.fi> References: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> <4E5E4D7B.3050507@schetterer.org> <6D760583-9552-4772-B862-DB6AA37155B4@iki.fi> <4E5E509F.2020403@schetterer.org> <5D6C1852-9288-4C76-9EF6-6AC549500C2D@iki.fi> Message-ID: <4E5E52FA.7020503@schetterer.org> Am 31.08.2011 17:21, schrieb Timo Sirainen: > On 31.8.2011, at 18.17, Robert Schetterer wrote: > >>>>> Is it otherwise a Maildir? If yes, you could base your code on the zlib plugin, or perhaps more easily you could use mail-filter plugin: http://dovecot.org/patches/2.0/mail-filter.tar.gz >>>> >>>> are there any examples or how too online for mail-filter ? > .. >> sorry for silly question >> is there any known typical usage for that , or was this on the wishlist >> to solve some stuff ? > > It was originally written to be used with imapc ("imap proxy") backend. You could use it for stuff like decode encrypted PGP mails that sounds like a very good idea or scan for viruses and drop them if found. > ok , thats solved i another way at my setup, but nice to have great idea anyway, thx for coding -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria From trever.adams at gmail.com Wed Aug 31 18:28:50 2011 From: trever.adams at gmail.com (Trever L. Adams) Date: Wed, 31 Aug 2011 09:28:50 -0600 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5E38B8.7060404@yandex.ru> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> Message-ID: <4E5E5332.3060006@gmail.com> On 08/31/2011 07:35 AM, Stanislav Klinkov wrote: > > >> and added the SPN for smtp using LDAP/setspn and used ktutil on the dovecot host to add an entry to my keytab with the same key and kvno > Sorry, I'm not sure in realizing what you mean. What is "LDAP/setspn"? > > I have only followed part of this. It the original poster's problem is that the LDAP database is not being able to be accessed with an SPN ticket, this is because SPNs are not allowed to log in in AD. You need to use a user account (including MACHINE$ accounts). It took me forever to figure this out. To use this, you need a cron job that creates/renews tickets from time to time for the user/machine account. Then you use Dovecot's environment setup configuration to set the KRB5_CC (or whatever it is called, my head is elsewhere) env variable to that Kerberos ticket cache that was created in the cronjob. This cache needs to be readable by dovecot and should be owned by its user. Trever -- First Law of System Requirements: "Anything is possible if you don't know what you're talking about..." -- Unknown -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: From simon.brereton at buongiorno.com Wed Aug 31 18:44:03 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Wed, 31 Aug 2011 11:44:03 -0400 Subject: [Dovecot] Password query returned multiple matches In-Reply-To: References: <006601cc67f1$5e34f550$1a9edff0$@brereton@buongiorno.com> Message-ID: <006901cc67f4$d03cd2f0$70b678d0$@brereton@buongiorno.com> > -----Original Message----- > From: Timo Sirainen [mailto:tss at iki.fi] > > On 31.8.2011, at 18.19, Simon Brereton wrote: > > > Aug 30 22:41:45 mail dovecot: auth-worker(default): > sql(sbrereton at domain.co.uk,64.88.168.84): Password query returned > multiple matches > .. > > password_query = SELECT EmailAdd AS user, Password AS password, > concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as > userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='%u' > AND active = '1'; > > > > Since the EmailAdd is unique I don't see how it can return multiple > matches. > > You're querying with Username, not with EmailAdd, and apparently > there are multiple rows where Username='sbrereton at domain.co.uk'. Well, what do you know - there are two Usernames that at the same! I have no idea how that happened. Simon From warden at geneseo.edu Wed Aug 31 18:51:02 2011 From: warden at geneseo.edu (David Warden) Date: Wed, 31 Aug 2011 11:51:02 -0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5E4B48.3010209@yandex.ru> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> <93D67517-EEA9-4E73-8484-A56D89149434@geneseo.edu> <4E5E4B48.3010209@yandex.ru> Message-ID: <8CDCA9B7-4BB1-4253-8D63-684168C38C61@geneseo.edu> On Aug 31, 2011, at 10:55 AM, Stanislav Klinkov wrote: > > Thank you for sharing a very interesting experience, David. > >> It seemed like running ktpass multiple times invalidated the previous keytabs. > OK. Let us assume. But then how can you explain the fact that the > setting <> in dovecot config solves all > mentioned troubles at once? > That is a very good question that I sadly don't have the answer to and I fear I misunderstood the initial problem. It's my understanding that auth_gssapi_hostname controls which entries in the keytab file dovecot will allow itself to use. If you enable debug auth logging in dovecot, do you see anything about which entry in your keytab file it's attempting to use? Also, do you see anything in your AD logs when you get the "invalid principal" error from the IP of your dovecot host? > As well I just have run the following experiment. I re-generated one > more keytab for service "imap/test.efim.local" only. So, it became the > last-generated key. Then I copied it onto my dovecot server as the only > "krb.keytab" file, and nothing changed. > > Also, I issued the following command on my AD domain controller: > C:\Windows\system32>setspn -L dovecot > > And the result was: > ***************** > Registered ServicePrincipalNames for > CN=dovecot,OU=Agents,DC=romashka,DC=lan: > imap/efim.test.local > smtp/efim.test.local > pop/efim.test.local > ***************** > > Please note, that I have not apllied any magic to servicePrincipalName > of AD user "dovecot" by setspn or other AD snap-ins. > >> To make sure everything should work, hop on a box where you have a valid user Kerberos ticket and do kvno imap/efim.test.local and kvno smtp/efim.test.local. > > Sorry, I might have not mentioned above. I run Mozilla Thunderbird on my > Windows XP workstation. > From simon.brereton at buongiorno.com Wed Aug 31 18:54:57 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Wed, 31 Aug 2011 11:54:57 -0400 Subject: [Dovecot] Multiple domains to one inbox and temporary redirects... Message-ID: <007f01cc67f6$5622d1c0$02687540$@brereton@buongiorno.com> Hi Can anyone point me to a howto to arrange for multiple domains to deliver to one inbox with Dovecot? For example, user1 at example.com and user1 at example.net should both be delivered to /var/spool/mail/virtual/example.net/user1 Currently, I have the dovecot LDA set as: dovecot unix - n n - - pipe flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} and in dovecot.conf: mail_location: maildir:/var/spool/mail/virtual/%d/%n For some domains only, I need to override that mail_location. Related to that, when user1 leave and user2 would like to receive user1's email, how can I get it so that email to user1 at example.com is delivered to user2 at example.com? Previously when I was using Postfix to deliver the mails, I could change the maildirloc in the DB - but I?m not sure how to accomplish this with dovecot LDA. Again, any pointers would be welcome. Thanks. Simon From shopik at inblock.ru Wed Aug 31 19:30:48 2011 From: shopik at inblock.ru (Nikolay Shopik) Date: Wed, 31 Aug 2011 20:30:48 +0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5E4B48.3010209@yandex.ru> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> <93D67517-EEA9-4E73-8484-A56D89149434@geneseo.edu> <4E5E4B48.3010209@yandex.ru> Message-ID: On 31.08.2011 18:55, Stanislav Klinkov wrote: > > Thank you for sharing a very interesting experience, David. > >> It seemed like running ktpass multiple times invalidated the previous keytabs. > OK. Let us assume. But then how can you explain the fact that the > setting<> in dovecot config solves all > mentioned troubles at once? > > As well I just have run the following experiment. I re-generated one > more keytab for service "imap/test.efim.local" only. So, it became the > last-generated key. Then I copied it onto my dovecot server as the only > "krb.keytab" file, and nothing changed. > > Also, I issued the following command on my AD domain controller: > C:\Windows\system32>setspn -L dovecot > > And the result was: > ***************** > Registered ServicePrincipalNames for > CN=dovecot,OU=Agents,DC=romashka,DC=lan: > imap/efim.test.local > smtp/efim.test.local > pop/efim.test.local > ***************** > > Please note, that I have not apllied any magic to servicePrincipalName > of AD user "dovecot" by setspn or other AD snap-ins. Early versions of ktpass only allowed only 1 serviceprincipialnames, thus every time you generate new it was overwrite old one. ktpass from win2008 seems fix this. > >> To make sure everything should work, hop on a box where you have a valid user Kerberos ticket and do kvno imap/efim.test.local and kvno smtp/efim.test.local. > > Sorry, I might have not mentioned above. I run Mozilla Thunderbird on my > Windows XP workstation. > > Can you do kinit -k imap/imap/efim.test.local at ROMASHKA.LAN and then klist, does it work for you? I do recommend tcpdump kerberos traffic between your client and server, this is usually helps me much better then any logging, flow easy to read in wireshark. From nick+dovecot at bunbun.be Wed Aug 31 19:41:42 2011 From: nick+dovecot at bunbun.be (Nick Rosier) Date: Wed, 31 Aug 2011 18:41:42 +0200 Subject: [Dovecot] Multiple domains to one inbox and temporary redirects... In-Reply-To: <007f01cc67f6$5622d1c0$02687540$@brereton@buongiorno.com> References: <007f01cc67f6$5622d1c0$02687540$@brereton@buongiorno.com> Message-ID: <4E5E6446.1070406@bunbun.be> Simon Brereton wrote: > Hi > > Can anyone point me to a howto to arrange for multiple domains to deliver to one inbox with Dovecot? For example, user1 at example.com and user1 at example.net should both be delivered to /var/spool/mail/virtual/example.net/user1 > > Currently, I have the dovecot LDA set as: > > dovecot unix - n n - - pipe > flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} > > > and in dovecot.conf: > > mail_location: maildir:/var/spool/mail/virtual/%d/%n > > For some domains only, I need to override that mail_location. > > > Related to that, when user1 leave and user2 would like to receive user1's email, how can I get it so that email to user1 at example.com is delivered to user2 at example.com? Previously when I was using Postfix to deliver the mails, I could change the maildirloc in the DB - but I?m not sure how to accomplish this with dovecot LDA. > > I'm using Postfixadmin to manage users and have server alias-domains. All mail sent to an alias-domain is delivered to the other domain. Quite easy if you've got postfixadmin already setup. Otherwise I think you could configure virtual_alias_maps in postfix to something like hash:virtual_domains virtual_domains: @example.net @example.com N. From aewhale at ABS-CompTech.com Wed Aug 31 20:34:01 2011 From: aewhale at ABS-CompTech.com (Albert E. Whale) Date: Wed, 31 Aug 2011 13:34:01 -0400 Subject: [Dovecot] Multiple domains to one inbox and temporary redirects... In-Reply-To: <4E5E6446.1070406@bunbun.be> References: <007f01cc67f6$5622d1c0$02687540$@brereton@buongiorno.com> <4E5E6446.1070406@bunbun.be> Message-ID: <4E5E7089.2040701@ABS-CompTech.com> I'm using Sendmail, sample config below: On 8/31/2011 12:41 PM, Nick Rosier wrote: > Simon Brereton wrote: >> Hi >> >> Can anyone point me to a howto to arrange for multiple domains to >> deliver to one inbox with Dovecot? For example, user1 at example.com >> and user1 at example.net should both be delivered to >> /var/spool/mail/virtual/example.net/user1 >> >> Currently, I have the dovecot LDA set as: >> >> dovecot unix - n n - - pipe >> flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f >> ${sender} -d ${user}@${nexthop} >> >> >> and in dovecot.conf: >> >> mail_location: maildir:/var/spool/mail/virtual/%d/%n >> >> For some domains only, I need to override that mail_location. >> >> >> Related to that, when user1 leave and user2 would like to receive >> user1's email, how can I get it so that email to user1 at example.com is >> delivered to user2 at example.com? Previously when I was using Postfix >> to deliver the mails, I could change the maildirloc in the DB - but >> I?m not sure how to accomplish this with dovecot LDA. >> >> > I'm using Postfixadmin to manage users and have server alias-domains. > All mail sent to an alias-domain is delivered to the other domain. > Quite easy if you've got postfixadmin already setup. > > Otherwise I think you could configure virtual_alias_maps in postfix to > something like hash:virtual_domains > > virtual_domains: > @example.net @example.com > > N. > > We deliver multiple multiple domains to the single user name of the domain. admin at NoJunk-Mail.com admin admin at emailsecurity.us admin admin at spam-zapper.com admin admin at abs-comptech.com admin admin at remote-pc-doc.com admin We use our Server Administrator tool to manage the mailboxes. Begin shameless plug: (Server Administrator - http://www.abs-comptech.com/serveradministrator.htm) end shameless plug -- Albert E. Whale, CHS CISA CISSP Senior Technology & Security Director *ABS Computer Technology, Inc. * 412-635-7488 ext 100 aewhale at ABS-CompTech.com www.ABS-CompTech.com -------------- next part -------------- A non-text attachment was scrubbed... Name: aewhale.vcf Type: text/x-vcard Size: 398 bytes Desc: not available URL: From simon.brereton at buongiorno.com Wed Aug 31 20:41:18 2011 From: simon.brereton at buongiorno.com (Simon Brereton) Date: Wed, 31 Aug 2011 13:41:18 -0400 Subject: [Dovecot] Multiple domains to one inbox and temporary redirects... In-Reply-To: <4E5E6446.1070406@bunbun.be> References: <007f01cc67f6$5622d1c0$02687540$@brereton@buongiorno.com> <4E5E6446.1070406@bunbun.be> Message-ID: <008601cc6805$313f77f0$93be67d0$@brereton@buongiorno.com> > -----Original Message----- > From: Nick Rosier [mailto:nick+dovecot at bunbun.be] > > Simon Brereton wrote: > > Hi > > > > Can anyone point me to a howto to arrange for multiple domains to > > deliver to one inbox with Dovecot? For example, user1 at example.com > and > > user1 at example.net should both be delivered to > > /var/spool/mail/virtual/example.net/user1 > > > > Currently, I have the dovecot LDA set as: > > > > dovecot unix - n n - - pipe > > flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f > > ${sender} -d ${user}@${nexthop} > > > > > > and in dovecot.conf: > > > > mail_location: maildir:/var/spool/mail/virtual/%d/%n > > > > For some domains only, I need to override that mail_location. > > > > > > Related to that, when user1 leave and user2 would like to receive > user1's email, how can I get it so that email to user1 at example.com is > delivered to user2 at example.com? Previously when I was using Postfix > to deliver the mails, I could change the maildirloc in the DB - but > I?m not sure how to accomplish this with dovecot LDA. > > > > > I'm using Postfixadmin to manage users and have server alias-domains. > All mail sent to an alias-domain is delivered to the other domain. > Quite easy if you've got postfixadmin already setup. > > Otherwise I think you could configure virtual_alias_maps in postfix > to something like hash:virtual_domains > > virtual_domains: > @example.net @example.com Cheers Nick Of course that will do it. Thanks. Simon From trever.adams at gmail.com Wed Aug 31 20:49:12 2011 From: trever.adams at gmail.com (Trever L. Adams) Date: Wed, 31 Aug 2011 11:49:12 -0600 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> <93D67517-EEA9-4E73-8484-A56D89149434@geneseo.edu> <4E5E4B48.3010209@yandex.ru> Message-ID: <4E5E7418.5010403@gmail.com> On 08/31/2011 10:30 AM, Nikolay Shopik wrote: > > Can you do kinit -k imap/imap/efim.test.local at ROMASHKA.LAN and then > klist, does it work for you? > > I do recommend tcpdump kerberos traffic between your client and > server, this is usually helps me much better then any logging, flow > easy to read in wireshark. > Under active directory, you cannot kinit as an SPN, only UPN (including MACHINE$ accounts). At least this is my experience. Trever -- "Selfishness is really self-destruction in slow motion." -? Elder Neal A. Maxwell - Ensign, May 1999, 23 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: From chris at nmedia.net Wed Aug 31 21:59:48 2011 From: chris at nmedia.net (Chris Cappuccio) Date: Wed, 31 Aug 2011 11:59:48 -0700 Subject: [Dovecot] Thunderbird caching problem Message-ID: <20110831185948.GG4353@ref.nmedia.net> Using a fairly simple dovecot config (which obviously needs some max limit tweaking) we have problems with IMAP synchronization between thunderbird clients. Two TB clients in the same IMAP mailbox will, from time to time, show different views of the same INBOX folders, when TB caching is enabled. The only fix is to right-click on the folder, go to "Properties" and use the "Repair Folder" option which repairs the local TB .msf cache file. Is there any server-side fix/workaround that would keep TB from regularly going out-of-sync ? This happens with TB3 and newer versions, in concert with either dovecot 1 or 2. The obvious fix is to disable TB local caching, which unfortunately also disables certain search features and can be a pain for large mailboxes. # dovecot -n # 2.0.13: /etc/dovecot/dovecot.conf doveconf: Warning: service auth { client_limit=4096 } is lower than required under max. load (7168) doveconf: Warning: service anvil { client_limit=2048 } is lower than required under max. load (3075) # OS: OpenBSD 5.0 amd64 ffs auth_default_realm = dovecot.org auth_mechanisms = plain digest-md5 cram-md5 apop auth_username_translation = :@ default_client_limit = 2048 default_internal_user = _dovecot default_login_user = _dovenull default_process_limit = 1024 disable_plaintext_auth = no first_valid_gid = 125 first_valid_uid = 125 mail_location = maildir:/mail/%d/%n/ managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mbox_write_locks = fcntl mmap_disable = yes passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_global_path = /etc/dovecot/default.sieve } protocols = imap pop3 lmtp sieve service auth { unix_listener auth-userdb { user = mail } } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } ssl_cert = References: <6E503447-8B67-454D-9B3E-EE34C3675405@iki.fi> Message-ID: Thanks, Timo. Technically, it's not a Maildir, but my plan is to re-create one with folders containing hard or symbolic links pointing to the real storage. Is it going to be a problem? On Wed, Aug 31, 2011 at 10:52 AM, Timo Sirainen wrote: > On 31.8.2011, at 17.24, Alex Cherniak wrote: > >> I have a large existing read-only collection of mails packaged in >> individual zip files as +. Is it >> possible (and how difficult) to create a proprietary plugin (like >> gzip) which will open a zip file, extract mail and pass it back to >> Dovecot? Where do I start? If plugin is not the right approach, what >> is? > > Is it otherwise a Maildir? If yes, you could base your code on the zlib plugin, or perhaps more easily you could use mail-filter plugin: http://dovecot.org/patches/2.0/mail-filter.tar.gz > > With mail-filter you can basically just put the messages through whatever program/script you want which gets the mail as input and outputs the wanted message body. I think the v2.0 mail-filter had some (potential?) bug, v2.1 mail-filter is anyway redesigned and should work perfectly. > >> Another question is how will this affect Dovecot performance and how >> to avoid any significant degradation. > > I doubt it's going to be a problem. > > From thomas-lists at nybeta.com Wed Aug 31 22:41:19 2011 From: thomas-lists at nybeta.com (Thomas Harold) Date: Wed, 31 Aug 2011 15:41:19 -0400 Subject: [Dovecot] OT - small hd recommendation In-Reply-To: References: Message-ID: <4E5E8E5F.4050204@nybeta.com> On 8/30/2011 5:43 PM, Daniel L. Miller wrote: > A little OT - but I've seen a few opinions voiced here by various admins > and I'd like to benefit. RAID-10 is fine (note that the default mdadm RAID10 isn't actually RAID10, but it works well enough). RAID-6 won't be faster (and will probably be worse) although RAID-6 does do a bit better in a double-drive failure over RAID-10. The only way to get more performance out of (4) drives is to switch to 10k or 15k SAS (or SSDs). For more information - see the Linux RAID mailing list: http://vger.kernel.org/majordomo-info.html One problematic issue with consumer-grade SATA drives (which may or may not bite you) is that they will not time out on errors fast enough to keep mdadm happy. The "enterprise" grade drives are better about this (such as the ES.2 series), but for smaller arrays (6 drives or less) it's not as big of a deal. For bigger arrays, it's a definite issue, especially if you try and do RAID-6 over 8+ drives. If you're getting SMART errors, then it's time to swap the drives out. If mdadm is reporting sync errors or dropping drives from the array, then get your backups squared away ASAP before fiddling. My knee-jerk reaction when I hear 4-drive RAID-10 is that it has no hot-spare. Which means that as soon as 1 drive fails you're in dangerous territory (make sure it pages you automatically) since the array can't automatically repair. Make sure you can properly identify the drive that fails (via the serial numbers) and don't try a hot-swap. (Take a look at /dev/disk/by-id, /dev/disk/by-uuid, etc. Export a copy of that information on a daily/weekly basis off of the machine. In a software RAID environment, it gives you better information about which drive serial # failed rather then relying on lights.) Our mail server is 3-way RAID1 (triple mirror) for the OS and mail queue with a 5-disk RAID-10 (4+spare) for mail storage. From mcguire at neurotica.com Wed Aug 31 22:42:05 2011 From: mcguire at neurotica.com (Dave McGuire) Date: Wed, 31 Aug 2011 15:42:05 -0400 Subject: [Dovecot] Thunderbird caching problem In-Reply-To: <20110831185948.GG4353@ref.nmedia.net> References: <20110831185948.GG4353@ref.nmedia.net> Message-ID: <4E5E8E8D.3090406@neurotica.com> On 08/31/2011 02:59 PM, Chris Cappuccio wrote: > Using a fairly simple dovecot config (which obviously needs some max > limit tweaking) we have problems with IMAP synchronization between > thunderbird clients. > > Two TB clients in the same IMAP mailbox will, from time to time, show > different views of the same INBOX folders, when TB caching is > enabled. The only fix is to right-click on the folder, go to > "Properties" and use the "Repair Folder" option which repairs the > local TB .msf cache file. > > Is there any server-side fix/workaround that would keep TB from > regularly going out-of-sync ? This happens with TB3 and newer > versions, in concert with either dovecot 1 or 2. I ran into exactly this problem as well, it is infuriating. A workaround was discussed here awhile back. Sticking this in the "protocol imap" block of dovecot.conf solved the problem completely: imap_capability = IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDP LUS LIST-EXTENDED I18NLEVEL=1 ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS That should all be one line; watch for wrappage. -Dave -- Dave McGuire Port Charlotte, FL From chris at nmedia.net Wed Aug 31 22:49:53 2011 From: chris at nmedia.net (Chris Cappuccio) Date: Wed, 31 Aug 2011 12:49:53 -0700 Subject: [Dovecot] Thunderbird caching problem In-Reply-To: <4E5E8E8D.3090406@neurotica.com> References: <20110831185948.GG4353@ref.nmedia.net> <4E5E8E8D.3090406@neurotica.com> Message-ID: <20110831194953.GN4353@ref.nmedia.net> Dave McGuire [mcguire at neurotica.com] wrote: > On 08/31/2011 02:59 PM, Chris Cappuccio wrote: > >Using a fairly simple dovecot config (which obviously needs some max > >limit tweaking) we have problems with IMAP synchronization between > >thunderbird clients. > > > >Two TB clients in the same IMAP mailbox will, from time to time, show > >different views of the same INBOX folders, when TB caching is > >enabled. The only fix is to right-click on the folder, go to > >"Properties" and use the "Repair Folder" option which repairs the > >local TB .msf cache file. > > > >Is there any server-side fix/workaround that would keep TB from > >regularly going out-of-sync ? This happens with TB3 and newer > >versions, in concert with either dovecot 1 or 2. > > I ran into exactly this problem as well, it is infuriating. A > workaround was discussed here awhile back. Sticking this in the > "protocol imap" block of dovecot.conf solved the problem completely: > > imap_capability = IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID > ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS > MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDP > LUS LIST-EXTENDED I18NLEVEL=1 ESEARCH ESORT SEARCHRES WITHIN > CONTEXT=SEARCH LIST-STATUS > Interesting..How do I know that I really should be announcing all of these capabilities given my current dovecot version and config? With the config I posted, here's what I send out now * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Blahfart From nick+dovecot at bunbun.be Wed Aug 31 22:56:32 2011 From: nick+dovecot at bunbun.be (Nick Rosier) Date: Wed, 31 Aug 2011 21:56:32 +0200 Subject: [Dovecot] Thunderbird caching problem In-Reply-To: <20110831194953.GN4353@ref.nmedia.net> References: <20110831185948.GG4353@ref.nmedia.net> <4E5E8E8D.3090406@neurotica.com> <20110831194953.GN4353@ref.nmedia.net> Message-ID: <4E5E91F0.3020608@bunbun.be> Chris Cappuccio wrote: > Dave McGuire [mcguire at neurotica.com] wrote: >> On 08/31/2011 02:59 PM, Chris Cappuccio wrote: >>> Using a fairly simple dovecot config (which obviously needs some max >>> limit tweaking) we have problems with IMAP synchronization between >>> thunderbird clients. >>> >>> Two TB clients in the same IMAP mailbox will, from time to time, show >>> different views of the same INBOX folders, when TB caching is >>> enabled. The only fix is to right-click on the folder, go to >>> "Properties" and use the "Repair Folder" option which repairs the >>> local TB .msf cache file. >>> >>> Is there any server-side fix/workaround that would keep TB from >>> regularly going out-of-sync ? This happens with TB3 and newer >>> versions, in concert with either dovecot 1 or 2. >> I ran into exactly this problem as well, it is infuriating. A >> workaround was discussed here awhile back. Sticking this in the >> "protocol imap" block of dovecot.conf solved the problem completely: >> >> imap_capability = IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID >> ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS >> MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDP >> LUS LIST-EXTENDED I18NLEVEL=1 ESEARCH ESORT SEARCHRES WITHIN >> CONTEXT=SEARCH LIST-STATUS >> > > Interesting..How do I know that I really should be announcing all of these capabilities given my current dovecot version and config? > > With the config I posted, here's what I send out now > > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Blahfart > This is before login, you need to verify after login. Dovecot changes the capabilities it advertises after login. Remove CONDSTORE and QRESYNC; the CONDSTORE is the one messing it up for you. QRESYNC also implies CONDSTORE so you need to disable this one as well. N. From kgc at corp.sonic.net Wed Aug 31 23:13:27 2011 From: kgc at corp.sonic.net (Kelsey Cummings) Date: Wed, 31 Aug 2011 13:13:27 -0700 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E4E2340.4010001@hardwarefreak.com> References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4E2340.4010001@hardwarefreak.com> Message-ID: <20110831201327.GR5381@corp.sonic.net> On Fri, Aug 19, 2011 at 03:48:00AM -0500, Stan Hoeppner wrote: > On 8/17/2011 9:42 AM, Adrian Ulrich wrote: > >> I read that XFS is a good choice, but is not > >> too reliable... > > > > Are you using Maildir or MBOX? > > > > In any case: XFS would be my last choice: > > > > XFS is nice if you are working with large files (> 2GB), but > > for E-Mail i'd stick with ext3 (or maybe even reiser3) > > as it works very well with small files. > > XFS was designed for parallelism, whether with large files or small, ... Anyone been using ZFS on FreeBSD for mail spool storage? -- Kelsey Cummings - kgc at corp.sonic.net sonic.net, inc. System Architect 2260 Apollo Way 707.522.1000 Santa Rosa, CA 95407 From nick+dovecot at bunbun.be Wed Aug 31 23:27:14 2011 From: nick+dovecot at bunbun.be (Nick Rosier) Date: Wed, 31 Aug 2011 22:27:14 +0200 Subject: [Dovecot] mail spool filesystem In-Reply-To: <20110831201327.GR5381@corp.sonic.net> References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4E2340.4010001@hardwarefreak.com> <20110831201327.GR5381@corp.sonic.net> Message-ID: <4E5E9922.8000309@bunbun.be> Kelsey Cummings wrote: > On Fri, Aug 19, 2011 at 03:48:00AM -0500, Stan Hoeppner wrote: >> On 8/17/2011 9:42 AM, Adrian Ulrich wrote: >>>> I read that XFS is a good choice, but is not >>>> too reliable... >>> Are you using Maildir or MBOX? >>> >>> In any case: XFS would be my last choice: >>> >>> XFS is nice if you are working with large files (> 2GB), but >>> for E-Mail i'd stick with ext3 (or maybe even reiser3) >>> as it works very well with small files. >> XFS was designed for parallelism, whether with large files or small, > ... > > Anyone been using ZFS on FreeBSD for mail spool storage? > I'm using ZFS on FreeBSD 8.2. But to be honest, this is a personal/private mail-system with limited mailboxes. I really like the snapshots in ZFS. Every night I make a snapshot which I send to another server for backup. Every hour I make a new snapshot from which I send the incremental to the backup-server. That way if the worst happens I will only loose 1 hour of mail. ZFS was built for data integrity, not speed so if it's speed you are looking for this might not be the fastest but maybe fast enough. N. From jgunthorpe at obsidianresearch.com Wed Aug 31 23:39:56 2011 From: jgunthorpe at obsidianresearch.com (Jason Gunthorpe) Date: Wed, 31 Aug 2011 14:39:56 -0600 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <4E5E5332.3060006@gmail.com> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> <4E5E5332.3060006@gmail.com> Message-ID: <20110831203956.GC30654@obsidianresearch.com> On Wed, Aug 31, 2011 at 09:28:50AM -0600, Trever L. Adams wrote: > I have only followed part of this. It the original poster's problem is > that the LDAP database is not being able to be accessed with an SPN > ticket, this is because SPNs are not allowed to log in in AD. You need > to use a user account (including MACHINE$ accounts). It took me forever > to figure this out. To use this, you need a cron job that creates/renews > tickets from time to time for the user/machine account. Then you use > Dovecot's environment setup configuration to set the KRB5_CC (or > whatever it is called, my head is elsewhere) env variable to that > Kerberos ticket cache that was created in the cronjob. This cache needs > to be readable by dovecot and should be owned by its user. This all works a 1000% better if you use Samba to join the domain and create your keytab with the right SPNs. See my prior posts to this list for a formula. Using the MS kerberos compatability tools is painful, complicated and tends to make a mess. Samba will create a machine UPN and populate the system keytab appropriately. From a cron job you can use 'kinit -k' to maintain an active ticket for the machine UPN which dovecot can use for LDAP operations. Jason From rick at havokmon.com Wed Aug 31 23:43:43 2011 From: rick at havokmon.com (Rick Romero) Date: Wed, 31 Aug 2011 15:43:43 -0500 Subject: [Dovecot] mail spool filesystem In-Reply-To: <4E5E9922.8000309@bunbun.be> References: <4E4BC0CC.5010908@psi.com.br> <20110817164207.2e9c1d49@echelon.ethz.ch> <4E4E2340.4010001@hardwarefreak.com> <20110831201327.GR5381@corp.sonic.net> <4E5E9922.8000309@bunbun.be> Message-ID: <20110831154343.Horde.WdE2Em2tkQ9OXpz-qxFBR7g@beta.vfemail.net> Quoting Nick Rosier : > Kelsey Cummings wrote: >> On Fri, Aug 19, 2011 at 03:48:00AM -0500, Stan Hoeppner wrote: >>> On 8/17/2011 9:42 AM, Adrian Ulrich wrote: >>>>> I read that XFS is a good choice, but is not >>>>> too reliable... >>>> Are you using Maildir or MBOX? >>>> >>>> In any case: XFS would be my last choice: >>>> >>>> XFS is nice if you are working with large files (> 2GB), but >>>> for E-Mail i'd stick with ext3 (or maybe even reiser3) >>>> as it works very well with small files. >>> XFS was designed for parallelism, whether with large files or small, >> ... >> >> Anyone been using ZFS on FreeBSD for mail spool storage? >> > I'm using ZFS on FreeBSD 8.2. But to be honest, this is a > personal/private mail-system with limited mailboxes. I really like > the snapshots in ZFS. Every night I make a snapshot which I send to > another server for backup. Every hour I make a new snapshot from > which I send the incremental to the backup-server. That way if the > worst happens I will only loose 1 hour of mail. > > ZFS was built for data integrity, not speed so if it's speed you are > looking for this might not be the fastest but maybe fast enough. I just migrated to FreeBSD 8.2 ZFS (6 drive u320 raidz + 16GB mirrored SSD ZIL) from OpenSolaris ZFS (10 drive sata raidz10). About 4k daily users. The new setup feels a little faster than the old, but honestly the old ran just fine under normal load. One of the things that pushed the migration was really more CPU for Thunderbird clients using compression, which caused a noticeable delay. Ditto on the snapshots. Rick From kwebb at teradactyl.com Wed Aug 31 23:48:54 2011 From: kwebb at teradactyl.com (Kristen J. Webb) Date: Wed, 31 Aug 2011 14:48:54 -0600 Subject: [Dovecot] thunderbird and subscriptions with sieve Message-ID: <4E5E9E36.8020904@teradactyl.com> Hi All, I'm a newbie trying to move mail out of my ISP onto a ubuntu (lucid) dovecot 1.2.9 server. Is there any way to automatically add folders created by sieve (GNU Mailutils 2.1) to the subscriptions file for a user? I'm currently testing spam, and if sieve created the folder with the first message, the thunderbird user does not see the new folder. Even more interesting, if the user then tries to create the Spam directory it thunderbird seems to quietly ignore the request and the user still cannot see the folder, but I digress... I can manually subscribe with thunderbird, but this won't scale for more complex sieve later by making the user responsible for finding everything. I can turn off subscription view in advanced settings on thunderbird, but we are trying to wean ourselves of of individual mail clients and I don't want to have to test this everywhere. Many thanks in advance! Kris -- Mr. Kristen J. Webb Teradactyl LLC. PHONE: 1-505-242-1091 EMAIL: kwebb at teradactyl.com VISIT: http://www.teradactyl.com Home of the True incremental Backup System From dovecot.user at seibercom.net Wed Aug 31 23:58:36 2011 From: dovecot.user at seibercom.net (Jerry) Date: Wed, 31 Aug 2011 16:58:36 -0400 Subject: [Dovecot] Kerberos GSSAPI - proper item name in keytab In-Reply-To: <20110831203956.GC30654@obsidianresearch.com> References: <4E5B9682.1040408@yandex.ru> <4E5BE3AE.7080303@inblock.ru> <4E5C7403.6020008@yandex.ru> <4E5E28CA.6020602@yandex.ru> <2332E510-FF66-4DFC-BE29-C85453561FFD@geneseo.edu> <4E5E38B8.7060404@yandex.ru> <4E5E5332.3060006@gmail.com> <20110831203956.GC30654@obsidianresearch.com> Message-ID: <20110831165836.7bd29871@scorpio> On Wed, 31 Aug 2011 14:39:56 -0600 Jason Gunthorpe articulated: > On Wed, Aug 31, 2011 at 09:28:50AM -0600, Trever L. Adams wrote: > > > I have only followed part of this. It the original poster's problem > > is that the LDAP database is not being able to be accessed with an > > SPN ticket, this is because SPNs are not allowed to log in in AD. > > You need to use a user account (including MACHINE$ accounts). It > > took me forever to figure this out. To use this, you need a cron > > job that creates/renews tickets from time to time for the > > user/machine account. Then you use Dovecot's environment setup > > configuration to set the KRB5_CC (or whatever it is called, my head > > is elsewhere) env variable to that Kerberos ticket cache that was > > created in the cronjob. This cache needs to be readable by dovecot > > and should be owned by its user. > > This all works a 1000% better if you use Samba to join the domain and > create your keytab with the right SPNs. See my prior posts to this > list for a formula. Using the MS kerberos compatability tools is > painful, complicated and tends to make a mess. > > Samba will create a machine UPN and populate the system keytab > appropriately. From a cron job you can use 'kinit -k' to maintain an > active ticket for the machine UPN which dovecot can use for LDAP > operations. I just got this link from a friend who uses Kerberos on several systems. I have no idea if it will work or help you or not. -- Jerry ? Dovecot.user at seibercom.net Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ Everlasting peace will come to the world when the last man has slain the last but one. Adolf Hitler